Jump to content

Tor Browser Bundle 3.5.4 / Tor v0.2.4.21


Recommended Posts

Tor Browser Bundle 3.5.4


All downloads and languages


Tor Browser Bundle 3.5.4 -- Apr 7 2014

* All Platforms

* Update OpenSSL to 1.0.1g


Tor v0.2.4.21


Changes in version - 2014-02-28

Tor further improves security against potential adversaries who

find breaking 1024-bit crypto doable, and backports several stability

and robustness patches from the 0.2.5 branch.

o Major features (client security):

- When we choose a path for a 3-hop circuit, make sure it contains

at least one relay that supports the NTor circuit extension

handshake. Otherwise, there is a chance that we're building

a circuit that's worth attacking by an adversary who finds

breaking 1024-bit crypto doable, and that chance changes the game

theory. Implements ticket 9777.

o Major bugfixes:

- Do not treat streams that fail with reason

END_STREAM_REASON_INTERNAL as indicating a definite circuit failure,

since it could also indicate an ENETUNREACH connection error. Fixes

part of bug 10777; bugfix on

o Code simplification and refactoring:

- Remove data structures which were introduced to implement the

CellStatistics option: they are now redundant with the new timestamp

field in the regular packed_cell_t data structure, which we did

in in order to resolve bug 9093. Resolves ticket 10870.

o Minor features:

- Always clear OpenSSL bignums before freeing them -- even bignums

that don't contain secrets. Resolves ticket 10793. Patch by

Florent Daigniere.

- Build without warnings under clang 3.4. (We have some macros that

define static functions only some of which will get used later in

the module. Starting with clang 3.4, these give a warning unless the

unused attribute is set on them.) Resolves ticket 10904.

- Update geoip and geoip6 files to the February 7 2014 Maxmind

GeoLite2 Country database.

o Minor bugfixes:

- Set the listen() backlog limit to the largest actually supported

on the system, not to the value in a header file. Fixes bug 9716;

bugfix on every released Tor.

- Treat ENETUNREACH, EACCES, and EPERM connection failures at an

exit node as a NOROUTE error, not an INTERNAL error, since they

can apparently happen when trying to connect to the wrong sort

of netblocks. Fixes part of bug 10777; bugfix on

- Fix build warnings about missing "a2x" comment when building the

manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py".

Fixes bug 10929; bugfix on Patch from Dana Koch.

- Avoid a segfault on SIGUSR1, where we had freed a connection but did

not entirely remove it from the connection lists. Fixes bug 9602;

bugfix on

- Fix a segmentation fault in our benchmark code when running with

Fedora's OpenSSL package, or any other OpenSSL that provides

ECDH but not P224. Fixes bug 10835; bugfix on

- Turn "circuit handshake stats since last time" log messages into a

heartbeat message. Fixes bug 10485; bugfix on

o Documentation fixes:

- Document that all but one DirPort entry must have the NoAdvertise

flag set. Fixes bug 10470; bugfix on /

Edited by thylacine
Link to comment
Share on other sites

  • Replies 1
  • Views 723
  • Created
  • Last Reply

Top Posters In This Topic

  • thylacine


  • iih1


Popular Days

Top Posters In This Topic

The latest version, I've Tor Browser Bundle 3.5.3 (TOR "The Onion Router"),

sometime need TOR surfing. thx

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...