tor-commits October 2012

tor-commits@lists.torproject.org

20 participants
1288 discussions

[metrics-web/master] Update sitemap.
by karsten＠torproject.org 20 Oct '12

20 Oct '12

commit e708d30aba33461a23890166598bee0cb9d912e1 Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Sat Oct 20 16:41:52 2012 -0400 Update sitemap. --- web/WEB-INF/error.jsp | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/web/WEB-INF/error.jsp b/web/WEB-INF/error.jsp index 8e15d35..4e75376 100644 --- a/web/WEB-INF/error.jsp +++ b/web/WEB-INF/error.jsp @@ -44,8 +44,8 @@ Maybe you find what you're looking for on our sitemap: <li><a href="… [View More]

1 0

[translation/https_everywhere_completed] Update translations for https_everywhere_completed
by translation＠torproject.org 20 Oct '12

20 Oct '12

commit da7c700aede28555652d1d033044a9b413ffb73f Author: Translation commit bot <translation(a)torproject.org> Date: Sat Oct 20 20:45:35 2012 +0000 Update translations for https_everywhere_completed --- ru/ssl-observatory.dtd | 10 ++++------ 1 files changed, 4 insertions(+), 6 deletions(-) diff --git a/ru/ssl-observatory.dtd b/ru/ssl-observatory.dtd index 96c3ccf..a99b6bc 100644 --- a/ru/ssl-observatory.dtd +++ b/ru/ssl-observatory.dtd @@ -3,9 +3,7 @@ <!ENTITY ssl-… [View More]observatory.popup.later "Спросить позже"> <!ENTITY ssl-observatory.popup.no "Нет"> -<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere может распознавать атаки -на Ваш браузер, путем отправки получаемых сертификатов в -SSL Observatory. Включить данную опцию?"> +<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere может распознавать атаки на Ваш браузер, путём отправки получаемых сертификатов в SSL Observatory. Включить данную опцию?">  <!ENTITY ssl-observatory.prefs.done "Готово"> <!ENTITY ssl-observatory.prefs.explanation -"HTTPS Everywhere может использовать EFF SSL Observatory. Это обеспечивает две вещи: (1) отправляет копии сертификатов в SSL Observatory, что бы помочь нам определить атаки 'человек посередине' и улучшить безопасность Веб; и (2) позволяет нам предупреждать Вас о небезопасных соединениях или атаках на Ваш браузер."> +"HTTPS Everywhere может использовать SSL Observatory. Это обеспечивает две вещи: (1) отправляет копии сертификатов в SSL Observatory, что бы помочь нам определить атаки 'человек посередине' и улучшить безопасность Веб; и (2) позволяет нам предупреждать Вас о небезопасных соединениях или атаках на Ваш браузер.">  <!ENTITY ssl-observatory.prefs.title "Настройки SSL Observatory"> <!ENTITY ssl-observatory.prefs.use "Использовать SSL Observatory?"> -<!ENTITY ssl-observatory.warning.title "ПРЕДУПРЕЖДЕНИЕ от EFF SSL Observatory"> +<!ENTITY ssl-observatory.warning.title "ПРЕДУПРЕЖДЕНИЕ от SSL Observatory"> <!ENTITY ssl-observatory.warning.showcert "Показать цепочку сертификатов"> <!ENTITY ssl-observatory.warning.okay "Я понимаю"> -<!ENTITY ssl-observatory.warning.text "EFF SSL Observatory выдал предупреждение для SSL сертификат(-а/-ов) данного сайта:"> +<!ENTITY ssl-observatory.warning.text "SSL Observatory выдал предупреждение для сертификат(-а/-ов) данного сайта:"> <!ENTITY ssl-observatory.warning.defense "Если Вы вошли в учётную запись на данном сайте, может быть целесообразно сменить пароль после установки безопасного соединения."> <!ENTITY ssl-observatory.prefs.self_signed [View Less]

1 0

[translation/https_everywhere] Update translations for https_everywhere
by translation＠torproject.org 20 Oct '12

20 Oct '12

commit 6adfd21301aa860fe6c3db437a9963bc113aaa7c Author: Translation commit bot <translation(a)torproject.org> Date: Sat Oct 20 20:45:32 2012 +0000 Update translations for https_everywhere --- ru/ssl-observatory.dtd | 10 ++++------ 1 files changed, 4 insertions(+), 6 deletions(-) diff --git a/ru/ssl-observatory.dtd b/ru/ssl-observatory.dtd index 96c3ccf..a99b6bc 100644 --- a/ru/ssl-observatory.dtd +++ b/ru/ssl-observatory.dtd @@ -3,9 +3,7 @@ <!ENTITY ssl-observatory.popup.… [View More]later "Спросить позже"> <!ENTITY ssl-observatory.popup.no "Нет"> -<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere может распознавать атаки -на Ваш браузер, путем отправки получаемых сертификатов в -SSL Observatory. Включить данную опцию?"> +<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere может распознавать атаки на Ваш браузер, путём отправки получаемых сертификатов в SSL Observatory. Включить данную опцию?">  <!ENTITY ssl-observatory.prefs.done "Готово"> <!ENTITY ssl-observatory.prefs.explanation -"HTTPS Everywhere может использовать EFF SSL Observatory. Это обеспечивает две вещи: (1) отправляет копии сертификатов в SSL Observatory, что бы помочь нам определить атаки 'человек посередине' и улучшить безопасность Веб; и (2) позволяет нам предупреждать Вас о небезопасных соединениях или атаках на Ваш браузер."> +"HTTPS Everywhere может использовать SSL Observatory. Это обеспечивает две вещи: (1) отправляет копии сертификатов в SSL Observatory, что бы помочь нам определить атаки 'человек посередине' и улучшить безопасность Веб; и (2) позволяет нам предупреждать Вас о небезопасных соединениях или атаках на Ваш браузер.">  <!ENTITY ssl-observatory.prefs.title "Настройки SSL Observatory"> <!ENTITY ssl-observatory.prefs.use "Использовать SSL Observatory?"> -<!ENTITY ssl-observatory.warning.title "ПРЕДУПРЕЖДЕНИЕ от EFF SSL Observatory"> +<!ENTITY ssl-observatory.warning.title "ПРЕДУПРЕЖДЕНИЕ от SSL Observatory"> <!ENTITY ssl-observatory.warning.showcert "Показать цепочку сертификатов"> <!ENTITY ssl-observatory.warning.okay "Я понимаю"> -<!ENTITY ssl-observatory.warning.text "EFF SSL Observatory выдал предупреждение для SSL сертификат(-а/-ов) данного сайта:"> +<!ENTITY ssl-observatory.warning.text "SSL Observatory выдал предупреждение для сертификат(-а/-ов) данного сайта:"> <!ENTITY ssl-observatory.warning.defense "Если Вы вошли в учётную запись на данном сайте, может быть целесообразно сменить пароль после установки безопасного соединения."> <!ENTITY ssl-observatory.prefs.self_signed [View Less]

1 0

[translation/tsum] Update translations for tsum
by translation＠torproject.org 20 Oct '12

20 Oct '12

commit 2f629665c624a91cd7017eaf171135e0315f53c8 Author: Translation commit bot <translation(a)torproject.org> Date: Sat Oct 20 20:45:07 2012 +0000 Update translations for tsum --- vi/short-user-manual_vi_noimg.xhtml | 12 ++++++------ 1 files changed, 6 insertions(+), 6 deletions(-) diff --git a/vi/short-user-manual_vi_noimg.xhtml b/vi/short-user-manual_vi_noimg.xhtml index f7b30c4..8044363 100644 --- a/vi/short-user-manual_vi_noimg.xhtml +++ b/vi/short-user-manual_vi_noimg.… [View More]xhtml @@ -5,12 +5,12 @@ </head> <body> <h1 id="the-short-user-manual">Hướng dẩn sử dụng nhanh</h1> - <p>Hướng dẩn sử dụng này bao gồm cách tải Tor về, cách sử dụng nó và những điều nên làm nếu Tor không thể kết nối vào mạng. Nếu bạn không thể tìm thấy câu trả lời trong tài liệu này, hảy gởi thư vào help(a)rt.torproject.org</p> - <p>Hảy để ý rằng chúng tôi đang cung cấp hổ trợ trên cơ bản tự nguyện, và chúng tôi nhận được rất nhiều thư trong một ngày. Vậy nên đừng lo lắng nếu chúng tôi trả lời thư chậm.</p> - <h2 id="how-tor-works">Tor làm việc thế nào?</h2> - <p>Tor là một mạng lưới hường hầm giả lập nó cho phép nâng cao quyền riêng tư và an toàn trên internet. Tor hoạt động bằng cách gởi thông tin thông qua ba máy chủ ngẩu nhiên (củng có thể coi là trạm tiếp chuyển <em>relays</em>) trong mạng lưới Tor, trước khi đường truyền được gởi ra ngoài internet.</p> - <p>Bức hình phía trên là phát họa về truy cập của người dùng đến các trang mạng khác nhau thông qua Tor. Màng hình xanh lục thể hiện trạm tiếp chuyển trong mạng lưới Tor, trong khi ba chìa khóa thể hiện cho những lớp mã hóa giữa người dùng và mỗi trạm tiếp chuyển.</p> - <p>Tor sẽ nặc danh những thông tin trên đường truyền của bạn, và sẽ mã hóa mọi thông tin giữa bạn và mạng lưới Tor, củng như mã hõa đường truyền bên trong mạng lưới Tor, nhưng nó không thể mã hóa đường truyền giữa bạn và điểm đến cuối cùng.</p> + <p>Hướng dẩn sử dụng này bao gồm hướng dẩn tải về Tor, cách sử dụng và những điều nên làm nếu Tor không thể kết nối vào mạng. Nếu bạn không thể tìm thấy câu trả lời trong tài liệu này, hảy gởi thư vào help(a)rt.torproject.org</p> + <p>Hảy chú ý rằng chúng tôi đang cung cấp hổ trợ trên cơ bản tự nguyện, và chúng tôi nhận được rất nhiều thư trong một ngày. Vậy nên đừng lo lắng nếu chúng tôi trả lời thư chậm.</p> + <h2 id="how-tor-works">Cách làm việc của Tor</h2> + <p>Tor là một mạng lưới hường hầm giả lập nó cho phép nâng cao quyền riêng tư và an toàn trên internet. Tor hoạt động bằng cách gởi thông tin thông qua ba máy chủ ngẩu nhiên (củng có thể coi là <em>trạm chuyển tiếp</em>) trong mạng lưới Tor, trước khi đường truyền được gởi ra ngoài internet.</p> + <p>Bức hình phía trên là phát họa về truy cập của người dùng đến các trang mạng khác nhau thông qua Tor. Màng hình xanh lục thể hiện trạm chuyển tiếp trong mạng lưới Tor, trong khi ba chìa khóa thể hiện cho những lớp mã hóa giữa người dùng và mỗi trạm tiếp chuyển.</p> + <p>Tor sẽ nặc danh những thông tin trên đường truyền của bạn, và sẽ mã hóa tất cả thông tin giữa bạn và mạng lưới Tor, cũng như mã hõa đường truyền bên trong mạng lưới Tor, nhưng nó không thể mã hóa đường truyền giữa mạng lưới Tor và điểm đến cuối cùng.</p> <p>Nếu bạn đang trao đổi những thông tin nhạy cảm, ví dụ như đăng nhập vào một trang mạng bằng tên truy cập và mật mã, phải chắc rằng bạn sử dụng kết nói HTTPS (v.d <strong>https</strong>://torproject.org/, not <strong>http</strong>://torproject.org/).</p> <h2 id="how-to-download-tor">Cách tải Tor về</h2> <p>Bộ ứng dụng chúng tôi đề nghị là <a href="https://www.torproject.org/projects/torbrowser.html">Tor Browser Bundle</a>. Trong gói này chứ trình duyệt đã được điều chỉnh để an toàn khi duyệt internet thông qua Tor, và không cần phải cài đặt. Bạn tải gói ứng dụng về, giải nén, và khởi động Tor.</p> [View Less]

1 0

[translation/https_everywhere_completed] Update translations for https_everywhere_completed
by translation＠torproject.org 20 Oct '12

20 Oct '12

commit 3b1d33f7fab9cd8ce25ad95c25e5fd1cae966326 Author: Translation commit bot <translation(a)torproject.org> Date: Sat Oct 20 20:15:36 2012 +0000 Update translations for https_everywhere_completed --- ru/https-everywhere.dtd | 2 +- ru/ssl-observatory.dtd | 18 ++++++------------ 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/ru/https-everywhere.dtd b/ru/https-everywhere.dtd index de14236..260ea3b 100644 --- a/ru/https-everywhere.dtd +++ b/ru/https-… [View More]everywhere.dtd @@ -15,7 +15,7 @@ <!ENTITY https-everywhere.menu.globalEnable "Включить HTTPS Everywhere"> <!ENTITY https-everywhere.menu.globalDisable "Выключить HTTPS Everywhere"> -<!ENTITY https-everywhere.prefs.title "Настройки"> +<!ENTITY https-everywhere.prefs.title "Настройки HTTPS Everywhere"> <!ENTITY https-everywhere.prefs.enable_all "Включить всё"> <!ENTITY https-everywhere.prefs.disable_all "Выключить всё"> <!ENTITY https-everywhere.prefs.reset_defaults "По умолчанию"> diff --git a/ru/ssl-observatory.dtd b/ru/ssl-observatory.dtd index c7b5b08..96c3ccf 100644 --- a/ru/ssl-observatory.dtd +++ b/ru/ssl-observatory.dtd @@ -5,7 +5,7 @@ <!ENTITY ssl-observatory.popup.text "HTTPS Everywhere может распознавать атаки на Ваш браузер, путем отправки получаемых сертификатов в -Observatory. Включить данную опцию?"> +SSL Observatory. Включить данную опцию?">  "Эта опция требует наличия установленных Tor и Torbutton"> <!ENTITY ssl-observatory.prefs.asn -"При получении нового сертификата, сообщить Observatory к какому провайдеру Вы подключены"> +"При получении нового сертификата, сообщить SSL Observatory к какому провайдеру Вы подключены"> <!ENTITY ssl-observatory.prefs.asn_tooltip "Будет получать и отправлять "Номер Автономной Системы" Вашей сети. Это поможет нам локализовать атаки против HTTPS и определить наличие наблюдений для сетей в таких местах как Иран и Сирия, где атаки сравнительно часты."> @@ -46,10 +46,7 @@ to turn it on?">--> <!ENTITY ssl-observatory.prefs.done "Готово"> <!ENTITY ssl-observatory.prefs.explanation -"HTTPS Everywhere может использовать EFF SSL Observatory. Это обеспечивает две вещи: (1) -отправляет копии HTTPS сертификатов в Observatory, что бы помочь нам -определить атаки 'человек посередине' и улучшить безопасность Веб; и (2) -позволяет нам предупреждать Вас о небезопасных соединениях или атаках на Ваш браузер."> +"HTTPS Everywhere может использовать EFF SSL Observatory. Это обеспечивает две вещи: (1) отправляет копии сертификатов в SSL Observatory, что бы помочь нам определить атаки 'человек посередине' и улучшить безопасность Веб; и (2) позволяет нам предупреждать Вас о небезопасных соединениях или атаках на Ваш браузер.">  <!ENTITY ssl-observatory.prefs.explanation2 -"Например, когда Вы заходите на https://www.something.com, сертификат -полученный Observatory будет означать что кто-то посетил -www.something.com, но не кто именно его посетил, или какую конкретную страницу он -просматривал. Наведите курсор на опции для более подробной информации:"> +"Например, когда Вы заходите на https://www.something.com, сертификат полученный SSL Observatory будет означать что кто-то посетил www.something.com, но не кто именно его посетил, или какую конкретную страницу он просматривал. Наведите курсор на опции для более подробной информации:"> <!ENTITY ssl-observatory.prefs.hide "Скрыть дополнительные опции"> @@ -75,13 +69,13 @@ www.something.com, но не кто именно его посетил, или "Отправить и проверить сертификаты для непубличных DNS имён"> <!ENTITY ssl-observatory.prefs.priv_dns_tooltip -"Если данная опция выключена, Observatory не будет регистрировать сертификаты для имён, которые он не может разрешить через DNS."> +"Если данная опция выключена, SSL Observatory не будет регистрировать сертификаты для имён, которые он не может разрешить через DNS."> <!ENTITY ssl-observatory.prefs.show "Показать дополнительные опции"> <!ENTITY ssl-observatory.prefs.title "Настройки SSL Observatory"> -<!ENTITY ssl-observatory.prefs.use "Использовать Observatory?"> +<!ENTITY ssl-observatory.prefs.use "Использовать SSL Observatory?"> <!ENTITY ssl-observatory.warning.title "ПРЕДУПРЕЖДЕНИЕ от EFF SSL Observatory"> <!ENTITY ssl-observatory.warning.showcert "Показать цепочку сертификатов"> <!ENTITY ssl-observatory.warning.okay "Я понимаю"> [View Less]

1 0

[translation/https_everywhere] Update translations for https_everywhere
by translation＠torproject.org 20 Oct '12

20 Oct '12

commit a297c36238ac4030f980b3a72cd02f0dd02ab937 Author: Translation commit bot <translation(a)torproject.org> Date: Sat Oct 20 20:15:32 2012 +0000 Update translations for https_everywhere --- ru/https-everywhere.dtd | 2 +- ru/ssl-observatory.dtd | 18 ++++++------------ 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/ru/https-everywhere.dtd b/ru/https-everywhere.dtd index de14236..260ea3b 100644 --- a/ru/https-everywhere.dtd +++ b/ru/https-everywhere.dtd @@ -… [View More]15,7 +15,7 @@ <!ENTITY https-everywhere.menu.globalEnable "Включить HTTPS Everywhere"> <!ENTITY https-everywhere.menu.globalDisable "Выключить HTTPS Everywhere"> -<!ENTITY https-everywhere.prefs.title "Настройки"> +<!ENTITY https-everywhere.prefs.title "Настройки HTTPS Everywhere"> <!ENTITY https-everywhere.prefs.enable_all "Включить всё"> <!ENTITY https-everywhere.prefs.disable_all "Выключить всё"> <!ENTITY https-everywhere.prefs.reset_defaults "По умолчанию"> diff --git a/ru/ssl-observatory.dtd b/ru/ssl-observatory.dtd index c7b5b08..96c3ccf 100644 --- a/ru/ssl-observatory.dtd +++ b/ru/ssl-observatory.dtd @@ -5,7 +5,7 @@ <!ENTITY ssl-observatory.popup.text "HTTPS Everywhere может распознавать атаки на Ваш браузер, путем отправки получаемых сертификатов в -Observatory. Включить данную опцию?"> +SSL Observatory. Включить данную опцию?">  "Эта опция требует наличия установленных Tor и Torbutton"> <!ENTITY ssl-observatory.prefs.asn -"При получении нового сертификата, сообщить Observatory к какому провайдеру Вы подключены"> +"При получении нового сертификата, сообщить SSL Observatory к какому провайдеру Вы подключены"> <!ENTITY ssl-observatory.prefs.asn_tooltip "Будет получать и отправлять "Номер Автономной Системы" Вашей сети. Это поможет нам локализовать атаки против HTTPS и определить наличие наблюдений для сетей в таких местах как Иран и Сирия, где атаки сравнительно часты."> @@ -46,10 +46,7 @@ to turn it on?">--> <!ENTITY ssl-observatory.prefs.done "Готово"> <!ENTITY ssl-observatory.prefs.explanation -"HTTPS Everywhere может использовать EFF SSL Observatory. Это обеспечивает две вещи: (1) -отправляет копии HTTPS сертификатов в Observatory, что бы помочь нам -определить атаки 'человек посередине' и улучшить безопасность Веб; и (2) -позволяет нам предупреждать Вас о небезопасных соединениях или атаках на Ваш браузер."> +"HTTPS Everywhere может использовать EFF SSL Observatory. Это обеспечивает две вещи: (1) отправляет копии сертификатов в SSL Observatory, что бы помочь нам определить атаки 'человек посередине' и улучшить безопасность Веб; и (2) позволяет нам предупреждать Вас о небезопасных соединениях или атаках на Ваш браузер.">  <!ENTITY ssl-observatory.prefs.explanation2 -"Например, когда Вы заходите на https://www.something.com, сертификат -полученный Observatory будет означать что кто-то посетил -www.something.com, но не кто именно его посетил, или какую конкретную страницу он -просматривал. Наведите курсор на опции для более подробной информации:"> +"Например, когда Вы заходите на https://www.something.com, сертификат полученный SSL Observatory будет означать что кто-то посетил www.something.com, но не кто именно его посетил, или какую конкретную страницу он просматривал. Наведите курсор на опции для более подробной информации:"> <!ENTITY ssl-observatory.prefs.hide "Скрыть дополнительные опции"> @@ -75,13 +69,13 @@ www.something.com, но не кто именно его посетил, или "Отправить и проверить сертификаты для непубличных DNS имён"> <!ENTITY ssl-observatory.prefs.priv_dns_tooltip -"Если данная опция выключена, Observatory не будет регистрировать сертификаты для имён, которые он не может разрешить через DNS."> +"Если данная опция выключена, SSL Observatory не будет регистрировать сертификаты для имён, которые он не может разрешить через DNS."> <!ENTITY ssl-observatory.prefs.show "Показать дополнительные опции"> <!ENTITY ssl-observatory.prefs.title "Настройки SSL Observatory"> -<!ENTITY ssl-observatory.prefs.use "Использовать Observatory?"> +<!ENTITY ssl-observatory.prefs.use "Использовать SSL Observatory?"> <!ENTITY ssl-observatory.warning.title "ПРЕДУПРЕЖДЕНИЕ от EFF SSL Observatory"> <!ENTITY ssl-observatory.warning.showcert "Показать цепочку сертификатов"> <!ENTITY ssl-observatory.warning.okay "Я понимаю"> [View Less]

1 0

[tor/master] fold in changes files for upcoming 0.2.4.4-alpha
by arma＠torproject.org 20 Oct '12

20 Oct '12

commit 93044642842208e188a80bd086460e2cc60fbed7 Author: Roger Dingledine <arma(a)torproject.org> Date: Sat Oct 20 15:37:57 2012 -0400 fold in changes files for upcoming 0.2.4.4-alpha --- ChangeLog | 101 ++++++++++++++++++++++++++++++++ changes/6757 | 5 -- changes/6982 | 3 - changes/addr_is_internal_debug | 4 - changes/bug1031 | 5 -- changes/bug6465 … [View More] | 12 ---- changes/bug6816 | 6 -- changes/bug7011 | 6 -- changes/bug7014 | 5 -- changes/bug7022 | 3 - changes/bug7029 | 3 - changes/bug7037 | 6 -- changes/bug7038 | 5 -- changes/bug7039 | 7 -- changes/bug7139 | 9 --- changes/cve-2012-2249 | 5 -- changes/dirserv-BUGGY-a | 7 -- changes/dropped_openssl_vers | 3 - changes/src_ext | 3 - changes/ticket5749 | 3 - changes/ticket6997 | 2 - changes/warn-about-hses-without-guards | 8 --- 22 files changed, 101 insertions(+), 110 deletions(-) diff --git a/ChangeLog b/ChangeLog index 98f0507..d234807 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,104 @@ +Changes in version 0.2.4.4-alpha - 2012-10-20 + Tor 0.2.4.4-alpha adds a new v3 directory authority, fixes a privacy + vulnerability introduced by a change in OpenSSL, fixes a remotely + triggerable assert, and adds new channel_t and circuitmux_t abstractions + that will make it easier to test new connection transport and cell + scheduling algorithms. + + o New directory authorities (also in 0.2.3.23-rc): + - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory + authority. Closes ticket 5749. + + o Major bugfixes (security/privacy, also in 0.2.3.23-rc): + - Disable TLS session tickets. OpenSSL's implementation was giving + our TLS session keys the lifetime of our TLS context objects, when + perfect forward secrecy would want us to discard anything that + could decrypt a link connection as soon as the link connection + was closed. Fixes bug 7139; bugfix on all versions of Tor linked + against OpenSSL 1.0.0 or later. Found by Florent Daignière. + - Discard extraneous renegotiation attempts once the V3 link + protocol has been initiated. Failure to do so left us open to + a remotely triggerable assertion failure. Fixes CVE-2012-2249; + bugfix on 0.2.3.6-alpha. Reported by "some guy from France". + + o Internal abstraction features: + - Introduce new channel_t abstraction between circuits and + or_connection_t to allow for implementing alternate OR-to-OR + transports. A channel_t is an abstract object which can either be a + cell-bearing channel, which is responsible for authenticating and + handshaking with the remote OR and transmitting cells to and from + it, or a listening channel, which spawns new cell-bearing channels + at the request of remote ORs. Implements part of ticket 6465. + - Also new is the channel_tls_t subclass of channel_t, adapting it + to the existing or_connection_t code. The V2/V3 protocol handshaking + code which formerly resided in command.c has been moved below the + channel_t abstraction layer and may be found in channeltls.c now. + Implements the rest of ticket 6465. + - Introduce new circuitmux_t storing the queue of circuits for + a channel; this encapsulates and abstracts the queue logic and + circuit selection policy, and allows the latter to be overridden + easily by switching out a policy object. The existing EWMA behavior + is now implemented as a circuitmux_policy_t. Resolves ticket 6816. + + o Required libraries: + - Tor now requires OpenSSL 0.9.8 or later. OpenSSL 1.0.0 or later is + strongly recommended. + + o Minor features: + - Warn users who run hidden services on a Tor client with + UseEntryGuards disabled that their hidden services will be + vulnerable to http://freehaven.net/anonbib/#hs-attack06 (the + attack which motivated Tor to support entry guards in the first + place). Resolves ticket 6889. + - Tor now builds correctly on Bitrig, an OpenBSD fork. Patch from + dhill. Resolves ticket 6982. + + o Minor bugfixes (also in 0.2.3.23-rc): + - Don't serve or accept v2 hidden service descriptors over a + relay's DirPort. It's never correct to do so, and disabling it + might make it more annoying to exploit any bugs that turn up in the + descriptor-parsing code. Fixes bug 7149. + - Fix two cases in src/or/transports.c where we were calling + fmt_addr() twice in a parameter list. Bug found by David + Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha. + - Fix memory leaks whenever we logged any message about the "path + bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc. + - When relays refuse a "create" cell because their queue of pending + create cells is too big (typically because their cpu can't keep up + with the arrival rate), send back reason "resource limit" rather + than reason "internal", so network measurement scripts can get a + more accurate picture. Fixes bug 7037; bugfix on 0.1.1.11-alpha. + + o Minor bugfixes: + - Command-line option "--version" implies "--quiet". Fixes bug 6997. + - Free some more still-in-use memory at exit, to make hunting for + memory leaks easier. Resolves bug 7029. + - When a Tor client gets a "truncated" relay cell, the first byte of + its payload specifies why the circuit was truncated. We were + ignoring this 'reason' byte when tearing down the circuit, resulting + in the controller not being told why the circuit closed. Now we + pass the reason from the truncated cell to the controller. Bugfix + on 0.1.2.3-alpha; fixes bug 7039. + - Downgrade "Failed to hand off onionskin" messages to "debug" + severity, since they're typically redundant with the "Your computer + is too slow" messages. Fixes bug 7038; bugfix on 0.2.2.16-alpha. + - Make clients running with IPv6 bridges connect over IPv6 again, + even without setting new config options ClientUseIPv6 and + ClientPreferIPv6ORPort. Fixes bug 6757; bugfix on 0.2.4.1-alpha. + - Use square brackets around IPv6 addresses in numerous places + that needed them, including log messages, HTTPS CONNECT proxy + requests, TransportProxy statefile entries, and pluggable transport + extra-info lines. Fixes bug 7011; patch by David Fifield. + + o Code refactoring and cleanup: + - Source files taken from other packages now reside in src/ext; + previously they were scattered around the rest of Tor. + - Avoid use of reserved identifiers in our C code. The C standard + doesn't like us declaring anything that starts with an + underscore, so let's knock it off before we get in trouble. Fix + for bug 1031; bugfix on the first Tor commit. + + Changes in version 0.2.3.23-rc - 2012-10-20 Tor 0.2.3.23-rc adds a new v3 directory authority, fixes a privacy vulnerability introduced by a change in OpenSSL, and fixes a variety diff --git a/changes/6757 b/changes/6757 deleted file mode 100644 index 6b17f95..0000000 --- a/changes/6757 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (client): - - Make clients running with IPv6 bridges connect over IPv6 again, - even without setting new config options ClientUseIPv6 and - ClientPreferIPv6ORPort. - Fixes bug 6757; bugfix on 0.2.4.1-alpha. diff --git a/changes/6982 b/changes/6982 deleted file mode 100644 index edfa066..0000000 --- a/changes/6982 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (portability): - - Tor now builds correctly on Bitrig, an OpenBSD fork. Patch from dhill. - Ticket 6982. diff --git a/changes/addr_is_internal_debug b/changes/addr_is_internal_debug deleted file mode 100644 index 6de221b..0000000 --- a/changes/addr_is_internal_debug +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Log the call-site of a failed tor_addr_is_internal(), so that we - can learn who is calling it with AF_UNSPECIFIED and fix the - second (unrelated) part of bug 7086. diff --git a/changes/bug1031 b/changes/bug1031 deleted file mode 100644 index e3ab49b..0000000 --- a/changes/bug1031 +++ /dev/null @@ -1,5 +0,0 @@ - o Code cleanup: - - Avoid use of reserved identifiers in our C code. The C standard - doesn't like us declaring anything that starts with an - underscore, so let's knock it off before we get in trouble. Fix - for bug 1031; bugfix on the first Tor commit. diff --git a/changes/bug6465 b/changes/bug6465 deleted file mode 100644 index a5ea9e2..0000000 --- a/changes/bug6465 +++ /dev/null @@ -1,12 +0,0 @@ - o Infrastructure features: - - Introduce new channel_t abstraction between circuits and or_connection_t - to allow for implementing alternate OR-to-OR transports. A channel_t is - an abstract object which can either be a cell-bearing channel, which is - responsible for authenticating and handshaking with the remote OR and - transmitting cells to and from it, or a listening channel, which spawns - new cell-bearing channels at the request of remote ORs. - - - Also new is the channel_tls_t subclass of channel_t, adapting it to the - existing or_connection_t code. The V2/V3 protocol handshaking code - which formerly resided in command.c has been moved below the channel_t - abstraction layer and may be found in channeltls.c now. diff --git a/changes/bug6816 b/changes/bug6816 deleted file mode 100644 index e9e6877..0000000 --- a/changes/bug6816 +++ /dev/null @@ -1,6 +0,0 @@ - o Infrastructure features: - - Introduce new circuitmux_t storing the queue of circuits for a channel; - this encapsulates and abstracts the queue logic and circuit selection - policy, and allows the latter to be overridden easily by switching out - a policy object. The existing EWMA behavior is now implemented as a - circuitmux_policy_t. This fixes bug 6816. diff --git a/changes/bug7011 b/changes/bug7011 deleted file mode 100644 index f3d0aa2..0000000 --- a/changes/bug7011 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - Use square brackets around IPv6 addresses in numerous places that needed - them, including log messages, HTTPS CONNECT proxy requests, - TransportProxy statefile entries, and pluggable transport extra-info - lines. Fix for bug 7011; patch by David Fifield. - diff --git a/changes/bug7014 b/changes/bug7014 deleted file mode 100644 index 1d39103..0000000 --- a/changes/bug7014 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes: - - Fix two cases in src/or/transports.c where we were calling - fmt_addr() twice in a parameter list. Bug found by David - Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha. - diff --git a/changes/bug7022 b/changes/bug7022 deleted file mode 100644 index 10ac354..0000000 --- a/changes/bug7022 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes: - - Fix memory leaks whenever we logged any message about the "path - bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc. diff --git a/changes/bug7029 b/changes/bug7029 deleted file mode 100644 index a115b42..0000000 --- a/changes/bug7029 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (code cleanliness): - - Free some more still-in-use memory at exit, to make hunting for - memory leaks easier. Resolves bug 7029. diff --git a/changes/bug7037 b/changes/bug7037 deleted file mode 100644 index fc3a1ad..0000000 --- a/changes/bug7037 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes: - - When relays refuse a "create" cell because their queue of pending - create cells is too big (typically because their cpu can't keep up - with the arrival rate), send back reason "resource limit" rather - than reason "internal", so network measurement scripts can get a - more accurate picture. Bugfix on 0.1.1.11-alpha; fixes bug 7037. diff --git a/changes/bug7038 b/changes/bug7038 deleted file mode 100644 index 3805d86..0000000 --- a/changes/bug7038 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (log messages): - - Downgrade "Failed to hand off onionskin" messages to "debug" - severity, since they're typically redundant with the "Your computer - is too slow" messages. Fixes bug 7038; bugfix on 0.2.2.16-alpha. - diff --git a/changes/bug7039 b/changes/bug7039 deleted file mode 100644 index dc5111a..0000000 --- a/changes/bug7039 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - When a Tor client gets a "truncated" relay cell, the first byte of - its payload specifies why the circuit was truncated. We were - ignoring this 'reason' byte when tearing down the circuit, resulting - in the controller not being told why the circuit closed. Now we - pass the reason from the truncated cell to the controller. Bugfix - on 0.1.2.3-alpha; fixes bug 7039. diff --git a/changes/bug7139 b/changes/bug7139 deleted file mode 100644 index dfb7d32..0000000 --- a/changes/bug7139 +++ /dev/null @@ -1,9 +0,0 @@ - o Major bugfixes (security): - - - Disable TLS session tickets. OpenSSL's implementation were giving - our TLS session keys the lifetime of our TLS context objects, when - perfect forward secrecy would want us to discard anything that - could decrypt a link connection as soon as the link connection was - closed. Fixes bug 7139; bugfix on all versions of Tor linked - against OpenSSL 1.0.0 or later. Found by "nextgens". - diff --git a/changes/cve-2012-2249 b/changes/cve-2012-2249 deleted file mode 100644 index 625bfa2..0000000 --- a/changes/cve-2012-2249 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security): - - Discard extraneous renegotiation attempts once the V3 link - protocol has been initiated. Failure to do so left us open to - a remotely triggerable assertion failure. Fixes CVE-2012-2249; - bugfix on 0.2.3.6-alpha. Reported by "some guy from France". diff --git a/changes/dirserv-BUGGY-a b/changes/dirserv-BUGGY-a deleted file mode 100644 index 35b492a..0000000 --- a/changes/dirserv-BUGGY-a +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes: - - - Don't serve or accept v2 hidden service descriptors over a - relay's DirPort. It's never correct to do so, and disabling it - might make it more annoying to exploit any bugs that turn up in the - descriptor-parsing code. Fixes bug 7149. - diff --git a/changes/dropped_openssl_vers b/changes/dropped_openssl_vers deleted file mode 100644 index dc79d5e..0000000 --- a/changes/dropped_openssl_vers +++ /dev/null @@ -1,3 +0,0 @@ - o Required libraries: - - Tor now requires OpenSSL 0.9.8 or later; OpenSSL 1.0.0 or later is - strongly recommended. diff --git a/changes/src_ext b/changes/src_ext deleted file mode 100644 index a1b2a21..0000000 --- a/changes/src_ext +++ /dev/null @@ -1,3 +0,0 @@ - o Code refactoring: - - Source files taken from other packages now reside in src/ext; - previously they were scattered around the rest of Tor. diff --git a/changes/ticket5749 b/changes/ticket5749 deleted file mode 100644 index 0237241..0000000 --- a/changes/ticket5749 +++ /dev/null @@ -1,3 +0,0 @@ - o New directory authorities: - - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory - authority. Closes ticket 5749. diff --git a/changes/ticket6997 b/changes/ticket6997 deleted file mode 100644 index 0a33b37..0000000 --- a/changes/ticket6997 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor bugfixes: - - Command-line option "--version" implies "--quiet". Closes ticket #6997. diff --git a/changes/warn-about-hses-without-guards b/changes/warn-about-hses-without-guards deleted file mode 100644 index 57b8b4d..0000000 --- a/changes/warn-about-hses-without-guards +++ /dev/null @@ -1,8 +0,0 @@ - o Minor features: - - - Warn users who run hidden services on a Tor client with - UseEntryGuards disabled that their hidden services will be - vulnerable to http://freehaven.net/anonbib/#hs-attack06 (the - attack which motivated Tor to support entry guards in the first - place). Fixes bug 6889. - [View Less]

1 0

[tor/master] bump to 0.2.4.4-alpha
by arma＠torproject.org 20 Oct '12

20 Oct '12

commit fe3b95f3596194276eac8d1644cec56263a0cf0e Author: Roger Dingledine <arma(a)torproject.org> Date: Sat Oct 20 16:06:05 2012 -0400 bump to 0.2.4.4-alpha --- configure.ac | 2 +- contrib/tor-mingw.nsi.in | 2 +- src/win32/orconfig.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index bb7ea6b..60631a5 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ dnl Copyright (c) 2004-2006, Roger … [View More]

1 0

[translation/https_everywhere_completed] Update translations for https_everywhere_completed
by translation＠torproject.org 20 Oct '12

20 Oct '12

commit 549f585eae3642a2887f54faa6457090e5d970ad Author: Translation commit bot <translation(a)torproject.org> Date: Sat Oct 20 19:45:34 2012 +0000 Update translations for https_everywhere_completed --- ru/https-everywhere.dtd | 2 +- ru/ssl-observatory.dtd | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ru/https-everywhere.dtd b/ru/https-everywhere.dtd index 64e45b7..de14236 100644 --- a/ru/https-everywhere.dtd +++ b/ru/https-everywhere.dtd @@ -11,7 +… [View More]

1 0

[translation/https_everywhere] Update translations for https_everywhere
by translation＠torproject.org 20 Oct '12

20 Oct '12

commit 741a858a08fee61334589aae838b5813a2fea4cd Author: Translation commit bot <translation(a)torproject.org> Date: Sat Oct 20 19:45:31 2012 +0000 Update translations for https_everywhere --- ru/https-everywhere.dtd | 2 +- ru/ssl-observatory.dtd | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ru/https-everywhere.dtd b/ru/https-everywhere.dtd index 64e45b7..de14236 100644 --- a/ru/https-everywhere.dtd +++ b/ru/https-everywhere.dtd @@ -11,7 +11,7 @@ &… [View More]

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits October 2012