Hello community, here is the log from the commit of package tor for openSUSE:Factory checked in at 2014-07-31 07:41:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tor (Old) and /work/SRC/openSUSE:Factory/.tor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tor" Changes: -------- --- /work/SRC/openSUSE:Factory/tor/tor.changes 2014-06-10 14:38:29.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.tor.new/tor.changes 2014-07-31 07:42:11.000000000 +0200 @@ -1,0 +2,32 @@ +Wed Jul 30 22:52:17 UTC 2014 - andreas.stie...@gmx.de + +- Tor 0.2.4.23 [bnc#889688] [CVE-2014-5117] + Slows down the risk from guard rotation and backports several + important fixes from the Tor 0.2.5 alpha release series. +- Major features: + - Clients now look at the "usecreatefast" consensus parameter to + decide whether to use CREATE_FAST or CREATE cells for the first hop + of their circuit. This approach can improve security on connections + where Tor's circuit handshake is stronger than the available TLS + connection security levels, but the tradeoff is more computational + load on guard relays. + - Make the number of entry guards configurable via a new + NumEntryGuards consensus parameter, and the number of directory + guards configurable via a new NumDirectoryGuards consensus + parameter. +- Major bugfixes: + - Fix a bug in the bounds-checking in the 32-bit curve25519-donna + implementation that caused incorrect results on 32-bit + implementations when certain malformed inputs were used along with + a small class of private ntor keys. +- Minor bugfixes: + - Warn and drop the circuit if we receive an inbound 'relay early' + cell. + - Correct a confusing error message when trying to extend a circuit + via the control protocol but we don't know a descriptor or + microdescriptor for one of the specified relays. + - Avoid an illegal read from stack when initializing the TLS module + using a version of OpenSSL without all of the ciphers used by the + v2 link handshake. + +------------------------------------------------------------------- Old: ---- tor-0.2.4.22.tar.gz tor-0.2.4.22.tar.gz.asc New: ---- tor-0.2.4.23.tar.gz tor-0.2.4.23.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tor.spec ++++++ --- /var/tmp/diff_new_pack.LOEz0P/_old 2014-07-31 07:42:13.000000000 +0200 +++ /var/tmp/diff_new_pack.LOEz0P/_new 2014-07-31 07:42:13.000000000 +0200 @@ -23,7 +23,7 @@ %define torgroup %{name} %define home_dir %{_localstatedir}/lib/empty Name: tor -Version: 0.2.4.22 +Version: 0.2.4.23 Release: 0 Summary: Anonymizing overlay network for TCP (The onion router) License: BSD-3-Clause ++++++ tor-0.2.4.22.tar.gz -> tor-0.2.4.23.tar.gz ++++++ ++++ 58180 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org