From f503f3043673e6eb550c722b74e57b49d4443ae7 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Fri, 15 Nov 2013 17:08:45 -0500 Subject: [PATCH] start to migrate recent changes --- ChangeLog | 24 ++++++++++++++++++++++++ changes/bug6055 | 6 ------ changes/bug9645a | 5 ----- changes/bug9731 | 3 --- changes/bug9780 | 8 -------- 5 files changed, 24 insertions(+), 22 deletions(-) delete mode 100644 changes/bug6055 delete mode 100644 changes/bug9645a delete mode 100644 changes/bug9731 delete mode 100644 changes/bug9780 diff --git a/ChangeLog b/ChangeLog index 264772397..59311cb25 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,10 +2,34 @@ Changes in version 0.2.4.18-rc - 2013-10-?? Tor 0.2.4.18-rc is the fourth release candidate for the Tor 0.2.4.x series. [...] + o Major enhancements: + - Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later. + (OpenSSL before 1.0.1 didn't have TLS 1.1 or 1.2. OpenSSL from 1.0.1 + through 1.0.1d had bugs that prevented renegotiation from working + with TLS 1.1 or 1.2, so we disabled them to solve bug 6033.) Fix for + issue #6055. + o Major bugfixes: - Stop trying to bootstrap all our directory information from only our first guard. Discovered while fixing bug 9946; bugfix on 0.2.4.8-alpha. + - No longer stop reading or writing on cpuworker connections when + our rate limiting buckets go empty. Now we should handle circuit + handshake requests more promptly. Resolves bug 9731. + + o Minor bugfixes: + - If we are unable to save a microdescriptor to the journal, do not + drop it from memory and then reattempt downloading it. Fixes bug + 9645; bugfix on 0.2.2.6-alpha. + + o Minor bugfixes (performance, fingerprinting): + - Our default TLS ecdhe groups were backwards: we meant to be using + P224 for relays (for performance win) and P256 for bridges (since + it is more common in the wild). Instead we had it backwards. After + reconsideration, we decided that the default should be P256 on all + hosts, since its security is probably better, and since P224 is + reportedly used quite little in the wild. Found by "skruffy" on + IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha. o Minor bugfixes (on 0.2.4.x): - Correctly log long IPv6 exit policies, instead of truncating them diff --git a/changes/bug6055 b/changes/bug6055 deleted file mode 100644 index 00730073a..000000000 --- a/changes/bug6055 +++ /dev/null @@ -1,6 +0,0 @@ - o Major enhancements: - - Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later. - (OpenSSL before 1.0.1 didn't have TLS 1.1 or 1.2. OpenSSL from 1.0.1 - through 1.0.1d had bugs that prevented renegotiation from working - with TLS 1.1 or 1.2, so we disabled them to solve bug 6033.) Fix for - issue #6055. diff --git a/changes/bug9645a b/changes/bug9645a deleted file mode 100644 index 2daba65a0..000000000 --- a/changes/bug9645a +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - If we are unable to save a microdescriptor to the journal, do not - drop it from memory and then reattempt downloading it. Fixes bug - 9645; bugfix on 0.2.2.6-alpha. - diff --git a/changes/bug9731 b/changes/bug9731 deleted file mode 100644 index 828496af3..000000000 --- a/changes/bug9731 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes: - - Do not apply connection_consider_empty_read/write_buckets to - cpuworker connections. diff --git a/changes/bug9780 b/changes/bug9780 deleted file mode 100644 index 3cb51bd52..000000000 --- a/changes/bug9780 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (performance, fingerprinting): - - Our default TLS ecdhe groups were backwards: we meant to be using - P224 for relays (for performance win) and P256 for bridges (since - it is more common in the wild). Instead we had it backwards. After - reconsideration, we decided that the default should be P256 on all - hosts, since its security is probably better, and since P224 is - reportedly used quite little in the wild. Found by "skruffy" on - IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha.