mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 13:53:31 +01:00
touch-ups
This commit is contained in:
parent
d44b7bb525
commit
4fc866ce7f
12
ChangeLog
12
ChangeLog
@ -1,13 +1,13 @@
|
||||
Changes in version 0.2.4.5-alpha - 2012-10-25
|
||||
Tor 0.2.3.24-rc comes hard at the heels of 0.2.4.4-alpha, to fix two
|
||||
important security vulnerabilities that could lead to remotely
|
||||
triggerable relay crashes, fixes a major bug that was preventing
|
||||
clients from choosing good exit nodes, and refactor some of our code.
|
||||
Tor 0.2.4.5-alpha comes hard at the heels of 0.2.4.4-alpha, to fix
|
||||
two important security vulnerabilities that could lead to remotely
|
||||
triggerable relay crashes, fix a major bug that was preventing clients
|
||||
from choosing suitable exit nodes, and refactor some of our code.
|
||||
|
||||
o Major bugfixes (security, also in 0.2.3.24-rc):
|
||||
- Fix a group of remotely triggerable assertion failures related to
|
||||
incorrect link protocol negotiation. Found, diagnosed, and fixed
|
||||
by "some guy from France." Fix for CVE-2012-2250; bugfix on
|
||||
by "some guy from France". Fix for CVE-2012-2250; bugfix on
|
||||
0.2.3.6-alpha.
|
||||
- Fix a denial of service attack by which any directory authority
|
||||
could crash all the others, or by which a single v2 directory
|
||||
@ -32,7 +32,7 @@ Changes in version 0.2.4.5-alpha - 2012-10-25
|
||||
|
||||
o Minor bugfixes:
|
||||
- Only disable TLS session ticket support when running as a TLS
|
||||
server. This keeps clients harder to distinguish from regular firefox
|
||||
server. Now clients will blend better with regular Firefox
|
||||
connections. Fixes bug 7189; bugfix on Tor 0.2.3.23-rc.
|
||||
|
||||
o Code simplification and refactoring:
|
||||
|
@ -1195,7 +1195,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
|
||||
* create an opportunity to fingerprint us (since it's unusual to use them
|
||||
* with TLS sessions turned off).
|
||||
*
|
||||
* In 0.2.4, clients advertise support for them, though to avoid a TLS
|
||||
* In 0.2.4, clients advertise support for them though, to avoid a TLS
|
||||
* distinguishability vector. This can give us worse PFS, though, if we
|
||||
* get a server that doesn't set SSL_OP_NO_TICKET. With luck, there will
|
||||
* be few such servers by the time 0.2.4 is more stable.
|
||||
|
Loading…
Reference in New Issue
Block a user