diff options
author | Roger Dingledine <arma@torproject.org> | 2009-02-11 22:20:52 +0000 |
---|---|---|
committer | Roger Dingledine <arma@torproject.org> | 2009-02-11 22:20:52 +0000 |
commit | 3661a9147fc03d6ef3cc8fcba6a36b7c73120d98 (patch) | |
tree | 81b30ebea3707ac929b12fd7c5d7cd9d1bd65f70 | |
parent | e115273698275210b54f434b04427b0ab195644d (diff) | |
download | tor-3661a9147fc03d6ef3cc8fcba6a36b7c73120d98.tar.gz tor-3661a9147fc03d6ef3cc8fcba6a36b7c73120d98.zip |
put the 0.2.0.34 blurb in the release notes too
svn:r18496
-rw-r--r-- | ChangeLog | 10 | ||||
-rw-r--r-- | ReleaseNotes | 29 |
2 files changed, 39 insertions, 0 deletions
@@ -1,4 +1,14 @@ Changes in version 0.2.0.34 - 2009-02-08 + Tor 0.2.0.34 features several more security-related fixes. You should + upgrade, especially if you run an exit relay (remote crash) or a + directory authority (remote infinite loop), or you're on an older + (pre-XP) or not-recently-patched Windows (remote exploit). + + This release marks end-of-life for Tor 0.1.2.x. Those Tor versions + have many known flaws, and nobody should be using them. You should + upgrade. If you're using a Linux or BSD and its packages are obsolete, + stop using those packages and upgrade anyway. + o Security fixes: - Fix an infinite-loop bug on handling corrupt votes under certain circumstances. Bugfix on 0.2.0.8-alpha. diff --git a/ReleaseNotes b/ReleaseNotes index 340e3df0ac..2d078286c8 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -3,6 +3,34 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.2.0.34 - 2009-02-08 + Tor 0.2.0.34 features several more security-related fixes. You should + upgrade, especially if you run an exit relay (remote crash) or a + directory authority (remote infinite loop), or you're on an older + (pre-XP) or not-recently-patched Windows (remote exploit). + + This release marks end-of-life for Tor 0.1.2.x. Those Tor versions + have many known flaws, and nobody should be using them. You should + upgrade. If you're using a Linux or BSD and its packages are obsolete, + stop using those packages and upgrade anyway. + + o Security fixes: + - Fix an infinite-loop bug on handling corrupt votes under certain + circumstances. Bugfix on 0.2.0.8-alpha. + - Fix a temporary DoS vulnerability that could be performed by + a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark. + - Avoid a potential crash on exit nodes when processing malformed + input. Remote DoS opportunity. Bugfix on 0.2.0.33. + - Do not accept incomplete ipv4 addresses (like 192.168.0) as valid. + Spec conformance issue. Bugfix on Tor 0.0.2pre27. + + o Minor bugfixes: + - Fix compilation on systems where time_t is a 64-bit integer. + Patch from Matthias Drochner. + - Don't consider expiring already-closed client connections. Fixes + bug 893. Bugfix on 0.0.2pre20. + + Changes in version 0.2.0.33 - 2009-01-21 Tor 0.2.0.33 fixes a variety of bugs that were making relays less useful to users. It also finally fixes a bug where a relay or client @@ -123,6 +151,7 @@ Changes in version 0.2.0.33 - 2009-01-21 compress cells, which are basically all encrypted, compressed, or both. + Changes in version 0.2.0.32 - 2008-11-20 Tor 0.2.0.32 fixes a major security problem in Debian and Ubuntu packages (and maybe other packages) noticed by Theo de Raadt, fixes |