[tor-commits] [tor/release-0.2.2] fold in 0.2.2 changes entries
arma at torproject.org
arma at torproject.org
Mon Apr 23 07:58:52 UTC 2012
commit ac3f516cd5803dccddadf7e00349b91615d29abb
Author: Roger Dingledine <arma at torproject.org>
Date: Mon Apr 23 03:58:26 2012 -0400
fold in 0.2.2 changes entries
---
ChangeLog | 82 +++++++++++++++++++++++++++++++++++++----
changes/bridgepassword | 11 ------
changes/bug4012_022 | 3 --
changes/bug4533_part2 | 5 ---
changes/bug4856 | 3 --
changes/bug5005 | 3 --
changes/bug5065 | 5 ---
changes/bug5067 | 5 ---
changes/bug5090 | 7 ----
changes/bug5340 | 3 --
changes/bug5342 | 3 --
changes/bug5343 | 7 ----
changes/bug5593 | 3 --
changes/bug5644 | 5 ---
changes/bug5647 | 4 --
changes/geoip-april2012 | 3 --
changes/geoip-february2012 | 3 --
changes/geoip-march2012 | 3 --
changes/ides-becomes-turtles | 4 --
changes/maatuska-ip | 3 --
changes/safecookie | 9 -----
21 files changed, 74 insertions(+), 100 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index b4a75be..26ad99c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,17 @@
Changes in version 0.2.2.36 - 2012-04-??
- o Major security workaround:
+
+ With this release, we remind everyone that 0.2.1.x has reached its
+ formal end-of-life. Those Tor versions have many known flaws, and
+ nobody should be using them. You should upgrade. If you're using a
+ Linux or BSD and its packages are obsolete, stop using those packages
+ and upgrade anyway.
+
+ o Directory authority changes:
+ - Change IP address for maatuska (v3 directory authority).
+ - Change IP address for ides (v3 directory authority), and rename
+ it to turtles.
+
+ o Security fixes:
- When building or running with any version of OpenSSL earlier
than 0.9.8s or 1.0.0f, disable SSLv3 support. These OpenSSL
versions have a bug (CVE-2011-4576) in which their block cipher
@@ -11,13 +23,40 @@ Changes in version 0.2.2.36 - 2012-04-??
upgrade to OpenSSL 0.9.8s or 1.0.0f (or later). But when building
or running with a non-upgraded OpenSSL, we disable SSLv3 entirely
to make sure that the bug can't happen.
+ - Never use a bridge or a controller-supplied node as an exit, even
+ if its exit policy allows it. Found by wanoskarnet. Fixes bug
+ 5342. Bugfix on 0.1.1.15-rc (for controller-purpose descriptors)
+ and 0.2.0.3-alpha (for bridge-purpose descriptors).
+ - Only build circuits if we have a sufficient threshold of the total
+ descriptors that are marked in the consensus with the "Exit"
+ flag. This mitigates an attack proposed by wanoskarnet, in which
+ all of a client's bridges collude to restrict the exit nodes that
+ the client knows about. Fixes bug 5343.
+ - Provide controllers with a safer way to implement the cookie
+ authentication mechanism. With the old method, if another locally
+ running program could convince a controller that it was the Tor
+ process, then that program could trick the contoller into telling
+ it the contents of an arbitrary 32-byte file. The new "SAFECOOKIE"
+ authentication method uses a challenge-response approach to prevent
+ this attack. Fixes bug 5185, implements proposal 193.
o Major bugfixes:
+ - Avoid logging uninitialized data when unable to decode a hidden
+ service descriptor cookie. Fixes bug 5647; bugfix on 0.2.1.5-alpha.
+ - Avoid a client-side assertion failure when receiving an INTRODUCE2
+ cell on a general purpose circuit. Fixes bug 5644; bugfix on
+ 0.2.1.6-alpha.
+ - Fix builds when the path to sed, openssl, or sha1sum contains
+ spaces, which is pretty common on Windows. Fixes bug 5065; bugfix
+ on 0.2.2.1-alpha.
- Correct our replacements for the timeradd() and timersub() functions
on platforms that lack them (for example, Windows). The timersub()
function is used when expiring circuits, while timeradd() is
currently unused. Bug report and patch by Vektor. Fixes bug 4778;
- bugfix on 0.2.2.24-alpha and 0.2.3.1-alpha.
+ bugfix on 0.2.2.24-alpha.
+ - Fix the SOCKET_OK test that we use to tell when socket
+ creation fails so that it works on Win64. Fixes part of bug 4533;
+ bugfix on 0.2.2.29-beta. Bug found by wanoskarnet.
o Minor bugfixes:
- Older Linux kernels erroneously respond to strange nmap behavior
@@ -27,6 +66,38 @@ Changes in version 0.2.2.36 - 2012-04-??
no such remote address to learn, and our method for trying to
learn it was incorrect. Fixes bugs 1240, 4745, and 4747. Bugfix
on 0.1.0.3-rc. Reported and diagnosed by "r1eo".
+ - Change the BridgePassword feature (part of the "bridge community"
+ design, which is not yet implemented) to use a time-independent
+ comparison. The old behavior might have allowed an adversary
+ to use timing to guess the BridgePassword value. Fixes bug 5543;
+ bugfix on 0.2.0.14-alpha.
+ - Detect and reject certain misformed escape sequences in
+ configuration values. Previously, these values would cause us
+ to crash if received in a torrc file or over an authenticated
+ control port. Bug found by Esteban Manchado Velázquez, and
+ independently by Robert Connolly from Matta Consulting who further
+ noted that it allows a post-authentication heap overflow. Patch
+ by Alexander Schrijver. Fixes bugs 5090 and 5402 (CVE 2012-1668);
+ bugfix on 0.2.0.16-alpha.
+ - Fix a compile warning when using the --enable-openbsd-malloc
+ configure option. Fixes bug 5340; bugfix on 0.2.0.20-rc.
+ - During configure, detect when we're building with clang version
+ 3.0 or lower and disable the -Wnormalized=id and -Woverride-init
+ CFLAGS. clang doesn't support them yet.
+ - When sending an HTTP/1.1 proxy request, include a Host header.
+ Fixes bug 5593; bugfix on 0.2.2.1-alpha.
+
+ o Minor bugfixes (documentation and log messages):
+ - Fix a typo in a log message in rend_service_rendezvous_has_opened().
+ Fixes bug 4856; bugfix on Tor 0.0.6.
+ - Update "ClientOnly" man page entry to explain that there isn't
+ really any point to messing with it. Resolves ticket 5005.
+ - Document the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
+ directory authority option (introduced in Tor 0.2.2.34).
+ - Downgrade the "We're missing a certificate" message from notice
+ to info: people kept mistaking it for a real problem, whereas it
+ is seldom the problem even when we are failing to bootstrap. Fixes
+ bug 5067; bugfix on 0.2.0.10-alpha.
- Correctly spell "connect" in a log message on failure to create a
controlsocket. Fixes bug 4803; bugfix on 0.2.2.26-beta.
@@ -36,7 +107,7 @@ Changes in version 0.2.2.36 - 2012-04-??
inclusive. These versions accounted for only a small fraction of
the Tor network, and have numerous known security issues. Resolves
issue 4788.
- - Update to the January 3 2012 Maxmind GeoLite Country database.
+ - Update to the April 3 2012 Maxmind GeoLite Country database.
- Feature removal:
- When sending or relaying a RELAY_EARLY cell, we used to convert
@@ -47,11 +118,6 @@ Changes in version 0.2.2.36 - 2012-04-??
the "no RELAY_EXTEND commands except in RELAY_EARLY cells" rule,
remove this workaround. Addresses bug 4786.
- o Code simplifications and refactoring:
- - During configure, detect when we're building with clang version
- 3.0 or lower and disable the -Wnormalized=id and -Woverride-init
- CFLAGS. clang doesn't support them yet.
-
Changes in version 0.2.2.35 - 2011-12-16
Tor 0.2.2.35 fixes a critical heap-overflow security issue in Tor's
diff --git a/changes/bridgepassword b/changes/bridgepassword
deleted file mode 100644
index 5f0e250..0000000
--- a/changes/bridgepassword
+++ /dev/null
@@ -1,11 +0,0 @@
- o Security fixes:
- - When using the debuging BridgePassword field, a bridge authority
- now compares alleged passwords by hashing them, then comparing
- the result to a digest of the expected authenticator. This avoids
- a potential side-channel attack in the previous code, which
- had foolishly used strcmp(). Fortunately, the BridgePassword field
- *is not in use*, but if it had been, the timing
- behavior of strcmp() might have allowed an adversary to guess the
- BridgePassword value, and enumerate the bridges. Bugfix on
- 0.2.0.14-alpha. Fixes bug 5543.
-
diff --git a/changes/bug4012_022 b/changes/bug4012_022
deleted file mode 100644
index f101db5..0000000
--- a/changes/bug4012_022
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (documentation):
- - Document the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
- directory authority option (introduced in Tor 0.2.2.34).
diff --git a/changes/bug4533_part2 b/changes/bug4533_part2
deleted file mode 100644
index 7e0f7c3..0000000
--- a/changes/bug4533_part2
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes:
- - Fix the SOCKET_OK test that we use to tell when socket
- creation fails so that it works on Win64. Fixes part of bug
- 4533; bugfix on 0.2.2.29-beta. Bug found by wanoskarnet.
-
diff --git a/changes/bug4856 b/changes/bug4856
deleted file mode 100644
index fa284a0..0000000
--- a/changes/bug4856
+++ /dev/null
@@ -1,3 +0,0 @@
- o Trivial bugfixes
- - Fix a typo in a log message in rend_service_rendezvous_has_opened().
- Fixes bug 4856; bugfix on Tor 0.0.6.
diff --git a/changes/bug5005 b/changes/bug5005
deleted file mode 100644
index 04d8dfe..0000000
--- a/changes/bug5005
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - Update "ClientOnly" man page entry to explain that there isn't
- really any point to messing with it. Resolves ticket 5005.
diff --git a/changes/bug5065 b/changes/bug5065
deleted file mode 100644
index d195313..0000000
--- a/changes/bug5065
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes:
- - Fix build if path to sed, openssl or sha1sum contains spaces.
- This is pretty common on Windows. Fixes bug 5065; bugfix on
- 0.2.2.1-alpha.
-
diff --git a/changes/bug5067 b/changes/bug5067
deleted file mode 100644
index d94b921..0000000
--- a/changes/bug5067
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (usability):
- - Downgrade the "We're missing a certificate" message from notice
- to info: people kept mistaking it for a real problem, whereas it
- is only a problem when we are failing to bootstrap. Fixes bug
- 5067; bugfix on 0.2.10-alpha.
diff --git a/changes/bug5090 b/changes/bug5090
deleted file mode 100644
index d47858c..0000000
--- a/changes/bug5090
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes:
- - Detect and reject certain misformed escape sequences in configuration
- values. Previously, these values would cause us to crash if received
- in a torrc file or over an (authenticated) control port. Bug found by
- Esteban Manchado Velázquez. Patch by Alexander Schrijver. Fix for
- bug 5090; bugfix on 0.2.0.16-alpha.
-
diff --git a/changes/bug5340 b/changes/bug5340
deleted file mode 100644
index 708988a..0000000
--- a/changes/bug5340
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - Fix a compile warning when using the --enable-openbsd-malloc configure
- option. Fixes bug 5340; bugfix on 0.2.0.20-rc.
diff --git a/changes/bug5342 b/changes/bug5342
deleted file mode 100644
index b2ae451..0000000
--- a/changes/bug5342
+++ /dev/null
@@ -1,3 +0,0 @@
- o Security fixes:
- - Never use a bridge as an exit, even if it claims to be one. Found by
- wanoskarnet. Fixes bug 5342. Bugfix on ????.
diff --git a/changes/bug5343 b/changes/bug5343
deleted file mode 100644
index e4e1489..0000000
--- a/changes/bug5343
+++ /dev/null
@@ -1,7 +0,0 @@
- o Security fixes:
- - Only build circuits if we have a sufficient threshold of the total
- descriptors marked in the consensus with the "Exit" flag. This
- mitigates an attack proposed by wanoskarnet, in which all of a
- client's bridges collude to restrict the exit nodes that the
- client knows about. Fixes bug 5343.
-
diff --git a/changes/bug5593 b/changes/bug5593
deleted file mode 100644
index 358e8de..0000000
--- a/changes/bug5593
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes:
- - When sending an HTTP/1.1 proxy request, include a Host header.
- Fixes bug 5593; bugfix on 0.2.2.1-alpha.
diff --git a/changes/bug5644 b/changes/bug5644
deleted file mode 100644
index a390eba..0000000
--- a/changes/bug5644
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes
- - Prevent a client-side assertion failure when receiving an
- INTRODUCE2 cell by an exit relay, in a general purpose
- circuit. Fixes bug 5644; bugfix on tor-0.2.1.6-alpha
-
diff --git a/changes/bug5647 b/changes/bug5647
deleted file mode 100644
index 92f41c8..0000000
--- a/changes/bug5647
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes:
- - Avoid logging uninitialized data when unable to decode a hidden
- service descriptor cookie. Fixes bug 5647; bugfix on 0.2.1.5-alpha.
-
diff --git a/changes/geoip-april2012 b/changes/geoip-april2012
deleted file mode 100644
index 66720c6..0000000
--- a/changes/geoip-april2012
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the April 3 2012 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-february2012 b/changes/geoip-february2012
deleted file mode 100644
index 0711654..0000000
--- a/changes/geoip-february2012
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the February 7 2012 Maxmind GeoLite Country database.
-
diff --git a/changes/geoip-march2012 b/changes/geoip-march2012
deleted file mode 100644
index 0f66d8f..0000000
--- a/changes/geoip-march2012
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the March 6 2012 Maxmind GeoLite Country database.
-
diff --git a/changes/ides-becomes-turtles b/changes/ides-becomes-turtles
deleted file mode 100644
index 09d964f..0000000
--- a/changes/ides-becomes-turtles
+++ /dev/null
@@ -1,4 +0,0 @@
- o Directory authority changes:
- - Change IP address for ides (v3 directory authority), and rename it to
- turtles.
-
diff --git a/changes/maatuska-ip b/changes/maatuska-ip
deleted file mode 100644
index a00b43f..0000000
--- a/changes/maatuska-ip
+++ /dev/null
@@ -1,3 +0,0 @@
- o Directory authority changes:
- - Change IP address for maatuska (v3 directory authority).
-
diff --git a/changes/safecookie b/changes/safecookie
deleted file mode 100644
index fd7d7af..0000000
--- a/changes/safecookie
+++ /dev/null
@@ -1,9 +0,0 @@
- o Security Features:
- - Provide controllers with a safer way to implement the cookie
- authentication mechanism. With the old method, if another locally
- running program could convince a controller that it was the Tor
- process, then that program could trick the contoller into
- telling it the contents of an arbitrary 32-byte file. The new
- "SAFECOOKIE" authentication method uses a challenge-response
- approach to prevent this. Fixes bug 5185, implements proposal 193.
-
More information about the tor-commits
mailing list