Новый Tor 0.2.0.35 (обновление от 24.06.09) для Windows и MacOS (зеркала)

[eluosi]

Обновился пакет программ TOR+Vidalia для “прыжков” через Великий Китайский ФаерволTM. Маредакция рекомендует всем обновиться в срочном порядке, т.к. новая версия работает быстрее, стабильнее и в ней исправлены “дыры” в безопасноти.

Скачать новую версию ТОРа можно на официальном сайте проекта, но т.к. сей сайт благополучно забанен на территории КНР, Магазета делится своими зеркалами.

• vb-0.2.0.35-0.1.13.exe (для Windows) | зеркало
• vb-0.2.0.35-0.1.13-universal.dmg (для MacOS) | зеркало

P.S.:
К сожалению наше любимое файлохранилище - box.net также недоступно в Поднебесной.

Список изменений в версии 0.2.0.35 - 2009-06-24

o Security fix: - Avoid crashing in the presence of certain malformed descriptors. Found by lark, and by automated fuzzing. - Fix an edge case where a malicious exit relay could convince a controller that the client's DNS question resolves to an internal IP address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.   o Major bugfixes: - Finally fix the bug where dynamic-IP relays disappear when their IP address changes: directory mirrors were mistakenly telling them their old address if they asked via begin_dir, so they never got an accurate answer about their new address, so they just vanished after a day. For belt-and-suspenders, relays that don't set Address in their config now avoid using begin_dir for all direct connections. Should fix bugs 827, 883, and 900. - Fix a timing-dependent, allocator-dependent, DNS-related crash bug that would occur on some exit nodes when DNS failures and timeouts occurred in certain patterns. Fix for bug 957.   o Minor bugfixes: - When starting with a cache over a few days old, do not leak memory for the obsolete router descriptors in it. Bugfix on 0.2.0.33; fixes bug 672. - Hidden service clients didn't use a cached service descriptor that was older than 15 minutes, but wouldn't fetch a new one either, because there was already one in the cache. Now, fetch a v2 descriptor unless the same descriptor was added to the cache within the last 15 minutes. Fixes bug 997; reported by Marcus Griep.
Кросс пост из Магазеты.