|
|
@@ -1,10 +1,24 @@
|
|
|
Changes in version 0.3.0.2-alpha - 2017-01-23
|
|
|
- Tor 0.3.0.2-alpha improves how exit relays and clients handle DNS
|
|
|
+ Tor 0.3.0.2-alpha fixes a denial-of-service bug where an attacker could
|
|
|
+ cause relays and clients (including hidden services) to crash, even if
|
|
|
+ they were not built with the --enable-expensive-hardening option.
|
|
|
+ This bug affects all 0.2.9.x versions, and also affects 0.3.0.1-alpha:
|
|
|
+ all relays running an affected version should upgrade.
|
|
|
+
|
|
|
+ Tor 0.3.0.2-alpha also improves how exit relays and clients handle DNS
|
|
|
time-to-live values, makes directory authorities enforce the 1-to-1
|
|
|
mapping of relay RSA identity keys to ED25519 identity keys, fixes a
|
|
|
client-side onion service reachability bug, does better at selecting
|
|
|
the set of fallback directories, and more.
|
|
|
|
|
|
+ o Major bugfixes (security, also in 0.2.9.9):
|
|
|
+ - Downgrade the "-ftrapv" option from "always on" to "only on when
|
|
|
+ --enable-expensive-hardening is provided." This hardening option, like
|
|
|
+ others, can turn survivable bugs into crashes--and having it on by
|
|
|
+ default made a (relatively harmless) integer overflow bug into a
|
|
|
+ denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on
|
|
|
+ 0.2.9.1-alpha.
|
|
|
+
|
|
|
o Major features (security):
|
|
|
- Change the algorithm used to decide DNS TTLs on client and server
|
|
|
side, to better resist DNS-based correlation attacks like the
|
Nick Mathewson