summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* puts geoip databases into rw /data/tor and torrc.b2g in ro /system/tororfoxos-v2.0Dave Huseby2015-01-16
|
* updating config to match the new build script changesDave Huseby2015-01-16
|
* fixing build failure around not finding zlib.hDave Huseby2014-07-31
|
* removing deprecated LOCAL_NDK_VERSION declarationDave Huseby2014-07-10
|
* b2g integrationDave Huseby2014-07-03
|
* copy 0.2.4.22 notes into releasenotesNick Mathewson2014-05-16
|
* Pick a release date for 0.2.4.22Nick Mathewson2014-05-16
|
* match the changelog entries from 0.2.5.x when possibleRoger Dingledine2014-05-14
|
* group the sectionsRoger Dingledine2014-05-14
|
* two small fixes, and downgrade a severityRoger Dingledine2014-05-14
|
* Bump release-0.2.4 version to 0.2.4.22Nick Mathewson2014-05-14
| | | | This is not officially released yet; it needs some QA first.
* Reflow, slightly tidy ChangelogNick Mathewson2014-05-14
|
* changelog edits for 0.2.4.22Nick Mathewson2014-05-14
|
* mark backported changelog entries and ensure that they match the changelog.Nick Mathewson2014-05-07
|
* Begin work on a changelog for 0.2.4.22 by copying in the changes files uneditedNick Mathewson2014-05-07
|
* Merge remote-tracking branch 'origin/maint-0.2.4' into release-0.2.4Nick Mathewson2014-05-07
|\
| * Merge commit 'bb9b4c37f8e7f5cf78918f382e90d8b11ff42551' into maint-0.2.4Nick Mathewson2014-05-07
| |\
| | * Supply better and less frequent warnings on circID exhaustionNick Mathewson2014-04-18
| | | | | | | | | | | | Fixes the surface behavior of #11553
| * | Merge remote-tracking branch 'public/ticket11528_024' into maint-0.2.4Nick Mathewson2014-05-07
| |\ \
| | * | Elevate server TLS cipher preferences over clientNick Mathewson2014-04-17
| | |/ | | | | | | | | | | | | | | | | | | The server cipher list is (thanks to #11513) chosen systematically to put the best choices for Tor first. The client cipher list is chosen to resemble a browser. So let's set SSL_OP_CIPHER_SERVER_PREFERENCE to have the servers pick according to their own preference order.
| * | Merge remote-tracking branch 'public/bug11513_024' into maint-0.2.4Nick Mathewson2014-05-07
| |\ \
| | * | New sort order for server choice of ciphersuites.Nick Mathewson2014-04-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Back in 175b2678, we allowed servers to recognize clients who are telling them the truth about their ciphersuites, and select the best cipher from on that list. This implemented the server side of proposal 198. In bugs 11492, 11498, and 11499, cypherpunks found a bunch of mistakes and omissions and typos in the UNRESTRICTED_SERVER_CIPHER_LIST we had. In #11513, I found a couple more. Rather than try to hand-edit this list, I wrote a short python script to generate our ciphersuite preferences from the openssl headers. The new rules are: * Require forward secrecy. * Require RSA (since our servers only configure RSA keys) * Require AES or 3DES. (This means, reject RC4, DES, SEED, CAMELLIA, and NULL.) * No export ciphersuites. Then: * Prefer AES to 3DES. * If both suites have the same cipher, prefer ECDHE to DHE. * If both suites have the same DHE group type, prefer GCM to CBC. * If both suites have the same cipher mode, prefer SHA384 to SHA256 to SHA1. * If both suites have the same digest, prefer AES256 to AES128.
| * | | Merge remote-tracking branch 'public/update_ciphers_ff28' into maint-0.2.4Nick Mathewson2014-05-07
| |\ \ \
| | * | | Update ciphers.inc to match ff28Nick Mathewson2014-04-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The major changes are to re-order some ciphers, to drop the ECDH suites (note: *not* ECDHE: ECDHE is still there), to kill off some made-up stuff (like the SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA suite), to drop some of the DSS suites... *and* to enable the ECDHE+GCM ciphersuites. This change is autogenerated by get_mozilla_ciphers.py from Firefox 28 and OpenSSL 1.0.1g. Resolves ticket 11438.
| | * | | Teach the get_mozilla_ciphers.py script to parse recent firefoxenNick Mathewson2014-04-08
| | | | |
| * | | | Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4Nick Mathewson2014-05-01
| |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: src/or/microdesc.c
| | * | | | Downgrade bug 7164 warning to INFONick Mathewson2014-05-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The 0.2.5.x warning is the one that might help us track this down; the warnings in stable are just annoying users over and over and over.
| * | | | | Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4Nick Mathewson2014-04-30
| |\ \ \ \ \ | | |/ / / /
| | * | | | Merge remote-tracking branch 'public/bug10849_023_bruteforce' into maint-0.2.3Nick Mathewson2014-04-30
| | |\ \ \ \
| | | * | | | Forbid TunneledDirConns 0 and PreferTunneledDirConns 0 if being a HSNick Mathewson2014-04-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes bug 10849; bugfix on 0.2.1.1-alpha (I believe)
| * | | | | | Drop the MaxMemInCellQueues lower limit down to 256 MB.Nick Mathewson2014-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | on #9686, gmorehose reports that the 500 MB lower limit is too high for raspberry pi users. This is a backport of 647248729fa65f0e51d062e2af8f4e8b38592bf5 to 0.2.4. Note that in 0.2.4, the option is called MaxMemInCellQueues.
| * | | | | | Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4Nick Mathewson2014-04-29
| |\ \ \ \ \ \ | | |/ / / / /
| | * | | | | Stop leaking memory in error cases of md parsingNick Mathewson2014-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When clearing a list of tokens, it's important to do token_clear() on them first, or else any keys they contain will leak. This didn't leak memory on any of the successful microdescriptor parsing paths, but it does leak on some failing paths when the failure happens during tokenization. Fixes bug 11618; bugfix on 0.2.2.6-alpha.
* | | | | | | Add a missing changelog entry back from 0.2.4.11-alphaNick Mathewson2014-04-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When I merged the fix for #7351, and implemented proposal 214 (4-byte circuit IDs), I forgot to add a changes file. Later, we never noticed that it didn't have one. Resolves ticket #11555. Thanks to cypherpunks for noticing this was missing.
* | | | | | | Merge branch 'maint-0.2.4' into release-0.2.4Roger Dingledine2014-04-23
|\ \ \ \ \ \ \ | |/ / / / / /
| * | | | | | Merge remote-tracking branch 'public/bug9229_024' into maint-0.2.4Nick Mathewson2014-04-23
| |\ \ \ \ \ \
| | * | | | | | Update ns downloads when we receive a bridge descriptorNick Mathewson2014-03-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This prevents long stalls when we're starting with a state file but with no bridge descriptors. Fixes bug 9229. I believe this bug has been present since 0.2.0.3-alpha.
| * | | | | | | Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4Nick Mathewson2014-04-16
| |\ \ \ \ \ \ \ | | | |/ / / / / | | |/| | | | |
| | * | | | | | remove note about dannenberg; it has upgraded.Nick Mathewson2014-04-16
| | | | | | | |
| * | | | | | | Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4Nick Mathewson2014-04-16
| |\ \ \ \ \ \ \ | | |/ / / / / / | | | | | | | / | | |_|_|_|_|/ | |/| | | | |
| | * | | | | Update the authority signing key blacklistNick Mathewson2014-04-16
| | | |/ / / | | |/| | | | | | | | | | | | | | | Now it only has dannenberg
| * | | | | Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4Nick Mathewson2014-04-15
| |\ \ \ \ \ | | |/ / / / | | | | | | | | | | | | | | | | | | Conflicts: src/or/circuituse.c
| | * | | | Merge remote-tracking branch 'public/bug11519_023' into maint-0.2.3Nick Mathewson2014-04-15
| | |\ \ \ \
| | | * | | | Don't send uninitialized stack to the controller and say it's a date.Nick Mathewson2014-04-14
| | |/ / / / | | | | | | | | | | | | | | | | | | Fixes bug 11519, apparently bugfix on 0.2.3.11-alpha.
| * | | | | Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4Nick Mathewson2014-04-14
| |\ \ \ \ \ | | |/ / / / | | | | | / | | |_|_|/ | |/| | | Conflicts: src/or/routerlist.h
| | * | | Merge branch 'bug11464_023_squashed' into maint-0.2.3Nick Mathewson2014-04-14
| | |\ \ \
| | | * | | Tweak changes file and comment dates.Nick Mathewson2014-04-14
| | | | | |
| | | * | | Fill in the list of blacklisted signing keys.Nick Mathewson2014-04-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I used a list of certificate files from arma, and a little script, both at 11464.
| | | * | | Code to blacklist authority signing keysNick Mathewson2014-04-14
| | |/ / / | | | | | | | | | | | | | | | (I need a list of actual signing keys to blacklist.)
| * | | | Merge remote-tracking branch 'public/bug11437_024' into maint-0.2.4Nick Mathewson2014-04-08
| |\ \ \ \ | | |_|_|/ | |/| | |
generated by cgit v1.2.1 (git 2.18.0) at 2024-02-02 10:19:02 +0000