[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r18496: {tor} put the 0.2.0.34 blurb in the release notes too (tor/branches/tor-0_2_0-patches)
Author: arma
Date: 2009-02-11 17:20:52 -0500 (Wed, 11 Feb 2009)
New Revision: 18496
Modified:
tor/branches/tor-0_2_0-patches/ChangeLog
tor/branches/tor-0_2_0-patches/ReleaseNotes
Log:
put the 0.2.0.34 blurb in the release notes too
Modified: tor/branches/tor-0_2_0-patches/ChangeLog
===================================================================
--- tor/branches/tor-0_2_0-patches/ChangeLog 2009-02-11 17:51:06 UTC (rev 18495)
+++ tor/branches/tor-0_2_0-patches/ChangeLog 2009-02-11 22:20:52 UTC (rev 18496)
@@ -1,4 +1,14 @@
Changes in version 0.2.0.34 - 2009-02-08
+ Tor 0.2.0.34 features several more security-related fixes. You should
+ upgrade, especially if you run an exit relay (remote crash) or a
+ directory authority (remote infinite loop), or you're on an older
+ (pre-XP) or not-recently-patched Windows (remote exploit).
+
+ This release marks end-of-life for Tor 0.1.2.x. Those Tor versions
+ have many known flaws, and nobody should be using them. You should
+ upgrade. If you're using a Linux or BSD and its packages are obsolete,
+ stop using those packages and upgrade anyway.
+
o Security fixes:
- Fix an infinite-loop bug on handling corrupt votes under certain
circumstances. Bugfix on 0.2.0.8-alpha.
Modified: tor/branches/tor-0_2_0-patches/ReleaseNotes
===================================================================
--- tor/branches/tor-0_2_0-patches/ReleaseNotes 2009-02-11 17:51:06 UTC (rev 18495)
+++ tor/branches/tor-0_2_0-patches/ReleaseNotes 2009-02-11 22:20:52 UTC (rev 18496)
@@ -3,6 +3,34 @@
of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
+Changes in version 0.2.0.34 - 2009-02-08
+ Tor 0.2.0.34 features several more security-related fixes. You should
+ upgrade, especially if you run an exit relay (remote crash) or a
+ directory authority (remote infinite loop), or you're on an older
+ (pre-XP) or not-recently-patched Windows (remote exploit).
+
+ This release marks end-of-life for Tor 0.1.2.x. Those Tor versions
+ have many known flaws, and nobody should be using them. You should
+ upgrade. If you're using a Linux or BSD and its packages are obsolete,
+ stop using those packages and upgrade anyway.
+
+ o Security fixes:
+ - Fix an infinite-loop bug on handling corrupt votes under certain
+ circumstances. Bugfix on 0.2.0.8-alpha.
+ - Fix a temporary DoS vulnerability that could be performed by
+ a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
+ - Avoid a potential crash on exit nodes when processing malformed
+ input. Remote DoS opportunity. Bugfix on 0.2.0.33.
+ - Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
+ Spec conformance issue. Bugfix on Tor 0.0.2pre27.
+
+ o Minor bugfixes:
+ - Fix compilation on systems where time_t is a 64-bit integer.
+ Patch from Matthias Drochner.
+ - Don't consider expiring already-closed client connections. Fixes
+ bug 893. Bugfix on 0.0.2pre20.
+
+
Changes in version 0.2.0.33 - 2009-01-21
Tor 0.2.0.33 fixes a variety of bugs that were making relays less
useful to users. It also finally fixes a bug where a relay or client
@@ -123,6 +151,7 @@
compress cells, which are basically all encrypted, compressed, or
both.
+
Changes in version 0.2.0.32 - 2008-11-20
Tor 0.2.0.32 fixes a major security problem in Debian and Ubuntu
packages (and maybe other packages) noticed by Theo de Raadt, fixes