|
|
|
@ -1,17 +1,25 @@
|
|
|
|
|
Changes in version 0.2.2.21-alpha - 2011-01-15
|
|
|
|
|
o Major bugfixes (security):
|
|
|
|
|
Tor 0.2.2.21-alpha includes all the patches from Tor 0.2.1.29, which
|
|
|
|
|
continues our recent code security audit work. The main fix resolves
|
|
|
|
|
a remote heap overflow vulnerability that can allow remote code
|
|
|
|
|
execution (CVE-2011-0427). Other fixes address a variety of assert
|
|
|
|
|
and crash bugs, most of which we think are hard to exploit remotely.
|
|
|
|
|
|
|
|
|
|
o Major bugfixes (security), also included in 0.2.1.29:
|
|
|
|
|
- Fix a heap overflow bug where an adversary could cause heap
|
|
|
|
|
corruption. This bug probably allows remote code execution
|
|
|
|
|
attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on
|
|
|
|
|
0.1.2.10-rc.
|
|
|
|
|
- Prevent a denial-of-service attack by disallowing any
|
|
|
|
|
zlib-compressed data whose compression factor is implausibly
|
|
|
|
|
high. Fixes part of bug 2324; reported by "doors".
|
|
|
|
|
- Zero out a few more keys in memory before freeing them. Fixes bug
|
|
|
|
|
2384 and part of bug 2385. These key instances found by
|
|
|
|
|
"cypherpunks". Bugfix on 0.0.2pre9.
|
|
|
|
|
high. Fixes part of bug 2324; reported by "doorss".
|
|
|
|
|
- Zero out a few more keys in memory before freeing them. Fixes
|
|
|
|
|
bug 2384 and part of bug 2385. These key instances found by
|
|
|
|
|
"cypherpunks", based on Andrew Case's report about being able
|
|
|
|
|
to find sensitive data in Tor's memory space if you have enough
|
|
|
|
|
permissions. Bugfix on 0.0.2pre9.
|
|
|
|
|
|
|
|
|
|
o Major bugfixes (crashes):
|
|
|
|
|
o Major bugfixes (crashes), also included in 0.2.1.29:
|
|
|
|
|
- Prevent calls to Libevent from inside Libevent log handlers.
|
|
|
|
|
This had potential to cause a nasty set of crashes, especially
|
|
|
|
|
if running Libevent with debug logging enabled, and running
|
|
|
|
@ -21,13 +29,13 @@ Changes in version 0.2.2.21-alpha - 2011-01-15
|
|
|
|
|
underflow errors there too. Fixes the other part of bug 2324.
|
|
|
|
|
- Fix a bug where we would assert if we ever had a
|
|
|
|
|
cached-descriptors.new file (or another file read directly into
|
|
|
|
|
memory) of exactly SIZE_T_CEILING bytes. Found by doors; fixes
|
|
|
|
|
bug 2326; bugfix on 0.2.1.25.
|
|
|
|
|
memory) of exactly SIZE_T_CEILING bytes. Fixes bug 2326; bugfix
|
|
|
|
|
on 0.2.1.25. Found by doorss.
|
|
|
|
|
- Fix some potential asserts and parsing issues with grossly
|
|
|
|
|
malformed router caches. Fixes bug 2352. Found by doorss. Bugfix
|
|
|
|
|
on Tor 0.2.1.27.
|
|
|
|
|
malformed router caches. Fixes bug 2352; bugfix on Tor 0.2.1.27.
|
|
|
|
|
Found by doorss.
|
|
|
|
|
|
|
|
|
|
o Minor bugfixes (other):
|
|
|
|
|
o Minor bugfixes (other), also included in 0.2.1.29:
|
|
|
|
|
- Fix a bug with handling misformed replies to reverse DNS lookup
|
|
|
|
|
requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a
|
|
|
|
|
bug reported by doorss.
|
|
|
|
@ -37,8 +45,8 @@ Changes in version 0.2.2.21-alpha - 2011-01-15
|
|
|
|
|
- Fix a bug where we would declare that we had run out of virtual
|
|
|
|
|
addresses when the address space was only half-exhausted. Bugfix
|
|
|
|
|
on 0.1.2.1-alpha.
|
|
|
|
|
- Correctly handle the case where AutomapHostsOnResolve is set but no
|
|
|
|
|
virtual addresses are available. Fixes bug2328, bugfix on
|
|
|
|
|
- Correctly handle the case where AutomapHostsOnResolve is set but
|
|
|
|
|
no virtual addresses are available. Fixes bug 2328; bugfix on
|
|
|
|
|
0.1.2.1-alpha. Bug found by doorss.
|
|
|
|
|
- Correctly handle wrapping around to when we run out of virtual
|
|
|
|
|
address space. Found by cypherpunks, bugfix on 0.2.0.5-alpha.
|
|
|
|
@ -47,20 +55,47 @@ Changes in version 0.2.2.21-alpha - 2011-01-15
|
|
|
|
|
release broke ./configure --enable-openbsd-malloc, which is popular
|
|
|
|
|
among really fast exit relays on Linux.
|
|
|
|
|
|
|
|
|
|
o Minor features:
|
|
|
|
|
o Minor features, also included in 0.2.1.29:
|
|
|
|
|
- Update to the January 1 2011 Maxmind GeoLite Country database.
|
|
|
|
|
- Introduce output size checks on all of our decryption functions.
|
|
|
|
|
|
|
|
|
|
o Build changes:
|
|
|
|
|
o Build changes, also included in 0.2.1.29:
|
|
|
|
|
- Tor does not build packages correctly with Automake 1.6 and earlier;
|
|
|
|
|
added a check to Makefile.am to make sure that we're building with
|
|
|
|
|
Automake 1.7 or later.
|
|
|
|
|
|
|
|
|
|
o Minor bugfixes
|
|
|
|
|
- Make Libevent log messages get delievered to controllers later,
|
|
|
|
|
and not from inside the Libevent log handler. This prevents
|
|
|
|
|
unsafe reentrant Libevent calls while still letting the log
|
|
|
|
|
messages get through.
|
|
|
|
|
o Minor features, new in 0.2.2.21-alpha:
|
|
|
|
|
- Make sure to disable DirPort if running as a bridge. DirPorts aren't
|
|
|
|
|
used on bridges, and it makes bridge scanning somewhat easier.
|
|
|
|
|
- If writing the state file to disk fails, wait up to an hour before
|
|
|
|
|
retrying again, rather than trying again each second. Fixes bug
|
|
|
|
|
2346; bugfix on Tor 0.1.1.3-alpha.
|
|
|
|
|
- Make Libevent log messages get delivered to controllers later,
|
|
|
|
|
and not from inside the Libevent log handler. This prevents unsafe
|
|
|
|
|
reentrant Libevent calls while still letting the log messages
|
|
|
|
|
get through.
|
|
|
|
|
- Detect platforms that brokenly use a signed size_t, and refuse to
|
|
|
|
|
build there. Found and analyzed by doorss and rransom.
|
|
|
|
|
- Fix a bunch of compile warnings revealed by mingw with gcc 4.5.
|
|
|
|
|
Resolves bug 2314.
|
|
|
|
|
|
|
|
|
|
o Minor bugfixes, new in 0.2.2.21-alpha:
|
|
|
|
|
- Handle SOCKS messages longer than 128 bytes long correctly, rather
|
|
|
|
|
than waiting forever for them to finish. Fixes bug 2330; bugfix
|
|
|
|
|
on 0.2.0.16-alpha. Found by doorss.
|
|
|
|
|
- Add assertions to check for overflow in arguments to
|
|
|
|
|
base32_encode() and base32_decode(); fix a signed-unsigned
|
|
|
|
|
comparison there too. These bugs are not actually reachable in Tor,
|
|
|
|
|
but it's good to prevent future errors too. Found by doorss.
|
|
|
|
|
- Correctly detect failures to create DNS requests when using Libevent
|
|
|
|
|
versions before v2. (Before Libevent 2, we used our own evdns
|
|
|
|
|
implementation. Its return values for Libevent's evdns_resolve_*()
|
|
|
|
|
functions are not consistent with those from Libevent.) Fixes bug
|
|
|
|
|
2363; bugfix on 0.2.2.6-alpha. Found by "lodger".
|
|
|
|
|
|
|
|
|
|
o Documentation, new in 0.2.2.21-alpha:
|
|
|
|
|
- Document the default socks host and port (127.0.0.1:9050) for
|
|
|
|
|
tor-resolve.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Changes in version 0.2.2.20-alpha - 2010-12-17
|
|
|
|
|