diff --git a/ChangeLog b/ChangeLog index a88be0549..eab23075e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,14 +1,40 @@ -Changes in version 0.2.4.21 - 2014-02-1? +Changes in version 0.2.4.21 - 2014-02-2? + o Major features (client security): + - When we choose a path for a 3-hop circuit, make sure it contains + at least one relay that supports the NTor circuit extension + handshake. Otherwise, there is a chance that we're building + a circuit that's worth attacking by an adversary who finds + breaking 1024-bit crypto doable, and that chance changes the game + theory. Implements ticket 9777. + + o Major bugfixes: + - Do not treat streams that fail with reason + END_STREAM_REASON_INTERNAL as indicating a definite circuit failure, + since it could also indicate an ENETUNREACH connection error. Fixes + part of bug 10777; bugfix on 0.2.4.8-alpha. o Minor features: - Always clear OpenSSL bignums before freeing them -- even bignums that don't contain secrets. Resolves ticket 10793. Patch by Florent Daigniere. + - Build without warnings under clang 3.4. (We have some macros that + define static functions only some of which will get used later in + the module. Starting with clang 3.4, these give a warning unless the + unused attribute is set on them.) Resolves ticket 10904. + - Update geoip and geoip6 files to the February 7 2014 Maxmind + GeoLite2 Country database. o Minor bugfixes: - Set the listen() backlog limit to the largest actually supported on the system, not to the value in a header file. Fixes bug 9716; bugfix on every released Tor. + - Treat ENETUNREACH, EACCES, and EPERM connection failures at an + exit node as a NOROUTE error, not an INTERNAL error, since they + can apparently happen when trying to connect to the wrong sort + of netblocks. Fixes part of bug 10777; bugfix on 0.1.0.1-rc. + - Fix build warnings about missing "a2x" comment when building the + manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py". + Fixes bug 10929; bugfix on 0.2.2.9-alpha. Patch from Dana Koch. - Avoid a segfault on SIGUSR1, where we had freed a connection but did not entirely remove it from the connection lists. Fixes bug 9602; bugfix on 0.2.4.4-alpha. diff --git a/changes/10777_netunreach b/changes/10777_netunreach deleted file mode 100644 index 899181423..000000000 --- a/changes/10777_netunreach +++ /dev/null @@ -1,7 +0,0 @@ - - Minor bugfixes: - - - Treat ENETUNREACH, EACCES, and EPERM at an exit node as a - NOROUTE error, not an INTERNAL error, since they can apparently - happen when trying to connect to the wrong sort of - netblocks. Fixes a part of bug 10777; bugfix on 0.1.0.1-rc. - diff --git a/changes/bug10777_internal_024 b/changes/bug10777_internal_024 deleted file mode 100644 index 4544147f6..000000000 --- a/changes/bug10777_internal_024 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes: - - Do not treat END_STREAM_REASON_INTERNAL as indicating a definite - circuit failure, since it could also indicate an ENETUNREACH - error. Fixes part of bug 10777; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug10904 b/changes/bug10904 deleted file mode 100644 index 6f551ea41..000000000 --- a/changes/bug10904 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compilation): - - Build without warnings under clang 3.4. (We have some macros that - define static functions only some of which will get used later in - the module. Starting with clang 3.4, these give a warning unless the - unused attribute is set on them.) diff --git a/changes/bug10929 b/changes/bug10929 deleted file mode 100644 index acf396047..000000000 --- a/changes/bug10929 +++ /dev/null @@ -1,6 +0,0 @@ - - Minor bugfixes: - - Fix build warnings about missing "a2x" comment when building the - manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py". - Fixes bug 10929; bugfix on tor-0.2.2.9-alpha. Patch from - Dana Koch. - diff --git a/changes/feature9777 b/changes/feature9777 deleted file mode 100644 index 312b5e034..000000000 --- a/changes/feature9777 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Avoid using circuit paths if no node in the path supports the ntor - circuit extension handshake. Implements ticket 9777. diff --git a/changes/geoip-february2014 b/changes/geoip-february2014 deleted file mode 100644 index f8657b468..000000000 --- a/changes/geoip-february2014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the February 7 2014 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip-february2014-regcountry b/changes/geoip-february2014-regcountry deleted file mode 100644 index c2ddf092a..000000000 --- a/changes/geoip-february2014-regcountry +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Fix our version of the February 7 2014 Maxmind GeoLite2 Country database. - diff --git a/changes/geoip6-february2014 b/changes/geoip6-february2014 deleted file mode 100644 index af30be00b..000000000 --- a/changes/geoip6-february2014 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update geoip6 to the February 7 2014 Maxmind GeoLite2 Country - database.