|
@@ -1,4 +1,4 @@
|
|
|
-Changes in version 0.2.3.6-alpha - 2011-10-??
|
|
|
+Changes in version 0.2.3.6-alpha - 2011-10-26
|
|
|
o Major features:
|
|
|
- Implement a new handshake protocol (v3) for authenticating Tors to
|
|
|
each other over TLS. It should be more resistant to fingerprinting
|
|
@@ -7,6 +7,26 @@ Changes in version 0.2.3.6-alpha - 2011-10-??
|
|
|
- Allow variable-length padding cells to disguise the length of
|
|
|
Tor's TLS records. Implements part of proposal 184.
|
|
|
|
|
|
+ o Privacy/anonymity fixes (clients):
|
|
|
+ - Clients and bridges no longer send TLS certificate chains on
|
|
|
+ outgoing OR connections. Previously, each client or bridge
|
|
|
+ would use the same cert chain for all outgoing OR connections
|
|
|
+ for up to 24 hours, which allowed any relay that the client or
|
|
|
+ bridge contacted to determine which entry guards it is using.
|
|
|
+ Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
|
|
|
+ - If a relay receives a CREATE_FAST cell on a TLS connection, it
|
|
|
+ no longer considers that connection as suitable for satisfying a
|
|
|
+ circuit EXTEND request. Now relays can protect clients from the
|
|
|
+ CVE-2011-2768 issue even if the clients haven't upgraded yet.
|
|
|
+ - Directory authorities no longer assign the Guard flag to relays
|
|
|
+ that haven't upgraded to the above "refuse EXTEND requests
|
|
|
+ to client connections" fix. Now directory authorities can
|
|
|
+ protect clients from the CVE-2011-2768 issue even if neither
|
|
|
+ the clients nor the relays have upgraded yet. There's a new
|
|
|
+ "GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays" config option
|
|
|
+ to let us transition smoothly, else tomorrow there would be no
|
|
|
+ guard relays.
|
|
|
+
|
|
|
o Major bugfixes (hidden services):
|
|
|
- Improve hidden service robustness: when an attempt to connect to
|
|
|
a hidden service ends, be willing to refetch its hidden service
|
|
@@ -29,6 +49,11 @@ Changes in version 0.2.3.6-alpha - 2011-10-??
|
|
|
found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug 4212.
|
|
|
|
|
|
o Major bugfixes (other):
|
|
|
+ - Bridges now refuse CREATE or CREATE_FAST cells on OR connections
|
|
|
+ that they initiated. Relays could distinguish incoming bridge
|
|
|
+ connections from client connections, creating another avenue for
|
|
|
+ enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
|
|
|
+ Found by "frosty_un".
|
|
|
- Don't update the AccountingSoftLimitHitAt state file entry whenever
|
|
|
tor gets started. This prevents a wrong average bandwidth
|
|
|
estimate, which would cause relays to always start a new accounting
|