r19723@catbus: nickm | 2008-05-13 08:41:40 -0400

Bump version and update authority keys affected by Debian OpenSSL bug (See CVE-2008-0166 or http://lists.debian.org/debian-security-announce/2008/msg00152.html ) svn:r14600
2008-05-13 12:42:25 +00:00 · 2008-05-13 12:42:25 +00:00 · 9b87cfbdf8
parent 0fa5a9de05
commit 9b87cfbdf8
5 changed files with 19 additions and 8 deletions
--- a/15
+++ b/15
@ -1,7 +1,18 @@
-Changes in version 0.2.0.26-rc - 2008-05-??
+Changes in version 0.2.0.26-rc - 2008-05-13
+  Tor 0.2.0.26-rc fixes a major security vulnerability caused by a bug
+  in Debian's OpenSSL packages.  All users running any 0.2.0.x version
+  should upgrade, whether they're running Debian or not.
+
+  o Major security fixes:
+    - Use new V3 directory authority keys on the Tor26, Gabelmoo, and
+      Moria1 V3 directory authorities.  The old keys were generated with
+      a vulnerable version of Debian's OpenSSL package, and must be
+      considered compromised.  Other authorities' keys were not
+      generated with an affected version of OpenSSL.
+
  o Major bugfixes:
    - List authority signatures as "unrecognized" based on DirServer lines,
-      not on cert cache.
+      not on cert cache.  Bugfix on 0.2.0.x.

  o Minor features:
    - Add a new V3AuthUseLegacyKey option to make it easier for authorities
--- a/configure.in
+++ b/configure.in
@ -5,7 +5,7 @@ dnl Copyright (c) 2007-2008, The Tor Project, Inc.
 dnl See LICENSE for licensing information

 AC_INIT
-AM_INIT_AUTOMAKE(tor, 0.2.0.25-rc-dev)
+AM_INIT_AUTOMAKE(tor, 0.2.0.26-rc)
 AM_CONFIG_HEADER(orconfig.h)

 AC_CANONICAL_HOST
--- a/contrib/tor-mingw.nsi.in
+++ b/contrib/tor-mingw.nsi.in
@ -9,7 +9,7 @@
 !include "FileFunc.nsh"
 !insertmacro GetParameters
  
-!define VERSION "0.2.0.25-rc-dev"
+!define VERSION "0.2.0.26-rc"
 !define INSTALLER "tor-${VERSION}-win32.exe"
 !define WEBSITE "https://www.torproject.org/"
 !define LICENSE "LICENSE"
--- a/src/or/config.c
+++ b/src/or/config.c
@ -823,11 +823,11 @@ add_default_trusted_dir_authorities(authority_type_t type)
 {
  int i;
  const char *dirservers[] = {
-    "moria1 v1 orport=9001 v3ident=5420FD8EA46BD4290F1D07A1883C9D85ECC486C4 "
+    "moria1 v1 orport=9001 v3ident=E2A2AF570166665D738736D0DD58169CC61D8A8B "
      "128.31.0.34:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441",
    "moria2 v1 orport=9002 128.31.0.34:9032 "
      "719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF",
-    "tor26 v1 orport=443 v3ident=A9AC67E64B200BBF2FA26DF194AC0469E2A948C6 "
+    "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
      "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
    "lefkada orport=443 "
      "140.247.60.64:80 38D4 F5FC F7B1 0232 28B8 95EA 56ED E7D5 CCDC AF32",
@ -838,7 +838,7 @@ add_default_trusted_dir_authorities(authority_type_t type)
    "ides orport=9090 no-v2 v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "
      "216.224.124.114:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
    "gabelmoo orport=443 no-v2 "
-      "v3ident=EAA879B5C75032E462CB018630D2D0DF46EBA606 "
+      "v3ident=81349FC1F2DBA2C2C11B45CB9706637D480AB913 "
      "88.198.7.215:80 6833 3D07 61BC F397 A587 A0C0 B963 E4A9 E99E C4D3",
    "dannenberg orport=443 no-v2 "
      "v3ident=585769C78764D58426B8B52B6651A5A71137189A "
--- a/src/win32/orconfig.h
+++ b/src/win32/orconfig.h
@ -227,6 +227,6 @@
 #define USING_TWOS_COMPLEMENT

 /* Version number of package */
-#define VERSION "0.2.0.25-rc-dev"
+#define VERSION "0.2.0.26-rc"