give it a release blurb and date
and also copy the changelog into ReleaseNotes
This commit is contained in:
parent
8ab7e151dd
commit
505962724c
|
@ -1,4 +1,8 @@
|
||||||
Changes in version 0.2.4.21 - 2014-02-2?
|
Changes in version 0.2.4.21 - 2014-02-28
|
||||||
|
Tor 0.2.4.21 further improves security against potential adversaries who
|
||||||
|
find breaking 1024-bit crypto doable, and backports several stability
|
||||||
|
and robustness patches from the 0.2.5 branch.
|
||||||
|
|
||||||
o Major features (client security):
|
o Major features (client security):
|
||||||
- When we choose a path for a 3-hop circuit, make sure it contains
|
- When we choose a path for a 3-hop circuit, make sure it contains
|
||||||
at least one relay that supports the NTor circuit extension
|
at least one relay that supports the NTor circuit extension
|
||||||
|
|
61
ReleaseNotes
61
ReleaseNotes
|
@ -3,6 +3,67 @@ This document summarizes new features and bugfixes in each stable release
|
||||||
of Tor. If you want to see more detailed descriptions of the changes in
|
of Tor. If you want to see more detailed descriptions of the changes in
|
||||||
each development snapshot, see the ChangeLog file.
|
each development snapshot, see the ChangeLog file.
|
||||||
|
|
||||||
|
Changes in version 0.2.4.21 - 2014-02-28
|
||||||
|
Tor 0.2.4.21 further improves security against potential adversaries who
|
||||||
|
find breaking 1024-bit crypto doable, and backports several stability
|
||||||
|
and robustness patches from the 0.2.5 branch.
|
||||||
|
|
||||||
|
o Major features (client security):
|
||||||
|
- When we choose a path for a 3-hop circuit, make sure it contains
|
||||||
|
at least one relay that supports the NTor circuit extension
|
||||||
|
handshake. Otherwise, there is a chance that we're building
|
||||||
|
a circuit that's worth attacking by an adversary who finds
|
||||||
|
breaking 1024-bit crypto doable, and that chance changes the game
|
||||||
|
theory. Implements ticket 9777.
|
||||||
|
|
||||||
|
o Major bugfixes:
|
||||||
|
- Do not treat streams that fail with reason
|
||||||
|
END_STREAM_REASON_INTERNAL as indicating a definite circuit failure,
|
||||||
|
since it could also indicate an ENETUNREACH connection error. Fixes
|
||||||
|
part of bug 10777; bugfix on 0.2.4.8-alpha.
|
||||||
|
|
||||||
|
o Code simplification and refactoring:
|
||||||
|
- Remove data structures which were introduced to implement the
|
||||||
|
CellStatistics option: they are now redundant with the new timestamp
|
||||||
|
field in the regular packed_cell_t data structure, which we did
|
||||||
|
in 0.2.4.18-rc in order to resolve bug 9093. Resolves ticket 10870.
|
||||||
|
|
||||||
|
o Minor features:
|
||||||
|
- Always clear OpenSSL bignums before freeing them -- even bignums
|
||||||
|
that don't contain secrets. Resolves ticket 10793. Patch by
|
||||||
|
Florent Daigniere.
|
||||||
|
- Build without warnings under clang 3.4. (We have some macros that
|
||||||
|
define static functions only some of which will get used later in
|
||||||
|
the module. Starting with clang 3.4, these give a warning unless the
|
||||||
|
unused attribute is set on them.) Resolves ticket 10904.
|
||||||
|
- Update geoip and geoip6 files to the February 7 2014 Maxmind
|
||||||
|
GeoLite2 Country database.
|
||||||
|
|
||||||
|
o Minor bugfixes:
|
||||||
|
- Set the listen() backlog limit to the largest actually supported
|
||||||
|
on the system, not to the value in a header file. Fixes bug 9716;
|
||||||
|
bugfix on every released Tor.
|
||||||
|
- Treat ENETUNREACH, EACCES, and EPERM connection failures at an
|
||||||
|
exit node as a NOROUTE error, not an INTERNAL error, since they
|
||||||
|
can apparently happen when trying to connect to the wrong sort
|
||||||
|
of netblocks. Fixes part of bug 10777; bugfix on 0.1.0.1-rc.
|
||||||
|
- Fix build warnings about missing "a2x" comment when building the
|
||||||
|
manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py".
|
||||||
|
Fixes bug 10929; bugfix on 0.2.2.9-alpha. Patch from Dana Koch.
|
||||||
|
- Avoid a segfault on SIGUSR1, where we had freed a connection but did
|
||||||
|
not entirely remove it from the connection lists. Fixes bug 9602;
|
||||||
|
bugfix on 0.2.4.4-alpha.
|
||||||
|
- Fix a segmentation fault in our benchmark code when running with
|
||||||
|
Fedora's OpenSSL package, or any other OpenSSL that provides
|
||||||
|
ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha.
|
||||||
|
- Turn "circuit handshake stats since last time" log messages into a
|
||||||
|
heartbeat message. Fixes bug 10485; bugfix on 0.2.4.17-rc.
|
||||||
|
|
||||||
|
o Documentation fixes:
|
||||||
|
- Document that all but one DirPort entry must have the NoAdvertise
|
||||||
|
flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.4.20 - 2013-12-22
|
Changes in version 0.2.4.20 - 2013-12-22
|
||||||
Tor 0.2.4.20 fixes potentially poor random number generation for users
|
Tor 0.2.4.20 fixes potentially poor random number generation for users
|
||||||
who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their
|
who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their
|
||||||
|
|
Loading…
Reference in New Issue