fold in new changes entries
This commit is contained in:
parent
189ba4c9a9
commit
f1c43a1e64
22
ChangeLog
22
ChangeLog
|
@ -1,5 +1,19 @@
|
|||
Changes in version 0.2.1.31 - 2011-05-??
|
||||
Tor 0.2.1.31 fixes a variety of potential privacy problems.
|
||||
|
||||
o Security/privacy fixes (also included in 0.2.2.x):
|
||||
- Replace all potentially sensitive memory comparison operations
|
||||
with versions whose runtime does not depend on the data being
|
||||
compared. This will help resist a class of attacks where an
|
||||
adversary can use variations in timing information to learn
|
||||
sensitive data. Fix for one case of bug 3122. (Safe memcmp
|
||||
implementation by Robert Ransom based partially on code by DJB.)
|
||||
- When receiving a hidden service descriptor, check that it is for
|
||||
the hidden service we wanted. Previously, Tor would store any
|
||||
hidden service descriptors that a directory gave it, whether it
|
||||
wanted them or not. This wouldn't have let an attacker impersonate
|
||||
a hidden service, but it did let directories pre-seed a client
|
||||
with descriptors that it didn't want. Bugfix on 0.0.6.
|
||||
- Avoid linkability based on cached hidden service descriptors: forget
|
||||
all hidden service descriptors cached as a client when processing a
|
||||
SIGNAL NEWNYM command. Fixes bug 3000; bugfix on 0.0.6.
|
||||
|
@ -10,12 +24,6 @@ Changes in version 0.2.1.31 - 2011-05-??
|
|||
- Fix an assert in parsing router descriptors containing IPv6
|
||||
addresses. This one took down the directory authorities when
|
||||
somebody tried some experimental code. Bugfix on 0.2.1.3-alpha.
|
||||
- Replace all potentially sensitive memory comparison operations
|
||||
with versions whose runtime does not depend on the data being
|
||||
compared. This will help resist a class of attacks where an
|
||||
adversary can use variations in timing information to learn
|
||||
sensitive data. Fix for one case of bug 3122. (Safe memcmp
|
||||
implementation by Robert Ransom based partially on code by DJB.)
|
||||
|
||||
o Minor bugfixes (also included in 0.2.2.x):
|
||||
- When we restart our relay, we might get a successful connection
|
||||
|
@ -39,6 +47,8 @@ Changes in version 0.2.1.31 - 2011-05-??
|
|||
heavy load. Fixes bug 2933; bugfix on 0.2.0.1-alpha.
|
||||
- When warning about missing zlib development packages during compile,
|
||||
give the correct package names. Bugfix on 0.2.0.1-alpha.
|
||||
- Require that introduction point keys and onion keys have public
|
||||
exponent 65537. Bugfix on 0.2.0.10-alpha.
|
||||
- Do not crash when our configuration file becomes unreadable, for
|
||||
example due to a permissions change, between when we start up
|
||||
and when a controller calls SAVECONF. Fixes bug 3135; bugfix
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
o Security fixes:
|
||||
- When fetching a hidden service descriptor, check that it is for
|
||||
the hidden service we were trying to connect to, in order to
|
||||
stop a directory from pre-seeding a client with a descriptor for
|
||||
a hidden service that they didn't want. Bugfix on 0.0.6.
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor bugfixes:
|
||||
- Require that introduction point keys and onion keys have public
|
||||
exponent 65537. Bugfix on 0.2.0.10-alpha.
|
||||
|
||||
|
Loading…
Reference in New Issue