Hello community, here is the log from the commit of package tor for openSUSE:Factory checked in at 2017-06-09 15:57:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tor (Old) and /work/SRC/openSUSE:Factory/.tor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tor" Fri Jun 9 15:57:36 2017 rev:56 rq:502413 version:0.3.0.8 Changes: -------- --- /work/SRC/openSUSE:Factory/tor/tor.changes 2017-06-01 16:33:45.958390567 +0200 +++ /work/SRC/openSUSE:Factory/.tor.new/tor.changes 2017-06-09 15:57:38.113739764 +0200 @@ -1,0 +2,21 @@ +Thu Jun 8 18:47:31 UTC 2017 - [email protected] + +- tor 0.3.0.8 fixing a pair of bugs that would allow an attacker to + remotely crash a hidden service with an assertion failure + * CVE-2017-0375: remotely triggerable assertion failure when a + hidden service handles a malformed BEGIN cell (bsc#1043455) + * CVE-2017-0376: remotely triggerable assertion failure caused by + receiving a BEGIN_DIR cell on a hidden service rendezvous + circuit (bsc#1043456) +- further bug fixes: + * link handshake fixes when changing x509 certificates + * Regenerate link and authentication certificates whenever the key + that signs them changes; also, regenerate link certificates + whenever the signed key changes + * When sending an Ed25519 signing->link certificate in a CERTS cell, + send the certificate that matches the x509 certificate that was + used on the TLS connection + * Stop rejecting v3 hidden service descriptors because their size + did not match an old padding rule + +------------------------------------------------------------------- Old: ---- tor-0.3.0.7.tar.gz tor-0.3.0.7.tar.gz.asc New: ---- tor-0.3.0.8.tar.gz tor-0.3.0.8.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tor.spec ++++++ --- /var/tmp/diff_new_pack.xaNRgN/_old 2017-06-09 15:57:39.753508325 +0200 +++ /var/tmp/diff_new_pack.xaNRgN/_new 2017-06-09 15:57:39.757507760 +0200 @@ -20,7 +20,7 @@ %define torgroup %{name} %define home_dir %{_localstatedir}/lib/empty Name: tor -Version: 0.3.0.7 +Version: 0.3.0.8 Release: 0 Summary: Anonymizing overlay network for TCP (The onion router) License: BSD-3-Clause ++++++ tor-0.3.0.7.tar.gz -> tor-0.3.0.8.tar.gz ++++++ ++++ 1698 lines of diff (skipped)
