fold in new changes entries

2011-05-16 19:35:28 -04:00 · 2011-05-16 19:35:28 -04:00 · f1c43a1e64
parent 189ba4c9a9
commit f1c43a1e64
3 changed files with 16 additions and 18 deletions
--- a/22
+++ b/22
@ -1,5 +1,19 @@
 Changes in version 0.2.1.31 - 2011-05-??
+  Tor 0.2.1.31 fixes a variety of potential privacy problems.
+
  o Security/privacy fixes (also included in 0.2.2.x):
+    - Replace all potentially sensitive memory comparison operations
+      with versions whose runtime does not depend on the data being
+      compared. This will help resist a class of attacks where an
+      adversary can use variations in timing information to learn
+      sensitive data. Fix for one case of bug 3122. (Safe memcmp
+      implementation by Robert Ransom based partially on code by DJB.)
+    - When receiving a hidden service descriptor, check that it is for
+      the hidden service we wanted. Previously, Tor would store any
+      hidden service descriptors that a directory gave it, whether it
+      wanted them or not. This wouldn't have let an attacker impersonate
+      a hidden service, but it did let directories pre-seed a client
+      with descriptors that it didn't want. Bugfix on 0.0.6.
    - Avoid linkability based on cached hidden service descriptors: forget
      all hidden service descriptors cached as a client when processing a
      SIGNAL NEWNYM command. Fixes bug 3000; bugfix on 0.0.6.
@ -10,12 +24,6 @@ Changes in version 0.2.1.31 - 2011-05-??
    - Fix an assert in parsing router descriptors containing IPv6
      addresses. This one took down the directory authorities when
      somebody tried some experimental code. Bugfix on 0.2.1.3-alpha.
-    - Replace all potentially sensitive memory comparison operations
-      with versions whose runtime does not depend on the data being
-      compared. This will help resist a class of attacks where an
-      adversary can use variations in timing information to learn
-      sensitive data. Fix for one case of bug 3122. (Safe memcmp
-      implementation by Robert Ransom based partially on code by DJB.)

  o Minor bugfixes (also included in 0.2.2.x):
    - When we restart our relay, we might get a successful connection
@ -39,6 +47,8 @@ Changes in version 0.2.1.31 - 2011-05-??
      heavy load. Fixes bug 2933; bugfix on 0.2.0.1-alpha.
    - When warning about missing zlib development packages during compile,
      give the correct package names. Bugfix on 0.2.0.1-alpha.
+    - Require that introduction point keys and onion keys have public
+      exponent 65537. Bugfix on 0.2.0.10-alpha.
    - Do not crash when our configuration file becomes unreadable, for
      example due to a permissions change, between when we start up
      and when a controller calls SAVECONF. Fixes bug 3135; bugfix
--- a/changes/check-fetched-rend-desc-service-id
+++ b/changes/check-fetched-rend-desc-service-id
@ -1,7 +0,0 @@
-  o Security fixes:
-    - When fetching a hidden service descriptor, check that it is for
-      the hidden service we were trying to connect to, in order to
-      stop a directory from pre-seeding a client with a descriptor for
-      a hidden service that they didn't want.  Bugfix on 0.0.6.
-
-
--- a/changes/check-public-key-exponents
+++ b/changes/check-public-key-exponents
@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - Require that introduction point keys and onion keys have public
-      exponent 65537.  Bugfix on 0.2.0.10-alpha.
-
-