移动端 | 加入收藏 | 设为首页 | 最新ss | 赞助本站 | RSS
 

freefq.comfree——免费、自由fq——翻墙

困在墙内,请发邮件到freefqcom#gmail.com获得最新免费翻墙方法!
您当前的位置:首页 > 免费翻墙软件

New Release: Tor 0.4.3.3-alpha(with security fixes!)

时间:2020-03-22  来源:torproject  作者:nickm 条评论

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.3.3-alpha from the download page on the website. Packages should be available over the coming days, including a new alpha Tor Browser.3n1免费翻墙网

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.3n1免费翻墙网

Tor 0.4.3.3-alpha fixes several bugs in previous releases, including TROVE-2020-002, a major denial-of-service vulnerability that affected all released Tor instances since 0.2.1.5-alpha. Using this vulnerability, an attacker could cause Tor instances to consume a huge amount of CPU, disrupting their operations for several seconds or minutes. This attack could be launched by anybody against a relay, or by a directory cache against any client that had connected to it. The attacker could launch this attack as much as they wanted, thereby disrupting service or creating patterns that could aid in traffic analysis. This issue was found by OSS-Fuzz, and is also tracked as CVE-2020-10592.3n1免费翻墙网

We do not have reason to believe that this attack is currently being exploited in the wild, but nonetheless we advise everyone to upgrade as soon as packages are available.3n1免费翻墙网

There are also new stable releases coming out today; I'll describe them in an upcoming post.3n1免费翻墙网

Changes in version 0.4.3.3-alpha - 2020-03-18

  • Major bugfixes (security, denial-of-service):
    • Fix a denial-of-service bug that could be used by anyone to consume a bunch of CPU on any Tor relay or authority, or by directories to consume a bunch of CPU on clients or hidden services. Because of the potential for CPU consumption to introduce observable timing patterns, we are treating this as a high-severity security issue. Fixes bug 33119; bugfix on 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue as TROVE-2020-002 and CVE-2020-10592.
  • Major bugfixes (circuit padding, memory leak):
    • Avoid a remotely triggered memory leak in the case that a circuit padding machine is somehow negotiated twice on the same circuit. Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls. This is also tracked as TROVE-2020-004 and CVE-2020-10593.

 3n1免费翻墙网

  • Major bugfixes (directory authority):
    • Directory authorities will now send a 503 (not enough bandwidth) code to clients when under bandwidth pressure. Known relays and other authorities will always be answered regardless of the bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha.
  • Minor features (diagnostic):
    • Improve assertions and add some memory-poisoning code to try to track down possible causes of a rare crash (32564) in the EWMA code. Closes ticket 33290.
  • Minor features (directory authorities):
    • Directory authorities now reject descriptors from relays running Tor versions from the 0.2.9 and 0.4.0 series. The 0.3.5 series is still allowed. Resolves ticket 32672. Patch by Neel Chauhan.
  • Minor features (usability):
    • Include more information when failing to parse a configuration value. This should make it easier to tell what's going wrong when a configuration file doesn't parse. Closes ticket 33460.
  • Minor bugfix (relay, configuration):
    • Warn if the ContactInfo field is not set, and tell the relay operator that not having a ContactInfo field set might cause their relay to get rejected in the future. Fixes bug 33361; bugfix on 0.1.1.10-alpha.
  • Minor bugfixes (coding best practices checks):
    • Allow the "practracker" script to read unicode files when using Python 2. We made the script use unicode literals in 0.4.3.1-alpha, but didn't change the codec for opening files. Fixes bug 33374; bugfix on 0.4.3.1-alpha.
  • Minor bugfixes (continuous integration):
    • Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix on 0.3.2.2-alpha.
  • Minor bugfixes (onion service v3, client):
    • Remove a BUG() warning that would cause a stack trace if an onion service descriptor was freed while we were waiting for a rendezvous circuit to complete. Fixes bug 28992; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (onion services v3):
    • Fix an assertion failure that could result from a corrupted ADD_ONION control port command. Found by Saibato. Fixes bug 33137; bugfix on 0.3.3.1-alpha. This issue is also tracked as TROVE-2020-003.
  • Documentation (manpage):
    • Alphabetize the Server and Directory server sections of the tor manpage. Also split Statistics options into their own section of the manpage. Closes ticket 33188. Work by Swati Thacker as part of Google Season of Docs.
    • Document the __OwningControllerProcess torrc option and specify its polling interval. Resolves issue 32971.
  • Testing (Travis CI):
    • Remove a redundant distcheck job. Closes ticket 33194.
    • Sort the Travis jobs in order of speed: putting the slowest jobs first takes full advantage of Travis job concurrency. Closes ticket 33194.
    • Stop allowing the Chutney IPv6 Travis job to fail. This job was previously configured to fast_finish (which requires allow_failure), to speed up the build. Closes ticket 33195.
    • When a Travis chutney job fails, use chutney's new "diagnostics.sh" tool to produce detailed diagnostic output. Closes ticket 32792.
来顶一下
返回首页
返回首页
欢迎评论:免登录,输入验证码即可匿名评论 共有条评论
用户名: 密码:
验证码: 匿名发表

推荐资讯

Octohide VPN:快如闪电的免费VPN
Octohide VPN:快如闪
原子网络加速器 - 免费高速VPN 一键链接 方便快捷
原子网络加速器 - 免费
foxovpn绿狐VPN——即连即用、快速、安全
foxovpn绿狐VPN——即
Dubai VPN - Free, Fast & Secure VPN下载
Dubai VPN - Free, Fa
相关文章
栏目更新
栏目热门
墙外新闻
读者文摘

你可以访问真正的互联网了。You can access the real Internet.

管理员精中特别提醒:本网站域名、主机和管理员都在美国,且本站内容仅为非中国大陆网友服务。禁止中国大陆网友浏览本站!若中国大陆网友因错误操作打开本站网页,请立即关闭!中国大陆网友浏览本站存在法律风险,恳请立即关闭本站所有页面!对于您因浏览本站所遭遇的法律问题、安全问题和其他所有问题,本站均无法负责也概不负责。

特别警告:本站推荐各种免费科学上网软件、app和方法,不建议各位网友购买收费账号或服务。若您因付费购买而遭遇骗局,没有得到想要的服务,请把苦水往自己肚子里咽,本站无法承担也概不承担任何责任!

本站严正声明:各位翻墙的网友切勿将本站介绍的翻墙方法运用于违反当地法律法规的活动,本站对网友的遵纪守法行为表示支持,对网友的违法犯罪行为表示反对!

网站管理员定居美国,因此本站所推荐的翻墙软件及翻墙方法都未经测试,发布仅供网友测试和参考,但你懂的——翻墙软件或方法随时有可能失效,因此本站信息具有极强时效性,想要更多有效免费翻墙方法敬请阅读本站最新信息,建议收藏本站!本站为纯粹技术网站,支持科学与民主,支持宗教信仰自由,反对恐怖主义、邪教、伪科学与专制,不支持或反对任何极端主义的政治观点或宗教信仰。有注明出处的信息均为转载文章,转载信息仅供参考,并不表明本站支持其观点或行为。未注明出处的信息为本站原创,转载时也请注明来自本站。

鉴于各种免费翻墙软件甚至是收费翻墙软件可能存在的安全风险及个人隐私泄漏可能,本站提醒各位网友做好各方面的安全防护措施!本站无法对推荐的翻墙软件、应用或服务等进行全面而严格的安全测试,因此无法对其安全性做保证,无法对您因为安全问题或隐私泄漏等问题造成的任何损失承担任何责任!

S. Grand Ave.,Suite 3910,Los Angeles,CA 90071

知识共享许可协议
本作品采用知识共享署名-非商业性使用 4.0 国际许可协议进行许可。