[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r14692: and forward-port the 0.2.0.26-rc notes (tor/trunk)
Author: arma
Date: 2008-05-23 07:54:46 -0400 (Fri, 23 May 2008)
New Revision: 14692
Modified:
tor/trunk/ChangeLog
Log:
and forward-port the 0.2.0.26-rc notes
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2008-05-23 11:54:03 UTC (rev 14691)
+++ tor/trunk/ChangeLog 2008-05-23 11:54:46 UTC (rev 14692)
@@ -108,6 +108,27 @@
two parallel lists in lockstep.
+Changes in version 0.2.0.26-rc - 2008-05-13
+ Tor 0.2.0.26-rc fixes a major security vulnerability caused by a bug
+ in Debian's OpenSSL packages. All users running any 0.2.0.x version
+ should upgrade, whether they're running Debian or not.
+
+ o Major security fixes:
+ - Use new V3 directory authority keys on the tor26, gabelmoo, and
+ moria1 V3 directory authorities. The old keys were generated with
+ a vulnerable version of Debian's OpenSSL package, and must be
+ considered compromised. Other authorities' keys were not generated
+ with an affected version of OpenSSL.
+
+ o Major bugfixes:
+ - List authority signatures as "unrecognized" based on DirServer
+ lines, not on cert cache. Bugfix on 0.2.0.x.
+
+ o Minor features:
+ - Add a new V3AuthUseLegacyKey option to make it easier for
+ authorities to change their identity keys if they have to.
+
+
Changes in version 0.2.0.25-rc - 2008-04-23
Tor 0.2.0.25-rc makes Tor work again on OS X and certain BSDs.