mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
forward-port the 0.2.2.38 changelog
This commit is contained in:
parent
ca90aea5eb
commit
37d19fdfcd
25
ChangeLog
25
ChangeLog
@ -1,3 +1,28 @@
|
|||||||
|
Changes in version 0.2.2.38 - 2012-08-12
|
||||||
|
Tor 0.2.2.38 fixes a rare race condition that can crash exit relays;
|
||||||
|
fixes a remotely triggerable crash bug; and fixes a timing attack that
|
||||||
|
could in theory leak path information.
|
||||||
|
|
||||||
|
o Security fixes:
|
||||||
|
- Avoid read-from-freed-memory and double-free bugs that could occur
|
||||||
|
when a DNS request fails while launching it. Fixes bug 6480;
|
||||||
|
bugfix on 0.2.0.1-alpha.
|
||||||
|
- Avoid an uninitialized memory read when reading a vote or consensus
|
||||||
|
document that has an unrecognized flavor name. This read could
|
||||||
|
lead to a remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha.
|
||||||
|
- Try to leak less information about what relays a client is
|
||||||
|
choosing to a side-channel attacker. Previously, a Tor client would
|
||||||
|
stop iterating through the list of available relays as soon as it
|
||||||
|
had chosen one, thus finishing a little earlier when it picked
|
||||||
|
a router earlier in the list. If an attacker can recover this
|
||||||
|
timing information (nontrivial but not proven to be impossible),
|
||||||
|
they could learn some coarse-grained information about which relays
|
||||||
|
a client was picking (middle nodes in particular are likelier to
|
||||||
|
be affected than exits). The timing attack might be mitigated by
|
||||||
|
other factors (see bug 6537 for some discussion), but it's best
|
||||||
|
not to take chances. Fixes bug 6537; bugfix on 0.0.8rc1.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.3.20-rc - 2012-08-05
|
Changes in version 0.2.3.20-rc - 2012-08-05
|
||||||
Tor 0.2.3.20-rc is the third release candidate for the Tor 0.2.3.x
|
Tor 0.2.3.20-rc is the third release candidate for the Tor 0.2.3.x
|
||||||
series. It fixes a pair of code security bugs and a potential anonymity
|
series. It fixes a pair of code security bugs and a potential anonymity
|
||||||
|
25
ReleaseNotes
25
ReleaseNotes
@ -3,6 +3,31 @@ This document summarizes new features and bugfixes in each stable release
|
|||||||
of Tor. If you want to see more detailed descriptions of the changes in
|
of Tor. If you want to see more detailed descriptions of the changes in
|
||||||
each development snapshot, see the ChangeLog file.
|
each development snapshot, see the ChangeLog file.
|
||||||
|
|
||||||
|
Changes in version 0.2.2.38 - 2012-08-12
|
||||||
|
Tor 0.2.2.38 fixes a rare race condition that can crash exit relays;
|
||||||
|
fixes a remotely triggerable crash bug; and fixes a timing attack that
|
||||||
|
could in theory leak path information.
|
||||||
|
|
||||||
|
o Security fixes:
|
||||||
|
- Avoid read-from-freed-memory and double-free bugs that could occur
|
||||||
|
when a DNS request fails while launching it. Fixes bug 6480;
|
||||||
|
bugfix on 0.2.0.1-alpha.
|
||||||
|
- Avoid an uninitialized memory read when reading a vote or consensus
|
||||||
|
document that has an unrecognized flavor name. This read could
|
||||||
|
lead to a remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha.
|
||||||
|
- Try to leak less information about what relays a client is
|
||||||
|
choosing to a side-channel attacker. Previously, a Tor client would
|
||||||
|
stop iterating through the list of available relays as soon as it
|
||||||
|
had chosen one, thus finishing a little earlier when it picked
|
||||||
|
a router earlier in the list. If an attacker can recover this
|
||||||
|
timing information (nontrivial but not proven to be impossible),
|
||||||
|
they could learn some coarse-grained information about which relays
|
||||||
|
a client was picking (middle nodes in particular are likelier to
|
||||||
|
be affected than exits). The timing attack might be mitigated by
|
||||||
|
other factors (see bug 6537 for some discussion), but it's best
|
||||||
|
not to take chances. Fixes bug 6537; bugfix on 0.0.8rc1.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.2.37 - 2012-06-06
|
Changes in version 0.2.2.37 - 2012-06-06
|
||||||
Tor 0.2.2.37 introduces a workaround for a critical renegotiation
|
Tor 0.2.2.37 introduces a workaround for a critical renegotiation
|
||||||
bug in OpenSSL 1.0.1 (where 20% of the Tor network can't talk to itself
|
bug in OpenSSL 1.0.1 (where 20% of the Tor network can't talk to itself
|
||||||
|
Loading…
Reference in New Issue
Block a user