mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
Merge remote branch 'origin/maint-0.2.1'
Conflicts: ChangeLog configure.in contrib/tor-mingw.nsi.in src/win32/orconfig.h
This commit is contained in:
commit
715f104eeb
39
ChangeLog
39
ChangeLog
@ -53,7 +53,17 @@ Changes in version 0.2.2.8-alpha - 2010-01-26
|
|||||||
refuse to listen.
|
refuse to listen.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.1.23 - 2010-0?-??
|
Changes in version 0.2.1.24 - 2010-??-??
|
||||||
|
o Minor bugfixes:
|
||||||
|
- Work correctly out-of-the-box with even more vendor-patched versions
|
||||||
|
of OpenSSL.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.2.1.23 - 2010-02-13
|
||||||
|
Tor 0.2.1.23 fixes a huge client-side performance bug, makes Tor work
|
||||||
|
again on the latest OS X, and updates the location of a directory
|
||||||
|
authority.
|
||||||
|
|
||||||
o Major bugfixes (performance):
|
o Major bugfixes (performance):
|
||||||
- We were selecting our guards uniformly at random, and then weighting
|
- We were selecting our guards uniformly at random, and then weighting
|
||||||
which of our guards we'd use uniformly at random. This imbalance
|
which of our guards we'd use uniformly at random. This imbalance
|
||||||
@ -64,20 +74,25 @@ Changes in version 0.2.1.23 - 2010-0?-??
|
|||||||
bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry.
|
bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry.
|
||||||
|
|
||||||
o Major bugfixes:
|
o Major bugfixes:
|
||||||
|
- Make Tor work again on the latest OS X: when deciding whether to
|
||||||
|
use strange flags to turn TLS renegotiation on, detect the OpenSSL
|
||||||
|
version at run-time, not compile time. We need to do this because
|
||||||
|
Apple doesn't update its dev-tools headers when it updates its
|
||||||
|
libraries in a security patch.
|
||||||
- Fix a potential buffer overflow in lookup_last_hid_serv_request()
|
- Fix a potential buffer overflow in lookup_last_hid_serv_request()
|
||||||
that could happen on 32-bit platforms with 64-bit time_t. Also fix
|
that could happen on 32-bit platforms with 64-bit time_t. Also fix
|
||||||
a memory leak when requesting a hidden service descriptor we've
|
a memory leak when requesting a hidden service descriptor we've
|
||||||
requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found
|
requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found
|
||||||
by aakova.
|
by aakova.
|
||||||
|
|
||||||
|
o Directory authority changes:
|
||||||
|
- Change IP address for dannenberg (v3 directory authority), and
|
||||||
|
remove moria2 (obsolete v1, v2 directory authority and v0 hidden
|
||||||
|
service directory authority) from the list.
|
||||||
|
|
||||||
o Minor bugfixes:
|
o Minor bugfixes:
|
||||||
- When deciding whether to use strange flags to turn TLS renegotiation
|
- Refactor resolve_my_address() to not use gethostbyname() anymore.
|
||||||
on, detect the OpenSSL version at run-time, not compile time. We
|
Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike Mestnik.
|
||||||
need to do this because Apple doesn't update its dev-tools headers
|
|
||||||
when it updates its libraries in a security patch.
|
|
||||||
- Refactor resolve_my_address() a little, to not use gethostbyname()
|
|
||||||
anymore. Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike
|
|
||||||
Mestnik.
|
|
||||||
|
|
||||||
o Minor features:
|
o Minor features:
|
||||||
- Avoid a mad rush at the beginning of each month when each client
|
- Avoid a mad rush at the beginning of each month when each client
|
||||||
|
38
ReleaseNotes
38
ReleaseNotes
@ -3,6 +3,44 @@ This document summarizes new features and bugfixes in each stable release
|
|||||||
of Tor. If you want to see more detailed descriptions of the changes in
|
of Tor. If you want to see more detailed descriptions of the changes in
|
||||||
each development snapshot, see the ChangeLog file.
|
each development snapshot, see the ChangeLog file.
|
||||||
|
|
||||||
|
Changes in version 0.2.1.23 - 2010-02-13
|
||||||
|
Tor 0.2.1.23 fixes a huge client-side performance bug, makes Tor work
|
||||||
|
again on the latest OS X, and updates the location of a directory
|
||||||
|
authority.
|
||||||
|
|
||||||
|
o Major bugfixes (performance):
|
||||||
|
- We were selecting our guards uniformly at random, and then weighting
|
||||||
|
which of our guards we'd use uniformly at random. This imbalance
|
||||||
|
meant that Tor clients were severely limited on throughput (and
|
||||||
|
probably latency too) by the first hop in their circuit. Now we
|
||||||
|
select guards weighted by currently advertised bandwidth. We also
|
||||||
|
automatically discard guards picked using the old algorithm. Fixes
|
||||||
|
bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry.
|
||||||
|
|
||||||
|
o Major bugfixes:
|
||||||
|
- Make Tor work again on the latest OS X: when deciding whether to
|
||||||
|
use strange flags to turn TLS renegotiation on, detect the OpenSSL
|
||||||
|
version at run-time, not compile time. We need to do this because
|
||||||
|
Apple doesn't update its dev-tools headers when it updates its
|
||||||
|
libraries in a security patch.
|
||||||
|
- Fix a potential buffer overflow in lookup_last_hid_serv_request()
|
||||||
|
that could happen on 32-bit platforms with 64-bit time_t. Also fix
|
||||||
|
a memory leak when requesting a hidden service descriptor we've
|
||||||
|
requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found
|
||||||
|
by aakova.
|
||||||
|
|
||||||
|
o Minor bugfixes:
|
||||||
|
- Refactor resolve_my_address() to not use gethostbyname() anymore.
|
||||||
|
Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike Mestnik.
|
||||||
|
|
||||||
|
o Minor features:
|
||||||
|
- Avoid a mad rush at the beginning of each month when each client
|
||||||
|
rotates half of its guards. Instead we spread the rotation out
|
||||||
|
throughout the month, but we still avoid leaving a precise timestamp
|
||||||
|
in the state file about when we first picked the guard. Improves
|
||||||
|
over the behavior introduced in 0.1.2.17.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.1.22 - 2010-01-19
|
Changes in version 0.2.1.22 - 2010-01-19
|
||||||
Tor 0.2.1.22 fixes a critical privacy problem in bridge directory
|
Tor 0.2.1.22 fixes a critical privacy problem in bridge directory
|
||||||
authorities -- it would tell you its whole history of bridge descriptors
|
authorities -- it would tell you its whole history of bridge descriptors
|
||||||
|
@ -8,6 +8,7 @@
|
|||||||
!include "LogicLib.nsh"
|
!include "LogicLib.nsh"
|
||||||
!include "FileFunc.nsh"
|
!include "FileFunc.nsh"
|
||||||
!insertmacro GetParameters
|
!insertmacro GetParameters
|
||||||
|
|
||||||
!define VERSION "0.2.2.8-alpha-dev"
|
!define VERSION "0.2.2.8-alpha-dev"
|
||||||
!define INSTALLER "tor-${VERSION}-win32.exe"
|
!define INSTALLER "tor-${VERSION}-win32.exe"
|
||||||
!define WEBSITE "https://www.torproject.org/"
|
!define WEBSITE "https://www.torproject.org/"
|
||||||
|
@ -368,7 +368,7 @@ tor_tls_init(void)
|
|||||||
* OpenSSL 0.9.8l.
|
* OpenSSL 0.9.8l.
|
||||||
*
|
*
|
||||||
* No, we can't just set flag 0x0010 everywhere. It breaks Tor with
|
* No, we can't just set flag 0x0010 everywhere. It breaks Tor with
|
||||||
* OpenSSL 1.0.0beta, since i. No, we can't just set option
|
* OpenSSL 1.0.0beta3 and later. No, we can't just set option
|
||||||
* 0x00040000L everywhere: before 0.9.8m, it meant something else.
|
* 0x00040000L everywhere: before 0.9.8m, it meant something else.
|
||||||
*
|
*
|
||||||
* No, we can't simply detect whether the flag or the option is present
|
* No, we can't simply detect whether the flag or the option is present
|
||||||
@ -381,7 +381,7 @@ tor_tls_init(void)
|
|||||||
*/
|
*/
|
||||||
if (version >= 0x009080c0L && version < 0x009080d0L) {
|
if (version >= 0x009080c0L && version < 0x009080d0L) {
|
||||||
log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; "
|
log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; "
|
||||||
"I will try SSL3_FLAGS to enable renegotation.",
|
"I will try SSL3_FLAGS to enable renegotation.",
|
||||||
SSLeay_version(SSLEAY_VERSION));
|
SSLeay_version(SSLEAY_VERSION));
|
||||||
use_unsafe_renegotiation_flag = 1;
|
use_unsafe_renegotiation_flag = 1;
|
||||||
use_unsafe_renegotiation_op = 1;
|
use_unsafe_renegotiation_op = 1;
|
||||||
@ -390,6 +390,13 @@ tor_tls_init(void)
|
|||||||
"I will try SSL_OP to enable renegotiation",
|
"I will try SSL_OP to enable renegotiation",
|
||||||
SSLeay_version(SSLEAY_VERSION));
|
SSLeay_version(SSLEAY_VERSION));
|
||||||
use_unsafe_renegotiation_op = 1;
|
use_unsafe_renegotiation_op = 1;
|
||||||
|
} else if (version < 0x009080c0L) {
|
||||||
|
log_notice(LD_GENERAL, "OpenSSL %s [%lx] looks like it's older than "
|
||||||
|
"0.9.8l, but some vendors have backported 0.9.8l's "
|
||||||
|
"renegotiation code to earlier versions. I'll set "
|
||||||
|
"SSL3_FLAGS just to be safe.",
|
||||||
|
SSLeay_version(SSLEAY_VERSION), version);
|
||||||
|
use_unsafe_renegotiation_flag = 1;
|
||||||
} else {
|
} else {
|
||||||
log_info(LD_GENERAL, "OpenSSL %s has version %lx",
|
log_info(LD_GENERAL, "OpenSSL %s has version %lx",
|
||||||
SSLeay_version(SSLEAY_VERSION), version);
|
SSLeay_version(SSLEAY_VERSION), version);
|
||||||
|
@ -738,8 +738,6 @@ add_default_trusted_dir_authorities(authority_type_t type)
|
|||||||
"moria1 orport=9101 no-v2 "
|
"moria1 orport=9101 no-v2 "
|
||||||
"v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
|
"v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 "
|
||||||
"128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
|
"128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
|
||||||
"moria2 v1 orport=9002 128.31.0.34:9032 "
|
|
||||||
"719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF",
|
|
||||||
"tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
|
"tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
|
||||||
"86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
|
"86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
|
||||||
"dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
|
"dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
|
||||||
@ -753,7 +751,7 @@ add_default_trusted_dir_authorities(authority_type_t type)
|
|||||||
"80.190.246.100:8180 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
|
"80.190.246.100:8180 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
|
||||||
"dannenberg orport=443 no-v2 "
|
"dannenberg orport=443 no-v2 "
|
||||||
"v3ident=585769C78764D58426B8B52B6651A5A71137189A "
|
"v3ident=585769C78764D58426B8B52B6651A5A71137189A "
|
||||||
"213.73.91.31:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
|
"193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
|
||||||
"urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C "
|
"urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C "
|
||||||
"208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
|
"208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
|
||||||
NULL
|
NULL
|
||||||
|
Loading…
Reference in New Issue
Block a user