June 2017 - tor-commits - lists.torproject.org

[tor/maint-0.3.0] Bump to 0.2.8.14
by nickm＠torproject.org 08 Jun '17

08 Jun '17

commit 792931d53d26e469ea2e22f63911b1553c053473 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jun 8 09:27:54 2017 -0400 Bump to 0.2.8.14 --- configure.ac | 2 +- contrib/win32build/tor-mingw.nsi.in | 2 +- src/win32/orconfig.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 9c6d95d..092aa74 100644 --- a/configure.ac +++ b/configure.ac @@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2015, The Tor Project, Inc. dnl See LICENSE for licensing information AC_PREREQ([2.63]) -AC_INIT([tor],[0.2.8.13]) +AC_INIT([tor],[0.2.8.14]) AC_CONFIG_SRCDIR([src/or/main.c]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in index ae477b8..ba0cf5c 100644 --- a/contrib/win32build/tor-mingw.nsi.in +++ b/contrib/win32build/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.8.13" +!define VERSION "0.2.8.14" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index b61f59f..41ce26e 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -229,7 +229,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.8.13" +#define VERSION "0.2.8.14"

1 0

[tor/maint-0.3.0] Bump to 0.2.4.29
by nickm＠torproject.org 08 Jun '17

08 Jun '17

commit 8e439a66f3846b65a16b62936ad1d35dbf902e9d Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jun 8 09:25:31 2017 -0400 Bump to 0.2.4.29 --- configure.ac | 2 +- contrib/tor-mingw.nsi.in | 2 +- src/win32/orconfig.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 8e70722..6b4d009 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ dnl Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson dnl Copyright (c) 2007-2013, The Tor Project, Inc. dnl See LICENSE for licensing information -AC_INIT([tor],[0.2.4.28]) +AC_INIT([tor],[0.2.4.29]) AC_CONFIG_SRCDIR([src/or/main.c]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE diff --git a/contrib/tor-mingw.nsi.in b/contrib/tor-mingw.nsi.in index da24244..4e00cb7 100644 --- a/contrib/tor-mingw.nsi.in +++ b/contrib/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.4.28" +!define VERSION "0.2.4.29" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index cca8ad0..5468455 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -241,7 +241,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.4.28" +#define VERSION "0.2.4.29"

1 0

[tor/master] Merge branch 'maint-0.3.0'
by nickm＠torproject.org 08 Jun '17

08 Jun '17

commit 9acca040257caf5894126e8da3df7226f6dcd480 Merge: 5955b63 0c46dc8 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jun 8 09:17:32 2017 -0400 Merge branch 'maint-0.3.0' changes/trove-2017-004 | 8 ++++++++ src/or/connection_edge.c | 21 ++++++++++++++------- 2 files changed, 22 insertions(+), 7 deletions(-)

1 0

[tor/master] Another changes fix.
by nickm＠torproject.org 08 Jun '17

08 Jun '17

commit eb5d05f696a2de7572427ae55c35816e01796efc Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jun 8 09:20:53 2017 -0400 Another changes fix. --- changes/trove-2017-004 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/changes/trove-2017-004 b/changes/trove-2017-004 index aa90145..eb0789d 100644 --- a/changes/trove-2017-004 +++ b/changes/trove-2017-004 @@ -1,8 +1,8 @@ o Major bugfixes (hidden service, relay, security): - - Fix an assertion failure when an hidden service handles a + - Fix an assertion failure when a hidden service handles a malformed BEGIN cell. This bug resulted in the service crashing triggered by a tor_assert(). Fixes bug 22493, tracked as - TROVE-2017-004 and as CVE-2017-0375; bugfix on tor-0.3.0.1-alpha. + TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha. Found by armadev.

1 0

[tor/master] Merge branch 'maint-0.3.0'
by nickm＠torproject.org 08 Jun '17

08 Jun '17

commit 83135d75a3d87e4fd5f163aecb742180c01d9d0e Merge: 9acca04 53011e3 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jun 8 09:21:15 2017 -0400 Merge branch 'maint-0.3.0' changes/trove-2017-004 | 4 ++-- changes/trove-2017-005 | 7 +++++++ src/or/relay.c | 3 ++- 3 files changed, 11 insertions(+), 3 deletions(-)

1 0

[tor/master] TROVE-2017-005: Fix assertion failure in connection_edge_process_relay_cell
by nickm＠torproject.org 08 Jun '17

08 Jun '17

commit 56a7c5bc15e0447203a491c1ee37de9939ad1dcd Author: David Goulet <dgoulet(a)torproject.org> Date: Mon Jun 5 11:11:42 2017 -0400 TROVE-2017-005: Fix assertion failure in connection_edge_process_relay_cell On an hidden service rendezvous circuit, a BEGIN_DIR could be sent (maliciously) which would trigger a tor_assert() because connection_edge_process_relay_cell() thought that the circuit is an or_circuit_t but is an origin circuit in reality. Fixes #22494 Reported-by: Roger Dingledine <arma(a)torproject.org> Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- changes/trove-2017-005 | 7 +++++++ src/or/relay.c | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/changes/trove-2017-005 b/changes/trove-2017-005 new file mode 100644 index 0000000..cebb013 --- /dev/null +++ b/changes/trove-2017-005 @@ -0,0 +1,7 @@ + o Major bugfixes (hidden service, relay, security): + - Fix an assertion failure caused by receiving a BEGIN_DIR cell on + a hidden service rendezvous circuit. Fixes bug 22494, tracked as + TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found + by armadev. + + diff --git a/src/or/relay.c b/src/or/relay.c index 7f06c6e..59b79f9 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -1297,7 +1297,8 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, "Begin cell for known stream. Dropping."); return 0; } - if (rh.command == RELAY_COMMAND_BEGIN_DIR) { + if (rh.command == RELAY_COMMAND_BEGIN_DIR && + circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) { /* Assign this circuit and its app-ward OR connection a unique ID, * so that we can measure download times. The local edge and dir * connection will be assigned the same ID when they are created

1 0

[tor/maint-0.2.9] TROVE-2017-005: Fix assertion failure in connection_edge_process_relay_cell
by nickm＠torproject.org 08 Jun '17

08 Jun '17

commit 56a7c5bc15e0447203a491c1ee37de9939ad1dcd Author: David Goulet <dgoulet(a)torproject.org> Date: Mon Jun 5 11:11:42 2017 -0400 TROVE-2017-005: Fix assertion failure in connection_edge_process_relay_cell On an hidden service rendezvous circuit, a BEGIN_DIR could be sent (maliciously) which would trigger a tor_assert() because connection_edge_process_relay_cell() thought that the circuit is an or_circuit_t but is an origin circuit in reality. Fixes #22494 Reported-by: Roger Dingledine <arma(a)torproject.org> Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- changes/trove-2017-005 | 7 +++++++ src/or/relay.c | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/changes/trove-2017-005 b/changes/trove-2017-005 new file mode 100644 index 0000000..cebb013 --- /dev/null +++ b/changes/trove-2017-005 @@ -0,0 +1,7 @@ + o Major bugfixes (hidden service, relay, security): + - Fix an assertion failure caused by receiving a BEGIN_DIR cell on + a hidden service rendezvous circuit. Fixes bug 22494, tracked as + TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found + by armadev. + + diff --git a/src/or/relay.c b/src/or/relay.c index 7f06c6e..59b79f9 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -1297,7 +1297,8 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, "Begin cell for known stream. Dropping."); return 0; } - if (rh.command == RELAY_COMMAND_BEGIN_DIR) { + if (rh.command == RELAY_COMMAND_BEGIN_DIR && + circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) { /* Assign this circuit and its app-ward OR connection a unique ID, * so that we can measure download times. The local edge and dir * connection will be assigned the same ID when they are created

1 0

[tor/maint-0.2.9] Merge branch 'maint-0.2.6' into maint-0.2.7-redux
by nickm＠torproject.org 08 Jun '17

08 Jun '17

commit 4915d9c5a7fc8db2497258a293137426cbd0d665 Merge: 2efe027 b796ad0 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jun 8 09:28:54 2017 -0400 Merge branch 'maint-0.2.6' into maint-0.2.7-redux "ours" merge to avoid version bump.

1 0

[tor/maint-0.3.0] TROVE-2017-005: Fix assertion failure in connection_edge_process_relay_cell
by nickm＠torproject.org 08 Jun '17

08 Jun '17

commit 56a7c5bc15e0447203a491c1ee37de9939ad1dcd Author: David Goulet <dgoulet(a)torproject.org> Date: Mon Jun 5 11:11:42 2017 -0400 TROVE-2017-005: Fix assertion failure in connection_edge_process_relay_cell On an hidden service rendezvous circuit, a BEGIN_DIR could be sent (maliciously) which would trigger a tor_assert() because connection_edge_process_relay_cell() thought that the circuit is an or_circuit_t but is an origin circuit in reality. Fixes #22494 Reported-by: Roger Dingledine <arma(a)torproject.org> Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- changes/trove-2017-005 | 7 +++++++ src/or/relay.c | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/changes/trove-2017-005 b/changes/trove-2017-005 new file mode 100644 index 0000000..cebb013 --- /dev/null +++ b/changes/trove-2017-005 @@ -0,0 +1,7 @@ + o Major bugfixes (hidden service, relay, security): + - Fix an assertion failure caused by receiving a BEGIN_DIR cell on + a hidden service rendezvous circuit. Fixes bug 22494, tracked as + TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found + by armadev. + + diff --git a/src/or/relay.c b/src/or/relay.c index 7f06c6e..59b79f9 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -1297,7 +1297,8 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, "Begin cell for known stream. Dropping."); return 0; } - if (rh.command == RELAY_COMMAND_BEGIN_DIR) { + if (rh.command == RELAY_COMMAND_BEGIN_DIR && + circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) { /* Assign this circuit and its app-ward OR connection a unique ID, * so that we can measure download times. The local edge and dir * connection will be assigned the same ID when they are created

1 0

[tor/maint-0.2.6] Merge branch 'maint-0.2.5' into maint-0.2.6
by nickm＠torproject.org 08 Jun '17

08 Jun '17

commit 40bccc20042fcc4f43964b358257470830169e73 Merge: a56cfda dec7998 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jun 8 09:21:15 2017 -0400 Merge branch 'maint-0.2.5' into maint-0.2.6 changes/trove-2017-005 | 7 +++++++ src/or/relay.c | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-)

1 0