Tor 0.2.2.34-1

Download now 18.60MB

View screenshots (1)

Date updated

November 1, 2011

Developer

The Tor Project | (more products)

All time downloads

3,235

License

Free

Platform

Windows

Our rating

0 / 5

User ratings

Read user reviews (0)

Description of Tor 0.2.2.34-1

Total on line anonymity while surfing

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.

What is new in version 0.2.2.34-1

Privacy/anonymity fixes (clients):
• Clients and bridges no longer send TLS certificate chains on outgoing OR
• connections. Previously, each client or bridge would use the same cert chain
• for all outgoing OR connections until its IP address changes, which allowed any
• relay that the client or bridge contacted to determine which entry guards it is
• using. Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
• If a relay receives a CREATE_FAST cell on a TLS connection, it no longer
• considers that connection as suitable for satisfying a circuit EXTEND request.
• Now relays can protect clients from the CVE-2011-2768 issue even if the clients
• haven't upgraded yet.
• Directory authorities no longer assign the Guard flag to relays that
• haven't upgraded to the above "refuse EXTEND requests to client connections"
• fix. Now directory authorities can protect clients from the CVE-2011-2768 issue
• even if neither the clients nor the relays have upgraded yet. There's a new
• "GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays" config option to let us
• transition smoothly, else tomorrow there would be no guard relays.

Privacy/anonymity fixes (bridge enumeration):
• Bridge relays now do their directory fetches inside Tor TLS connections,
• like all the other clients do, rather than connecting directly to the DirPort
• like public relays do. Removes another avenue for enumerating bridges. Fixes
• bug 4115; bugfix on 0.2.0.35.
• Bridges relays now build circuits for themselves in a more similar way to
• how clients build them. Removes another avenue for enumerating bridges. Fixes
• bug 4124; bugfix on 0.2.0.3-alpha, when bridges were introduced.
• Bridges now refuse CREATE or CREATE_FAST cells on OR connections that they
• initiated. Relays could distinguish incoming bridge connections from client
• connections, creating another avenue for enumerating bridges. Fixes
• CVE-2011-2769. Bugfix on 0.2.0.3-alpha. Found by "frosty_un".

Major bugfixes:
• Fix a crash bug when changing node restrictions while a DNS lookup is
• in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix by "Tey'".
• Don't launch a useless circuit after failing to use one of a hidden
• service's introduction points. Previously, we would launch a new introduction
• circuit, but not set the hidden service which that circuit was intended to
• connect to, so it would never actually be used. A different piece of code would
• then create a new introduction circuit correctly. Bug reported by katmagic and
• found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug 4212.

Minor bugfixes:
• Change an integer overflow check in the OpenBSD_Malloc code so that GCC is
• less likely to eliminate it as impossible. Patch from Mansour Moufid. Fixes bug
• 4059.
• When a hidden service turns an extra service-side introduction circuit into
• a general-purpose circuit, free the rend_data and intro_key fields first, so we
• won't leak memory if the circuit is cannibalized for use as another
• service-side introduction circuit. Bugfix on 0.2.1.7-alpha; fixes bug
• 4251.
• Bridges now skip DNS self-tests, to act a little more stealthily. Fixes
• bug 4201; bugfix on 0.2.0.3-alpha, which first introduced bridges. Patch by
• "warms0x".
• Fix internal bug-checking logic that was supposed to catch failures in
• digest generation so that it will fail more robustly if we ask for a
• nonexistent algorithm. Found by Coverity Scan. Bugfix on 0.2.2.1-alpha; fixes
• Coverity CID 479.
• Report any failure in init_keys() calls launched because our IP address has
• changed. Spotted by Coverity Scan. Bugfix on 0.1.1.4-alpha; fixes CID 484.

Minor bugfixes (log messages and documentation):
• Remove a confusing dollar sign from the example fingerprint in the man
• page, and also make the example fingerprint a valid one. Fixes bug 4309; bugfix
• on 0.2.1.3-alpha.
• The next version of Windows will be called Windows 8, and it has a major
• version of 6, minor version of 2. Correctly identify that version instead of
• calling it "Very recent version". Resolves ticket 4153; reported by
• funkstar.
• Downgrade log messages about circuit timeout calibration from "notice" to
• "info": they don't require or suggest any human intervention. Patch from Tom
• Lowenthal. Fixes bug 4063; bugfix on 0.2.2.14-alpha.

Minor features:
• Turn on directory request statistics by default and include them in
• extra-info descriptors. Don't break if we have no GeoIP database. Backported
• from 0.2.3.1-alpha; implements ticket 3951.
• Update to the October 4 2011 Maxmind GeoLite Country database.