mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-23 20:03:31 +01:00
forward-port the 0.2.4.25 changelog to master changelog and releasenotes
This commit is contained in:
parent
affa251c83
commit
c6416f31a5
50
ChangeLog
50
ChangeLog
@ -1,6 +1,56 @@
|
|||||||
Changes in version 0.2.6.1-alpha - 2014-??-??
|
Changes in version 0.2.6.1-alpha - 2014-??-??
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.2.5.9-rc - 2014-10-20
|
||||||
|
Tor 0.2.5.9-rc is the third release candidate for the Tor 0.2.5.x
|
||||||
|
series. It disables SSL3 in response to the recent "POODLE" attack
|
||||||
|
(even though POODLE does not affect Tor). It also works around a crash
|
||||||
|
bug caused by some operating systems' response to the "POODLE" attack
|
||||||
|
(which does affect Tor). It also contains a few miscellaneous fixes.
|
||||||
|
|
||||||
|
o Major security fixes:
|
||||||
|
- Disable support for SSLv3. All versions of OpenSSL in use with Tor
|
||||||
|
today support TLS 1.0 or later, so we can safely turn off support
|
||||||
|
for this old (and insecure) protocol. Fixes bug 13426.
|
||||||
|
|
||||||
|
o Major bugfixes (openssl bug workaround):
|
||||||
|
- Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
|
||||||
|
1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
|
||||||
|
13471. This is a workaround for an OpenSSL bug.
|
||||||
|
|
||||||
|
o Minor bugfixes:
|
||||||
|
- Disable the sandbox name resolver cache when running tor-resolve:
|
||||||
|
tor-resolve doesn't use the sandbox code, and turning it on was
|
||||||
|
breaking attempts to do tor-resolve on a non-default server on
|
||||||
|
Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha.
|
||||||
|
|
||||||
|
o Compilation fixes:
|
||||||
|
- Build and run correctly on systems like OpenBSD-current that have
|
||||||
|
patched OpenSSL to remove get_cipher_by_char and/or its
|
||||||
|
implementations. Fixes issue 13325.
|
||||||
|
|
||||||
|
o Downgraded warnings:
|
||||||
|
- Downgrade the severity of the 'unexpected sendme cell from client'
|
||||||
|
from 'warn' to 'protocol warning'. Closes ticket 8093.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.2.4.25 - 2014-10-20
|
||||||
|
Tor 0.2.4.25 disables SSL3 in response to the recent "POODLE" attack
|
||||||
|
(even though POODLE does not affect Tor). It also works around a crash
|
||||||
|
bug caused by some operating systems' response to the "POODLE" attack
|
||||||
|
(which does affect Tor).
|
||||||
|
|
||||||
|
o Major security fixes (also in 0.2.5.9-rc):
|
||||||
|
- Disable support for SSLv3. All versions of OpenSSL in use with Tor
|
||||||
|
today support TLS 1.0 or later, so we can safely turn off support
|
||||||
|
for this old (and insecure) protocol. Fixes bug 13426.
|
||||||
|
|
||||||
|
o Major bugfixes (openssl bug workaround, also in 0.2.5.9-rc):
|
||||||
|
- Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
|
||||||
|
1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
|
||||||
|
13471. This is a workaround for an OpenSSL bug.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.5.8-rc - 2014-09-22
|
Changes in version 0.2.5.8-rc - 2014-09-22
|
||||||
Tor 0.2.5.8-rc is the second release candidate for the Tor 0.2.5.x
|
Tor 0.2.5.8-rc is the second release candidate for the Tor 0.2.5.x
|
||||||
series. It fixes a bug that affects consistency and speed when
|
series. It fixes a bug that affects consistency and speed when
|
||||||
|
17
ReleaseNotes
17
ReleaseNotes
@ -3,6 +3,23 @@ This document summarizes new features and bugfixes in each stable release
|
|||||||
of Tor. If you want to see more detailed descriptions of the changes in
|
of Tor. If you want to see more detailed descriptions of the changes in
|
||||||
each development snapshot, see the ChangeLog file.
|
each development snapshot, see the ChangeLog file.
|
||||||
|
|
||||||
|
Changes in version 0.2.4.25 - 2014-10-20
|
||||||
|
Tor 0.2.4.25 disables SSL3 in response to the recent "POODLE" attack
|
||||||
|
(even though POODLE does not affect Tor). It also works around a crash
|
||||||
|
bug caused by some operating systems' response to the "POODLE" attack
|
||||||
|
(which does affect Tor).
|
||||||
|
|
||||||
|
o Major security fixes (also in 0.2.5.9-rc):
|
||||||
|
- Disable support for SSLv3. All versions of OpenSSL in use with Tor
|
||||||
|
today support TLS 1.0 or later, so we can safely turn off support
|
||||||
|
for this old (and insecure) protocol. Fixes bug 13426.
|
||||||
|
|
||||||
|
o Major bugfixes (openssl bug workaround, also in 0.2.5.9-rc):
|
||||||
|
- Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
|
||||||
|
1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
|
||||||
|
13471. This is a workaround for an OpenSSL bug.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.4.24 - 2014-09-22
|
Changes in version 0.2.4.24 - 2014-09-22
|
||||||
Tor 0.2.4.24 fixes a bug that affects consistency and speed when
|
Tor 0.2.4.24 fixes a bug that affects consistency and speed when
|
||||||
connecting to hidden services, and it updates the location of one of
|
connecting to hidden services, and it updates the location of one of
|
||||||
|
Loading…
Reference in New Issue
Block a user