From 6277aee031e6889d44e2c90877acaa17948c77d8 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Fri, 24 Jul 2009 16:54:54 -0400 Subject: [PATCH] forward-port the 0.2.0.35 release notes --- ReleaseNotes | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/ReleaseNotes b/ReleaseNotes index 81d93b92a5..013ccb3f75 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -3,6 +3,37 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.2.0.35 - 2009-06-24 + o Security fix: + - Avoid crashing in the presence of certain malformed descriptors. + Found by lark, and by automated fuzzing. + - Fix an edge case where a malicious exit relay could convince a + controller that the client's DNS question resolves to an internal IP + address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta. + + o Major bugfixes: + - Finally fix the bug where dynamic-IP relays disappear when their + IP address changes: directory mirrors were mistakenly telling + them their old address if they asked via begin_dir, so they + never got an accurate answer about their new address, so they + just vanished after a day. For belt-and-suspenders, relays that + don't set Address in their config now avoid using begin_dir for + all direct connections. Should fix bugs 827, 883, and 900. + - Fix a timing-dependent, allocator-dependent, DNS-related crash bug + that would occur on some exit nodes when DNS failures and timeouts + occurred in certain patterns. Fix for bug 957. + + o Minor bugfixes: + - When starting with a cache over a few days old, do not leak + memory for the obsolete router descriptors in it. Bugfix on + 0.2.0.33; fixes bug 672. + - Hidden service clients didn't use a cached service descriptor that + was older than 15 minutes, but wouldn't fetch a new one either, + because there was already one in the cache. Now, fetch a v2 + descriptor unless the same descriptor was added to the cache within + the last 15 minutes. Fixes bug 997; reported by Marcus Griep. + + Changes in version 0.2.0.34 - 2009-02-08 Tor 0.2.0.34 features several more security-related fixes. You should upgrade, especially if you run an exit relay (remote crash) or a