2012-06-08 Advanced Onion Router 0.3.0.9
- [tor-0.2.2.35] Change IP address for maatuska (v3 directory authority).
- [tor-0.2.2.35] Change IP address for ides (v3 directory authority), and rename it to turtles.
- [tor-0.2.2.35] When building or running with any version of OpenSSL earlier than 0.9.8s or 1.0.0f, disable SSLv3 support. These OpenSSL versions have a bug (CVE-2011-4576) in which their block cipher padding includes uninitialized data, potentially leaking sensitive information to any peer with whom they make a SSLv3 connection. Tor does not use SSL v3 by default, but a hostile client or server could force an SSLv3 connection in order to gain information that they shouldn't have been able to get. The best solution here is to upgrade to OpenSSL 0.9.8s or 1.0.0f (or later). But when building or running with a non-upgraded OpenSSL, we disable SSLv3 entirely to make sure that the bug can't happen.
- [tor-0.2.2.35] Never use a bridge or a controller-supplied node as an exit, even if its exit policy allows it. Found by wanoskarnet. Fixes bug 5342. Bugfix on 0.1.1.15-rc (for controller-purpose descriptors) and 0.2.0.3-alpha (for bridge-purpose descriptors).
- [tor-0.2.2.35] Only build circuits if we have a sufficient threshold of the total descriptors that are marked in the consensus with the "Exit" flag. This mitigates an attack proposed by wanoskarnet, in which all of a client's bridges collude to restrict the exit nodes that the client knows about. Fixes bug 5343.
- [tor-0.2.2.35] Provide controllers with a safer way to implement the cookie authentication mechanism. With the old method, if another locally running program could convince a controller that it was the Tor process, then that program could trick the contoller into telling it the contents of an arbitrary 32-byte file. The new "SAFECOOKIE" authentication method uses a challenge-response approach to prevent this attack. Fixes bug 5185; implements proposal 193.
- [tor-0.2.2.35] Avoid logging uninitialized data when unable to decode a hidden service descriptor cookie. Fixes bug 5647; bugfix on 0.2.1.5-alpha.
- [tor-0.2.2.35] Avoid a client-side assertion failure when receiving an INTRODUCE2 cell on a general purpose circuit. Fixes bug 5644; bugfix on 0.2.1.6-alpha.
- [tor-0.2.2.35] Fix the SOCKET_OK test that we use to tell when socket creation fails so that it works on Win64. Fixes part of bug 4533; bugfix on 0.2.2.29-beta. Bug found by wanoskarnet.
- [tor-0.2.2.35] Reject out-of-range times like 23:59:61 in parse_rfc1123_time(). Fixes bug 5346; bugfix on 0.0.8pre3.
- [tor-0.2.2.35] Make our number-parsing functions always treat too-large values as an error, even when those values exceed the width of the underlying type. Previously, if the caller provided these functions with minima or maxima set to the extreme values of the underlying integer type, these functions would return those values on overflow rather than treating overflow as an error. Fixes part of bug 5786; bugfix on 0.0.9.
- [tor-0.2.2.35] Correct parsing of certain date types in parse_http_time(). Without this patch, If-Modified-Since would behave incorrectly. Fixes bug 5346; bugfix on 0.2.0.2-alpha. Patch from Esteban Manchado Velazques.
- [tor-0.2.2.35] Change the BridgePassword feature (part of the "bridge community" design, which is not yet implemented) to use a time-independent comparison. The old behavior might have allowed an adversary to use timing to guess the BridgePassword value. Fixes bug 5543; bugfix on 0.2.0.14-alpha.
- [tor-0.2.2.35] Detect and reject certain misformed escape sequences in configuration values. Previously, these values would cause us to crash if received in a torrc file or over an authenticated control port. Bug found by Esteban Manchado Velazquez, and independently by Robert Connolly from Matta Consulting who further noted that it allows a post-authentication heap overflow. Patch by Alexander Schrijver. Fixes bugs 5090 and 5402 (CVE 2012-1668); bugfix on 0.2.0.16-alpha.
- [tor-0.2.2.35] When sending an HTTP/1.1 proxy request, include a Host header. Fixes bug 5593; bugfix on 0.2.2.1-alpha.
- [tor-0.2.2.35] Fix a NULL-pointer dereference on a badly formed SETCIRCUITPURPOSE command. Found by mikeyc. Fixes bug 5796; bugfix on 0.2.2.9-alpha.
- [tor-0.2.2.35] If we hit the error case where routerlist_insert() replaces an existing (old) server descriptor, make sure to remove that server descriptor from the old_routers list. Fix related to bug 1776. Bugfix on 0.2.2.18-alpha.
- [tor-0.2.2.35] Directory authorities now reject versions of Tor older than 0.2.1.30, and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha inclusive. These versions accounted for only a small fraction of the Tor network, and have numerous known security issues. Resolves issue 4788.
- [tor-0.2.2.35] Feature removal: When sending or relaying a RELAY_EARLY cell, we used to convert it to a RELAY cell if the connection was using the v1 link protocol. This was a workaround for older versions of Tor, which didn't handle RELAY_EARLY cells properly. Now that all supported versions can handle RELAY_EARLY cells, and now that we're enforcing the "no RELAY_EXTEND commands except in RELAY_EARLY cells" rule, remove this workaround. Addresses bug 4786.
- geoip_c.h was updated with GeoIPCountryWhois.csv released on June 6th
- updated language strings: 3085, 3086, 3205, 3206, 3207, 3208
2012-06-05 Advanced Onion Router 0.3.0.8c
- corrected: tor_malloc() and tor_free() now require ownership of a critical section object (they are mutually exclusive; thanks to anonymous for reporting this problem on sf.net)
- corrected: certain cookie lenghts could had caused the parser to enter an infinite loop (thanks to anonymous for reporting this error on sf.net)
- updated language strings: 1248
2012-06-01 Advanced Onion Router 0.3.0.8b
- corrected: APPEND_STRING() used a maximum buffer size lower than MAX_HTTP_HEADERS causing some User-Agent strings to be filtered out if the total size of the adjusted headers exceeded 1024 bytes
- corrected: buffer size was not adjusted when appending accepted encodings (thanks to anonymous for reporting this error on sf.net)
- the crash notification message box shows application name and version (requested by Adem0x on sf.net)
- if AdvOR is started from a read-only location or file creation fails when writing a crash report, a file save dialog will ask for another location for AdvOR-crash.txt (requested by Adem0x on sf.net)
- to ease error reporting, the crash report will only have information about overwritten sentinels instead of having information about all allocated memory
2012-05-27 Advanced Onion Router 0.3.0.8a
- corrected: the buffer allocated for socks requests was not initialized when calling AdvOR.dll (thanks to anonymous for reporting this error on sf.net)
2012-05-25 Advanced Onion Router 0.3.0.8
- corrected: a wrong timestamp verification prevented new introduction circuits from being built when accessing hidden services
- corrected: when calculating circuit build times, time() was used instead of get_time()
- address lengths in proxy requests are no longer limited to 256 bytes
- the list with directory authorities is no longer limited to 65536 bytes
- the list with banned hosts is no longer limited to 65536 bytes
- address policies are stored as a hash table instead of keeping the hash table separately
- all memory allocations are handled by tor_malloc() and tor_free() which checks for buffer overflows when freeing allocated memory
- all assertion failures are handled by tor_assert() which allows a crash report to be saved
- the exception handler can also save a list with all buffers allocated by tor_malloc()
2012-05-07 Advanced Onion Router 0.3.0.7g
- updated libraries: libevent-2.0.19-stable, openssl-1.0.1b
- geoip_c.h was updated with GeoIPCountryWhois.csv released on May 1st
2012-04-29 Advanced Onion Router 0.3.0.7f
- chunk sizes and content lengths are now 64-bit; AdvOR now supports downloading/uploading files larger than 2 GB
- added more verifications for negative chunk sizes and content lengths
2012-04-29 Advanced Onion Router 0.3.0.7e
- corrected: integer overflow when parsing an invalid chunk size in server data (thanks to connor011 for reporting this error)
- updated language strings: 3204
2012-04-28 Advanced Onion Router 0.3.0.7d
- corrected: integer overflow when parsing an invalid chunk size received from client (thanks to connor011 for reporting this error)
- updated language strings: 3203
2012-04-27 Advanced Onion Router 0.3.0.7c
- corrected: possible buffer overflow when writing cookies
- if StackWalk64() is available, it will be used instead of StackWalk() when saving crash reports
2012-04-22 Advanced Onion Router 0.3.0.7b
- added an exception handler that can save a full stack backtrace to help reporting crashes (seh.c)
- new command line parameter: --no-seh which disables the built-in exception handler
- geoip_c.h was updated with GeoIPCountryWhois.csv released on April 3rd
- updated language strings: 46
2012-02-20 Advanced Onion Router 0.3.0.7a
- corrected: timeradd() and timersub() used wrong operands for updating microseconds (bugfix for AdvOR and Tor, all versions)
- corrected: buffer overflow when loading language files for plugins (thanks to Re4 for reporting this error and for sharing test language files that helped reproducing this error)
- geoip_c.h was updated with GeoIPCountryWhois.csv released on February 2nd
2011-12-20 Advanced Onion Router 0.3.0.7
- corrected a change from version 0.3.0.6 in tor_addr_port_parse() that caused it to return errors when parsing proxy IP addresses (thanks to anonymous11 for reporting this error)
- improved the search algorithm for addresses that are added to the context menus related to strings selected in the "Debug" window
- all router selection dialogs will show bandwidth capacities instead of bandwidth rates for routers that are not banned
- the lists with favorite routers and with banned routers are no longer limited to 65536 characters
- added instructions for using TorChat with AdvOR and configuration samples to AdvOR\Help\TorChat (readme.txt, AdvOR.ini and torrc.txt).
2011-12-17 Advanced Onion Router 0.3.0.6
- [tor-0.2.2.35] (this change was not applied because AdvOR already had a better fix since 0.3.0.4b) Fix a heap overflow bug that could occur when trying to pull data into the first chunk of a buffer, when that chunk had already had some data drained from it. Fixes CVE-2011-2778; bugfix on 0.2.0.16-alpha. Reported by "Vektor".
- [tor-0.2.2.35] Initialize Libevent with the EVENT_BASE_FLAG_NOLOCK flag enabled, so that it doesn't attempt to allocate a socketpair. This could cause some problems on Windows systems with overzealous firewalls. Fix for bug 4457; workaround for Libevent versions 2.0.1-alpha through 2.0.15-stable.
- [tor-0.2.2.35] If we mark an OR connection for close based on a cell we process, don't process any further cells on it. We already avoid further reads on marked-for-close connections, but now we also discard the cells we'd already read. Fixes bug 4299; bugfix on 0.2.0.10-alpha, which was the first version where we might mark a connection for close based on processing a cell on it.
- [tor-0.2.2.35] Correctly sanity-check that we don't underflow on a memory allocation (and then assert) for hidden service introduction point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410; bugfix on 0.2.1.5-alpha.
- [tor-0.2.2.35] Fix a memory leak when we check whether a hidden service descriptor has any usable introduction points left. Fixes bug 4424. Bugfix on 0.2.2.25-alpha.
- [tor-0.2.2.35] Detect failure to initialize Libevent. This fix provides better detection for future instances of bug 4457.
- [tor-0.2.2.35] Avoid frequent calls to the fairly expensive cull_wedged_cpuworkers function. This was eating up hideously large amounts of time on some busy servers. Fixes bug 4518; bugfix on 0.0.9.8.
- [tor-0.2.2.35] Resolve an integer overflow bug in smartlist_ensure_capacity(). Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by Mansour Moufid.
- [tor-0.2.2.35] When configuring, starting, or stopping an NT service, stop immediately after the service configuration attempt has succeeded or failed. Fixes bug 3963; bugfix on 0.2.0.7-alpha.
- [tor-0.2.2.35] When sending a NETINFO cell, include the original address received for the other side, not its canonical address. Found by "troll_un"; fixes bug 4349; bugfix on 0.2.0.10-alpha.
- [tor-0.2.2.35] Fix a memory leak in launch_direct_bridge_descriptor_fetch() that occurred when a client tried to fetch a descriptor for a bridge in ExcludeNodes. Fixes bug 4383; bugfix on 0.2.2.25-alpha.
- [tor-0.2.2.35] If we had ever tried to call tor_addr_to_str on an address of unknown type, we would have done a strdup on an uninitialized buffer. Now we won't. Fixes bug 4529; bugfix on 0.2.1.3-alpha. Reported by "troll_un".
- [tor-0.2.2.35] Correctly detect and handle transient lookup failures from tor_addr_lookup. Fixes bug 4530; bugfix on 0.2.1.5-alpha. Reported by "troll_un".
- [tor-0.2.2.35] Fix null-pointer access that could occur if TLS allocation failed. Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un".
- [tor-0.2.2.35] Use tor_socket_t type for listener argument to accept(). Fixes bug 4535; bugfix on 0.2.2.28-beta. Found by "troll_un".
- [tor-0.2.2.35] Add two new config options for directory authorities: AuthDirFastGuarantee sets a bandwidth threshold for guaranteeing the Fast flag, and AuthDirGuardBWGuarantee sets a bandwidth threshold that is always sufficient to satisfy the bandwidth requirement for the Guard flag. Now it will be easier for researchers to simulate Tor networks with different values. Resolves ticket 4484.
- corrected: the OR port was set while initializing keys (thanks to DavidWakelin for reporting this error)
- updated language strings: 3201, 3202
»» Нажмите, для закрытия спойлера | Press to close the spoiler ««