diff options
| -rw-r--r-- | ChangeLog | 37 | ||||
| -rw-r--r-- | changes/bug3940_redux | 5 | ||||
| -rw-r--r-- | changes/bug4663 | 5 | ||||
| -rw-r--r-- | changes/bug4744 | 4 | ||||
| -rw-r--r-- | changes/bug5049 | 4 | ||||
| -rw-r--r-- | changes/bug5210 | 2 | ||||
| -rw-r--r-- | changes/bug5263 | 5 | ||||
| -rw-r--r-- | changes/bug5849 | 3 | ||||
| -rw-r--r-- | changes/bug6141 | 4 | ||||
| -rw-r--r-- | changes/geoip-june2012 | 3 | ||||
| -rw-r--r-- | changes/prop198 | 12 |
11 files changed, 36 insertions, 48 deletions
@@ -1,6 +1,24 @@ -Changes in version 0.2.3.17-alpha - 2012-06-?? +Changes in version 0.2.3.17-beta - 2012-06-1? + o Major features: + - Enable gcc and ld hardening by default. Resolves ticket 5210. + - Update TLS cipher list to match Firefox 8 and later. Resolves + ticket 4744. + - Implement the client side of proposal 198: remove support for + clients falsely claiming to support standard ciphersuites that + they can actually provide. As of modern OpenSSL versions, it's not + necessary to fake any standard ciphersuite, and doing so prevents + us from using better ciphersuites in the future, since servers + can't know whether an advertised ciphersuite is really supported or + not. Some hosts -- notably, ones with very old versions of OpenSSL + or where OpenSSL has been built with ECC disabled -- will stand + out because of this change; TBB users should not be affected. o Major bugfixes: + - Change the AllowDotExit rules so they should actually work. + We now enforce AllowDotExit only immediately after receiving an + address via SOCKS or DNSPort: other sources are free to provide + .exit addresses after the resolution occurs. Fixes bug 3940; + bugfix on 0.2.2.1-alpha. - When building Tor on Windows with -DUNICODE (not default), ensure that error messages, filenames, and DNS server names are always NUL-terminated when we convert them to a single-byte encoding. @@ -15,8 +33,18 @@ Changes in version 0.2.3.17-alpha - 2012-06-?? bug 6094; bugfix on 0.2.3.16-alpha. o Minor bugfixes: + - Disable writing on marked-for-close connections when they are + blocked on bandwidth, to prevent busy-looping in Libevent. Fixes + bug 5263; bugfix on 0.0.2pre13, where we first added a special + case for flushing marked connections. - Detect SSL handshake even when the initial attempt to write the server hello fails. Fixes bug 4592; bugfix on 0.2.0.13-alpha. + - Fix a (harmless) integer overflow in cell statistics reported by + some fast relays. Fixes bug 5849; bugfix on 0.2.2.1-alpha. + - Make sure circuitbuild.c checks LearnCircuitBuildTimeout in all the + right places and never depends on the consensus parameters or + computes adaptive timeouts when it is disabled. Fixes bug 5049; + bugfix on 0.2.2.14-alpha. - Make Tor build correctly again with -DUNICODE -D_UNICODE defined. Fixes bug 6097; bugfix on 0.2.2.16-alpha. - Fix an edge case where TestingTorNetwork is set but the authorities @@ -26,6 +54,8 @@ Changes in version 0.2.3.17-alpha - 2012-06-?? - Correct the manpage's descriptions for the default values of DirReqStatistics and ExtraInfoStatistics. Fixes bug 2865; bugfix on 0.2.3.1-alpha. + - Fix compilation warning with clang 3.1. Fixes bug 6141; bugfix on + 0.2.3.11-alpha. o Minor features: - Rate-limit the "Weighted bandwidth is 0.000000" message, and add @@ -34,6 +64,11 @@ Changes in version 0.2.3.17-alpha - 2012-06-?? - Check CircuitBuildTimeout and LearnCircuitBuildTimeout in options_validate(); warn if LearnCircuitBuildTimeout is disabled and CircuitBuildTimeout is set unreasonably low. Resolves ticket 5452. + - Warn the user when HTTPProxy, but no other proxy type, is + configured. This can cause surprising behavior: it doesn't send + all of Tor's traffic over the HTTPProxy -- it sends unencrypted + directory traffic only. Resolves ticket 4663. + - Update to the June 6 2012 Maxmind GeoLite Country database. Changes in version 0.2.2.37 - 2012-06-06 diff --git a/changes/bug3940_redux b/changes/bug3940_redux deleted file mode 100644 index 7733740d9..000000000 --- a/changes/bug3940_redux +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - Change the AllowDotExit rules so they should actually work. - We now enforce AllowDotExit only immediately after receiving - an address via SOCKS or DNSPort: other sources are free to provide - .exit addresses after the resolution occurs. diff --git a/changes/bug4663 b/changes/bug4663 deleted file mode 100644 index f720ff5da..000000000 --- a/changes/bug4663 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features: - - Warn the user when HTTPProxy, but no other proxy type, is - configured. This can cause surprising behavior: it doesn't send - all of Tor's traffic over the HTTPProxy--it sends unencrypted - directory traffic only. Resolves ticket 4663. diff --git a/changes/bug4744 b/changes/bug4744 deleted file mode 100644 index 1563cd114..000000000 --- a/changes/bug4744 +++ /dev/null @@ -1,4 +0,0 @@ - o Major features: - - Update cipher cipher list to match Firefox 8 and later. Fix for - issue 4744. - diff --git a/changes/bug5049 b/changes/bug5049 deleted file mode 100644 index 677fd4286..000000000 --- a/changes/bug5049 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Make sure circuitbuild.c checks LearnCircuitBuildTimeout in all the - right places and never depends on the consensus parameters or computes - adaptive timeouts when it is disabled. diff --git a/changes/bug5210 b/changes/bug5210 deleted file mode 100644 index b07e7f1f2..000000000 --- a/changes/bug5210 +++ /dev/null @@ -1,2 +0,0 @@ - o Security fixes: - - Enable gcc and ld hardening by default. Fixes bug 5210. diff --git a/changes/bug5263 b/changes/bug5263 deleted file mode 100644 index 25793f141..000000000 --- a/changes/bug5263 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Disable writing on marked-for-close connections when they are - blocked on bandwidth, to prevent busy-looping in Libevent. Fixes - bug 5263; bugfix on 0.0.2pre13, where we first added a special - case for flushing marked connections. diff --git a/changes/bug5849 b/changes/bug5849 deleted file mode 100644 index b6738a6b9..000000000 --- a/changes/bug5849 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Fix a (harmless) integer overflow in cell statistics reported by - some fast relays. Fixes bug 5849; bugfix on 0.2.2.1-alpha. diff --git a/changes/bug6141 b/changes/bug6141 deleted file mode 100644 index b95475c2d..000000000 --- a/changes/bug6141 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes: - - Fix compilation warning with clang 3.1. Fixes bug 6141; bugfix on - 0.2.3.11-alpha. - diff --git a/changes/geoip-june2012 b/changes/geoip-june2012 deleted file mode 100644 index f73bf3552..000000000 --- a/changes/geoip-june2012 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the June 6 2012 Maxmind GeoLite Country database. - diff --git a/changes/prop198 b/changes/prop198 deleted file mode 100644 index fd666864c..000000000 --- a/changes/prop198 +++ /dev/null @@ -1,12 +0,0 @@ - o Removed features: - - - Remove support for clients claiming to support any standard - ciphersuites that we can actually provide. (As of modern - OpenSSL versions, it's not necessary to fake any standard - ciphersuite, and doing so prevents us from using better - ciphersuites in the future, since servers can't know whether an - advertised ciphersuite is really supported or not.) Some - hosts--notably, ones with very old versions of OpenSSL or where - OpenSSL has been built with ECC disabled-- will stand out - because of this change; TBB users should not be affected. - This implements the client side of proposal 198. |