[tor-commits] [tor/release-0.2.1] fold in new changes entries
arma at torproject.org
arma at torproject.org
Mon May 16 23:35:41 UTC 2011
commit f1c43a1e6491d82ebc7aead7fe109e351ff55d4d
Author: Roger Dingledine <arma at torproject.org>
Date: Mon May 16 19:35:28 2011 -0400
fold in new changes entries
---
ChangeLog | 22 ++++++++++++++++------
changes/check-fetched-rend-desc-service-id | 7 -------
changes/check-public-key-exponents | 5 -----
3 files changed, 16 insertions(+), 18 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index e799ded..8a74bcf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,19 @@
Changes in version 0.2.1.31 - 2011-05-??
+ Tor 0.2.1.31 fixes a variety of potential privacy problems.
+
o Security/privacy fixes (also included in 0.2.2.x):
+ - Replace all potentially sensitive memory comparison operations
+ with versions whose runtime does not depend on the data being
+ compared. This will help resist a class of attacks where an
+ adversary can use variations in timing information to learn
+ sensitive data. Fix for one case of bug 3122. (Safe memcmp
+ implementation by Robert Ransom based partially on code by DJB.)
+ - When receiving a hidden service descriptor, check that it is for
+ the hidden service we wanted. Previously, Tor would store any
+ hidden service descriptors that a directory gave it, whether it
+ wanted them or not. This wouldn't have let an attacker impersonate
+ a hidden service, but it did let directories pre-seed a client
+ with descriptors that it didn't want. Bugfix on 0.0.6.
- Avoid linkability based on cached hidden service descriptors: forget
all hidden service descriptors cached as a client when processing a
SIGNAL NEWNYM command. Fixes bug 3000; bugfix on 0.0.6.
@@ -10,12 +24,6 @@ Changes in version 0.2.1.31 - 2011-05-??
- Fix an assert in parsing router descriptors containing IPv6
addresses. This one took down the directory authorities when
somebody tried some experimental code. Bugfix on 0.2.1.3-alpha.
- - Replace all potentially sensitive memory comparison operations
- with versions whose runtime does not depend on the data being
- compared. This will help resist a class of attacks where an
- adversary can use variations in timing information to learn
- sensitive data. Fix for one case of bug 3122. (Safe memcmp
- implementation by Robert Ransom based partially on code by DJB.)
o Minor bugfixes (also included in 0.2.2.x):
- When we restart our relay, we might get a successful connection
@@ -39,6 +47,8 @@ Changes in version 0.2.1.31 - 2011-05-??
heavy load. Fixes bug 2933; bugfix on 0.2.0.1-alpha.
- When warning about missing zlib development packages during compile,
give the correct package names. Bugfix on 0.2.0.1-alpha.
+ - Require that introduction point keys and onion keys have public
+ exponent 65537. Bugfix on 0.2.0.10-alpha.
- Do not crash when our configuration file becomes unreadable, for
example due to a permissions change, between when we start up
and when a controller calls SAVECONF. Fixes bug 3135; bugfix
diff --git a/changes/check-fetched-rend-desc-service-id b/changes/check-fetched-rend-desc-service-id
deleted file mode 100644
index 2f37c30..0000000
--- a/changes/check-fetched-rend-desc-service-id
+++ /dev/null
@@ -1,7 +0,0 @@
- o Security fixes:
- - When fetching a hidden service descriptor, check that it is for
- the hidden service we were trying to connect to, in order to
- stop a directory from pre-seeding a client with a descriptor for
- a hidden service that they didn't want. Bugfix on 0.0.6.
-
-
diff --git a/changes/check-public-key-exponents b/changes/check-public-key-exponents
deleted file mode 100644
index a8d0067..0000000
--- a/changes/check-public-key-exponents
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes:
- - Require that introduction point keys and onion keys have public
- exponent 65537. Bugfix on 0.2.0.10-alpha.
-
-
More information about the tor-commits
mailing list