[tor-commits] [tor/release-0.2.2] touch-up the changelogs

arma at torproject.org arma at torproject.org
Thu May 24 07:33:54 UTC 2012 

commit c1414cf70cbfcbb7ad053370f299e7159a85ffc3
Author: Roger Dingledine <arma at torproject.org>
Date:   Thu May 24 03:33:25 2012 -0400

    touch-up the changelogs
---
 ChangeLog    |    4 ++--
 ReleaseNotes |   27 ++++++++++++++++++++++++---
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index e981880..2150587 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,4 @@
-Changes in version 0.2.2.36 - 2012-04-??
+Changes in version 0.2.2.36 - 2012-05-24
   Tor 0.2.2.36 updates the addresses for two of the eight directory
   authorities, fixes some potential anonymity and security issues,
   and fixes several crash bugs.
@@ -40,7 +40,7 @@ Changes in version 0.2.2.36 - 2012-04-??
       process, then that program could trick the contoller into telling
       it the contents of an arbitrary 32-byte file. The new "SAFECOOKIE"
       authentication method uses a challenge-response approach to prevent
-      this attack. Fixes bug 5185, implements proposal 193.
+      this attack. Fixes bug 5185; implements proposal 193.
 
   o Major bugfixes:
     - Avoid logging uninitialized data when unable to decode a hidden
diff --git a/ReleaseNotes b/ReleaseNotes
index bfb1374..c47c33a 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -3,7 +3,7 @@ This document summarizes new features and bugfixes in each stable release
 of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.
 
-Changes in version 0.2.2.36 - 2012-04-??
+Changes in version 0.2.2.36 - 2012-05-24
   Tor 0.2.2.36 updates the addresses for two of the eight directory
   authorities, fixes some potential anonymity and security issues,
   and fixes several crash bugs.
@@ -45,7 +45,7 @@ Changes in version 0.2.2.36 - 2012-04-??
       process, then that program could trick the contoller into telling
       it the contents of an arbitrary 32-byte file. The new "SAFECOOKIE"
       authentication method uses a challenge-response approach to prevent
-      this attack. Fixes bug 5185, implements proposal 193.
+      this attack. Fixes bug 5185; implements proposal 193.
 
   o Major bugfixes:
     - Avoid logging uninitialized data when unable to decode a hidden
@@ -66,6 +66,15 @@ Changes in version 0.2.2.36 - 2012-04-??
       bugfix on 0.2.2.29-beta. Bug found by wanoskarnet.
 
   o Minor bugfixes:
+    - Reject out-of-range times like 23:59:61 in parse_rfc1123_time().
+      Fixes bug 5346; bugfix on 0.0.8pre3.
+    - Make our number-parsing functions always treat too-large values
+      as an error, even when those values exceed the width of the
+      underlying type. Previously, if the caller provided these
+      functions with minima or maxima set to the extreme values of the
+      underlying integer type, these functions would return those
+      values on overflow rather than treating overflow as an error.
+      Fixes part of bug 5786; bugfix on 0.0.9.
     - Older Linux kernels erroneously respond to strange nmap behavior
       by having accept() return successfully with a zero-length
       socket. When this happens, just close the connection. Previously,
@@ -73,6 +82,10 @@ Changes in version 0.2.2.36 - 2012-04-??
       no such remote address to learn, and our method for trying to
       learn it was incorrect. Fixes bugs 1240, 4745, and 4747. Bugfix
       on 0.1.0.3-rc. Reported and diagnosed by "r1eo".
+    - Correct parsing of certain date types in parse_http_time().
+      Without this patch, If-Modified-Since would behave
+      incorrectly. Fixes bug 5346; bugfix on 0.2.0.2-alpha. Patch from
+      Esteban Manchado Velázques.
     - Change the BridgePassword feature (part of the "bridge community"
       design, which is not yet implemented) to use a time-independent
       comparison. The old behavior might have allowed an adversary
@@ -93,6 +106,12 @@ Changes in version 0.2.2.36 - 2012-04-??
       CFLAGS. clang doesn't support them yet.
     - When sending an HTTP/1.1 proxy request, include a Host header.
       Fixes bug 5593; bugfix on 0.2.2.1-alpha.
+    - Fix a NULL-pointer dereference on a badly formed SETCIRCUITPURPOSE
+      command. Found by mikeyc. Fixes bug 5796; bugfix on 0.2.2.9-alpha.
+    - If we hit the error case where routerlist_insert() replaces an
+      existing (old) server descriptor, make sure to remove that
+      server descriptor from the old_routers list. Fix related to bug
+      1776. Bugfix on 0.2.2.18-alpha.
 
   o Minor bugfixes (documentation and log messages):
     - Fix a typo in a log message in rend_service_rendezvous_has_opened().
@@ -107,6 +126,8 @@ Changes in version 0.2.2.36 - 2012-04-??
       bug 5067; bugfix on 0.2.0.10-alpha.
     - Correctly spell "connect" in a log message on failure to create a
       controlsocket. Fixes bug 4803; bugfix on 0.2.2.26-beta.
+    - Clarify the behavior of MaxCircuitDirtiness with hidden service
+      circuits. Fixes issue 5259.
 
   o Minor features:
     - Directory authorities now reject versions of Tor older than
@@ -114,7 +135,7 @@ Changes in version 0.2.2.36 - 2012-04-??
       inclusive. These versions accounted for only a small fraction of
       the Tor network, and have numerous known security issues. Resolves
       issue 4788.
-    - Update to the April 3 2012 Maxmind GeoLite Country database.
+    - Update to the May 1 2012 Maxmind GeoLite Country database.
 
   - Feature removal:
     - When sending or relaying a RELAY_EARLY cell, we used to convert

More information about the tor-commits mailing list