touch-ups

2012-10-26 00:39:06 -04:00 · 2012-10-26 00:39:06 -04:00 · 4fc866ce7f
parent d44b7bb525
commit 4fc866ce7f
2 changed files with 7 additions and 7 deletions
--- a/12
+++ b/12
@ -1,13 +1,13 @@
 Changes in version 0.2.4.5-alpha - 2012-10-25
-  Tor 0.2.3.24-rc comes hard at the heels of 0.2.4.4-alpha, to fix two
-  important security vulnerabilities that could lead to remotely
-  triggerable relay crashes, fixes a major bug that was preventing
-  clients from choosing good exit nodes, and refactor some of our code.
+  Tor 0.2.4.5-alpha comes hard at the heels of 0.2.4.4-alpha, to fix
+  two important security vulnerabilities that could lead to remotely
+  triggerable relay crashes, fix a major bug that was preventing clients
+  from choosing suitable exit nodes, and refactor some of our code.

  o Major bugfixes (security, also in 0.2.3.24-rc):
    - Fix a group of remotely triggerable assertion failures related to
      incorrect link protocol negotiation. Found, diagnosed, and fixed
-      by "some guy from France." Fix for CVE-2012-2250; bugfix on
+      by "some guy from France". Fix for CVE-2012-2250; bugfix on
      0.2.3.6-alpha.
    - Fix a denial of service attack by which any directory authority
      could crash all the others, or by which a single v2 directory
@ -32,7 +32,7 @@ Changes in version 0.2.4.5-alpha - 2012-10-25

  o Minor bugfixes:
    - Only disable TLS session ticket support when running as a TLS
-      server. This keeps clients harder to distinguish from regular firefox
+      server. Now clients will blend better with regular Firefox
      connections. Fixes bug 7189; bugfix on Tor 0.2.3.23-rc.

  o Code simplification and refactoring:
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@ -1195,7 +1195,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
   * create an opportunity to fingerprint us (since it's unusual to use them
   * with TLS sessions turned off).
   *
-   * In 0.2.4, clients advertise support for them, though to avoid a TLS
+   * In 0.2.4, clients advertise support for them though, to avoid a TLS
   * distinguishability vector.  This can give us worse PFS, though, if we
   * get a server that doesn't set SSL_OP_NO_TICKET.  With luck, there will
   * be few such servers by the time 0.2.4 is more stable.