Merge branch 'maint-0.2.2' into release-0.2.2

2011-03-11 17:42:00 -05:00 · 2011-03-11 17:42:00 -05:00 · af04bd489b
parent b85eb949b5 879f1718ad
commit af04bd489b
4 changed files with 70 additions and 1 deletions
--- a/51
+++ b/51
@ -3,6 +3,57 @@ This document summarizes new features and bugfixes in each stable release
 of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.

+Changes in version 0.2.1.30 - 2011-02-23
+  Tor 0.2.1.30 fixes a variety of less critical bugs. The main other
+  change is a slight tweak to Tor's TLS handshake that makes relays
+  and bridges that run this new version reachable from Iran again.
+  We don't expect this tweak will win the arms race long-term, but it
+  buys us time until we roll out a better solution.
+
+  o Major bugfixes:
+    - Stop sending a CLOCK_SKEW controller status event whenever
+      we fetch directory information from a relay that has a wrong clock.
+      Instead, only inform the controller when it's a trusted authority
+      that claims our clock is wrong. Bugfix on 0.1.2.6-alpha; fixes
+      the rest of bug 1074.
+    - Fix a bounds-checking error that could allow an attacker to
+      remotely crash a directory authority. Bugfix on 0.2.1.5-alpha.
+      Found by "piebeer".
+    - If relays set RelayBandwidthBurst but not RelayBandwidthRate,
+      Tor would ignore their RelayBandwidthBurst setting,
+      potentially using more bandwidth than expected. Bugfix on
+      0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470.
+    - Ignore and warn if the user mistakenly sets "PublishServerDescriptor
+      hidserv" in her torrc. The 'hidserv' argument never controlled
+      publication of hidden service descriptors. Bugfix on 0.2.0.1-alpha.
+
+  o Minor features:
+    - Adjust our TLS Diffie-Hellman parameters to match those used by
+      Apache's mod_ssl.
+    - Update to the February 1 2011 Maxmind GeoLite Country database.
+
+  o Minor bugfixes:
+    - Check for and reject overly long directory certificates and
+      directory tokens before they have a chance to hit any assertions.
+      Bugfix on 0.2.1.28. Found by "doorss".
+    - Bring the logic that gathers routerinfos and assesses the
+      acceptability of circuits into line. This prevents a Tor OP from
+      getting locked in a cycle of choosing its local OR as an exit for a
+      path (due to a .exit request) and then rejecting the circuit because
+      its OR is not listed yet. It also prevents Tor clients from using an
+      OR running in the same instance as an exit (due to a .exit request)
+      if the OR does not meet the same requirements expected of an OR
+      running elsewhere. Fixes bug 1859; bugfix on 0.1.0.1-rc.
+
+  o Packaging changes:
+    - Stop shipping the Tor specs files and development proposal documents
+      in the tarball. They are now in a separate git repository at
+      git://git.torproject.org/torspec.git
+    - Do not include Git version tags as though they are SVN tags when
+      generating a tarball from inside a repository that has switched
+      between branches. Bugfix on 0.2.1.15-rc; fixes bug 2402.
+
+
 Changes in version 0.2.1.29 - 2011-01-15
  Tor 0.2.1.29 continues our recent code security audit work. The main
  fix resolves a remote heap overflow vulnerability that can allow remote
--- a/changes/bug2573
+++ b/changes/bug2573
@ -0,0 +1,3 @@
+  o Minor packaging issues
+    - Create the /var/run/tor directory on startup on OpenSUSE if it is
+      not already created.  Patch from Andreas Stieger.  Fixes bug 2573.
--- a/contrib/suse/tor.sh.in
+++ b/contrib/suse/tor.sh.in
@ -51,6 +51,8 @@ export TORUSER
 TORGROUP=@TORGROUP@
 export TORGROUP

+TOR_DAEMON_PID_DIR="@LOCALSTATEDIR@/run/tor"
+
 if [ -x /bin/su ] ; then
    SUPROG=/bin/su
 elif [ -x /sbin/su ] ; then
@ -67,6 +69,12 @@ case "$1" in

    start)
    echo "Starting tor daemon"
+
+    if [ ! -d $TOR_DAEMON_PID_DIR ] ; then
+        mkdir -p $TOR_DAEMON_PID_DIR
+        chown $TORUSER:$TORGROUP $TOR_DAEMON_PID_DIR
+    fi
+
    ## Start daemon with startproc(8). If this fails
    ## the echo return value is set appropriate.

--- a/doc/HACKING
+++ b/doc/HACKING
@ -442,7 +442,14 @@ the website.
 9) Email Erinn and weasel (cc'ing tor-assistants) that a new tarball
 is up. This step should probably change to mailing more packagers.

-10) Wait up to a day or two (for a development release), or until most
+10) Add the version number to Trac.  To do this, go to Trac, log in,
+select "Admin" near the top of the screen, then select "Versions" from
+the menu on the left.  At the right, there will be an "Add version"
+box.  By convention, we enter the version in the form "Tor:
+0.2.2.23-alpha" (or whatever the version is), and we select the date as
+the date in the ChangeLog.
+
+11) Wait up to a day or two (for a development release), or until most
 packages are up (for a stable release), and mail the release blurb and
 changelog to tor-talk or tor-announce.