Software-update: Tor 0.1.2.19

Tor is een netwerk dat gebruikt kan worden om anoniem over het internet te surfen. Al het tcp-verkeer van gebruikers wordt langs verschillende Tor-routers geleid, waarna het voor de ontvanger niet meer mogelijk is om na te gaan wie de oorspronkelijke verzender was. Binnen het Tor-netwerk is die informatie nog wel aanwezig, zodat antwoorden - uiteraard ook weer via het stelsel van routers - uiteindelijk weer op de juiste plek aankomen. De ontwikkelaars hebben alweer enkele dagen geleden versie 0.1.2.19 uitgebracht, die van de volgende aankondiging is voorzien:

Tor 0.1.2.19 fixes a huge memory leak on exit relays, makes the default exit policy a little bit more conservative so it's safer to run an exit relay on a home system, and fixes a variety of smaller issues.

Security fixes:

• Exit policies now reject connections that are addressed to a relay's public (external) IP address too, unless ExitPolicyRejectPrivate is turned off. We do this because too many relays are running nearby to services that trust them based on network address.

Major bugfixes:

• When the clock jumps forward a lot, do not allow the bandwidth buckets to become negative. Fixes bug 544.
• Fix a memory leak on exit relays; we were leaking a cached_resolve_t on every successful resolve. Reported by Mike Perry.
• Purge old entries from the "rephist" database and the hidden service descriptor database even when DirPort is zero.
• Stop thinking that 0.1.2.x directory servers can handle "begin_dir" requests. Should ease bugs 406 and 419 where 0.1.2.x relays are crashing or mis-answering these requests.
• When we decide to send a 503 response to a request for servers, do not then also send the server descriptors: this defeats the whole purpose. Fixes bug 539.

Minor bugfixes:

• Changing the ExitPolicyRejectPrivate setting should cause us to rebuild our server descriptor.
• Fix handling of hex nicknames when answering controller requests for networkstatus by name, or when deciding whether to warn about unknown routers in a config option. (Patch from mwenge.)
• Fix a couple of hard-to-trigger autoconf problems that could result in really weird results on platforms whose sys/types.h files define nonstandard integer types.
• Don't try to create the datadir when running --verify-config or --hash-password. Resolves bug 540.
• If we were having problems getting a particular descriptor from the directory caches, and then we learned about a new descriptor for that router, we weren't resetting our failure count. Reported by lodger.
• Although we fixed bug 539 (where servers would send HTTP status 503 responses _and_ send a body too), there are still servers out there that haven't upgraded. Therefore, make clients parse such bodies when they receive them.
• Run correctly on systems where rlim_t is larger than unsigned long. This includes some 64-bit systems.
• Run correctly on platforms (like some versions of OS X 10.5) where the real limit for number of open files is OPEN_FILES, not rlim_max from getrlimit(RLIMIT_NOFILES).
• Avoid a spurious free on base64 failure.
• Avoid segfaults on certain complex invocations of router_get_by_hexdigest().
• Fix rare bug on REDIRECTSTREAM control command when called with no port set: it could erroneously report an error when none had happened.

[break]