diff options
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 144 |
1 files changed, 144 insertions, 0 deletions
@@ -1,3 +1,147 @@ +Changes in version 0.2.2.36 - 2012-05-24 + Tor 0.2.2.36 updates the addresses for two of the eight directory + authorities, fixes some potential anonymity and security issues, + and fixes several crash bugs. + + Tor 0.2.1.x has reached its end-of-life. Those Tor versions have many + known flaws, and nobody should be using them. You should upgrade. If + you're using a Linux or BSD and its packages are obsolete, stop using + those packages and upgrade anyway. + + o Directory authority changes: + - Change IP address for maatuska (v3 directory authority). + - Change IP address for ides (v3 directory authority), and rename + it to turtles. + + o Security fixes: + - When building or running with any version of OpenSSL earlier + than 0.9.8s or 1.0.0f, disable SSLv3 support. These OpenSSL + versions have a bug (CVE-2011-4576) in which their block cipher + padding includes uninitialized data, potentially leaking sensitive + information to any peer with whom they make a SSLv3 connection. Tor + does not use SSL v3 by default, but a hostile client or server + could force an SSLv3 connection in order to gain information that + they shouldn't have been able to get. The best solution here is to + upgrade to OpenSSL 0.9.8s or 1.0.0f (or later). But when building + or running with a non-upgraded OpenSSL, we disable SSLv3 entirely + to make sure that the bug can't happen. + - Never use a bridge or a controller-supplied node as an exit, even + if its exit policy allows it. Found by wanoskarnet. Fixes bug + 5342. Bugfix on 0.1.1.15-rc (for controller-purpose descriptors) + and 0.2.0.3-alpha (for bridge-purpose descriptors). + - Only build circuits if we have a sufficient threshold of the total + descriptors that are marked in the consensus with the "Exit" + flag. This mitigates an attack proposed by wanoskarnet, in which + all of a client's bridges collude to restrict the exit nodes that + the client knows about. Fixes bug 5343. + - Provide controllers with a safer way to implement the cookie + authentication mechanism. With the old method, if another locally + running program could convince a controller that it was the Tor + process, then that program could trick the contoller into telling + it the contents of an arbitrary 32-byte file. The new "SAFECOOKIE" + authentication method uses a challenge-response approach to prevent + this attack. Fixes bug 5185; implements proposal 193. + + o Major bugfixes: + - Avoid logging uninitialized data when unable to decode a hidden + service descriptor cookie. Fixes bug 5647; bugfix on 0.2.1.5-alpha. + - Avoid a client-side assertion failure when receiving an INTRODUCE2 + cell on a general purpose circuit. Fixes bug 5644; bugfix on + 0.2.1.6-alpha. + - Fix builds when the path to sed, openssl, or sha1sum contains + spaces, which is pretty common on Windows. Fixes bug 5065; bugfix + on 0.2.2.1-alpha. + - Correct our replacements for the timeradd() and timersub() functions + on platforms that lack them (for example, Windows). The timersub() + function is used when expiring circuits, while timeradd() is + currently unused. Bug report and patch by Vektor. Fixes bug 4778; + bugfix on 0.2.2.24-alpha. + - Fix the SOCKET_OK test that we use to tell when socket + creation fails so that it works on Win64. Fixes part of bug 4533; + bugfix on 0.2.2.29-beta. Bug found by wanoskarnet. + + o Minor bugfixes: + - Reject out-of-range times like 23:59:61 in parse_rfc1123_time(). + Fixes bug 5346; bugfix on 0.0.8pre3. + - Make our number-parsing functions always treat too-large values + as an error, even when those values exceed the width of the + underlying type. Previously, if the caller provided these + functions with minima or maxima set to the extreme values of the + underlying integer type, these functions would return those + values on overflow rather than treating overflow as an error. + Fixes part of bug 5786; bugfix on 0.0.9. + - Older Linux kernels erroneously respond to strange nmap behavior + by having accept() return successfully with a zero-length + socket. When this happens, just close the connection. Previously, + we would try harder to learn the remote address: but there was + no such remote address to learn, and our method for trying to + learn it was incorrect. Fixes bugs 1240, 4745, and 4747. Bugfix + on 0.1.0.3-rc. Reported and diagnosed by "r1eo". + - Correct parsing of certain date types in parse_http_time(). + Without this patch, If-Modified-Since would behave + incorrectly. Fixes bug 5346; bugfix on 0.2.0.2-alpha. Patch from + Esteban Manchado Velázques. + - Change the BridgePassword feature (part of the "bridge community" + design, which is not yet implemented) to use a time-independent + comparison. The old behavior might have allowed an adversary + to use timing to guess the BridgePassword value. Fixes bug 5543; + bugfix on 0.2.0.14-alpha. + - Detect and reject certain misformed escape sequences in + configuration values. Previously, these values would cause us + to crash if received in a torrc file or over an authenticated + control port. Bug found by Esteban Manchado Velázquez, and + independently by Robert Connolly from Matta Consulting who further + noted that it allows a post-authentication heap overflow. Patch + by Alexander Schrijver. Fixes bugs 5090 and 5402 (CVE 2012-1668); + bugfix on 0.2.0.16-alpha. + - Fix a compile warning when using the --enable-openbsd-malloc + configure option. Fixes bug 5340; bugfix on 0.2.0.20-rc. + - During configure, detect when we're building with clang version + 3.0 or lower and disable the -Wnormalized=id and -Woverride-init + CFLAGS. clang doesn't support them yet. + - When sending an HTTP/1.1 proxy request, include a Host header. + Fixes bug 5593; bugfix on 0.2.2.1-alpha. + - Fix a NULL-pointer dereference on a badly formed SETCIRCUITPURPOSE + command. Found by mikeyc. Fixes bug 5796; bugfix on 0.2.2.9-alpha. + - If we hit the error case where routerlist_insert() replaces an + existing (old) server descriptor, make sure to remove that + server descriptor from the old_routers list. Fix related to bug + 1776. Bugfix on 0.2.2.18-alpha. + + o Minor bugfixes (documentation and log messages): + - Fix a typo in a log message in rend_service_rendezvous_has_opened(). + Fixes bug 4856; bugfix on Tor 0.0.6. + - Update "ClientOnly" man page entry to explain that there isn't + really any point to messing with it. Resolves ticket 5005. + - Document the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays + directory authority option (introduced in Tor 0.2.2.34). + - Downgrade the "We're missing a certificate" message from notice + to info: people kept mistaking it for a real problem, whereas it + is seldom the problem even when we are failing to bootstrap. Fixes + bug 5067; bugfix on 0.2.0.10-alpha. + - Correctly spell "connect" in a log message on failure to create a + controlsocket. Fixes bug 4803; bugfix on 0.2.2.26-beta. + - Clarify the behavior of MaxCircuitDirtiness with hidden service + circuits. Fixes issue 5259. + + o Minor features: + - Directory authorities now reject versions of Tor older than + 0.2.1.30, and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha + inclusive. These versions accounted for only a small fraction of + the Tor network, and have numerous known security issues. Resolves + issue 4788. + - Update to the May 1 2012 Maxmind GeoLite Country database. + + - Feature removal: + - When sending or relaying a RELAY_EARLY cell, we used to convert + it to a RELAY cell if the connection was using the v1 link + protocol. This was a workaround for older versions of Tor, which + didn't handle RELAY_EARLY cells properly. Now that all supported + versions can handle RELAY_EARLY cells, and now that we're enforcing + the "no RELAY_EXTEND commands except in RELAY_EARLY cells" rule, + remove this workaround. Addresses bug 4786. + + Changes in version 0.2.3.15-alpha - 2012-04-30 Tor 0.2.3.15-alpha fixes a variety of smaller bugs, including making the development branch build on Windows again. |