Compare commits
68 Commits
master
...
release-0.
Author | SHA1 | Date |
---|---|---|
Roger Dingledine | 7da1ae7adf | |
Roger Dingledine | 0b74f64275 | |
Nick Mathewson | 887bddb7e7 | |
Nick Mathewson | fbfc8e032f | |
Nick Mathewson | c30ac81d40 | |
Nick Mathewson | aea35fbb1b | |
Nick Mathewson | 03c7d9e992 | |
Nick Mathewson | 5eff44ca8e | |
Nick Mathewson | 67357ca9f3 | |
Roger Dingledine | e234c1cd23 | |
Roger Dingledine | abd34f1527 | |
Roger Dingledine | e740ac08c6 | |
Roger Dingledine | 4f699cd24a | |
Roger Dingledine | 484240c4b8 | |
Roger Dingledine | 6bb9bd17d0 | |
Roger Dingledine | 6097b8eefc | |
Roger Dingledine | 031d8fcdab | |
Roger Dingledine | 9f61d8a3b3 | |
Roger Dingledine | 9ac4ceb0d4 | |
Roger Dingledine | 7c29b6996e | |
Roger Dingledine | c55f586e36 | |
Roger Dingledine | 6ef2e30c72 | |
Roger Dingledine | f1c43a1e64 | |
Nick Mathewson | 189ba4c9a9 | |
Nick Mathewson | 4a3ef002e7 | |
Roger Dingledine | 109ba37d54 | |
Roger Dingledine | acc54d32b6 | |
Roger Dingledine | 2bd2c10fcb | |
Roger Dingledine | c783b828ca | |
Roger Dingledine | b36a837f08 | |
Roger Dingledine | 75953f9b60 | |
Roger Dingledine | 1855b4ebfd | |
Roger Dingledine | 62d660b1da | |
Roger Dingledine | feabf2eb6c | |
Roger Dingledine | f10ec55b25 | |
Roger Dingledine | 6168d2e975 | |
Roger Dingledine | f59cad68dc | |
Roger Dingledine | 95cd7f6f67 | |
Roger Dingledine | 026204088a | |
Roger Dingledine | 49cda713f8 | |
Roger Dingledine | a2fe17bae2 | |
Roger Dingledine | 41b60af271 | |
Roger Dingledine | 2cb9ed2cd3 | |
Roger Dingledine | 9be473b82f | |
Roger Dingledine | f90fcaff64 | |
Roger Dingledine | bcd788f33f | |
Roger Dingledine | 4262a36d99 | |
Roger Dingledine | 73a7028a11 | |
Roger Dingledine | 3936267fd9 | |
Roger Dingledine | f181067a09 | |
Roger Dingledine | 6b23a6aff7 | |
Roger Dingledine | 4170a11398 | |
Roger Dingledine | ba8a8ff935 | |
Roger Dingledine | df16e99718 | |
Roger Dingledine | 75bead1246 | |
Roger Dingledine | 924f7bf9a5 | |
Roger Dingledine | 16946d7e36 | |
Roger Dingledine | d05323c802 | |
Roger Dingledine | 076d2a0e11 | |
Roger Dingledine | 05319e4d59 | |
Roger Dingledine | 4c549fec8f | |
Roger Dingledine | a55b44dc00 | |
Roger Dingledine | 9a7db7abaa | |
Roger Dingledine | 32ca2bd0f5 | |
Roger Dingledine | 64d1b8364e | |
Roger Dingledine | 24c334e728 | |
Roger Dingledine | 77f30fb55b | |
Roger Dingledine | ba97ab4eb2 |
385
ChangeLog
385
ChangeLog
|
@ -1,3 +1,388 @@
|
||||||
|
Changes in version 0.2.1.32 - 2011-12-16
|
||||||
|
Tor 0.2.1.32 backports important security and privacy fixes for
|
||||||
|
oldstable. This release is intended only for package maintainers and
|
||||||
|
others who cannot use the 0.2.2 stable series. All others should be
|
||||||
|
using Tor 0.2.2.x or newer.
|
||||||
|
|
||||||
|
The Tor 0.2.1.x series will reach formal end-of-life some time in
|
||||||
|
early 2012; we will stop releasing patches for it then.
|
||||||
|
|
||||||
|
o Major bugfixes (also included in 0.2.2.x):
|
||||||
|
- Correctly sanity-check that we don't underflow on a memory
|
||||||
|
allocation (and then assert) for hidden service introduction
|
||||||
|
point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410;
|
||||||
|
bugfix on 0.2.1.5-alpha.
|
||||||
|
- Fix a heap overflow bug that could occur when trying to pull
|
||||||
|
data into the first chunk of a buffer, when that chunk had
|
||||||
|
already had some data drained from it. Fixes CVE-2011-2778;
|
||||||
|
bugfix on 0.2.0.16-alpha. Reported by "Vektor".
|
||||||
|
|
||||||
|
o Minor features:
|
||||||
|
- Update to the December 6 2011 Maxmind GeoLite Country database.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.2.1.31 - 2011-10-26
|
||||||
|
Tor 0.2.1.31 backports important security and privacy fixes for
|
||||||
|
oldstable. This release is intended only for package maintainers and
|
||||||
|
others who cannot use the 0.2.2 stable series. All others should be
|
||||||
|
using Tor 0.2.2.x or newer.
|
||||||
|
|
||||||
|
o Security fixes (also included in 0.2.2.x):
|
||||||
|
- Replace all potentially sensitive memory comparison operations
|
||||||
|
with versions whose runtime does not depend on the data being
|
||||||
|
compared. This will help resist a class of attacks where an
|
||||||
|
adversary can use variations in timing information to learn
|
||||||
|
sensitive data. Fix for one case of bug 3122. (Safe memcmp
|
||||||
|
implementation by Robert Ransom based partially on code by DJB.)
|
||||||
|
- Fix an assert in parsing router descriptors containing IPv6
|
||||||
|
addresses. This one took down the directory authorities when
|
||||||
|
somebody tried some experimental code. Bugfix on 0.2.1.3-alpha.
|
||||||
|
|
||||||
|
o Privacy/anonymity fixes (also included in 0.2.2.x):
|
||||||
|
- Clients and bridges no longer send TLS certificate chains on
|
||||||
|
outgoing OR connections. Previously, each client or bridge would
|
||||||
|
use the same cert chain for all outgoing OR connections until
|
||||||
|
its IP address changes, which allowed any relay that the client
|
||||||
|
or bridge contacted to determine which entry guards it is using.
|
||||||
|
Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
|
||||||
|
- If a relay receives a CREATE_FAST cell on a TLS connection, it
|
||||||
|
no longer considers that connection as suitable for satisfying a
|
||||||
|
circuit EXTEND request. Now relays can protect clients from the
|
||||||
|
CVE-2011-2768 issue even if the clients haven't upgraded yet.
|
||||||
|
- Bridges now refuse CREATE or CREATE_FAST cells on OR connections
|
||||||
|
that they initiated. Relays could distinguish incoming bridge
|
||||||
|
connections from client connections, creating another avenue for
|
||||||
|
enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
|
||||||
|
Found by "frosty_un".
|
||||||
|
- When receiving a hidden service descriptor, check that it is for
|
||||||
|
the hidden service we wanted. Previously, Tor would store any
|
||||||
|
hidden service descriptors that a directory gave it, whether it
|
||||||
|
wanted them or not. This wouldn't have let an attacker impersonate
|
||||||
|
a hidden service, but it did let directories pre-seed a client
|
||||||
|
with descriptors that it didn't want. Bugfix on 0.0.6.
|
||||||
|
- Avoid linkability based on cached hidden service descriptors: forget
|
||||||
|
all hidden service descriptors cached as a client when processing a
|
||||||
|
SIGNAL NEWNYM command. Fixes bug 3000; bugfix on 0.0.6.
|
||||||
|
- Make the bridge directory authority refuse to answer directory
|
||||||
|
requests for "all" descriptors. It used to include bridge
|
||||||
|
descriptors in its answer, which was a major information leak.
|
||||||
|
Found by "piebeer". Bugfix on 0.2.0.3-alpha.
|
||||||
|
- Don't attach new streams to old rendezvous circuits after SIGNAL
|
||||||
|
NEWNYM. Previously, we would keep using an existing rendezvous
|
||||||
|
circuit if it remained open (i.e. if it were kept open by a
|
||||||
|
long-lived stream, or if a new stream were attached to it before
|
||||||
|
Tor could notice that it was old and no longer in use). Bugfix on
|
||||||
|
0.1.1.15-rc; fixes bug 3375.
|
||||||
|
|
||||||
|
o Minor bugfixes (also included in 0.2.2.x):
|
||||||
|
- When we restart our relay, we might get a successful connection
|
||||||
|
from the outside before we've started our reachability tests,
|
||||||
|
triggering a warning: "ORPort found reachable, but I have no
|
||||||
|
routerinfo yet. Failing to inform controller of success." This
|
||||||
|
bug was harmless unless Tor is running under a controller
|
||||||
|
like Vidalia, in which case the controller would never get a
|
||||||
|
REACHABILITY_SUCCEEDED status event. Bugfix on 0.1.2.6-alpha;
|
||||||
|
fixes bug 1172.
|
||||||
|
- Build correctly on OSX with zlib 1.2.4 and higher with all warnings
|
||||||
|
enabled. Fixes bug 1526.
|
||||||
|
- Remove undocumented option "-F" from tor-resolve: it hasn't done
|
||||||
|
anything since 0.2.1.16-rc.
|
||||||
|
- Avoid signed/unsigned comparisons by making SIZE_T_CEILING unsigned.
|
||||||
|
None of the cases where we did this before were wrong, but by making
|
||||||
|
this change we avoid warnings. Fixes bug 2475; bugfix on 0.2.1.28.
|
||||||
|
- Fix a rare crash bug that could occur when a client was configured
|
||||||
|
with a large number of bridges. Fixes bug 2629; bugfix on
|
||||||
|
0.2.1.2-alpha. Bugfix by trac user "shitlei".
|
||||||
|
- Correct the warning displayed when a rendezvous descriptor exceeds
|
||||||
|
the maximum size. Fixes bug 2750; bugfix on 0.2.1.5-alpha. Found by
|
||||||
|
John Brooks.
|
||||||
|
- Fix an uncommon assertion failure when running with DNSPort under
|
||||||
|
heavy load. Fixes bug 2933; bugfix on 0.2.0.1-alpha.
|
||||||
|
- When warning about missing zlib development packages during compile,
|
||||||
|
give the correct package names. Bugfix on 0.2.0.1-alpha.
|
||||||
|
- Require that introduction point keys and onion keys have public
|
||||||
|
exponent 65537. Bugfix on 0.2.0.10-alpha.
|
||||||
|
- Do not crash when our configuration file becomes unreadable, for
|
||||||
|
example due to a permissions change, between when we start up
|
||||||
|
and when a controller calls SAVECONF. Fixes bug 3135; bugfix
|
||||||
|
on 0.0.9pre6.
|
||||||
|
- Fix warnings from GCC 4.6's "-Wunused-but-set-variable" option.
|
||||||
|
Fixes bug 3208.
|
||||||
|
- Always NUL-terminate the sun_path field of a sockaddr_un before
|
||||||
|
passing it to the kernel. (Not a security issue: kernels are
|
||||||
|
smart enough to reject bad sockaddr_uns.) Found by Coverity;
|
||||||
|
CID #428. Bugfix on Tor 0.2.0.3-alpha.
|
||||||
|
- Don't stack-allocate the list of supplementary GIDs when we're
|
||||||
|
about to log them. Stack-allocating NGROUPS_MAX gid_t elements
|
||||||
|
could take up to 256K, which is way too much stack. Found by
|
||||||
|
Coverity; CID #450. Bugfix on 0.2.1.7-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (only in 0.2.1.x):
|
||||||
|
- Resume using micro-version numbers in 0.2.1.x: our Debian packages
|
||||||
|
rely on them. Bugfix on 0.2.1.30.
|
||||||
|
- Use git revisions instead of svn revisions when generating our
|
||||||
|
micro-version numbers. Bugfix on 0.2.1.15-rc; fixes bug 2402.
|
||||||
|
|
||||||
|
o Minor features (also included in 0.2.2.x):
|
||||||
|
- Adjust the expiration time on our SSL session certificates to
|
||||||
|
better match SSL certs seen in the wild. Resolves ticket 4014.
|
||||||
|
- Allow nameservers with IPv6 address. Resolves bug 2574.
|
||||||
|
- Update to the October 4 2011 Maxmind GeoLite Country database.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.2.1.30 - 2011-02-23
|
||||||
|
Tor 0.2.1.30 fixes a variety of less critical bugs. The main other
|
||||||
|
change is a slight tweak to Tor's TLS handshake that makes relays
|
||||||
|
and bridges that run this new version reachable from Iran again.
|
||||||
|
We don't expect this tweak will win the arms race long-term, but it
|
||||||
|
buys us time until we roll out a better solution.
|
||||||
|
|
||||||
|
o Major bugfixes:
|
||||||
|
- Stop sending a CLOCK_SKEW controller status event whenever
|
||||||
|
we fetch directory information from a relay that has a wrong clock.
|
||||||
|
Instead, only inform the controller when it's a trusted authority
|
||||||
|
that claims our clock is wrong. Bugfix on 0.1.2.6-alpha; fixes
|
||||||
|
the rest of bug 1074.
|
||||||
|
- Fix a bounds-checking error that could allow an attacker to
|
||||||
|
remotely crash a directory authority. Bugfix on 0.2.1.5-alpha.
|
||||||
|
Found by "piebeer".
|
||||||
|
- If relays set RelayBandwidthBurst but not RelayBandwidthRate,
|
||||||
|
Tor would ignore their RelayBandwidthBurst setting,
|
||||||
|
potentially using more bandwidth than expected. Bugfix on
|
||||||
|
0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470.
|
||||||
|
- Ignore and warn if the user mistakenly sets "PublishServerDescriptor
|
||||||
|
hidserv" in her torrc. The 'hidserv' argument never controlled
|
||||||
|
publication of hidden service descriptors. Bugfix on 0.2.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor features:
|
||||||
|
- Adjust our TLS Diffie-Hellman parameters to match those used by
|
||||||
|
Apache's mod_ssl.
|
||||||
|
- Update to the February 1 2011 Maxmind GeoLite Country database.
|
||||||
|
|
||||||
|
o Minor bugfixes:
|
||||||
|
- Check for and reject overly long directory certificates and
|
||||||
|
directory tokens before they have a chance to hit any assertions.
|
||||||
|
Bugfix on 0.2.1.28. Found by "doorss".
|
||||||
|
- Bring the logic that gathers routerinfos and assesses the
|
||||||
|
acceptability of circuits into line. This prevents a Tor OP from
|
||||||
|
getting locked in a cycle of choosing its local OR as an exit for a
|
||||||
|
path (due to a .exit request) and then rejecting the circuit because
|
||||||
|
its OR is not listed yet. It also prevents Tor clients from using an
|
||||||
|
OR running in the same instance as an exit (due to a .exit request)
|
||||||
|
if the OR does not meet the same requirements expected of an OR
|
||||||
|
running elsewhere. Fixes bug 1859; bugfix on 0.1.0.1-rc.
|
||||||
|
|
||||||
|
o Packaging changes:
|
||||||
|
- Stop shipping the Tor specs files and development proposal documents
|
||||||
|
in the tarball. They are now in a separate git repository at
|
||||||
|
git://git.torproject.org/torspec.git
|
||||||
|
- Do not include Git version tags as though they are SVN tags when
|
||||||
|
generating a tarball from inside a repository that has switched
|
||||||
|
between branches. Bugfix on 0.2.1.15-rc; fixes bug 2402.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.2.1.29 - 2011-01-15
|
||||||
|
Tor 0.2.1.29 continues our recent code security audit work. The main
|
||||||
|
fix resolves a remote heap overflow vulnerability that can allow remote
|
||||||
|
code execution. Other fixes address a variety of assert and crash bugs,
|
||||||
|
most of which we think are hard to exploit remotely.
|
||||||
|
|
||||||
|
o Major bugfixes (security):
|
||||||
|
- Fix a heap overflow bug where an adversary could cause heap
|
||||||
|
corruption. This bug probably allows remote code execution
|
||||||
|
attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on
|
||||||
|
0.1.2.10-rc.
|
||||||
|
- Prevent a denial-of-service attack by disallowing any
|
||||||
|
zlib-compressed data whose compression factor is implausibly
|
||||||
|
high. Fixes part of bug 2324; reported by "doorss".
|
||||||
|
- Zero out a few more keys in memory before freeing them. Fixes
|
||||||
|
bug 2384 and part of bug 2385. These key instances found by
|
||||||
|
"cypherpunks", based on Andrew Case's report about being able
|
||||||
|
to find sensitive data in Tor's memory space if you have enough
|
||||||
|
permissions. Bugfix on 0.0.2pre9.
|
||||||
|
|
||||||
|
o Major bugfixes (crashes):
|
||||||
|
- Prevent calls to Libevent from inside Libevent log handlers.
|
||||||
|
This had potential to cause a nasty set of crashes, especially
|
||||||
|
if running Libevent with debug logging enabled, and running
|
||||||
|
Tor with a controller watching for low-severity log messages.
|
||||||
|
Bugfix on 0.1.0.2-rc. Fixes bug 2190.
|
||||||
|
- Add a check for SIZE_T_MAX to tor_realloc() to try to avoid
|
||||||
|
underflow errors there too. Fixes the other part of bug 2324.
|
||||||
|
- Fix a bug where we would assert if we ever had a
|
||||||
|
cached-descriptors.new file (or another file read directly into
|
||||||
|
memory) of exactly SIZE_T_CEILING bytes. Fixes bug 2326; bugfix
|
||||||
|
on 0.2.1.25. Found by doorss.
|
||||||
|
- Fix some potential asserts and parsing issues with grossly
|
||||||
|
malformed router caches. Fixes bug 2352; bugfix on Tor 0.2.1.27.
|
||||||
|
Found by doorss.
|
||||||
|
|
||||||
|
o Minor bugfixes (other):
|
||||||
|
- Fix a bug with handling misformed replies to reverse DNS lookup
|
||||||
|
requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a
|
||||||
|
bug reported by doorss.
|
||||||
|
- Fix compilation on mingw when a pthreads compatibility library
|
||||||
|
has been installed. (We don't want to use it, so we shouldn't
|
||||||
|
be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc.
|
||||||
|
- Fix a bug where we would declare that we had run out of virtual
|
||||||
|
addresses when the address space was only half-exhausted. Bugfix
|
||||||
|
on 0.1.2.1-alpha.
|
||||||
|
- Correctly handle the case where AutomapHostsOnResolve is set but
|
||||||
|
no virtual addresses are available. Fixes bug 2328; bugfix on
|
||||||
|
0.1.2.1-alpha. Bug found by doorss.
|
||||||
|
- Correctly handle wrapping around to when we run out of virtual
|
||||||
|
address space. Found by cypherpunks, bugfix on 0.2.0.5-alpha.
|
||||||
|
- The 0.2.1.28 tarball was missing src/common/OpenBSD_malloc_Linux.c
|
||||||
|
because we built it with a too-old version of automake. Thus that
|
||||||
|
release broke ./configure --enable-openbsd-malloc, which is popular
|
||||||
|
among really fast exit relays on Linux.
|
||||||
|
|
||||||
|
o Minor features:
|
||||||
|
- Update to the January 1 2011 Maxmind GeoLite Country database.
|
||||||
|
- Introduce output size checks on all of our decryption functions.
|
||||||
|
|
||||||
|
o Build changes:
|
||||||
|
- Tor does not build packages correctly with Automake 1.6 and earlier;
|
||||||
|
added a check to Makefile.am to make sure that we're building with
|
||||||
|
Automake 1.7 or later.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.2.1.28 - 2010-12-17
|
||||||
|
Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely
|
||||||
|
exploitable bugs. We also took this opportunity to change the IP address
|
||||||
|
for one of our directory authorities, and to update the geoip database
|
||||||
|
we ship.
|
||||||
|
|
||||||
|
o Major bugfixes:
|
||||||
|
- Fix a remotely exploitable bug that could be used to crash instances
|
||||||
|
of Tor remotely by overflowing on the heap. Remote-code execution
|
||||||
|
hasn't been confirmed, but can't be ruled out. Everyone should
|
||||||
|
upgrade. Bugfix on the 0.1.1 series and later.
|
||||||
|
|
||||||
|
o Directory authority changes:
|
||||||
|
- Change IP address and ports for gabelmoo (v3 directory authority).
|
||||||
|
|
||||||
|
o Minor features:
|
||||||
|
- Update to the December 1 2010 Maxmind GeoLite Country database.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.2.1.27 - 2010-11-23
|
||||||
|
Yet another OpenSSL security patch broke its compatibility with Tor:
|
||||||
|
Tor 0.2.1.27 makes relays work with openssl 0.9.8p and 1.0.0.b. We
|
||||||
|
also took this opportunity to fix several crash bugs, integrate a new
|
||||||
|
directory authority, and update the bundled GeoIP database.
|
||||||
|
|
||||||
|
o Major bugfixes:
|
||||||
|
- Resolve an incompatibility with OpenSSL 0.9.8p and OpenSSL 1.0.0b:
|
||||||
|
No longer set the tlsext_host_name extension on server SSL objects;
|
||||||
|
but continue to set it on client SSL objects. Our goal in setting
|
||||||
|
it was to imitate a browser, not a vhosting server. Fixes bug 2204;
|
||||||
|
bugfix on 0.2.1.1-alpha.
|
||||||
|
- Do not log messages to the controller while shrinking buffer
|
||||||
|
freelists. Doing so would sometimes make the controller connection
|
||||||
|
try to allocate a buffer chunk, which would mess up the internals
|
||||||
|
of the freelist and cause an assertion failure. Fixes bug 1125;
|
||||||
|
fixed by Robert Ransom. Bugfix on 0.2.0.16-alpha.
|
||||||
|
- Learn our external IP address when we're a relay or bridge, even if
|
||||||
|
we set PublishServerDescriptor to 0. Bugfix on 0.2.0.3-alpha,
|
||||||
|
where we introduced bridge relays that don't need to publish to
|
||||||
|
be useful. Fixes bug 2050.
|
||||||
|
- Do even more to reject (and not just ignore) annotations on
|
||||||
|
router descriptors received anywhere but from the cache. Previously
|
||||||
|
we would ignore such annotations at first, but cache them to disk
|
||||||
|
anyway. Bugfix on 0.2.0.8-alpha. Found by piebeer.
|
||||||
|
- When you're using bridges and your network goes away and your
|
||||||
|
bridges get marked as down, recover when you attempt a new socks
|
||||||
|
connection (if the network is back), rather than waiting up to an
|
||||||
|
hour to try fetching new descriptors for your bridges. Bugfix on
|
||||||
|
0.2.0.3-alpha; fixes bug 1981.
|
||||||
|
|
||||||
|
o Major features:
|
||||||
|
- Move to the November 2010 Maxmind GeoLite country db (rather
|
||||||
|
than the June 2009 ip-to-country GeoIP db) for our statistics that
|
||||||
|
count how many users relays are seeing from each country. Now we'll
|
||||||
|
have more accurate data, especially for many African countries.
|
||||||
|
|
||||||
|
o New directory authorities:
|
||||||
|
- Set up maatuska (run by Linus Nordberg) as the eighth v3 directory
|
||||||
|
authority.
|
||||||
|
|
||||||
|
o Minor bugfixes:
|
||||||
|
- Fix an assertion failure that could occur in directory caches or
|
||||||
|
bridge users when using a very short voting interval on a testing
|
||||||
|
network. Diagnosed by Robert Hogan. Fixes bug 1141; bugfix on
|
||||||
|
0.2.0.8-alpha.
|
||||||
|
- Enforce multiplicity rules when parsing annotations. Bugfix on
|
||||||
|
0.2.0.8-alpha. Found by piebeer.
|
||||||
|
- Allow handshaking OR connections to take a full KeepalivePeriod
|
||||||
|
seconds to handshake. Previously, we would close them after
|
||||||
|
IDLE_OR_CONN_TIMEOUT (180) seconds, the same timeout as if they
|
||||||
|
were open. Bugfix on 0.2.1.26; fixes bug 1840. Thanks to mingw-san
|
||||||
|
for analysis help.
|
||||||
|
- When building with --enable-gcc-warnings on OpenBSD, disable
|
||||||
|
warnings in system headers. This makes --enable-gcc-warnings
|
||||||
|
pass on OpenBSD 4.8.
|
||||||
|
|
||||||
|
o Minor features:
|
||||||
|
- Exit nodes didn't recognize EHOSTUNREACH as a plausible error code,
|
||||||
|
and so sent back END_STREAM_REASON_MISC. Clients now recognize a new
|
||||||
|
stream ending reason for this case: END_STREAM_REASON_NOROUTE.
|
||||||
|
Servers can start sending this code when enough clients recognize
|
||||||
|
it. Bugfix on 0.1.0.1-rc; fixes part of bug 1793.
|
||||||
|
- Build correctly on mingw with more recent versions of OpenSSL 0.9.8.
|
||||||
|
Patch from mingw-san.
|
||||||
|
|
||||||
|
o Removed files:
|
||||||
|
- Remove the old debian/ directory from the main Tor distribution.
|
||||||
|
The official Tor-for-debian git repository lives at the URL
|
||||||
|
https://git.torproject.org/debian/tor.git
|
||||||
|
- Stop shipping the old doc/website/ directory in the tarball. We
|
||||||
|
changed the website format in late 2010, and what we shipped in
|
||||||
|
0.2.1.26 really wasn't that useful anyway.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.2.1.26 - 2010-05-02
|
||||||
|
Tor 0.2.1.26 addresses the recent connection and memory overload
|
||||||
|
problems we've been seeing on relays, especially relays with their
|
||||||
|
DirPort open. If your relay has been crashing, or you turned it off
|
||||||
|
because it used too many resources, give this release a try.
|
||||||
|
|
||||||
|
This release also fixes yet another instance of broken OpenSSL libraries
|
||||||
|
that was causing some relays to drop out of the consensus.
|
||||||
|
|
||||||
|
o Major bugfixes:
|
||||||
|
- Teach relays to defend themselves from connection overload. Relays
|
||||||
|
now close idle circuits early if it looks like they were intended
|
||||||
|
for directory fetches. Relays are also more aggressive about closing
|
||||||
|
TLS connections that have no circuits on them. Such circuits are
|
||||||
|
unlikely to be re-used, and tens of thousands of them were piling
|
||||||
|
up at the fast relays, causing the relays to run out of sockets
|
||||||
|
and memory. Bugfix on 0.2.0.22-rc (where clients started tunneling
|
||||||
|
their directory fetches over TLS).
|
||||||
|
- Fix SSL renegotiation behavior on OpenSSL versions like on Centos
|
||||||
|
that claim to be earlier than 0.9.8m, but which have in reality
|
||||||
|
backported huge swaths of 0.9.8m or 0.9.8n renegotiation
|
||||||
|
behavior. Possible fix for some cases of bug 1346.
|
||||||
|
- Directory mirrors were fetching relay descriptors only from v2
|
||||||
|
directory authorities, rather than v3 authorities like they should.
|
||||||
|
Only 2 v2 authorities remain (compared to 7 v3 authorities), leading
|
||||||
|
to a serious bottleneck. Bugfix on 0.2.0.9-alpha. Fixes bug 1324.
|
||||||
|
|
||||||
|
o Minor bugfixes:
|
||||||
|
- Finally get rid of the deprecated and now harmful notion of "clique
|
||||||
|
mode", where directory authorities maintain TLS connections to
|
||||||
|
every other relay.
|
||||||
|
|
||||||
|
o Testsuite fixes:
|
||||||
|
- In the util/threads test, no longer free the test_mutex before all
|
||||||
|
worker threads have finished. Bugfix on 0.2.1.6-alpha.
|
||||||
|
- The master thread could starve the worker threads quite badly on
|
||||||
|
certain systems, causing them to run only partially in the allowed
|
||||||
|
window. This resulted in test failures. Now the master thread sleeps
|
||||||
|
occasionally for a few microseconds while the two worker-threads
|
||||||
|
compete for the mutex. Bugfix on 0.2.0.1-alpha.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.1.25 - 2010-03-16
|
Changes in version 0.2.1.25 - 2010-03-16
|
||||||
Tor 0.2.1.25 fixes a regression introduced in 0.2.1.23 that could
|
Tor 0.2.1.25 fixes a regression introduced in 0.2.1.23 that could
|
||||||
prevent relays from guessing their IP address correctly. It also fixes
|
prevent relays from guessing their IP address correctly. It also fixes
|
||||||
|
|
132
ReleaseNotes
132
ReleaseNotes
|
@ -3,6 +3,138 @@ This document summarizes new features and bugfixes in each stable release
|
||||||
of Tor. If you want to see more detailed descriptions of the changes in
|
of Tor. If you want to see more detailed descriptions of the changes in
|
||||||
each development snapshot, see the ChangeLog file.
|
each development snapshot, see the ChangeLog file.
|
||||||
|
|
||||||
|
Changes in version 0.2.1.32 - 2011-12-16
|
||||||
|
Tor 0.2.1.32 backports important security and privacy fixes for
|
||||||
|
oldstable. This release is intended only for package maintainers and
|
||||||
|
others who cannot use the 0.2.2 stable series. All others should be
|
||||||
|
using Tor 0.2.2.x or newer.
|
||||||
|
|
||||||
|
The Tor 0.2.1.x series will reach formal end-of-life some time in
|
||||||
|
early 2012; we will stop releasing patches for it then.
|
||||||
|
|
||||||
|
o Major bugfixes (also included in 0.2.2.x):
|
||||||
|
- Correctly sanity-check that we don't underflow on a memory
|
||||||
|
allocation (and then assert) for hidden service introduction
|
||||||
|
point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410;
|
||||||
|
bugfix on 0.2.1.5-alpha.
|
||||||
|
- Fix a heap overflow bug that could occur when trying to pull
|
||||||
|
data into the first chunk of a buffer, when that chunk had
|
||||||
|
already had some data drained from it. Fixes CVE-2011-2778;
|
||||||
|
bugfix on 0.2.0.16-alpha. Reported by "Vektor".
|
||||||
|
|
||||||
|
o Minor features:
|
||||||
|
- Update to the December 6 2011 Maxmind GeoLite Country database.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.2.1.31 - 2011-10-26
|
||||||
|
Tor 0.2.1.31 backports important security and privacy fixes for
|
||||||
|
oldstable. This release is intended only for package maintainers and
|
||||||
|
others who cannot use the 0.2.2 stable series. All others should be
|
||||||
|
using Tor 0.2.2.x or newer.
|
||||||
|
|
||||||
|
o Security fixes (also included in 0.2.2.x):
|
||||||
|
- Replace all potentially sensitive memory comparison operations
|
||||||
|
with versions whose runtime does not depend on the data being
|
||||||
|
compared. This will help resist a class of attacks where an
|
||||||
|
adversary can use variations in timing information to learn
|
||||||
|
sensitive data. Fix for one case of bug 3122. (Safe memcmp
|
||||||
|
implementation by Robert Ransom based partially on code by DJB.)
|
||||||
|
- Fix an assert in parsing router descriptors containing IPv6
|
||||||
|
addresses. This one took down the directory authorities when
|
||||||
|
somebody tried some experimental code. Bugfix on 0.2.1.3-alpha.
|
||||||
|
|
||||||
|
o Privacy/anonymity fixes (also included in 0.2.2.x):
|
||||||
|
- Clients and bridges no longer send TLS certificate chains on
|
||||||
|
outgoing OR connections. Previously, each client or bridge would
|
||||||
|
use the same cert chain for all outgoing OR connections until
|
||||||
|
its IP address changes, which allowed any relay that the client
|
||||||
|
or bridge contacted to determine which entry guards it is using.
|
||||||
|
Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
|
||||||
|
- If a relay receives a CREATE_FAST cell on a TLS connection, it
|
||||||
|
no longer considers that connection as suitable for satisfying a
|
||||||
|
circuit EXTEND request. Now relays can protect clients from the
|
||||||
|
CVE-2011-2768 issue even if the clients haven't upgraded yet.
|
||||||
|
- Bridges now refuse CREATE or CREATE_FAST cells on OR connections
|
||||||
|
that they initiated. Relays could distinguish incoming bridge
|
||||||
|
connections from client connections, creating another avenue for
|
||||||
|
enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
|
||||||
|
Found by "frosty_un".
|
||||||
|
- When receiving a hidden service descriptor, check that it is for
|
||||||
|
the hidden service we wanted. Previously, Tor would store any
|
||||||
|
hidden service descriptors that a directory gave it, whether it
|
||||||
|
wanted them or not. This wouldn't have let an attacker impersonate
|
||||||
|
a hidden service, but it did let directories pre-seed a client
|
||||||
|
with descriptors that it didn't want. Bugfix on 0.0.6.
|
||||||
|
- Avoid linkability based on cached hidden service descriptors: forget
|
||||||
|
all hidden service descriptors cached as a client when processing a
|
||||||
|
SIGNAL NEWNYM command. Fixes bug 3000; bugfix on 0.0.6.
|
||||||
|
- Make the bridge directory authority refuse to answer directory
|
||||||
|
requests for "all" descriptors. It used to include bridge
|
||||||
|
descriptors in its answer, which was a major information leak.
|
||||||
|
Found by "piebeer". Bugfix on 0.2.0.3-alpha.
|
||||||
|
- Don't attach new streams to old rendezvous circuits after SIGNAL
|
||||||
|
NEWNYM. Previously, we would keep using an existing rendezvous
|
||||||
|
circuit if it remained open (i.e. if it were kept open by a
|
||||||
|
long-lived stream, or if a new stream were attached to it before
|
||||||
|
Tor could notice that it was old and no longer in use). Bugfix on
|
||||||
|
0.1.1.15-rc; fixes bug 3375.
|
||||||
|
|
||||||
|
o Minor bugfixes (also included in 0.2.2.x):
|
||||||
|
- When we restart our relay, we might get a successful connection
|
||||||
|
from the outside before we've started our reachability tests,
|
||||||
|
triggering a warning: "ORPort found reachable, but I have no
|
||||||
|
routerinfo yet. Failing to inform controller of success." This
|
||||||
|
bug was harmless unless Tor is running under a controller
|
||||||
|
like Vidalia, in which case the controller would never get a
|
||||||
|
REACHABILITY_SUCCEEDED status event. Bugfix on 0.1.2.6-alpha;
|
||||||
|
fixes bug 1172.
|
||||||
|
- Build correctly on OSX with zlib 1.2.4 and higher with all warnings
|
||||||
|
enabled. Fixes bug 1526.
|
||||||
|
- Remove undocumented option "-F" from tor-resolve: it hasn't done
|
||||||
|
anything since 0.2.1.16-rc.
|
||||||
|
- Avoid signed/unsigned comparisons by making SIZE_T_CEILING unsigned.
|
||||||
|
None of the cases where we did this before were wrong, but by making
|
||||||
|
this change we avoid warnings. Fixes bug 2475; bugfix on 0.2.1.28.
|
||||||
|
- Fix a rare crash bug that could occur when a client was configured
|
||||||
|
with a large number of bridges. Fixes bug 2629; bugfix on
|
||||||
|
0.2.1.2-alpha. Bugfix by trac user "shitlei".
|
||||||
|
- Correct the warning displayed when a rendezvous descriptor exceeds
|
||||||
|
the maximum size. Fixes bug 2750; bugfix on 0.2.1.5-alpha. Found by
|
||||||
|
John Brooks.
|
||||||
|
- Fix an uncommon assertion failure when running with DNSPort under
|
||||||
|
heavy load. Fixes bug 2933; bugfix on 0.2.0.1-alpha.
|
||||||
|
- When warning about missing zlib development packages during compile,
|
||||||
|
give the correct package names. Bugfix on 0.2.0.1-alpha.
|
||||||
|
- Require that introduction point keys and onion keys have public
|
||||||
|
exponent 65537. Bugfix on 0.2.0.10-alpha.
|
||||||
|
- Do not crash when our configuration file becomes unreadable, for
|
||||||
|
example due to a permissions change, between when we start up
|
||||||
|
and when a controller calls SAVECONF. Fixes bug 3135; bugfix
|
||||||
|
on 0.0.9pre6.
|
||||||
|
- Fix warnings from GCC 4.6's "-Wunused-but-set-variable" option.
|
||||||
|
Fixes bug 3208.
|
||||||
|
- Always NUL-terminate the sun_path field of a sockaddr_un before
|
||||||
|
passing it to the kernel. (Not a security issue: kernels are
|
||||||
|
smart enough to reject bad sockaddr_uns.) Found by Coverity;
|
||||||
|
CID #428. Bugfix on Tor 0.2.0.3-alpha.
|
||||||
|
- Don't stack-allocate the list of supplementary GIDs when we're
|
||||||
|
about to log them. Stack-allocating NGROUPS_MAX gid_t elements
|
||||||
|
could take up to 256K, which is way too much stack. Found by
|
||||||
|
Coverity; CID #450. Bugfix on 0.2.1.7-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (only in 0.2.1.x):
|
||||||
|
- Resume using micro-version numbers in 0.2.1.x: our Debian packages
|
||||||
|
rely on them. Bugfix on 0.2.1.30.
|
||||||
|
- Use git revisions instead of svn revisions when generating our
|
||||||
|
micro-version numbers. Bugfix on 0.2.1.15-rc; fixes bug 2402.
|
||||||
|
|
||||||
|
o Minor features (also included in 0.2.2.x):
|
||||||
|
- Adjust the expiration time on our SSL session certificates to
|
||||||
|
better match SSL certs seen in the wild. Resolves ticket 4014.
|
||||||
|
- Allow nameservers with IPv6 address. Resolves bug 2574.
|
||||||
|
- Update to the October 4 2011 Maxmind GeoLite Country database.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.1.30 - 2011-02-23
|
Changes in version 0.2.1.30 - 2011-02-23
|
||||||
Tor 0.2.1.30 fixes a variety of less critical bugs. The main other
|
Tor 0.2.1.30 fixes a variety of less critical bugs. The main other
|
||||||
change is a slight tweak to Tor's TLS handshake that makes relays
|
change is a slight tweak to Tor's TLS handshake that makes relays
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
o Security fixes:
|
|
||||||
- Don't attach new streams to old rendezvous circuits after SIGNAL
|
|
||||||
NEWNYM. Previously, we would keep using an existing rendezvous
|
|
||||||
circuit if it remained open (i.e. if it were kept open by a
|
|
||||||
long-lived stream or if a new stream were attached to it before
|
|
||||||
Tor could notice that it was old and no longer in use and close
|
|
||||||
it). Bugfix on 0.1.1.15-rc; fixes bug 3375.
|
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
|
|
||||||
o Major bugfixes:
|
|
||||||
- Fix a heap overflow bug that could occur when trying to pull
|
|
||||||
data into the first chunk of a buffer, when that chunk had
|
|
||||||
already had some data drained from it. Fixes CVE-2011-2778;
|
|
||||||
bugfix on 0.2.0.16-alpha. Reported by "Vektor".
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- Build correctly on OSX with zlib 1.2.4 and higher with all warnings
|
|
||||||
enabled.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes
|
|
||||||
- Avoid crashes when AccountingMax is set on clients. Fixes bug 2235;
|
|
||||||
Bugfix on 0.2.2.18-alpha. Diagnosed by boboper.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Major bugfixes:
|
|
||||||
- Don't assert when changing from bridge to relay or vice versa with a controller.
|
|
||||||
The assert happened because we didn't properly initialize our keys in this case.
|
|
||||||
Bugfix on 0.2.2.18, fixes bug 2433. Issue first discovered by bastik.
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- Don't crash a bridge authority on SIGHUP if it can't force itself
|
|
||||||
into its routerlist. Fixes bug 2572.
|
|
||||||
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor features:
|
|
||||||
- Allow nameservers with IPv6 address. Fixes bug 2574.
|
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Security fixes
|
|
||||||
- Replace all potentially sensitive memory comparison operations
|
|
||||||
with versions whose runtime does not depend on the data being
|
|
||||||
compared. This will help resist a class of attacks where an
|
|
||||||
adversary can use variations in timing information to learn
|
|
||||||
sensitive data. Fix for one case of bug 3122. (Safe memcmp
|
|
||||||
implementation by Robert Ransom based partially on code by DJB.)
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Minor bugfixes
|
|
||||||
- Do not crash when our configuration file becomes unreadable
|
|
||||||
(usually due to a permissions change) between when we start
|
|
||||||
up and when a controller calls SAVECONF. Fixes bug 3135;
|
|
||||||
bugfix on 0.0.9pre6.
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Removed options:
|
|
||||||
- Remove undocumented option "-F" from tor-resolve: it hasn't done
|
|
||||||
anything since 0.2.1.16-rc.
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- Fix warnings from GCC 4.6's "-Wunused-but-set-variable" option.
|
|
||||||
Fixes bug 3208.
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Major bugfixes:
|
|
||||||
- Resolve a crash that occured when setting BridgeRelay to 1 with
|
|
||||||
accounting enabled. Fixes bug 3228; bugfix on 0.2.2.18-alpha.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor features:
|
|
||||||
- Adjust the expiration time on our SSL session certificates to
|
|
||||||
better match SSL certs seen in the wild. Resolves ticket 4014.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Major bugfixes:
|
|
||||||
- Correctly sanity-check that we don't underflow on a memory allocation
|
|
||||||
for introduction point decryption. Bug discovered by Dan Rosenberg.
|
|
||||||
Fixes bug 4410; bugfix on 0.2.1.5-alpha.
|
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Security fixes:
|
|
||||||
- When fetching a hidden service descriptor, check that it is for
|
|
||||||
the hidden service we were trying to connect to, in order to
|
|
||||||
stop a directory from pre-seeding a client with a descriptor for
|
|
||||||
a hidden service that they didn't want. Bugfix on 0.0.6.
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- Require that introduction point keys and onion keys have public
|
|
||||||
exponent 65537. Bugfix on 0.2.0.10-alpha.
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- Always NUL-terminate the sun_path field of a sockaddr_un before
|
|
||||||
passing it to the kernel. (Not a security issue: kernels are
|
|
||||||
smart enough to reject bad sockaddr_uns.) Found by Coverity; CID
|
|
||||||
# 428. Bugfix on Tor 0.2.0.3-alpha.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes:
|
|
||||||
- Don't stack-allocate the list of supplementary GIDs when we're
|
|
||||||
about to log them. Stack-allocating NGROUPS_MAX gid_t elements
|
|
||||||
could take up to 256K, which is way too much stack. Found by
|
|
||||||
Coverity; CID #450. Bugfix on 0.2.1.7-alpha.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor features:
|
|
||||||
- Update to the August 2 2011 Maxmind GeoLite Country database.
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor features:
|
|
||||||
- Update to the December 6 2011 Maxmind GeoLite Country database.
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor features:
|
|
||||||
- Update to the July 1 2011 Maxmind GeoLite Country database.
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor features:
|
|
||||||
- Update to the June 1 2011 Maxmind GeoLite Country database.
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor features:
|
|
||||||
- Update to the May 1 2011 Maxmind GeoLite Country database.
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor features:
|
|
||||||
- Update to the November 1 2011 Maxmind GeoLite Country database.
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor features:
|
|
||||||
- Update to the October 4 2011 Maxmind GeoLite Country database.
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor features:
|
|
||||||
- Update to the September 6 2011 Maxmind GeoLite Country database.
|
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
o Security fixes:
|
|
||||||
|
|
||||||
- Don't send TLS certificate chains on outgoing OR connections
|
|
||||||
from clients and bridges. Previously, each client or bridge
|
|
||||||
would use a single cert chain for all outgoing OR connections
|
|
||||||
for up to 24 hours, which allowed any relay connected to by a
|
|
||||||
client or bridge to determine which entry guards it is using.
|
|
||||||
This is a potential user-tracing bug for *all* users; everyone
|
|
||||||
who uses Tor's client or hidden service functionality should
|
|
||||||
upgrade. Fixes CVE-2011-2768. Bugfix on FIXME; found by
|
|
||||||
frosty_un.
|
|
||||||
|
|
||||||
- Don't use any OR connection on which we have received a
|
|
||||||
CREATE_FAST cell to satisfy an EXTEND request. Previously, we
|
|
||||||
would not consider whether a connection appears to be from a
|
|
||||||
client or bridge when deciding whether to use that connection to
|
|
||||||
satisfy an EXTEND request. Mitigates CVE-2011-2768, by
|
|
||||||
preventing an attacker from determining whether an unpatched
|
|
||||||
client is connected to a patched relay. Bugfix on FIXME; found
|
|
||||||
by frosty_un.
|
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
o Security fixes:
|
|
||||||
|
|
||||||
- Reject CREATE and CREATE_FAST cells on outgoing OR connections
|
|
||||||
from a bridge to a relay. Previously, we would accept them and
|
|
||||||
handle them normally, thereby allowing a malicious relay to
|
|
||||||
easily distinguish bridges which connect to it from clients.
|
|
||||||
Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha, when bridges were
|
|
||||||
implemented; found by frosty_un.
|
|
||||||
|
|
|
@ -5,7 +5,7 @@ dnl Copyright (c) 2007-2008, The Tor Project, Inc.
|
||||||
dnl See LICENSE for licensing information
|
dnl See LICENSE for licensing information
|
||||||
|
|
||||||
AC_INIT
|
AC_INIT
|
||||||
AM_INIT_AUTOMAKE(tor, 0.2.1.31)
|
AM_INIT_AUTOMAKE(tor, 0.2.1.32)
|
||||||
AM_CONFIG_HEADER(orconfig.h)
|
AM_CONFIG_HEADER(orconfig.h)
|
||||||
|
|
||||||
AC_CANONICAL_HOST
|
AC_CANONICAL_HOST
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
!include "FileFunc.nsh"
|
!include "FileFunc.nsh"
|
||||||
!insertmacro GetParameters
|
!insertmacro GetParameters
|
||||||
|
|
||||||
!define VERSION "0.2.1.31"
|
!define VERSION "0.2.1.32"
|
||||||
!define INSTALLER "tor-${VERSION}-win32.exe"
|
!define INSTALLER "tor-${VERSION}-win32.exe"
|
||||||
!define WEBSITE "https://www.torproject.org/"
|
!define WEBSITE "https://www.torproject.org/"
|
||||||
!define LICENSE "LICENSE"
|
!define LICENSE "LICENSE"
|
||||||
|
|
|
@ -226,6 +226,6 @@
|
||||||
#define USING_TWOS_COMPLEMENT
|
#define USING_TWOS_COMPLEMENT
|
||||||
|
|
||||||
/* Version number of package */
|
/* Version number of package */
|
||||||
#define VERSION "0.2.1.31"
|
#define VERSION "0.2.1.32"
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue