aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorRoger Dingledine <arma@torproject.org>2012-04-23 01:22:59 -0400
committerRoger Dingledine <arma@torproject.org>2012-04-23 01:22:59 -0400
commit54d0cdeb939fb19f6e430a62c255acac87b68f6a (patch)
tree273404d519778143dc5750808de3828eb878afde /ChangeLog
parent627c37ad6a06e3aa68e7af54cca177720a0d8267 (diff)
downloadtor-54d0cdeb939fb19f6e430a62c255acac87b68f6a.tar
tor-54d0cdeb939fb19f6e430a62c255acac87b68f6a.tar.gz
further changelog cleanups
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog88
1 files changed, 41 insertions, 47 deletions
diff --git a/ChangeLog b/ChangeLog
index 43db8aa48..9936e91cc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,63 +1,57 @@
-Changes in version 0.2.3.14-alpha - 2012-04-??
+Changes in version 0.2.3.14-alpha - 2012-04-2?
o Directory authority changes:
- Change IP address for ides (v3 directory authority), and rename
it to turtles.
- o Security fixes:
- - When using the debuging BridgePassword field, a bridge authority
- now compares alleged passwords by hashing them, then comparing
- the result to a digest of the expected authenticator. This avoids
- a potential side-channel attack in the previous code, which
- had foolishly used strcmp(). Fortunately, the BridgePassword field
- *is not in use*, but if it had been, the timing
- behavior of strcmp() might have allowed an adversary to guess the
- BridgePassword value, and enumerate the bridges. Bugfix on
- 0.2.0.14-alpha. Fixes bug 5543.
-
o Major bugfixes:
- - Do not allow the presence of one consensus flavor to keep us from
- downloading another. Previously, we had one "time to download a
- consensus" timer, which didn't understand the idea of having one
- consensus but wanting to download another. Fixes bug 4011; fix on
- 0.2.3.1-alpha.
- - If authorities are unable to get a set of v2 consensus documents
- from other directory authorities, they no longer fail-back and
- try to fetch them from regular directory caches. Fixes bug 5635;
- bugfix on 0.2.2.26-beta, where routers stopped downloading v2
- consensus documents entirely.
- - Prevent a client-side assertion failure when receiving an INTRODUCE2
+ - When we start a Tor client with a normal consensus already cached,
+ be willing to download a microdescriptor consensus. Fixes bug 4011;
+ fix on 0.2.3.1-alpha.
+ - If authorities are unable to get a v2 consensus document from other
+ directory authorities, they no longer fall back to fetching
+ them from regular directory caches. Fixes bug 5635; bugfix on
+ 0.2.2.26-beta, where routers stopped downloading v2 consensus
+ documents entirely.
+ - Avoid a client-side assertion failure when receiving an INTRODUCE2
cell on a general purpose circuit. Fixes bug 5644; bugfix on
0.2.1.6-alpha.
- Avoid logging uninitialized data when unable to decode a hidden
- service descriptor cookie. Fixes bug 5647; bugfix on 0.2.1.5-alpha.
+ service descriptor cookie. Fixes bug 5647; bugfix on 0.2.1.5-alpha.
o Major features (performance):
- - When built to use the newly OpenSSL 1.0.1, and built for an x86 or
- x86_64 instruction set, take advantage of OpenSSL's AESNI,
- bitsliced, or vectorized AES implementations as appropriate. These
- can be much, much faster than other AES implementations.
-
- o Minor bugfixes:
+ - When built to use OpenSSL 1.0.1, and built for an x86 or x86_64
+ instruction set, take advantage of OpenSSL's AESNI, bitsliced, or
+ vectorized AES implementations as appropriate. These can be much,
+ much faster than other AES implementations.
+
+ o Minor bugfixes (0.2.2.x and earlier):
+ - Change the BridgePassword feature (part of the "bridge community"
+ design, which is not yet implemented) to use a time-independent
+ comparison. The old behavior might have allowed an adversary
+ to use timing to guess the BridgePassword value. Fixes bug 5543;
+ bugfix on 0.2.0.14-alpha.
+ - Enforce correct return behavior of tor_vsscanf() when the '%%'
+ pattern is used. Fixes bug 5558. Bugfix on 0.2.1.13.
+ - When sending an HTTP/1.1 proxy request, include a Host header.
+ Fixes bug 5593; bugfix on 0.2.2.1-alpha.
- Don't log that we have "decided to publish new relay descriptor"
unless we are actually publishing a descriptor. Fixes bug 3942;
- bugfix on 0.2.3.2-alpha.
- - Fix bug stomping on ORPort option NoListen and ignoring option
- NoAdvertise. Fixes bug 5151; bugfix on 0.2.3.9-alpha.
- - In the testsuite, provide a large enough buffer in the tor_sscanf
- unit test. We'd otherwise overrun that buffer and crash during the
- unit tests. Fixes bug 5449; bugfix on 0.2.3.12-alpha. Thanks weasel
- for spotting the bug.
+ bugfix on 0.2.2.28-beta.
+
+ o Minor bugfixes (0.2.3.x):
- Fix a bug where a bridge authority crashes (on a failed assert)
if it has seen no directory requests when it's time to write
statistics to disk. Fixes bug 5508. Bugfix on 0.2.3.6-alpha.
- - Enforce correct return behavior of tor_vsscanf(), when the '%%'
- pattern is used. Fixes bug 5558. Bugfix on 0.2.1.13.
+ - Fix bug stomping on ORPort option NoListen and ignoring option
+ NoAdvertise. Fixes bug 5151; bugfix on 0.2.3.9-alpha.
+ - In the testsuite, provide a large enough buffer in the tor_sscanf
+ unit test. Otherwise we'd overrun that buffer and crash during
+ the unit tests. Found by weasel. Fixes bug 5449; bugfix on
+ 0.2.3.12-alpha.
- Make sure we create the keys directory if it doesn't exist and we're
- about to store the dynamic diffie hellman parameters. Fixes bug 5572;
- bugfix on 0.2.3.13-alpha.
- - When sending an HTTP/1.1 proxy request, include a Host header.
- Fixes bug 5593; bugfix on 0.2.2.1-alpha.
+ about to store the dynamic Diffie-Hellman parameters. Fixes bug
+ 5572; bugfix on 0.2.3.13-alpha.
- Fix a small memory leak when trying to decode incorrect base16
authenticator during SAFECOOKIE authentication. Found by
Coverity Scan. Fixes CID 507. Bugfix on 0.2.3.13-alpha.
@@ -75,14 +69,14 @@ Changes in version 0.2.3.14-alpha - 2012-04-??
- Update to the April 3 2012 Maxmind GeoLite Country database.
o Documentation:
- - Begin a state-contents.txt file in doc to explain the contents
- of the Tor state file. Fixes bug 2987.
+ - Begin a doc/state-contents.txt file to explain the contents of
+ the Tor state file. Fixes bug 2987.
- Document unit of bandwidth related options in sample torrc.
Fixes bug 5621.
o Removed features:
- - The "torify" script no longer supports the "tsocks" sockifier
- tool, since it doesn't support DNS and UDP right for Tor.
+ - The "torify" script no longer supports the "tsocks" socksifier
+ tool, since tsocks doesn't support DNS and UDP right for Tor.
Everyone should be using torsocks instead. Fixes bugs 3530 and
5180. Based on a patch by "ugh".