summaryrefslogtreecommitdiff
path: root/ReleaseNotes
diff options
context:
space:
mode:
Diffstat (limited to 'ReleaseNotes')
-rw-r--r--ReleaseNotes59
1 files changed, 59 insertions, 0 deletions
diff --git a/ReleaseNotes b/ReleaseNotes
index 93e38faf3f..9e02374bac 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -3,6 +3,42 @@ This document summarizes new features and bugfixes in each stable release
of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
+Changes in version 0.2.2.39 - 2012-09-11
+ Tor 0.2.2.39 fixes two more opportunities for remotely triggerable
+ assertions.
+
+ o Security fixes:
+ - Fix an assertion failure in tor_timegm() that could be triggered
+ by a badly formatted directory object. Bug found by fuzzing with
+ Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
+ - Do not crash when comparing an address with port value 0 to an
+ address policy. This bug could have been used to cause a remote
+ assertion failure by or against directory authorities, or to
+ allow some applications to crash clients. Fixes bug 6690; bugfix
+ on 0.2.1.10-alpha.
+
+
+Changes in version 0.2.2.38 - 2012-08-12
+ Tor 0.2.2.38 fixes a remotely triggerable crash bug, and fixes a timing
+ attack that could in theory leak path information.
+
+ o Security fixes:
+ - Avoid an uninitialized memory read when reading a vote or consensus
+ document that has an unrecognized flavor name. This read could
+ lead to a remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha.
+ - Try to leak less information about what relays a client is
+ choosing to a side-channel attacker. Previously, a Tor client would
+ stop iterating through the list of available relays as soon as it
+ had chosen one, thus finishing a little earlier when it picked
+ a router earlier in the list. If an attacker can recover this
+ timing information (nontrivial but not proven to be impossible),
+ they could learn some coarse-grained information about which relays
+ a client was picking (middle nodes in particular are likelier to
+ be affected than exits). The timing attack might be mitigated by
+ other factors (see bug 6537 for some discussion), but it's best
+ not to take chances. Fixes bug 6537; bugfix on 0.0.8rc1.
+
+
Changes in version 0.2.2.37 - 2012-06-06
Tor 0.2.2.37 introduces a workaround for a critical renegotiation
bug in OpenSSL 1.0.1 (where 20% of the Tor network can't talk to itself
@@ -294,6 +330,29 @@ Changes in version 0.2.2.35 - 2011-12-16
by removing an absolute path from makensis.exe command.
+Changes in version 0.2.1.32 - 2011-12-16
+ Tor 0.2.1.32 backports important security and privacy fixes for
+ oldstable. This release is intended only for package maintainers and
+ others who cannot use the 0.2.2 stable series. All others should be
+ using Tor 0.2.2.x or newer.
+
+ The Tor 0.2.1.x series will reach formal end-of-life some time in
+ early 2012; we will stop releasing patches for it then.
+
+ o Major bugfixes (also included in 0.2.2.x):
+ - Correctly sanity-check that we don't underflow on a memory
+ allocation (and then assert) for hidden service introduction
+ point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410;
+ bugfix on 0.2.1.5-alpha.
+ - Fix a heap overflow bug that could occur when trying to pull
+ data into the first chunk of a buffer, when that chunk had
+ already had some data drained from it. Fixes CVE-2011-2778;
+ bugfix on 0.2.0.16-alpha. Reported by "Vektor".
+
+ o Minor features:
+ - Update to the December 6 2011 Maxmind GeoLite Country database.
+
+
Changes in version 0.2.2.34 - 2011-10-26
Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker
can deanonymize Tor users. Everybody should upgrade.
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion