mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-23 11:53:31 +01:00
Forward merge the latest ChangeLog/ReleaseNotes
Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
David Goulet
parent
50e32a54d1
commit
03a709ead1
127
ChangeLog
127
ChangeLog
@ -1,3 +1,130 @@
|
||||
Changes in version 0.4.6.7 - 2021-08-16
|
||||
This version fixes several bugs from earlier versions of Tor,
|
||||
including one that could lead to a denial-of-service attack. Everyone
|
||||
running an earlier version, whether as a client, a relay, or an onion
|
||||
service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
|
||||
|
||||
o Major bugfixes (cryptography, security):
|
||||
- Resolve an assertion failure caused by a behavior mismatch between
|
||||
our batch-signature verification code and our single-signature
|
||||
verification code. This assertion failure could be triggered
|
||||
remotely, leading to a denial of service attack. We fix this issue
|
||||
by disabling batch verification. Fixes bug 40078; bugfix on
|
||||
0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and
|
||||
CVE-2021-38385. Found by Henry de Valence.
|
||||
|
||||
o Minor feature (fallbackdir):
|
||||
- Regenerate fallback directories list. Close ticket 40447.
|
||||
|
||||
o Minor features (geoip data):
|
||||
- Update the geoip files to match the IPFire Location Database, as
|
||||
retrieved on 2021/08/12.
|
||||
|
||||
o Minor bugfix (crypto):
|
||||
- Disable the unused batch verification feature of ed25519-donna.
|
||||
Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry
|
||||
de Valence.
|
||||
|
||||
o Minor bugfixes (onion service):
|
||||
- Send back the extended SOCKS error 0xF6 (Onion Service Invalid
|
||||
Address) for a v2 onion address. Fixes bug 40421; bugfix
|
||||
on 0.4.6.2-alpha.
|
||||
|
||||
o Minor bugfixes (relay):
|
||||
- Reduce the compression level for data streaming from HIGH to LOW
|
||||
in order to reduce CPU load on the directory relays. Fixes bug
|
||||
40301; bugfix on 0.3.5.1-alpha.
|
||||
|
||||
o Minor bugfixes (timekeeping):
|
||||
- Calculate the time of day correctly on systems where the time_t
|
||||
type includes leap seconds. (This is not the case on most
|
||||
operating systems, but on those where it occurs, our tor_timegm
|
||||
function did not correctly invert the system's gmtime function,
|
||||
which could result in assertion failures when calculating voting
|
||||
schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
|
||||
|
||||
|
||||
Changes in version 0.4.5.10 - 2021-08-16
|
||||
This version fixes several bugs from earlier versions of Tor,
|
||||
including one that could lead to a denial-of-service attack. Everyone
|
||||
running an earlier version, whether as a client, a relay, or an onion
|
||||
service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
|
||||
|
||||
o Major bugfixes (cryptography, security):
|
||||
- Resolve an assertion failure caused by a behavior mismatch between
|
||||
our batch-signature verification code and our single-signature
|
||||
verification code. This assertion failure could be triggered
|
||||
remotely, leading to a denial of service attack. We fix this issue
|
||||
by disabling batch verification. Fixes bug 40078; bugfix on
|
||||
0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and
|
||||
CVE-2021-38385. Found by Henry de Valence.
|
||||
|
||||
o Minor feature (fallbackdir):
|
||||
- Regenerate fallback directories list. Close ticket 40447.
|
||||
|
||||
o Minor features (geoip data):
|
||||
- Update the geoip files to match the IPFire Location Database, as
|
||||
retrieved on 2021/08/12.
|
||||
|
||||
o Minor features (testing):
|
||||
- Enable the deterministic RNG for unit tests that covers the
|
||||
address set bloomfilter-based API's. Fixes bug 40419; bugfix
|
||||
on 0.3.3.2-alpha.
|
||||
|
||||
o Minor bugfix (crypto, backport from 0.4.6.7):
|
||||
- Disable the unused batch verification feature of ed25519-donna.
|
||||
Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry
|
||||
de Valence.
|
||||
|
||||
o Minor bugfixes (relay, backport from 0.4.6.7):
|
||||
- Reduce the compression level for data streaming from HIGH to LOW.
|
||||
Fixes bug 40301; bugfix on 0.3.5.1-alpha.
|
||||
|
||||
o Minor bugfixes (timekeeping, backport from 0.4.6.7):
|
||||
- Calculate the time of day correctly on systems where the time_t
|
||||
type includes leap seconds. (This is not the case on most
|
||||
operating systems, but on those where it occurs, our tor_timegm
|
||||
function did not correctly invert the system's gmtime function,
|
||||
which could result in assertion failures when calculating voting
|
||||
schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
|
||||
|
||||
o Minor bugfixes (warnings, portability, backport from 0.4.6.6):
|
||||
- Suppress a strict-prototype warning when building with some
|
||||
versions of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha.
|
||||
|
||||
|
||||
Changes in version 0.3.5.16 - 2021-08-16
|
||||
This version fixes several bugs from earlier versions of Tor,
|
||||
including one that could lead to a denial-of-service attack. Everyone
|
||||
running an earlier version, whether as a client, a relay, or an onion
|
||||
service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
|
||||
|
||||
o Major bugfixes (cryptography, security):
|
||||
- Resolve an assertion failure caused by a behavior mismatch between
|
||||
our batch-signature verification code and our single-signature
|
||||
verification code. This assertion failure could be triggered
|
||||
remotely, leading to a denial of service attack. We fix this issue
|
||||
by disabling batch verification. Fixes bug 40078; bugfix on
|
||||
0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and
|
||||
CVE-2021-38385. Found by Henry de Valence.
|
||||
|
||||
o Minor feature (fallbackdir):
|
||||
- Regenerate fallback directories list. Close ticket 40447.
|
||||
|
||||
o Minor features (geoip data):
|
||||
- Update the geoip files to match the IPFire Location Database, as
|
||||
retrieved on 2021/08/12.
|
||||
|
||||
o Minor bugfix (crypto, backport from 0.4.6.7):
|
||||
- Disable the unused batch verification feature of ed25519-donna.
|
||||
Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry
|
||||
de Valence.
|
||||
|
||||
o Minor bugfixes (relay, backport from 0.4.6.7):
|
||||
- Reduce the compression level for data streaming from HIGH to LOW.
|
||||
Fixes bug 40301; bugfix on 0.3.5.1-alpha.
|
||||
|
||||
|
||||
Changes in version 0.4.6.6 - 2021-06-30
|
||||
Tor 0.4.6.6 makes several small fixes on 0.4.6.5, including one that
|
||||
allows Tor to build correctly on older versions of GCC. You should
|
||||
|
||||
122
ReleaseNotes
122
ReleaseNotes
@ -2,6 +2,128 @@ This document summarizes new features and bugfixes in each stable
|
||||
release of Tor. If you want to see more detailed descriptions of the
|
||||
changes in each development snapshot, see the ChangeLog file.
|
||||
|
||||
Changes in version 0.4.6.7 - 2021-08-16
|
||||
This version fixes several bugs from earlier versions of Tor, including one
|
||||
that could lead to a denial-of-service attack. Everyone running an earlier
|
||||
version, whether as a client, a relay, or an onion service, should upgrade
|
||||
to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
|
||||
|
||||
o Major bugfixes (cryptography, security):
|
||||
- Resolve an assertion failure caused by a behavior mismatch between our
|
||||
batch-signature verification code and our single-signature verification
|
||||
code. This assertion failure could be triggered remotely, leading to a
|
||||
denial of service attack. We fix this issue by disabling batch
|
||||
verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
|
||||
also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
|
||||
Valence.
|
||||
|
||||
o Minor feature (fallbackdir):
|
||||
- Regenerate fallback directories list. Close ticket 40447.
|
||||
|
||||
o Minor features (geoip data):
|
||||
- Update the geoip files to match the IPFire Location Database,
|
||||
as retrieved on 2021/08/12.
|
||||
|
||||
o Minor bugfix (crypto):
|
||||
- Disable the unused batch verification feature of ed25519-donna. Fixes
|
||||
bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence.
|
||||
|
||||
o Minor bugfixes (onion service):
|
||||
- Send back the extended SOCKS error 0xF6 (Onion Service Invalid Address)
|
||||
for a v2 onion address. Fixes bug 40421; bugfix on 0.4.6.2-alpha.
|
||||
|
||||
o Minor bugfixes (relay):
|
||||
- Reduce the compression level for data streaming from HIGH to LOW in
|
||||
order to reduce CPU load on the directory relays. Fixes bug 40301;
|
||||
bugfix on 0.3.5.1-alpha.
|
||||
|
||||
o Minor bugfixes (timekeeping):
|
||||
- Calculate the time of day correctly on systems where the time_t
|
||||
type includes leap seconds. (This is not the case on most
|
||||
operating systems, but on those where it occurs, our tor_timegm
|
||||
function did not correctly invert the system's gmtime function,
|
||||
which could result in assertion failures when calculating
|
||||
voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
|
||||
|
||||
|
||||
Changes in version 0.4.5.10 - 2021-08-16
|
||||
This version fixes several bugs from earlier versions of Tor, including one
|
||||
that could lead to a denial-of-service attack. Everyone running an earlier
|
||||
version, whether as a client, a relay, or an onion service, should upgrade
|
||||
to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
|
||||
|
||||
o Major bugfixes (cryptography, security):
|
||||
- Resolve an assertion failure caused by a behavior mismatch between our
|
||||
batch-signature verification code and our single-signature verification
|
||||
code. This assertion failure could be triggered remotely, leading to a
|
||||
denial of service attack. We fix this issue by disabling batch
|
||||
verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
|
||||
also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
|
||||
Valence.
|
||||
|
||||
o Minor feature (fallbackdir):
|
||||
- Regenerate fallback directories list. Close ticket 40447.
|
||||
|
||||
o Minor features (geoip data):
|
||||
- Update the geoip files to match the IPFire Location Database,
|
||||
as retrieved on 2021/08/12.
|
||||
|
||||
o Minor features (testing):
|
||||
- Enable the deterministic RNG for unit tests that covers the address set
|
||||
bloomfilter-based API's. Fixes bug 40419; bugfix on 0.3.3.2-alpha.
|
||||
|
||||
o Minor bugfix (crypto):
|
||||
- Disable the unused batch verification feature of ed25519-donna. Fixes
|
||||
bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence.
|
||||
|
||||
o Minor bugfixes (relay, backport from 0.4.6.x):
|
||||
- Reduce the compression level for data streaming from HIGH to LOW. Fixes
|
||||
bug 40301; bugfix on 0.3.5.1-alpha.
|
||||
|
||||
o Minor bugfixes (timekeeping, backport from 0.4.6.x):
|
||||
- Calculate the time of day correctly on systems where the time_t
|
||||
type includes leap seconds. (This is not the case on most
|
||||
operating systems, but on those where it occurs, our tor_timegm
|
||||
function did not correctly invert the system's gmtime function,
|
||||
which could result in assertion failures when calculating
|
||||
voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
|
||||
|
||||
o Minor bugfixes (warnings, portability, backport from 0.4.6.x):
|
||||
- Suppress a strict-prototype warning when building with some versions
|
||||
of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha.
|
||||
|
||||
|
||||
Changes in version 0.3.5.16 - 2021-08-16
|
||||
This version fixes several bugs from earlier versions of Tor, including one
|
||||
that could lead to a denial-of-service attack. Everyone running an earlier
|
||||
version, whether as a client, a relay, or an onion service, should upgrade
|
||||
to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
|
||||
|
||||
o Major bugfixes (cryptography, security):
|
||||
- Resolve an assertion failure caused by a behavior mismatch between our
|
||||
batch-signature verification code and our single-signature verification
|
||||
code. This assertion failure could be triggered remotely, leading to a
|
||||
denial of service attack. We fix this issue by disabling batch
|
||||
verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
|
||||
also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
|
||||
Valence.
|
||||
|
||||
o Minor feature (fallbackdir):
|
||||
- Regenerate fallback directories list. Close ticket 40447.
|
||||
|
||||
o Minor features (geoip data):
|
||||
- Update the geoip files to match the IPFire Location Database,
|
||||
as retrieved on 2021/08/12.
|
||||
|
||||
o Minor bugfix (crypto):
|
||||
- Disable the unused batch verification feature of ed25519-donna. Fixes
|
||||
bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence.
|
||||
|
||||
o Minor bugfixes (relay, backport from 0.4.6.x):
|
||||
- Reduce the compression level for data streaming from HIGH to LOW. Fixes
|
||||
bug 40301; bugfix on 0.3.5.1-alpha.
|
||||
|
||||
|
||||
Changes in version 0.4.6.6 - 2021-06-30
|
||||
Tor 0.4.6.6 makes several small fixes on 0.4.6.5, including one that
|
||||
allows Tor to build correctly on older versions of GCC. You should
|
||||
|
||||
Loading…
Reference in New Issue
Block a user