From 9b87cfbdf8e3eb760d4db80e2edece321a125254 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 13 May 2008 12:42:25 +0000 Subject: r19723@catbus: nickm | 2008-05-13 08:41:40 -0400 Bump version and update authority keys affected by Debian OpenSSL bug (See CVE-2008-0166 or http://lists.debian.org/debian-security-announce/2008/msg00152.html ) svn:r14600 --- ChangeLog | 15 +++++++++++++-- configure.in | 2 +- contrib/tor-mingw.nsi.in | 2 +- src/or/config.c | 6 +++--- src/win32/orconfig.h | 2 +- 5 files changed, 19 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index e7f8c81de8..8dd2b79350 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,18 @@ -Changes in version 0.2.0.26-rc - 2008-05-?? +Changes in version 0.2.0.26-rc - 2008-05-13 + Tor 0.2.0.26-rc fixes a major security vulnerability caused by a bug + in Debian's OpenSSL packages. All users running any 0.2.0.x version + should upgrade, whether they're running Debian or not. + + o Major security fixes: + - Use new V3 directory authority keys on the Tor26, Gabelmoo, and + Moria1 V3 directory authorities. The old keys were generated with + a vulnerable version of Debian's OpenSSL package, and must be + considered compromised. Other authorities' keys were not + generated with an affected version of OpenSSL. + o Major bugfixes: - List authority signatures as "unrecognized" based on DirServer lines, - not on cert cache. + not on cert cache. Bugfix on 0.2.0.x. o Minor features: - Add a new V3AuthUseLegacyKey option to make it easier for authorities diff --git a/configure.in b/configure.in index b423e4cecb..1c71ccd8fe 100644 --- a/configure.in +++ b/configure.in @@ -5,7 +5,7 @@ dnl Copyright (c) 2007-2008, The Tor Project, Inc. dnl See LICENSE for licensing information AC_INIT -AM_INIT_AUTOMAKE(tor, 0.2.0.25-rc-dev) +AM_INIT_AUTOMAKE(tor, 0.2.0.26-rc) AM_CONFIG_HEADER(orconfig.h) AC_CANONICAL_HOST diff --git a/contrib/tor-mingw.nsi.in b/contrib/tor-mingw.nsi.in index 4d0548c786..31874d51cf 100644 --- a/contrib/tor-mingw.nsi.in +++ b/contrib/tor-mingw.nsi.in @@ -9,7 +9,7 @@ !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.0.25-rc-dev" +!define VERSION "0.2.0.26-rc" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/src/or/config.c b/src/or/config.c index a413f91957..6e55fa84aa 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -823,11 +823,11 @@ add_default_trusted_dir_authorities(authority_type_t type) { int i; const char *dirservers[] = { - "moria1 v1 orport=9001 v3ident=5420FD8EA46BD4290F1D07A1883C9D85ECC486C4 " + "moria1 v1 orport=9001 v3ident=E2A2AF570166665D738736D0DD58169CC61D8A8B " "128.31.0.34:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441", "moria2 v1 orport=9002 128.31.0.34:9032 " "719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF", - "tor26 v1 orport=443 v3ident=A9AC67E64B200BBF2FA26DF194AC0469E2A948C6 " + "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 " "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D", "lefkada orport=443 " "140.247.60.64:80 38D4 F5FC F7B1 0232 28B8 95EA 56ED E7D5 CCDC AF32", @@ -838,7 +838,7 @@ add_default_trusted_dir_authorities(authority_type_t type) "ides orport=9090 no-v2 v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 " "216.224.124.114:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B", "gabelmoo orport=443 no-v2 " - "v3ident=EAA879B5C75032E462CB018630D2D0DF46EBA606 " + "v3ident=81349FC1F2DBA2C2C11B45CB9706637D480AB913 " "88.198.7.215:80 6833 3D07 61BC F397 A587 A0C0 B963 E4A9 E99E C4D3", "dannenberg orport=443 no-v2 " "v3ident=585769C78764D58426B8B52B6651A5A71137189A " diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index 938c47f128..92d86fe7af 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -227,6 +227,6 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.0.25-rc-dev" +#define VERSION "0.2.0.26-rc" -- cgit v1.2.3-54-g00ecf