aboutsummaryrefslogtreecommitdiff
path: root/changes
Commit message (Expand)AuthorAge
* Merge remote-tracking branch 'public/bug10268'Nick Mathewson2014-04-23
|\
| * Give no answer, not NOTIMPL, for unsupported DNS query types•••According to reports, most programs degrade somewhat gracefully on getting no answer for an MX or a CERT for www.example.com, but many flip out completely on a NOTIMPL error. Also, treat a QTYPE_ALL query as just asking for an A record. The real fix here is to implement proposal 219 or something like it. Fixes bug 10268; bugfix on 0.2.0.1-alpha. Based on a patch from "epoch". Nick Mathewson2014-04-07
* | Merge remote-tracking branch 'public/bug11200'Nick Mathewson2014-04-23
|\ \
| * | should_disable_dir_fetches() now returns 1 if DisableNetwork==1•••This change prevents LD_BUG warnings and bootstrap failure messages when we try to do directory fetches when starting with DisableNetwork == 1, a consensus present, but no descriptors (or insufficient descriptors) yet. Fixes bug 11200 and bug 10405. It's a bugfix on 0.2.3.9-alpha. Thanks to mcs for walking me through the repro instructions! Nick Mathewson2014-03-14
* | | Merge branch 'bug11156_issue2_squashed'Nick Mathewson2014-04-23
|\ \ \
| * | | Don't halt bootstrap to figure out if we should restart PT proxies.•••Instead, figure out if we should restart PT proxies _immediately_ after we re-read the config file. George Kadianakis2014-04-23
* | | | Merge remote-tracking branch 'public/bug9229_025'•••Conflicts: src/or/entrynodes.c Nick Mathewson2014-04-23
|\ \ \ \
| * | | | Fix our check for the "first" bridge descriptor.•••This is meant to be a better bug 9229 fix -- or at least, one more in tune with the intent of the original code, which calls router_retry_directory_downloads() only on the first bridge descriptor. Nick Mathewson2014-03-10
* | | | | Merge remote-tracking branch 'public/bug9963_v2_024'Nick Mathewson2014-04-18
|\ \ \ \ \
| * | | | | Log descriptor-download bootstrapping messages less verbosely•••This is a fix for 9963. I say this is a feature, but if it's a bugfix, it's a bugfix on 0.2.4.18-rc. Old behavior: Mar 27 11:02:19.000 [notice] Bootstrapped 50%: Loading relay descriptors. Mar 27 11:02:20.000 [notice] Bootstrapped 51%: Loading relay descriptors. Mar 27 11:02:20.000 [notice] Bootstrapped 52%: Loading relay descriptors. ... [Many lines omitted] ... Mar 27 11:02:29.000 [notice] Bootstrapped 78%: Loading relay descriptors. Mar 27 11:02:33.000 [notice] We now have enough directory information to build circuits. New behavior: Mar 27 11:16:17.000 [notice] Bootstrapped 50%: Loading relay descriptors Mar 27 11:16:19.000 [notice] Bootstrapped 55%: Loading relay descriptors Mar 27 11:16:21.000 [notice] Bootstrapped 60%: Loading relay descriptors Mar 27 11:16:21.000 [notice] Bootstrapped 65%: Loading relay descriptors Mar 27 11:16:21.000 [notice] Bootstrapped 70%: Loading relay descriptors Mar 27 11:16:21.000 [notice] Bootstrapped 75%: Loading relay descriptors Mar 27 11:16:21.000 [notice] We now have enough directory information to build circuits. Nick Mathewson2014-03-27
* | | | | | Improved message when running sandbox on Linux without libseccomp•••Previously we said "Sandbox is not implemented on this platform" on Linux boxes without libseccomp. Now we say that you need to build Tor built with libseccomp. Fixes bug 11543; bugfix on 0.2.5.1-alpha. Nick Mathewson2014-04-18
* | | | | | Merge remote-tracking branch 'public/ticket11528_024'Nick Mathewson2014-04-17
|\ \ \ \ \ \
| * | | | | | Elevate server TLS cipher preferences over client•••The server cipher list is (thanks to #11513) chosen systematically to put the best choices for Tor first. The client cipher list is chosen to resemble a browser. So let's set SSL_OP_CIPHER_SERVER_PREFERENCE to have the servers pick according to their own preference order. Nick Mathewson2014-04-17
* | | | | | | Merge more changes files (verbatim) into the changelogNick Mathewson2014-04-17
* | | | | | | Merge remote-tracking branch 'public/sandbox_fixes_rebased_2'Nick Mathewson2014-04-16
|\ \ \ \ \ \ \
| * | | | | | | add a changes file for the sandbox fixes seriesNick Mathewson2014-04-16
* | | | | | | | Attribute 13304 and 13306 to 0.2.4.4-alpha.Nick Mathewson2014-04-16
* | | | | | | | Merge remote-tracking branch 'andrea/bug11304'Nick Mathewson2014-04-16
|\ \ \ \ \ \ \ \
| * | | | | | | | Call connection_or_close_for_error() properly if write_to_buf() ever fails on...Andrea Shepard2014-04-15
| |/ / / / / / /
* | | | | | | | Merge remote-tracking branch 'andrea/bug11306'Nick Mathewson2014-04-16
|\ \ \ \ \ \ \ \
| * | | | | | | | Close orconns correctly through channels when setting DisableNetwork to 1Andrea Shepard2014-04-15
| |/ / / / / / /
* | | | | | | | Merge remote-tracking branch 'public/bug11477'Nick Mathewson2014-04-16
|\ \ \ \ \ \ \ \
| * | | | | | | | New --enable-expensive-hardening option•••It turns on -fsanitize=address and -fsanitize=ubsan if they work. Most relays won't want this. Some clients may. Ticket 11477. Nick Mathewson2014-04-14
* | | | | | | | | Merge branch '10267_plus_10896_rebased_twice'Nick Mathewson2014-04-16
|\ \ \ \ \ \ \ \ \ | |_|/ / / / / / / |/| | | | | | | |
| * | | | | | | | Changes file for 10896Nick Mathewson2014-04-16
| * | | | | | | | ipfw TransPort support on FreeBSD (10267)•••This isn't on by default; to get it, you need to set "TransProxyType ipfw". (The original patch had automatic detection for whether /dev/pf is present and openable, but that seems marginally fragile.) Nick Mathewson2014-04-16
* | | | | | | | | Merge remote-tracking branch 'public/bug11465'Nick Mathewson2014-04-15
|\ \ \ \ \ \ \ \ \
| * | | | | | | | | changes file for 11465Nick Mathewson2014-04-10
| | |/ / / / / / / | |/| | | | | | |
* | | | | | | | | add changes file for 11507Nick Mathewson2014-04-15
* | | | | | | | | Merge remote-tracking branch 'public/bug11513_024'Nick Mathewson2014-04-15
|\ \ \ \ \ \ \ \ \
| * | | | | | | | | New sort order for server choice of ciphersuites.•••Back in 175b2678, we allowed servers to recognize clients who are telling them the truth about their ciphersuites, and select the best cipher from on that list. This implemented the server side of proposal 198. In bugs 11492, 11498, and 11499, cypherpunks found a bunch of mistakes and omissions and typos in the UNRESTRICTED_SERVER_CIPHER_LIST we had. In #11513, I found a couple more. Rather than try to hand-edit this list, I wrote a short python script to generate our ciphersuite preferences from the openssl headers. The new rules are: * Require forward secrecy. * Require RSA (since our servers only configure RSA keys) * Require AES or 3DES. (This means, reject RC4, DES, SEED, CAMELLIA, and NULL.) * No export ciphersuites. Then: * Prefer AES to 3DES. * If both suites have the same cipher, prefer ECDHE to DHE. * If both suites have the same DHE group type, prefer GCM to CBC. * If both suites have the same cipher mode, prefer SHA384 to SHA256 to SHA1. * If both suites have the same digest, prefer AES256 to AES128. Nick Mathewson2014-04-14
* | | | | | | | | | Merge remote-tracking branch 'origin/maint-0.2.4'Nick Mathewson2014-04-15
|\ \ \ \ \ \ \ \ \ \ | | |_|_|/ / / / / / | |/| | | | | | | |
| * | | | | | | | | Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4•••Conflicts: src/or/circuituse.c Nick Mathewson2014-04-15
| |\ \ \ \ \ \ \ \ \
| | * | | | | | | | | Don't send uninitialized stack to the controller and say it's a date.•••Fixes bug 11519, apparently bugfix on 0.2.3.11-alpha. Nick Mathewson2014-04-14
* | | | | | | | | | | Merge remote-tracking branch 'origin/maint-0.2.4'Nick Mathewson2014-04-14
|\| | | | | | | | | | | |_|_|/ / / / / / / |/| | | | | | | | |
| * | | | | | | | | Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4•••Conflicts: src/or/routerlist.h Nick Mathewson2014-04-14
| |\| | | | | | | | | | |/ / / / / / / | |/| | | | | | |
| | * | | | | | | Tweak changes file and comment dates.Nick Mathewson2014-04-14
| | * | | | | | | Code to blacklist authority signing keys•••(I need a list of actual signing keys to blacklist.) Nick Mathewson2014-04-14
* | | | | | | | | Demote "we stalled too much while trying to write" message to INFO•••Resolves ticket 5286. Nick Mathewson2014-04-09
* | | | | | | | | Merge remote-tracking branch 'public/bug10431'Nick Mathewson2014-04-09
|\ \ \ \ \ \ \ \ \
| * | | | | | | | | Report only the first bootstrap failure from an orconn•••Otherwise, when we report "identity mismatch", we then later report DONE when the connection gets closed. Fixes bug 10431; bugfix on 0.2.1.1-alpha. Nick Mathewson2014-03-27
* | | | | | | | | | Merge remote-tracking branch 'public/update_ciphers_ff28'Nick Mathewson2014-04-08
|\ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | Update ciphers.inc to match ff28•••The major changes are to re-order some ciphers, to drop the ECDH suites (note: *not* ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... *and* to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438. Nick Mathewson2014-04-08
* | | | | | | | | | | Start work on the changelog for 0.2.5.4-alpha•••This commit does nothing other than pull the changes/* files into ChangeLog, sorted by declared type. I haven't comined any entries or vetted anything yet. Nick Mathewson2014-04-08
* | | | | | | | | | | Merge remote-tracking branch 'origin/maint-0.2.4'Nick Mathewson2014-04-08
|\ \ \ \ \ \ \ \ \ \ \ | | |_|/ / / / / / / / | |/| | | | | | | | |
| * | | | | | | | | | Fix a small memory leak when resolving PTR addresses•••Fixes bug 11437; bugfix on 0.2.4.7-alpha. Found by coverity; this is CID 1198198. Nick Mathewson2014-04-07
| |/ / / / / / / / /
* | | | | | | | | | Merge remote-tracking branch 'public/bug11426'Nick Mathewson2014-04-08
|\ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | Make csiphash use the proper endian-converter on solaris•••fixes bug 11426; bugfix on 0.2.5.3-alpha, where csiphash was introduced. Nick Mathewson2014-04-07
| | |_|_|_|_|_|_|_|/ | |/| | | | | | | |
* | | | | | | | | | Merge branch 'bug2454_025_squashed'Nick Mathewson2014-04-08
|\ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | Check for new IP addr after circuit liveliness returns•••When we successfully create a usable circuit after it previously timed out for a certain amount of time, we should make sure that our public IP address hasn't changed and update our descriptor. Matthew Finkel2014-04-08
generated by cgit v1.2.3 (git 2.48.1) at 2025-04-13 11:21:07 +0000