|
@@ -1,6 +1,120 @@
|
|
|
Changes in version 0.2.6.1-alpha - 2014-??-??
|
|
|
|
|
|
|
|
|
+Changes in version 0.2.5.6-alpha - 2014-07-28
|
|
|
+ Tor 0.2.5.6-alpha brings us a big step closer to slowing down the
|
|
|
+ risk from guard rotation, and fixes a variety of other issues to get
|
|
|
+ us closer to a release candidate.
|
|
|
+
|
|
|
+ o Major features (also in 0.2.4.23):
|
|
|
+ - Make the number of entry guards configurable via a new
|
|
|
+ NumEntryGuards consensus parameter, and the number of directory
|
|
|
+ guards configurable via a new NumDirectoryGuards consensus
|
|
|
+ parameter. Implements ticket 12688.
|
|
|
+
|
|
|
+ o Major bugfixes (also in 0.2.4.23):
|
|
|
+ - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
|
|
|
+ implementation that caused incorrect results on 32-bit
|
|
|
+ implementations when certain malformed inputs were used along with
|
|
|
+ a small class of private ntor keys. This bug does not currently
|
|
|
+ appear to allow an attacker to learn private keys or impersonate a
|
|
|
+ Tor server, but it could provide a means to distinguish 32-bit Tor
|
|
|
+ implementations from 64-bit Tor implementations. Fixes bug 12694;
|
|
|
+ bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
|
|
|
+ Adam Langley.
|
|
|
+
|
|
|
+ o Major bugfixes:
|
|
|
+ - Perform circuit cleanup operations even when circuit
|
|
|
+ construction operations are disabled (because the network is
|
|
|
+ disabled, or because there isn't enough directory information).
|
|
|
+ Previously, when we were not building predictive circuits, we
|
|
|
+ were not closing expired circuits either. Fixes bug 8387; bugfix on
|
|
|
+ 0.1.1.11-alpha. This bug became visible in 0.2.4.10-alpha when we
|
|
|
+ became more strict about when we have "enough directory information
|
|
|
+ to build circuits".
|
|
|
+
|
|
|
+ o Minor features:
|
|
|
+ - Authorities now assign the Guard flag to the fastest 25% of the
|
|
|
+ network (it used to be the fastest 50%). Also raise the consensus
|
|
|
+ weight that guarantees the Guard flag from 250 to 2000. For the
|
|
|
+ current network, this results in about 1100 guards, down from 2500.
|
|
|
+ This step paves the way for moving the number of entry guards
|
|
|
+ down to 1 (proposal 236) while still providing reasonable expected
|
|
|
+ performance for most users. Implements ticket 12690.
|
|
|
+ - Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
|
|
|
+ Country database.
|
|
|
+ - Slightly enhance the diagnostic message for bug 12184.
|
|
|
+
|
|
|
+ o Minor bugfixes (also in 0.2.4.23):
|
|
|
+ - Warn and drop the circuit if we receive an inbound 'relay early'
|
|
|
+ cell. Those used to be normal to receive on hidden service circuits
|
|
|
+ due to bug 1038, but the buggy Tor versions are long gone from
|
|
|
+ the network so we can afford to resume watching for them. Resolves
|
|
|
+ the rest of bug 1038; bugfix on 0.2.1.19.
|
|
|
+ - Correct a confusing error message when trying to extend a circuit
|
|
|
+ via the control protocol but we don't know a descriptor or
|
|
|
+ microdescriptor for one of the specified relays. Fixes bug 12718;
|
|
|
+ bugfix on 0.2.3.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes:
|
|
|
+ - Fix compilation when building with bufferevents enabled. (This
|
|
|
+ configuration is still not expected to work, however.)
|
|
|
+ Fixes bugs 12438, 12474, 11578; bugfixes on 0.2.5.1-alpha and
|
|
|
+ 0.2.5.3-alpha. Patches from Anthony G. Basile and Sathyanarayanan
|
|
|
+ Gunasekaran.
|
|
|
+ - Compile correctly with builds and forks of OpenSSL (such as
|
|
|
+ LibreSSL) that disable compression. Fixes bug 12602; bugfix on
|
|
|
+ 0.2.1.1-alpha. Patch from "dhill".
|
|
|
+
|
|
|
+
|
|
|
+Changes in version 0.2.4.23 - 2014-07-28
|
|
|
+ Tor 0.2.4.23 brings us a big step closer to slowing down the risk from
|
|
|
+ guard rotation, and also backports several important fixes from the
|
|
|
+ Tor 0.2.5 alpha release series.
|
|
|
+
|
|
|
+ o Major features:
|
|
|
+ - Clients now look at the "usecreatefast" consensus parameter to
|
|
|
+ decide whether to use CREATE_FAST or CREATE cells for the first hop
|
|
|
+ of their circuit. This approach can improve security on connections
|
|
|
+ where Tor's circuit handshake is stronger than the available TLS
|
|
|
+ connection security levels, but the tradeoff is more computational
|
|
|
+ load on guard relays. Implements proposal 221. Resolves ticket 9386.
|
|
|
+ - Make the number of entry guards configurable via a new
|
|
|
+ NumEntryGuards consensus parameter, and the number of directory
|
|
|
+ guards configurable via a new NumDirectoryGuards consensus
|
|
|
+ parameter. Implements ticket 12688.
|
|
|
+
|
|
|
+ o Major bugfixes:
|
|
|
+ - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
|
|
|
+ implementation that caused incorrect results on 32-bit
|
|
|
+ implementations when certain malformed inputs were used along with
|
|
|
+ a small class of private ntor keys. This bug does not currently
|
|
|
+ appear to allow an attacker to learn private keys or impersonate a
|
|
|
+ Tor server, but it could provide a means to distinguish 32-bit Tor
|
|
|
+ implementations from 64-bit Tor implementations. Fixes bug 12694;
|
|
|
+ bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
|
|
|
+ Adam Langley.
|
|
|
+
|
|
|
+ o Minor bugfixes:
|
|
|
+ - Warn and drop the circuit if we receive an inbound 'relay early'
|
|
|
+ cell. Those used to be normal to receive on hidden service circuits
|
|
|
+ due to bug 1038, but the buggy Tor versions are long gone from
|
|
|
+ the network so we can afford to resume watching for them. Resolves
|
|
|
+ the rest of bug 1038; bugfix on 0.2.1.19.
|
|
|
+ - Correct a confusing error message when trying to extend a circuit
|
|
|
+ via the control protocol but we don't know a descriptor or
|
|
|
+ microdescriptor for one of the specified relays. Fixes bug 12718;
|
|
|
+ bugfix on 0.2.3.1-alpha.
|
|
|
+ - Avoid an illegal read from stack when initializing the TLS
|
|
|
+ module using a version of OpenSSL without all of the ciphers
|
|
|
+ used by the v2 link handshake. Fixes bug 12227; bugfix on
|
|
|
+ 0.2.4.8-alpha. Found by "starlight".
|
|
|
+
|
|
|
+ o Minor features:
|
|
|
+ - Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
|
|
|
+ Country database.
|
|
|
+
|
|
|
+
|
|
|
Changes in version 0.2.5.5-alpha - 2014-06-18
|
|
|
Tor 0.2.5.5-alpha fixes a wide variety of remaining issues in the Tor
|
|
|
0.2.5.x release series, including a couple of DoS issues, some
|