diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-04-17 00:13:11 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-04-17 00:13:11 -0400 |
| commit | ab83a27450fc3afb57874ca202dcee570607a1ff (patch) | |
| tree | 927506e3639571389ca00f4f577acd0856b1ce67 /changes | |
| parent | 4367cbd71b7a7b53e191b54a67ee6cbc00651024 (diff) | |
| download | tor-ab83a27450fc3afb57874ca202dcee570607a1ff.tar tor-ab83a27450fc3afb57874ca202dcee570607a1ff.tar.gz | |
Merge more changes files (verbatim) into the changelog
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/10267_tproxy | 4 | ||||
| -rw-r--r-- | changes/10896 | 8 | ||||
| -rw-r--r-- | changes/11507 | 7 | ||||
| -rw-r--r-- | changes/bug10431 | 5 | ||||
| -rw-r--r-- | changes/bug11304 | 5 | ||||
| -rw-r--r-- | changes/bug11306 | 4 | ||||
| -rw-r--r-- | changes/bug11464_023 | 5 | ||||
| -rw-r--r-- | changes/bug11465 | 9 | ||||
| -rw-r--r-- | changes/bug11477 | 4 | ||||
| -rw-r--r-- | changes/bug11513 | 12 | ||||
| -rw-r--r-- | changes/bug11519 | 3 | ||||
| -rw-r--r-- | changes/bug5286 | 4 | ||||
| -rw-r--r-- | changes/ff28_ciphers | 6 | ||||
| -rw-r--r-- | changes/sandbox_fixes_11351 | 13 |
14 files changed, 0 insertions, 89 deletions
diff --git a/changes/10267_tproxy b/changes/10267_tproxy deleted file mode 100644 index f65e4a2c5..000000000 --- a/changes/10267_tproxy +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Support the ipfw firewall interface for transparent proxy support on - FreeBSD. To enable it, set "TransProxyType ipfw" in your torrc. - Resolves ticket 10267; patch from "yurivict". diff --git a/changes/10896 b/changes/10896 deleted file mode 100644 index 278815e76..000000000 --- a/changes/10896 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor features: - - Support OpenBSD's divert-to rules with the pf firewall, when - "TransProxyType pf-divert" is specified. This allows Tor to run a - TransPort transparent proxy port on OpenBSD 4.4 or later without - root privileges. See the pf.conf(5) manual page for information on - configuring pf to use divert-to rules. Closes ticket 10896; patch - from Dana Koch. - diff --git a/changes/11507 b/changes/11507 deleted file mode 100644 index f656d9080..000000000 --- a/changes/11507 +++ /dev/null @@ -1,7 +0,0 @@ - o Testing support: - - New macros in test.h to simplify writting mock-functions for unit - tests. Part of ticket 11507. Patch from Dana Koch. - - o Testing: - - Complete tests for the status.c module. Resolves ticket 11507. - Patch from Dana Koch. diff --git a/changes/bug10431 b/changes/bug10431 deleted file mode 100644 index 39353a274..000000000 --- a/changes/bug10431 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Only report the first fatal boostrap error on a given OR - connection. This prevents controllers from declaring that a - connection has failed because of "DONE" or other junk reasons. - Fixes bug 10431; bugfix on 0.2.1.1-alpha. diff --git a/changes/bug11304 b/changes/bug11304 deleted file mode 100644 index 4930dd607..000000000 --- a/changes/bug11304 +++ /dev/null @@ -1,5 +0,0 @@ - o Bugfixes: - - If write_to_buf() in connection_write_to_buf_impl_() ever fails, - check if it's an or_connection_t and correctly call - connection_or_close_for_error() rather than connection_mark_for_close() - directly. Fixes bug #11304; bugfix on 0.2.4.4-alpha. diff --git a/changes/bug11306 b/changes/bug11306 deleted file mode 100644 index 5937938e4..000000000 --- a/changes/bug11306 +++ /dev/null @@ -1,4 +0,0 @@ - o Bugfixes: - - When closing all connections on setting DisableNetwork to 1, use - connection_or_close_normally() rather than closing orconns out from - under the channel layer. Fixes bug #11306; bugfix on 0.2.4.4-alpha. diff --git a/changes/bug11464_023 b/changes/bug11464_023 deleted file mode 100644 index 80c04b21e..000000000 --- a/changes/bug11464_023 +++ /dev/null @@ -1,5 +0,0 @@ - o Major features (security): - - Block authority signing keys that were used on an authorities - vulnerable to the "heartbleed" bug in openssl (CVE-2014-0160). - (We don't have any evidence that these keys _were_ compromised; - we're doing this to be prudent.) Resolves ticket 11464. diff --git a/changes/bug11465 b/changes/bug11465 deleted file mode 100644 index 2425299ca..000000000 --- a/changes/bug11465 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features: - - When the Linux syscall sandbox finds an illegal system call, it - now tries to log a stack trace before exiting. Resolves ticket - 11465. - - o Minor bugfixes: - - Using the Linux syscall sandbox no longer prevents stack-trace - logging on crashes or errors. Fixes part 11465; bugfix on - 0.2.5.1-alpha. diff --git a/changes/bug11477 b/changes/bug11477 deleted file mode 100644 index 44bdba971..000000000 --- a/changes/bug11477 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - New --enable-expensive-hardening option to turn on security hardening - options that consume nontrivial amounts of CPU and memory. Right now, - this includes AddressSanitizer and UbSan. Closes ticket 11477. diff --git a/changes/bug11513 b/changes/bug11513 deleted file mode 100644 index 820c02605..000000000 --- a/changes/bug11513 +++ /dev/null @@ -1,12 +0,0 @@ - o Major bugfixes: - - Generate the server's preference list for ciphersuites - automatically based on uniform criteria, and considering all - OpenSSL ciphersuites with acceptable strength and forward - secrecy. (The sort order is: prefer AES to 3DES; break ties by - preferring ECDHE to DHE; break ties by preferring GCM to CBC; - break ties by preferring SHA384 to SHA256 to SHA1; and finally, - break ties by preferring AES256 to AES128.) This resolves bugs - #11513, #11492, #11498, #11499. Bugs reported by 'cypherpunks'. - Bugfix on 0.2.4.8-alpha. - - diff --git a/changes/bug11519 b/changes/bug11519 deleted file mode 100644 index 5c1e6af7e..000000000 --- a/changes/bug11519 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Avoid sending an garbage value to the controller when a circuit is - cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha. diff --git a/changes/bug5286 b/changes/bug5286 deleted file mode 100644 index de02a9ab6..000000000 --- a/changes/bug5286 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Demote the message that we give when a flushing connection times - out for too long from NOTICE to INFO. It was usually meaningless. - Resolves ticket 5286. diff --git a/changes/ff28_ciphers b/changes/ff28_ciphers deleted file mode 100644 index 05eb4e9bc..000000000 --- a/changes/ff28_ciphers +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (performance, compatibility): - - Update the list of TLS cipehrsuites that a client advertises - to match those advertised by Firefox 28. This enables selection of - (fast) GCM ciphersuites, disables some strange old ciphers, and - disables the ECDH (not to be confused with ECDHE) ciphersuites. - Resolves ticket 11438. diff --git a/changes/sandbox_fixes_11351 b/changes/sandbox_fixes_11351 deleted file mode 100644 index 2fe2173ce..000000000 --- a/changes/sandbox_fixes_11351 +++ /dev/null @@ -1,13 +0,0 @@ - o Major features: - - Refinements and improvements to the Linux seccomp2 sandbox code: - the sandbox can now run a test network for multiple hours without - crashing. (Previous crash reasons included: reseeding the OpenSSL PRNG, - seeding the Libevent PRNG, using the wrong combination of CLOEXEC and - NONBLOCK at the same place and time, having server keys, being an - authority, receiving a HUP, or using IPv6.) The sandbox is still - experimental, and more bugs will probably turn up. To try it, - enable "Sandbox 1" on a Linux host. - - - Strengthen the Linux seccomp2 sandbox code: the sandbox can now - test the arguments for rename(), and blocks _sysctl() entirely. - |