diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-10-30 09:56:40 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-10-30 09:56:40 -0400 |
| commit | 5a601dd2901644a537621f407f072d634ece2cfe (patch) | |
| tree | b6671a3c25713ac309e3a02d511105d42cc325aa | |
| parent | b46259e368fcdb0b4c30aefc5fd14a6af1282131 (diff) | |
| download | tor-5a601dd2901644a537621f407f072d634ece2cfe.tar.gz tor-5a601dd2901644a537621f407f072d634ece2cfe.zip | |
Clarify 13476 changelog (From sebastian)tor-0.2.6.1-alpha
| -rw-r--r-- | ChangeLog | 8 |
1 files changed, 5 insertions, 3 deletions
@@ -142,9 +142,11 @@ Changes in version 0.2.6.1-alpha - 2014-10-30 - Check all date/time values passed to tor_timegm and parse_rfc1123_time for validity, taking leap years into account. Improves HTTP header validation. Implemented with bug 13476. - - Clamp year values returned by system localtime(_r) and gmtime(_r) - to year 1 in correct_tm. This ensures tor can read any values it - writes out. Fixes bug 13476. + - In correct_tm(), limit the range of values returned by system + localtime(_r) and gmtime(_r) to be between the years 1 and 8099. + This means we don't have to deal with negative or too large dates, + even if a clock is wrong. Otherwise we might fail to read a file + written by us which includes such a date. Fixes bug 13476. o Minor bugfixes (bridge clients): - When configured to use a bridge without an identity digest (not |