merge in the safecookie changelog entry too

2024-11-27 13:53:31 +01:00 · 2012-03-26 22:15:02 -04:00 · 2012-03-26 22:15:02 -04:00 · de73e3692a
commit de73e3692a
parent 65bf007a77
2 changed files with 7 additions and 9 deletions
--- a/7
+++ b/7
@ -7,6 +7,13 @@ Changes in version 0.2.3.13-alpha - 2012-03-26
    - Change IP address for maatuska (v3 directory authority).

  o Security fixes:
+    - Provide controllers with a safer way to implement the cookie
+      authentication mechanism. With the old method, if another locally
+      running program could convince a controller that it was the Tor
+      process, then that program could trick the contoller into telling
+      it the contents of an arbitrary 32-byte file. The new "SAFECOOKIE"
+      authentication method uses a challenge-response approach to prevent
+      this attack. Fixes bug 5185, implements proposal 193.
    - Never use a bridge or a controller-supplied node as an exit, even
      if its exit policy allows it. Found by wanoskarnet. Fixes bug
      5342. Bugfix on 0.1.1.15-rc (for controller-purpose descriptors)
--- a/changes/safecookie
+++ b/changes/safecookie
@ -1,9 +0,0 @@
-  o Security Features:
-    - Provide controllers with a safer way to implement the cookie
-      authentication mechanism. With the old method, if another locally
-      running program could convince a controller that it was the Tor
-      process, then that program could trick the contoller into
-      telling it the contents of an arbitrary 32-byte file. The new
-      "SAFECOOKIE" authentication method uses a challenge-response
-      approach to prevent this. Fixes bug 5185, implements proposal 193. 
-