Hello community,
here is the log from the commit of package tor for openSUSE:Factory checked in
at 2014-07-31 07:41:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tor (Old)
and /work/SRC/openSUSE:Factory/.tor.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tor"
Changes:
--------
--- /work/SRC/openSUSE:Factory/tor/tor.changes 2014-06-10 14:38:29.000000000
+0200
+++ /work/SRC/openSUSE:Factory/.tor.new/tor.changes 2014-07-31
07:42:11.000000000 +0200
@@ -1,0 +2,32 @@
+Wed Jul 30 22:52:17 UTC 2014 - andreas.stie...@gmx.de
+
+- Tor 0.2.4.23 [bnc#889688] [CVE-2014-5117]
+ Slows down the risk from guard rotation and backports several
+ important fixes from the Tor 0.2.5 alpha release series.
+- Major features:
+ - Clients now look at the "usecreatefast" consensus parameter to
+ decide whether to use CREATE_FAST or CREATE cells for the first hop
+ of their circuit. This approach can improve security on connections
+ where Tor's circuit handshake is stronger than the available TLS
+ connection security levels, but the tradeoff is more computational
+ load on guard relays.
+ - Make the number of entry guards configurable via a new
+ NumEntryGuards consensus parameter, and the number of directory
+ guards configurable via a new NumDirectoryGuards consensus
+ parameter.
+- Major bugfixes:
+ - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
+ implementation that caused incorrect results on 32-bit
+ implementations when certain malformed inputs were used along with
+ a small class of private ntor keys.
+- Minor bugfixes:
+ - Warn and drop the circuit if we receive an inbound 'relay early'
+ cell.
+ - Correct a confusing error message when trying to extend a circuit
+ via the control protocol but we don't know a descriptor or
+ microdescriptor for one of the specified relays.
+ - Avoid an illegal read from stack when initializing the TLS module
+ using a version of OpenSSL without all of the ciphers used by the
+ v2 link handshake.
+
+-------------------------------------------------------------------
Old:
----
tor-0.2.4.22.tar.gz
tor-0.2.4.22.tar.gz.asc
New:
----
tor-0.2.4.23.tar.gz
tor-0.2.4.23.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tor.spec ++++++
--- /var/tmp/diff_new_pack.LOEz0P/_old 2014-07-31 07:42:13.000000000 +0200
+++ /var/tmp/diff_new_pack.LOEz0P/_new 2014-07-31 07:42:13.000000000 +0200
@@ -23,7 +23,7 @@
%define torgroup %{name}
%define home_dir %{_localstatedir}/lib/empty
Name: tor
-Version: 0.2.4.22
+Version: 0.2.4.23
Release: 0
Summary: Anonymizing overlay network for TCP (The onion router)
License: BSD-3-Clause
++++++ tor-0.2.4.22.tar.gz -> tor-0.2.4.23.tar.gz ++++++
++++ 58180 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
