[tor-commits] [tor/release-0.2.4] Begin work on a changelog for 0.2.4.22 by copying in the changes files unedited
nickm at torproject.org
nickm at torproject.org
Thu May 8 03:42:11 UTC 2014
commit 20d569882f8d4df9e41f88162e7396928cedf629
Author: Nick Mathewson <nickm at torproject.org>
Date: Wed May 7 23:35:00 2014 -0400
Begin work on a changelog for 0.2.4.22 by copying in the changes files unedited
---
ChangeLog | 92 +++++++++++++++++++++++++++++++++++++++++++++
changes/bug10849_023 | 6 ---
changes/bug11437 | 3 --
changes/bug11464_023 | 5 ---
changes/bug11513 | 12 ------
changes/bug11519 | 3 --
changes/bug11553 | 5 ---
changes/bug7164_downgrade | 6 ---
changes/bug9213_doc | 5 ---
changes/bug9229 | 5 ---
changes/bug9393 | 4 --
changes/bug9686_024 | 5 ---
changes/bug9700 | 3 --
changes/ff28_ciphers | 6 ---
changes/md_leak_bug | 5 ---
changes/ticket11528 | 6 ---
16 files changed, 92 insertions(+), 79 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index d8ae424..7992f70 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,95 @@
+Changes in version 0.2.4.22 - 2014-05-??
+ Write a paragraph here.
+
+ o Major bugfixes:
+ - When running a hidden service, do not allow TunneledDirConns 0;
+ this will keep the hidden service from running, and also
+ make it publish its descriptors directly over HTTP. Fixes bug 10849;
+ bugfix on 0.2.1.1-alpha.
+
+ o Minor bugfixes:
+ - Stop leaking memory when we successfully resolve a PTR record.
+ Fixes bug 11437; bugfix on 0.2.4.7-alpha.
+
+ o Major features (security):
+ - Block authority signing keys that were used on an authorities
+ vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160).
+ (We don't have any evidence that these keys _were_ compromised;
+ we're doing this to be prudent.) Resolves ticket 11464.
+
+ o Major bugfixes:
+ - Generate the server's preference list for ciphersuites
+ automatically based on uniform criteria, and considering all
+ OpenSSL ciphersuites with acceptable strength and forward
+ secrecy. (The sort order is: prefer AES to 3DES; break ties by
+ preferring ECDHE to DHE; break ties by preferring GCM to CBC;
+ break ties by preferring SHA384 to SHA256 to SHA1; and finally,
+ break ties by preferring AES256 to AES128.) This resolves bugs
+ #11513, #11492, #11498, #11499. Bugs reported by 'cypherpunks'.
+ Bugfix on 0.2.4.8-alpha.
+
+ o Minor bugfixes:
+ - Avoid sending an garbage value to the controller when a circuit is
+ cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
+
+ o Minor features:
+ - When we run out of usable circuit IDs on a channel, log only one
+ warning for the whole channel, and include a description of
+ how many circuits there were on the channel. Fix for part of ticket
+ #11553.
+
+ o Minor bugfixes:
+ - Downgrade the warning severity for the the "md was still referenced 1
+ node(s)" warning. Tor 0.2.5.4-alpha has better code for trying to
+ diagnose this bug, and the current warning in earlier versions of
+ tor achieves nothing useful. Addresses warning from bug 7164.
+
+ o Documentation:
+ - Correctly document that we search for a system torrc file before
+ looking in ~/.torrc. Fixes documentation side of 9213; bugfix
+ on 0.2.3.18-rc.
+
+ o Minor bugfixes:
+ - Avoid 60-second delays in the bootstrapping process when Tor
+ is launching for a second time while using bridges. Fixes bug 9229;
+ bugfix on 0.2.0.3-alpha.
+
+ o Minor bugfixes:
+ - Give the correct URL in the warning message that we present
+ when the user is trying to run a Tor relay on an ancient version
+ of Windows. Fixes bug 9393.
+
+ o Minor features (security):
+ - Decrease the lower limit of MaxMemInCellQueues to 256 MBytes (but leave
+ the default at 8GBytes), to better support Raspberry Pi users. Fixes
+ bug 9686; bugfix on 0.2.4.14-alpha.
+
+ o Minor bugfixes (compilation):
+ - Fix a compilation error when compiling with --disable-cuve25519.
+ Fixes bug 9700; bugfix on 0.2.4.17-rc.
+
+ o Minor features (performance, compatibility):
+ - Update the list of TLS cipehrsuites that a client advertises
+ to match those advertised by Firefox 28. This enables selection of
+ (fast) GCM ciphersuites, disables some strange old ciphers, and
+ disables the ECDH (not to be confused with ECDHE) ciphersuites.
+ Resolves ticket 11438.
+
+ o Major bugfixes (security, OOM)
+ - Fix a memory leak that could occur if a microdescriptor parse
+ fails during the tokenizing step. This could enable a memory
+ exhaustion attack by directory servers. Fixes bug #11649; bugfix
+ on 0.2.2.6-alpha.
+
+ o Minor features:
+ - Servers now trust themselves to have a better view than clients of
+ which TLS ciphersuites to choose. (Thanks to #11513, the server
+ list is now well-considered, whereas the client list has been
+ chosen mainly for anti-fingerprinting purposes.) Resolves ticket
+ 11528.
+
+
+
Changes in version 0.2.4.21 - 2014-02-28
Tor 0.2.4.21 further improves security against potential adversaries who
find breaking 1024-bit crypto doable, and backports several stability
diff --git a/changes/bug10849_023 b/changes/bug10849_023
deleted file mode 100644
index 480dea3..0000000
--- a/changes/bug10849_023
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes:
- - When running a hidden service, do not allow TunneledDirConns 0;
- this will keep the hidden service from running, and also
- make it publish its descriptors directly over HTTP. Fixes bug 10849;
- bugfix on 0.2.1.1-alpha.
-
diff --git a/changes/bug11437 b/changes/bug11437
deleted file mode 100644
index f5117ca..0000000
--- a/changes/bug11437
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - Stop leaking memory when we successfully resolve a PTR record.
- Fixes bug 11437; bugfix on 0.2.4.7-alpha.
diff --git a/changes/bug11464_023 b/changes/bug11464_023
deleted file mode 100644
index 80c04b2..0000000
--- a/changes/bug11464_023
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major features (security):
- - Block authority signing keys that were used on an authorities
- vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160).
- (We don't have any evidence that these keys _were_ compromised;
- we're doing this to be prudent.) Resolves ticket 11464.
diff --git a/changes/bug11513 b/changes/bug11513
deleted file mode 100644
index 820c026..0000000
--- a/changes/bug11513
+++ /dev/null
@@ -1,12 +0,0 @@
- o Major bugfixes:
- - Generate the server's preference list for ciphersuites
- automatically based on uniform criteria, and considering all
- OpenSSL ciphersuites with acceptable strength and forward
- secrecy. (The sort order is: prefer AES to 3DES; break ties by
- preferring ECDHE to DHE; break ties by preferring GCM to CBC;
- break ties by preferring SHA384 to SHA256 to SHA1; and finally,
- break ties by preferring AES256 to AES128.) This resolves bugs
- #11513, #11492, #11498, #11499. Bugs reported by 'cypherpunks'.
- Bugfix on 0.2.4.8-alpha.
-
-
diff --git a/changes/bug11519 b/changes/bug11519
deleted file mode 100644
index 5c1e6af..0000000
--- a/changes/bug11519
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - Avoid sending an garbage value to the controller when a circuit is
- cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
diff --git a/changes/bug11553 b/changes/bug11553
deleted file mode 100644
index 1540f46..0000000
--- a/changes/bug11553
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features:
- - When we run out of usable circuit IDs on a channel, log only one
- warning for the whole channel, and include a description of
- how many circuits there were on the channel. Fix for part of ticket
- #11553.
diff --git a/changes/bug7164_downgrade b/changes/bug7164_downgrade
deleted file mode 100644
index 4d75586..0000000
--- a/changes/bug7164_downgrade
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes:
- - Downgrade the warning severity for the the "md was still referenced 1
- node(s)" warning. Tor 0.2.5.4-alpha has better code for trying to
- diagnose this bug, and the current warning in earlier versions of
- tor achieves nothing useful. Addresses warning from bug 7164.
-
diff --git a/changes/bug9213_doc b/changes/bug9213_doc
deleted file mode 100644
index 2f959dd..0000000
--- a/changes/bug9213_doc
+++ /dev/null
@@ -1,5 +0,0 @@
- o Documentation:
- - Correctly document that we search for a system torrc file before
- looking in ~/.torrc. Fixes documentation side of 9213; bugfix
- on 0.2.3.18-rc.
-
diff --git a/changes/bug9229 b/changes/bug9229
deleted file mode 100644
index ad7fd22..0000000
--- a/changes/bug9229
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Avoid 60-second delays in the bootstrapping process when Tor
- is launching for a second time while using bridges. Fixes bug 9229;
- bugfix on 0.2.0.3-alpha.
-
diff --git a/changes/bug9393 b/changes/bug9393
deleted file mode 100644
index 9aedd12..0000000
--- a/changes/bug9393
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Give the correct URL in the warning message that we present
- when the user is trying to run a Tor relay on an ancient version
- of Windows. Fixes bug 9393.
diff --git a/changes/bug9686_024 b/changes/bug9686_024
deleted file mode 100644
index 8705379..0000000
--- a/changes/bug9686_024
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features (security):
- - Decrease the lower limit of MaxMemInCellQueues to 256 MBytes (but leave
- the default at 8GBytes), to better support Raspberry Pi users. Fixes
- bug 9686; bugfix on 0.2.4.14-alpha.
-
diff --git a/changes/bug9700 b/changes/bug9700
deleted file mode 100644
index f59f54c..0000000
--- a/changes/bug9700
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (compilation):
- - Fix a compilation error when compiling with --disable-cuve25519.
- Fixes bug 9700; bugfix on 0.2.4.17-rc.
diff --git a/changes/ff28_ciphers b/changes/ff28_ciphers
deleted file mode 100644
index 05eb4e9..0000000
--- a/changes/ff28_ciphers
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor features (performance, compatibility):
- - Update the list of TLS cipehrsuites that a client advertises
- to match those advertised by Firefox 28. This enables selection of
- (fast) GCM ciphersuites, disables some strange old ciphers, and
- disables the ECDH (not to be confused with ECDHE) ciphersuites.
- Resolves ticket 11438.
diff --git a/changes/md_leak_bug b/changes/md_leak_bug
deleted file mode 100644
index 26270aa..0000000
--- a/changes/md_leak_bug
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes (security, OOM)
- - Fix a memory leak that could occur if a microdescriptor parse
- fails during the tokenizing step. This could enable a memory
- exhaustion attack by directory servers. Fixes bug #11649; bugfix
- on 0.2.2.6-alpha.
diff --git a/changes/ticket11528 b/changes/ticket11528
deleted file mode 100644
index 15daad9..0000000
--- a/changes/ticket11528
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor features:
- - Servers now trust themselves to have a better view than clients of
- which TLS ciphersuites to choose. (Thanks to #11513, the server
- list is now well-considered, whereas the client list has been
- chosen mainly for anti-fingerprinting purposes.) Resolves ticket
- 11528.
More information about the tor-commits
mailing list