http://blog.gmane.org/gmane.network.onion-routing.announce hourly 1 1901-01-01T00:00+00:00 http://gmane.org/img/gmane-25t.png http://gmane.org http://comments.gmane.org/gmane.network.onion-routing.announce/37 <pre>Tor 0.2.1.29 continues our recent code security audit work. The main fix resolves a remote heap overflow vulnerability that can allow remote code execution. Other fixes address a variety of assert and crash bugs, most of which we think are hard to exploit remotely. All Tor users should upgrade. https://www.torproject.org/download/download Changes in version 0.2.1.29 - 2011-01-15 o Major bugfixes (security): - Fix a heap overflow bug where an adversary could cause heap corruption. This bug probably allows remote code execution attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on 0.1.2.10-rc. - Prevent a denial-of-service attack by disallowing any zlib-compressed data whose compression factor is implausibly high. Fixes part of bug 2324; reported by "doorss". - Zero out a few more keys in memory before freeing them. Fixes bug 2384 and part of bug 2385. These key instances found by "cypherpunks", based on Andrew Case's report about being able to find sensitive data in Tor's memory space if you have enough permissions. Bugfix on 0.0.2pre9. o Major bugfixes (crashes): - Prevent calls to Libevent from inside Libevent log handlers. This had potential to cause a nasty set of crashes, especially if running Libevent with debug logging enabled, and running Tor with a controller watching for low-severity log messages. Bugfix on 0.1.0.2-rc. Fixes bug 2190. - Add a check for SIZE_T_MAX to tor_realloc() to try to avoid underflow errors there too. Fixes the other part of bug 2324. - Fix a bug where we would assert if we ever had a cached-descriptors.new file (or another file read directly into memory) of exactly SIZE_T_CEILING bytes. Fixes bug 2326; bugfix on 0.2.1.25. Found by doorss. - Fix some potential asserts and parsing issues with grossly malformed router caches. Fixes bug 2352; bugfix on Tor 0.2.1.27. Found by doorss. o Minor bugfixes (other): - Fix a bug with handling misformed replies to reverse DNS lookup requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a bug reported by doorss. - Fix compilation on mingw when a pthreads compatibility library has been installed. (We don't want to use it, so we shouldn't be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc. - Fix a bug where we would declare that we had run out of virtual addresses when the address space was only half-exhausted. Bugfix on 0.1.2.1-alpha. - Correctly handle the case where AutomapHostsOnResolve is set but no virtual addresses are available. Fixes bug 2328; bugfix on 0.1.2.1-alpha. Bug found by doorss. - Correctly handle wrapping around when we run out of virtual address space. Found by cypherpunks, bugfix on 0.2.0.5-alpha. o Minor features: - Update to the January 1 2011 Maxmind GeoLite Country database. - Introduce output size checks on all of our decryption functions. o Build changes: - Tor does not build packages correctly with Automake 1.6 and earlier; added a check to Makefile.am to make sure that we're building with Automake 1.7 or later. - The 0.2.1.28 tarball was missing src/common/OpenBSD_malloc_Linux.c because we built it with a too-old version of automake. Thus that release broke ./configure --enable-openbsd-malloc, which is popular among really fast exit relays on Linux. ------------------------------------------------------------------------ This is the Tor announcements list. If you want to unsubscribe, send mail to majordomo&lt; at &gt;seul.org with "unsubscribe or-announce" as your message. </pre> Roger Dingledine 2011-01-17T15:58:13 http://comments.gmane.org/gmane.network.onion-routing.announce/36 <pre>Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely exploitable bugs. Thanks to Willem Pinckaers for notifying us of the issue. The Common Vulnerabilities and Exposures project has assigned CVE-2010-1676 to this issue. We also took this opportunity to change the IP address for one of our directory authorities, and to update the geoip database we ship. All Tor users should upgrade. https://www.torproject.org/download/download Changes in version 0.2.1.28 - 2010-12-17 o Major bugfixes: - Fix a remotely exploitable bug that could be used to crash instances of Tor remotely by overflowing on the heap. Remote-code execution hasn't been confirmed, but can't be ruled out. Everyone should upgrade. Bugfix on the 0.1.1 series and later. o Directory authority changes: - Change IP address and ports for gabelmoo (v3 directory authority). o Minor features: - Update to the December 1 2010 Maxmind GeoLite Country database. ------------------------------------------------------------------------ This is the Tor announcements list. If you want to unsubscribe, send mail to majordomo&lt; at &gt;seul.org with "unsubscribe or-announce" as your message. </pre> Roger Dingledine 2010-12-20T13:58:30 http://comments.gmane.org/gmane.network.onion-routing.announce/35 <pre>Tor 0.2.1.27 makes relays work with OpenSSL 0.9.8p and 1.0.0.b -- yet another OpenSSL security patch broke its compatibility with Tor. We also took this opportunity to fix several crash bugs, integrate a new directory authority, and update the bundled GeoIP database. If you operate a relay, please upgrade. https://www.torproject.org/download/download Changes in version 0.2.1.27 - 2010-11-23 o Major bugfixes: - Resolve an incompatibility with OpenSSL 0.9.8p and OpenSSL 1.0.0b: No longer set the tlsext_host_name extension on server SSL objects; but continue to set it on client SSL objects. Our goal in setting it was to imitate a browser, not a vhosting server. Fixes bug 2204; bugfix on 0.2.1.1-alpha. - Do not log messages to the controller while shrinking buffer freelists. Doing so would sometimes make the controller connection try to allocate a buffer chunk, which would mess up the internals of the freelist and cause an assertion failure. Fixes bug 1125; fixed by Robert Ransom. Bugfix on 0.2.0.16-alpha. - Learn our external IP address when we're a relay or bridge, even if we set PublishServerDescriptor to 0. Bugfix on 0.2.0.3-alpha, where we introduced bridge relays that don't need to publish to be useful. Fixes bug 2050. - Do even more to reject (and not just ignore) annotations on router descriptors received anywhere but from the cache. Previously we would ignore such annotations at first, but cache them to disk anyway. Bugfix on 0.2.0.8-alpha. Found by piebeer. - When you're using bridges and your network goes away and your bridges get marked as down, recover when you attempt a new socks connection (if the network is back), rather than waiting up to an hour to try fetching new descriptors for your bridges. Bugfix on 0.2.0.3-alpha; fixes bug 1981. o Major features: - Move to the November 2010 Maxmind GeoLite country db (rather than the June 2009 ip-to-country GeoIP db) for our statistics that count how many users relays are seeing from each country. Now we'll have more accurate data, especially for many African countries. o New directory authorities: - Set up maatuska (run by Linus Nordberg) as the eighth v3 directory authority. o Minor bugfixes: - Fix an assertion failure that could occur in directory caches or bridge users when using a very short voting interval on a testing network. Diagnosed by Robert Hogan. Fixes bug 1141; bugfix on 0.2.0.8-alpha. - Enforce multiplicity rules when parsing annotations. Bugfix on 0.2.0.8-alpha. Found by piebeer. - Allow handshaking OR connections to take a full KeepalivePeriod seconds to handshake. Previously, we would close them after IDLE_OR_CONN_TIMEOUT (180) seconds, the same timeout as if they were open. Bugfix on 0.2.1.26; fixes bug 1840. Thanks to mingw-san for analysis help. - When building with --enable-gcc-warnings on OpenBSD, disable warnings in system headers. This makes --enable-gcc-warnings pass on OpenBSD 4.8. o Minor features: - Exit nodes didn't recognize EHOSTUNREACH as a plausible error code, and so sent back END_STREAM_REASON_MISC. Clients now recognize a new stream ending reason for this case: END_STREAM_REASON_NOROUTE. Servers can start sending this code when enough clients recognize it. Bugfix on 0.1.0.1-rc; fixes part of bug 1793. - Build correctly on mingw with more recent versions of OpenSSL 0.9.8. Patch from mingw-san. o Removed files: - Remove the old debian/ directory from the main Tor distribution. The official Tor-for-debian git repository lives at the URL https://git.torproject.org/debian/tor.git - Stop shipping the old doc/website/ directory in the tarball. We changed the website format in late 2010, and what we shipped in 0.2.1.26 really wasn't that useful anyway. ------------------------------------------------------------------------ This is the Tor announcements list. If you want to unsubscribe, send mail to majordomo&lt; at &gt;seul.org with "unsubscribe or-announce" as your message. </pre> Roger Dingledine 2010-11-26T08:27:40 http://comments.gmane.org/gmane.network.onion-routing.announce/34 <pre>Tor 0.2.1.26 addresses the recent connection and memory overload problems we've been seeing on relays, especially relays with their DirPort open. If your relay has been crashing, or you turned it off because it used too many resources, give this release a try. This release also fixes yet another instance of broken OpenSSL libraries that was causing some relays to drop out of the consensus. People running Tor as a relay should upgrade: https://www.torproject.org/download Changes in version 0.2.1.26 - 2010-05-02 o Major bugfixes: - Teach relays to defend themselves from connection overload. Relays now close idle circuits early if it looks like they were intended for directory fetches. Relays are also more aggressive about closing TLS connections that have no circuits on them. Such circuits are unlikely to be re-used, and tens of thousands of them were piling up at the fast relays, causing the relays to run out of sockets and memory. Bugfix on 0.2.0.22-rc (where clients started tunneling their directory fetches over TLS). - Fix SSL renegotiation behavior on OpenSSL versions like on Centos that claim to be earlier than 0.9.8m, but which have in reality backported huge swaths of 0.9.8m or 0.9.8n renegotiation behavior. Possible fix for some cases of bug 1346. - Directory mirrors were fetching relay descriptors only from v2 directory authorities, rather than v3 authorities like they should. Only 2 v2 authorities remain (compared to 7 v3 authorities), leading to a serious bottleneck. Bugfix on 0.2.0.9-alpha. Fixes bug 1324. o Minor bugfixes: - Finally get rid of the deprecated and now harmful notion of "clique mode", where directory authorities maintain TLS connections to every other relay. o Testsuite fixes: - In the util/threads test, no longer free the test_mutex before all worker threads have finished. Bugfix on 0.2.1.6-alpha. - The master thread could starve the worker threads quite badly on certain systems, causing them to run only partially in the allowed window. This resulted in test failures. Now the master thread sleeps occasionally for a few microseconds while the two worker-threads compete for the mutex. Bugfix on 0.2.0.1-alpha. ------------------------------------------------------------------------ This is the Tor announcements list. If you want to unsubscribe, send mail to majordomo&lt; at &gt;seul.org with "unsubscribe or-announce" as your message. </pre> Roger Dingledine 2010-06-11T21:43:11 http://comments.gmane.org/gmane.network.onion-routing.announce/33 <pre>We have declared end-of-life for Tor 0.2.0.x. Those Tor versions have several known flaws, and nobody should be using them. You should upgrade. Specifically, the big flaw in Tor &lt;= 0.2.0.35 is that its list of directory authorities is out of date, so you'll find it hard to learn about the network. We're signing the network status consensus with the old signatures for now, but we're going to stop doing that in a few weeks, which means your Tor 0.2.0.x will fail to find the current network. The only exception is people using Debian Lenny -- our nice Debian packager is trying to keep that package maintained for you. As a bonus, if you move to a newer Tor you'll get significant performance boosts as a client, and you'll improve the performance for others as a relay. Thanks, --Roger ------------------------------------------------------------------------ This is the Tor announcements list. If you want to unsubscribe, send mail to majordomo&lt; at &gt;seul.org with "unsubscribe or-announce" as your message. </pre> Roger Dingledine 2010-03-30T16:51:52 http://comments.gmane.org/gmane.network.onion-routing.announce/32 <pre>Tor 0.2.1.25 fixes a regression introduced in 0.2.1.23 that could prevent relays from guessing their IP address correctly. It also fixes several minor potential security bugs. People running Tor as a relay should upgrade: https://www.torproject.org/download Changes in version 0.2.1.25 - 2010-03-16 o Major bugfixes: - Fix a regression from our patch for bug 1244 that caused relays to guess their IP address incorrectly if they didn't set Address in their torrc and/or their address fails to resolve. Bugfix on 0.2.1.23; fixes bug 1269. - When freeing a session key, zero it out completely. We only zeroed the first ptrsize bytes. Bugfix on 0.0.2pre8. Discovered and patched by ekir. Fixes bug 1254. o Minor bugfixes: - Fix a dereference-then-NULL-check sequence when publishing descriptors. Bugfix on 0.2.1.5-alpha. Discovered by ekir; fixes bug 1255. - Fix another dereference-then-NULL-check sequence. Bugfix on 0.2.1.14-rc. Discovered by ekir; fixes bug 1256. - Make sure we treat potentially not NUL-terminated strings correctly. Bugfix on 0.1.1.13-alpha. Discovered by rieo; fixes bug 1257. ------------------------------------------------------------------------ This is the Tor announcements list. If you want to unsubscribe, send mail to majordomo&lt; at &gt;seul.org with "unsubscribe or-announce" as your message. </pre> Roger Dingledine 2010-03-30T15:50:57 http://comments.gmane.org/gmane.network.onion-routing.announce/31 <pre>Tor 0.2.1.23 fixes a huge client-side performance bug, makes Tor work again on the latest OS X, and updates the location of a directory authority. Tor 0.2.1.24 makes Tor work again on the latest OS X -- this time for sure! The Windows and OS X bundles also come with a newer version of Polipo that fixes some stability and security problems. People using Tor as a client should upgrade: https://www.torproject.org/easy-download Changes in version 0.2.1.23 - 2010-02-13 o Major bugfixes (performance): - We were selecting our guards uniformly at random, and then weighting which of our guards we'd use uniformly at random. This imbalance meant that Tor clients were severely limited on throughput (and probably latency too) by the first hop in their circuit. Now we select guards weighted by currently advertised bandwidth. We also automatically discard guards picked using the old algorithm. Fixes bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry. o Major bugfixes: - Make Tor work again on the latest OS X: when deciding whether to use strange flags to turn TLS renegotiation on, detect the OpenSSL version at run-time, not compile time. We need to do this because Apple doesn't update its dev-tools headers when it updates its libraries in a security patch. - Fix a potential buffer overflow in lookup_last_hid_serv_request() that could happen on 32-bit platforms with 64-bit time_t. Also fix a memory leak when requesting a hidden service descriptor we've requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found by aakova. o Minor bugfixes: - Refactor resolve_my_address() to not use gethostbyname() anymore. Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike Mestnik. o Minor features: - Avoid a mad rush at the beginning of each month when each client rotates half of its guards. Instead we spread the rotation out throughout the month, but we still avoid leaving a precise timestamp in the state file about when we first picked the guard. Improves over the behavior introduced in 0.1.2.17. Changes in version 0.2.1.24 - 2010-02-21 o Minor bugfixes: - Work correctly out-of-the-box with even more vendor-patched versions of OpenSSL. In particular, make it so Debian and OS X don't need customized patches to run/build. ------------------------------------------------------------------------ This is the Tor announcements list. If you want to unsubscribe, send mail to majordomo&lt; at &gt;seul.org with "unsubscribe or-announce" as your message. </pre> Roger Dingledine 2010-03-01T04:38:47 http://comments.gmane.org/gmane.network.onion-routing.announce/30 <pre>Tor 0.2.1.22 rotates two of the seven v3 directory authority keys and locations, due to a security breach of some of the Torproject servers: http://archives.seul.org/or/talk/Jan-2010/msg00161.html It also fixes a privacy problem in bridge directory authorities -- it would tell you its whole history of bridge descriptors if you make the right directory request. Everybody should upgrade: https://www.torproject.org/easy-download (Tor Browser Bundle updates coming in the next few days, hopefully.) Changes in version 0.2.1.22 - 2010-01-19 o Directory authority changes: - Rotate keys (both v3 identity and relay identity) for moria1 and gabelmoo. o Major bugfixes: - Stop bridge directory authorities from answering dbg-stability.txt directory queries, which would let people fetch a list of all bridge identities they track. Bugfix on 0.2.1.6-alpha. ------------------------------------------------------------------------ This is the Tor announcements list. If you want to unsubscribe, send mail to majordomo&lt; at &gt;seul.org with "unsubscribe or-announce" as your message. </pre> Roger Dingledine 2010-01-21T05:18:58 http://comments.gmane.org/gmane.network.onion-routing.announce/29 <pre>Tor 0.2.1.21 fixes an incompatibility with the most recent OpenSSL library. If you use Tor on Linux / Unix and you're getting SSL renegotiation errors, upgrading should help. We also recommend an upgrade if you're an exit relay. https://www.torproject.org/easy-download Changes in version 0.2.1.21 - 2009-12-21 o Major bugfixes: - Work around a security feature in OpenSSL 0.9.8l that prevents our handshake from working unless we explicitly tell OpenSSL that we are using SSL renegotiation safely. We are, of course, but OpenSSL 0.9.8l won't work unless we say we are. - Avoid crashing if the client is trying to upload many bytes and the circuit gets torn down at the same time, or if the flip side happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150. o Minor bugfixes: - Do not refuse to learn about authority certs and v2 networkstatus documents that are older than the latest consensus. This bug might have degraded client bootstrapping. Bugfix on 0.2.0.10-alpha. Spotted and fixed by xmux. - Fix a couple of very-hard-to-trigger memory leaks, and one hard-to- trigger platform-specific option misparsing case found by Coverity Scan. - Fix a compilation warning on Fedora 12 by removing an impossible-to- trigger assert. Fixes bug 1173. ------------------------------------------------------------------------ This is the Tor announcements list. If you want to unsubscribe, send mail to majordomo&lt; at &gt;seul.org with "unsubscribe or-announce" as your message. </pre> Roger Dingledine 2009-12-29T15:23:14 http://comments.gmane.org/gmane.network.onion-routing.announce/28 <pre>Tor 0.2.1.20 fixes a crash bug when you're accessing many hidden services at once, prepares for more performance improvements, and fixes a bunch of smaller bugs. The Windows and OS X bundles also include a more recent Vidalia, and switch from Privoxy to Polipo. The OS X installers are now drag and drop. It's best to un-install Tor/Vidalia and then install this new bundle, rather than upgrade. If you want to upgrade, you'll need to update the paths for Tor and Polipo in the Vidalia Settings window. https://www.torproject.org/easy-download Changes in version 0.2.1.20 - 2009-10-15 o Major bugfixes: - Send circuit or stream sendme cells when our window has decreased by 100 cells, not when it has decreased by 101 cells. Bug uncovered by Karsten when testing the "reduce circuit window" performance patch. Bugfix on the 54th commit on Tor -- from July 2002, before the release of Tor 0.0.0. This is the new winner of the oldest-bug prize. - Fix a remotely triggerable memory leak when a consensus document contains more than one signature from the same voter. Bugfix on 0.2.0.3-alpha. - Avoid segfault in rare cases when finishing an introduction circuit as a client and finding out that we don't have an introduction key for it. Fixes bug 1073. Reported by Aaron Swartz. o Major features: - Tor now reads the "circwindow" parameter out of the consensus, and uses that value for its circuit package window rather than the default of 1000 cells. Begins the implementation of proposal 168. o New directory authorities: - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory authority. - Move moria1 and tonga to alternate IP addresses. o Minor bugfixes: - Fix a signed/unsigned compile warning in 0.2.1.19. - Fix possible segmentation fault on directory authorities. Bugfix on 0.2.1.14-rc. - Fix an extremely rare infinite recursion bug that could occur if we tried to log a message after shutting down the log subsystem. Found by Matt Edman. Bugfix on 0.2.0.16-alpha. - Fix an obscure bug where hidden services on 64-bit big-endian systems might mis-read the timestamp in v3 introduce cells, and refuse to connect back to the client. Discovered by "rotor". Bugfix on 0.2.1.6-alpha. - We were triggering a CLOCK_SKEW controller status event whenever we connect via the v2 connection protocol to any relay that has a wrong clock. Instead, we should only inform the controller when it's a trusted authority that claims our clock is wrong. Bugfix on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit. - We were telling the controller about CHECKING_REACHABILITY and REACHABILITY_FAILED status events whenever we launch a testing circuit or notice that one has failed. Instead, only tell the controller when we want to inform the user of overall success or overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported by SwissTorExit. - Don't warn when we're using a circuit that ends with a node excluded in ExcludeExitNodes, but the circuit is not used to access the outside world. This should help fix bug 1090. Bugfix on 0.2.1.6-alpha. - Work around a small memory leak in some versions of OpenSSL that stopped the memory used by the hostname TLS extension from being freed. o Minor features: - Add a "getinfo status/accepted-server-descriptor" controller command, which is the recommended way for controllers to learn whether our server descriptor has been successfully received by at least on directory authority. Un-recommend good-server-descriptor getinfo and status events until we have a better design for them. </pre> Roger Dingledine 2009-11-12T15:14:11 Search the mailing list at Gmane query http://search.gmane.org/?group=$group=gmane.network.onion-routing.announce