mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 13:53:31 +01:00
and bring all the changelogs into master too
This commit is contained in:
parent
e3f4a96528
commit
b8ef2eaba4
114
ChangeLog
114
ChangeLog
@ -1,6 +1,120 @@
|
|||||||
Changes in version 0.2.6.1-alpha - 2014-??-??
|
Changes in version 0.2.6.1-alpha - 2014-??-??
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.2.5.6-alpha - 2014-07-28
|
||||||
|
Tor 0.2.5.6-alpha brings us a big step closer to slowing down the
|
||||||
|
risk from guard rotation, and fixes a variety of other issues to get
|
||||||
|
us closer to a release candidate.
|
||||||
|
|
||||||
|
o Major features (also in 0.2.4.23):
|
||||||
|
- Make the number of entry guards configurable via a new
|
||||||
|
NumEntryGuards consensus parameter, and the number of directory
|
||||||
|
guards configurable via a new NumDirectoryGuards consensus
|
||||||
|
parameter. Implements ticket 12688.
|
||||||
|
|
||||||
|
o Major bugfixes (also in 0.2.4.23):
|
||||||
|
- Fix a bug in the bounds-checking in the 32-bit curve25519-donna
|
||||||
|
implementation that caused incorrect results on 32-bit
|
||||||
|
implementations when certain malformed inputs were used along with
|
||||||
|
a small class of private ntor keys. This bug does not currently
|
||||||
|
appear to allow an attacker to learn private keys or impersonate a
|
||||||
|
Tor server, but it could provide a means to distinguish 32-bit Tor
|
||||||
|
implementations from 64-bit Tor implementations. Fixes bug 12694;
|
||||||
|
bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
|
||||||
|
Adam Langley.
|
||||||
|
|
||||||
|
o Major bugfixes:
|
||||||
|
- Perform circuit cleanup operations even when circuit
|
||||||
|
construction operations are disabled (because the network is
|
||||||
|
disabled, or because there isn't enough directory information).
|
||||||
|
Previously, when we were not building predictive circuits, we
|
||||||
|
were not closing expired circuits either. Fixes bug 8387; bugfix on
|
||||||
|
0.1.1.11-alpha. This bug became visible in 0.2.4.10-alpha when we
|
||||||
|
became more strict about when we have "enough directory information
|
||||||
|
to build circuits".
|
||||||
|
|
||||||
|
o Minor features:
|
||||||
|
- Authorities now assign the Guard flag to the fastest 25% of the
|
||||||
|
network (it used to be the fastest 50%). Also raise the consensus
|
||||||
|
weight that guarantees the Guard flag from 250 to 2000. For the
|
||||||
|
current network, this results in about 1100 guards, down from 2500.
|
||||||
|
This step paves the way for moving the number of entry guards
|
||||||
|
down to 1 (proposal 236) while still providing reasonable expected
|
||||||
|
performance for most users. Implements ticket 12690.
|
||||||
|
- Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
- Slightly enhance the diagnostic message for bug 12184.
|
||||||
|
|
||||||
|
o Minor bugfixes (also in 0.2.4.23):
|
||||||
|
- Warn and drop the circuit if we receive an inbound 'relay early'
|
||||||
|
cell. Those used to be normal to receive on hidden service circuits
|
||||||
|
due to bug 1038, but the buggy Tor versions are long gone from
|
||||||
|
the network so we can afford to resume watching for them. Resolves
|
||||||
|
the rest of bug 1038; bugfix on 0.2.1.19.
|
||||||
|
- Correct a confusing error message when trying to extend a circuit
|
||||||
|
via the control protocol but we don't know a descriptor or
|
||||||
|
microdescriptor for one of the specified relays. Fixes bug 12718;
|
||||||
|
bugfix on 0.2.3.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes:
|
||||||
|
- Fix compilation when building with bufferevents enabled. (This
|
||||||
|
configuration is still not expected to work, however.)
|
||||||
|
Fixes bugs 12438, 12474, 11578; bugfixes on 0.2.5.1-alpha and
|
||||||
|
0.2.5.3-alpha. Patches from Anthony G. Basile and Sathyanarayanan
|
||||||
|
Gunasekaran.
|
||||||
|
- Compile correctly with builds and forks of OpenSSL (such as
|
||||||
|
LibreSSL) that disable compression. Fixes bug 12602; bugfix on
|
||||||
|
0.2.1.1-alpha. Patch from "dhill".
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.2.4.23 - 2014-07-28
|
||||||
|
Tor 0.2.4.23 brings us a big step closer to slowing down the risk from
|
||||||
|
guard rotation, and also backports several important fixes from the
|
||||||
|
Tor 0.2.5 alpha release series.
|
||||||
|
|
||||||
|
o Major features:
|
||||||
|
- Clients now look at the "usecreatefast" consensus parameter to
|
||||||
|
decide whether to use CREATE_FAST or CREATE cells for the first hop
|
||||||
|
of their circuit. This approach can improve security on connections
|
||||||
|
where Tor's circuit handshake is stronger than the available TLS
|
||||||
|
connection security levels, but the tradeoff is more computational
|
||||||
|
load on guard relays. Implements proposal 221. Resolves ticket 9386.
|
||||||
|
- Make the number of entry guards configurable via a new
|
||||||
|
NumEntryGuards consensus parameter, and the number of directory
|
||||||
|
guards configurable via a new NumDirectoryGuards consensus
|
||||||
|
parameter. Implements ticket 12688.
|
||||||
|
|
||||||
|
o Major bugfixes:
|
||||||
|
- Fix a bug in the bounds-checking in the 32-bit curve25519-donna
|
||||||
|
implementation that caused incorrect results on 32-bit
|
||||||
|
implementations when certain malformed inputs were used along with
|
||||||
|
a small class of private ntor keys. This bug does not currently
|
||||||
|
appear to allow an attacker to learn private keys or impersonate a
|
||||||
|
Tor server, but it could provide a means to distinguish 32-bit Tor
|
||||||
|
implementations from 64-bit Tor implementations. Fixes bug 12694;
|
||||||
|
bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
|
||||||
|
Adam Langley.
|
||||||
|
|
||||||
|
o Minor bugfixes:
|
||||||
|
- Warn and drop the circuit if we receive an inbound 'relay early'
|
||||||
|
cell. Those used to be normal to receive on hidden service circuits
|
||||||
|
due to bug 1038, but the buggy Tor versions are long gone from
|
||||||
|
the network so we can afford to resume watching for them. Resolves
|
||||||
|
the rest of bug 1038; bugfix on 0.2.1.19.
|
||||||
|
- Correct a confusing error message when trying to extend a circuit
|
||||||
|
via the control protocol but we don't know a descriptor or
|
||||||
|
microdescriptor for one of the specified relays. Fixes bug 12718;
|
||||||
|
bugfix on 0.2.3.1-alpha.
|
||||||
|
- Avoid an illegal read from stack when initializing the TLS
|
||||||
|
module using a version of OpenSSL without all of the ciphers
|
||||||
|
used by the v2 link handshake. Fixes bug 12227; bugfix on
|
||||||
|
0.2.4.8-alpha. Found by "starlight".
|
||||||
|
|
||||||
|
o Minor features:
|
||||||
|
- Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.5.5-alpha - 2014-06-18
|
Changes in version 0.2.5.5-alpha - 2014-06-18
|
||||||
Tor 0.2.5.5-alpha fixes a wide variety of remaining issues in the Tor
|
Tor 0.2.5.5-alpha fixes a wide variety of remaining issues in the Tor
|
||||||
0.2.5.x release series, including a couple of DoS issues, some
|
0.2.5.x release series, including a couple of DoS issues, some
|
||||||
|
48
ReleaseNotes
48
ReleaseNotes
@ -3,6 +3,54 @@ This document summarizes new features and bugfixes in each stable release
|
|||||||
of Tor. If you want to see more detailed descriptions of the changes in
|
of Tor. If you want to see more detailed descriptions of the changes in
|
||||||
each development snapshot, see the ChangeLog file.
|
each development snapshot, see the ChangeLog file.
|
||||||
|
|
||||||
|
Changes in version 0.2.4.23 - 2014-07-28
|
||||||
|
Tor 0.2.4.23 brings us a big step closer to slowing down the risk from
|
||||||
|
guard rotation, and also backports several important fixes from the
|
||||||
|
Tor 0.2.5 alpha release series.
|
||||||
|
|
||||||
|
o Major features:
|
||||||
|
- Clients now look at the "usecreatefast" consensus parameter to
|
||||||
|
decide whether to use CREATE_FAST or CREATE cells for the first hop
|
||||||
|
of their circuit. This approach can improve security on connections
|
||||||
|
where Tor's circuit handshake is stronger than the available TLS
|
||||||
|
connection security levels, but the tradeoff is more computational
|
||||||
|
load on guard relays. Implements proposal 221. Resolves ticket 9386.
|
||||||
|
- Make the number of entry guards configurable via a new
|
||||||
|
NumEntryGuards consensus parameter, and the number of directory
|
||||||
|
guards configurable via a new NumDirectoryGuards consensus
|
||||||
|
parameter. Implements ticket 12688.
|
||||||
|
|
||||||
|
o Major bugfixes:
|
||||||
|
- Fix a bug in the bounds-checking in the 32-bit curve25519-donna
|
||||||
|
implementation that caused incorrect results on 32-bit
|
||||||
|
implementations when certain malformed inputs were used along with
|
||||||
|
a small class of private ntor keys. This bug does not currently
|
||||||
|
appear to allow an attacker to learn private keys or impersonate a
|
||||||
|
Tor server, but it could provide a means to distinguish 32-bit Tor
|
||||||
|
implementations from 64-bit Tor implementations. Fixes bug 12694;
|
||||||
|
bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
|
||||||
|
Adam Langley.
|
||||||
|
|
||||||
|
o Minor bugfixes:
|
||||||
|
- Warn and drop the circuit if we receive an inbound 'relay early'
|
||||||
|
cell. Those used to be normal to receive on hidden service circuits
|
||||||
|
due to bug 1038, but the buggy Tor versions are long gone from
|
||||||
|
the network so we can afford to resume watching for them. Resolves
|
||||||
|
the rest of bug 1038; bugfix on 0.2.1.19.
|
||||||
|
- Correct a confusing error message when trying to extend a circuit
|
||||||
|
via the control protocol but we don't know a descriptor or
|
||||||
|
microdescriptor for one of the specified relays. Fixes bug 12718;
|
||||||
|
bugfix on 0.2.3.1-alpha.
|
||||||
|
- Avoid an illegal read from stack when initializing the TLS
|
||||||
|
module using a version of OpenSSL without all of the ciphers
|
||||||
|
used by the v2 link handshake. Fixes bug 12227; bugfix on
|
||||||
|
0.2.4.8-alpha. Found by "starlight".
|
||||||
|
|
||||||
|
o Minor features:
|
||||||
|
- Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.4.22 - 2014-05-16
|
Changes in version 0.2.4.22 - 2014-05-16
|
||||||
Tor 0.2.4.22 backports numerous high-priority fixes from the Tor 0.2.5
|
Tor 0.2.4.22 backports numerous high-priority fixes from the Tor 0.2.5
|
||||||
alpha release series. These include blocking all authority signing
|
alpha release series. These include blocking all authority signing
|
||||||
|
Loading…
Reference in New Issue
Block a user