[tor-commits] [tor/release-0.2.2] fold in changes entries

arma at torproject.org arma at torproject.org
Thu Oct 27 23:52:31 UTC 2011 

commit ccd65e06af5b91ec2e4a48e0af650d0915592185
Author: Roger Dingledine <arma at torproject.org>
Date:   Wed Oct 26 18:44:58 2011 -0400

    fold in changes entries
---
 ChangeLog                 |   27 +++++++++++++++++++++++++--
 changes/issue-2011-10-19L |   28 ----------------------------
 changes/issue-2011-10-23G |    9 ---------
 3 files changed, 25 insertions(+), 39 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1e0e466..80b48d3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,23 @@
-Changes in version 0.2.2.34 - 2011-10-??
-  o Security fixes:
+Changes in version 0.2.2.34 - 2011-10-26
+  o Privacy/anonymity fixes:
+    - Clients and bridges no longer send TLS certificate chains on
+      outgoing OR connections. Previously, each client or bridge
+      would use the same cert chain for all outgoing OR connections
+      for up to 24 hours, which allowed any relay that the client or
+      bridge contacted to determine which entry guards it is using.
+      Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
+    - If a relay receives a CREATE_FAST cell on a TLS connection, it
+      no longer considers that connection as suitable for satisfying a
+      circuit EXTEND request. Now relays can protect clients from the
+      CVE-2011-2768 issue even if the clients haven't upgraded yet.
+    - Directory authorities no longer assign the Guard flag to relays
+      that haven't upgraded to the above "refuse EXTEND requests
+      to client connections" fix. Now directory authorities can
+      protect clients from the CVE-2011-2768 issue even if neither
+      the clients nor the relays have upgraded yet. There's a new
+      "GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays" config option
+      to let us transition smoothly, else tomorrow there would be no
+      guard relays.
     - Bridge relays now do their directory fetches inside Tor TLS
       connections, like all the other clients do, rather than connecting
       directly to the DirPort like public relays do. Removes another
@@ -8,6 +26,11 @@ Changes in version 0.2.2.34 - 2011-10-??
       way to how clients build them. Removes another avenue for
       enumerating bridges. Fixes bug 4124; bugfix on 0.2.0.3-alpha,
       when bridges were introduced.
+    - Bridges now refuse CREATE or CREATE_FAST cells on OR connections
+      that they initiated. Relays could distinguish incoming bridge 
+      connections from client connections, creating another avenue for
+      enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
+      Found by "frosty_un".
 
   o Major bugfixes:
     - Fix a crash bug when changing node restrictions while a DNS lookup
diff --git a/changes/issue-2011-10-19L b/changes/issue-2011-10-19L
deleted file mode 100644
index b879c9d..0000000
--- a/changes/issue-2011-10-19L
+++ /dev/null
@@ -1,28 +0,0 @@
-  o Security fixes:
-
-    - Don't send TLS certificate chains on outgoing OR connections
-      from clients and bridges.  Previously, each client or bridge
-      would use a single cert chain for all outgoing OR connections
-      for up to 24 hours, which allowed any relay connected to by a
-      client or bridge to determine which entry guards it is using.
-      This is a potential user-tracing bug for *all* users; everyone
-      who uses Tor's client or hidden service functionality should
-      upgrade.  Fixes CVE-2011-2768.  Bugfix on FIXME; found by
-      frosty_un.
-
-    - Don't use any OR connection on which we have received a
-      CREATE_FAST cell to satisfy an EXTEND request.  Previously, we
-      would not consider whether a connection appears to be from a
-      client or bridge when deciding whether to use that connection to
-      satisfy an EXTEND request.  Mitigates CVE-2011-2768, by
-      preventing an attacker from determining whether an unpatched
-      client is connected to a patched relay.  Bugfix on FIXME; found
-      by frosty_un.
-
-    - Don't assign the Guard flag to relays running a version of Tor
-      which would use an OR connection on which it has received a
-      CREATE_FAST cell to satisfy an EXTEND request.  Mitigates
-      CVE-2011-2768, by ensuring that clients will not connect
-      directly to any relay which an attacker could probe for an
-      unpatched client's connections.
-
diff --git a/changes/issue-2011-10-23G b/changes/issue-2011-10-23G
deleted file mode 100644
index 45f8675..0000000
--- a/changes/issue-2011-10-23G
+++ /dev/null
@@ -1,9 +0,0 @@
-  o Security fixes:
-
-    - Reject CREATE and CREATE_FAST cells on outgoing OR connections
-      from a bridge to a relay.  Previously, we would accept them and
-      handle them normally, thereby allowing a malicious relay to
-      easily distinguish bridges which connect to it from clients.
-      Fixes CVE-2011-2769.  Bugfix on 0.2.0.3-alpha, when bridges were
-      implemented; found by frosty_un.
-

More information about the tor-commits mailing list