[tor-commits] [tor/release-0.2.3] fold in recent changes entries

arma at torproject.org arma at torproject.org
Fri Oct 19 18:45:29 UTC 2012


commit 161ca100a697a4d4a4a7e89a79c73e00cb168ad7
Author: Roger Dingledine <arma at torproject.org>
Date:   Fri Oct 19 14:43:21 2012 -0400

    fold in recent changes entries
---
 ChangeLog               |   21 +++++++++++++++++++--
 changes/bug7139         |    9 ---------
 changes/cve-2012-2249   |    5 -----
 changes/dirserv-BUGGY-a |    7 -------
 4 files changed, 19 insertions(+), 23 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index b1fe885..99989a9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,12 +1,25 @@
-Changes in version 0.2.3.23-rc - 2012-10-14
-  Tor 0.2.3.23-rc adds a new v3 directory authority, and fixes a variety
+Changes in version 0.2.3.23-rc - 2012-10-20
+  Tor 0.2.3.23-rc adds a new v3 directory authority, fixes a privacy
+  vulnerability introduced by a change in OpenSSL, and fixes a variety
   of smaller bugs in preparation for the release.
 
   o New directory authorities:
     - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory
       authority. Closes ticket 5749.
 
+  o Major bugfixes (security):
+    - Disable TLS session tickets. OpenSSL's implementation was giving
+      our TLS session keys the lifetime of our TLS context objects, when
+      perfect forward secrecy would want us to discard anything that
+      could decrypt a link connection as soon as the link connection
+      was closed. Fixes bug 7139; bugfix on all versions of Tor linked
+      against OpenSSL 1.0.0 or later. Found by Florent Daignière.
+
   o Major bugfixes:
+    - Discard extraneous renegotiation attempts once the V3 link
+      protocol has been initiated. Failure to do so left us open to
+      a remotely triggerable assertion failure. Fixes CVE-2012-2249;
+      bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
     - Fix a possible crash bug when checking for deactivated circuits
       in connection_or_flush_from_first_active_circuit(). Fixes bug 6341;
       bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously.
@@ -22,6 +35,10 @@ Changes in version 0.2.3.23-rc - 2012-10-14
       bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc.
 
   o Minor bugfixes (on 0.2.2.x and earlier):
+    - Don't serve or accept v2 hidden service descriptors over a relay's
+      DirPort. It's never correct to do so, and disabling it might
+      make it more annoying to exploit any bugs that turn up in the
+      descriptor-parsing code. Fixes bug 7149.
     - When relays refuse a "create" cell because their queue of pending
       create cells is too big (typically because their cpu can't keep up
       with the arrival rate), send back reason "resource limit" rather
diff --git a/changes/bug7139 b/changes/bug7139
deleted file mode 100644
index dfb7d32..0000000
--- a/changes/bug7139
+++ /dev/null
@@ -1,9 +0,0 @@
-  o Major bugfixes (security):
-
-    - Disable TLS session tickets.  OpenSSL's implementation were giving
-      our TLS session keys the lifetime of our TLS context objects, when
-      perfect forward secrecy would want us to discard anything that
-      could decrypt a link connection as soon as the link connection was
-      closed.  Fixes bug 7139; bugfix on all versions of Tor linked
-      against OpenSSL 1.0.0 or later. Found by "nextgens".
-
diff --git a/changes/cve-2012-2249 b/changes/cve-2012-2249
deleted file mode 100644
index 625bfa2..0000000
--- a/changes/cve-2012-2249
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Major bugfixes (security):
-    - Discard extraneous renegotiation attempts once the V3 link
-      protocol has been initiated. Failure to do so left us open to
-      a remotely triggerable assertion failure. Fixes CVE-2012-2249;
-      bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
diff --git a/changes/dirserv-BUGGY-a b/changes/dirserv-BUGGY-a
deleted file mode 100644
index 35b492a..0000000
--- a/changes/dirserv-BUGGY-a
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Minor bugfixes:
-
-    - Don't serve or accept v2 hidden service descriptors over a
-      relay's DirPort. It's never correct to do so, and disabling it
-      might make it more annoying to exploit any bugs that turn up in the
-      descriptor-parsing code. Fixes bug 7149.
-



More information about the tor-commits mailing list