[tor-commits] [tor/release-0.2.2] fold in the next 0.2.2 changes
arma at torproject.org
arma at torproject.org
Thu Jan 5 23:38:50 UTC 2012
commit 6c02f4d2e3103cf48c3d47b311ddbb07b308d8a1
Author: Roger Dingledine <arma at torproject.org>
Date: Thu Jan 5 18:38:32 2012 -0500
fold in the next 0.2.2 changes
---
ChangeLog | 56 +++++++++++++++++++++++++++++++++++++++++++++
changes/bug1240 | 8 ------
changes/bug4786 | 9 -------
changes/bug4788 | 6 -----
changes/bug4803 | 4 ---
changes/bug4822 | 13 ----------
changes/clang_30_options | 5 ----
changes/geoip-january2012 | 3 --
changes/timersub_bug | 7 -----
9 files changed, 56 insertions(+), 55 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 55bd9f7..cb1b764 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,59 @@
+Changes in version 0.2.2.36 - 2012-01-06
+ o Major security workaround:
+ - When building or running with any version of OpenSSL earlier
+ than 0.9.8s or 1.0.0f, disable SSLv3 support. These OpenSSL
+ versions had a bug (CVE-2011-4576) in which their block cipher
+ padding included uninitialized data, potentially leaking sensitive
+ information to any peer with whom they made a SSLv3 connection. Tor
+ does not use SSL v3 by default, but a hostile client or server
+ could force an SSLv3 connection in order to gain information that
+ they shouldn't have been able to get. The best solution here is to
+ upgrade to OpenSSL 0.9.8s or 1.0.0f (or later). But when building
+ or running with a non-upgraded OpenSSL, we should instead make
+ sure that the bug can't happen by disabling SSLv3 entirely.
+
+ o Major bugfixes:
+ - Provide correct replacements for the timeradd() and timersub()
+ functions for platforms that lack them (for example, windows). The
+ timersub() function is used when expiring circuits, timeradd() is
+ currently unused. Patch written by Vektor, who also reported the
+ bug. Thanks! Bugfix on 0.2.2.24-alpha/0.2.3.1-alpha, fixes bug 4778.
+
+ o Minor bugfixes:
+ - When running with an older Linux kernel that erroneously responds
+ to strange nmap behavior by having accept() return successfully
+ with a zero-length socket, just close the connection. Previously,
+ we would try harder to learn the remote address: but there was
+ no such remote address to learn, and our method for trying to
+ learn it was incorrect. Fixes bugs 1240, 4745, and 4747. Bugfix
+ on 0.1.0.3-rc. Reported and diagnosed by "r1eo".
+ - Correctly spell "connect" in a log message when creating a
+ controlsocket fails. Fixes bug 4803; bugfix on 0.2.2.26-beta and
+ 0.2.3.2-alpha.
+
+ o Minor features:
+ - Directory servers now reject versions of Tor older than 0.2.1.30,
+ and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
+ (inclusive). These versions accounted for only a small fraction of
+ the Tor network, and have numerous known security issues. Resolves
+ issue 4788.
+ - Update to the January 3 2012 Maxmind GeoLite Country database.
+
+ - Feature removal:
+ - When sending or relaying a RELAY_EARLY cell, we used to convert
+ it to a RELAY cell if the connection was using the v1 link
+ protocol. This was a workaround for older versions of Tor, which
+ didn't handle RELAY_EARLY cells properly. Now that all supported
+ versions can handle RELAY_EARLY cells, and now that we're enforcing
+ the "no RELAY_EXTEND commands except in RELAY_EARLY cells" rule,
+ we're removing this workaround. Addresses bug 4786.
+
+ o Code simplifications and refactoring:
+ - During configure, detect when we're building with clang version
+ 3.0 or lower and disable the -Wnormalized=id and -Woverride-init
+ CFLAGS. clang doesn't support them yet.
+
+
Changes in version 0.2.2.35 - 2011-12-16
Tor 0.2.2.35 fixes a critical heap-overflow security issue in Tor's
buffers code. Absolutely everybody should upgrade.
diff --git a/changes/bug1240 b/changes/bug1240
deleted file mode 100644
index 6570664..0000000
--- a/changes/bug1240
+++ /dev/null
@@ -1,8 +0,0 @@
- o Minor bugfixes:
- - When running with an older Linux kernel that erroneously responds
- to strange nmap behavior by having accept() return successfully
- with a zero-length socket, just close the connection. Previously,
- we would try harder to learn the remote address: but there was no
- such remote address to learn, and our method for trying to learn
- it was incorrect. Fixes bugs #1240, #4745, and #4747. Bugfix on
- 0.1.0.3-rc. Reported and diagnosed by "r1eo".
diff --git a/changes/bug4786 b/changes/bug4786
deleted file mode 100644
index 7c1c60f..0000000
--- a/changes/bug4786
+++ /dev/null
@@ -1,9 +0,0 @@
- - Feature removal:
- - When sending or relaying a RELAY_EARLY cell, we used to convert
- it to a RELAY cell if the connection was using the v1 link
- protocol. This was a workaround for older versions of Tor, which
- didn't handle RELAY_EARLY cells properly. Now that all supported
- versions can handle RELAY_EARLY cells, and now that we're
- enforcing the "no RELAY_EXTEND commands except in RELAY_EARLY
- cells" rule, we're removing this workaround. Addresses bug 4786.
-
diff --git a/changes/bug4788 b/changes/bug4788
deleted file mode 100644
index d65c001..0000000
--- a/changes/bug4788
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor features (directory server):
- - Directory servers now reject versions of Tor older than 0.2.1.30,
- and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
- (inclusive). These versions accounted for only a small fraction of
- the Tor network, and have numerous known security issues. Resolves
- issue #4788.
diff --git a/changes/bug4803 b/changes/bug4803
deleted file mode 100644
index cd25266..0000000
--- a/changes/bug4803
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Correctly spell "connect" in a log message when creating a controlsocket
- fails. Fixes bug 4803; bugfix on 0.2.2.26-beta/0.2.3.2-alpha.
-
diff --git a/changes/bug4822 b/changes/bug4822
deleted file mode 100644
index 73f43f0..0000000
--- a/changes/bug4822
+++ /dev/null
@@ -1,13 +0,0 @@
- o Major security workaround:
- - When building or running with any version of OpenSSL earlier
- than 0.9.8s or 1.0.0f, disable SSLv3 support. These versions had
- a bug (CVE-2011-4576) in which their block cipher padding
- included uninitialized data, potentially leaking sensitive
- information to any peer with whom they made a SSLv3
- connection. Tor does not use SSL v3 by default, but a hostile
- client or server could force an SSLv3 connection in order to
- gain information that they shouldn't have been able to get. The
- best solution here is to upgrade to OpenSSL 0.9.8s or 1.0.0f (or
- later). But when building or running with a non-upgraded
- OpenSSL, we should instead make sure that the bug can't happen
- by disabling SSLv3 entirely.
diff --git a/changes/clang_30_options b/changes/clang_30_options
deleted file mode 100644
index e8e34c8..0000000
--- a/changes/clang_30_options
+++ /dev/null
@@ -1,5 +0,0 @@
- o Code simplifications and refactoring:
- - During configure, detect when we're building with clang version 3.0 or
- lower and disable the -Wnormalized=id and -Woverride-init CFLAGS.
- clang doesn't support them yet.
-
diff --git a/changes/geoip-january2012 b/changes/geoip-january2012
deleted file mode 100644
index 2f4180e..0000000
--- a/changes/geoip-january2012
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the January 3 2012 Maxmind GeoLite Country database.
-
diff --git a/changes/timersub_bug b/changes/timersub_bug
deleted file mode 100644
index 9183862..0000000
--- a/changes/timersub_bug
+++ /dev/null
@@ -1,7 +0,0 @@
- o Major bugfixes:
- - Provide correct replacements for the timeradd() and timersub() functions
- for platforms that lack them (for example, windows). The timersub()
- function is used when expiring circuits, timeradd() is currently unused.
- Patch written by Vektor, who also reported the bug. Thanks! Bugfix
- on 0.2.2.24-alpha/0.2.3.1-alpha, fixes bug 4778.
-
More information about the tor-commits
mailing list