[tor-commits] [tor/master] forward-port the changelog

arma at torproject.org arma at torproject.org
Tue Aug 7 21:28:10 UTC 2012

commit 0ea3a3a7a60c92726ffd1795a76666adada9f866
Author: Roger Dingledine <arma at torproject.org>
Date:   Tue Aug 7 17:27:03 2012 -0400

    forward-port the changelog
 ChangeLog |   68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 68 insertions(+), 0 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 3d2a5fc..5f985e9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,71 @@
+Changes in version - 2012-08-05
+  Tor is the third release candidate for the Tor 0.2.3.x
+  series. It fixes a pair of code security bugs and a potential anonymity
+  issue, updates our RPM spec files, and cleans up other smaller issues.
+  o Security fixes:
+    - Avoid read-from-freed-memory and double-free bugs that could occur
+      when a DNS request fails while launching it. Fixes bug 6480;
+      bugfix on
+    - Avoid an uninitialized memory read when reading a vote or consensus
+      document that has an unrecognized flavor name. This read could
+      lead to a remote crash bug. Fixes bug 6530; bugfix on
+    - Try to leak less information about what relays a client is
+      choosing to a side-channel attacker. Previously, a Tor client would
+      stop iterating through the list of available relays as soon as it
+      had chosen one, thus finishing a little earlier when it picked
+      a router earlier in the list. If an attacker can recover this
+      timing information (nontrivial but not proven to be impossible),
+      they could learn some coarse-grained information about which relays
+      a client was picking (middle nodes in particular are likelier to
+      be affected than exits). The timing attack might be mitigated by
+      other factors (see bug 6537 for some discussion), but it's best
+      not to take chances. Fixes bug 6537; bugfix on 0.0.8rc1.
+  o Minor features:
+    - Try to make the warning when giving an obsolete SOCKSListenAddress
+      a little more useful.
+    - Terminate active server managed proxies if Tor stops being a
+      relay. Addresses parts of bug 6274; bugfix on
+    - Provide a better error message about possible OSX Asciidoc failure
+      reasons. Fixes bug 6436.
+    - Warn when Tor is configured to use accounting in a way that can
+      link a hidden service to some other hidden service or public
+      address. Resolves ticket 6490.
+  o Minor bugfixes:
+    - Check return value of fputs() when writing authority certificate
+      file. Fixes Coverity issue 709056; bugfix on
+    - Ignore ServerTransportPlugin lines when Tor is not configured as
+      a relay. Fixes bug 6274; bugfix on
+    - When disabling guards for having too high a proportion of failed
+      circuits, make sure to look at each guard. Fixes bug 6397; bugfix
+      on
+  o Packaging (RPM):
+    - Update our default RPM spec files to work with mock and rpmbuild
+      on RHEL/Fedora. They have an updated set of dependencies and
+      conflicts, a fix for an ancient typo when creating the "_tor"
+      user, and better instructions. Thanks to Ondrej Mikle for the
+      patch series. Fixes bug 6043.
+  o Testing:
+    - Make it possible to set the TestingTorNetwork configuration
+      option using AlternateDirAuthority and AlternateBridgeAuthority
+      as an alternative to setting DirServer. Addresses ticket 6377.
+  o Documentation:
+    - Clarify the documentation for the Alternate*Authority options.
+      Fixes bug 6387.
+    - Fix some typos in the manpages. Patch from A. Costa. Fixes bug 6500.
+  o Code simplification and refactoring:
+    - Do not use SMARTLIST_FOREACH for any loop whose body exceeds
+      10 lines. Also, don't nest them. Doing so in the past has
+      led to hard-to-debug code. The new style is to use the
+      SMARTLIST_FOREACH_{BEGIN,END} pair. Addresses issue 6400.
 Changes in version - 2012-07-06
   Tor is the second release candidate for the Tor 0.2.3.x
   series. It fixes the compile on Windows, reverts to a GeoIP database

More information about the tor-commits mailing list