Fold in changes entry for 22753, and write a blurb.
This commit is contained in:
parent
b2ae5fc96b
commit
20a46bdce6
25
ChangeLog
25
ChangeLog
|
@ -1,5 +1,20 @@
|
||||||
Changes in version 0.3.1.4-alpha - 2017-06-29:
|
Changes in version 0.3.1.4-alpha - 2017-06-29
|
||||||
blurb goes here.
|
Tor 0.3.1.4-alpha fixes a path selection bug that would allow a client
|
||||||
|
to use a guard that was in the same network family as a chosen exit
|
||||||
|
node. This is a security regression; all clients running earlier
|
||||||
|
versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or
|
||||||
|
0.3.1.4-alpha.
|
||||||
|
|
||||||
|
This release also fixes several other bugs related to new features in
|
||||||
|
0.3.0.x and 0.3.1.x, including others that can effect bandwidth usage
|
||||||
|
and correctness.
|
||||||
|
|
||||||
|
o Major bugfixes (path selection, security):
|
||||||
|
- When choosing which guard to use for a circuit, avoid the
|
||||||
|
exit's family along with the exit itself. Previously, the new
|
||||||
|
guard selection logic avoided the exit, but did not consider
|
||||||
|
its family. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked
|
||||||
|
as TROVE-2016-006 and CVE-2017-0377.
|
||||||
|
|
||||||
o New dependencies:
|
o New dependencies:
|
||||||
- To build with zstd and lzma support, Tor now requires the pkg-
|
- To build with zstd and lzma support, Tor now requires the pkg-
|
||||||
|
@ -78,21 +93,17 @@ Changes in version 0.3.1.4-alpha - 2017-06-29:
|
||||||
permissions on the data directory or its contents. Fixes bug
|
permissions on the data directory or its contents. Fixes bug
|
||||||
22516; bugfix on 0.2.5.4-alpha.
|
22516; bugfix on 0.2.5.4-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (logging, compression):
|
o Minor bugfixes (logging):
|
||||||
- When decompressing, do not warn if we fail to decompress using a
|
- When decompressing, do not warn if we fail to decompress using a
|
||||||
compression method that we merely guessed. Fixes part of bug
|
compression method that we merely guessed. Fixes part of bug
|
||||||
22670; bugfix on 0.1.1.14-alpha.
|
22670; bugfix on 0.1.1.14-alpha.
|
||||||
- When decompressing, treat mismatch between content-encoding and
|
- When decompressing, treat mismatch between content-encoding and
|
||||||
actual compression type as a protocol warning. Fixes part of bug
|
actual compression type as a protocol warning. Fixes part of bug
|
||||||
22670; bugfix on 0.1.1.9-alpha.
|
22670; bugfix on 0.1.1.9-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (logging, relay):
|
|
||||||
- Downgrade "assigned_to_cpuworker failed" message to INFO-level
|
- Downgrade "assigned_to_cpuworker failed" message to INFO-level
|
||||||
severity. In every case that can reach it, either a better warning
|
severity. In every case that can reach it, either a better warning
|
||||||
has already been logged, or no warning is warranted. Fixes bug
|
has already been logged, or no warning is warranted. Fixes bug
|
||||||
22356; bugfix on 0.2.6.3-alpha.
|
22356; bugfix on 0.2.6.3-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (netflow padding logging):
|
|
||||||
- Demote a warn that was caused by libevent delays to info if the
|
- Demote a warn that was caused by libevent delays to info if the
|
||||||
padding is less than 4.5 seconds late, or notice if it is more
|
padding is less than 4.5 seconds late, or notice if it is more
|
||||||
(4.5 seconds is the amount of time that a netflow record might be
|
(4.5 seconds is the amount of time that a netflow record might be
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Major bugfixes (path selection, security):
|
|
||||||
- When choosing which guard to use for a circuit, avoid the
|
|
||||||
exit's family along with the exit itself. Previously, the new
|
|
||||||
guard selection logic avoided the exit, but did not consider
|
|
||||||
its family. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked
|
|
||||||
as TROVE-2016-006 and CVE-2017-0377.
|
|
||||||
|
|
Loading…
Reference in New Issue