免费SS | 加入收藏 | 设为首页 | 我要投稿 | 赞助本站 | RSS
 

freefq.comfree——免费、自由fq——翻墙

困在墙内,请发邮件到freefqcom#gmail.com获得最新免费翻墙方法!
点击→开始SSL加密访问本站→https://www.freefq.com免费翻墙网
您当前的位置:首页 > 免费翻墙软件

Tor 0.4.0.2-alpha, 0.3.5.8, 0.3.4.11, and 0.3.3.12

时间:2019-03-04  来源:torproject  作者:nickm ★推荐请点击G+1→

There are new source code releases available for download. If you build Tor from source, you can download the source code for 0.4.0.2-alpha and 0.3.5.8 from the download page. You can find 0.3.4.11 and 0.3.3.12 at dist.torproject.org. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely in the same timeframe.A1C免费翻墙网

These releases all fix TROVE-2019-001, a possible security bug involving the KIST cell scheduler code in versions 0.3.2.1-alpha and later. We are not certain that it is possible to exploit this bug in the wild, but out of an abundance of caution, we recommend that all affected users upgrade once packages are available. The potential impact is a remote denial-of-service attack against clients or relays.A1C免费翻墙网

Also note: 0.3.3.12 is the last anticipated release in the 0.3.3.x series; that series will become unsupported next week. The remaining supported stable series will 0.2.9.x (long-term support until 2020), 0.3.4.x (supported until June), and 0.3.5.x (long-term support until 2022).A1C免费翻墙网

Below are the changes in Tor 0.3.5.8 and in 0.4.0.2-alpha. You can also read the changelog for 0.3.4.11 and the changelog for 0.3.3.12.A1C免费翻墙网

Changes in version 0.3.5.8 - 2019-02-21

Tor 0.3.5.8 backports serveral fixes from later releases, including fixes for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x releases.A1C免费翻墙网

It also includes a fix for a medium-severity security bug affecting Tor 0.3.2.1-alpha and later. All Tor instances running an affected release should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.A1C免费翻墙网

  • Major bugfixes (cell scheduler, KIST, security):
    • Make KIST consider the outbuf length when computing what it can put in the outbuf. Previously, KIST acted as though the outbuf were empty, which could lead to the outbuf becoming too full. It is possible that an attacker could exploit this bug to cause a Tor client or relay to run out of memory and crash. Fixes bug 29168; bugfix on 0.3.2.1-alpha. This issue is also being tracked as TROVE-2019-001 and CVE-2019-8955.
  • Major bugfixes (networking, backport from 0.4.0.2-alpha):
    • Gracefully handle empty username/password fields in SOCKS5 username/password auth messsage and allow SOCKS5 handshake to continue. Previously, we had rejected these handshakes, breaking certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.

 A1C免费翻墙网

  • Minor features (compilation, backport from 0.4.0.2-alpha):
    • Compile correctly when OpenSSL is built with engine support disabled, or with deprecated APIs disabled. Closes ticket 29026. Patches from "Mangix".
  • Minor features (geoip):
    • Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2 Country database. Closes ticket 29478.
  • Minor features (testing, backport from 0.4.0.2-alpha):
    • Treat all unexpected ERR and BUG messages as test failures. Closes ticket 28668.
  • Minor bugfixes (onion service v3, client, backport from 0.4.0.1-alpha):
    • Stop logging a "BUG()" warning and stacktrace when we find a SOCKS connection waiting for a descriptor that we actually have in the cache. It turns out that this can actually happen, though it is rare. Now, tor will recover and retry the descriptor. Fixes bug 28669; bugfix on 0.3.2.4-alpha.
  • Minor bugfixes (IPv6, backport from 0.4.0.1-alpha):
    • Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the IPv6 socket was bound using an address family of AF_INET instead of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.
  • Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha):
    • Update Cargo.lock file to match the version made by the latest version of Rust, so that "make distcheck" will pass again. Fixes bug 29244; bugfix on 0.3.3.4-alpha.
  • Minor bugfixes (client, clock skew, backport from 0.4.0.1-alpha):
    • Select guards even if the consensus has expired, as long as the consensus is still reasonably live. Fixes bug 24661; bugfix on 0.3.0.1-alpha.
  • Minor bugfixes (compilation, backport from 0.4.0.1-alpha):
    • Compile correctly on OpenBSD; previously, we were missing some headers required in order to detect it properly. Fixes bug 28938; bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.
  • Minor bugfixes (documentation, backport from 0.4.0.2-alpha):
    • Describe the contents of the v3 onion service client authorization files correctly: They hold public keys, not private keys. Fixes bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".
  • Minor bugfixes (logging, backport from 0.4.0.1-alpha):
    • Rework rep_hist_log_link_protocol_counts() to iterate through all link protocol versions when logging incoming/outgoing connection counts. Tor no longer skips version 5, and we won't have to remember to update this function when new link protocol version is developed. Fixes bug 28920; bugfix on 0.2.6.10.
  • Minor bugfixes (logging, backport from 0.4.0.2-alpha):
    • Log more information at "warning" level when unable to read a private key; log more information at "info" level when unable to read a public key. We had warnings here before, but they were lost during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.
  • Minor bugfixes (misc, backport from 0.4.0.2-alpha):
    • The amount of total available physical memory is now determined using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM) when it is defined and a 64-bit variant is not available. Fixes bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.
  • Minor bugfixes (onion services, backport from 0.4.0.2-alpha):
    • Avoid crashing if ClientOnionAuthDir (incorrectly) contains more than one private key for a hidden service. Fixes bug 29040; bugfix on 0.3.5.1-alpha.
    • In hs_cache_store_as_client() log an HSDesc we failed to parse at "debug" level. Tor used to log it as a warning, which caused very long log lines to appear for some users. Fixes bug 29135; bugfix on 0.3.2.1-alpha.
    • Stop logging "Tried to establish rendezvous on non-OR circuit..." as a warning. Instead, log it as a protocol warning, because there is nothing that relay operators can do to fix it. Fixes bug 29029; bugfix on 0.2.5.7-rc.
  • Minor bugfixes (tests, directory clients, backport from 0.4.0.1-alpha):
    • Mark outdated dirservers when Tor only has a reasonably live consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha.
  • Minor bugfixes (tests, backport from 0.4.0.2-alpha):
    • Detect and suppress "bug" warnings from the util/time test on Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha.
    • Do not log an error-level message if we fail to find an IPv6 network interface from the unit tests. Fixes bug 29160; bugfix on 0.2.7.3-rc.
  • Minor bugfixes (usability, backport from 0.4.0.1-alpha):
    • Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate(). Some users took this phrasing to mean that the mentioned guard was under their control or responsibility, which it is not. Fixes bug 28895; bugfix on Tor 0.3.0.1-alpha.

Changes in version 0.4.0.2-alpha - 2019-02-21

Tor 0.4.0.2-alpha is the second alpha in its series; it fixes several bugs from earlier versions, including several that had broken backward compatibility.A1C免费翻墙网

It also includes a fix for a medium-severity security bug affecting Tor 0.3.2.1-alpha and later. All Tor instances running an affected release should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.A1C免费翻墙网

  • Major bugfixes (cell scheduler, KIST, security):
    • Make KIST consider the outbuf length when computing what it can put in the outbuf. Previously, KIST acted as though the outbuf were empty, which could lead to the outbuf becoming too full. It is possible that an attacker could exploit this bug to cause a Tor client or relay to run out of memory and crash. Fixes bug 29168; bugfix on 0.3.2.1-alpha. This issue is also being tracked as TROVE-2019-001 and CVE-2019-8955.
  • Major bugfixes (networking):
    • Gracefully handle empty username/password fields in SOCKS5 username/password auth messsage and allow SOCKS5 handshake to continue. Previously, we had rejected these handshakes, breaking certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.
  • Major bugfixes (windows, startup):
    • When reading a consensus file from disk, detect whether it was written in text mode, and re-read it in text mode if so. Always write consensus files in binary mode so that we can map them into memory later. Previously, we had written in text mode, which confused us when we tried to map the file on windows. Fixes bug 28614; bugfix on 0.4.0.1-alpha.
  • Minor features (compilation):
    • Compile correctly when OpenSSL is built with engine support disabled, or with deprecated APIs disabled. Closes ticket 29026. Patches from "Mangix".
  • Minor features (developer tooling):
    • Check that bugfix versions in changes files look like Tor versions from the versions spec. Warn when bugfixes claim to be on a future release. Closes ticket 27761.
    • Provide a git pre-commit hook that disallows commiting if we have any failures in our code and changelog formatting checks. It is now available in scripts/maint/pre-commit.git-hook. Implements feature 28976.
  • Minor features (directory authority):
    • When a directory authority is using a bandwidth file to obtain bandwidth values, include the digest of that file in the vote. Closes ticket 26698.
  • Minor features (geoip):
    • Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2 Country database. Closes ticket 29478.
  • Minor features (testing):
    • Treat all unexpected ERR and BUG messages as test failures. Closes ticket 28668.
  • Minor bugfixes (build, compatibility, rust):
    • Update Cargo.lock file to match the version made by the latest version of Rust, so that "make distcheck" will pass again. Fixes bug 29244; bugfix on 0.3.3.4-alpha.
  • Minor bugfixes (compilation):
    • Fix compilation warnings in test_circuitpadding.c. Fixes bug 29169; bugfix on 0.4.0.1-alpha.
    • Silence a compiler warning in test-memwipe.c on OpenBSD. Fixes bug 29145; bugfix on 0.2.9.3-alpha. Patch from Kris Katterjohn.
  • Minor bugfixes (documentation):
    • Describe the contents of the v3 onion service client authorization files correctly: They hold public keys, not private keys. Fixes bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".
  • Minor bugfixes (linux seccomp sandbox):
    • Fix startup crash when experimental sandbox support is enabled. Fixes bug 29150; bugfix on 0.4.0.1-alpha. Patch by Peter Gerber.
  • Minor bugfixes (logging):
    • Avoid logging that we are relaxing a circuit timeout when that timeout is fixed. Fixes bug 28698; bugfix on 0.2.4.7-alpha.
    • Log more information at "warning" level when unable to read a private key; log more information at "info" level when unable to read a public key. We had warnings here before, but they were lost during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.
  • Minor bugfixes (misc):
    • The amount of total available physical memory is now determined using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM) when it is defined and a 64-bit variant is not available. Fixes bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.
  • Minor bugfixes (onion services):
    • Avoid crashing if ClientOnionAuthDir (incorrectly) contains more than one private key for a hidden service. Fixes bug 29040; bugfix on 0.3.5.1-alpha.
    • In hs_cache_store_as_client() log an HSDesc we failed to parse at "debug" level. Tor used to log it as a warning, which caused very long log lines to appear for some users. Fixes bug 29135; bugfix on 0.3.2.1-alpha.
    • Stop logging "Tried to establish rendezvous on non-OR circuit..." as a warning. Instead, log it as a protocol warning, because there is nothing that relay operators can do to fix it. Fixes bug 29029; bugfix on 0.2.5.7-rc.
  • Minor bugfixes (scheduler):
    • When re-adding channels to the pending list, check the correct channel's sched_heap_idx. This issue has had no effect in mainline Tor, but could have led to bugs down the road in improved versions of our circuit scheduling code. Fixes bug 29508; bugfix on 0.3.2.10.
  • Minor bugfixes (tests):
    • Fix intermittent failures on an adaptive padding test. Fixes one case of bug 29122; bugfix on 0.4.0.1-alpha.
    • Disable an unstable circuit-padding test that was failing intermittently because of an ill-defined small histogram. Such histograms will be allowed again after 29298 is implemented. Fixes a second case of bug 29122; bugfix on 0.4.0.1-alpha.
    • Detect and suppress "bug" warnings from the util/time test on Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha.
    • Do not log an error-level message if we fail to find an IPv6 network interface from the unit tests. Fixes bug 29160; bugfix on 0.2.7.3-rc.
  • Documentation:
    • In the manpage entry describing MapAddress torrc setting, use example IP addresses from ranges specified for use in documentation by RFC 5737. Resolves issue 28623.
  • Removed features:
    • Remove the old check-tor script. Resolves issue 29072.
A1C免费翻墙网
 

顶一顶请点击右边G+1

来顶一下
返回首页
返回首页
欢迎评论:免登录,输入验证码即可匿名评论 共有条评论
用户名: 密码:
验证码: 匿名发表

推荐资讯

TomVPN-免费高速一键连接翻墙科学上网VPN
TomVPN-免费高速一键连
Secure VPN – A high speed, ultra secure VPN
Secure VPN – A high
Inf VPN - FREE VPN直接下载链接
Inf VPN - FREE VPN直
Xndroid:基于XX-Net与fqrouter的代理软件
Xndroid:基于XX-Net与
相关文章
栏目更新
栏目热门
墙外新闻
读者文摘

翻越防火长城,你可以到达世界上的每一个角落!

Across the Great Firewall, you can reach every corner in the world!

管理员精中特别提醒:本网站域名、主机和管理员都在美国,且本网站内容仅为非中国大陆网友服务。禁止中国大陆网友浏览本站!若中国大陆网友因错误操作打开本站网页,请立即关闭!中国大陆网友浏览本网站存在法律风险,恳请立即关闭本站所有页面!对于您因浏览本站所遭遇的法律问题、安全问题和其他所有问题,本站均无法负责也概不负责。

本站严正声明:各位翻墙的网友切勿将本站介绍的翻墙方法运用于违反当地法律法规的活动,本站对网友的遵纪守法行为表示支持,对网友的违法犯罪行为表示反对!

网站管理员定居美国,因此本站所发的翻墙软件及翻墙方法都未经测试,发布仅供网友测试和参考,但你懂的——翻墙软件或方法随时有可能失效,因此本站信息具有极强时效性,想要更多有效免费翻墙方法敬请阅读本站最新信息,建议收藏本站!本站为纯粹技术网站,支持科学与民主,支持宗教信仰自由,反对恐怖主义、邪教、伪科学与专制,不支持或反对任何极端主义的政治观点或宗教信仰。有注明出处的信息均为转载文章,转载信息仅供参考,并不表明本站支持其观点或行为。未注明出处的信息为本站原创,转载时也请注明来自本站。

鉴于各种免费翻墙软件甚至是收费翻墙软件可能存在的安全风险及个人隐私泄漏可能,本站提醒各位网友做好各方面的安全防护措施!本站无法对提供的翻墙软件、应用或服务等进行全面而严格的安全测试,因此无法对其安全性做保证,无法对您因为安全问题或隐私泄漏等问题造成的任何损失承担任何责任!

650 Castro Street, Suite 120-219 Mountain View, CA, USA, 94041

知识共享许可协议
本作品采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可。