commit d27534eeb534d96a76487b3c0cd2cef4ff7cccc7 Author: Nick Mathewson nickm@torproject.org Date: Mon Sep 21 13:58:20 2015 -0400
fold new entries into changelog for 0.2.7.3 --- ChangeLog | 33 ++++++++++++++++++++++++ changes/bug16069-exit-policy-rule6 | 20 -------------- changes/bug17027-reject-private-all-interfaces | 6 ----- changes/bug17047 | 3 --- changes/ed25519_hup | 4 --- 5 files changed, 33 insertions(+), 33 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 6342995..c75d522 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,8 @@ Changes in version 0.2.7.3-????? - 2015-09-1? key management. Log messages are better, and the code can recover from far more failure conditions. Thanks to "s7r" for reporting and diagnosing so many of these! + - On receiving a HUP signal, check to see whether the Ed25519 + signing key has changed, and reload it if so. Closes ticket 16790.
o Major bugfixes (relay, Ed25519): - Avoid crashing on 'tor --keygen'. Fixes bug 16679; bugfix on @@ -110,6 +112,13 @@ Changes in version 0.2.7.3-????? - 2015-09-1? test-network-bridges-hs. Closes tickets 16945 (tor), 16946 (chutney) . Patches by "teor".
+ o Minor bug fixes (security, exit policies): + - ExitPolicyRejectPrivate rejects more private addresses by default: + * the relay's published IPv6 address (if any), and * any publicly + routable IPv4 or IPv6 addresses on any local interfaces. Resolves + ticket 17027. Patch by "teor". Patch on 42b8fb5a1523 (11 Nov + 2007), released in 0.2.0.11-alpha. + o Minor bugfixes: - Check correctly for windows socket errors in the workqueue backend. Fixes bug 16741; bugfix on 0.2.6.3-alpha. @@ -134,6 +143,26 @@ Changes in version 0.2.7.3-????? - 2015-09-1? to in the ChangeLog and an error message. Fixes bug 16929; bugfix on 0.2.6.1-alpha.
+ o Minor bug fixes (torrc exit policies): + - accept6/reject6 * lines only produce IPv6 wildcard addresses, + previously they would produce both IPv4 and IPv6 + wildcard addresses. + - When parsing torrc ExitPolicies, we now warn if: * an IPv4 address + is used on an accept6 or reject6 line. The line is ignored, but + the rest of the policy items in the list are used. (accept/reject + continue to allow both IPv4 and IPv6 addresses in torrcs.) * a + "private" address alias is used on an accept6 or reject6 line. The + line filters both IPv4 and IPv6 private addresses, disregarding + the 6 in accept6/reject6. * any ExitPolicy lines occur after + accept/reject *:* or variants. These are redundant, and were + always ignored. + - When parsing torrc ExitPolicies, we now issue an info-level + message: * when expanding an accept/reject * line to include both + IPv4 and IPv6 wildcard addresses. + - In each instance, usage advice is provided to avoid the message. + Resolves ticket 16069. Patch by "teor". Patch on 2eb7eafc9d78 and + a96c0affcb4c (25 Oct 2012), released in 0.2.4.7-alpha. + o Minor bugfix (open file limit): - Fix set_max_file_descriptors() to set by default the max open file limit to the current limit in case setrlimit() fails so we at @@ -171,6 +200,10 @@ Changes in version 0.2.7.3-????? - 2015-09-1? - Allow routers with ed25519 keys to run correctly under the seccomp2 sandbox. Fixes bug 16965; bugfix on 0.2.7.2-alpha.
+ o Minor bugfixes (portability): + - Restore correct operation of TLS client-cipher detection on + OpenSSL 1.1. Fixes bug 14047; bugfix on 0.2.7.2-alpha. + o Minor bugfixes (relay): - Unblock threads before releasing the mutex to ensure predictable scheduling behavior. Fixes bug 16644; bugfix on 0.2.6.3-alpha. diff --git a/changes/bug16069-exit-policy-rule6 b/changes/bug16069-exit-policy-rule6 deleted file mode 100644 index a8d7e70..0000000 --- a/changes/bug16069-exit-policy-rule6 +++ /dev/null @@ -1,20 +0,0 @@ - o Minor bug fixes (torrc exit policies): - - accept6/reject6 * lines only produce IPv6 wildcard addresses, - previously they would produce both IPv4 and IPv6 wildcard addresses. - - When parsing torrc ExitPolicies, we now warn if: - * an IPv4 address is used on an accept6 or reject6 line. The line is - ignored, but the rest of the policy items in the list are used. - (accept/reject continue to allow both IPv4 and IPv6 addresses in - torrcs.) - * a "private" address alias is used on an accept6 or reject6 line. - The line filters both IPv4 and IPv6 private addresses, disregarding - the 6 in accept6/reject6. - * any ExitPolicy lines occur after accept/reject *:* or variants. - These are redundant, and were always ignored. - - When parsing torrc ExitPolicies, we now issue an info-level message: - * when expanding an accept/reject * line to include both IPv4 and IPv6 - wildcard addresses. - - In each instance, usage advice is provided to avoid the message. - Resolves ticket 16069. Patch by "teor". - Patch on 2eb7eafc9d78 and a96c0affcb4c (25 Oct 2012), - released in 0.2.4.7-alpha. diff --git a/changes/bug17027-reject-private-all-interfaces b/changes/bug17027-reject-private-all-interfaces deleted file mode 100644 index 755cd5c..0000000 --- a/changes/bug17027-reject-private-all-interfaces +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bug fixes (security, exit policies): - - ExitPolicyRejectPrivate rejects more private addresses by default: - * the relay's published IPv6 address (if any), and - * any publicly routable IPv4 or IPv6 addresses on any local interfaces. - Resolves ticket 17027. Patch by "teor". - Patch on 42b8fb5a1523 (11 Nov 2007), released in 0.2.0.11-alpha. diff --git a/changes/bug17047 b/changes/bug17047 deleted file mode 100644 index 3ff40ad..0000000 --- a/changes/bug17047 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (portability): - - Restore correct operation of TLS client-cipher detection on - OpenSSL 1.1. Fixes bug 14047; bugfix on 0.2.7.2-alpha. diff --git a/changes/ed25519_hup b/changes/ed25519_hup deleted file mode 100644 index d2de90d..0000000 --- a/changes/ed25519_hup +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (relay, Ed25519): - - On receiving a HUP signal, check to see whether the Ed25519 - signing key has changed, and reload it if so. Closes ticket - 16790.