[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/release-0.3.0] Changelog for 0.3.0.13



commit b734f871b75b2161c51b23c6fb0c39384d75c93b
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Thu Nov 30 15:10:36 2017 -0500

    Changelog for 0.3.0.13
---
 ChangeLog                    | 100 +++++++++++++++++++++++++++++++++++++++++++
 changes/bastet_v6            |   4 --
 changes/bug18329-minimal     |   6 ---
 changes/bug21394             |   9 ----
 changes/bug23291             |   3 --
 changes/bug23470             |   6 ---
 changes/bug23693             |   6 ---
 changes/bug24313             |   5 ---
 changes/bug8185_025          |   6 ---
 changes/geoip-2017-11-06     |   4 --
 changes/ticket21953          |   6 ---
 changes/ticket22895          |   3 --
 changes/trove-2017-009       |  10 -----
 changes/trove-2017-010       |   6 ---
 changes/trove-2017-011       |   8 ----
 changes/trove-2017-012-part1 |   6 ---
 changes/trove-2017-012-part2 |   5 ---
 17 files changed, 100 insertions(+), 93 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 2e0c72052..ddafd89fa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,103 @@
+Changes in version 0.3.0.13 - 2017-12-01
+  Tor 0.3.0.13 backports important security and stability bugfixes from
+  later Tor releases. All Tor users should upgrade to this release, or
+  to another of the releases coming out today.
+
+  o Major bugfixes (security, backport from 0.3.2.6-alpha):
+    - Fix a denial of service bug where an attacker could use a
+      malformed directory object to cause a Tor instance to pause while
+      OpenSSL would try to read a passphrase from the terminal. (Tor
+      instances run without a terminal, which is the case for most Tor
+      packages, are not impacted.) Fixes bug 24246; bugfix on every
+      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
+      Found by OSS-Fuzz as testcase 6360145429790720.
+    - Fix a denial of service issue where an attacker could crash a
+      directory authority using a malformed router descriptor. Fixes bug
+      24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
+      and CVE-2017-8820.
+    - When checking for replays in the INTRODUCE1 cell data for a
+      (legacy) onion service, correctly detect replays in the RSA-
+      encrypted part of the cell. We were previously checking for
+      replays on the entire cell, but those can be circumvented due to
+      the malleability of Tor's legacy hybrid encryption. This fix helps
+      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
+      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
+      and CVE-2017-8819.
+
+  o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
+    - Fix a use-after-free error that could crash v2 Tor onion services
+      when they failed to open circuits while expiring introduction
+      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
+      also tracked as TROVE-2017-013 and CVE-2017-8823.
+
+  o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
+    - When running as a relay, make sure that we never build a path
+      through ourselves, even in the case where we have somehow lost the
+      version of our descriptor appearing in the consensus. Fixes part
+      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
+      as TROVE-2017-012 and CVE-2017-8822.
+    - When running as a relay, make sure that we never choose ourselves
+      as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
+      issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
+
+  o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
+    - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
+      making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
+      0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
+      identifying and finding a workaround to this bug and to Moritz,
+      Arthur Edelstein, and Roger for helping to track it down and
+      analyze it.
+
+  o Minor features (security, windows, backport from 0.3.1.1-alpha):
+    - Enable a couple of pieces of Windows hardening: one
+      (HeapEnableTerminationOnCorruption) that has been on-by-default
+      since Windows 8, and unavailable before Windows 7; and one
+      (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
+      affect us, but shouldn't do any harm. Closes ticket 21953.
+
+  o Minor features (bridge, backport from 0.3.1.9):
+    - Bridges now include notice in their descriptors that they are
+      bridges, and notice of their distribution status, based on their
+      publication settings. Implements ticket 18329. For more fine-
+      grained control of how a bridge is distributed, upgrade to 0.3.2.x
+      or later.
+
+  o Minor features (directory authority, backport from 0.3.2.6-alpha):
+    - Add an IPv6 address for the "bastet" directory authority. Closes
+      ticket 24394.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
+    - Avoid unnecessary calls to directory_fetches_from_authorities() on
+      relays, to prevent spurious address resolutions and descriptor
+      rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
+      bugfix on in 0.2.8.1-alpha.
+
+  o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
+    - Fix unused variable warnings in donna's Curve25519 SSE2 code.
+      Fixes bug 22895; bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
+    - When a circuit is marked for close, do not attempt to package any
+      cells for channels on that circuit. Previously, we would detect
+      this condition lower in the call stack, when we noticed that the
+      circuit had no attached channel, and log an annoying message.
+      Fixes bug 8185; bugfix on 0.2.5.4-alpha.
+
+  o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
+    - Avoid a crash when transitioning from client mode to bridge mode.
+      Previously, we would launch the worker threads whenever our
+      "public server" mode changed, but not when our "server" mode
+      changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
+
+  o Minor bugfixes (testing, backport from 0.3.1.6-rc):
+    - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
+      bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
+
+
 Changes in version 0.3.0.12 - 2017-10-25
   Tor 0.3.0.12 backports a collection of bugfixes from later Tor release
   series, including a bugfix for a crash issue that had affected relays
diff --git a/changes/bastet_v6 b/changes/bastet_v6
deleted file mode 100644
index ee4e2c809..000000000
--- a/changes/bastet_v6
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features (directory authority):
-    - Add an IPv6 address for the "bastet" directory authority.
-      Closes ticket 24394.
-
diff --git a/changes/bug18329-minimal b/changes/bug18329-minimal
deleted file mode 100644
index 804c4e8dd..000000000
--- a/changes/bug18329-minimal
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor features (bridge):
-    - Bridges now include notice in their descriptors that they are bridges,
-      and notice of their distribution status, based on their publication
-      settings.  Implements ticket 18329.  For more fine-grained control of
-      how a bridge is distributed, upgrade to 0.3.2.x or later.
-
diff --git a/changes/bug21394 b/changes/bug21394
deleted file mode 100644
index e5452e20b..000000000
--- a/changes/bug21394
+++ /dev/null
@@ -1,9 +0,0 @@
-  o Major bugfixes (Exit nodes):
-    - Fix an issue causing high-bandwidth exit nodes to fail a majority
-      or all of their DNS requests, making them basically unsuitable for
-      regular usage in Tor circuits. The problem is related to
-      libevent's DNS handling, but we can work around it in Tor. Fixes
-      bugs 21394 and 18580; bugfix on 0.1.2.2-alpha which introduced
-      eventdns. Credit goes to Dhalgren for identifying and finding a
-      workaround to this bug and to gamambel, arthuredelstein and
-      arma in helping to track it down and analyze it.
diff --git a/changes/bug23291 b/changes/bug23291
deleted file mode 100644
index a5b0efda0..000000000
--- a/changes/bug23291
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (testing):
-    - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291; bugfix on
-      0.2.7.2-alpha. Found and patched by Ties Stuij.
diff --git a/changes/bug23470 b/changes/bug23470
deleted file mode 100644
index 33367b3a3..000000000
--- a/changes/bug23470
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor bugfix (relay address resolution):
-    - Avoid unnecessary calls to directory_fetches_from_authorities()
-      on relays. This avoids spurious address resolutions and
-      descriptor rebuilds. This is a mitigation for 21789. The original
-      bug was introduced in commit 35bbf2e as part of prop210.
-      Fixes 23470 in 0.2.8.1-alpha.
diff --git a/changes/bug23693 b/changes/bug23693
deleted file mode 100644
index 796398be5..000000000
--- a/changes/bug23693
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor bugfixes (relay, crash):
-    - Avoid a crash when transitioning from client mode to bridge mode.
-      Previously, we would launch the worker threads whenever our "public
-      server" mode changed, but not when our "server" mode changed.
-      Fixes bug 23693; bugfix on 0.2.6.3-alpha.
-
diff --git a/changes/bug24313 b/changes/bug24313
deleted file mode 100644
index b927ec3ba..000000000
--- a/changes/bug24313
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Major bugfixes (security, hidden service v2):
-    - Fix a use-after-free error that could crash v2 Tor hidden services
-      when it failed to open circuits while expiring introductions
-      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha.  This
-      issue is also tracked as TROVE-2017-013 and CVE-2017-8823.
diff --git a/changes/bug8185_025 b/changes/bug8185_025
deleted file mode 100644
index 1bfc12b1e..000000000
--- a/changes/bug8185_025
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor bugfixes (logging, relay shutdown, annoyance):
-    - When a circuit is marked for close, do not attempt to package any cells
-      for channels on that circuit. Previously, we would detect this
-      condition lower in the call stack, when we noticed that the circuit had
-      no attached channel, and log an annoying message. Fixes bug 8185;
-      bugfix on 0.2.5.4-alpha.
diff --git a/changes/geoip-2017-11-06 b/changes/geoip-2017-11-06
deleted file mode 100644
index f034be900..000000000
--- a/changes/geoip-2017-11-06
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features (geoip):
-    - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
-      Country database.
-
diff --git a/changes/ticket21953 b/changes/ticket21953
deleted file mode 100644
index 7cc84f506..000000000
--- a/changes/ticket21953
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor features:
-    - Enable a couple of pieces of Windows hardening: one
-      (HeapEnableTerminationOnCorruption) that has been on-by-default since
-      Windows 8, and unavailable before Windows 7, and one
-      (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
-      affect us, but shouldn't do any harm. Closes ticket 21953.
diff --git a/changes/ticket22895 b/changes/ticket22895
deleted file mode 100644
index a3f7b8601..000000000
--- a/changes/ticket22895
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Fix unused variable warnings in donna's Curve25519 SSE2 code.
-      Fixes bug 22895; bugfix on 0.2.7.2-alpha.
diff --git a/changes/trove-2017-009 b/changes/trove-2017-009
deleted file mode 100644
index 166a5faec..000000000
--- a/changes/trove-2017-009
+++ /dev/null
@@ -1,10 +0,0 @@
-  o Major bugfixes (security):
-    - When checking for replays in the INTRODUCE1 cell data for a (legacy)
-      hiddden service, correctly detect replays in the RSA-encrypted part of
-      the cell. We were previously checking for replays on the entire cell,
-      but those can be circumvented due to the malleability of Tor's legacy
-      hybrid encryption. This fix helps prevent a traffic confirmation
-      attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also
-      tracked as TROVE-2017-009 and CVE-2017-8819.
-
-
diff --git a/changes/trove-2017-010 b/changes/trove-2017-010
deleted file mode 100644
index d5bf9333d..000000000
--- a/changes/trove-2017-010
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Major bugfixes (security):
-    - Fix a denial-of-service issue where an attacker could crash
-      a directory authority using a malformed router descriptor.
-      Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked
-      as TROVE-2017-010 and CVE-2017-8820.
-
diff --git a/changes/trove-2017-011 b/changes/trove-2017-011
deleted file mode 100644
index 82d20d9e7..000000000
--- a/changes/trove-2017-011
+++ /dev/null
@@ -1,8 +0,0 @@
-  o Major bugfixes (security):
-    - Fix a denial of service bug where an attacker could use a malformed
-      directory object to cause a Tor instance to pause while OpenSSL would
-      try to read a passphrase from the terminal. (If the terminal was not
-      available, tor would continue running.)  Fixes bug 24246; bugfix on
-      every version of Tor.  Also tracked as TROVE-2017-011 and
-      CVE-2017-8821.  Found by OSS-Fuzz as testcase 6360145429790720.
-
diff --git a/changes/trove-2017-012-part1 b/changes/trove-2017-012-part1
deleted file mode 100644
index 9fccc2cf6..000000000
--- a/changes/trove-2017-012-part1
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Major bugfixes (security, relay):
-    - When running as a relay, make sure that we never build a path through
-      ourselves, even in the case where we have somehow lost the version of
-      our descriptor appearing in the consensus. Fixes part of bug 21534;
-      bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012
-      and CVE-2017-8822.
diff --git a/changes/trove-2017-012-part2 b/changes/trove-2017-012-part2
deleted file mode 100644
index ed994c5b0..000000000
--- a/changes/trove-2017-012-part2
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Major bugfixes (security, relay):
-    - When running as a relay, make sure that we never ever choose ourselves
-      as a guard. Previously, this was possible. Fixes part of bug 21534;
-      bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012
-      and CVE-2017-8822.

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits