[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/release-0.2.3] fold in recent changes entries
commit 161ca100a697a4d4a4a7e89a79c73e00cb168ad7
Author: Roger Dingledine <arma@xxxxxxxxxxxxxx>
Date: Fri Oct 19 14:43:21 2012 -0400
fold in recent changes entries
---
ChangeLog | 21 +++++++++++++++++++--
changes/bug7139 | 9 ---------
changes/cve-2012-2249 | 5 -----
changes/dirserv-BUGGY-a | 7 -------
4 files changed, 19 insertions(+), 23 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index b1fe885..99989a9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,12 +1,25 @@
-Changes in version 0.2.3.23-rc - 2012-10-14
- Tor 0.2.3.23-rc adds a new v3 directory authority, and fixes a variety
+Changes in version 0.2.3.23-rc - 2012-10-20
+ Tor 0.2.3.23-rc adds a new v3 directory authority, fixes a privacy
+ vulnerability introduced by a change in OpenSSL, and fixes a variety
of smaller bugs in preparation for the release.
o New directory authorities:
- Add Faravahar (run by Sina Rabbani) as the ninth v3 directory
authority. Closes ticket 5749.
+ o Major bugfixes (security):
+ - Disable TLS session tickets. OpenSSL's implementation was giving
+ our TLS session keys the lifetime of our TLS context objects, when
+ perfect forward secrecy would want us to discard anything that
+ could decrypt a link connection as soon as the link connection
+ was closed. Fixes bug 7139; bugfix on all versions of Tor linked
+ against OpenSSL 1.0.0 or later. Found by Florent Daignière.
+
o Major bugfixes:
+ - Discard extraneous renegotiation attempts once the V3 link
+ protocol has been initiated. Failure to do so left us open to
+ a remotely triggerable assertion failure. Fixes CVE-2012-2249;
+ bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
- Fix a possible crash bug when checking for deactivated circuits
in connection_or_flush_from_first_active_circuit(). Fixes bug 6341;
bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously.
@@ -22,6 +35,10 @@ Changes in version 0.2.3.23-rc - 2012-10-14
bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc.
o Minor bugfixes (on 0.2.2.x and earlier):
+ - Don't serve or accept v2 hidden service descriptors over a relay's
+ DirPort. It's never correct to do so, and disabling it might
+ make it more annoying to exploit any bugs that turn up in the
+ descriptor-parsing code. Fixes bug 7149.
- When relays refuse a "create" cell because their queue of pending
create cells is too big (typically because their cpu can't keep up
with the arrival rate), send back reason "resource limit" rather
diff --git a/changes/bug7139 b/changes/bug7139
deleted file mode 100644
index dfb7d32..0000000
--- a/changes/bug7139
+++ /dev/null
@@ -1,9 +0,0 @@
- o Major bugfixes (security):
-
- - Disable TLS session tickets. OpenSSL's implementation were giving
- our TLS session keys the lifetime of our TLS context objects, when
- perfect forward secrecy would want us to discard anything that
- could decrypt a link connection as soon as the link connection was
- closed. Fixes bug 7139; bugfix on all versions of Tor linked
- against OpenSSL 1.0.0 or later. Found by "nextgens".
-
diff --git a/changes/cve-2012-2249 b/changes/cve-2012-2249
deleted file mode 100644
index 625bfa2..0000000
--- a/changes/cve-2012-2249
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes (security):
- - Discard extraneous renegotiation attempts once the V3 link
- protocol has been initiated. Failure to do so left us open to
- a remotely triggerable assertion failure. Fixes CVE-2012-2249;
- bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
diff --git a/changes/dirserv-BUGGY-a b/changes/dirserv-BUGGY-a
deleted file mode 100644
index 35b492a..0000000
--- a/changes/dirserv-BUGGY-a
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes:
-
- - Don't serve or accept v2 hidden service descriptors over a
- relay's DirPort. It's never correct to do so, and disabling it
- might make it more annoying to exploit any bugs that turn up in the
- descriptor-parsing code. Fixes bug 7149.
-
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits