fold in changes entries

This commit is contained in:
Roger Dingledine 2011-10-26 20:31:49 -04:00
parent 2dec6597af
commit 0eaebebffa
3 changed files with 26 additions and 38 deletions

View File

@ -1,4 +1,4 @@
Changes in version 0.2.3.6-alpha - 2011-10-??
Changes in version 0.2.3.6-alpha - 2011-10-26
o Major features:
- Implement a new handshake protocol (v3) for authenticating Tors to
each other over TLS. It should be more resistant to fingerprinting
@ -7,6 +7,26 @@ Changes in version 0.2.3.6-alpha - 2011-10-??
- Allow variable-length padding cells to disguise the length of
Tor's TLS records. Implements part of proposal 184.
o Privacy/anonymity fixes (clients):
- Clients and bridges no longer send TLS certificate chains on
outgoing OR connections. Previously, each client or bridge
would use the same cert chain for all outgoing OR connections
for up to 24 hours, which allowed any relay that the client or
bridge contacted to determine which entry guards it is using.
Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
- If a relay receives a CREATE_FAST cell on a TLS connection, it
no longer considers that connection as suitable for satisfying a
circuit EXTEND request. Now relays can protect clients from the
CVE-2011-2768 issue even if the clients haven't upgraded yet.
- Directory authorities no longer assign the Guard flag to relays
that haven't upgraded to the above "refuse EXTEND requests
to client connections" fix. Now directory authorities can
protect clients from the CVE-2011-2768 issue even if neither
the clients nor the relays have upgraded yet. There's a new
"GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays" config option
to let us transition smoothly, else tomorrow there would be no
guard relays.
o Major bugfixes (hidden services):
- Improve hidden service robustness: when an attempt to connect to
a hidden service ends, be willing to refetch its hidden service
@ -29,6 +49,11 @@ Changes in version 0.2.3.6-alpha - 2011-10-??
found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug 4212.
o Major bugfixes (other):
- Bridges now refuse CREATE or CREATE_FAST cells on OR connections
that they initiated. Relays could distinguish incoming bridge
connections from client connections, creating another avenue for
enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
Found by "frosty_un".
- Don't update the AccountingSoftLimitHitAt state file entry whenever
tor gets started. This prevents a wrong average bandwidth
estimate, which would cause relays to always start a new accounting

View File

@ -1,28 +0,0 @@
o Security fixes:
- Don't send TLS certificate chains on outgoing OR connections
from clients and bridges. Previously, each client or bridge
would use a single cert chain for all outgoing OR connections
for up to 24 hours, which allowed any relay connected to by a
client or bridge to determine which entry guards it is using.
This is a potential user-tracing bug for *all* users; everyone
who uses Tor's client or hidden service functionality should
upgrade. Fixes CVE-2011-2768. Bugfix on FIXME; found by
frosty_un.
- Don't use any OR connection on which we have received a
CREATE_FAST cell to satisfy an EXTEND request. Previously, we
would not consider whether a connection appears to be from a
client or bridge when deciding whether to use that connection to
satisfy an EXTEND request. Mitigates CVE-2011-2768, by
preventing an attacker from determining whether an unpatched
client is connected to a patched relay. Bugfix on FIXME; found
by frosty_un.
- Don't assign the Guard flag to relays running a version of Tor
which would use an OR connection on which it has received a
CREATE_FAST cell to satisfy an EXTEND request. Mitigates
CVE-2011-2768, by ensuring that clients will not connect
directly to any relay which an attacker could probe for an
unpatched client's connections.

View File

@ -1,9 +0,0 @@
o Security fixes:
- Reject CREATE and CREATE_FAST cells on outgoing OR connections
from a bridge to a relay. Previously, we would accept them and
handle them normally, thereby allowing a malicious relay to
easily distinguish bridges which connect to it from clients.
Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha, when bridges were
implemented; found by frosty_un.