[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] merge in the safecookie changelog entry too

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] merge in the safecookie changelog entry too
From: arma@xxxxxxxxxxxxxx
Date: Tue, 27 Mar 2012 02:16:00 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 26 Mar 2012 22:16:14 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: code repository commits <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Roger Dingledine <arma@xxxxxxxxxxxxxx>
Sender: tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx

commit de73e3692a6d83774027ac9d29e1ec8608076385
Author: Roger Dingledine <arma@xxxxxxxxxxxxxx>
Date:   Mon Mar 26 22:15:02 2012 -0400

    merge in the safecookie changelog entry too
---
 ChangeLog          |    7 +++++++
 changes/safecookie |    9 ---------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index d6cc6d6..52c7345 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,13 @@ Changes in version 0.2.3.13-alpha - 2012-03-26
     - Change IP address for maatuska (v3 directory authority).
 
   o Security fixes:
+    - Provide controllers with a safer way to implement the cookie
+      authentication mechanism. With the old method, if another locally
+      running program could convince a controller that it was the Tor
+      process, then that program could trick the contoller into telling
+      it the contents of an arbitrary 32-byte file. The new "SAFECOOKIE"
+      authentication method uses a challenge-response approach to prevent
+      this attack. Fixes bug 5185, implements proposal 193.
     - Never use a bridge or a controller-supplied node as an exit, even
       if its exit policy allows it. Found by wanoskarnet. Fixes bug
       5342. Bugfix on 0.1.1.15-rc (for controller-purpose descriptors)
diff --git a/changes/safecookie b/changes/safecookie
deleted file mode 100644
index fd7d7af..0000000
--- a/changes/safecookie
+++ /dev/null
@@ -1,9 +0,0 @@
-  o Security Features:
-    - Provide controllers with a safer way to implement the cookie
-      authentication mechanism. With the old method, if another locally
-      running program could convince a controller that it was the Tor
-      process, then that program could trick the contoller into
-      telling it the contents of an arbitrary 32-byte file. The new
-      "SAFECOOKIE" authentication method uses a challenge-response
-      approach to prevent this. Fixes bug 5185, implements proposal 193. 
-

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/master] merge the change that 2f3ec43e5b4e wanted to merge
Next by Author: [tor-commits] [tor/master] bump to 0.2.3.13-alpha-dev
Previous by thread: [tor-commits] [tor/master] merge the change that 2f3ec43e5b4e wanted to merge
Next by thread: [tor-commits] r25573: {website} 0.2.3.13-alpha tarball is up (website/trunk/include)
Index(es):
- Author
- Thread