From 974170a97444528b0164d277c9567ed711925882 Mon Sep 17 00:00:00 2001 From: David Goulet Date: Tue, 16 Sep 2025 11:04:31 -0400 Subject: [PATCH] release: ChangeLog and ReleaseNotes for 0.4.9.2-alpha Signed-off-by: David Goulet --- ChangeLog | 139 +++++++++++++++++++++++++++++++ ReleaseNotes | 142 ++++++++++++++++++++++++++++++++ changes/41031 | 8 -- changes/bug40911 | 5 -- changes/bug40951 | 4 - changes/bug41043 | 3 - changes/bug41056 | 4 - changes/bug41076 | 3 - changes/bug41088 | 4 - changes/bug41106 | 5 -- changes/bug41109 | 3 - changes/cgo | 8 -- changes/fallbackdirs-2025-06-30 | 2 - changes/fallbackdirs-2025-09-16 | 2 - changes/gcc-15 | 3 - changes/geoip-2025-06-30 | 3 - changes/geoip-2025-09-16 | 3 - changes/hsdir-interval | 2 - changes/logging_fix | 3 - changes/ticket29128 | 2 - changes/ticket41006 | 8 -- changes/ticket41037 | 4 - changes/ticket41041 | 10 --- changes/ticket41051 | 5 -- changes/ticket41059 | 8 -- changes/ticket41067 | 8 -- changes/ticket41104 | 4 - changes/tls13-cipher | 2 - changes/torspec_272 | 4 - 29 files changed, 281 insertions(+), 120 deletions(-) delete mode 100644 changes/41031 delete mode 100644 changes/bug40911 delete mode 100644 changes/bug40951 delete mode 100644 changes/bug41043 delete mode 100644 changes/bug41056 delete mode 100644 changes/bug41076 delete mode 100644 changes/bug41088 delete mode 100644 changes/bug41106 delete mode 100644 changes/bug41109 delete mode 100644 changes/cgo delete mode 100644 changes/fallbackdirs-2025-06-30 delete mode 100644 changes/fallbackdirs-2025-09-16 delete mode 100644 changes/gcc-15 delete mode 100644 changes/geoip-2025-06-30 delete mode 100644 changes/geoip-2025-09-16 delete mode 100644 changes/hsdir-interval delete mode 100644 changes/logging_fix delete mode 100644 changes/ticket29128 delete mode 100644 changes/ticket41006 delete mode 100644 changes/ticket41037 delete mode 100644 changes/ticket41041 delete mode 100644 changes/ticket41051 delete mode 100644 changes/ticket41059 delete mode 100644 changes/ticket41067 delete mode 100644 changes/ticket41104 delete mode 100644 changes/tls13-cipher delete mode 100644 changes/torspec_272 diff --git a/ChangeLog b/ChangeLog index 2854ac0b38..ee9dc3591f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,142 @@ +Changes in version 0.4.9.2-alpha - 2025-09-16 + This is the second alpha release and likely the last before going stable. + This release contains the new CGO circuit encryption. See proposal 359 for + more details. Several TLS minor fixes which will strengthen the link + security. + + o New system requirements: + - When built with LibreSSL, Tor now requires LibreSSL 3.7 or later. + Part of ticket 41059. + - When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later. + (We strongly recommend 3.0 or later, but still build with 1.1.1, + even though it is not supported by the OpenSSL team, due to its + presence in Debian oldstable.) Part of ticket 41059. + + o Major features (cell format): + - Tor now has (unused) internal support to encode and decode relay + messages in the new format required by our newer CGO encryption + algorithm. Closes ticket 41051. Part of proposal 359. + + o Major features (cryptography): + - Clients and relays can now negotiate Counter Galois Onion (CGO) + relay cryptography, as designed by Jean Paul Degabriele, + Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO + provides improved resistance to several kinds of tagging attacks, + better forward secrecy, and better forgery resistance. Closes + ticket 41047. Implements proposal 359. + + o Major bugfixes (onion service directory cache): + - Preserve the download counter of an onion service descriptor + across descriptor uploads, so that recently updated descriptors + don't get pruned if there is memory pressure soon after update. + Additionally, create a separate torrc option MaxHSDirCacheBytes + that defaults to the former 20% of MaxMemInQueues threshold, but + can be controlled by relay operators under DoS. Also enforce this + theshold during HSDir uploads. Fixes bug 41006; bugfix + on 0.4.8.14. + + o Minor features (security): + - Increase the size of our finite-field Diffie Hellman TLS group + (which we should never actually use!) to 2048 bits. Part of + ticket 41067. + - Require TLS version 1.2 or later. (Version 1.3 support will be + required in the near future.) Part of ticket 41067. + - Update TLS 1.2 client cipher list to match current Firefox. Part + of ticket 41067. + + o Minor features (security, TLS): + - When we are running with OpenSSL 3.5.0 or later, support using the + ML-KEM768 for post-quantum key agreement. Closes ticket 41041. + + o Minor feature (client, TLS): + - Set the TLS 1.3 cipher list instead of falling back on the + default value. + + o Minor feature (padding, logging): + - Reduce the amount of messages being logged related to channel + padding timeout when log level is "notice". + + o Minor features (bridges): + - Save complete bridge lines to 'datadir/bridgelines'. Closes + ticket 29128. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on September 16, 2025. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2025/09/16. + + o Minor features (hidden services): + - Reduce the minimum value of hsdir_interval to match recent tor- + spec change. + + o Minor features (hsdesc POW): + - Tolerate multiple PoW schemes in onion service descriptors, for + future extensibility. Implements torspec ticket 272. + + o Minor features (performance TLS): + - When running with with OpenSSL 3.0.0 or later, support using + X25519 for TLS key agreement. (This should slightly improve + performance for TLS session establishment.) + + o Minor features (portability): + - Fix warnings when compiling with GCC 15. Closes ticket 41079. + + o Minor bugfix (conflux): + - Remove the pending nonce if we realize that the nonce of the + unlinked circuit is not tracked anymore. Should avoid the non + fatal assert triggered with a control port circuit event. Fixes + bug 41037; bugfix on 0.4.8.15. + + o Minor bugfixes (bridges, pluggable transport): + - Fix a bug causing the initial tor process to hang intead of + exiting with RunAsDaemon, when pluggable transports are used. + Fixes bug 41088; bugfix on 0.4.9.1-alpha. + + o Minor bugfixes (circuit handling): + - Prevent circuit_mark_for_close() from being called twice on the + same circuit. Fixes bug 40951; bugfix on 0.4.8.16-dev. + - Prevent circuit_mark_for_close() from being called twice on the + same circuit. Second fix attempt Fixes bug 41106; bugfix + on 0.4.8.17 + + o Minor bugfixes (compilation): + - Fix linking on systems without a working stdatomic.h. Fixes bug + 41076; bugfix on 0.4.9.1-alpha. + + o Minor bugfixes (compiler warnings): + - Make sure the two bitfields in the half-closed edge struct are + unsigned, as we're using them for boolean values and assign 1 to + them. Fixes bug 40911; bugfix on 0.4.7.2-alpha. + + o Minor bugfixes (logging, metrics port): + - Count BUG statements for the MetricsPort only if they are warnings + or errors. Fixes bug 41104; bugfix on 0.4.7.1-alpha. Patch + contributed by shadowcoder. + + o Minor bugfixes (protocol): + - Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH + messages. Previously, it was always set to the maximum value. + Fixes bug 41056; bugfix on 0.4.8.1-alpha. + + o Minor bugfixes (relay): + - Fix a crash when FamilyKeyDir is a path that cannot be read. Fixes + bug 41043; bugfix on 0.4.9.2-alpha. + + o Minor bugfixes (threads): + - Make thread control POSIX compliant. Fixes bug 41109; bugfix + on 0.4.8.17-dev. + + o Removed features: + - Relays no longer support clients that falsely advertise TLS + ciphers they don't really support. (Clients have not done this + since 0.2.3.17-beta). Part of ticket 41031. + - Relays no longer support clients that require obsolete v1 and v2 + link handshakes. (The v3 link handshake has been supported since + 0.2.3.6-alpha). Part of ticket 41031. + + Changes in version 0.4.8.17 - 2025-06-30 This is a minor providing a series of minor features especially in the realm of TLS. It also brings a new set of recommended and required sub protocols. diff --git a/ReleaseNotes b/ReleaseNotes index 7bbab5d657..fdd88b00ff 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,148 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.4.9.2-alpha - 2025-09-16 + This is the second alpha release and likely the last before going stable. + This release contains the new CGO circuit encryption. See proposal 359 for + more details. Several TLS minor fixes which will strengthen the link + security. + + o New system requirements: + - When built with LibreSSL, Tor now requires LibreSSL 3.7 or later. + Part of ticket 41059. + - When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later. + (We strongly recommend 3.0 or later, but still build with 1.1.1, + even though it is not supported by the OpenSSL team, due to its + presence in Debian oldstable.) Part of ticket 41059. + + o Major features (cell format): + - Tor now has (unused) internal support to encode and decode relay + messages in the new format required by our newer CGO encryption + algorithm. Closes ticket 41051. Part of proposal 359. + + o Major features (cryptography): + - Clients and relays can now negotiate Counter Galois Onion (CGO) + relay cryptography, as designed by Jean Paul Degabriele, + Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO + provides improved resistance to several kinds of tagging attacks, + better forward secrecy, and better forgery resistance. Closes + ticket 41047. Implements proposal 359. + + o Major bugfixes (onion service directory cache): + - Preserve the download counter of an onion service descriptor + across descriptor uploads, so that recently updated descriptors + don't get pruned if there is memory pressure soon after update. + Additionally, create a separate torrc option MaxHSDirCacheBytes + that defaults to the former 20% of MaxMemInQueues threshold, but + can be controlled by relay operators under DoS. Also enforce this + theshold during HSDir uploads. Fixes bug 41006; bugfix + on 0.4.8.14. + + o Minor features (security): + - Increase the size of our finite-field Diffie Hellman TLS group + (which we should never actually use!) to 2048 bits. Part of + ticket 41067. + - Require TLS version 1.2 or later. (Version 1.3 support will be + required in the near future.) Part of ticket 41067. + - Update TLS 1.2 client cipher list to match current Firefox. Part + of ticket 41067. + + o Minor features (security, TLS): + - When we are running with OpenSSL 3.5.0 or later, support using the + ML-KEM768 for post-quantum key agreement. Closes ticket 41041. + + o Minor feature (client, TLS): + - Set the TLS 1.3 cipher list instead of falling back on the + default value. + + o Minor feature (padding, logging): + - Reduce the amount of messages being logged related to channel + padding timeout when log level is "notice". + + o Minor features (bridges): + - Save complete bridge lines to 'datadir/bridgelines'. Closes + ticket 29128. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on June 30, 2025. + - Regenerate fallback directories generated on September 16, 2025. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2025/06/30. + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2025/09/16. + + o Minor features (hidden services): + - Reduce the minimum value of hsdir_interval to match recent tor- + spec change. + + o Minor features (hsdesc POW): + - Tolerate multiple PoW schemes in onion service descriptors, for + future extensibility. Implements torspec ticket 272. + + o Minor features (performance TLS): + - When running with with OpenSSL 3.0.0 or later, support using + X25519 for TLS key agreement. (This should slightly improve + performance for TLS session establishment.) + + o Minor features (portability): + - Fix warnings when compiling with GCC 15. Closes ticket 41079. + + o Minor bugfix (conflux): + - Remove the pending nonce if we realize that the nonce of the + unlinked circuit is not tracked anymore. Should avoid the non + fatal assert triggered with a control port circuit event. Fixes + bug 41037; bugfix on 0.4.8.15. + + o Minor bugfixes (bridges, pluggable transport): + - Fix a bug causing the initial tor process to hang intead of + exiting with RunAsDaemon, when pluggable transports are used. + Fixes bug 41088; bugfix on 0.4.9.1-alpha. + + o Minor bugfixes (circuit handling): + - Prevent circuit_mark_for_close() from being called twice on the + same circuit. Fixes bug 40951; bugfix on 0.4.8.16-dev. + - Prevent circuit_mark_for_close() from being called twice on the + same circuit. Second fix attempt Fixes bug 41106; bugfix + on 0.4.8.17 + + o Minor bugfixes (compilation): + - Fix linking on systems without a working stdatomic.h. Fixes bug + 41076; bugfix on 0.4.9.1-alpha. + + o Minor bugfixes (compiler warnings): + - Make sure the two bitfields in the half-closed edge struct are + unsigned, as we're using them for boolean values and assign 1 to + them. Fixes bug 40911; bugfix on 0.4.7.2-alpha. + + o Minor bugfixes (logging, metrics port): + - Count BUG statements for the MetricsPort only if they are warnings + or errors. Fixes bug 41104; bugfix on 0.4.7.1-alpha. Patch + contributed by shadowcoder. + + o Minor bugfixes (protocol): + - Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH + messages. Previously, it was always set to the maximum value. + Fixes bug 41056; bugfix on 0.4.8.1-alpha. + + o Minor bugfixes (relay): + - Fix a crash when FamilyKeyDir is a path that cannot be read. Fixes + bug 41043; bugfix on 0.4.9.2-alpha. + + o Minor bugfixes (threads): + - Make thread control POSIX compliant. Fixes bug 41109; bugfix + on 0.4.8.17-dev. + + o Removed features: + - Relays no longer support clients that falsely advertise TLS + ciphers they don't really support. (Clients have not done this + since 0.2.3.17-beta). Part of ticket 41031. + - Relays no longer support clients that require obsolete v1 and v2 + link handshakes. (The v3 link handshake has been supported since + 0.2.3.6-alpha). Part of ticket 41031. + + Changes in version 0.4.8.17 - 2025-06-30 This is a minor providing a series of minor features especially in the realm of TLS. It also brings a new set of recommended and required sub protocols. diff --git a/changes/41031 b/changes/41031 deleted file mode 100644 index 2960710985..0000000000 --- a/changes/41031 +++ /dev/null @@ -1,8 +0,0 @@ - o Removed features: - - Relays no longer support clients that require obsolete v1 and v2 - link handshakes. (The v3 link handshake has been supported since - 0.2.3.6-alpha). Part of ticket 41031. - - Relays no longer support clients that falsely advertise TLS - ciphers they don't really support. - (Clients have not done this since 0.2.3.17-beta). - Part of ticket 41031. diff --git a/changes/bug40911 b/changes/bug40911 deleted file mode 100644 index c938b56225..0000000000 --- a/changes/bug40911 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compiler warnings): - - Make sure the two bitfields in the half-closed edge struct are - unsigned, as we're using them for boolean values and assign 1 to - them. Fixes bug 40911; bugfix on 0.4.7.2-alpha. - diff --git a/changes/bug40951 b/changes/bug40951 deleted file mode 100644 index 8ef87f342d..0000000000 --- a/changes/bug40951 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (circuit handling): - - Prevent circuit_mark_for_close() from - being called twice on the same circuit. - Fixes bug 40951; bugfix on 0.4.8.16-dev. \ No newline at end of file diff --git a/changes/bug41043 b/changes/bug41043 deleted file mode 100644 index f0c28927da..0000000000 --- a/changes/bug41043 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (relay): - - Fix a crash when FamilyKeyDir is a path that cannot be read. - Fixes bug 41043; bugfix on 0.4.9.2-alpha. diff --git a/changes/bug41056 b/changes/bug41056 deleted file mode 100644 index 2a7dfc48c0..0000000000 --- a/changes/bug41056 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (protocol): - - Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH - messages. Previously, it was always set to the maximum value. - Fixes bug 41056; bugfix on 0.4.8.1-alpha. diff --git a/changes/bug41076 b/changes/bug41076 deleted file mode 100644 index 06ce264d6f..0000000000 --- a/changes/bug41076 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix linking on systems without a working stdatomic.h. - Fixes bug 41076; bugfix on 0.4.9.1-alpha. diff --git a/changes/bug41088 b/changes/bug41088 deleted file mode 100644 index 7f9c178f97..0000000000 --- a/changes/bug41088 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (bridges, pluggable transport): - - Fix a bug causing the initial tor process to hang intead of exiting with - RunAsDaemon, when pluggable transports are used. - Fixes bug 41088; bugfix on 0.4.9.1-alpha. diff --git a/changes/bug41106 b/changes/bug41106 deleted file mode 100644 index ec789d4d14..0000000000 --- a/changes/bug41106 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (circuit handling): - - Prevent circuit_mark_for_close() from - being called twice on the same circuit. - Second fix attempt - Fixes bug 41106; bugfix on 0.4.8.17 diff --git a/changes/bug41109 b/changes/bug41109 deleted file mode 100644 index 65d962787b..0000000000 --- a/changes/bug41109 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (threads): - - Make thread control POSIX compliant. - Fixes bug 41109; bugfix on 0.4.8.17-dev. diff --git a/changes/cgo b/changes/cgo deleted file mode 100644 index aa7de20f5a..0000000000 --- a/changes/cgo +++ /dev/null @@ -1,8 +0,0 @@ - o Major features (cryptography): - - Clients and relays can now negotiate Counter Galois Onion (CGO) - relay cryptography, as designed by Jean Paul Degabriele, Alessandro - Melloni, Jean-Pierre Münch, and Martijn Stam. - CGO provides improved resistance to several kinds - of tagging attacks, better forward secrecy, and better - forgery resistance. Closes ticket 41047. - Implements proposal 359. diff --git a/changes/fallbackdirs-2025-06-30 b/changes/fallbackdirs-2025-06-30 deleted file mode 100644 index 376645f36d..0000000000 --- a/changes/fallbackdirs-2025-06-30 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on June 30, 2025. diff --git a/changes/fallbackdirs-2025-09-16 b/changes/fallbackdirs-2025-09-16 deleted file mode 100644 index aaadc6a624..0000000000 --- a/changes/fallbackdirs-2025-09-16 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on September 16, 2025. diff --git a/changes/gcc-15 b/changes/gcc-15 deleted file mode 100644 index 63c6aea22d..0000000000 --- a/changes/gcc-15 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (portability): - - Fix warnings when compiling with GCC 15. - Closes ticket 41079. diff --git a/changes/geoip-2025-06-30 b/changes/geoip-2025-06-30 deleted file mode 100644 index db60c1a033..0000000000 --- a/changes/geoip-2025-06-30 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2025/06/30. diff --git a/changes/geoip-2025-09-16 b/changes/geoip-2025-09-16 deleted file mode 100644 index 5e1995a212..0000000000 --- a/changes/geoip-2025-09-16 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2025/09/16. diff --git a/changes/hsdir-interval b/changes/hsdir-interval deleted file mode 100644 index 5a4507eb70..0000000000 --- a/changes/hsdir-interval +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (hidden services): - - Reduce the minimum value of hsdir_interval to match recent tor-spec change. diff --git a/changes/logging_fix b/changes/logging_fix deleted file mode 100644 index f2cac504e1..0000000000 --- a/changes/logging_fix +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (padding, logging): - - Reduce the amount of messages being logged related to channel padding - timeout when log level is "notice". diff --git a/changes/ticket29128 b/changes/ticket29128 deleted file mode 100644 index 7831038e6e..0000000000 --- a/changes/ticket29128 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (bridges): - - Save complete bridge lines to 'datadir/bridgelines'. Closes ticket 29128. diff --git a/changes/ticket41006 b/changes/ticket41006 deleted file mode 100644 index 1614ccbd53..0000000000 --- a/changes/ticket41006 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (onion service directory cache): - - Preserve the download counter of an onion service descriptor across - descriptor uploads, so that recently updated descriptors don't get - pruned if there is memory pressure soon after update. Additionally, - create a separate torrc option MaxHSDirCacheBytes that defaults to the - former 20% of MaxMemInQueues threshold, but can be controlled by - relay operators under DoS. Also enforce this theshold during HSDir - uploads. Fixes bug 41006; bugfix on 0.4.8.14. diff --git a/changes/ticket41037 b/changes/ticket41037 deleted file mode 100644 index 37a1ed969a..0000000000 --- a/changes/ticket41037 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (conflux): - - Remove the pending nonce if we realize that the nonce of the unlinked - circuit is not tracked anymore. Should avoid the non fatal assert - triggered with a control port circuit event. Fixes bug 41037; bugfix on 0.4.8.15. diff --git a/changes/ticket41041 b/changes/ticket41041 deleted file mode 100644 index 5fa8323ca5..0000000000 --- a/changes/ticket41041 +++ /dev/null @@ -1,10 +0,0 @@ - o Minor features (security, TLS): - - When we are running with OpenSSL 3.5.0 or later, - support using the ML-KEM768 for post-quantum key agreement. - Closes ticket 41041. - - o Minor features (performance TLS): - - When running with with OpenSSL 3.0.0 or later, - support using X25519 for TLS key agreement. - (This should slightly improve performance - for TLS session establishment.) diff --git a/changes/ticket41051 b/changes/ticket41051 deleted file mode 100644 index f15cdbe3d8..0000000000 --- a/changes/ticket41051 +++ /dev/null @@ -1,5 +0,0 @@ - o Major features (cell format): - - Tor now has (unused) internal support to encode and decode - relay messages in the new format required by our newer - CGO encryption algorithm. - Closes ticket 41051. Part of proposal 359. diff --git a/changes/ticket41059 b/changes/ticket41059 deleted file mode 100644 index 6029b075ff..0000000000 --- a/changes/ticket41059 +++ /dev/null @@ -1,8 +0,0 @@ - o New system requirements: - - When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later. - (We strongly recommend 3.0 or later, but still build with 1.1.1, - even though it is not supported by the OpenSSL team, - due to its presence in Debian oldstable.) - Part of ticket 41059. - - When built with LibreSSL, Tor now requires LibreSSL 3.7 or later. - Part of ticket 41059. diff --git a/changes/ticket41067 b/changes/ticket41067 deleted file mode 100644 index c018d728b5..0000000000 --- a/changes/ticket41067 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor features (security): - - Require TLS version 1.2 or later. (Version 1.3 support will - be required in the near future.) Part of ticket 41067. - - Update TLS 1.2 client cipher list to match current Firefox. - Part of ticket 41067. - - Increase the size of our finite-field Diffie Hellman TLS group - (which we should never actually use!) to 2048 bits. - Part of ticket 41067. diff --git a/changes/ticket41104 b/changes/ticket41104 deleted file mode 100644 index 579f6cf73e..0000000000 --- a/changes/ticket41104 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (logging, metrics port): - - Count BUG statements for the MetricsPort only if they are warnings or - errors. Fixes bug 41104; bugfix on 0.4.7.1-alpha. Patch contributed - by shadowcoder. diff --git a/changes/tls13-cipher b/changes/tls13-cipher deleted file mode 100644 index 86eb934ee8..0000000000 --- a/changes/tls13-cipher +++ /dev/null @@ -1,2 +0,0 @@ - o Minor feature (client, TLS): - - Set the TLS 1.3 cipher list instead of falling back on the default value. diff --git a/changes/torspec_272 b/changes/torspec_272 deleted file mode 100644 index 78a23ff983..0000000000 --- a/changes/torspec_272 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (hsdesc POW): - - Tolerate multiple PoW schemes in onion service descriptors, - for future extensibility. - Implements torspec ticket 272. -- 2.47.3