From 54d0cdeb939fb19f6e430a62c255acac87b68f6a Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 23 Apr 2012 01:22:59 -0400 Subject: [PATCH] further changelog cleanups --- ChangeLog | 88 +++++++++++++++++++++++++++++---------------------------------- 1 file changed, 41 insertions(+), 47 deletions(-) diff --git a/ChangeLog b/ChangeLog index 43db8aa48c..9936e91cc5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,63 +1,57 @@ -Changes in version 0.2.3.14-alpha - 2012-04-?? +Changes in version 0.2.3.14-alpha - 2012-04-2? o Directory authority changes: - Change IP address for ides (v3 directory authority), and rename it to turtles. - o Security fixes: - - When using the debuging BridgePassword field, a bridge authority - now compares alleged passwords by hashing them, then comparing - the result to a digest of the expected authenticator. This avoids - a potential side-channel attack in the previous code, which - had foolishly used strcmp(). Fortunately, the BridgePassword field - *is not in use*, but if it had been, the timing - behavior of strcmp() might have allowed an adversary to guess the - BridgePassword value, and enumerate the bridges. Bugfix on - 0.2.0.14-alpha. Fixes bug 5543. - o Major bugfixes: - - Do not allow the presence of one consensus flavor to keep us from - downloading another. Previously, we had one "time to download a - consensus" timer, which didn't understand the idea of having one - consensus but wanting to download another. Fixes bug 4011; fix on - 0.2.3.1-alpha. - - If authorities are unable to get a set of v2 consensus documents - from other directory authorities, they no longer fail-back and - try to fetch them from regular directory caches. Fixes bug 5635; - bugfix on 0.2.2.26-beta, where routers stopped downloading v2 - consensus documents entirely. - - Prevent a client-side assertion failure when receiving an INTRODUCE2 + - When we start a Tor client with a normal consensus already cached, + be willing to download a microdescriptor consensus. Fixes bug 4011; + fix on 0.2.3.1-alpha. + - If authorities are unable to get a v2 consensus document from other + directory authorities, they no longer fall back to fetching + them from regular directory caches. Fixes bug 5635; bugfix on + 0.2.2.26-beta, where routers stopped downloading v2 consensus + documents entirely. + - Avoid a client-side assertion failure when receiving an INTRODUCE2 cell on a general purpose circuit. Fixes bug 5644; bugfix on 0.2.1.6-alpha. - Avoid logging uninitialized data when unable to decode a hidden - service descriptor cookie. Fixes bug 5647; bugfix on 0.2.1.5-alpha. + service descriptor cookie. Fixes bug 5647; bugfix on 0.2.1.5-alpha. o Major features (performance): - - When built to use the newly OpenSSL 1.0.1, and built for an x86 or - x86_64 instruction set, take advantage of OpenSSL's AESNI, - bitsliced, or vectorized AES implementations as appropriate. These - can be much, much faster than other AES implementations. - - o Minor bugfixes: + - When built to use OpenSSL 1.0.1, and built for an x86 or x86_64 + instruction set, take advantage of OpenSSL's AESNI, bitsliced, or + vectorized AES implementations as appropriate. These can be much, + much faster than other AES implementations. + + o Minor bugfixes (0.2.2.x and earlier): + - Change the BridgePassword feature (part of the "bridge community" + design, which is not yet implemented) to use a time-independent + comparison. The old behavior might have allowed an adversary + to use timing to guess the BridgePassword value. Fixes bug 5543; + bugfix on 0.2.0.14-alpha. + - Enforce correct return behavior of tor_vsscanf() when the '%%' + pattern is used. Fixes bug 5558. Bugfix on 0.2.1.13. + - When sending an HTTP/1.1 proxy request, include a Host header. + Fixes bug 5593; bugfix on 0.2.2.1-alpha. - Don't log that we have "decided to publish new relay descriptor" unless we are actually publishing a descriptor. Fixes bug 3942; - bugfix on 0.2.3.2-alpha. - - Fix bug stomping on ORPort option NoListen and ignoring option - NoAdvertise. Fixes bug 5151; bugfix on 0.2.3.9-alpha. - - In the testsuite, provide a large enough buffer in the tor_sscanf - unit test. We'd otherwise overrun that buffer and crash during the - unit tests. Fixes bug 5449; bugfix on 0.2.3.12-alpha. Thanks weasel - for spotting the bug. + bugfix on 0.2.2.28-beta. + + o Minor bugfixes (0.2.3.x): - Fix a bug where a bridge authority crashes (on a failed assert) if it has seen no directory requests when it's time to write statistics to disk. Fixes bug 5508. Bugfix on 0.2.3.6-alpha. - - Enforce correct return behavior of tor_vsscanf(), when the '%%' - pattern is used. Fixes bug 5558. Bugfix on 0.2.1.13. + - Fix bug stomping on ORPort option NoListen and ignoring option + NoAdvertise. Fixes bug 5151; bugfix on 0.2.3.9-alpha. + - In the testsuite, provide a large enough buffer in the tor_sscanf + unit test. Otherwise we'd overrun that buffer and crash during + the unit tests. Found by weasel. Fixes bug 5449; bugfix on + 0.2.3.12-alpha. - Make sure we create the keys directory if it doesn't exist and we're - about to store the dynamic diffie hellman parameters. Fixes bug 5572; - bugfix on 0.2.3.13-alpha. - - When sending an HTTP/1.1 proxy request, include a Host header. - Fixes bug 5593; bugfix on 0.2.2.1-alpha. + about to store the dynamic Diffie-Hellman parameters. Fixes bug + 5572; bugfix on 0.2.3.13-alpha. - Fix a small memory leak when trying to decode incorrect base16 authenticator during SAFECOOKIE authentication. Found by Coverity Scan. Fixes CID 507. Bugfix on 0.2.3.13-alpha. @@ -75,14 +69,14 @@ Changes in version 0.2.3.14-alpha - 2012-04-?? - Update to the April 3 2012 Maxmind GeoLite Country database. o Documentation: - - Begin a state-contents.txt file in doc to explain the contents - of the Tor state file. Fixes bug 2987. + - Begin a doc/state-contents.txt file to explain the contents of + the Tor state file. Fixes bug 2987. - Document unit of bandwidth related options in sample torrc. Fixes bug 5621. o Removed features: - - The "torify" script no longer supports the "tsocks" sockifier - tool, since it doesn't support DNS and UDP right for Tor. + - The "torify" script no longer supports the "tsocks" socksifier + tool, since tsocks doesn't support DNS and UDP right for Tor. Everyone should be using torsocks instead. Fixes bugs 3530 and 5180. Based on a patch by "ugh". -- 2.11.4.GIT