aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRoger Dingledine <arma@torproject.org>2011-10-26 18:02:13 -0400
committerRoger Dingledine <arma@torproject.org>2011-10-26 18:02:13 -0400
commit6bb9bd17d0d21ee32f7010a307bf35bf7d5b5cc0 (patch)
tree21d85fab84a266a96ef6b4e5e7870590f024db6b
parent6097b8eefc40a581e9ca4a25cc5f14a1f9ecb3c3 (diff)
downloadtor-6bb9bd17d0d21ee32f7010a307bf35bf7d5b5cc0.tar.gz
tor-6bb9bd17d0d21ee32f7010a307bf35bf7d5b5cc0.zip
fold in changes files
-rw-r--r--ChangeLog27
-rw-r--r--changes/issue-2011-10-19L21
-rw-r--r--changes/issue-2011-10-23G9
3 files changed, 22 insertions, 35 deletions
diff --git a/ChangeLog b/ChangeLog
index 9aef0e5c5c..4a74ecfbd7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,13 +1,33 @@
-Changes in version 0.2.1.31 - 2011-05-??
+Changes in version 0.2.1.31 - 2011-10-26
Tor 0.2.1.31 fixes a variety of potential privacy problems.
- o Security/privacy fixes (also included in 0.2.2.x):
+ o Security fixes (also included in 0.2.2.x):
- Replace all potentially sensitive memory comparison operations
with versions whose runtime does not depend on the data being
compared. This will help resist a class of attacks where an
adversary can use variations in timing information to learn
sensitive data. Fix for one case of bug 3122. (Safe memcmp
implementation by Robert Ransom based partially on code by DJB.)
+ - Fix an assert in parsing router descriptors containing IPv6
+ addresses. This one took down the directory authorities when
+ somebody tried some experimental code. Bugfix on 0.2.1.3-alpha.
+
+ o Privacy/anonymity fixes (also included in 0.2.2.x):
+ - Clients and bridges no longer send TLS certificate chains on
+ outgoing OR connections. Previously, each client or bridge
+ would use a single cert chain for all outgoing OR connections
+ for up to 24 hours, which allowed any relay that the client or
+ bridge contacted to determine which entry guards it is using.
+ Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by frosty_un.
+ - If a relay receives a CREATE_FAST cell on a TLS connection, it
+ no longer considers that connection as suitable for satisfying a
+ circuit EXTEND request. Now relays can protect clients from the
+ CVE-2011-2768 issue even if the clients haven't upgraded yet.
+ - Bridges now refuse CREATE or CREATE_FAST cells on OR connections
+ that they initiated. Relays could distinguish incoming bridge
+ connections from client connections, creating another avenue for
+ enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
+ Found by "frosty_un".
- When receiving a hidden service descriptor, check that it is for
the hidden service we wanted. Previously, Tor would store any
hidden service descriptors that a directory gave it, whether it
@@ -21,9 +41,6 @@ Changes in version 0.2.1.31 - 2011-05-??
requests for "all" descriptors. It used to include bridge
descriptors in its answer, which was a major information leak.
Found by "piebeer". Bugfix on 0.2.0.3-alpha.
- - Fix an assert in parsing router descriptors containing IPv6
- addresses. This one took down the directory authorities when
- somebody tried some experimental code. Bugfix on 0.2.1.3-alpha.
- Don't attach new streams to old rendezvous circuits after SIGNAL
NEWNYM. Previously, we would keep using an existing rendezvous
circuit if it remained open (i.e. if it were kept open by a
diff --git a/changes/issue-2011-10-19L b/changes/issue-2011-10-19L
deleted file mode 100644
index 1fefd7267e..0000000000
--- a/changes/issue-2011-10-19L
+++ /dev/null
@@ -1,21 +0,0 @@
- o Security fixes:
-
- - Don't send TLS certificate chains on outgoing OR connections
- from clients and bridges. Previously, each client or bridge
- would use a single cert chain for all outgoing OR connections
- for up to 24 hours, which allowed any relay connected to by a
- client or bridge to determine which entry guards it is using.
- This is a potential user-tracing bug for *all* users; everyone
- who uses Tor's client or hidden service functionality should
- upgrade. Fixes CVE-2011-2768. Bugfix on FIXME; found by
- frosty_un.
-
- - Don't use any OR connection on which we have received a
- CREATE_FAST cell to satisfy an EXTEND request. Previously, we
- would not consider whether a connection appears to be from a
- client or bridge when deciding whether to use that connection to
- satisfy an EXTEND request. Mitigates CVE-2011-2768, by
- preventing an attacker from determining whether an unpatched
- client is connected to a patched relay. Bugfix on FIXME; found
- by frosty_un.
-
diff --git a/changes/issue-2011-10-23G b/changes/issue-2011-10-23G
deleted file mode 100644
index 45f86754f0..0000000000
--- a/changes/issue-2011-10-23G
+++ /dev/null
@@ -1,9 +0,0 @@
- o Security fixes:
-
- - Reject CREATE and CREATE_FAST cells on outgoing OR connections
- from a bridge to a relay. Previously, we would accept them and
- handle them normally, thereby allowing a malicious relay to
- easily distinguish bridges which connect to it from clients.
- Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha, when bridges were
- implemented; found by frosty_un.
-