home:AndreasStieger:branches:openSUSE:Factory:Contrib/tor -> openSUSE:Factory:Contrib/tor https://build.opensuse.org/request/diff/89711 Description: update to upstream 0.2.2.34 changes files: -------------- --- tor.changes +++ tor.changes @@ -1,0 +2,119 @@ +Fri Oct 28 19:49:39 UTC 2011 - andreas.stieger@gmx.de + +- update to upstream 0.2.2.34 + +Changes in version 0.2.2.34 - 2011-10-26 + Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker + can deanonymize Tor users. Everybody should upgrade. + + The attack relies on four components: 1) Clients reuse their TLS cert + when talking to different relays, so relays can recognize a user by + the identity key in her cert. 2) An attacker who knows the client's + identity key can probe each guard relay to see if that identity key + is connected to that guard relay right now. 3) A variety of active + attacks in the literature (starting from "Low-Cost Traffic Analysis + of Tor" by Murdoch and Danezis in 2005) allow a malicious website to + discover the guard relays that a Tor user visiting the website is using. + 4) Clients typically pick three guards at random, so the set of guards + for a given user could well be a unique fingerprint for her. This + release fixes components #1 and #2, which is enough to block the attack; + the other two remain as open research problems. Special thanks to + "frosty_un" for reporting the issue to us! + + Clients should upgrade so they are no longer recognizable by the TLS + certs they present. Relays should upgrade so they no longer allow a + remote attacker to probe them to test whether unpatched clients are + currently connected to them. + + This release also fixes several vulnerabilities that allow an attacker + to enumerate bridge relays. Some bridge enumeration attacks still + remain; see for example proposal 188. + + o Privacy/anonymity fixes (clients): + - Clients and bridges no longer send TLS certificate chains on + outgoing OR connections. Previously, each client or bridge would + use the same cert chain for all outgoing OR connections until + its IP address changes, which allowed any relay that the client + or bridge contacted to determine which entry guards it is using. + Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un". + - If a relay receives a CREATE_FAST cell on a TLS connection, it + no longer considers that connection as suitable for satisfying a + circuit EXTEND request. Now relays can protect clients from the + CVE-2011-2768 issue even if the clients haven't upgraded yet. + - Directory authorities no longer assign the Guard flag to relays + that haven't upgraded to the above "refuse EXTEND requests + to client connections" fix. Now directory authorities can + protect clients from the CVE-2011-2768 issue even if neither + the clients nor the relays have upgraded yet. There's a new + "GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays" config option + to let us transition smoothly, else tomorrow there would be no + guard relays. + + o Privacy/anonymity fixes (bridge enumeration): + - Bridge relays now do their directory fetches inside Tor TLS + connections, like all the other clients do, rather than connecting + directly to the DirPort like public relays do. Removes another + avenue for enumerating bridges. Fixes bug 4115; bugfix on 0.2.0.35. + - Bridges relays now build circuits for themselves in a more similar + way to how clients build them. Removes another avenue for + enumerating bridges. Fixes bug 4124; bugfix on 0.2.0.3-alpha, + when bridges were introduced. + - Bridges now refuse CREATE or CREATE_FAST cells on OR connections + that they initiated. Relays could distinguish incoming bridge + connections from client connections, creating another avenue for + enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha. + Found by "frosty_un". + + o Major bugfixes: + - Fix a crash bug when changing node restrictions while a DNS lookup + is in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix + by "Tey'". + - Don't launch a useless circuit after failing to use one of a + hidden service's introduction points. Previously, we would + launch a new introduction circuit, but not set the hidden service + which that circuit was intended to connect to, so it would never + actually be used. A different piece of code would then create a + new introduction circuit correctly. Bug reported by katmagic and + found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug 4212. + + o Minor bugfixes: + - Change an integer overflow check in the OpenBSD_Malloc code so + that GCC is less likely to eliminate it as impossible. Patch + from Mansour Moufid. Fixes bug 4059. + - When a hidden service turns an extra service-side introduction + circuit into a general-purpose circuit, free the rend_data and + intro_key fields first, so we won't leak memory if the circuit + is cannibalized for use as another service-side introduction + circuit. Bugfix on 0.2.1.7-alpha; fixes bug 4251. + - Bridges now skip DNS self-tests, to act a little more stealthily. + Fixes bug 4201; bugfix on 0.2.0.3-alpha, which first introduced + bridges. Patch by "warms0x". + - Fix internal bug-checking logic that was supposed to catch + failures in digest generation so that it will fail more robustly + if we ask for a nonexistent algorithm. Found by Coverity Scan. + Bugfix on 0.2.2.1-alpha; fixes Coverity CID 479. + - Report any failure in init_keys() calls launched because our + IP address has changed. Spotted by Coverity Scan. Bugfix on + 0.1.1.4-alpha; fixes CID 484. + + o Minor bugfixes (log messages and documentation): + - Remove a confusing dollar sign from the example fingerprint in the + man page, and also make the example fingerprint a valid one. Fixes + bug 4309; bugfix on 0.2.1.3-alpha. + - The next version of Windows will be called Windows 8, and it has + a major version of 6, minor version of 2. Correctly identify that + version instead of calling it "Very recent version". Resolves + ticket 4153; reported by funkstar. + - Downgrade log messages about circuit timeout calibration from + "notice" to "info": they don't require or suggest any human + intervention. Patch from Tom Lowenthal. Fixes bug 4063; + bugfix on 0.2.2.14-alpha. + + o Minor features: + - Turn on directory request statistics by default and include them in + extra-info descriptors. Don't break if we have no GeoIP database. + Backported from 0.2.3.1-alpha; implements ticket 3951. + - Update to the October 4 2011 Maxmind GeoLite Country database. + + +------------------------------------------------------------------- old: ---- tor-0.2.2.33.tar.bz2 new: ---- tor-0.2.2.34.tar.bz2 spec files: ----------- --- tor.spec +++ tor.spec @@ -1,7 +1,7 @@ # norootforbuild Name: tor -Version: 0.2.2.33 +Version: 0.2.2.34 Release: 1 BuildRoot: %{_tmppath}/%{name}-%{version}-build License: 3-clause BSD other changes: -------------- ++++++ tor-0.2.2.33.tar.bz2 -> tor-0.2.2.34.tar.bz2 (55271 lines skipped) To REVIEW against the previous version: osc request show --diff 89711 To ACCEPT the request: osc request accept 89711 --message="reviewed ok." To DECLINE the request: osc request decline 89711 --message="declined for reason xyz (see ... for background / policy / ...)." To REVOKE the request: osc request revoke 89711 --message="retracted because ..., sorry / thx / see better version ..." -- Hermes messaging (http://hermes.opensuse.org) openSUSE Build Service (https://build.opensuse.org/) Collaboration: http://en.opensuse.org/Build_Service/Collaboration -- To unsubscribe, e-mail: opensuse-contrib+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-contrib+owner@opensuse.org