[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/release-0.2.6] Begin an 0.2.6.11 changelog
commit 9689b939904f33c1d76df0e08d8edc94367e284a
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Thu Feb 23 15:56:27 2017 -0500
Begin an 0.2.6.11 changelog
To build this changelog, I've gone through the entries in
release-0.2.6's changes subdirectory, and looked up the ChangeLog
entry for each. I have not sorted them yet.
---
ChangeLog | 111 ++++++++++++++++++++++++++++++++++++++++++++
changes/19271 | 2 -
changes/bifroest | 3 --
changes/buf-sentinel | 11 -----
changes/bug16248 | 8 ----
changes/bug17404 | 6 ---
changes/bug17772 | 7 ---
changes/bug17781 | 3 --
changes/bug17906 | 4 --
changes/bug18089 | 6 ---
changes/bug18162 | 7 ---
changes/bug18710 | 6 ---
changes/bug20384 | 10 ----
changes/bug21018 | 11 -----
changes/geoip-april2016 | 4 --
changes/geoip-august2016 | 4 --
changes/geoip-december2015 | 4 --
changes/geoip-december2016 | 4 --
changes/geoip-february2016 | 4 --
changes/geoip-february2017 | 4 --
changes/geoip-january2016 | 4 --
changes/geoip-january2017 | 4 --
changes/geoip-july2015 | 3 --
changes/geoip-july2016 | 4 --
changes/geoip-jun2016 | 4 --
changes/geoip-march2016 | 4 --
changes/geoip-may2016 | 4 --
changes/geoip-november2016 | 4 --
changes/geoip-october2015 | 3 --
changes/geoip-october2016 | 4 --
changes/geoip-september2015 | 3 --
changes/geoip-september2016 | 4 --
changes/rsa_init_bug | 7 ---
changes/trove-2017-001.2 | 8 ----
34 files changed, 111 insertions(+), 168 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index ac52b2a..c4eafb3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,114 @@
+Changes in version 0.2.6.11 - 2017-03-??
+ Tor 0.2.6.11 backports a number of security fixes from later Tor
+ releases. Anybody running Tor 0.2.6.10 or earlier should upgrade to
+ this release, if for some reason they cannot upgrade to a later
+ release series.
+
+ Note that support for Tor 0.2.6.x is ending next year: we will not issue
+ any fixes for the Tor 0.2.6.x series after 1 August 2017. If you need
+ a Tor release series with longer-term support, we recommend Tor 0.2.9.x.
+
+ o Directory authority changes (backport from 0.2.8.5-rc):
+ - Urras is no longer a directory authority. Closes ticket 19271.
+
+ o Directory authority changes (backport from 0.2.9.2-alpha):
+ - The "Tonga" bridge authority has been retired; the new bridge
+ authority is "Bifroest". Closes tickets 19728 and 19690.
+
+ o Directory authority key updates (backport from 0.2.8.1-alpha):
+ - Update the V3 identity key for the dannenberg directory authority:
+ it was changed on 18 November 2015. Closes task 17906. Patch
+ by "teor".
+
+ o Major bugfixes (dns proxy mode, crash, backport from 0.2.8.2-alpha):
+ - Avoid crashing when running as a DNS proxy. Fixes bug 16248;
+ bugfix on 0.2.0.1-alpha. Patch from "cypherpunks".
+
+ o Minor features (bug-resistance, backport from 0.2.8.2-alpha):
+ - Make Tor survive errors involving connections without a
+ corresponding event object. Previously we'd fail with an
+ assertion; now we produce a log message. Related to bug 16248.
+
+ o Major bugfixes (security, correctness, backport from 0.2.7.4-rc):
+ - Fix an error that could cause us to read 4 bytes before the
+ beginning of an openssl string. This bug could be used to cause
+ Tor to crash on systems with unusual malloc implementations, or
+ systems with unusual hardening installed. Fixes bug 17404; bugfix
+ on 0.2.3.6-alpha.
+
+ o Major bugfixes (guard selection, backport from 0.2.7.6):
+ - Actually look at the Guard flag when selecting a new directory
+ guard. When we implemented the directory guard design, we
+ accidentally started treating all relays as if they have the Guard
+ flag during guard selection, leading to weaker anonymity and worse
+ performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered
+ by Mohsen Imani.
+
+ o Minor bugfixes (compilation, backport from 0.2.7.6)
+ - Fix a compilation warning with Clang 3.6: Do not check the
+ presence of an address which can never be NULL. Fixes bug 17781.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (security, memory erasure, backport from 0.2.8.1-alpha):
+ - Make memwipe() do nothing when passed a NULL pointer or buffer of
+ zero size. Check size argument to memwipe() for underflow. Fixes
+ bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk",
+ patch by "teor".
+
+ o Major bugfixes (security, pointers, backport from 0.2.8.2-alpha):
+ - Avoid a difficult-to-trigger heap corruption attack when extending
+ a smartlist to contain over 16GB of pointers. Fixes bug 18162;
+ bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely.
+ Reported by Guido Vranken.
+
+ o Major bugfixes (security, client, DNS proxy, backport from 0.2.8.3-alpha):
+ - Stop a crash that could occur when a client running with DNSPort
+ received a query with multiple address types, and the first
+ address type was not supported. Found and fixed by Scott Dial.
+ Fixes bug 18710; bugfix on 0.2.5.4-alpha.
+
+ o Major features (security fixes, backport from 0.2.9.4-alpha):
+ - Prevent a class of security bugs caused by treating the contents
+ of a buffer chunk as if they were a NUL-terminated string. At
+ least one such bug seems to be present in all currently used
+ versions of Tor, and would allow an attacker to remotely crash
+ most Tor instances, especially those compiled with extra compiler
+ hardening. With this defense in place, such bugs can't crash Tor,
+ though we should still fix them as they occur. Closes ticket
+ 20384 (TROVE-2016-10-001).
+
+ o Major bugfixes (parsing, security, backport from 0.2.9.8):
+ - Fix a bug in parsing that could cause clients to read a single
+ byte past the end of an allocated region. This bug could be used
+ to cause hardened clients (built with --enable-expensive-hardening)
+ to crash if they tried to visit a hostile hidden service. Non-
+ hardened clients are only affected depending on the details of
+ their platform's memory allocator. Fixes bug 21018; bugfix on
+ 0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
+ 2016-12-002 and as CVE-2016-1254.
+
+ o Major bugfixes (key management, backport from 0.2.8.3-alpha):
+ - If OpenSSL fails to generate an RSA key, do not retain a dangling
+ pointer to the previous (uninitialized) key value. The impact here
+ should be limited to a difficult-to-trigger crash, if OpenSSL is
+ running an engine that makes key generation failures possible, or
+ if OpenSSL runs out of memory. Fixes bug 19152; bugfix on
+ 0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and
+ Baishakhi Ray.
+
+ o Major bugfixes (parsing, also in 0.3.0.4-rc):
+ - Fix an integer underflow bug when comparing malformed Tor versions.
+ This bug is harmless, except when Tor has been built with
+ --enable-expensive-hardening, which would turn it into a crash;
+ or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with
+ -ftrapv by default.
+ Part of TROVE-2017-001. Fixes bug 21278; bugfix on
+ 0.0.8pre1. Found by OSS-Fuzz.
+
+
Changes in version 0.2.6.10 - 2015-07-12
Tor version 0.2.6.10 fixes some significant stability and hidden
service client bugs, bulletproofs the cryptography init process, and
diff --git a/changes/19271 b/changes/19271
deleted file mode 100644
index dc06ead..0000000
--- a/changes/19271
+++ /dev/null
@@ -1,2 +0,0 @@
- o Directory authority changes:
- - Urras is no longer a directory authority. Closes ticket 19271.
diff --git a/changes/bifroest b/changes/bifroest
deleted file mode 100644
index 41af658..0000000
--- a/changes/bifroest
+++ /dev/null
@@ -1,3 +0,0 @@
- o Directory authority changes (also in 0.2.8.7):
- - The "Tonga" bridge authority has been retired; the new bridge
- authority is "Bifroest". Closes tickets 19728 and 19690.
diff --git a/changes/buf-sentinel b/changes/buf-sentinel
deleted file mode 100644
index 7c5b829..0000000
--- a/changes/buf-sentinel
+++ /dev/null
@@ -1,11 +0,0 @@
- o Major features (security fixes):
-
- - Prevent a class of security bugs caused by treating the contents
- of a buffer chunk as if they were a NUL-terminated string. At
- least one such bug seems to be present in all currently used
- versions of Tor, and would allow an attacker to remotely crash
- most Tor instances, especially those compiled with extra compiler
- hardening. With this defense in place, such bugs can't crash Tor,
- though we should still fix them as they occur. Closes ticket 20384
- (TROVE-2016-10-001).
-
diff --git a/changes/bug16248 b/changes/bug16248
deleted file mode 100644
index 399b709..0000000
--- a/changes/bug16248
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major bugfixes (dns proxy mode, crash):
- - Avoid crashing when running as a DNS proxy. Closes bug 16248; bugfix on
- 0.2.0.1-alpha. Patch from 'cypherpunks'.
-
- o Minor features (bug-resistance):
- - Make Tor survive errors involving connections without a corresponding
- event object. Previously we'd fail with an assertion; now we produce a
- log message. Related to bug 16248.
diff --git a/changes/bug17404 b/changes/bug17404
deleted file mode 100644
index d524f66..0000000
--- a/changes/bug17404
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes (security, correctness):
- - Fix a programming error that could cause us to read 4 bytes before
- the beginning of an openssl string. This could be used to provoke
- a crash on systems with an unusual malloc implementation, or
- systems with unsual hardening installed. Fixes bug 17404; bugfix
- on 0.2.3.6-alpha.
diff --git a/changes/bug17772 b/changes/bug17772
deleted file mode 100644
index 54d457c..0000000
--- a/changes/bug17772
+++ /dev/null
@@ -1,7 +0,0 @@
- o Major bugfixes (guard selection):
- - Actually look at the Guard flag when selecting a new directory
- guard. When we implemented the directory guard design, we
- accidentally started treating all relays as if they have the Guard
- flag during guard selection, leading to weaker anonymity and worse
- performance. Fixes bug 17222; bugfix on 0.2.4.8-alpha. Discovered
- by Mohsen Imani.
diff --git a/changes/bug17781 b/changes/bug17781
deleted file mode 100644
index 01ed231..0000000
--- a/changes/bug17781
+++ /dev/null
@@ -1,3 +0,0 @@
- o Compilation fixes:
- - Fix a compilation warning with Clang 3.6: Do not check the
- presence of an address which can never be NULL. Fixes bug 17781.
diff --git a/changes/bug17906 b/changes/bug17906
deleted file mode 100644
index fff76d1..0000000
--- a/changes/bug17906
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (authorities):
- - Update the V3 identity key for dannenberg, it was changed on
- 18 November 2015.
- Closes task #17906. Patch by "teor".
diff --git a/changes/bug18089 b/changes/bug18089
deleted file mode 100644
index c1fb342..0000000
--- a/changes/bug18089
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor fixes (security):
- - Make memwipe() do nothing when passed a NULL pointer
- or zero size. Check size argument to memwipe() for underflow.
- Closes bug #18089. Reported by "gk", patch by "teor".
- Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
- commit 49dd5ef3 on 7 Nov 2012.
diff --git a/changes/bug18162 b/changes/bug18162
deleted file mode 100644
index 0844d6f..0000000
--- a/changes/bug18162
+++ /dev/null
@@ -1,7 +0,0 @@
- o Major bugfixes (security, pointers):
-
- - Avoid a difficult-to-trigger heap corruption attack when extending
- a smartlist to contain over 16GB of pointers. Fixes bug #18162;
- bugfix on Tor 0.1.1.11-alpha, which fixed a related bug
- incompletely. Reported by Guido Vranken.
-
diff --git a/changes/bug18710 b/changes/bug18710
deleted file mode 100644
index 2693955..0000000
--- a/changes/bug18710
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes (DNS proxy):
- - Stop a crash that could occur when a client running with DNSPort
- received a query with multiple address types, where the first
- address type was not supported. Found and fixed by Scott Dial.
- Fixes bug 18710; bugfix on 0.2.5.4-alpha.
-
diff --git a/changes/bug20384 b/changes/bug20384
deleted file mode 100644
index 591015a..0000000
--- a/changes/bug20384
+++ /dev/null
@@ -1,10 +0,0 @@
- o Major features (security fixes):
- - Prevent a class of security bugs caused by treating the contents
- of a buffer chunk as if they were a NUL-terminated string. At
- least one such bug seems to be present in all currently used
- versions of Tor, and would allow an attacker to remotely crash
- most Tor instances, especially those compiled with extra compiler
- hardening. With this defense in place, such bugs can't crash Tor,
- though we should still fix them as they occur. Closes ticket
- 20384 (TROVE-2016-10-001).
-
diff --git a/changes/bug21018 b/changes/bug21018
deleted file mode 100644
index 49a8b47..0000000
--- a/changes/bug21018
+++ /dev/null
@@ -1,11 +0,0 @@
- o Major bugfixes (parsing, security):
-
- - Fix a bug in parsing that could cause clients to read a single
- byte past the end of an allocated region. This bug could be
- used to cause hardened clients (built with
- --enable-expensive-hardening) to crash if they tried to visit
- a hostile hidden service. Non-hardened clients are only
- affected depending on the details of their platform's memory
- allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by
- using libFuzzer. Also tracked as TROVE-2016-12-002 and as
- CVE-2016-1254.
diff --git a/changes/geoip-april2016 b/changes/geoip-april2016
deleted file mode 100644
index 4cd03e5..0000000
--- a/changes/geoip-april2016
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the April 5 2016 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-august2016 b/changes/geoip-august2016
deleted file mode 100644
index 370ab64..0000000
--- a/changes/geoip-august2016
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-december2015 b/changes/geoip-december2015
deleted file mode 100644
index 597bcc9..0000000
--- a/changes/geoip-december2015
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-december2016 b/changes/geoip-december2016
deleted file mode 100644
index 60754ea..0000000
--- a/changes/geoip-december2016
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-february2016 b/changes/geoip-february2016
deleted file mode 100644
index 49a8041..0000000
--- a/changes/geoip-february2016
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the February 2 2016 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-february2017 b/changes/geoip-february2017
deleted file mode 100644
index ec54b61..0000000
--- a/changes/geoip-february2017
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-january2016 b/changes/geoip-january2016
deleted file mode 100644
index fe2d5c7..0000000
--- a/changes/geoip-january2016
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-january2017 b/changes/geoip-january2017
deleted file mode 100644
index de1a4cb..0000000
--- a/changes/geoip-january2017
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-july2015 b/changes/geoip-july2015
deleted file mode 100644
index 381c2df..0000000
--- a/changes/geoip-july2015
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the July 8 2015 Maxmind GeoLite2 Country database.
-
diff --git a/changes/geoip-july2016 b/changes/geoip-july2016
deleted file mode 100644
index d9963bd..0000000
--- a/changes/geoip-july2016
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the July 6 2016 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-jun2016 b/changes/geoip-jun2016
deleted file mode 100644
index 8d308f6..0000000
--- a/changes/geoip-jun2016
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the June 7 2016 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-march2016 b/changes/geoip-march2016
deleted file mode 100644
index d7b1bd4..0000000
--- a/changes/geoip-march2016
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the March 3 2016 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-may2016 b/changes/geoip-may2016
deleted file mode 100644
index 3fd42dc..0000000
--- a/changes/geoip-may2016
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the May 4 2016 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-november2016 b/changes/geoip-november2016
deleted file mode 100644
index 5190ed6..0000000
--- a/changes/geoip-november2016
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-october2015 b/changes/geoip-october2015
deleted file mode 100644
index f20febe..0000000
--- a/changes/geoip-october2015
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2 Country database.
-
diff --git a/changes/geoip-october2016 b/changes/geoip-october2016
deleted file mode 100644
index fff9a1e..0000000
--- a/changes/geoip-october2016
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-september2015 b/changes/geoip-september2015
deleted file mode 100644
index a4f99ef..0000000
--- a/changes/geoip-september2015
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the September 3 2015 Maxmind GeoLite2 Country database.
-
diff --git a/changes/geoip-september2016 b/changes/geoip-september2016
deleted file mode 100644
index a14c7c6..0000000
--- a/changes/geoip-september2016
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/rsa_init_bug b/changes/rsa_init_bug
deleted file mode 100644
index 6b5fb4f..0000000
--- a/changes/rsa_init_bug
+++ /dev/null
@@ -1,7 +0,0 @@
- o Major bugfixes (key management):
- - If OpenSSL fails to generate an RSA key, do not retain a dangling pointer
- to the previous (uninitialized) key value. The impact here should be
- limited to a difficult-to-trigger crash, if OpenSSL is running an
- engine that makes key generation failures possible, or if OpenSSL runs
- out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by
- Yuan Jochen Kang, Suman Jana, and Baishakhi Ray.
diff --git a/changes/trove-2017-001.2 b/changes/trove-2017-001.2
deleted file mode 100644
index 3ef073c..0000000
--- a/changes/trove-2017-001.2
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major bugfixes (parsing):
- - Fix an integer underflow bug when comparing malformed Tor versions.
- This bug is harmless, except when Tor has been built with
- --enable-expensive-hardening, which would turn it into a crash;
- or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with
- -ftrapv by default.
- Part of TROVE-2017-001. Fixes bug 21278; bugfix on
- 0.0.8pre1. Found by OSS-Fuzz.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits