Tor 0.2.3.16-alpha introduces a workaround for a critical renegotiation bug in OpenSSL 1.0.1 (where 20% of the Tor network can't talk to itself currently). It also fixes a variety of smaller bugs and other cleanups that get us closer to a release candidate. The workaround for the OpenSSL bug will be part of the upcoming 0.2.2.37 release too. https://www.torproject.org/download/download (Packages coming eventually.) Changes in version 0.2.3.16-alpha - 2012-06-05 o Major bugfixes (general): - Work around a bug in OpenSSL that broke renegotiation with TLS 1.1 and TLS 1.2. Without this workaround, all attempts to speak the v2 Tor connection protocol when both sides were using OpenSSL 1.0.1 would fail. Resolves ticket 6033. - When waiting for a client to renegotiate, don't allow it to add any bytes to the input buffer. This fixes a potential DoS issue. Fixes bugs 5934 and 6007; bugfix on 0.2.0.20-rc. - Pass correct OR address to managed proxies (like obfsproxy), even when ORListenAddress is used. Fixes bug 4865; bugfix on 0.2.3.9-alpha. - The advertised platform of a router now includes only its operating system's name (e.g., "Linux", "Darwin", "Windows 7"), and not its service pack level (for Windows) or its CPU architecture (for Unix). We also no longer include the "git-XYZ" tag in the version. Resolves part of bug 2988. o Major bugfixes (clients): - If we are unable to find any exit that supports our predicted ports, stop calling them predicted, so that we don't loop and build hopeless circuits indefinitely. Fixes bug 3296; bugfix on 0.0.9pre6, which introduced predicted ports. - Fix an edge case where if we fetch or publish a hidden service descriptor, we might build a 4-hop circuit and then use that circuit for exiting afterwards -- even if the new last hop doesn't obey our ExitNodes config option. Fixes bug 5283; bugfix on 0.2.0.10-alpha. - Check at each new consensus whether our entry guards were picked long enough ago that we should rotate them. Previously, we only did this check at startup, which could lead to us holding a guard indefinitely. Fixes bug 5380; bugfix on 0.2.1.14-rc. - When fetching a bridge descriptor from a bridge authority, always do so anonymously, whether we have been able to open circuits or not. Partial fix for bug 1938; bugfix on 2.0.7-alpha. This behavior makes it *safer* to use UpdateBridgesFromAuthority, but we'll need to wait for bug 6010 before it's actually usable. o Major bugfixes (directory authorities): - When computing weight parameters, behave more robustly in the presence of a bad bwweightscale value. Previously, the authorities would crash if they agreed on a sufficiently broken weight_scale value: now, they use a reasonable default and carry on. Partial fix for 5786; bugfix on 0.2.2.17-alpha. - Check more thoroughly to prevent a rogue authority from double-voting on any consensus directory parameter. Previously, authorities would crash in this case if the total number of votes for any parameter exceeded the number of active voters, but would let it pass otherwise. Partial fix for bug 5786; bugfix on 0.2.2.2-alpha. o Minor features: - Rate-limit log messages when asked to connect anonymously to a private address. When these hit, they tended to hit fast and often. Also, don't bother trying to connect to addresses that we are sure will resolve to 127.0.0.1: getting 127.0.0.1 in a directory reply makes us think we have been lied to, even when the address the client tried to connect to was "localhost." Resolves ticket 2822. - Allow packagers to insert an extra string in server descriptor platform lines by setting the preprocessor variable TOR_BUILD_TAG. Resolves the rest of ticket 2988. - Raise the threshold of server descriptors needed (75%) and exit server descriptors needed (50%) before we will declare ourselves bootstrapped. This will make clients start building circuits a little later, but makes the initially constructed circuits less skewed and less in conflict with further directory fetches. Fixes ticket 3196. - Close any connection that sends unrecognized junk before the handshake. Solves an issue noted in bug 4369. - Improve log messages about managed transports. Resolves ticket 5070. - Tag a bridge's descriptor as "never to be sent unencrypted". This shouldn't matter, since bridges don't open non-anonymous connections to the bridge authority and don't allow unencrypted directory connections from clients, but we might as well make sure. Closes bug 5139. - Expose our view of whether we have gone dormant to the controller, via a new "GETINFO dormant" value. Torbutton and other controllers can use this to avoid doing periodic requests through Tor while it's dormant (bug 4718). Fixes bug 5954. - Tell GCC and Clang to check for any errors in format strings passed to the tor_v*(print|scan)f functions. - Update to the May 1 2012 Maxmind GeoLite Country database. o Minor bugfixes (already included in 0.2.2.36): - Reject out-of-range times like 23:59:61 in parse_rfc1123_time(). Fixes bug 5346; bugfix on 0.0.8pre3. - Correct parsing of certain date types in parse_http_time(). Without this patch, If-Modified-Since would behave incorrectly. Fixes bug 5346; bugfix on 0.2.0.2-alpha. Patch from Esteban Manchado Velázques. - Make our number-parsing functions always treat too-large values as an error, even when those values exceed the width of the underlying type. Previously, if the caller provided these functions with minima or maxima set to the extreme values of the underlying integer type, these functions would return those values on overflow rather than treating overflow as an error. Fixes part of bug 5786; bugfix on 0.0.9. - If we hit the error case where routerlist_insert() replaces an existing (old) server descriptor, make sure to remove that server descriptor from the old_routers list. Fix related to bug 1776. Bugfix on 0.2.2.18-alpha. - Clarify the behavior of MaxCircuitDirtiness with hidden service circuits. Fixes issue 5259. o Minor bugfixes (coding cleanup, on 0.2.2.x and earlier): - Prevent a null-pointer dereference when receiving a data cell for a nonexistent stream when the circuit in question has an empty deliver window. We don't believe this is triggerable, since we don't currently allow deliver windows to become empty, but the logic is tricky enough that it's better to make the code robust. Fixes bug 5541; bugfix on 0.0.2pre14. - Fix a memory leak when trying to launch a DNS request when the network is disabled or the nameservers are unconfigurable. Fixes bug 5916; bugfix on Tor 0.1.2.1-alpha (for the unconfigurable nameserver case) and on 0.2.3.9-alpha (for the DisableNetwork case). - Don't hold a windows file handle open for every file mapping; the file mapping handle is sufficient. Fixes bug 5951; bugfix on 0.1.2.1-alpha. - Avoid O(n^2) performance characteristics when parsing a large extrainfo cache. Fixes bug 5828; bugfix on 0.2.0.1-alpha. - Format more doubles with %f, not %lf. Patch from grarpamp to make Tor build correctly on older BSDs again. Fixes bug 3894; bugfix on Tor 0.2.0.8-alpha. - Make our replacement implementation of strtok_r() compatible with the standard behavior of strtok_r(). Patch by nils. Fixes bug 5091; bugfix on 0.2.2.1-alpha. - Fix a NULL-pointer dereference on a badly formed SETCIRCUITPURPOSE command. Found by mikeyc. Fixes bug 5796; bugfix on 0.2.2.9-alpha. - Fix a build warning with Clang 3.1 related to our use of vasprint. Fixes bug 5969. Bugfix on 0.2.2.11-alpha. - Defensively refactor rend_mid_rendezvous() so that protocol violations and length checks happen in the beginning. Fixes bug 5645. - Set _WIN32_WINNT to 0x0501 consistently throughout the code, so that IPv6 stuff will compile on MSVC, and compilation issues will be easier to track down. Fixes bug 5861. o Minor bugfixes (correctness, on 0.2.2.x and earlier): - Exit nodes now correctly report EADDRINUSE and EADDRNOTAVAIL as resource exhaustion, so that clients can adjust their load to try other exits. Fixes bug 4710; bugfix on 0.1.0.1-rc, which started using END_STREAM_REASON_RESOURCELIMIT. - Don't check for whether the address we're using for outbound connections has changed until after the outbound connection has completed. On Windows, getsockname() doesn't succeed until the connection is finished. Fixes bug 5374; bugfix on 0.1.1.14-alpha. - If the configuration tries to set MyFamily on a bridge, refuse to do so, and warn about the security implications. Fixes bug 4657; bugfix on 0.2.0.3-alpha. - If the client fails to set a reasonable set of ciphersuites during its v2 handshake renegotiation, allow the renegotiation to continue nevertheless (i.e. send all the required certificates). Fixes bug 4591; bugfix on 0.2.0.20-rc. - When we receive a SIGHUP and the controller __ReloadTorrcOnSIGHUP option is set to 0 (which Vidalia version 0.2.16 now does when a SAVECONF attempt fails), perform other actions that SIGHUP usually causes (like reopening the logs). Fixes bug 5095; bugfix on 0.2.1.9-alpha. - If we fail to write a microdescriptor to the disk cache, do not continue replacing the old microdescriptor file. Fixes bug 2954; bugfix on 0.2.2.6-alpha. - Exit nodes don't need to fetch certificates for authorities that they don't recognize; only directory authorities, bridges, and caches need to do that. Fixes part of bug 2297; bugfix on 0.2.2.11-alpha. - Correctly handle checking the permissions on the parent directory of a control socket in the root directory. Bug found by Esteban Manchado Vel�¡zquez. Fixes bug 5089; bugfix on Tor 0.2.2.26-beta. - When told to add a bridge with the same digest as a preexisting bridge but a different addr:port, change the addr:port as requested. Previously we would not notice the change. Fixes half of bug 5603; fix on 0.2.2.26-beta. - End AUTHCHALLENGE error messages (in the control protocol) with a CRLF. Fixes bug 5760; bugfix on 0.2.2.36 and 0.2.3.13-alpha. o Minor bugfixes (on 0.2.3.x): - Turn an assertion (that the number of handshakes received as a server is not < 1) into a warning. Fixes bug 4873; bugfix on 0.2.3.1-alpha. - Format IPv4 addresses correctly in ADDRMAP events. (Previously, we had reversed them when the answer was cached.) Fixes bug 5723; bugfix on 0.2.3.1-alpha. - Work correctly on Linux systems with accept4 support advertised in their headers, but without accept4 support in the kernel. Fix by murb. Fixes bug 5762; bugfix on 0.2.3.1-alpha. - When told to add a bridge with the same addr:port as a preexisting bridge but a different transport, change the transport as requested. Previously we would not notice the change. Fixes half of bug 5603; fix on 0.2.3.2-alpha. - Avoid a "double-reply" warning when replying to a SOCKS request with a parse error. Patch from Fabian Keil. Fixes bug 4108; bugfix on 0.2.3.4-alpha. - Fix a bug where a bridge authority crashes if it has seen no directory requests when it's time to write statistics to disk. Fixes bug 5891; bugfix on 0.2.3.6-alpha. Also fixes bug 5508 in a better way. - Don't try to open non-control listeners when DisableNetwork is set. Previously, we'd open all listeners, then immediately close them. Fixes bug 5604; bugfix on 0.2.3.9-alpha. - Don't abort the managed proxy protocol if the managed proxy sends us an unrecognized line; ignore it instead. Fixes bug 5910; bugfix on 0.2.3.9-alpha. - Fix a compile warning in crypto.c when compiling with clang 3.1. Fixes bug 5969, bugfix on 0.2.3.9-alpha. - Fix a compilation issue on GNU Hurd, which doesn't have PATH_MAX. Fixes bug 5355; bugfix on 0.2.3.11-alpha. - Remove bogus definition of "_WIN32" from src/win32/orconfig.h, to unbreak the MSVC build. Fixes bug 5858; bugfix on 0.2.3.12-alpha. - Resolve numerous small warnings and build issues with MSVC. Resolves bug 5859. o Documentation fixes: - Improve the manual's documentation for the NT Service command-line options. Addresses ticket 3964. - Clarify SessionGroup documentation slightly; resolves ticket 5437. - Document the changes to the ORPort and DirPort options, and the fact that {OR/Dir}ListenAddress is now unnecessary (and therefore deprecated). Resolves ticket 5597. o Removed files: - Remove the torrc.bridge file: we don't use it for anything, and it had become badly desynchronized from torrc.sample. Resolves bug 5622.
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk