From eccda448a7673ce83b63feb3e17b2aef103e6bfd Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 28 Jul 2014 03:44:35 -0400 Subject: [PATCH] fold in changes entries --- ChangeLog | 40 +++++++++++++++++++++++++++++++++- changes/bug1038-3 | 6 ----- changes/bug12227 | 5 ----- changes/bug12718 | 5 ----- changes/curve25519-donna32-bug | 12 ---------- changes/prop221 | 6 ----- changes/ticket12688 | 6 ----- 7 files changed, 39 insertions(+), 41 deletions(-) delete mode 100644 changes/bug1038-3 delete mode 100644 changes/bug12227 delete mode 100644 changes/bug12718 delete mode 100644 changes/curve25519-donna32-bug delete mode 100644 changes/prop221 delete mode 100644 changes/ticket12688 diff --git a/ChangeLog b/ChangeLog index f298d535c..403ee70f0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,42 @@ -Changes in version 0.2.4.23 - 2014-07-2? +Changes in version 0.2.4.23 - 2014-07-28 + o Major features: + - Clients now look at the "usecreatefast" consensus parameter to + decide whether to use CREATE_FAST or CREATE cells for the first hop + of their circuit. This approach can improve security on connections + where Tor's circuit handshake is stronger than the available TLS + connection security levels, but the tradeoff is more computational + load on guard relays. Implements proposal 221. Resolves ticket 9386. + - Make the number of entry guards configurable via a new + NumEntryGuards consensus parameter, and the number of directory + guards configurable via a new NumDirectoryGuards consensus + parameter. Implements ticket 12688. + + o Major bugfixes: + - Fix a bug in the bounds-checking in the 32-bit curve25519-donna + implementation that caused incorrect results on 32-bit + implementations when certain malformed inputs were used along with + a small class of private ntor keys. This bug does not currently + appear to allow an attacker to learn private keys or impersonate a + Tor server, but it could provide a means to distinguish 32-bit Tor + implementations from 64-bit Tor implementations. Fixes bug 12694; + bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from + Adam Langley. + + o Minor bugfixes: + - Warn and drop the circuit if we receive an inbound 'relay early' + cell. Those used to be normal to receive on hidden service circuits + due to bug 1038, but the buggy Tor versions are long gone from + the network so we can afford to resume watching for them. Resolves + the rest of bug 1038; bugfix on 0.2.1.19. + - Correct a confusing error message when trying to extend a circuit + via the control protocol but we don't know a descriptor or + microdescriptor for one of the specified relays. Fixes bug 12718; + bugfix on 0.2.3.1-alpha. + - Avoid an illegal read from stack when initializing the TLS + module using a version of OpenSSL without all of the ciphers + used by the v2 link handshake. Fixes bug 12227; bugfix on + 0.2.4.8-alpha. Found by "starlight". + o Minor features: - Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2 Country database. diff --git a/changes/bug1038-3 b/changes/bug1038-3 deleted file mode 100644 index 5af4afa46..000000000 --- a/changes/bug1038-3 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Warn and drop the circuit if we receive an inbound 'relay early' - cell. Those used to be normal to receive on hidden service circuits - due to bug 1038, but the buggy Tor versions are long gone from - the network so we can afford to resume watching for them. Resolves - the rest of bug 1038; bugfix on 0.2.1.19. diff --git a/changes/bug12227 b/changes/bug12227 deleted file mode 100644 index d8b5d08a5..000000000 --- a/changes/bug12227 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Avoid an illegal read from stack when initializing the TLS - module using a version of OpenSSL without all of the ciphers - used by the v2 link handshake. Fixes bug 12227; bugfix on - 0.2.4.8-alpha. Found by "starlight". diff --git a/changes/bug12718 b/changes/bug12718 deleted file mode 100644 index 0c5f70844..000000000 --- a/changes/bug12718 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Correct a confusing error message when trying to extend a circuit - via the control protocol but we don't know a descriptor or - microdescriptor for one of the specified relays. Fixes bug 12718; - bugfix on 0.2.3.1-alpha. diff --git a/changes/curve25519-donna32-bug b/changes/curve25519-donna32-bug deleted file mode 100644 index 7fccab1b0..000000000 --- a/changes/curve25519-donna32-bug +++ /dev/null @@ -1,12 +0,0 @@ - o Major bugfixes: - - - Fix a bug in the bounds-checking in the 32-bit curve25519-donna - implementation that caused incorrect results on 32-bit - implementations when certain malformed inputs were used along with - a small class of private ntor keys. This bug does not currently - appear to allow an attacker to learn private keys or impersonate a - Tor server, but it could provide a means to distinguish 32-bit Tor - implementations from 64-bit Tor implementations. Fixes bug 12694; - bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from - Adam Langley. - diff --git a/changes/prop221 b/changes/prop221 deleted file mode 100644 index b2bf44bc3..000000000 --- a/changes/prop221 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features: - - Stop sending the CREATE_FAST cells by default; instead, use a - parameter in the consensus to decide whether to use - CREATE_FAST. This can improve security on connections where - Tor's circuit handshake is stronger than the available TLS - connection security levels. Implements proposal 221. diff --git a/changes/ticket12688 b/changes/ticket12688 deleted file mode 100644 index 88228e550..000000000 --- a/changes/ticket12688 +++ /dev/null @@ -1,6 +0,0 @@ - Major features: - - Make the number of entry guards configurable via a new - NumEntryGuards consensus parameter, and the number of directory - guards configurable via a new NumDirectoryGuards consensus - parameter. Implements ticket 12688. -