Begin work on a changelog for 0.2.4.22 by copying in the changes files unedited
This commit is contained in:
parent
183c861e9a
commit
20d569882f
92
ChangeLog
92
ChangeLog
|
@ -1,3 +1,95 @@
|
|||
Changes in version 0.2.4.22 - 2014-05-??
|
||||
Write a paragraph here.
|
||||
|
||||
o Major bugfixes:
|
||||
- When running a hidden service, do not allow TunneledDirConns 0;
|
||||
this will keep the hidden service from running, and also
|
||||
make it publish its descriptors directly over HTTP. Fixes bug 10849;
|
||||
bugfix on 0.2.1.1-alpha.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Stop leaking memory when we successfully resolve a PTR record.
|
||||
Fixes bug 11437; bugfix on 0.2.4.7-alpha.
|
||||
|
||||
o Major features (security):
|
||||
- Block authority signing keys that were used on an authorities
|
||||
vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160).
|
||||
(We don't have any evidence that these keys _were_ compromised;
|
||||
we're doing this to be prudent.) Resolves ticket 11464.
|
||||
|
||||
o Major bugfixes:
|
||||
- Generate the server's preference list for ciphersuites
|
||||
automatically based on uniform criteria, and considering all
|
||||
OpenSSL ciphersuites with acceptable strength and forward
|
||||
secrecy. (The sort order is: prefer AES to 3DES; break ties by
|
||||
preferring ECDHE to DHE; break ties by preferring GCM to CBC;
|
||||
break ties by preferring SHA384 to SHA256 to SHA1; and finally,
|
||||
break ties by preferring AES256 to AES128.) This resolves bugs
|
||||
#11513, #11492, #11498, #11499. Bugs reported by 'cypherpunks'.
|
||||
Bugfix on 0.2.4.8-alpha.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Avoid sending an garbage value to the controller when a circuit is
|
||||
cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
|
||||
|
||||
o Minor features:
|
||||
- When we run out of usable circuit IDs on a channel, log only one
|
||||
warning for the whole channel, and include a description of
|
||||
how many circuits there were on the channel. Fix for part of ticket
|
||||
#11553.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Downgrade the warning severity for the the "md was still referenced 1
|
||||
node(s)" warning. Tor 0.2.5.4-alpha has better code for trying to
|
||||
diagnose this bug, and the current warning in earlier versions of
|
||||
tor achieves nothing useful. Addresses warning from bug 7164.
|
||||
|
||||
o Documentation:
|
||||
- Correctly document that we search for a system torrc file before
|
||||
looking in ~/.torrc. Fixes documentation side of 9213; bugfix
|
||||
on 0.2.3.18-rc.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Avoid 60-second delays in the bootstrapping process when Tor
|
||||
is launching for a second time while using bridges. Fixes bug 9229;
|
||||
bugfix on 0.2.0.3-alpha.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Give the correct URL in the warning message that we present
|
||||
when the user is trying to run a Tor relay on an ancient version
|
||||
of Windows. Fixes bug 9393.
|
||||
|
||||
o Minor features (security):
|
||||
- Decrease the lower limit of MaxMemInCellQueues to 256 MBytes (but leave
|
||||
the default at 8GBytes), to better support Raspberry Pi users. Fixes
|
||||
bug 9686; bugfix on 0.2.4.14-alpha.
|
||||
|
||||
o Minor bugfixes (compilation):
|
||||
- Fix a compilation error when compiling with --disable-cuve25519.
|
||||
Fixes bug 9700; bugfix on 0.2.4.17-rc.
|
||||
|
||||
o Minor features (performance, compatibility):
|
||||
- Update the list of TLS cipehrsuites that a client advertises
|
||||
to match those advertised by Firefox 28. This enables selection of
|
||||
(fast) GCM ciphersuites, disables some strange old ciphers, and
|
||||
disables the ECDH (not to be confused with ECDHE) ciphersuites.
|
||||
Resolves ticket 11438.
|
||||
|
||||
o Major bugfixes (security, OOM)
|
||||
- Fix a memory leak that could occur if a microdescriptor parse
|
||||
fails during the tokenizing step. This could enable a memory
|
||||
exhaustion attack by directory servers. Fixes bug #11649; bugfix
|
||||
on 0.2.2.6-alpha.
|
||||
|
||||
o Minor features:
|
||||
- Servers now trust themselves to have a better view than clients of
|
||||
which TLS ciphersuites to choose. (Thanks to #11513, the server
|
||||
list is now well-considered, whereas the client list has been
|
||||
chosen mainly for anti-fingerprinting purposes.) Resolves ticket
|
||||
11528.
|
||||
|
||||
|
||||
|
||||
Changes in version 0.2.4.21 - 2014-02-28
|
||||
Tor 0.2.4.21 further improves security against potential adversaries who
|
||||
find breaking 1024-bit crypto doable, and backports several stability
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- When running a hidden service, do not allow TunneledDirConns 0;
|
||||
this will keep the hidden service from running, and also
|
||||
make it publish its descriptors directly over HTTP. Fixes bug 10849;
|
||||
bugfix on 0.2.1.1-alpha.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Stop leaking memory when we successfully resolve a PTR record.
|
||||
Fixes bug 11437; bugfix on 0.2.4.7-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Major features (security):
|
||||
- Block authority signing keys that were used on an authorities
|
||||
vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160).
|
||||
(We don't have any evidence that these keys _were_ compromised;
|
||||
we're doing this to be prudent.) Resolves ticket 11464.
|
|
@ -1,12 +0,0 @@
|
|||
o Major bugfixes:
|
||||
- Generate the server's preference list for ciphersuites
|
||||
automatically based on uniform criteria, and considering all
|
||||
OpenSSL ciphersuites with acceptable strength and forward
|
||||
secrecy. (The sort order is: prefer AES to 3DES; break ties by
|
||||
preferring ECDHE to DHE; break ties by preferring GCM to CBC;
|
||||
break ties by preferring SHA384 to SHA256 to SHA1; and finally,
|
||||
break ties by preferring AES256 to AES128.) This resolves bugs
|
||||
#11513, #11492, #11498, #11499. Bugs reported by 'cypherpunks'.
|
||||
Bugfix on 0.2.4.8-alpha.
|
||||
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Avoid sending an garbage value to the controller when a circuit is
|
||||
cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor features:
|
||||
- When we run out of usable circuit IDs on a channel, log only one
|
||||
warning for the whole channel, and include a description of
|
||||
how many circuits there were on the channel. Fix for part of ticket
|
||||
#11553.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Downgrade the warning severity for the the "md was still referenced 1
|
||||
node(s)" warning. Tor 0.2.5.4-alpha has better code for trying to
|
||||
diagnose this bug, and the current warning in earlier versions of
|
||||
tor achieves nothing useful. Addresses warning from bug 7164.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Documentation:
|
||||
- Correctly document that we search for a system torrc file before
|
||||
looking in ~/.torrc. Fixes documentation side of 9213; bugfix
|
||||
on 0.2.3.18-rc.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Avoid 60-second delays in the bootstrapping process when Tor
|
||||
is launching for a second time while using bridges. Fixes bug 9229;
|
||||
bugfix on 0.2.0.3-alpha.
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Give the correct URL in the warning message that we present
|
||||
when the user is trying to run a Tor relay on an ancient version
|
||||
of Windows. Fixes bug 9393.
|
|
@ -1,5 +0,0 @@
|
|||
o Minor features (security):
|
||||
- Decrease the lower limit of MaxMemInCellQueues to 256 MBytes (but leave
|
||||
the default at 8GBytes), to better support Raspberry Pi users. Fixes
|
||||
bug 9686; bugfix on 0.2.4.14-alpha.
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
o Minor bugfixes (compilation):
|
||||
- Fix a compilation error when compiling with --disable-cuve25519.
|
||||
Fixes bug 9700; bugfix on 0.2.4.17-rc.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor features (performance, compatibility):
|
||||
- Update the list of TLS cipehrsuites that a client advertises
|
||||
to match those advertised by Firefox 28. This enables selection of
|
||||
(fast) GCM ciphersuites, disables some strange old ciphers, and
|
||||
disables the ECDH (not to be confused with ECDHE) ciphersuites.
|
||||
Resolves ticket 11438.
|
|
@ -1,5 +0,0 @@
|
|||
o Major bugfixes (security, OOM)
|
||||
- Fix a memory leak that could occur if a microdescriptor parse
|
||||
fails during the tokenizing step. This could enable a memory
|
||||
exhaustion attack by directory servers. Fixes bug #11649; bugfix
|
||||
on 0.2.2.6-alpha.
|
|
@ -1,6 +0,0 @@
|
|||
o Minor features:
|
||||
- Servers now trust themselves to have a better view than clients of
|
||||
which TLS ciphersuites to choose. (Thanks to #11513, the server
|
||||
list is now well-considered, whereas the client list has been
|
||||
chosen mainly for anti-fingerprinting purposes.) Resolves ticket
|
||||
11528.
|
Loading…
Reference in New Issue