| Commit message (Expand) | Author | Age |
|---|
| * | Update to the December 2012 GeoIP database. | Karsten Loesing | 2012-12-13 |
| * | Update to the November 2012 GeoIP database. | Karsten Loesing | 2012-12-13 |
| * | Add a changes file for bug 7191. | Nick Mathewson | 2012-10-23 |
| * | Disable TLS Session Tickets, which we were apparently getting for free•••OpenSSL 1.0.0 added an implementation of TLS session tickets, a
"feature" that let session resumption occur without server-side state
by giving clients an encrypted "ticket" that the client could present
later to get the session going again with the same keys as before.
OpenSSL was giving the keys to decrypt these tickets the lifetime of
the SSL contexts, which would have been terrible for PFS if we had
long-lived SSL contexts. Fortunately, we don't. Still, it's pretty
bad. We should also drop these, since our use of the extension stands
out with our non-use of session cacheing.
Found by nextgens. Bugfix on all versions of Tor when built with
openssl 1.0.0 or later. Fixes bug 7139.
| Nick Mathewson | 2012-10-19 |
| * | Fix assertion failure in tor_timegm.•••Fixes bug 6811.
| Nick Mathewson | 2012-09-11 |
| * | Do not assert when comparing a null address/port against a policy•••This can create a remote crash opportunity for/against directory
authorities.
| Nick Mathewson | 2012-08-27 |
| * | Try to clarify impact of bug 6537•••I don't personally agree that this is likely to be easy to exploit,
and some initial experimention I've done suggests that cache-miss
times are just plain too fast to get useful info out of when they're
mixed up with the rest of Tor's timing noise. Nevertheless, I'm
leaving Robert's initial changelog entry in the git history so that he
can be the voice of reason if I'm wrong. :)
| Nick Mathewson | 2012-08-03 |
| * | Mitigate a side-channel leak of which relays Tor chooses for a circuit•••Tor's and OpenSSL's current design guarantee that there are other leaks,
but this one is likely to be more easily exploitable, and is easy to fix.
| Robert Ransom | 2012-08-03 |
| * | Clarify security impact of bug 6530 | Nick Mathewson | 2012-08-03 |
| * | Avoid possible segfault when handling networkstatus vote with bad flavor•••Fix for 6530; fix on 0.2.2.6-alpha.
| Nick Mathewson | 2012-08-03 |
| * | Revert to the May 2012 geoip db•••The June 2012 db marks too many relays as country "A1".
Addresses bug 6334.
| Roger Dingledine | 2012-07-06 |
| * | Update to the June 2012 GeoIP database.•••Manually removed range 0.116.0.0 to 0.119.255.255 which Maxmind says is
assigned to AT. This is very likely a bug in their database, because
0.0.0.0/8 is a reserved range.
| Karsten Loesing | 2012-06-13 |
| * | Send a CRLF at the end of a STATUS_* event, not in the middle of it•••Fixes bug 6094; bugfix on commit 3a9351b57e528b1d0bd2e72bcf78db7c91b2ff8f.
| Robert Ransom | 2012-06-07 |
| * | Merge remote-tracking branch 'public/bug6007_strict_squashed' into maint-0.2.2 | Nick Mathewson | 2012-06-04 |
| |\ |
|
| | * | Kill non-open OR connections with any data on their inbufs.•••This fixes a DoS issue where a client could send so much data in 5
minutes that they exhausted the server's RAM. Fix for bug 5934 and
6007. Bugfix on 0.2.0.20-rc, which enabled the v2 handshake.
| Nick Mathewson | 2012-06-04 |
| * | | Merge remote-tracking branch 'public/bug6033' into maint-0.2.2 | Nick Mathewson | 2012-06-04 |
| |\ \ |
|
| | * | | Work around a bug in OpenSSL 1.0.1's TLS 1.1 and TLS 1.2 support•••It appears that when OpenSSL negotiates a 1.1 or 1.2 connection, and it
decides to renegotiate, the client will send a record with version "1.0"
rather than with the current TLS version. This would cause the
connection to fail whenever both sides had OpenSSL 1.0.1, and the v2 Tor
handshake was in use.
As a workaround, disable TLS 1.1 and TLS 1.2. When a later version of
OpenSSL is released, we can make this conditional on running a fixed
version of OpenSSL.
Alternatively, we could disable TLS 1.1 and TLS 1.2 only on the client
side. But doing it this way for now means that we not only fix TLS with
patched clients; we also fix TLS when the server has this patch and the
client does not. That could be important to keep the network running
well.
Fixes bug 6033.
| Nick Mathewson | 2012-06-02 |
| * | | | add changes file for bug 5283•••I called it a bugfix on 0.2.0.10-alpha, since git commit e5885deab is
where we introduced anonymized begin_dir connections.
| Roger Dingledine | 2012-05-31 |
| | |/
|/| |
|
| * | | Add __attribute__(format)s for our varargs printf/scanf wrappers•••It turns out that if you set the third argument of
__attribute__(format) to 0, GCC and Clang will check the format
argument without expecting to find variadic arguments. This is the
correct behavior for vsnprintf, vasprintf, and vscanf.
I'm hoping this will fix bug 5969 (a clang warning) by telling clang that
the format argument to tor_vasprintf is indeed a format string.
| Nick Mathewson | 2012-05-30 |
| |/ |
|
| * | Remove more dubiosity in struct tm handling. related to bug5346 | Nick Mathewson | 2012-05-16 |
| * | changes file for branch bug5346 | Nick Mathewson | 2012-05-16 |
| * | Correct the bulletproofing of routerlist_insert()•••The original code updated some variables, but forgot to remove a
replaced old-routerdesc from rl->old_routers.
Related to bug 1776.
| Nick Mathewson | 2012-05-16 |
| * | Clarify MaxCircuitDirtiness behavior with hidden services. Bug 5259. | Nick Mathewson | 2012-05-15 |
| * | Merge branch 'bug5796_022_squashed' into maint-0.2.2 | Nick Mathewson | 2012-05-15 |
| |\ |
|
| | * | Fix a crash bug on SETCIRCUITPURPOSE. | Nick Mathewson | 2012-05-15 |
| * | | Merge remote-tracking branch 'karsten/geoip-may2012' into maint-0.2.2 | Nick Mathewson | 2012-05-15 |
| |\ \ |
|
| | * | | Update to the May 2012 GeoIP database. | Karsten Loesing | 2012-05-07 |
| | |/ |
|
| * | | Merge branch 'bug5786_range_022' into maint-0.2.2 | Nick Mathewson | 2012-05-10 |
| |\ \ |
|
| | * | | Handle out-of-range values in tor_parse_* integer functions•••The underlying strtoX functions handle overflow by saturating and
setting errno to ERANGE. If the min/max arguments to the
tor_parse_* functions are equal to the minimum/maximum of the
underlying type, then with the old approach, we wouldn't treat a
too-large value as genuinely broken.
Found this while looking at bug 5786; bugfix on 19da1f36 (in Tor
0.0.9), which introduced these functions.
| Nick Mathewson | 2012-05-07 |
| | |/ |
|
| * / | Add changes/bug5760 | Ravi Chandra Padmala | 2012-05-10 |
| |/ |
|
| * | Fix a log-uninitialized-buffer bug.•••Fix for 5647; bugfix on 0.2.1.5-alpha.
| Nick Mathewson | 2012-04-18 |
| * | rend_service_introduce(): do protocol violation check before anything else.•••(Cherry-picked from 6ba13e4 by nickm)
| George Kadianakis | 2012-04-18 |
| * | Merge branch 'bug5593' into maint-0.2.2 | Nick Mathewson | 2012-04-11 |
| |\ |
|
| | * | Include a Host: header with any HTTP/1.1 proxy request•••Bugfix on 0.2.2.1-alpha, which added the orginal HTTP proxy
authentication code. Fix for bug 5593.
| Nick Mathewson | 2012-04-10 |
| * | | Update to the April 2012 GeoIP database. | Karsten Loesing | 2012-04-11 |
| |/ |
|
| * | ides has become turtles, and gotten a new IP address•••As per ticket 5569
| Sebastian Hahn | 2012-04-05 |
| * | Do not use strcmp() to compare an http authenticator to its expected value•••This fixes a side-channel attack on the (fortunately unused!)
BridgePassword option for bridge authorities. Fix for bug 5543;
bugfix on 0.2.0.14-alpha.
| Nick Mathewson | 2012-04-01 |
| * | Safe cookie authentication gets a changes file | Nick Mathewson | 2012-03-26 |
| * | Use a given name in the bug5090 message, at its holder's request. | Nick Mathewson | 2012-03-09 |
| * | Never choose a bridge as an exit. Bug 5342. | Nick Mathewson | 2012-03-09 |
| * | Merge branch 'bug5343' into maint-0.2.2 | Nick Mathewson | 2012-03-09 |
| |\ |
|
| | * | Require a threshold of exit nodes before building circuits•••This mitigates an attack proposed by wanoskarnet, in which all of a
client's bridges collude to restrict the exit nodes that the client
knows about. Fixes bug 5343.
| Nick Mathewson | 2012-03-08 |
| * | | Oops; credit bug5090 patch to flupzor. estebanm only found the bug. | Nick Mathewson | 2012-03-09 |
| * | | Correctly handle broken escape sequences in torrc values•••Previously, malformatted torrc values could crash us.
Patch by Esteban Manchado. Fixes bug 5090; fix on 0.2.0.16-alpha.
| Nick Mathewson | 2012-03-09 |
| |/ |
|
| * | Fix compile warnings in openbsd malloc | Sebastian Hahn | 2012-03-08 |
| * | Merge remote-tracking branch 'karsten/geoip-march2012' into maint-0.2.2 | Nick Mathewson | 2012-03-08 |
| |\ |
|
| | * | Update to the March 2012 GeoIP database. | Karsten Loesing | 2012-03-08 |
| * | | new ip address for maatuska | Roger Dingledine | 2012-02-29 |
| * | | Properly protect paths to sed, sha1sum, openssl•••in Makefile.am, we used it without quoting it, causing build failure if
your openssl/sed/sha1sum happened to live in a directory with a space in
it (very common on windows)
| Sebastian Hahn | 2012-02-10 |
| * | | Downgrade "missing a certificate" from notice to info•••It was apparently getting mistaken for a problem, even though it was
at notice.
Fixes 5067; fix on 0.2.0.10-alpha.
| Nick Mathewson | 2012-02-10 |