start on the 0.2.9.11 changelog
This commit is contained in:
parent
8dd9d631c9
commit
5d34df50f8
66
ChangeLog
66
ChangeLog
|
@ -1,3 +1,69 @@
|
|||
Changes in version 0.2.9.11 - 2017-06-08
|
||||
Tor 0.2.9.11 fixes a pair of bugs that would allow an attacker to
|
||||
remotely crash a hidden service with an assertion failure. Anyone
|
||||
running a hidden service should upgrade to this version, or to some
|
||||
other version with fixes for TROVE-2017-004 and TROVE-2017-005.
|
||||
|
||||
Tor 0.2.9.11 also backports fixes for several key management bugs
|
||||
that sometimes made relays unreliable, as well as several other
|
||||
bugfixes described below.
|
||||
|
||||
o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
|
||||
- When performing the v3 link handshake on a TLS connection, report
|
||||
that we have the x509 certificate that we actually used on that
|
||||
connection, even if we have changed certificates since that
|
||||
connection was first opened. Previously, we would claim to have
|
||||
used our most recent x509 link certificate, which would sometimes
|
||||
make the link handshake fail. Fixes one case of bug 22460; bugfix
|
||||
on 0.2.3.6-alpha.
|
||||
|
||||
o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
|
||||
- Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
|
||||
December 2016 (of which ~126 were still functional) with a list of
|
||||
151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
|
||||
2017. Resolves ticket 21564.
|
||||
|
||||
o Minor features (future-proofing, backport from 0.3.0.7):
|
||||
- Tor no longer refuses to download microdescriptors or descriptors if
|
||||
they are listed as "published in the future". This change will
|
||||
eventually allow us to stop listing meaningful "published" dates
|
||||
in microdescriptor consensuses, and thereby allow us to reduce the
|
||||
resources required to download consensus diffs by over 50%.
|
||||
Implements part of ticket 21642; implements part of proposal 275.
|
||||
|
||||
o Minor features (directory authorities, backport from 0.3.0.4-rc)
|
||||
- Directory authorities now reject relays running versions
|
||||
0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
|
||||
suffer from bug 20499 and don't keep their consensus cache
|
||||
up-to-date. Resolves ticket 20509.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (control port, backport from 0.3.0.6):
|
||||
- The GETINFO extra-info/digest/<digest> command was broken because
|
||||
of a wrong base16 decode return value check, introduced when
|
||||
refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha.
|
||||
|
||||
o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||
|
||||
o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.0.7):
|
||||
- The getpid() system call is now permitted under the Linux seccomp2
|
||||
sandbox, to avoid crashing with versions of OpenSSL (and other
|
||||
libraries) that attempt to learn the process's PID by using the
|
||||
syscall rather than the VDSO code. Fixes bug 21943; bugfix
|
||||
on 0.2.5.1-alpha.
|
||||
|
||||
o Minor bugfixes (memory leak, directory authority, backport
|
||||
from 0.3.1.2-alpha):
|
||||
- When directory authorities reject a router descriptor due to
|
||||
keypinning, free the router descriptor rather than leaking the
|
||||
memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
|
||||
|
||||
|
||||
Changes in version 0.2.9.10 - 2017-03-01
|
||||
Tor 0.2.9.10 backports a security fix for users who build Tor with
|
||||
the --enable-expensive-hardening option. It also includes fixes for
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
o Minor features:
|
||||
- Directory authorities now reject relays running versions
|
||||
0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
|
||||
suffer from bug 20499 and don't keep their consensus cache
|
||||
up-to-date. Resolves ticket 20509.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes (Linux seccomp2 sandbox):
|
||||
- The getpid() system call is now permitted under the Linux seccomp2
|
||||
sandbox, to avoid crashing with versions of OpenSSL (and other
|
||||
libraries) that attempt to learn the process's PID by using the
|
||||
syscall rather than the VDSO code. Fixes bug 21943; bugfix on
|
||||
0.2.5.1-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (control port, regression):
|
||||
- The GETINFO extra-info/digest/<digest> command was broken because of a
|
||||
wrong base16 decode return value check. In was introduced in a refactor
|
||||
of that API. Fixex bug #22034; bugfix on tor-0.2.9.1-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes (memory handling):
|
||||
- When directory authorities reject a router descriptor due to keypinning,
|
||||
free the router descriptor rather than leaking the memory.
|
||||
Fixes bug 22370; bugfix on 0.2.7.2-alpha.
|
|
@ -1,8 +0,0 @@
|
|||
o Major bugfixes (relay, link handshake):
|
||||
|
||||
- When performing the v3 link handshake on a TLS connection, report that
|
||||
we have the x509 certificate that we actually used on that connection,
|
||||
even if we have changed certificates since that connection was first
|
||||
opened. Previously, we would claim to have used our most recent x509
|
||||
link certificate, which would sometimes make the link handshake fail.
|
||||
Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha.
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (correctness):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
o Minor features (future-proofing):
|
||||
|
||||
- Tor no longer refuses to download microdescriptors or descriptors if
|
||||
they are listed as "published in the future". This change will
|
||||
eventually allow us to stop listing meaningful "published" dates
|
||||
in microdescriptor consensuses, and thereby allow us to reduce the
|
||||
resources required to download consensus diffs by over 50%.
|
||||
Implements part of ticket 21642; implements part of proposal 275.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
o Minor features (fallback directory list):
|
||||
- Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
|
||||
December 2016 (of which ~126 were still functional), with a list of
|
||||
151 fallbacks (32 new, 119 existing, 58 removed) generated in
|
||||
May 2017.
|
||||
Resolves ticket 21564.
|
Loading…
Reference in New Issue