Commit 4fc866ce authored by Roger Dingledine's avatar Roger Dingledine
Browse files

touch-ups

parent d44b7bb5
Loading
Loading
Loading
Loading
+6 −6
Original line number Diff line number Diff line
Changes in version 0.2.4.5-alpha - 2012-10-25
  Tor 0.2.3.24-rc comes hard at the heels of 0.2.4.4-alpha, to fix two
  important security vulnerabilities that could lead to remotely
  triggerable relay crashes, fixes a major bug that was preventing
  clients from choosing good exit nodes, and refactor some of our code.
  Tor 0.2.4.5-alpha comes hard at the heels of 0.2.4.4-alpha, to fix
  two important security vulnerabilities that could lead to remotely
  triggerable relay crashes, fix a major bug that was preventing clients
  from choosing suitable exit nodes, and refactor some of our code.
  o Major bugfixes (security, also in 0.2.3.24-rc):
    - Fix a group of remotely triggerable assertion failures related to
      incorrect link protocol negotiation. Found, diagnosed, and fixed
      by "some guy from France." Fix for CVE-2012-2250; bugfix on
      by "some guy from France". Fix for CVE-2012-2250; bugfix on
      0.2.3.6-alpha.
    - Fix a denial of service attack by which any directory authority
      could crash all the others, or by which a single v2 directory
@@ -32,7 +32,7 @@ Changes in version 0.2.4.5-alpha - 2012-10-25
  o Minor bugfixes:
    - Only disable TLS session ticket support when running as a TLS
      server. This keeps clients harder to distinguish from regular firefox
      server. Now clients will blend better with regular Firefox
      connections. Fixes bug 7189; bugfix on Tor 0.2.3.23-rc.
  o Code simplification and refactoring:
+1 −1
Original line number Diff line number Diff line
@@ -1195,7 +1195,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
   * create an opportunity to fingerprint us (since it's unusual to use them
   * with TLS sessions turned off).
   *
   * In 0.2.4, clients advertise support for them, though to avoid a TLS
   * In 0.2.4, clients advertise support for them though, to avoid a TLS
   * distinguishability vector.  This can give us worse PFS, though, if we
   * get a server that doesn't set SSL_OP_NO_TICKET.  With luck, there will
   * be few such servers by the time 0.2.4 is more stable.