[tor-commits] [tor/master] forward-port the changelog

arma at torproject.org arma at torproject.org
Sat Oct 20 18:20:14 UTC 2012

commit 7ebfeff65756edf94dec5f1b0568d5a3cfebc823
Author: Roger Dingledine <arma at torproject.org>
Date:   Sat Oct 20 14:18:31 2012 -0400

    forward-port the changelog
 ChangeLog |   59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 59 insertions(+), 0 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 2413f17..98f0507 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,62 @@
+Changes in version - 2012-10-20
+  Tor adds a new v3 directory authority, fixes a privacy
+  vulnerability introduced by a change in OpenSSL, and fixes a variety
+  of smaller bugs in preparation for the release.
+  o New directory authorities:
+    - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory
+      authority. Closes ticket 5749.
+  o Major bugfixes (security/privacy):
+    - Disable TLS session tickets. OpenSSL's implementation was giving
+      our TLS session keys the lifetime of our TLS context objects, when
+      perfect forward secrecy would want us to discard anything that
+      could decrypt a link connection as soon as the link connection
+      was closed. Fixes bug 7139; bugfix on all versions of Tor linked
+      against OpenSSL 1.0.0 or later. Found by Florent Daignière.
+    - Discard extraneous renegotiation attempts once the V3 link
+      protocol has been initiated. Failure to do so left us open to
+      a remotely triggerable assertion failure. Fixes CVE-2012-2249;
+      bugfix on Reported by "some guy from France".
+  o Major bugfixes:
+    - Fix a possible crash bug when checking for deactivated circuits
+      in connection_or_flush_from_first_active_circuit(). Fixes bug 6341;
+      bugfix on Bug report and fix received pseudonymously.
+  o Minor bugfixes (on 0.2.3.x):
+    - Fix two cases in src/or/transports.c where we were calling
+      fmt_addr() twice in a parameter list. Bug found by David
+      Fifield. Fixes bug 7014; bugfix on
+    - Convert an assert in the pathbias code to a log message. The assert
+      appears to only be triggerable by Tor2Web mode. Fixes bug 6866;
+      bugfix on
+    - Fix memory leaks whenever we logged any message about the "path
+      bias" detection. Fixes bug 7022; bugfix on
+  o Minor bugfixes (on 0.2.2.x and earlier):
+    - Don't serve or accept v2 hidden service descriptors over a relay's
+      DirPort. It's never correct to do so, and disabling it might
+      make it more annoying to exploit any bugs that turn up in the
+      descriptor-parsing code. Fixes bug 7149.
+    - When relays refuse a "create" cell because their queue of pending
+      create cells is too big (typically because their cpu can't keep up
+      with the arrival rate), send back reason "resource limit" rather
+      than reason "internal", so network measurement scripts can get a
+      more accurate picture. Bugfix on; fixes bug 7037.
+    - Correct file sizes when reading binary files on Cygwin, to avoid
+      a bug where Tor would fail to read its state file. Fixes bug 6844;
+      bugfix on
+    - Avoid undefined behaviour when parsing the list of supported
+      rendezvous/introduction protocols in a hidden service descriptor.
+      Previously, Tor would have confused (as-yet-unused) protocol version
+      numbers greater than 32 with lower ones on many platforms. Fixes
+      bug 6827; bugfix on Found by George Kadianakis.
+  o Documentation fixes:
+    - Clarify that hidden services are TCP only. Fixes bug 6024.
 Changes in version - 2012-09-22
   Tor fixes another opportunity for a remotely triggerable
   assertion, resumes letting relays test reachability of their DirPort,

More information about the tor-commits mailing list