summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog64
-rw-r--r--changes/bug2649a5
-rw-r--r--changes/bug2649b5
-rw-r--r--changes/bug332714
-rw-r--r--changes/bug34216
-rw-r--r--changes/bug3428b9
-rw-r--r--changes/bug38514
-rw-r--r--changes/bug38944
-rw-r--r--changes/bug39093
-rw-r--r--changes/bug39235
-rw-r--r--changes/replay-firstpart13
-rw-r--r--changes/split_entry_conn5
12 files changed, 64 insertions, 73 deletions
diff --git a/ChangeLog b/ChangeLog
index 1e0f85014f..75db367923 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,67 @@
+Changes in version 0.2.3.4-alpha - 2011-09-??
+ o Major bugfixes:
+ - Avoid an assertion failure when reloading a configuration with
+ TrackExitHosts changes. Found and fixed by 'laruldan'. Fixes bug
+ 3923; bugfix on 0.2.2.25-alpha.
+
+ o Major features:
+ - Relays now try regenerating and uploading their descriptor more
+ frequently if they are not listed in the consensus, or if the
+ version of their descriptor listed in the consensus is too
+ old. This fix should prevent situations where a server declines
+ to re-publish itself because it has done so too recently, even
+ though the authorities decided not to list its recent-enough
+ descriptor. Fix for bug 3327.
+
+ o Minor features (security):
+ - Check for replays of the public-key encrypted portion of an
+ INTRODUCE1 cell, in addition to the current check for replays of
+ the g^x value. This prevents a possible class of active attacks
+ by an attacker who controls both an introduction point and a
+ rendezvous point, and who uses the malleability of AES-CTR to
+ alter the encrypted g^x portion of the INTRODUCE1 cell. We think
+ that these attacks is infeasible (requiring the attacker to send
+ on the order of zettabytes of altered cells in a short interval),
+ but we'd rather block them off in case there are any classes of
+ this attack that we missed. Reported by Willem Pinckaers.
+
+ o Minor features:
+ - Add a VoteOnHidServDirectoriesV2 configuration option to allow
+ directory authorities to abstain from voting on assignment of
+ the HSDir consensus flag. Related to bug 2649.
+ - Relays now include a reason for regenerating their descriptors
+ an HTTP header when uploading to the authorities. This will
+ make it easier to debug descriptor-upload issues in the future.
+ - When starting as root and then changing our UID via the User
+ control option, if we are running with ControlSocket, make sure
+ that the ControlSocket is owned by the same account that Tor will
+ run under. Implements ticket 3421; fix by Jérémy Bobbio.
+
+ o Minor bugfixes:
+ - Change the default required uptime for a relay to be accepted as
+ a HSDir from 24 hours to 25 hours. Bugfix on 0.2.0.10-alpha;
+ fixes bug 2649.
+ - Abort if tor_vasprintf fails in connection_printf_to_buf (a
+ utility function used in the control-port code). This shouldn't
+ ever happen unless Tor is completely out of memory, but if it
+ did happen and Tor somehow recovered from it, Tor could have
+ sent a log message to a control port in the middle of a reply to
+ a controller command. Fixes part of bug 3428.
+ - Make 'FetchUselessDescriptors' cause all descriptor types and
+ all consensus types to get fetched. Fixes bug 3851; bugfix on
+ 0.2.3.1-alpha.
+
+ o Build fixes:
+ - Clean up some code issues that prevented Tor from building on older
+ BSDs. Fixes bug 3894; reported by "grarpamp".
+ - Search for a platform-specific version of "ar" when cross-compiling.
+ Should fix builds on iOS. Found by Marco Bonetti.
+
+ o Code refactoring:
+ - Make a new "entry connection" struct as an internal subtype of "edge
+ connection", to simplify the code and make exit connections smaller.
+
+
Changes in version 0.2.3.3-alpha - 2011-09-01
Tor 0.2.3.3-alpha adds a new "stream isolation" feature to improve Tor's
security, and provides client-side support for the microdescriptor
diff --git a/changes/bug2649a b/changes/bug2649a
deleted file mode 100644
index 4ee31ebdb6..0000000000
--- a/changes/bug2649a
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features:
- - Add a VoteOnHidServDirectoriesV2 configuration option to allow
- directory authorities to abstain from voting on assignment of
- the HSDir consensus flag. Related to bug 2649.
-
diff --git a/changes/bug2649b b/changes/bug2649b
deleted file mode 100644
index 1ff14e5569..0000000000
--- a/changes/bug2649b
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Change the default required uptime for a relay to be accepted as
- a HSDir from 24 hours to 25 hours. Bugfix on 0.2.0.10-alpha;
- fixes bug 2649.
-
diff --git a/changes/bug3327 b/changes/bug3327
deleted file mode 100644
index 454eb3156c..0000000000
--- a/changes/bug3327
+++ /dev/null
@@ -1,14 +0,0 @@
- o Major features:
- - Relays now try regenerating and uploading their descriptor more
- frequently if they are not listed in the consensus, or if the
- version of their descriptor listed in the consensus is too
- old. This fix should prevent situations where a server declines
- to re-publish itself because it has done so too recently, even
- though the authorities decided not to list its recent-enough
- descriptor. Fix for bug 3327.
-
- o Minor features:
- - Relays now include a reason for regenerating their descriptors
- an HTTP header when uploading to the authorities. This will
- make it easier to debug descriptor-upload issues in the future.
-
diff --git a/changes/bug3421 b/changes/bug3421
deleted file mode 100644
index 8a4072987f..0000000000
--- a/changes/bug3421
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor features:
- - When starting as root and then changing our UID via the User
- control option, if we are running with ControlSocket, make sure
- that the ControlSocket is owned by the same account that Tor will
- run under. Implements ticket 3421; fix by Jérémy Bobbio.
-
diff --git a/changes/bug3428b b/changes/bug3428b
deleted file mode 100644
index 2cdd688f8d..0000000000
--- a/changes/bug3428b
+++ /dev/null
@@ -1,9 +0,0 @@
- o Minor bugfixes:
- - Abort if tor_vasprintf fails in connection_printf_to_buf (a
- utility function used in the control-port code). This shouldn't
- ever happen unless Tor is completely out of memory, but if it
- had happened and Tor somehow recovered from it, Tor could have
- sent a log message to a control port in the middle of a reply to
- a controller command. Fixes part of bug 3428.
-
-
diff --git a/changes/bug3851 b/changes/bug3851
deleted file mode 100644
index 91572f031b..0000000000
--- a/changes/bug3851
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes:
- - Make 'FetchUselessDescriptors' cause all descriptor types and
- all consensus types get fetched. Fixes bug 3851; bugfix on
- 0.2.3.1-alpha.
diff --git a/changes/bug3894 b/changes/bug3894
deleted file mode 100644
index 4c2220aba8..0000000000
--- a/changes/bug3894
+++ /dev/null
@@ -1,4 +0,0 @@
- o Build fixes:
- - Clean up some code issues that prevented Tor from building on older
- BSDs. Fixes bug 3894; reported by grarpamp.
-
diff --git a/changes/bug3909 b/changes/bug3909
deleted file mode 100644
index 0b4b292030..0000000000
--- a/changes/bug3909
+++ /dev/null
@@ -1,3 +0,0 @@
- o Build fixes:
- - Search for a platform-specific version of "ar" when cross-compiling.
- Should fix builds on iOS. Found by Marco Bonetti.
diff --git a/changes/bug3923 b/changes/bug3923
deleted file mode 100644
index 9c0e138826..0000000000
--- a/changes/bug3923
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfies:
- - Avoid an assertion failure when reloading a configuration with
- TrackExitHosts changes. Found and fixed by 'laruldan'. Fixes
- bug 3923; bugfix on 0.2.2.25-alpha.
-
diff --git a/changes/replay-firstpart b/changes/replay-firstpart
deleted file mode 100644
index f4a7767fb1..0000000000
--- a/changes/replay-firstpart
+++ /dev/null
@@ -1,13 +0,0 @@
- o Minor features (security):
-
- - Check for replays of the public-key encrypted portion of an
- INTRODUCE1 cell, in addition to the current check for replays of
- the g^x value. This prevents a possible class of active attacks
- by an attacker who controls both an introduction point and a
- rendezvous point, and who uses the malleability of AES-CTR to
- alter the encrypted g^x portion of the INTRODUCE1 cell. We
- think that these attacks is infeasible (requiring the attacker
- to send on the order of zettabytes of altered cells in a short
- interval), but we'd rather block them off in case there are any
- classes of this attack that we missed. Reported by dvorak.
-
diff --git a/changes/split_entry_conn b/changes/split_entry_conn
deleted file mode 100644
index c0a2eb6574..0000000000
--- a/changes/split_entry_conn
+++ /dev/null
@@ -1,5 +0,0 @@
- o Code refactoring:
- - Make "entry connection" in to a new internal subtype of "edge
- connection", to simplify the code and make exit connections
- smaller.
-