commit c450e524860e23014da250bad88b476d0d540ff9 Author: Roger Dingledine arma@torproject.org Date: Tue Jun 5 18:50:29 2012 -0400

schedule tomorrow as the 0.2.2.37 release day --- ChangeLog | 27 +++++++++++++++++++++++++++ changes/bug5283 | 6 ------ changes/bug5969_022 | 7 ------- changes/bug6007 | 5 ----- changes/bug6033 | 6 ------ 5 files changed, 27 insertions(+), 24 deletions(-)

diff --git a/ChangeLog b/ChangeLog index 2150587..78bccbb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,30 @@ +Changes in version 0.2.2.37 - 2012-06-06 + Tor 0.2.2.37 introduces a workaround for a critical renegotiation + bug in OpenSSL 1.0.1 (where 20% of the Tor network can't talk to itself + currently). + + o Major bugfixes: + - Work around a bug in OpenSSL that broke renegotiation with TLS + 1.1 and TLS 1.2. Without this workaround, all attempts to speak + the v2 Tor connection protocol when both sides were using OpenSSL + 1.0.1 would fail. Resolves ticket 6033. + - When waiting for a client to renegotiate, don't allow it to add + any bytes to the input buffer. This fixes a potential DoS issue. + Fixes bugs 5934 and 6007; bugfix on 0.2.0.20-rc. + - Fix an edge case where if we fetch or publish a hidden service + descriptor, we might build a 4-hop circuit and then use that circuit + for exiting afterwards -- even if the new last hop doesn't obey our + ExitNodes config option. Fixes bug 5283; bugfix on 0.2.0.10-alpha. + + o Minor bugfixes: + - Fix a build warning with Clang 3.1 related to our use of vasprint. + Fixes bug 5969. Bugfix on 0.2.2.11-alpha. + + o Minor features: + - Tell GCC and Clang to check for any errors in format strings passed + to the tor_v*(print|scan)f functions. + + Changes in version 0.2.2.36 - 2012-05-24 Tor 0.2.2.36 updates the addresses for two of the eight directory authorities, fixes some potential anonymity and security issues, diff --git a/changes/bug5283 b/changes/bug5283 deleted file mode 100644 index f0325cf..0000000 --- a/changes/bug5283 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - Fix an edge case where if we fetch or publish a hidden service - descriptor, we might build a 4-hop circuit and then use that circuit - for exiting afterwards -- even if the new last hop doesn't obey our - ExitNodes config option. Fixes bug 5283; bugfix on 0.2.0.10-alpha. - diff --git a/changes/bug5969_022 b/changes/bug5969_022 deleted file mode 100644 index 57c8744..0000000 --- a/changes/bug5969_022 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes - - Fix a build warning with Clang 3.1 related to our use of vasprint. - Fix for bug 5969. Bugfix on 0.2.2.11-alpha. - - o Compilation improvements: - - Tell GCC and Clang to check for any errors in format strings passed - to the tor_v*(print|scan)f functions. diff --git a/changes/bug6007 b/changes/bug6007 deleted file mode 100644 index 4e81575..0000000 --- a/changes/bug6007 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security): - - When waiting for a client to renegotiate, don't allow it to add - any bytes to the input buffer. This fixes a DoS issue. Fix for - bugs 6007 and 5934; bugfix on 0.2.0.20-rc. - diff --git a/changes/bug6033 b/changes/bug6033 deleted file mode 100644 index 56cffd6..0000000 --- a/changes/bug6033 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes: - - Work around a bug in OpenSSL that broke renegotiation with - TLS 1.1 and TLS 1.2. Without this workaround, all attempts - to speak the v2 Tor network protocol when both sides were - using OpenSSL 1.0.1 would fail. Fix for bug 6033, which is - not a bug in Tor.