diff --git a/ChangeLog b/ChangeLog index 51faaf128..c8cdfc127 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,16 +1,23 @@ -Changes in version 0.2.4.22 - 2014-05-?? - Write a paragraph here. +Changes in version 0.2.4.22 - 2014-05-1? + Tor 0.2.4.22 backports numerous high-priority fixes from the Tor 0.2.5 + alpha release series. These include blocking all authority signing keys + that may have been affected by the OpenSSL "heartbleed" bug, choosing + a far more secure set of TLS ciphersuites by default, closing a couple of + memory leaks that could be used to run a target relay out of RAM, and - o Major bugfixes: - - When running a hidden service, do not allow TunneledDirConns 0; - this will keep the hidden service from running, and also + o Major bugfixes (security, OOM) + - Fix a memory leak that could occur if a microdescriptor parse + fails during the tokenizing step. This bug could enable a memory + exhaustion attack by directory servers. Fixes bug #11649; bugfix + on 0.2.2.6-alpha. + + o Major bugfixes (configuration, security): + - When running a hidden service, do not allow TunneledDirConns 0: + trying to set that option together with a hidden service would + otherwise prevent the hidden service from running, and also make it publish its descriptors directly over HTTP. Fixes bug 10849; bugfix on 0.2.1.1-alpha. - o Minor bugfixes (exit relay, backport from 0.2.5.4-alpha): - - Stop leaking memory when we successfully resolve a PTR record. - Fixes bug 11437; bugfix on 0.2.4.7-alpha. - o Major features (security, backport from 0.2.5.4-alpha): - Block authority signing keys that were used on authorities vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160). (We @@ -41,17 +48,15 @@ Changes in version 0.2.4.22 - 2014-05-?? - Avoid sending an garbage value to the controller when a circuit is cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha. + o Minor bugfixes (exit relay, backport from 0.2.5.4-alpha): + - Stop leaking memory when we successfully resolve a PTR record. + Fixes bug 11437; bugfix on 0.2.4.7-alpha. + o Minor features (log verbosity, backport from 0.2.5.4-alpha): - When we run out of usable circuit IDs on a channel, log only one warning for the whole channel, and describe how many circuits there were on the channel. Fixes part of ticket 11553. - o Minor bugfixes: - - Downgrade the warning severity for the the "md was still referenced 1 - node(s)" warning. Tor 0.2.5.4-alpha has better code for trying to - diagnose this bug, and the current warning in earlier versions of - tor achieves nothing useful. Addresses warning from bug 7164. - o Documentation (backport from 0.2.5.4-alpha): - Correctly document that we search for a system torrc file before looking in ~/.torrc. Fixes documentation side of 9213; bugfix on @@ -75,12 +80,11 @@ Changes in version 0.2.4.22 - 2014-05-?? - Fix a compilation error when compiling with --disable-cuve25519. Fixes bug 9700; bugfix on 0.2.4.17-rc. - o Major bugfixes (security, OOM) - - Fix a memory leak that could occur if a microdescriptor parse - fails during the tokenizing step. This could enable a memory - exhaustion attack by directory servers. Fixes bug #11649; bugfix - on 0.2.2.6-alpha. - + o Minor bugfixes: + - Downgrade the warning severity for the the "md was still referenced 1 + node(s)" warning. Tor 0.2.5.4-alpha has better code for trying to + diagnose this bug, and the current warning in earlier versions of + tor achieves nothing useful. Addresses warning from bug 7164. Changes in version 0.2.4.21 - 2014-02-28