tor/changes
Nick Mathewson 71862ed763 Fix bug in verifying directory signatures with short digests
If we got a signed digest that was shorter than the required digest
length, but longer than 20 bytes, we would accept it as long
enough.... and then immediately fail when we want to check it.

Fixes bug 2409; bug in 0.2.2.20-alpha; found by piebeer.
2011-01-25 17:15:22 -05:00
..
bug2060 Disable DirPort when BridgeRelay is set 2010-11-22 13:12:48 -05:00
bug2081_followup Reject relay versions older than 0.2.0.26-rc 2010-12-07 11:35:32 -05:00
bug2097-more Add a missing ! to directory_fetches_from_authorities 2010-12-06 11:36:01 -05:00
bug2146.1 Fix a bug in calculating wakeup time on 64-bit machines. 2010-12-06 12:01:32 -05:00
bug2190 Better fix for 2190: defer libevent->controller messages instead of dropping 2010-11-19 22:52:32 -05:00
bug2210 fix changes file for 2210 2010-11-30 19:19:36 -05:00
bug2235 Don't crash when accountingmax is set in non-server Tors 2010-12-03 13:37:13 -05:00
bug2305 Note that Tor requires Automake 1.7. Fixes bug 2305 2011-01-03 17:24:16 -05:00
bug2313 Never include pthread.h when building for Windows. 2011-01-03 12:45:13 -05:00
bug2314 Fix compile wanrings revealed by gcc 4.5 on mingw 2010-12-27 09:47:41 +01:00
bug2317 Sanity-check consensus param values 2011-01-15 19:42:17 +01:00
bug2324 Check size against SIZE_T_CEILING in realloc too. 2011-01-03 15:15:27 -05:00
bug2324_uncompress Detect and disallow compression bombs 2011-01-03 15:54:23 -05:00
bug2326 Avoid assertion on read_file_to_str() with size==SIZE_T_CEILING-1 2011-01-03 15:30:11 -05:00
bug2328 Correctly detect and exclude addresses outside of our virtual address range 2011-01-07 12:24:36 -05:00
bug2330 Pull up more data when parsing socks messages 2011-01-10 17:24:16 -05:00
bug2331 add a missing "not" in bug2331 changelog 2011-01-12 12:42:21 -05:00
bug2332 Always nul-terminate the result passed to evdns_server_add_ptr_reply 2011-01-15 11:49:25 -05:00
bug2337 Detect signed size_t and report an error at configure time. 2011-01-03 16:54:57 -05:00
bug2346 Explain bug2346 fix better based on suggestions from arma 2011-01-12 12:37:42 -05:00
bug2352 Impose maximum sizes on parsed objects 2011-01-10 12:12:11 -05:00
bug2363 Fix check for failed evdns request creation 2011-01-09 19:02:57 -05:00
bug2364 Describe tor-resolve defaults. Bug 2364. 2011-01-09 15:40:40 -05:00
bug2384 Fix a couple of non-cleared key issues in hidden services 2011-01-15 14:10:54 -05:00
bug2409 Fix bug in verifying directory signatures with short digests 2011-01-25 17:15:22 -05:00
bug2432 Tell which geoip file we're parsing 2011-01-25 15:54:51 -05:00
bug2433 Fix assert for relay/bridge state change 2011-01-25 14:13:06 -05:00
bytecount Fix a harmless off-by-one error in counting controller argument lengths 2010-12-02 13:19:21 -05:00
dhparam Make the DH parameter we use for TLS match the one from Apache's mod_ssl 2011-01-24 16:50:11 -05:00
fix2195-fix Avoid dereferencing NULL if a bridge fails to build an ei descriptor. 2010-11-24 13:18:11 -08:00
gabelmoo-newip Change gabelmoo's IP address and ports. 2010-12-16 13:28:30 +01:00
geoip-dec2010 Update to the December 1 2010 Maxmind GeoLite Country database. 2010-12-08 17:59:40 +01:00
geoip-jan2011 Update to the January 1 2011 Maxmind GeoLite Country database. 2011-01-10 10:37:54 +01:00
mingw-openssl098m Fix compilation with mingw and OpenSSL 0.9.8m+ 2010-11-23 12:47:38 -05:00
policy_summarize-assert Fix bounds-checking in policy_summarize 2011-01-20 11:17:57 -08:00
remove-website stop shipping doc/img and doc/website in the tarball 2010-11-23 00:03:50 -05:00
routerparse_maxima Fix two more SIZE_T_CEILING issues 2011-01-19 13:22:50 -05:00
security_bug Add a changelog entry 2010-12-15 22:35:07 -05:00
task2196 Report only the top 10 ports in exit-port stats. 2010-11-24 08:45:05 +01:00
tolen_asserts make the description of tolen_asserts more dire 2011-01-15 11:49:26 -05:00