[or-cvs] r14603: Forward-port: update authority keys affected by Debian OpenS (in tor/trunk: . src/or)

nickm at seul.org nickm at seul.org
Tue May 13 12:47:28 UTC 2008


Author: nickm
Date: 2008-05-13 08:47:27 -0400 (Tue, 13 May 2008)
New Revision: 14603

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/src/or/config.c
Log:
 r19725 at catbus:  nickm | 2008-05-13 08:47:18 -0400
 Forward-port: update authority keys affected by Debian OpenSSL bug (See CVE-2008-0166 or http://lists.debian.org/debian-security-announce/2008/msg00152.html )



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r19725] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog	2008-05-13 12:44:16 UTC (rev 14602)
+++ tor/trunk/ChangeLog	2008-05-13 12:47:27 UTC (rev 14603)
@@ -5,6 +5,11 @@
       0.2.0.1-alpha.  Fixes bug 632.
     - List authority signatures as "unrecognized" based on DirServer lines,
       not on cert cache.  Bugfix on 0.2.0.x.
+    - Use new V3 directory authority keys on the Tor26, Gabelmoo, and
+      Moria1 V3 directory authorities.  The old keys were generated with
+      a vulnerable version of Debian's OpenSSL package, and must be
+      considered compromised.  Other authorities' keys were not
+      generated with an affected version of OpenSSL.
 
   o Minor bugfixes:
     - Stop giving double-close warn when we reject an address for client DNS.

Modified: tor/trunk/src/or/config.c
===================================================================
--- tor/trunk/src/or/config.c	2008-05-13 12:44:16 UTC (rev 14602)
+++ tor/trunk/src/or/config.c	2008-05-13 12:47:27 UTC (rev 14603)
@@ -827,11 +827,11 @@
 {
   int i;
   const char *dirservers[] = {
-    "moria1 v1 orport=9001 v3ident=5420FD8EA46BD4290F1D07A1883C9D85ECC486C4 "
+    "moria1 v1 orport=9001 v3ident=E2A2AF570166665D738736D0DD58169CC61D8A8B "
       "128.31.0.34:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441",
     "moria2 v1 orport=9002 128.31.0.34:9032 "
       "719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF",
-    "tor26 v1 orport=443 v3ident=A9AC67E64B200BBF2FA26DF194AC0469E2A948C6 "
+    "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
       "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
     "lefkada orport=443 "
       "140.247.60.64:80 38D4 F5FC F7B1 0232 28B8 95EA 56ED E7D5 CCDC AF32",
@@ -842,7 +842,7 @@
     "ides orport=9090 no-v2 v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "
       "216.224.124.114:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
     "gabelmoo orport=443 no-v2 "
-      "v3ident=EAA879B5C75032E462CB018630D2D0DF46EBA606 "
+      "v3ident=81349FC1F2DBA2C2C11B45CB9706637D480AB913 "
       "88.198.7.215:80 6833 3D07 61BC F397 A587 A0C0 B963 E4A9 E99E C4D3",
     "dannenberg orport=443 no-v2 "
       "v3ident=585769C78764D58426B8B52B6651A5A71137189A "



More information about the tor-commits mailing list