-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
12656 lines (11381 loc) · 652 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Changes in version 0.2.3.12-alpha - 2012-02-13
o Major bugfixes:
- Fix building when the path to sed, openssl or sha1sum contains
spaces, which is pretty common on Windows. Fixes bug 5065; bugfix
on 0.2.2.1-alpha.
- Set the SO_REUSEADDR socket option before we call bind() on outgoing
connections. This change should allow busy exit relays to stop
running out of available sockets as quickly. Fixes bug 4950;
bugfix on 0.2.2.26-beta.
- Allow 0.2.3.x clients to use 0.2.2.x bridges. Previously the client
would ask the bridge for microdescriptors, which are only supported
in 0.2.3.x and later, and then fail to bootstrap when it didn't
get the answers it wanted. Fixes bug 4013; bugfix on 0.2.3.2-alpha.
- Avoid a crash when managed proxies are configured and we receive
HUP signals or configuration values too rapidly. This happens most
commonly when Vidalia tries to attach to Tor or tries to configure
the Tor it's attached to. Fixes bug 5084; bugfix on 0.2.3.6-alpha.
- Properly set up obfsproxy's environment in managed mode. The Tor
Browser Bundle needs LD_LIBRARY_PATH to be passed to obfsproxy,
and when you run your Tor as a daemon, there's no HOME. Fixes bugs
5076 and 5082; bugfix on 0.2.3.6-alpha.
o Minor features:
- Use the dead_strip option when building Tor on OS X. This reduces
binary size by almost 19% when linking openssl and libevent
statically, which we do for TBB.
- Fix broken URLs in the sample torrc file, and tell readers about
the OutboundBindAddress, ExitPolicyRejectPrivate, and
PublishServerDescriptor options. Addresses bug 4652.
- Update to the February 7 2012 Maxmind GeoLite Country database.
o Minor bugfixes:
- Downgrade the "We're missing a certificate" message from notice
to info: people kept mistaking it for a real problem, whereas it
is seldom the problem even when we are failing to bootstrap. Fixes
bug 5067; bugfix on 0.2.0.10-alpha.
- Don't put "TOR_PT_EXTENDED_SERVER_PORT=127.0.0.1:4200" in a
managed pluggable transport server proxy's environment.
Previously, we would put it there, even though Tor doesn't
implement an 'extended server port' yet, and even though Tor
almost certainly isn't listening to that address. For now, we set
it to an empty string, to avoid crashing older obfsproxies. Bugfix
on 0.2.3.6-alpha.
- Actually log the heartbeat message every HeartbeatPeriod seconds,
not every HeartbeatPeriod + 1 seconds. Fixes bug 4942; bugfix on
0.2.3.1-alpha. Bug reported by Scott Bennett.
- Calculate absolute paths correctly on Windows. Fixes bug 4973;
bugfix on 0.2.3.11-alpha.
- Update "ClientOnly" man page entry to explain that there isn't
really any point to messing with it. Resolves ticket 5005.
- Use the correct CVE number for CVE-2011-4576 in our comments and
log messages. Found by "fermenthor". Resolves bug 5066; fix on
0.2.3.11-alpha.
o Code simplifications and refactoring:
- Use the _WIN32 macro throughout our code to detect Windows.
(Previously we had used the obsolete 'WIN32' and the idiosyncratic
'MS_WINDOWS'.)
Changes in version 0.2.3.11-alpha - 2012-01-22
Tor 0.2.3.11-alpha marks feature-freeze for the 0.2.3 tree. It deploys
the last step of the plan to limit maximum circuit length, includes
a wide variety of hidden service performance and correctness fixes,
works around an OpenSSL security flaw if your distro is too stubborn
to upgrade, and fixes a bunch of smaller issues.
o Major features:
- Now that Tor 0.2.0.x is completely deprecated, enable the final
part of "Proposal 110: Avoiding infinite length circuits" by
refusing all circuit-extend requests that do not use a relay_early
cell. This change helps Tor resist a class of denial-of-service
attacks by limiting the maximum circuit length.
- Adjust the number of introduction points that a hidden service
will try to maintain based on how long its introduction points
remain in use and how many introductions they handle. Fixes
part of bug 3825.
- Try to use system facilities for enumerating local interface
addresses, before falling back to our old approach (which was
binding a UDP socket, and calling getsockname() on it). That
approach was scaring OS X users whose draconian firewall
software warned about binding to UDP sockets, regardless of
whether packets were sent. Now we try to use getifaddrs(),
SIOCGIFCONF, or GetAdaptersAddresses(), depending on what the
system supports. Resolves ticket 1827.
o Major security workaround:
- When building or running with any version of OpenSSL earlier
than 0.9.8s or 1.0.0f, disable SSLv3 support. These OpenSSL
versions have a bug (CVE-2011-4576) in which their block cipher
padding includes uninitialized data, potentially leaking sensitive
information to any peer with whom they make a SSLv3 connection. Tor
does not use SSL v3 by default, but a hostile client or server
could force an SSLv3 connection in order to gain information that
they shouldn't have been able to get. The best solution here is to
upgrade to OpenSSL 0.9.8s or 1.0.0f (or later). But when building
or running with a non-upgraded OpenSSL, we disable SSLv3 entirely
to make sure that the bug can't happen.
o Major bugfixes:
- Fix the SOCKET_OK test that we use to tell when socket
creation fails so that it works on Win64. Fixes part of bug 4533;
bugfix on 0.2.2.29-beta. Bug found by wanoskarnet.
- Correct our replacements for the timeradd() and timersub() functions
on platforms that lack them (for example, Windows). The timersub()
function is used when expiring circuits, while timeradd() is
currently unused. Bug report and patch by Vektor. Fixes bug 4778;
bugfix on 0.2.2.24-alpha and 0.2.3.1-alpha.
- Do not use OpenSSL 1.0.0's counter mode: it has a critical bug
that was fixed in OpenSSL 1.0.0a. We test for the counter mode
bug at runtime, not compile time, because some distributions hack
their OpenSSL to mis-report its version. Fixes bug 4779; bugfix
on 0.2.3.9-alpha. Found by Pascal.
o Minor features (controller):
- Use absolute path names when reporting the torrc filename in the
control protocol, so a controller can more easily find the torrc
file. Resolves bug 1101.
- Extend the control protocol to report flags that control a circuit's
path selection in CIRC events and in replies to 'GETINFO
circuit-status'. Implements part of ticket 2411.
- Extend the control protocol to report the hidden service address
and current state of a hidden-service-related circuit in CIRC
events and in replies to 'GETINFO circuit-status'. Implements part
of ticket 2411.
- When reporting the path to the cookie file to the controller,
give an absolute path. Resolves ticket 4881.
- Allow controllers to request an event notification whenever a
circuit is cannibalized or its purpose is changed. Implements
part of ticket 3457.
- Include the creation time of a circuit in CIRC and CIRC2
control-port events and the list produced by the 'GETINFO
circuit-status' control-port command.
o Minor features (directory authorities):
- Directory authorities now reject versions of Tor older than
0.2.1.30, and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
inclusive. These versions accounted for only a small fraction of
the Tor network, and have numerous known security issues. Resolves
issue 4788.
- Authority operators can now vote for all relays in a given
set of countries to be BadDir/BadExit/Invalid/Rejected.
- Provide two consensus parameters (FastFlagMinThreshold and
FastFlagMaxThreshold) to control the range of allowable bandwidths
for the Fast directory flag. These allow authorities to run
experiments on appropriate requirements for being a "Fast" node.
The AuthDirFastGuarantee config value still applies.
- Document the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
directory authority option (introduced in Tor 0.2.2.34).
o Minor features (other):
- Don't disable the DirPort when we cannot exceed our AccountingMax
limit during this interval because the effective bandwidthrate is
low enough. This is useful in a situation where AccountMax is only
used as an additional safeguard or to provide statistics.
- Prepend an informative header to generated dynamic_dh_params files.
- If EntryNodes are given, but UseEntryGuards is set to 0, warn that
EntryNodes will have no effect. Resolves issue 2571.
- Log more useful messages when we fail to disable debugger
attachment.
- Log which authority we're missing votes from when we go to fetch
them from the other auths.
- Log (at debug level) whenever a circuit's purpose is changed.
- Add missing documentation for the MaxClientCircuitsPending,
UseMicrodescriptors, UserspaceIOCPBuffers, and
_UseFilteringSSLBufferevents options, all introduced during
the 0.2.3.x series.
- Update to the January 3 2012 Maxmind GeoLite Country database.
o Minor bugfixes (hidden services):
- Don't close hidden service client circuits which have almost
finished connecting to their destination when they reach
the normal circuit-build timeout. Previously, we would close
introduction circuits which are waiting for an acknowledgement
from the introduction point, and rendezvous circuits which have
been specified in an INTRODUCE1 cell sent to a hidden service,
after the normal CBT. Now, we mark them as 'timed out', and launch
another rendezvous attempt in parallel. This behavior change can
be disabled using the new CloseHSClientCircuitsImmediatelyOnTimeout
option. Fixes part of bug 1297; bugfix on 0.2.2.2-alpha.
- Don't close hidden-service-side rendezvous circuits when they
reach the normal circuit-build timeout. This behaviour change can
be disabled using the new
CloseHSServiceRendCircuitsImmediatelyOnTimeout option. Fixes the
remaining part of bug 1297; bugfix on 0.2.2.2-alpha.
- Make sure we never mark the wrong rendezvous circuit as having
had its introduction cell acknowleged by the introduction-point
relay. Previously, when we received an INTRODUCE_ACK cell on a
client-side hidden-service introduction circuit, we might have
marked a rendezvous circuit other than the one we specified in
the INTRODUCE1 cell as INTRO_ACKED, which would have produced
a warning message and interfered with the hidden service
connection-establishment process. Fixes bug 4759; bugfix on
0.2.3.3-alpha, when we added the stream-isolation feature which
might cause Tor to open multiple rendezvous circuits for the same
hidden service.
- Don't trigger an assertion failure when we mark a new client-side
hidden-service introduction circuit for close during the process
of creating it. Fixes bug 4796; bugfix on 0.2.3.6-alpha. Reported
by murb.
o Minor bugfixes (log messages):
- Correctly spell "connect" in a log message on failure to create a
controlsocket. Fixes bug 4803; bugfix on 0.2.2.26-beta and
0.2.3.2-alpha.
- Fix a typo in a log message in rend_service_rendezvous_has_opened().
Fixes bug 4856; bugfix on Tor 0.0.6.
- Fix the log message describing how we work around discovering
that our version is the ill-fated OpenSSL 0.9.8l. Fixes bug
4837; bugfix on 0.2.2.9-alpha.
- When logging about a disallowed .exit name, do not also call it
an "invalid onion address". Fixes bug 3325; bugfix on 0.2.2.9-alpha.
o Minor bugfixes (build fixes):
- During configure, detect when we're building with clang version
3.0 or lower and disable the -Wnormalized=id and -Woverride-init
CFLAGS. clang doesn't support them yet.
- During configure, search for library containing cos function as
libm lives in libcore on some platforms (BeOS/Haiku). Linking
against libm was hard-coded before. Fixes the first part of bug
4727; bugfix on 0.2.2.2-alpha. Patch and analysis by Martin Hebnes
Pedersen.
- Detect attempts to build Tor on (as yet hypothetical) versions
of Windows where sizeof(intptr_t) != sizeof(SOCKET). Partial
fix for bug 4533. Bugfix on 0.2.2.28-beta.
- Preprocessor directives should not be put inside the arguments
of a macro. This would break compilation with GCC releases prior
to version 3.3. We would never recommend such an old GCC version,
but it is apparently required for binary compatibility on some
platforms (namely, certain builds of Haiku). Fixes the other part
of bug 4727; bugfix on 0.2.3.3-alpha. Patch and analysis by Martin
Hebnes Pedersen.
o Minor bugfixes (other):
- Older Linux kernels erroneously respond to strange nmap behavior
by having accept() return successfully with a zero-length
socket. When this happens, just close the connection. Previously,
we would try harder to learn the remote address: but there was
no such remote address to learn, and our method for trying to
learn it was incorrect. Fixes bugs 1240, 4745, and 4747. Bugfix
on 0.1.0.3-rc. Reported and diagnosed by "r1eo".
- Fix null-pointer access that could occur if TLS allocation failed.
Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un". This was
erroneously listed as fixed in 0.2.3.9-alpha, but the fix had
accidentally been reverted.
- Fix our implementation of crypto_random_hostname() so it can't
overflow on ridiculously large inputs. (No Tor version has ever
provided this kind of bad inputs, but let's be correct in depth.)
Fixes bug 4413; bugfix on 0.2.2.9-alpha. Fix by Stephen Palmateer.
- Find more places in the code that should have been testing for
invalid sockets using the SOCKET_OK macro. Required for a fix
for bug 4533. Bugfix on 0.2.2.28-beta.
- Fix an assertion failure when, while running with bufferevents, a
connection finishes connecting after it is marked for close, but
before it is closed. Fixes bug 4697; bugfix on 0.2.3.1-alpha.
- test_util_spawn_background_ok() hardcoded the expected value
for ENOENT to 2. This isn't portable as error numbers are
platform specific, and particularly the hurd has ENOENT at
0x40000002. Construct expected string at runtime, using the correct
value for ENOENT. Fixes bug 4733; bugfix on 0.2.3.1-alpha.
- Reject attempts to disable DisableDebuggerAttachment while Tor is
running. Fixes bug 4650; bugfix on 0.2.3.9-alpha.
- Use an appropriate-width type for sockets in tor-fw-helper on
win64. Fixes bug 1983 at last. Bugfix on 0.2.3.9-alpha.
o Feature removal:
- When sending or relaying a RELAY_EARLY cell, we used to convert
it to a RELAY cell if the connection was using the v1 link
protocol. This was a workaround for older versions of Tor, which
didn't handle RELAY_EARLY cells properly. Now that all supported
versions can handle RELAY_EARLY cells, and now that we're enforcing
the "no RELAY_EXTEND commands except in RELAY_EARLY cells" rule,
remove this workaround. Addresses bug 4786.
o Code simplifications and refactoring:
- Use OpenSSL's built-in SSL_state_string_long() instead of our
own homebrewed ssl_state_to_string() replacement. Patch from
Emile Snyder. Fixes bug 4653.
- Use macros to indicate OpenSSL versions, so we don't need to worry
about accidental hexadecimal bit shifts.
- Remove some workaround code for OpenSSL 0.9.6 (which is no longer
supported).
- Convert more instances of tor_snprintf+tor_strdup into tor_asprintf.
- Use the smartlist_add_asprintf() alias more consistently.
- Use a TOR_INVALID_SOCKET macro when initializing a socket to an
invalid value, rather than just -1.
- Rename a handful of old identifiers, mostly related to crypto
structures and crypto functions. By convention, our "create an
object" functions are called "type_new()", our "free an object"
functions are called "type_free()", and our types indicate that
they are types only with a final "_t". But a handful of older
types and functions broke these rules, with function names like
"type_create" or "subsystem_op_type", or with type names like
type_env_t.
Changes in version 0.2.3.10-alpha - 2011-12-16
Tor 0.2.3.10-alpha fixes a critical heap-overflow security issue in
Tor's buffers code. Absolutely everybody should upgrade.
The bug relied on an incorrect calculation when making data continuous
in one of our IO buffers, if the first chunk of the buffer was
misaligned by just the wrong amount. The miscalculation would allow an
attacker to overflow a piece of heap-allocated memory. To mount this
attack, the attacker would need to either open a SOCKS connection to
Tor's SocksPort (usually restricted to localhost), or target a Tor
instance configured to make its connections through a SOCKS proxy
(which Tor does not do by default).
Good security practice requires that all heap-overflow bugs should be
presumed to be exploitable until proven otherwise, so we are treating
this as a potential code execution attack. Please upgrade immediately!
This bug does not affect bufferevents-based builds of Tor. Special
thanks to "Vektor" for reporting this issue to us!
This release also contains a few minor bugfixes for issues discovered
in 0.2.3.9-alpha.
o Major bugfixes:
- Fix a heap overflow bug that could occur when trying to pull
data into the first chunk of a buffer, when that chunk had
already had some data drained from it. Fixes CVE-2011-2778;
bugfix on 0.2.0.16-alpha. Reported by "Vektor".
o Minor bugfixes:
- If we can't attach streams to a rendezvous circuit when we
finish connecting to a hidden service, clear the rendezvous
circuit's stream-isolation state and try to attach streams
again. Previously, we cleared rendezvous circuits' isolation
state either too early (if they were freshly built) or not at all
(if they had been built earlier and were cannibalized). Bugfix on
0.2.3.3-alpha; fixes bug 4655.
- Fix compilation of the libnatpmp helper on non-Windows. Bugfix on
0.2.3.9-alpha; fixes bug 4691. Reported by Anthony G. Basile.
- Fix an assertion failure when a relay with accounting enabled
starts up while dormant. Fixes bug 4702; bugfix on 0.2.3.9-alpha.
o Minor features:
- Update to the December 6 2011 Maxmind GeoLite Country database.
Changes in version 0.2.2.35 - 2011-12-16
Tor 0.2.2.35 fixes a critical heap-overflow security issue in Tor's
buffers code. Absolutely everybody should upgrade.
The bug relied on an incorrect calculation when making data continuous
in one of our IO buffers, if the first chunk of the buffer was
misaligned by just the wrong amount. The miscalculation would allow an
attacker to overflow a piece of heap-allocated memory. To mount this
attack, the attacker would need to either open a SOCKS connection to
Tor's SocksPort (usually restricted to localhost), or target a Tor
instance configured to make its connections through a SOCKS proxy
(which Tor does not do by default).
Good security practice requires that all heap-overflow bugs should be
presumed to be exploitable until proven otherwise, so we are treating
this as a potential code execution attack. Please upgrade immediately!
This bug does not affect bufferevents-based builds of Tor. Special
thanks to "Vektor" for reporting this issue to us!
Tor 0.2.2.35 also fixes several bugs in previous versions, including
crash bugs for unusual configurations, and a long-term bug that
would prevent Tor from starting on Windows machines with draconian
AV software.
With this release, we remind everyone that 0.2.0.x has reached its
formal end-of-life. Those Tor versions have many known flaws, and
nobody should be using them. You should upgrade -- ideally to the
0.2.2.x series. If you're using a Linux or BSD and its packages are
obsolete, stop using those packages and upgrade anyway.
The Tor 0.2.1.x series is also approaching its end-of-life: it will no
longer receive support after some time in early 2012.
o Major bugfixes:
- Fix a heap overflow bug that could occur when trying to pull
data into the first chunk of a buffer, when that chunk had
already had some data drained from it. Fixes CVE-2011-2778;
bugfix on 0.2.0.16-alpha. Reported by "Vektor".
- Initialize Libevent with the EVENT_BASE_FLAG_NOLOCK flag enabled, so
that it doesn't attempt to allocate a socketpair. This could cause
some problems on Windows systems with overzealous firewalls. Fix for
bug 4457; workaround for Libevent versions 2.0.1-alpha through
2.0.15-stable.
- If we mark an OR connection for close based on a cell we process,
don't process any further cells on it. We already avoid further
reads on marked-for-close connections, but now we also discard the
cells we'd already read. Fixes bug 4299; bugfix on 0.2.0.10-alpha,
which was the first version where we might mark a connection for
close based on processing a cell on it.
- Correctly sanity-check that we don't underflow on a memory
allocation (and then assert) for hidden service introduction
point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410;
bugfix on 0.2.1.5-alpha.
- Fix a memory leak when we check whether a hidden service
descriptor has any usable introduction points left. Fixes bug
4424. Bugfix on 0.2.2.25-alpha.
- Don't crash when we're running as a relay and don't have a GeoIP
file. Bugfix on 0.2.2.34; fixes bug 4340. This backports a fix
we've had in the 0.2.3.x branch already.
- When running as a client, do not print a misleading (and plain
wrong) log message that we're collecting "directory request"
statistics: clients don't collect statistics. Also don't create a
useless (because empty) stats file in the stats/ directory. Fixes
bug 4353; bugfix on 0.2.2.34.
o Minor bugfixes:
- Detect failure to initialize Libevent. This fix provides better
detection for future instances of bug 4457.
- Avoid frequent calls to the fairly expensive cull_wedged_cpuworkers
function. This was eating up hideously large amounts of time on some
busy servers. Fixes bug 4518; bugfix on 0.0.9.8.
- Resolve an integer overflow bug in smartlist_ensure_capacity().
Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by
Mansour Moufid.
- Don't warn about unused log_mutex in log.c when building with
--disable-threads using a recent GCC. Fixes bug 4437; bugfix on
0.1.0.6-rc which introduced --disable-threads.
- When configuring, starting, or stopping an NT service, stop
immediately after the service configuration attempt has succeeded
or failed. Fixes bug 3963; bugfix on 0.2.0.7-alpha.
- When sending a NETINFO cell, include the original address
received for the other side, not its canonical address. Found
by "troll_un"; fixes bug 4349; bugfix on 0.2.0.10-alpha.
- Fix a typo in a hibernation-related log message. Fixes bug 4331;
bugfix on 0.2.2.23-alpha; found by "tmpname0901".
- Fix a memory leak in launch_direct_bridge_descriptor_fetch() that
occurred when a client tried to fetch a descriptor for a bridge
in ExcludeNodes. Fixes bug 4383; bugfix on 0.2.2.25-alpha.
- Backport fixes for a pair of compilation warnings on Windows.
Fixes bug 4521; bugfix on 0.2.2.28-beta and on 0.2.2.29-beta.
- If we had ever tried to call tor_addr_to_str on an address of
unknown type, we would have done a strdup on an uninitialized
buffer. Now we won't. Fixes bug 4529; bugfix on 0.2.1.3-alpha.
Reported by "troll_un".
- Correctly detect and handle transient lookup failures from
tor_addr_lookup. Fixes bug 4530; bugfix on 0.2.1.5-alpha.
Reported by "troll_un".
- Fix null-pointer access that could occur if TLS allocation failed.
Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un".
- Use tor_socket_t type for listener argument to accept(). Fixes bug
4535; bugfix on 0.2.2.28-beta. Found by "troll_un".
o Minor features:
- Add two new config options for directory authorities:
AuthDirFastGuarantee sets a bandwidth threshold for guaranteeing the
Fast flag, and AuthDirGuardBWGuarantee sets a bandwidth threshold
that is always sufficient to satisfy the bandwidth requirement for
the Guard flag. Now it will be easier for researchers to simulate
Tor networks with different values. Resolves ticket 4484.
- When Tor ignores a hidden service specified in its configuration,
include the hidden service's directory in the warning message.
Previously, we would only tell the user that some hidden service
was ignored. Bugfix on 0.0.6; fixes bug 4426.
- Update to the December 6 2011 Maxmind GeoLite Country database.
o Packaging changes:
- Make it easier to automate expert package builds on Windows,
by removing an absolute path from makensis.exe command.
Changes in version 0.2.3.9-alpha - 2011-12-08
Tor 0.2.3.9-alpha introduces initial IPv6 support for bridges, adds
a "DisableNetwork" security feature that bundles can use to avoid
touching the network until bridges are configured, moves forward on
the pluggable transport design, fixes a flaw in the hidden service
design that unnecessarily prevented clients with wrong clocks from
reaching hidden services, and fixes a wide variety of other issues.
o Major features:
- Clients can now connect to private bridges over IPv6. Bridges
still need at least one IPv4 address in order to connect to
other relays. Note that we don't yet handle the case where the
user has two bridge lines for the same bridge (one IPv4, one
IPv6). Implements parts of proposal 186.
- New "DisableNetwork" config option to prevent Tor from launching any
connections or accepting any connections except on a control port.
Bundles and controllers can set this option before letting Tor talk
to the rest of the network, for example to prevent any connections
to a non-bridge address. Packages like Orbot can also use this
option to instruct Tor to save power when the network is off.
- Clients and bridges can now be configured to use a separate
"transport" proxy. This approach makes the censorship arms race
easier by allowing bridges to use protocol obfuscation plugins. It
implements the "managed proxy" part of proposal 180 (ticket 3472).
- When using OpenSSL 1.0.0 or later, use OpenSSL's counter mode
implementation. It makes AES_CTR about 7% faster than our old one
(which was about 10% faster than the one OpenSSL used to provide).
Resolves ticket 4526.
- Add a "tor2web mode" for clients that want to connect to hidden
services non-anonymously (and possibly more quickly). As a safety
measure to try to keep users from turning this on without knowing
what they are doing, tor2web mode must be explicitly enabled at
compile time, and a copy of Tor compiled to run in tor2web mode
cannot be used as a normal Tor client. Implements feature 2553.
- Add experimental support for running on Windows with IOCP and no
kernel-space socket buffers. This feature is controlled by a new
"UserspaceIOCPBuffers" config option (off by default), which has
no effect unless Tor has been built with support for bufferevents,
is running on Windows, and has enabled IOCP. This may, in the long
run, help solve or mitigate bug 98.
- Use a more secure consensus parameter voting algorithm. Now at
least three directory authorities or a majority of them must
vote on a given parameter before it will be included in the
consensus. Implements proposal 178.
o Major bugfixes:
- Hidden services now ignore the timestamps on INTRODUCE2 cells.
They used to check that the timestamp was within 30 minutes
of their system clock, so they could cap the size of their
replay-detection cache, but that approach unnecessarily refused
service to clients with wrong clocks. Bugfix on 0.2.1.6-alpha, when
the v3 intro-point protocol (the first one which sent a timestamp
field in the INTRODUCE2 cell) was introduced; fixes bug 3460.
- Only use the EVP interface when AES acceleration is enabled,
to avoid a 5-7% performance regression. Resolves issue 4525;
bugfix on 0.2.3.8-alpha.
o Privacy/anonymity features (bridge detection):
- Make bridge SSL certificates a bit more stealthy by using random
serial numbers, in the same fashion as OpenSSL when generating
self-signed certificates. Implements ticket 4584.
- Introduce a new config option "DynamicDHGroups", enabled by
default, which provides each bridge with a unique prime DH modulus
to be used during SSL handshakes. This option attempts to help
against censors who might use the Apache DH modulus as a static
identifier for bridges. Addresses ticket 4548.
o Minor features (new/different config options):
- New configuration option "DisableDebuggerAttachment" (on by default)
to prevent basic debugging attachment attempts by other processes.
Supports Mac OS X and Gnu/Linux. Resolves ticket 3313.
- Allow MapAddress directives to specify matches against super-domains,
as in "MapAddress *.torproject.org *.torproject.org.torserver.exit".
Implements issue 933.
- Slightly change behavior of "list" options (that is, config
options that can appear more than once) when they appear both in
torrc and on the command line. Previously, the command-line options
would be appended to the ones from torrc. Now, the command-line
options override the torrc options entirely. This new behavior
allows the user to override list options (like exit policies and
ports to listen on) from the command line, rather than simply
appending to the list.
- You can get the old (appending) command-line behavior for "list"
options by prefixing the option name with a "+".
- You can remove all the values for a "list" option from the command
line without adding any new ones by prefixing the option name
with a "/".
- Add experimental support for a "defaults" torrc file to be parsed
before the regular torrc. Torrc options override the defaults file's
options in the same way that the command line overrides the torrc.
The SAVECONF controller command saves only those options which
differ between the current configuration and the defaults file. HUP
reloads both files. (Note: This is an experimental feature; its
behavior will probably be refined in future 0.2.3.x-alpha versions
to better meet packagers' needs.)
o Minor features:
- Try to make the introductory warning message that Tor prints on
startup more useful for actually finding help and information.
Resolves ticket 2474.
- Running "make version" now displays the version of Tor that
we're about to build. Idea from katmagic; resolves issue 4400.
- Expire old or over-used hidden service introduction points.
Required by fix for bug 3460.
- Move the replay-detection cache for the RSA-encrypted parts of
INTRODUCE2 cells to the introduction point data structures.
Previously, we would use one replay-detection cache per hidden
service. Required by fix for bug 3460.
- Reduce the lifetime of elements of hidden services' Diffie-Hellman
public key replay-detection cache from 60 minutes to 5 minutes. This
replay-detection cache is now used only to detect multiple
INTRODUCE2 cells specifying the same rendezvous point, so we can
avoid launching multiple simultaneous attempts to connect to it.
o Minor bugfixes (on Tor 0.2.2.x and earlier):
- Resolve an integer overflow bug in smartlist_ensure_capacity().
Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by
Mansour Moufid.
- Fix a minor formatting issue in one of tor-gencert's error messages.
Fixes bug 4574.
- Prevent a false positive from the check-spaces script, by disabling
the "whitespace between function name and (" check for functions
named 'op()'.
- Fix a log message suggesting that people contact a non-existent
email address. Fixes bug 3448.
- Fix null-pointer access that could occur if TLS allocation failed.
Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un".
- Report a real bootstrap problem to the controller on router
identity mismatch. Previously we just said "foo", which probably
made a lot of sense at the time. Fixes bug 4169; bugfix on
0.2.1.1-alpha.
- If we had ever tried to call tor_addr_to_str() on an address of
unknown type, we would have done a strdup() on an uninitialized
buffer. Now we won't. Fixes bug 4529; bugfix on 0.2.1.3-alpha.
Reported by "troll_un".
- Correctly detect and handle transient lookup failures from
tor_addr_lookup(). Fixes bug 4530; bugfix on 0.2.1.5-alpha.
Reported by "troll_un".
- Use tor_socket_t type for listener argument to accept(). Fixes bug
4535; bugfix on 0.2.2.28-beta. Found by "troll_un".
- Initialize conn->addr to a valid state in spawn_cpuworker(). Fixes
bug 4532; found by "troll_un".
o Minor bugfixes (on Tor 0.2.3.x):
- Fix a compile warning in tor_inet_pton(). Bugfix on 0.2.3.8-alpha;
fixes bug 4554.
- Don't send two ESTABLISH_RENDEZVOUS cells when opening a new
circuit for use as a hidden service client's rendezvous point.
Fixes bugs 4641 and 4171; bugfix on 0.2.3.3-alpha. Diagnosed
with help from wanoskarnet.
- Restore behavior of overriding SocksPort, ORPort, and similar
options from the command line. Bugfix on 0.2.3.3-alpha.
o Build fixes:
- Properly handle the case where the build-tree is not the same
as the source tree when generating src/common/common_sha1.i,
src/or/micro-revision.i, and src/or/or_sha1.i. Fixes bug 3953;
bugfix on 0.2.0.1-alpha.
o Code simplifications, cleanups, and refactorings:
- Remove the pure attribute from all functions that used it
previously. In many cases we assigned it incorrectly, because the
functions might assert or call impure functions, and we don't have
evidence that keeping the pure attribute is worthwhile. Implements
changes suggested in ticket 4421.
- Remove some dead code spotted by coverity. Fixes cid 432.
Bugfix on 0.2.3.1-alpha, closes bug 4637.
Changes in version 0.2.3.8-alpha - 2011-11-22
Tor 0.2.3.8-alpha fixes some crash and assert bugs, including a
socketpair-related bug that has been bothering Windows users. It adds
support to serve microdescriptors to controllers, so Vidalia's network
map can resume listing relays (once Vidalia implements its side),
and adds better support for hardware AES acceleration. Finally, it
starts the process of adjusting the bandwidth cutoff for getting the
"Fast" flag from 20KB to (currently) 32KB -- preliminary results show
that tiny relays harm performance more than they help network capacity.
o Major bugfixes:
- Initialize Libevent with the EVENT_BASE_FLAG_NOLOCK flag enabled, so
that it doesn't attempt to allocate a socketpair. This could cause
some problems on Windows systems with overzealous firewalls. Fix for
bug 4457; workaround for Libevent versions 2.0.1-alpha through
2.0.15-stable.
- Correctly sanity-check that we don't underflow on a memory
allocation (and then assert) for hidden service introduction
point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410;
bugfix on 0.2.1.5-alpha.
- Remove the artificially low cutoff of 20KB to guarantee the Fast
flag. In the past few years the average relay speed has picked
up, and while the "top 7/8 of the network get the Fast flag" and
"all relays with 20KB or more of capacity get the Fast flag" rules
used to have the same result, now the top 7/8 of the network has
a capacity more like 32KB. Bugfix on 0.2.1.14-rc. Fixes bug 4489.
- Fix a rare assertion failure when checking whether a v0 hidden
service descriptor has any usable introduction points left, and
we don't have enough information to build a circuit to the first
intro point named in the descriptor. The HS client code in
0.2.3.x no longer uses v0 HS descriptors, but this assertion can
trigger on (and crash) v0 HS authorities. Fixes bug 4411.
Bugfix on 0.2.3.1-alpha; diagnosed by frosty_un.
- Make bridge authorities not crash when they are asked for their own
descriptor. Bugfix on 0.2.3.7-alpha, reported by Lucky Green.
- When running as a client, do not print a misleading (and plain
wrong) log message that we're collecting "directory request"
statistics: clients don't collect statistics. Also don't create a
useless (because empty) stats file in the stats/ directory. Fixes
bug 4353; bugfix on 0.2.2.34 and 0.2.3.7-alpha.
o Major features:
- Allow Tor controllers like Vidalia to obtain the microdescriptor
for a relay by identity digest or nickname. Previously,
microdescriptors were only available by their own digests, so a
controller would have to ask for and parse the whole microdescriptor
consensus in order to look up a single relay's microdesc. Fixes
bug 3832; bugfix on 0.2.3.1-alpha.
- Use OpenSSL's EVP interface for AES encryption, so that all AES
operations can use hardware acceleration (if present). Resolves
ticket 4442.
o Minor bugfixes (on 0.2.2.x and earlier):
- Detect failure to initialize Libevent. This fix provides better
detection for future instances of bug 4457.
- Avoid frequent calls to the fairly expensive cull_wedged_cpuworkers
function. This was eating up hideously large amounts of time on some
busy servers. Fixes bug 4518; bugfix on 0.0.9.8.
- Don't warn about unused log_mutex in log.c when building with
--disable-threads using a recent GCC. Fixes bug 4437; bugfix on
0.1.0.6-rc which introduced --disable-threads.
- Allow manual 'authenticate' commands to the controller interface
from netcat (nc) as well as telnet. We were rejecting them because
they didn't come with the expected whitespace at the end of the
command. Bugfix on 0.1.1.1-alpha; fixes bug 2893.
- Fix some (not actually triggerable) buffer size checks in usage of
tor_inet_ntop. Fixes bug 4434; bugfix on Tor 0.2.0.1-alpha. Patch
by Anders Sundman.
- Fix parsing of some corner-cases with tor_inet_pton(). Fixes
bug 4515; bugfix on 0.2.0.1-alpha; fix by Anders Sundman.
- When configuring, starting, or stopping an NT service, stop
immediately after the service configuration attempt has succeeded
or failed. Fixes bug 3963; bugfix on 0.2.0.7-alpha.
- When sending a NETINFO cell, include the original address
received for the other side, not its canonical address. Found
by "troll_un"; fixes bug 4349; bugfix on 0.2.0.10-alpha.
- Rename the bench_{aes,dmap} functions to test_*, so that tinytest
can pick them up when the tests aren't disabled. Bugfix on
0.2.2.4-alpha which introduced tinytest.
- Fix a memory leak when we check whether a hidden service
descriptor has any usable introduction points left. Fixes bug
4424. Bugfix on 0.2.2.25-alpha.
- Fix a memory leak in launch_direct_bridge_descriptor_fetch() that
occurred when a client tried to fetch a descriptor for a bridge
in ExcludeNodes. Fixes bug 4383; bugfix on 0.2.2.25-alpha.
o Minor bugfixes (on 0.2.3.x):
- Make util unit tests build correctly with MSVC. Bugfix on
0.2.3.3-alpha. Patch by Gisle Vanem.
- Successfully detect AUTH_CHALLENGE cells with no recognized
authentication type listed. Fixes bug 4367; bugfix on 0.2.3.6-alpha.
Found by frosty_un.
- If a relay receives an AUTH_CHALLENGE cell it can't answer,
it should still send a NETINFO cell to allow the connection to
become open. Fixes bug 4368; fix on 0.2.3.6-alpha; bug found by
"frosty".
- Log less loudly when we get an invalid authentication certificate
from a source other than a directory authority: it's not unusual
to see invalid certs because of clock skew. Fixes bug 4370; bugfix
on 0.2.3.6-alpha.
- Tolerate servers with more clock skew in their authentication
certificates than previously. Fixes bug 4371; bugfix on
0.2.3.6-alpha.
- Fix a couple of compile warnings on Windows. Fixes bug 4469; bugfix
on 0.2.3.4-alpha and 0.2.3.6-alpha.
o Minor features:
- Add two new config options for directory authorities:
AuthDirFastGuarantee sets a bandwidth threshold for guaranteeing the
Fast flag, and AuthDirGuardBWGuarantee sets a bandwidth threshold
that is always sufficient to satisfy the bandwidth requirement for
the Guard flag. Now it will be easier for researchers to simulate
Tor networks with different values. Resolves ticket 4484.
- When Tor ignores a hidden service specified in its configuration,
include the hidden service's directory in the warning message.
Previously, we would only tell the user that some hidden service
was ignored. Bugfix on 0.0.6; fixes bug 4426.
- When we fail to initialize Libevent, retry with IOCP disabled so we
don't need to turn on multi-threading support in Libevent, which in
turn requires a working socketpair(). This is a workaround for bug
4457, which affects Libevent versions from 2.0.1-alpha through
2.0.15-stable.
- Detect when we try to build on a platform that doesn't define
AF_UNSPEC to 0. We don't work there, so refuse to compile.
- Update to the November 1 2011 Maxmind GeoLite Country database.
o Packaging changes:
- Make it easier to automate expert package builds on Windows,
by removing an absolute path from makensis.exe command.
o Code simplifications and refactoring:
- Remove some redundant #include directives throughout the code.
Patch from Andrea Gelmini.
- Unconditionally use OpenSSL's AES implementation instead of our
old built-in one. OpenSSL's AES has been better for a while, and
relatively few servers should still be on any version of OpenSSL
that doesn't have good optimized assembly AES.
- Use the name "CERTS" consistently to refer to the new cell type;
we were calling it CERT in some places and CERTS in others.
o Testing:
- Numerous new unit tests for functions in util.c and address.c by
Anders Sundman.
- The long-disabled benchmark tests are now split into their own
./src/test/bench binary.
- The benchmark tests can now use more accurate timers than
gettimeofday() when such timers are available.
Changes in version 0.2.3.7-alpha - 2011-10-30
Tor 0.2.3.7-alpha fixes a crash bug in 0.2.3.6-alpha introduced by
the new v3 handshake. It also resolves yet another bridge address
enumeration issue.
o Major bugfixes:
- If we mark an OR connection for close based on a cell we process,
don't process any further cells on it. We already avoid further
reads on marked-for-close connections, but now we also discard the
cells we'd already read. Fixes bug 4299; bugfix on 0.2.0.10-alpha,
which was the first version where we might mark a connection for
close based on processing a cell on it.
- Fix a double-free bug that would occur when we received an invalid
certificate in a CERT cell in the new v3 handshake. Fixes bug 4343;
bugfix on 0.2.3.6-alpha.
- Bridges no longer include their address in NETINFO cells on outgoing
OR connections, to allow them to blend in better with clients.
Removes another avenue for enumerating bridges. Reported by
"troll_un". Fixes bug 4348; bugfix on 0.2.0.10-alpha, when NETINFO
cells were introduced.
o Trivial fixes:
- Fixed a typo in a hibernation-related log message. Fixes bug 4331;
bugfix on 0.2.2.23-alpha; found by "tmpname0901".
Changes in version 0.2.3.6-alpha - 2011-10-26
Tor 0.2.3.6-alpha includes the fix from 0.2.2.34 for a critical
anonymity vulnerability where an attacker can deanonymize Tor
users. Everybody should upgrade.
This release also features support for a new v3 connection handshake
protocol, and fixes to make hidden service connections more robust.
o Major features:
- Implement a new handshake protocol (v3) for authenticating Tors to
each other over TLS. It should be more resistant to fingerprinting
than previous protocols, and should require less TLS hacking for
future Tor implementations. Implements proposal 176.
- Allow variable-length padding cells to disguise the length of
Tor's TLS records. Implements part of proposal 184.
o Privacy/anonymity fixes (clients):
- Clients and bridges no longer send TLS certificate chains on
outgoing OR connections. Previously, each client or bridge would
use the same cert chain for all outgoing OR connections until
its IP address changes, which allowed any relay that the client
or bridge contacted to determine which entry guards it is using.
Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
- If a relay receives a CREATE_FAST cell on a TLS connection, it
no longer considers that connection as suitable for satisfying a
circuit EXTEND request. Now relays can protect clients from the
CVE-2011-2768 issue even if the clients haven't upgraded yet.
- Directory authorities no longer assign the Guard flag to relays
that haven't upgraded to the above "refuse EXTEND requests
to client connections" fix. Now directory authorities can
protect clients from the CVE-2011-2768 issue even if neither
the clients nor the relays have upgraded yet. There's a new
"GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays" config option
to let us transition smoothly, else tomorrow there would be no
guard relays.
o Major bugfixes (hidden services):
- Improve hidden service robustness: when an attempt to connect to
a hidden service ends, be willing to refetch its hidden service
descriptors from each of the HSDir relays responsible for them
immediately. Previously, we would not consider refetching the
service's descriptors from each HSDir for 15 minutes after the last
fetch, which was inconvenient if the hidden service was not running
during the first attempt. Bugfix on 0.2.0.18-alpha; fixes bug 3335.
- When one of a hidden service's introduction points appears to be
unreachable, stop trying it. Previously, we would keep trying
to build circuits to the introduction point until we lost the
descriptor, usually because the user gave up and restarted Tor.
Partly fixes bug 3825.
- Don't launch a useless circuit after failing to use one of a
hidden service's introduction points. Previously, we would
launch a new introduction circuit, but not set the hidden service
which that circuit was intended to connect to, so it would never
actually be used. A different piece of code would then create a
new introduction circuit correctly. Bug reported by katmagic and
found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug 4212.
o Major bugfixes (other):
- Bridges now refuse CREATE or CREATE_FAST cells on OR connections
that they initiated. Relays could distinguish incoming bridge
connections from client connections, creating another avenue for
enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
Found by "frosty_un".
- Don't update the AccountingSoftLimitHitAt state file entry whenever
tor gets started. This prevents a wrong average bandwidth
estimate, which would cause relays to always start a new accounting
interval at the earliest possible moment. Fixes bug 2003; bugfix
on 0.2.2.7-alpha. Reported by BryonEldridge, who also helped
immensely in tracking this bug down.
- Fix a crash bug when changing node restrictions while a DNS lookup
is in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix
by "Tey'".
o Minor bugfixes (on 0.2.2.x and earlier):
- When a hidden service turns an extra service-side introduction
circuit into a general-purpose circuit, free the rend_data and
intro_key fields first, so we won't leak memory if the circuit
is cannibalized for use as another service-side introduction
circuit. Bugfix on 0.2.1.7-alpha; fixes bug 4251.
- Rephrase the log message emitted if the TestSocks check is
successful. Patch from Fabian Keil; fixes bug 4094.
- Bridges now skip DNS self-tests, to act a little more stealthily.
Fixes bug 4201; bugfix on 0.2.0.3-alpha, which first introduced
bridges. Patch by "warms0x".
- Remove a confusing dollar sign from the example fingerprint in the
man page, and also make the example fingerprint a valid one. Fixes
bug 4309; bugfix on 0.2.1.3-alpha.
- Fix internal bug-checking logic that was supposed to catch
failures in digest generation so that it will fail more robustly
if we ask for a nonexistent algorithm. Found by Coverity Scan.
Bugfix on 0.2.2.1-alpha; fixes Coverity CID 479.
- Report any failure in init_keys() calls launched because our
IP address has changed. Spotted by Coverity Scan. Bugfix on
0.1.1.4-alpha; fixes CID 484.
o Minor bugfixes (on 0.2.3.x):
- Fix a bug in configure.in that kept it from building a configure
script with autoconf versions earlier than 2.61. Fixes bug 2430;
bugfix on 0.2.3.1-alpha.
- Don't warn users that they are exposing a client port to the
Internet if they have specified an RFC1918 address. Previously,
we would warn if the user had specified any non-loopback
address. Bugfix on 0.2.3.3-alpha. Fixes bug 4018; reported by Tas.
- Fix memory leaks in the failing cases of the new SocksPort and
ControlPort code. Found by Coverity Scan. Bugfix on 0.2.3.3-alpha;
fixes coverity CIDs 485, 486, and 487.
o Minor features:
- When a hidden service's introduction point times out, consider
trying it again during the next attempt to connect to the
HS. Previously, we would not try it again unless a newly fetched
descriptor contained it. Required by fixes for bugs 1297 and 3825.
- The next version of Windows will be called Windows 8, and it has
a major version of 6, minor version of 2. Correctly identify that
version instead of calling it "Very recent version". Resolves
ticket 4153; reported by funkstar.
- The Bridge Authority now writes statistics on how many bridge
descriptors it gave out in total, and how many unique descriptors
it gave out. It also lists how often the most and least commonly
fetched descriptors were given out, as well as the median and
25th/75th percentile. Implements tickets 4200 and 4294.
- Update to the October 4 2011 Maxmind GeoLite Country database.
o Code simplifications and refactoring:
- Remove some old code to remember statistics about which descriptors
we've served as a directory mirror. The feature wasn't used and
is outdated now that microdescriptors are around.
- Rename Tor functions that turn strings into addresses, so that
"parse" indicates that no hostname resolution occurs, and
"lookup" indicates that hostname resolution may occur. This
should help prevent mistakes in the future. Fixes bug 3512.
Changes in version 0.2.2.34 - 2011-10-26
Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker
can deanonymize Tor users. Everybody should upgrade.
The attack relies on four components: 1) Clients reuse their TLS cert
when talking to different relays, so relays can recognize a user by
the identity key in her cert. 2) An attacker who knows the client's
identity key can probe each guard relay to see if that identity key
is connected to that guard relay right now. 3) A variety of active
attacks in the literature (starting from "Low-Cost Traffic Analysis
of Tor" by Murdoch and Danezis in 2005) allow a malicious website to
discover the guard relays that a Tor user visiting the website is using.
4) Clients typically pick three guards at random, so the set of guards
for a given user could well be a unique fingerprint for her. This
release fixes components #1 and #2, which is enough to block the attack;
the other two remain as open research problems. Special thanks to
"frosty_un" for reporting the issue to us!
Clients should upgrade so they are no longer recognizable by the TLS
certs they present. Relays should upgrade so they no longer allow a
remote attacker to probe them to test whether unpatched clients are
currently connected to them.
This release also fixes several vulnerabilities that allow an attacker
to enumerate bridge relays. Some bridge enumeration attacks still
remain; see for example proposal 188.
o Privacy/anonymity fixes (clients):
- Clients and bridges no longer send TLS certificate chains on
outgoing OR connections. Previously, each client or bridge would
use the same cert chain for all outgoing OR connections until
its IP address changes, which allowed any relay that the client
or bridge contacted to determine which entry guards it is using.
Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
- If a relay receives a CREATE_FAST cell on a TLS connection, it
no longer considers that connection as suitable for satisfying a
circuit EXTEND request. Now relays can protect clients from the
CVE-2011-2768 issue even if the clients haven't upgraded yet.
- Directory authorities no longer assign the Guard flag to relays
that haven't upgraded to the above "refuse EXTEND requests
to client connections" fix. Now directory authorities can
protect clients from the CVE-2011-2768 issue even if neither
the clients nor the relays have upgraded yet. There's a new
"GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays" config option
to let us transition smoothly, else tomorrow there would be no
guard relays.
o Privacy/anonymity fixes (bridge enumeration):
- Bridge relays now do their directory fetches inside Tor TLS
connections, like all the other clients do, rather than connecting
directly to the DirPort like public relays do. Removes another
avenue for enumerating bridges. Fixes bug 4115; bugfix on 0.2.0.35.
- Bridges relays now build circuits for themselves in a more similar
way to how clients build them. Removes another avenue for
enumerating bridges. Fixes bug 4124; bugfix on 0.2.0.3-alpha,
when bridges were introduced.
- Bridges now refuse CREATE or CREATE_FAST cells on OR connections
that they initiated. Relays could distinguish incoming bridge
connections from client connections, creating another avenue for
enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
Found by "frosty_un".