Hi folks, We're getting close to having 0.1.2.19 ready. Phobos has put snapshots up; the packaging changes are a) the Vidalia bundles now ship with Vidalia 0.0.16 (which includes many bugfixes, and hopefully not too many new bugs), and b) the OS X bundles now include the stable Torbutton xpi too.
Please grab it, try it out, and let us know whether we broke anything. Thanks, --Roger https://www.torproject.org/dist/tor-0.1.2.18-dev.tar.gz https://www.torproject.org/dist/tor-0.1.2.18-dev.tar.gz.asc https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-0.1.2.18-dev-0.0.16.exe https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-0.1.2.18-dev-0.0.16.exe.asc https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-0.1.2.18-dev-0.0.16-tiger.dmg https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-0.1.2.18-dev-0.0.16-tiger.dmg.asc https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-0.1.2.18-dev-0.0.16-panther.dmg https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-0.1.2.18-dev-0.0.16-panther.dmg.asc https://www.torproject.org/dist/win32/tor-0.1.2.18-dev-win32.exe https://www.torproject.org/dist/win32/tor-0.1.2.18-dev-win32.exe.asc https://www.torproject.org/dist/osx/Tor-0.1.2.18-dev-tiger-universal-Bundle.dmg https://www.torproject.org/dist/osx/Tor-0.1.2.18-dev-tiger-universal-Bundle.dmg.asc https://www.torproject.org/dist/osx-old/Tor-0.1.2.18-dev-panther-ppc-Bundle.dmg https://www.torproject.org/dist/osx-old/Tor-0.1.2.18-dev-panther-ppc-Bundle.dmg.asc Partial list of changes in version 0.1.2.19 - 2008-01-?? o Security fixes: - Exit policies now reject connections that are addressed to a relay's public (external) IP address too, unless ExitPolicyRejectPrivate is turned off. We do this because too many relays are running nearby to services that trust them based on network address. o Major bugfixes: - When the clock jumps forward a lot, do not allow the bandwidth buckets to become negative. Fixes bug 544. - Fix a memory leak on exit relays; we were leaking a cached_resolve_t on every successful resolve. Reported by Mike Perry. - Purge old entries from the "rephist" database and the hidden service descriptor database even when DirPort is zero. - Stop thinking that 0.1.2.x directory servers can handle "begin_dir" requests. Should ease bugs 406 and 419 where 0.1.2.x relays are crashing or mis-answering these requests. - When we decide to send a 503 response to a request for servers, do not then also send the server descriptors: this defeats the whole purpose. Fixes bug 539. o Minor bugfixes: - Changing the ExitPolicyRejectPrivate setting should cause us to rebuild our server descriptor. - Fix handling of hex nicknames when answering controller requests for networkstatus by name, or when deciding whether to warn about unknown routers in a config option. (Patch from mwenge.) - Fix a couple of hard-to-trigger autoconf problems that could result in really weird results on platforms whose sys/types.h files define nonstandard integer types. - Don't try to create the datadir when running --verify-config or --hash-password. Resolves bug 540. - If we were having problems getting a particular descriptor from the directory caches, and then we learned about a new descriptor for that router, we weren't resetting our failure count. Reported by lodger. - Although we fixed bug 539 (where servers would send HTTP status 503 responses _and_ send a body too), there are still servers out there that haven't upgraded. Therefore, make clients parse such bodies when they receive them.