write the release blurb for 0.2.4.20, and give it a date

diff --git a/ChangeLog b/ChangeLog
index eb4a0be006232fb1c2e20b2816ec3cb6b7c30285..066bb9da0ceb7f425eb2444449245567d47ebcd3 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,14 @@
-Changes in version 0.2.4.20 - 201?-??-??
+Changes in version 0.2.4.20 - 2013-12-22
+  Tor 0.2.4.20 fixes potentially poor random number generation for users
+  who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their
+  torrc file, 3) have "Sandy Bridge" or "Ivy Bridge" Intel processors,
+  and 4) have no state file in their DataDirectory (as would happen on
+  first start). Users who generated relay or hidden service identity
+  keys in such a situation should discard them and generate new ones.
+
+  This release also fixes a logic error that caused Tor clients to build
+  many more preemptive circuits than they actually need.
+
   o Major bugfixes:
     - Do not allow OpenSSL engines to replace the PRNG, even when
       HardwareAccel is set. The only default builtin PRNG engine uses

diff --git a/ReleaseNotes b/ReleaseNotes
index c23a7de741e96717607e0f4195c9bd6815ee826b..ad9121b7197a0141461601e59edfa7c11f1fd627 100644 (file)
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -3,6 +3,40 @@ This document summarizes new features and bugfixes in each stable release
 of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.
 
+Changes in version 0.2.4.20 - 2013-12-22
+  Tor 0.2.4.20 fixes potentially poor random number generation for users
+  who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their
+  torrc file, 3) have "Sandy Bridge" or "Ivy Bridge" Intel processors,
+  and 4) have no state file in their DataDirectory (as would happen on
+  first start). Users who generated relay or hidden service identity
+  keys in such a situation should discard them and generate new ones.
+
+  This release also fixes a logic error that caused Tor clients to build
+  many more preemptive circuits than they actually need.
+
+  o Major bugfixes:
+    - Do not allow OpenSSL engines to replace the PRNG, even when
+      HardwareAccel is set. The only default builtin PRNG engine uses
+      the Intel RDRAND instruction to replace the entire PRNG, and
+      ignores all attempts to seed it with more entropy. That's
+      cryptographically stupid: the right response to a new alleged
+      entropy source is never to discard all previously used entropy
+      sources. Fixes bug 10402; works around behavior introduced in
+      OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman"
+      and "rl1987".
+    - Avoid launching spurious extra circuits when a stream is pending.
+      This fixes a bug where any circuit that _wasn't_ unusable for new
+      streams would be treated as if it were, causing extra circuits to
+      be launched. Fixes bug 10456; bugfix on 0.2.4.12-alpha.
+
+  o Minor bugfixes:
+    - Avoid a crash bug when starting with a corrupted microdescriptor
+      cache file. Fixes bug 10406; bugfix on 0.2.2.6-alpha.
+    - If we fail to dump a previously cached microdescriptor to disk, avoid
+      freeing duplicate data later on. Fixes bug 10423; bugfix on
+      0.2.4.13-alpha. Spotted by "bobnomnom".
+
+
 Changes in version 0.2.4.19 - 2013-12-11
   The Tor 0.2.4 release series is dedicated to the memory of Aaron Swartz
   (1986-2013). Aaron worked on diverse projects including helping to guide