[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r18496: {tor} put the 0.2.0.34 blurb in the release notes too (tor/branches/tor-0_2_0-patches)



Author: arma
Date: 2009-02-11 17:20:52 -0500 (Wed, 11 Feb 2009)
New Revision: 18496

Modified:
   tor/branches/tor-0_2_0-patches/ChangeLog
   tor/branches/tor-0_2_0-patches/ReleaseNotes
Log:
put the 0.2.0.34 blurb in the release notes too


Modified: tor/branches/tor-0_2_0-patches/ChangeLog
===================================================================
--- tor/branches/tor-0_2_0-patches/ChangeLog	2009-02-11 17:51:06 UTC (rev 18495)
+++ tor/branches/tor-0_2_0-patches/ChangeLog	2009-02-11 22:20:52 UTC (rev 18496)
@@ -1,4 +1,14 @@
 Changes in version 0.2.0.34 - 2009-02-08
+  Tor 0.2.0.34 features several more security-related fixes. You should
+  upgrade, especially if you run an exit relay (remote crash) or a
+  directory authority (remote infinite loop), or you're on an older
+  (pre-XP) or not-recently-patched Windows (remote exploit).
+
+  This release marks end-of-life for Tor 0.1.2.x. Those Tor versions
+  have many known flaws, and nobody should be using them. You should
+  upgrade. If you're using a Linux or BSD and its packages are obsolete,
+  stop using those packages and upgrade anyway.
+
   o Security fixes:
     - Fix an infinite-loop bug on handling corrupt votes under certain
       circumstances. Bugfix on 0.2.0.8-alpha.

Modified: tor/branches/tor-0_2_0-patches/ReleaseNotes
===================================================================
--- tor/branches/tor-0_2_0-patches/ReleaseNotes	2009-02-11 17:51:06 UTC (rev 18495)
+++ tor/branches/tor-0_2_0-patches/ReleaseNotes	2009-02-11 22:20:52 UTC (rev 18496)
@@ -3,6 +3,34 @@
 of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.
 
+Changes in version 0.2.0.34 - 2009-02-08
+  Tor 0.2.0.34 features several more security-related fixes. You should
+  upgrade, especially if you run an exit relay (remote crash) or a
+  directory authority (remote infinite loop), or you're on an older
+  (pre-XP) or not-recently-patched Windows (remote exploit).
+
+  This release marks end-of-life for Tor 0.1.2.x. Those Tor versions
+  have many known flaws, and nobody should be using them. You should
+  upgrade. If you're using a Linux or BSD and its packages are obsolete,
+  stop using those packages and upgrade anyway.
+
+  o Security fixes:
+    - Fix an infinite-loop bug on handling corrupt votes under certain
+      circumstances. Bugfix on 0.2.0.8-alpha.
+    - Fix a temporary DoS vulnerability that could be performed by
+      a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
+    - Avoid a potential crash on exit nodes when processing malformed
+      input. Remote DoS opportunity. Bugfix on 0.2.0.33.
+    - Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
+      Spec conformance issue. Bugfix on Tor 0.0.2pre27.
+
+  o Minor bugfixes:
+    - Fix compilation on systems where time_t is a 64-bit integer.
+      Patch from Matthias Drochner.
+    - Don't consider expiring already-closed client connections. Fixes
+      bug 893. Bugfix on 0.0.2pre20.
+
+
 Changes in version 0.2.0.33 - 2009-01-21
   Tor 0.2.0.33 fixes a variety of bugs that were making relays less
   useful to users. It also finally fixes a bug where a relay or client
@@ -123,6 +151,7 @@
       compress cells, which are basically all encrypted, compressed, or
       both.
 
+
 Changes in version 0.2.0.32 - 2008-11-20
   Tor 0.2.0.32 fixes a major security problem in Debian and Ubuntu
   packages (and maybe other packages) noticed by Theo de Raadt, fixes