[tor-talk] Tor 0.2.9.4-alpha is released
Nick Mathewson
nickm at torproject.org
Mon Oct 17 20:58:54 UTC 2016
Hi, all! There is a new alpha release of the Tor source code, with
fixes for a security bug. You should probably upgrade as packages
become available.
(If you are about to reply saying "please take me off this list",
instead please follow these instructions:
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/
. You will have to enter the actual email address you used to subscribe.)
You can download the source from the usual place on the website.
Packages should be up within a few days.
If you maintain an older version of Tor, you can find backported
patches for this fix at
https://trac.torproject.org/projects/tor/ticket/20384 .
(There is also a concurrent release of Tor 0.2.8.9; for stable
releases, see tor-announce@ or the blog.
====
Changes in version 0.2.9.4-alpha - 2016-10-17
Tor 0.2.9.4-alpha fixes a security hole in previous versions of Tor
that would allow a remote attacker to crash a Tor client, hidden
service, relay, or authority. All Tor users should upgrade to this
version, or to 0.2.8.9. Patches will be released for older versions
of Tor.
Tor 0.2.9.4-alpha also adds numerous small features and fix-ups to
previous versions of Tor, including the implementation of a feature to
future- proof the Tor ecosystem against protocol changes, some bug
fixes necessary for Tor Browser to use unix domain sockets correctly,
and several portability improvements. We anticipate that this will be
the last alpha in the Tor 0.2.9 series, and that the next release will
be a release candidate.
o Major features (security fixes):
- Prevent a class of security bugs caused by treating the contents
of a buffer chunk as if they were a NUL-terminated string. At
least one such bug seems to be present in all currently used
versions of Tor, and would allow an attacker to remotely crash
most Tor instances, especially those compiled with extra compiler
hardening. With this defense in place, such bugs can't crash Tor,
though we should still fix them as they occur. Closes ticket
20384 (TROVE-2016-10-001).
o Major features (subprotocol versions):
- Tor directory authorities now vote on a set of recommended
subprotocol versions, and on a set of required subprotocol
versions. Clients and relays that lack support for a _required_
subprotocol version will not start; those that lack support for a
_recommended_ subprotocol version will warn the user to upgrade.
Closes ticket 19958; implements part of proposal 264.
- Tor now uses "subprotocol versions" to indicate compatibility.
Previously, versions of Tor looked at the declared Tor version of
a relay to tell whether they could use a given feature. Now, they
should be able to rely on its declared subprotocol versions. This
change allows compatible implementations of the Tor protocol(s) to
exist without pretending to be 100% bug-compatible with particular
releases of Tor itself. Closes ticket 19958; implements part of
proposal 264.
o Minor feature (fallback directories):
- Remove broken fallbacks from the hard-coded fallback directory
list. Closes ticket 20190; patch by teor.
o Minor features (client, directory):
- Since authorities now omit all routers that lack the Running and
Valid flags, we assume that any relay listed in the consensus must
have those flags. Closes ticket 20001; implements part of
proposal 272.
o Minor features (compilation, portability):
- Compile correctly on MacOS 10.12 (aka "Sierra"). Closes
ticket 20241.
o Minor features (development tools, etags):
- Teach the "make tags" Makefile target how to correctly find
"MOCK_IMPL" function definitions. Patch from nherring; closes
ticket 16869.
o Minor features (geoip):
- Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2
Country database.
o Minor features (unix domain sockets):
- When configuring a unix domain socket for a SocksPort,
ControlPort, or Hidden service, you can now wrap the address in
quotes, using C-style escapes inside the quotes. This allows unix
domain socket paths to contain spaces.
o Minor features (virtual addresses):
- Increase the maximum number of bits for the IPv6 virtual network
prefix from 16 to 104. In this way, the condition for address
allocation is less restrictive. Closes ticket 20151; feature
on 0.2.4.7-alpha.
o Minor bugfixes (address discovery):
- Stop reordering IP addresses returned by the OS. This makes it
more likely that Tor will guess the same relay IP address every
time. Fixes issue 20163; bugfix on 0.2.7.1-alpha, ticket 17027.
Reported by René Mayrhofer, patch by "cypherpunks".
o Minor bugfixes (client, unix domain sockets):
- Disable IsolateClientAddr when using AF_UNIX backed SocksPorts as
the client address is meaningless. Fixes bug 20261; bugfix
on 0.2.6.3-alpha.
o Minor bugfixes (compilation, OpenBSD):
- Detect Libevent2 functions correctly on systems that provide
libevent2, but where libevent1 is linked with -levent. Fixes bug
19904; bugfix on 0.2.2.24-alpha. Patch from Rubiate.
o Minor bugfixes (configuration):
- When parsing quoted configuration values from the torrc file,
handle windows line endings correctly. Fixes bug 19167; bugfix on
0.2.0.16-alpha. Patch from "Pingl".
o Minor bugfixes (getpass):
- Defensively fix a non-triggerable heap corruption at do_getpass()
to protect ourselves from mistakes in the future. Fixes bug
#19223; bugfix on 0.2.7.3-rc. Bug found by Guido Vranken, patch
by nherring.
o Minor bugfixes (hidden service):
- Allow hidden services to run on IPv6 addresses even when the
IPv6Exit option is not set. Fixes bug 18357; bugfix
on 0.2.4.7-alpha.
o Documentation:
- Add module-level internal documentation for 36 C files that
previously didn't have a high-level overview. Closes ticket #20385.
o Required libraries:
- When building with OpenSSL, Tor now requires version 1.0.1 or
later. OpenSSL 1.0.0 and earlier are no longer supported by the
OpenSSL team, and should not be used. Closes ticket 20303.
More information about the tor-talk
mailing list