Hello community, here is the log from the commit of package tor for openSUSE:Factory checked in at 2015-04-07 09:30:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tor (Old) and /work/SRC/openSUSE:Factory/.tor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "tor" Changes: -------- --- /work/SRC/openSUSE:Factory/tor/tor.changes 2015-03-30 19:33:40.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.tor.new/tor.changes 2015-04-07 09:30:28.000000000 +0200 @@ -1,0 +2,24 @@ +Mon Apr 6 18:56:30 UTC 2015 - astieger@suse.com + +- tor 0.2.6.7 + This releases fixes two security issues that could be used by an + attacker to crash hidden services, or crash clients visiting + hidden services. Hidden services should upgrade as soon as + possible. [boo#926097] + This release also contains two simple improvements to make hidden + services a bit less vulnerable to denial-of-service attacks. + - Fix an issue that would allow a malicious client to trigger an + assertion failure and halt a hidden service. CVE-2015-2928 + - Fix a bug that could cause a client to crash with an assertion + failure when parsing a malformed hidden service descriptor. + CVE-2015-2929 + - Introduction points no longer allow multiple INTRODUCE1 cells + to arrive on the same circuit. This should make it more + expensive for attackers to overwhelm hidden services with + introductions. + - Decrease the amount of reattempts that a hidden service + performs when its rendezvous circuits fail. This reduces the + computational cost for running a hidden service under heavy + load. + +------------------------------------------------------------------- Old: ---- tor-0.2.6.6.tar.gz tor-0.2.6.6.tar.gz.asc New: ---- tor-0.2.6.7.tar.gz tor-0.2.6.7.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tor.spec ++++++ --- /var/tmp/diff_new_pack.WvLa7N/_old 2015-04-07 09:30:29.000000000 +0200 +++ /var/tmp/diff_new_pack.WvLa7N/_new 2015-04-07 09:30:29.000000000 +0200 @@ -24,7 +24,7 @@ %define home_dir %{_localstatedir}/lib/empty %bcond_with bufferevents Name: tor -Version: 0.2.6.6 +Version: 0.2.6.7 Release: 0 Summary: Anonymizing overlay network for TCP (The onion router) License: BSD-3-Clause ++++++ tor-0.2.6.6.tar.gz -> tor-0.2.6.7.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.6/ChangeLog new/tor-0.2.6.7/ChangeLog --- old/tor-0.2.6.6/ChangeLog 2015-03-24 15:23:38.000000000 +0100 +++ new/tor-0.2.6.7/ChangeLog 2015-04-06 16:03:08.000000000 +0200 @@ -1,3 +1,31 @@ +Changes in version 0.2.6.7 - 2015-04-06 + Tor 0.2.6.7 fixes two security issues that could be used by an + attacker to crash hidden services, or crash clients visiting hidden + services. Hidden services should upgrade as soon as possible; clients + should upgrade whenever packages become available. + + This release also contains two simple improvements to make hidden + services a bit less vulnerable to denial-of-service attacks. + + o Major bugfixes (security, hidden service): + - Fix an issue that would allow a malicious client to trigger an + assertion failure and halt a hidden service. Fixes bug 15600; + bugfix on 0.2.1.6-alpha. Reported by "disgleirio". + - Fix a bug that could cause a client to crash with an assertion + failure when parsing a malformed hidden service descriptor. Fixes + bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC". + + o Minor features (DoS-resistance, hidden service): + - Introduction points no longer allow multiple INTRODUCE1 cells to + arrive on the same circuit. This should make it more expensive for + attackers to overwhelm hidden services with introductions. + Resolves ticket 15515. + - Decrease the amount of reattempts that a hidden service performs + when its rendezvous circuits fail. This reduces the computational + cost for running a hidden service under heavy load. Resolves + ticket 11447. + + Changes in version 0.2.6.6 - 2015-03-24 Tor 0.2.6.6 is the first stable release in the 0.2.6 series. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.6/ReleaseNotes new/tor-0.2.6.7/ReleaseNotes --- old/tor-0.2.6.6/ReleaseNotes 2015-03-24 15:23:38.000000000 +0100 +++ new/tor-0.2.6.7/ReleaseNotes 2015-04-06 16:03:08.000000000 +0200 @@ -4,6 +4,34 @@ each development snapshot, see the ChangeLog file. +Changes in version 0.2.6.7 - 2015-04-06 + Tor 0.2.6.7 fixes two security issues that could be used by an + attacker to crash hidden services, or crash clients visiting hidden + services. Hidden services should upgrade as soon as possible; clients + should upgrade whenever packages become available. + + This release also contains two simple improvements to make hidden + services a bit less vulnerable to denial-of-service attacks. + + o Major bugfixes (security, hidden service): + - Fix an issue that would allow a malicious client to trigger an + assertion failure and halt a hidden service. Fixes bug 15600; + bugfix on 0.2.1.6-alpha. Reported by "disgleirio". + - Fix a bug that could cause a client to crash with an assertion + failure when parsing a malformed hidden service descriptor. Fixes + bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC". + + o Minor features (DoS-resistance, hidden service): + - Introduction points no longer allow multiple INTRODUCE1 cells to + arrive on the same circuit. This should make it more expensive for + attackers to overwhelm hidden services with introductions. + Resolves ticket 15515. + - Decrease the amount of reattempts that a hidden service performs + when its rendezvous circuits fail. This reduces the computational + cost for running a hidden service under heavy load. Resolves + ticket 11447. + + Changes in version 0.2.6.6 - 2015-03-24 Tor 0.2.6.6 is the first stable release in the 0.2.6 series. @@ -858,6 +886,8 @@ - Refactor our generic strmap and digestmap types into a single implementation, so that we can add a new digest256map type trivially. + + o Documentation: - Add a doc/TUNING document with tips for handling large numbers of TCP connections when running busy Tor relay. Update the warning message to point to this file when running out of sockets diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.6/configure new/tor-0.2.6.7/configure --- old/tor-0.2.6.6/configure 2015-03-24 15:26:21.000000000 +0100 +++ new/tor-0.2.6.7/configure 2015-04-06 16:05:08.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for tor 0.2.6.6. +# Generated by GNU Autoconf 2.69 for tor 0.2.6.7. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ # Identity of this package. PACKAGE_NAME='tor' PACKAGE_TARNAME='tor' -PACKAGE_VERSION='0.2.6.6' -PACKAGE_STRING='tor 0.2.6.6' +PACKAGE_VERSION='0.2.6.7' +PACKAGE_STRING='tor 0.2.6.7' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1389,7 +1389,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures tor 0.2.6.6 to adapt to many kinds of systems. +\`configure' configures tor 0.2.6.7 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1459,7 +1459,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of tor 0.2.6.6:";; + short | recursive ) echo "Configuration of tor 0.2.6.7:";; esac cat <<\_ACEOF @@ -1619,7 +1619,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -tor configure 0.2.6.6 +tor configure 0.2.6.7 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2324,7 +2324,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by tor $as_me 0.2.6.6, which was +It was created by tor $as_me 0.2.6.7, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3189,7 +3189,7 @@ # Define the identity of the package. PACKAGE='tor' - VERSION='0.2.6.6' + VERSION='0.2.6.7' cat >>confdefs.h <<_ACEOF @@ -13966,7 +13966,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by tor $as_me 0.2.6.6, which was +This file was extended by tor $as_me 0.2.6.7, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -14032,7 +14032,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -tor config.status 0.2.6.6 +tor config.status 0.2.6.7 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.6/configure.ac new/tor-0.2.6.7/configure.ac --- old/tor-0.2.6.6/configure.ac 2015-03-24 15:23:44.000000000 +0100 +++ new/tor-0.2.6.7/configure.ac 2015-04-06 16:03:08.000000000 +0200 @@ -3,7 +3,7 @@ dnl Copyright (c) 2007-2015, The Tor Project, Inc. dnl See LICENSE for licensing information -AC_INIT([tor],[0.2.6.6]) +AC_INIT([tor],[0.2.6.7]) AC_CONFIG_SRCDIR([src/or/main.c]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.6/contrib/win32build/tor-mingw.nsi.in new/tor-0.2.6.7/contrib/win32build/tor-mingw.nsi.in --- old/tor-0.2.6.6/contrib/win32build/tor-mingw.nsi.in 2015-03-24 15:23:44.000000000 +0100 +++ new/tor-0.2.6.7/contrib/win32build/tor-mingw.nsi.in 2015-04-06 16:03:08.000000000 +0200 @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.6.6" +!define VERSION "0.2.6.7" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.6/micro-revision.i new/tor-0.2.6.7/micro-revision.i --- old/tor-0.2.6.6/micro-revision.i 2015-03-24 15:26:59.000000000 +0100 +++ new/tor-0.2.6.7/micro-revision.i 2015-04-06 16:05:34.000000000 +0200 @@ -1 +1 @@ -"bb8c4e69ca5c8bca" +"9ccf019b168909ef" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.6/src/or/or.h new/tor-0.2.6.7/src/or/or.h --- old/tor-0.2.6.6/src/or/or.h 2015-03-11 18:32:49.000000000 +0100 +++ new/tor-0.2.6.7/src/or/or.h 2015-04-06 15:30:51.000000000 +0200 @@ -3181,6 +3181,9 @@ * to the specification? */ unsigned int remaining_relay_early_cells : 4; + /* We have already received an INTRODUCE1 cell on this circuit. */ + unsigned int already_received_introduce1 : 1; + /** True iff this circuit was made with a CREATE_FAST cell. */ unsigned int is_first_hop : 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.6/src/or/or_sha1.i new/tor-0.2.6.7/src/or/or_sha1.i --- old/tor-0.2.6.6/src/or/or_sha1.i 2015-03-18 20:45:30.000000000 +0100 +++ new/tor-0.2.6.7/src/or/or_sha1.i 2015-04-06 15:59:56.000000000 +0200 @@ -40,14 +40,14 @@ "727ea4d73c2a1734ce1c1313e79156a9f3ac6630 src/or/reasons.c\n" "c7f570fae6c9fd47ca194bfed16ab65570077586 src/or/relay.c\n" "de2b01779f7377754b459d2ba18079616abf67c9 src/or/rendclient.c\n" -"eba95a1ee8b86f14d0f88124098f5054262103cb src/or/rendcommon.c\n" -"c6975539f3f66c86b9e5ed527cd44885d1af3a72 src/or/rendmid.c\n" -"6717517a49dcbd5f9567b9060d64d20f682f91b6 src/or/rendservice.c\n" +"0eddf719899e16edfafe834d86edfdc5e1aceb11 src/or/rendcommon.c\n" +"2a405ebcd46953703a20ca89bf7db5878b75c4c7 src/or/rendmid.c\n" +"666d5b474031cdf9305ea931d583dc6721338caf src/or/rendservice.c\n" "851d0858b4af447ffef05b3a75e584160b690c7d src/or/rephist.c\n" "0bedee95c36846f4dc6a952cf2a11df7221ea8be src/or/replaycache.c\n" "9bbc4e8a9022c3ca5dce213d2af685ce0571a15a src/or/router.c\n" "105338332a1bcb60ed74b9538c9d6e160224043a src/or/routerlist.c\n" -"f5fc3a49cb275a3c73b9f26d7032f63dd4a4bfea src/or/routerparse.c\n" +"7ea6e1a6dd61b75eb70f15b315480b02c756ce62 src/or/routerparse.c\n" "17bfacd4a0839f906490a2d3fcc792a6b671851f src/or/routerset.c\n" "82d6c5d08f209a4c898c276c0740eae042bb14b3 src/or/scheduler.c\n" "ac3af3092056eff7fd4c127824b1b5ee65e35618 src/or/statefile.c\n" @@ -93,7 +93,7 @@ "9e55a60424f35f84910caa150910f95e0c001ffb src/or/onion_fast.h\n" "c50fd27479899fa70cd2f53f9091e54c39206031 src/or/onion_ntor.h\n" "967ecb5a0fd9908067fd65f58e16f9dd218237be src/or/onion_tap.h\n" -"1ffe7bdcdcc967cb46d757d5fab5467bb1d8e00f src/or/or.h\n" +"d52b25c3bcde56e4e136e5cc4b483eeb23ddc6f4 src/or/or.h\n" "6248869b9027d657b6dfd43220a320bf9be1fc25 src/or/transports.h\n" "1cdce9e85592d9ac9d7b0fae03da6d9636d231d5 src/or/policies.h\n" "d11647050a172f2110735757a51498fb3d123d6e src/or/reasons.h\n" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.6/src/or/rendcommon.c new/tor-0.2.6.7/src/or/rendcommon.c --- old/tor-0.2.6.6/src/or/rendcommon.c 2015-02-24 16:33:31.000000000 +0100 +++ new/tor-0.2.6.7/src/or/rendcommon.c 2015-04-06 15:30:54.000000000 +0200 @@ -1190,7 +1190,7 @@ } /* Decode/decrypt introduction points. */ - if (intro_content) { + if (intro_content && intro_size > 0) { int n_intro_points; if (rend_query->auth_type != REND_NO_AUTH && !tor_mem_is_zero(rend_query->descriptor_cookie, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.6/src/or/rendmid.c new/tor-0.2.6.7/src/or/rendmid.c --- old/tor-0.2.6.6/src/or/rendmid.c 2015-02-24 16:33:31.000000000 +0100 +++ new/tor-0.2.6.7/src/or/rendmid.c 2015-04-06 15:30:51.000000000 +0200 @@ -149,6 +149,20 @@ goto err; } + /* We have already done an introduction on this circuit but we just + received a request for another one. We block it since this might + be an attempt to DoS a hidden service (#15515). */ + if (circ->already_received_introduce1) { + log_fn(LOG_PROTOCOL_WARN, LD_REND, + "Blocking multiple introductions on the same circuit. " + "Someone might be trying to attack a hidden service through " + "this relay."); + circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL); + return -1; + } + + circ->already_received_introduce1 = 1; + /* We could change this to MAX_HEX_NICKNAME_LEN now that 0.0.9.x is * obsolete; however, there isn't much reason to do so, and we're going * to revise this protocol anyway. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.6/src/or/rendservice.c new/tor-0.2.6.7/src/or/rendservice.c --- old/tor-0.2.6.6/src/or/rendservice.c 2015-03-10 15:26:37.000000000 +0100 +++ new/tor-0.2.6.7/src/or/rendservice.c 2015-04-06 15:30:54.000000000 +0200 @@ -90,7 +90,7 @@ #define MAX_INTRO_CIRCS_PER_PERIOD 10 /** How many times will a hidden service operator attempt to connect to * a requested rendezvous point before giving up? */ -#define MAX_REND_FAILURES 8 +#define MAX_REND_FAILURES 1 /** How many seconds should we spend trying to connect to a requested * rendezvous point before giving up? */ #define MAX_REND_TIMEOUT 30 @@ -1937,6 +1937,16 @@ intro->version, (intro->type)); } + + goto err; + } + if (128 != crypto_pk_keysize(extend_info->onion_key)) { + if (err_msg_out) { + tor_asprintf(err_msg_out, + "invalid onion key size in version %d INTRODUCE%d cell", + intro->version, + (intro->type)); + } goto err; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.6/src/or/routerparse.c new/tor-0.2.6.7/src/or/routerparse.c --- old/tor-0.2.6.6/src/or/routerparse.c 2015-03-10 15:26:37.000000000 +0100 +++ new/tor-0.2.6.7/src/or/routerparse.c 2015-04-06 15:30:54.000000000 +0200 @@ -4820,7 +4820,7 @@ size_t intro_points_encoded_size) { const char *current_ipo, *end_of_intro_points; - smartlist_t *tokens; + smartlist_t *tokens = NULL; directory_token_t *tok; rend_intro_point_t *intro; extend_info_t *info; @@ -4829,8 +4829,10 @@ tor_assert(parsed); /** Function may only be invoked once. */ tor_assert(!parsed->intro_nodes); - tor_assert(intro_points_encoded); - tor_assert(intro_points_encoded_size > 0); + if (!intro_points_encoded || intro_points_encoded_size == 0) { + log_warn(LD_REND, "Empty or zero size introduction point list"); + goto err; + } /* Consider one intro point after the other. */ current_ipo = intro_points_encoded; end_of_intro_points = intro_points_encoded + intro_points_encoded_size; @@ -4934,8 +4936,10 @@ done: /* Free tokens and clear token list. */ - SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t)); - smartlist_free(tokens); + if (tokens) { + SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t)); + smartlist_free(tokens); + } if (area) memarea_drop_all(area); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tor-0.2.6.6/src/win32/orconfig.h new/tor-0.2.6.7/src/win32/orconfig.h --- old/tor-0.2.6.6/src/win32/orconfig.h 2015-03-24 15:23:44.000000000 +0100 +++ new/tor-0.2.6.7/src/win32/orconfig.h 2015-04-06 16:03:08.000000000 +0200 @@ -232,7 +232,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.6.6" +#define VERSION "0.2.6.7"