CVS commit: wip/tor-dev

To: pkgsrc-wip-cvs%lists.sourceforge.net@localhost
Subject: CVS commit: wip/tor-dev
From: "Christian St." <athaba%users.sourceforge.net@localhost>
Date: Sat, 19 Feb 2011 01:51:33 +0000
Module name:    wip
Committed by:   athaba
Date:           Sat Feb 19 01:51:18 UTC 2011

Modified Files:
        wip/tor-dev: Makefile distinfo

Log Message:
Update tor to 0.2.2.22
Changes in version 0.2.2.22-alpha - 2011-01-25
  Tor 0.2.2.22-alpha fixes a few more less-critical security issues. The
  main other change is a slight tweak to Tor's TLS handshake that makes
  relays and bridges that run this new version reachable from Iran again.
  We don't expect this tweak will win the arms race long-term, but it
  will buy us a bit more time until we roll out a better solution.

  o Major bugfixes:
    - Fix a bounds-checking error that could allow an attacker to
      remotely crash a directory authority. Bugfix on 0.2.1.5-alpha.
      Found by "piebeer".
    - Don't assert when changing from bridge to relay or vice versa
      via the controller. The assert happened because we didn't properly
      initialize our keys in this case. Bugfix on 0.2.2.18-alpha; fixes
      bug 2433. Reported by bastik.

  o Minor features:
    - Adjust our TLS Diffie-Hellman parameters to match those used by
      Apache's mod_ssl.
    - Provide a log message stating which geoip file we're parsing
      instead of just stating that we're parsing the geoip file.
      Implements ticket 2432.

  o Minor bugfixes:
    - Check for and reject overly long directory certificates and
      directory tokens before they have a chance to hit any assertions.
      Bugfix on 0.2.1.28 / 0.2.2.20-alpha. Found by "doorss".


Changes in version 0.2.2.21-alpha - 2011-01-15
  Tor 0.2.2.21-alpha includes all the patches from Tor 0.2.1.29, which
  continues our recent code security audit work. The main fix resolves
  a remote heap overflow vulnerability that can allow remote code
  execution (CVE-2011-0427). Other fixes address a variety of assert
  and crash bugs, most of which we think are hard to exploit remotely.

  o Major bugfixes (security), also included in 0.2.1.29:
    - Fix a heap overflow bug where an adversary could cause heap
      corruption. This bug probably allows remote code execution
      attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on
      0.1.2.10-rc.
    - Prevent a denial-of-service attack by disallowing any
      zlib-compressed data whose compression factor is implausibly
      high. Fixes part of bug 2324; reported by "doorss".
    - Zero out a few more keys in memory before freeing them. Fixes
      bug 2384 and part of bug 2385. These key instances found by
      "cypherpunks", based on Andrew Case's report about being able
      to find sensitive data in Tor's memory space if you have enough
      permissions. Bugfix on 0.0.2pre9.

  o Major bugfixes (crashes), also included in 0.2.1.29:
    - Prevent calls to Libevent from inside Libevent log handlers.
      This had potential to cause a nasty set of crashes, especially
      if running Libevent with debug logging enabled, and running
      Tor with a controller watching for low-severity log messages.
      Bugfix on 0.1.0.2-rc. Fixes bug 2190.
    - Add a check for SIZE_T_MAX to tor_realloc() to try to avoid
      underflow errors there too. Fixes the other part of bug 2324.
    - Fix a bug where we would assert if we ever had a
      cached-descriptors.new file (or another file read directly into
      memory) of exactly SIZE_T_CEILING bytes. Fixes bug 2326; bugfix
      on 0.2.1.25. Found by doorss.
    - Fix some potential asserts and parsing issues with grossly
      malformed router caches. Fixes bug 2352; bugfix on Tor 0.2.1.27.
      Found by doorss.

  o Minor bugfixes (other), also included in 0.2.1.29:
    - Fix a bug with handling misformed replies to reverse DNS lookup
      requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a
      bug reported by doorss.
    - Fix compilation on mingw when a pthreads compatibility library
      has been installed. (We don't want to use it, so we shouldn't
      be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc.
    - Fix a bug where we would declare that we had run out of virtual
      addresses when the address space was only half-exhausted. Bugfix
      on 0.1.2.1-alpha.
    - Correctly handle the case where AutomapHostsOnResolve is set but
      no virtual addresses are available. Fixes bug 2328; bugfix on
      0.1.2.1-alpha. Bug found by doorss.
    - Correctly handle wrapping around when we run out of virtual
      address space. Found by cypherpunks; bugfix on 0.2.0.5-alpha.

  o Minor features, also included in 0.2.1.29:
    - Update to the January 1 2011 Maxmind GeoLite Country database.
    - Introduce output size checks on all of our decryption functions.

  o Build changes, also included in 0.2.1.29:
    - Tor does not build packages correctly with Automake 1.6 and earlier;
      added a check to Makefile.am to make sure that we're building with
      Automake 1.7 or later.
    - The 0.2.1.28 tarball was missing src/common/OpenBSD_malloc_Linux.c
      because we built it with a too-old version of automake. Thus that
      release broke ./configure --enable-openbsd-malloc, which is popular
      among really fast exit relays on Linux.

  o Major bugfixes, new in 0.2.2.21-alpha:
    - Prevent crash/heap corruption when the cbtnummodes consensus
      parameter is set to 0 or large values. Fixes bug 2317; bugfix
      on 0.2.2.14-alpha.

  o Major features, new in 0.2.2.21-alpha:
    - Introduce minimum/maximum values that clients will believe
      from the consensus. Now we'll have a better chance to avoid crashes
      or worse when a consensus param has a weird value.

  o Minor features, new in 0.2.2.21-alpha:
    - Make sure to disable DirPort if running as a bridge. DirPorts aren't
      used on bridges, and it makes bridge scanning somewhat easier.
    - If writing the state file to disk fails, wait up to an hour before
      retrying again, rather than trying again each second. Fixes bug
      2346; bugfix on Tor 0.1.1.3-alpha.
    - Make Libevent log messages get delivered to controllers later,
      and not from inside the Libevent log handler. This prevents unsafe
      reentrant Libevent calls while still letting the log messages
      get through.
    - Detect platforms that brokenly use a signed size_t, and refuse to
      build there. Found and analyzed by doorss and rransom.
    - Fix a bunch of compile warnings revealed by mingw with gcc 4.5.
      Resolves bug 2314.

  o Minor bugfixes, new in 0.2.2.21-alpha:
    - Handle SOCKS messages longer than 128 bytes long correctly, rather
      than waiting forever for them to finish. Fixes bug 2330; bugfix
      on 0.2.0.16-alpha. Found by doorss.
    - Add assertions to check for overflow in arguments to
      base32_encode() and base32_decode(); fix a signed-unsigned
      comparison there too. These bugs are not actually reachable in Tor,
      but it's good to prevent future errors too. Found by doorss.
    - Correctly detect failures to create DNS requests when using Libevent
      versions before v2. (Before Libevent 2, we used our own evdns
      implementation. Its return values for Libevent's evdns_resolve_*()
      functions are not consistent with those from Libevent.) Fixes bug
      2363; bugfix on 0.2.2.6-alpha. Found by "lodger".

  o Documentation, new in 0.2.2.21-alpha:
    - Document the default socks host and port (127.0.0.1:9050) for
      tor-resolve.


Changes in version 0.2.2.20-alpha - 2010-12-17
  Tor 0.2.2.20-alpha does some code cleanup to reduce the risk of remotely
  exploitable bugs. We also fix a variety of other significant bugs,
  change the IP address for one of our directory authorities, and update
  the minimum version that Tor relays must run to join the network.

  o Major bugfixes:
    - Fix a remotely exploitable bug that could be used to crash instances
      of Tor remotely by overflowing on the heap. Remote-code execution
      hasn't been confirmed, but can't be ruled out. Everyone should
      upgrade. Bugfix on the 0.1.1 series and later.
    - Fix a bug that could break accounting on 64-bit systems with large
      time_t values, making them hibernate for impossibly long intervals.
      Fixes bug 2146. Bugfix on 0.0.9pre6; fix by boboper.
    - Fix a logic error in directory_fetches_from_authorities() that
      would cause all _non_-exits refusing single-hop-like circuits
      to fetch from authorities, when we wanted to have _exits_ fetch
      from authorities. Fixes more of 2097. Bugfix on 0.2.2.16-alpha;
      fix by boboper.
    - Fix a stream fairness bug that would cause newer streams on a given
      circuit to get preference when reading bytes from the origin or
      destination. Fixes bug 2210. Fix by Mashael AlSabah. This bug was
      introduced before the first Tor release, in svn revision r152.

  o Directory authority changes:
    - Change IP address and ports for gabelmoo (v3 directory authority).

  o Minor bugfixes:
    - Avoid crashes when AccountingMax is set on clients. Fixes bug 2235.
      Bugfix on 0.2.2.18-alpha. Diagnosed by boboper.
    - Fix an off-by-one error in calculating some controller command
      argument lengths. Fortunately, this mistake is harmless since
      the controller code does redundant NUL termination too. Found by
      boboper. Bugfix on 0.1.1.1-alpha.
    - Do not dereference NULL if a bridge fails to build its
      extra-info descriptor. Found by an anonymous commenter on
      Trac. Bugfix on 0.2.2.19-alpha.

  o Minor features:
    - Update to the December 1 2010 Maxmind GeoLite Country database.
    - Directory authorities now reject relays running any versions of
      Tor between 0.2.1.3-alpha and 0.2.1.18 inclusive; they have
      known bugs that keep RELAY_EARLY cells from working on rendezvous
      circuits. Followup to fix for bug 2081.
    - Directory authorities now reject relays running any version of Tor
      older than 0.2.0.26-rc. That version is the earliest that fetches
      current directory information correctly. Fixes bug 2156.
    - Report only the top 10 ports in exit-port stats in order not to
      exceed the maximum extra-info descriptor length of 50 KB. Implements
      task 2196.


To generate a diff of this commit:
cvs -z3 rdiff -u -r1.26 -r1.27 wip/tor-dev/distinfo
cvs -z3 rdiff -u -r1.35 -r1.36 wip/tor-dev/Makefile

To view a diff of this commit:
http://pkgsrc-wip.cvs.sourceforge.net/pkgsrc-wip/wip/tor-dev/distinfo?r1=1.26&r2=1.27
http://pkgsrc-wip.cvs.sourceforge.net/pkgsrc-wip/wip/tor-dev/Makefile?r1=1.35&r2=1.36

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
pkgsrc-wip-cvs mailing list
pkgsrc-wip-cvs%lists.sourceforge.net@localhost
https://lists.sourceforge.net/lists/listinfo/pkgsrc-wip-cvs
Prev by Date: CVS commit: wip/sks
Next by Date: CVS commit: wip/fasm
Previous by Thread: CVS commit: wip/tor-dev
Next by Thread: CVS commit: wip/tor-dev
Indexes:
Home | Main Index | Thread Index | Old Index