[tor-commits] [tor/release-0.2.4] fold in changes entries
arma at torproject.org
arma at torproject.org
Mon Jul 28 07:44:46 UTC 2014
commit eccda448a7673ce83b63feb3e17b2aef103e6bfd
Author: Roger Dingledine <arma at torproject.org>
Date: Mon Jul 28 03:44:35 2014 -0400
fold in changes entries
---
ChangeLog | 40 +++++++++++++++++++++++++++++++++++++++-
changes/bug1038-3 | 6 ------
changes/bug12227 | 5 -----
changes/bug12718 | 5 -----
changes/curve25519-donna32-bug | 12 ------------
changes/prop221 | 6 ------
changes/ticket12688 | 6 ------
7 files changed, 39 insertions(+), 41 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index f298d535..403ee70 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,42 @@
-Changes in version 0.2.4.23 - 2014-07-2?
+Changes in version 0.2.4.23 - 2014-07-28
+ o Major features:
+ - Clients now look at the "usecreatefast" consensus parameter to
+ decide whether to use CREATE_FAST or CREATE cells for the first hop
+ of their circuit. This approach can improve security on connections
+ where Tor's circuit handshake is stronger than the available TLS
+ connection security levels, but the tradeoff is more computational
+ load on guard relays. Implements proposal 221. Resolves ticket 9386.
+ - Make the number of entry guards configurable via a new
+ NumEntryGuards consensus parameter, and the number of directory
+ guards configurable via a new NumDirectoryGuards consensus
+ parameter. Implements ticket 12688.
+
+ o Major bugfixes:
+ - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
+ implementation that caused incorrect results on 32-bit
+ implementations when certain malformed inputs were used along with
+ a small class of private ntor keys. This bug does not currently
+ appear to allow an attacker to learn private keys or impersonate a
+ Tor server, but it could provide a means to distinguish 32-bit Tor
+ implementations from 64-bit Tor implementations. Fixes bug 12694;
+ bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
+ Adam Langley.
+
+ o Minor bugfixes:
+ - Warn and drop the circuit if we receive an inbound 'relay early'
+ cell. Those used to be normal to receive on hidden service circuits
+ due to bug 1038, but the buggy Tor versions are long gone from
+ the network so we can afford to resume watching for them. Resolves
+ the rest of bug 1038; bugfix on 0.2.1.19.
+ - Correct a confusing error message when trying to extend a circuit
+ via the control protocol but we don't know a descriptor or
+ microdescriptor for one of the specified relays. Fixes bug 12718;
+ bugfix on 0.2.3.1-alpha.
+ - Avoid an illegal read from stack when initializing the TLS
+ module using a version of OpenSSL without all of the ciphers
+ used by the v2 link handshake. Fixes bug 12227; bugfix on
+ 0.2.4.8-alpha. Found by "starlight".
+
o Minor features:
- Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
Country database.
diff --git a/changes/bug1038-3 b/changes/bug1038-3
deleted file mode 100644
index 5af4afa..0000000
--- a/changes/bug1038-3
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes:
- - Warn and drop the circuit if we receive an inbound 'relay early'
- cell. Those used to be normal to receive on hidden service circuits
- due to bug 1038, but the buggy Tor versions are long gone from
- the network so we can afford to resume watching for them. Resolves
- the rest of bug 1038; bugfix on 0.2.1.19.
diff --git a/changes/bug12227 b/changes/bug12227
deleted file mode 100644
index d8b5d08..0000000
--- a/changes/bug12227
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Avoid an illegal read from stack when initializing the TLS
- module using a version of OpenSSL without all of the ciphers
- used by the v2 link handshake. Fixes bug 12227; bugfix on
- 0.2.4.8-alpha. Found by "starlight".
diff --git a/changes/bug12718 b/changes/bug12718
deleted file mode 100644
index 0c5f708..0000000
--- a/changes/bug12718
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Correct a confusing error message when trying to extend a circuit
- via the control protocol but we don't know a descriptor or
- microdescriptor for one of the specified relays. Fixes bug 12718;
- bugfix on 0.2.3.1-alpha.
diff --git a/changes/curve25519-donna32-bug b/changes/curve25519-donna32-bug
deleted file mode 100644
index 7fccab1..0000000
--- a/changes/curve25519-donna32-bug
+++ /dev/null
@@ -1,12 +0,0 @@
- o Major bugfixes:
-
- - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
- implementation that caused incorrect results on 32-bit
- implementations when certain malformed inputs were used along with
- a small class of private ntor keys. This bug does not currently
- appear to allow an attacker to learn private keys or impersonate a
- Tor server, but it could provide a means to distinguish 32-bit Tor
- implementations from 64-bit Tor implementations. Fixes bug 12694;
- bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
- Adam Langley.
-
diff --git a/changes/prop221 b/changes/prop221
deleted file mode 100644
index b2bf44b..0000000
--- a/changes/prop221
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor features:
- - Stop sending the CREATE_FAST cells by default; instead, use a
- parameter in the consensus to decide whether to use
- CREATE_FAST. This can improve security on connections where
- Tor's circuit handshake is stronger than the available TLS
- connection security levels. Implements proposal 221.
diff --git a/changes/ticket12688 b/changes/ticket12688
deleted file mode 100644
index 88228e5..0000000
--- a/changes/ticket12688
+++ /dev/null
@@ -1,6 +0,0 @@
- Major features:
- - Make the number of entry guards configurable via a new
- NumEntryGuards consensus parameter, and the number of directory
- guards configurable via a new NumDirectoryGuards consensus
- parameter. Implements ticket 12688.
-
More information about the tor-commits
mailing list