diff options
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 16 |
1 files changed, 15 insertions, 1 deletions
@@ -1,10 +1,24 @@ Changes in version 0.3.0.2-alpha - 2017-01-23 - Tor 0.3.0.2-alpha improves how exit relays and clients handle DNS + Tor 0.3.0.2-alpha fixes a denial-of-service bug where an attacker could + cause relays and clients (including hidden services) to crash, even if + they were not built with the --enable-expensive-hardening option. + This bug affects all 0.2.9.x versions, and also affects 0.3.0.1-alpha: + all relays running an affected version should upgrade. + + Tor 0.3.0.2-alpha also improves how exit relays and clients handle DNS time-to-live values, makes directory authorities enforce the 1-to-1 mapping of relay RSA identity keys to ED25519 identity keys, fixes a client-side onion service reachability bug, does better at selecting the set of fallback directories, and more. + o Major bugfixes (security, also in 0.2.9.9): + - Downgrade the "-ftrapv" option from "always on" to "only on when + --enable-expensive-hardening is provided." This hardening option, like + others, can turn survivable bugs into crashes--and having it on by + default made a (relatively harmless) integer overflow bug into a + denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on + 0.2.9.1-alpha. + o Major features (security): - Change the algorithm used to decide DNS TTLs on client and server side, to better resist DNS-based correlation attacks like the |