[tor-talk] Tor 0.2.4.4-alpha is out
Roger Dingledine
arma at mit.edu
Sun Oct 21 22:36:08 UTC 2012
Tor 0.2.4.4-alpha adds a new v3 directory authority, fixes a privacy
vulnerability introduced by a change in OpenSSL, fixes a remotely
triggerable assert, and adds new channel_t and circuitmux_t abstractions
that will make it easier to test new connection transport and cell
scheduling algorithms.
https://www.torproject.org/dist/
Changes in version 0.2.4.4-alpha - 2012-10-20
o New directory authorities (also in 0.2.3.23-rc):
- Add Faravahar (run by Sina Rabbani) as the ninth v3 directory
authority. Closes ticket 5749.
o Major bugfixes (security/privacy, also in 0.2.3.23-rc):
- Disable TLS session tickets. OpenSSL's implementation was giving
our TLS session keys the lifetime of our TLS context objects, when
perfect forward secrecy would want us to discard anything that
could decrypt a link connection as soon as the link connection
was closed. Fixes bug 7139; bugfix on all versions of Tor linked
against OpenSSL 1.0.0 or later. Found by Florent Daignière.
- Discard extraneous renegotiation attempts once the V3 link
protocol has been initiated. Failure to do so left us open to
a remotely triggerable assertion failure. Fixes CVE-2012-2249;
bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
o Internal abstraction features:
- Introduce new channel_t abstraction between circuits and
or_connection_t to allow for implementing alternate OR-to-OR
transports. A channel_t is an abstract object which can either be a
cell-bearing channel, which is responsible for authenticating and
handshaking with the remote OR and transmitting cells to and from
it, or a listening channel, which spawns new cell-bearing channels
at the request of remote ORs. Implements part of ticket 6465.
- Also new is the channel_tls_t subclass of channel_t, adapting it
to the existing or_connection_t code. The V2/V3 protocol handshaking
code which formerly resided in command.c has been moved below the
channel_t abstraction layer and may be found in channeltls.c now.
Implements the rest of ticket 6465.
- Introduce new circuitmux_t storing the queue of circuits for
a channel; this encapsulates and abstracts the queue logic and
circuit selection policy, and allows the latter to be overridden
easily by switching out a policy object. The existing EWMA behavior
is now implemented as a circuitmux_policy_t. Resolves ticket 6816.
o Required libraries:
- Tor now requires OpenSSL 0.9.8 or later. OpenSSL 1.0.0 or later is
strongly recommended.
o Minor features:
- Warn users who run hidden services on a Tor client with
UseEntryGuards disabled that their hidden services will be
vulnerable to http://freehaven.net/anonbib/#hs-attack06 (the
attack which motivated Tor to support entry guards in the first
place). Resolves ticket 6889.
- Tor now builds correctly on Bitrig, an OpenBSD fork. Patch from
dhill. Resolves ticket 6982.
o Minor bugfixes (also in 0.2.3.23-rc):
- Don't serve or accept v2 hidden service descriptors over a
relay's DirPort. It's never correct to do so, and disabling it
might make it more annoying to exploit any bugs that turn up in the
descriptor-parsing code. Fixes bug 7149.
- Fix two cases in src/or/transports.c where we were calling
fmt_addr() twice in a parameter list. Bug found by David
Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha.
- Fix memory leaks whenever we logged any message about the "path
bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc.
- When relays refuse a "create" cell because their queue of pending
create cells is too big (typically because their cpu can't keep up
with the arrival rate), send back reason "resource limit" rather
than reason "internal", so network measurement scripts can get a
more accurate picture. Fixes bug 7037; bugfix on 0.1.1.11-alpha.
o Minor bugfixes:
- Command-line option "--version" implies "--quiet". Fixes bug 6997.
- Free some more still-in-use memory at exit, to make hunting for
memory leaks easier. Resolves bug 7029.
- When a Tor client gets a "truncated" relay cell, the first byte of
its payload specifies why the circuit was truncated. We were
ignoring this 'reason' byte when tearing down the circuit, resulting
in the controller not being told why the circuit closed. Now we
pass the reason from the truncated cell to the controller. Bugfix
on 0.1.2.3-alpha; fixes bug 7039.
- Downgrade "Failed to hand off onionskin" messages to "debug"
severity, since they're typically redundant with the "Your computer
is too slow" messages. Fixes bug 7038; bugfix on 0.2.2.16-alpha.
- Make clients running with IPv6 bridges connect over IPv6 again,
even without setting new config options ClientUseIPv6 and
ClientPreferIPv6ORPort. Fixes bug 6757; bugfix on 0.2.4.1-alpha.
- Use square brackets around IPv6 addresses in numerous places
that needed them, including log messages, HTTPS CONNECT proxy
requests, TransportProxy statefile entries, and pluggable transport
extra-info lines. Fixes bug 7011; patch by David Fifield.
o Code refactoring and cleanup:
- Source files taken from other packages now reside in src/ext;
previously they were scattered around the rest of Tor.
- Avoid use of reserved identifiers in our C code. The C standard
doesn't like us declaring anything that starts with an
underscore, so let's knock it off before we get in trouble. Fix
for bug 1031; bugfix on the first Tor commit.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20121021/c16d62f0/attachment.pgp>
More information about the tor-talk
mailing list