[or-cvs] [tor/maint-0.2.1] forward-port the release notes

arma at seul.org arma at seul.org
Fri Jul 24 20:55:08 UTC 2009

Author: Roger Dingledine <arma at torproject.org>
Date: Fri, 24 Jul 2009 16:54:54 -0400
Subject: forward-port the release notes
Commit: 6277aee031e6889d44e2c90877acaa17948c77d8

 ReleaseNotes |   31 +++++++++++++++++++++++++++++++
 1 files changed, 31 insertions(+), 0 deletions(-)

diff --git a/ReleaseNotes b/ReleaseNotes
index 81d93b9..013ccb3 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -3,6 +3,37 @@ This document summarizes new features and bugfixes in each stable release
 of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.
+Changes in version - 2009-06-24
+  o Security fix:
+    - Avoid crashing in the presence of certain malformed descriptors.
+      Found by lark, and by automated fuzzing.
+    - Fix an edge case where a malicious exit relay could convince a
+      controller that the client's DNS question resolves to an internal IP
+      address. Bug found and fixed by "optimist"; bugfix on
+  o Major bugfixes:
+    - Finally fix the bug where dynamic-IP relays disappear when their
+      IP address changes: directory mirrors were mistakenly telling
+      them their old address if they asked via begin_dir, so they
+      never got an accurate answer about their new address, so they
+      just vanished after a day. For belt-and-suspenders, relays that
+      don't set Address in their config now avoid using begin_dir for
+      all direct connections. Should fix bugs 827, 883, and 900.
+    - Fix a timing-dependent, allocator-dependent, DNS-related crash bug
+      that would occur on some exit nodes when DNS failures and timeouts
+      occurred in certain patterns. Fix for bug 957.
+  o Minor bugfixes:
+    - When starting with a cache over a few days old, do not leak
+      memory for the obsolete router descriptors in it. Bugfix on
+; fixes bug 672.
+    - Hidden service clients didn't use a cached service descriptor that
+      was older than 15 minutes, but wouldn't fetch a new one either,
+      because there was already one in the cache. Now, fetch a v2
+      descriptor unless the same descriptor was added to the cache within
+      the last 15 minutes. Fixes bug 997; reported by Marcus Griep.
 Changes in version - 2009-02-08
   Tor features several more security-related fixes. You should
   upgrade, especially if you run an exit relay (remote crash) or a

More information about the tor-commits mailing list