+++ /dev/null
- o Minor features (directory authority):
- - Add an IPv6 address for the "bastet" directory authority.
- Closes ticket 24394.
-
+++ /dev/null
- o Minor bugfixes (hidden service client):
- - The introduction circuit was being timed out too quickly while waiting
- for the rendezvous circuit to complete. Keep the intro circuit around
- longer instead of timing out and reopening new ones constantly. Fixes
- bug 23681; bugfix on 0.2.4.8-alpha.
+++ /dev/null
- o Minor bugfixes (compilation, windows):
- - When detecting OpenSSL on Windows from our configure script, make sure
- to try linking with the ws2_32 library. Fixes bug 23783; bugfix on
- 0.3.2.2-alpha.
-
+++ /dev/null
- o Minor bugfixes (client):
- - By default, do not enable storage of client-side DNS values.
- These values were unused by default previously, but they should
- not have been cached at all. Fixes bug 24050; bugfix on
- 0.2.6.3-alpha.
+++ /dev/null
- o Minor bugfixes (directory cache):
- - When a consensus diff calculation is only partially successful, only
- record the successful parts as having succeeded. Partial success
- can happen if (for example) one compression method fails but
- the others succeed. Previously we misrecorded all the calculations as
- having succeeded, which would later cause a nonfatal assertion failure.
- Fixes bug 24086; bugfix on 0.3.1.1-alpha.
+++ /dev/null
- o Minor bugfixes (directory cache):
- - Recover better from empty or corrupt files in the consensus cache
- directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
-
+++ /dev/null
- o Minor bugfixes (controller, linux seccomp2 sandbox):
- - Avoid a crash when attempting to use the seccomp2 sandbox
- together with the OwningControllerProcess feature.
- Fixes bug 24198; bugfix on 0.2.5.1-alpha.
+++ /dev/null
- o Major bugfixes (security, hidden service v2):
- - Fix a use-after-free error that could crash v2 Tor hidden services
- when it failed to open circuits while expiring introductions
- points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This
- issue is also tracked as TROVE-2017-013 and CVE-2017-8823.
+++ /dev/null
- o Minor feature (relay statistics):
- - Change relay bandwidth reporting stats interval from 4 hours to 24 hours
- in order to reduce the efficiency of guard discovery attacks. Fixes
- ticket 23856.
+++ /dev/null
- o Major features (linux seccomp2 sandbox):
- - Update the sandbox rules so that they should now work correctly with
- Glibc 2.26. Closes ticket 24315.
+++ /dev/null
- o Major bugfixes (security):
- - When checking for replays in the INTRODUCE1 cell data for a (legacy)
- hiddden service, correctly detect replays in the RSA-encrypted part of
- the cell. We were previously checking for replays on the entire cell,
- but those can be circumvented due to the malleability of Tor's legacy
- hybrid encryption. This fix helps prevent a traffic confirmation
- attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also
- tracked as TROVE-2017-009 and CVE-2017-8819.
-
-
+++ /dev/null
- o Major bugfixes (security):
- - Fix a denial-of-service issue where an attacker could crash
- a directory authority using a malformed router descriptor.
- Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked
- as TROVE-2017-010 and CVE-2017-8820.
-
+++ /dev/null
- o Major bugfixes (security):
- - Fix a denial of service bug where an attacker could use a malformed
- directory object to cause a Tor instance to pause while OpenSSL would
- try to read a passphrase from the terminal. (If the terminal was not
- available, tor would continue running.) Fixes bug 24246; bugfix on
- every version of Tor. Also tracked as TROVE-2017-011 and
- CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720.
-
+++ /dev/null
- o Major bugfixes (security, relay):
- - When running as a relay, make sure that we never build a path through
- ourselves, even in the case where we have somehow lost the version of
- our descriptor appearing in the consensus. Fixes part of bug 21534;
- bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012
- and CVE-2017-8822.
+++ /dev/null
- o Major bugfixes (security, relay):
- - When running as a relay, make sure that we never ever choose ourselves
- as a guard. Previously, this was possible. Fixes part of bug 21534;
- bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012
- and CVE-2017-8822.
projects / thirdparty / tor.git / commitdiff
