diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-08-03 13:33:36 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-08-03 13:33:36 -0400 |
| commit | 909f18910efddc107a3602529c7029b40bf0aeed (patch) | |
| tree | c7ac32ee55210e51c5558e3fd55fe6714801b619 /changes | |
| parent | fce6eb1c44e87bc20e1cf62bd46d8fe6e356008e (diff) | |
| parent | d48cebc5e498b0ae673635f40fc57cdddab45d5b (diff) | |
| download | tor-909f18910efddc107a3602529c7029b40bf0aeed.tar.gz tor-909f18910efddc107a3602529c7029b40bf0aeed.zip | |
Merge remote-tracking branch 'origin/maint-0.2.2' into release-0.2.2
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bug6530 | 5 | ||||
| -rw-r--r-- | changes/geoip-june2012 | 3 | ||||
| -rw-r--r-- | changes/pathsel-BUGGY-a | 14 | ||||
| -rw-r--r-- | changes/revert-geoip-may2012 | 6 |
4 files changed, 28 insertions, 0 deletions
diff --git a/changes/bug6530 b/changes/bug6530 new file mode 100644 index 0000000000..825bbb752a --- /dev/null +++ b/changes/bug6530 @@ -0,0 +1,5 @@ + o Major security fixes: + - Avoid a read of uninitializd RAM when reading a vote or consensus + document with an unrecognized flavor name. This could lead to a + remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha. + diff --git a/changes/geoip-june2012 b/changes/geoip-june2012 new file mode 100644 index 0000000000..f73bf35529 --- /dev/null +++ b/changes/geoip-june2012 @@ -0,0 +1,3 @@ + o Minor features: + - Update to the June 6 2012 Maxmind GeoLite Country database. + diff --git a/changes/pathsel-BUGGY-a b/changes/pathsel-BUGGY-a new file mode 100644 index 0000000000..2e642c7953 --- /dev/null +++ b/changes/pathsel-BUGGY-a @@ -0,0 +1,14 @@ + o Security fixes: + + - Try to leak less information about what relays a client is + choosing to a side-channel attacker. Previously, a Tor client + would stop iterating through the list of available relays as + soon as it had chosen one, thus finishing a little earlier + when it picked a router earlier in the list. If an attacker + can recover this timing information (nontrivial but not + proven to be impossible), they could learn some coarse- + grained information about which relays a client was picking + (middle nodes in particular are likelier to be affected than + exits). The timing attack might be mitigated by other factors + (see bug #6537 for some discussion), but it's best not to + take chances. Fixes bug 6537; bugfix on 0.0.8rc1. diff --git a/changes/revert-geoip-may2012 b/changes/revert-geoip-may2012 new file mode 100644 index 0000000000..e420947a34 --- /dev/null +++ b/changes/revert-geoip-may2012 @@ -0,0 +1,6 @@ + o Major bugfixes: + - Revert to the May 1 2012 Maxmind GeoLite Country database. In the + June 2012 database, Maxmind marked many Tor relays as country "A1", + which will cause risky behavior for clients that set EntryNodes + or ExitNodes. Addresses bug 6334; bugfix on 0.2.3.17-beta. + |