Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:2829
patchinfo
_patchinfo
Overview
Details
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo
<patchinfo> <issue id="878486" tracker="bnc">tor upgrade to 0.2.4.22</issue> <issue id="CVE-2014-0160" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>AndreasStieger</packager> <description> - tor 0.2.4.22 [bnc#878486] Tor was updated to the recommended version of the 0.2.4.x series. - major features in 0.2.4.x: - improved client resilience - support better link encryption with forward secrecy - new NTor circuit handshake - change relay queue for circuit create requests from size-based limit to time-based limit - many bug fixes and minor features - changes contained in 0.2.4.22: Backports numerous high-priority fixes. These include blocking all authority signing keys that may have been affected by the OpenSSL "heartbleed" bug, choosing a far more secure set of TLS ciphersuites by default, closing a couple of memory leaks that could be used to run a target relay out of RAM. - Major features (security) - Block authority signing keys that were used on authorities vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160). - Major bugfixes (security, OOM): - Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step. - Major bugfixes (TLS cipher selection): - The relay ciphersuite list is now generated automatically based on uniform criteria, and includes all OpenSSL ciphersuites with acceptable strength and forward secrecy. - Relays now trust themselves to have a better view than clients of which TLS ciphersuites are better than others. - Clients now try to advertise the same list of ciphersuites as Firefox 28. - includes changes from 0.2.4.21: Further improves security against potential adversaries who find breaking 1024-bit crypto doable, and backports several stability and robustness patches from the 0.2.5 branch. - Major features (client security): - When we choose a path for a 3-hop circuit, make sure it contains at least one relay that supports the NTor circuit extension handshake. Otherwise, there is a chance that we're building a circuit that's worth attacking by an adversary who finds breaking 1024-bit crypto doable, and that chance changes the game theory. - Major bugfixes: - Do not treat streams that fail with reason END_STREAM_REASON_INTERNAL as indicating a definite circuit failure, since it could also indicate an ENETUNREACH connection error - includes changes from 0.2.4.20: - Do not allow OpenSSL engines to replace the PRNG, even when HardwareAccel is set. - Fix assertion failure when AutomapHostsOnResolve yields an IPv6 address. - Avoid launching spurious extra circuits when a stream is pending. - packaging changes: - remove init script shadowing systemd unit - general cleanup - Add tor-fw-helper for UPnP port forwarding; not used by default - fix logrotate on systemd-only setups without init scripts, work tor-0.2.2.37-logrotate.patch to tor-0.2.4.x-logrotate.patch - verify source tarball signature </description> <summary>update for tor</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor