1
Changes in version 0.2.1.32 - 2011-12-16
2
Tor 0.2.1.32 backports important security and privacy fixes for
3
oldstable. This release is intended only for package maintainers and
4
others who cannot use the 0.2.2 stable series. All others should be
5
using Tor 0.2.2.x or newer.
7
The Tor 0.2.1.x series will reach formal end-of-life some time in
8
early 2012; we will stop releasing patches for it then.
10
o Major bugfixes (also included in 0.2.2.x):
11
- Correctly sanity-check that we don't underflow on a memory
12
allocation (and then assert) for hidden service introduction
13
point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410;
14
bugfix on 0.2.1.5-alpha.
15
- Fix a heap overflow bug that could occur when trying to pull
16
data into the first chunk of a buffer, when that chunk had
17
already had some data drained from it. Fixes CVE-2011-2778;
18
bugfix on 0.2.0.16-alpha. Reported by "Vektor".
21
- Update to the December 6 2011 Maxmind GeoLite Country database.
24
Changes in version 0.2.1.31 - 2011-10-26
25
Tor 0.2.1.31 backports important security and privacy fixes for
26
oldstable. This release is intended only for package maintainers and
27
others who cannot use the 0.2.2 stable series. All others should be
28
using Tor 0.2.2.x or newer.
30
o Security fixes (also included in 0.2.2.x):
31
- Replace all potentially sensitive memory comparison operations
32
with versions whose runtime does not depend on the data being
33
compared. This will help resist a class of attacks where an
34
adversary can use variations in timing information to learn
35
sensitive data. Fix for one case of bug 3122. (Safe memcmp
36
implementation by Robert Ransom based partially on code by DJB.)
37
- Fix an assert in parsing router descriptors containing IPv6
38
addresses. This one took down the directory authorities when
39
somebody tried some experimental code. Bugfix on 0.2.1.3-alpha.
41
o Privacy/anonymity fixes (also included in 0.2.2.x):
42
- Clients and bridges no longer send TLS certificate chains on
43
outgoing OR connections. Previously, each client or bridge would
44
use the same cert chain for all outgoing OR connections until
45
its IP address changes, which allowed any relay that the client
46
or bridge contacted to determine which entry guards it is using.
47
Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
48
- If a relay receives a CREATE_FAST cell on a TLS connection, it
49
no longer considers that connection as suitable for satisfying a
50
circuit EXTEND request. Now relays can protect clients from the
51
CVE-2011-2768 issue even if the clients haven't upgraded yet.
52
- Bridges now refuse CREATE or CREATE_FAST cells on OR connections
53
that they initiated. Relays could distinguish incoming bridge
54
connections from client connections, creating another avenue for
55
enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
57
- When receiving a hidden service descriptor, check that it is for
58
the hidden service we wanted. Previously, Tor would store any
59
hidden service descriptors that a directory gave it, whether it
60
wanted them or not. This wouldn't have let an attacker impersonate
61
a hidden service, but it did let directories pre-seed a client
62
with descriptors that it didn't want. Bugfix on 0.0.6.
63
- Avoid linkability based on cached hidden service descriptors: forget
64
all hidden service descriptors cached as a client when processing a
65
SIGNAL NEWNYM command. Fixes bug 3000; bugfix on 0.0.6.
66
- Make the bridge directory authority refuse to answer directory
67
requests for "all" descriptors. It used to include bridge
68
descriptors in its answer, which was a major information leak.
69
Found by "piebeer". Bugfix on 0.2.0.3-alpha.
70
- Don't attach new streams to old rendezvous circuits after SIGNAL
71
NEWNYM. Previously, we would keep using an existing rendezvous
72
circuit if it remained open (i.e. if it were kept open by a
73
long-lived stream, or if a new stream were attached to it before
74
Tor could notice that it was old and no longer in use). Bugfix on
75
0.1.1.15-rc; fixes bug 3375.
77
o Minor bugfixes (also included in 0.2.2.x):
78
- When we restart our relay, we might get a successful connection
79
from the outside before we've started our reachability tests,
80
triggering a warning: "ORPort found reachable, but I have no
81
routerinfo yet. Failing to inform controller of success." This
82
bug was harmless unless Tor is running under a controller
83
like Vidalia, in which case the controller would never get a
84
REACHABILITY_SUCCEEDED status event. Bugfix on 0.1.2.6-alpha;
86
- Build correctly on OSX with zlib 1.2.4 and higher with all warnings
87
enabled. Fixes bug 1526.
88
- Remove undocumented option "-F" from tor-resolve: it hasn't done
89
anything since 0.2.1.16-rc.
90
- Avoid signed/unsigned comparisons by making SIZE_T_CEILING unsigned.
91
None of the cases where we did this before were wrong, but by making
92
this change we avoid warnings. Fixes bug 2475; bugfix on 0.2.1.28.
93
- Fix a rare crash bug that could occur when a client was configured
94
with a large number of bridges. Fixes bug 2629; bugfix on
95
0.2.1.2-alpha. Bugfix by trac user "shitlei".
96
- Correct the warning displayed when a rendezvous descriptor exceeds
97
the maximum size. Fixes bug 2750; bugfix on 0.2.1.5-alpha. Found by
99
- Fix an uncommon assertion failure when running with DNSPort under
100
heavy load. Fixes bug 2933; bugfix on 0.2.0.1-alpha.
101
- When warning about missing zlib development packages during compile,
102
give the correct package names. Bugfix on 0.2.0.1-alpha.
103
- Require that introduction point keys and onion keys have public
104
exponent 65537. Bugfix on 0.2.0.10-alpha.
105
- Do not crash when our configuration file becomes unreadable, for
106
example due to a permissions change, between when we start up
107
and when a controller calls SAVECONF. Fixes bug 3135; bugfix
109
- Fix warnings from GCC 4.6's "-Wunused-but-set-variable" option.
111
- Always NUL-terminate the sun_path field of a sockaddr_un before
112
passing it to the kernel. (Not a security issue: kernels are
113
smart enough to reject bad sockaddr_uns.) Found by Coverity;
114
CID #428. Bugfix on Tor 0.2.0.3-alpha.
115
- Don't stack-allocate the list of supplementary GIDs when we're
116
about to log them. Stack-allocating NGROUPS_MAX gid_t elements
117
could take up to 256K, which is way too much stack. Found by
118
Coverity; CID #450. Bugfix on 0.2.1.7-alpha.
120
o Minor bugfixes (only in 0.2.1.x):
121
- Resume using micro-version numbers in 0.2.1.x: our Debian packages
122
rely on them. Bugfix on 0.2.1.30.
123
- Use git revisions instead of svn revisions when generating our
124
micro-version numbers. Bugfix on 0.2.1.15-rc; fixes bug 2402.
126
o Minor features (also included in 0.2.2.x):
127
- Adjust the expiration time on our SSL session certificates to
128
better match SSL certs seen in the wild. Resolves ticket 4014.
129
- Allow nameservers with IPv6 address. Resolves bug 2574.
130
- Update to the October 4 2011 Maxmind GeoLite Country database.
133
Changes in version 0.2.1.30 - 2011-02-23
134
Tor 0.2.1.30 fixes a variety of less critical bugs. The main other
135
change is a slight tweak to Tor's TLS handshake that makes relays
136
and bridges that run this new version reachable from Iran again.
137
We don't expect this tweak will win the arms race long-term, but it
138
buys us time until we roll out a better solution.
141
- Stop sending a CLOCK_SKEW controller status event whenever
142
we fetch directory information from a relay that has a wrong clock.
143
Instead, only inform the controller when it's a trusted authority
144
that claims our clock is wrong. Bugfix on 0.1.2.6-alpha; fixes
145
the rest of bug 1074.
146
- Fix a bounds-checking error that could allow an attacker to
147
remotely crash a directory authority. Bugfix on 0.2.1.5-alpha.
149
- If relays set RelayBandwidthBurst but not RelayBandwidthRate,
150
Tor would ignore their RelayBandwidthBurst setting,
151
potentially using more bandwidth than expected. Bugfix on
152
0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470.
153
- Ignore and warn if the user mistakenly sets "PublishServerDescriptor
154
hidserv" in her torrc. The 'hidserv' argument never controlled
155
publication of hidden service descriptors. Bugfix on 0.2.0.1-alpha.
158
- Adjust our TLS Diffie-Hellman parameters to match those used by
160
- Update to the February 1 2011 Maxmind GeoLite Country database.
163
- Check for and reject overly long directory certificates and
164
directory tokens before they have a chance to hit any assertions.
165
Bugfix on 0.2.1.28. Found by "doorss".
166
- Bring the logic that gathers routerinfos and assesses the
167
acceptability of circuits into line. This prevents a Tor OP from
168
getting locked in a cycle of choosing its local OR as an exit for a
169
path (due to a .exit request) and then rejecting the circuit because
170
its OR is not listed yet. It also prevents Tor clients from using an
171
OR running in the same instance as an exit (due to a .exit request)
172
if the OR does not meet the same requirements expected of an OR
173
running elsewhere. Fixes bug 1859; bugfix on 0.1.0.1-rc.
176
- Stop shipping the Tor specs files and development proposal documents
177
in the tarball. They are now in a separate git repository at
178
git://git.torproject.org/torspec.git
179
- Do not include Git version tags as though they are SVN tags when
180
generating a tarball from inside a repository that has switched
181
between branches. Bugfix on 0.2.1.15-rc; fixes bug 2402.
1
184
Changes in version 0.2.1.29 - 2011-01-15
2
185
Tor 0.2.1.29 continues our recent code security audit work. The main
3
186
fix resolves a remote heap overflow vulnerability that can allow remote