From 713b5eb31ccc1169db9fac9cbd20434ec242d56f Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 12 Nov 2012 23:51:47 -0500 Subject: fold in changes files --- ChangeLog | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 0541c448c..0d6221bb1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,64 @@ +Changes in version 0.2.4.6-alpha - 2012-11-13 + Tor 0.2.4.6-alpha fixes an assert bug that has been plaguing relays, + makes our defense-in-depth memory wiping more reliable, and begins to + count IPv6 addresses in bridge statistics, + + o Major bugfixes: + - Fix an assertion failure that could occur when closing a connection + with a spliced rendezvous circuit. Fix for bug 7212; bugfix on + Tor 0.2.4.4-alpha. + - Tor tries to wipe potentially sensitive data after using it, so + that if some subsequent security failure exposes Tor's memory, + the damage will be limited. But we had a bug where the compiler + was eliminating these wipe operations when it decided that the + memory was no longer visible to a (correctly running) program, + hence defeating our attempt at defense in depth. We fix that + by using OpenSSL's OPENSSL_cleanse() operation, which a compiler + is unlikely to optimize away. Future versions of Tor may use + a less ridiculously heavy approach for this. Fixes bug 7352. + Reported in an article by Andrey Karpov. + + o Minor features: + - Add GeoIP database for IPv6 addresses. The new config option + is GeoIPv6File. + - Bridge statistics now count bridge clients connecting over IPv6: + bridge statistics files now list "bridge-ip-versions" and + extra-info documents list "geoip6-db-digest". The control protocol + "CLIENTS_SEEN" and "ip-to-country" queries now support IPv6. Initial + implementation by "shkoo", addressing ticket 5055. + + o Minor bugfixes: + - Warn when we are binding low ports when hibernation is enabled; + previously we had warned when we were _advertising_ low ports with + hibernation enabled. Fixes bug 7285; bugfix on 0.2.3.9-alpha. + - Fix a harmless bug when opting against publishing a relay descriptor + because DisableNetwork is set. Fixes bug 7464; bugfix on + 0.2.3.9-alpha. + - Add warning message when a managed proxy dies during configuration. + Fixes bug 7195; bugfix on 0.2.4.2-alpha. + - Fix a linking error when building tor-fw-helper without miniupnp. + Fixes bug 7235; bugfix on 0.2.4.2-alpha. Fix by Anthony G. Basile. + - Check for closing an or_connection_t without going through correct + channel functions; emit a warning and then call + connection_or_close_for_error() so we don't assert as in bugs 7212 + and 7267. + - Compile correctly on compilers without C99 designated initializer + support. Fixes bug 7286; bugfix on 0.2.4.4-alpha. + - Avoid a possible assert that can occur when channel_send_destroy() is + called on a channel in CHANNEL_STATE_CLOSING, CHANNEL_STATE_CLOSED, + or CHANNEL_STATE_ERROR when the Tor process is resumed after being + blocked for a long interval. Fixes bug 7350; bugfix on 0.2.4.4-alpha. + - Fix a memory leak on failing cases of channel_tls_process_certs_cell. + Fixes bug 7422; bugfix on 0.2.4.4-alpha. + + o Code simplification and refactoring: + - Start using OpenBSD's implementation of queue.h, so that we don't + need to hand-roll our own pointer and list structures whenever we + need them. (We can't rely on a sys/queue.h, since some operating + systems don't have them, and the ones that do have them don't all + present the same extensions.) + + Changes in version 0.2.4.5-alpha - 2012-10-25 Tor 0.2.4.5-alpha comes hard at the heels of 0.2.4.4-alpha, to fix two important security vulnerabilities that could lead to remotely -- cgit v1.2.3