[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/main] sort recent changelog stanzas by release date
commit 172d5107942d20a9468a13b9d25ead47eb9dbc1c
Author: Roger Dingledine <arma@xxxxxxxxxxxxxx>
Date: Tue Oct 26 04:50:59 2021 -0400
sort recent changelog stanzas by release date
---
ChangeLog | 354 ++++++++++++++++++-------------------
ReleaseNotes | 562 +++++++++++++++++++++++++++++------------------------------
2 files changed, 458 insertions(+), 458 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index a061775812..d1bc48dc0c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -150,100 +150,6 @@ Changes in version 0.4.7.2-alpha - 2021-10-26
ticket 40485.
-Changes in version 0.4.7.1-alpha - 2021-09-17
- This version is the first alpha release of the 0.4.7.x series. One
- major feature is Vanguards Lite, from proposal 333, to help mitigate
- guard discovery attacks against onion services. It also includes
- numerous bugfixes.
-
- o Major features (Proposal 332, onion services, guard selection algorithm):
- - Clients and onion services now choose four long-lived "layer 2"
- guard relays for use as the middle hop in all onion circuits.
- These relays are kept in place for a randomized duration averaging
- 1 week. This mitigates guard discovery attacks against clients and
- short-lived onion services such as OnionShare. Long-lived onion
- services that need high security should still use the Vanguards
- addon (https://github.com/mikeperry-tor/vanguards). Closes ticket
- 40363; implements proposal 333.
-
- o Minor features (bridge testing support):
- - Let external bridge reachability testing tools discard cached
- bridge descriptors when setting new bridges, so they can be sure
- to get a clean reachability test. Implements ticket 40209.
-
- o Minor features (fuzzing):
- - When building with --enable-libfuzzer, use a set of compiler flags
- that works with more recent versions of the library. Previously we
- were using a set of flags from 2017. Closes ticket 40407.
-
- o Minor features (testing configuration):
- - When TestingTorNetwork is enabled, skip the permissions check on
- hidden service directories. Closes ticket 40338.
- - On a testing network, relays can now use the
- TestingMinTimeToReportBandwidth option to change the smallest
- amount of time over which they're willing to report their observed
- maximum bandwidth. Previously, this was fixed at 1 day. For
- safety, values under 2 hours are only supported on testing
- networks. Part of a fix for ticket 40337.
- - Relays on testing networks no longer rate-limit how frequently
- they are willing to report new bandwidth measurements. Part of a
- fix for ticket 40337.
- - Relays on testing networks now report their observed bandwidths
- immediately from startup. Previously, they waited until they had
- been running for a full day. Closes ticket 40337.
-
- o Minor bugfixes (circuit padding):
- - Don't send STOP circuit padding cells when the other side has
- already shut down the corresponding padding machine. Fixes bug
- 40435; bugfix on 0.4.0.1-alpha.
-
- o Minor bugfixes (compatibility):
- - Fix compatibility with the most recent Libevent versions, which no
- longer have an evdns_set_random_bytes() function. Because this
- function has been a no-op since Libevent 2.0.4-alpha, it is safe
- for us to just stop calling it. Fixes bug 40371; bugfix
- on 0.2.1.7-alpha.
-
- o Minor bugfixes (control, sandbox):
- - Allows the control command SAVECONF to succeed when the seccomp
- sandbox is enabled. Makes SAVECONF keep only one backup file, to
- simplify implementation. Fixes bug 40317; bugfix on 0.2.5.4-alpha.
- Patch by Daniel Pinto.
-
- o Minor bugfixes (heartbeat):
- - Adjust the heartbeat log message about distinct clients to
- consider the HeartbeatPeriod rather than a flat 6-hour delay.
- Fixes bug 40330; bugfix on 0.2.6.3-alpha.
-
- o Minor bugfixes (logging, relay):
- - Add spaces between the "and" when logging the "Your server has not
- managed to confirm reachability for its" on dual-stack relays.
- Fixes bug 40453; bugfix on 0.4.5.1-alpha. Patch by Neel Chauhan.
-
- o Minor bugfixes (onion service):
- - Do not flag an HSDir as non-running in case the descriptor upload
- or fetch fails. An onion service closes pending directory
- connections before uploading a new descriptor which leads to
- wrongly flagging many relays and thus affecting circuit path
- selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha.
-
- o Minor bugfixes (statistics):
- - Fix a fencepost issue when we check stability_last_downrated where
- we called rep_hist_downrate_old_runs() twice. Fixes bug 40394;
- bugfix on 0.2.0.5-alpha. Patch by Neel Chauhan.
-
- o Minor bugfixes (tests):
- - Fix a bug that prevented some tests from running with the correct
- names. Fixes bug 40365; bugfix on 0.4.3.1-alpha.
-
- o Documentation:
- - Add links to original tor design paper and anonbib to
- docs/HACKING/README.1st.md. Closes ticket 33742. Patch from
- Emily Bones.
- - Describe the "fingerprint-ed25519" file in the tor.1 man page.
- Fixes bug 40467; bugfix on 0.4.3.1-alpha. Patch by Neel Chauhan.
-
-
Changes in version 0.4.6.8 - 2021-10-26
This version fixes several bugs from earlier versions of Tor. One
highlight is a fix on how we track DNS timeouts to report general
@@ -303,52 +209,6 @@ Changes in version 0.4.6.8 - 2021-10-26
Fixes bug 40474; bugfix on 0.4.5.8.
-Changes in version 0.4.6.7 - 2021-08-16
- This version fixes several bugs from earlier versions of Tor,
- including one that could lead to a denial-of-service attack. Everyone
- running an earlier version, whether as a client, a relay, or an onion
- service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
-
- o Major bugfixes (cryptography, security):
- - Resolve an assertion failure caused by a behavior mismatch between
- our batch-signature verification code and our single-signature
- verification code. This assertion failure could be triggered
- remotely, leading to a denial of service attack. We fix this issue
- by disabling batch verification. Fixes bug 40078; bugfix on
- 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and
- CVE-2021-38385. Found by Henry de Valence.
-
- o Minor feature (fallbackdir):
- - Regenerate fallback directories list. Close ticket 40447.
-
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database, as
- retrieved on 2021/08/12.
-
- o Minor bugfix (crypto):
- - Disable the unused batch verification feature of ed25519-donna.
- Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry
- de Valence.
-
- o Minor bugfixes (onion service):
- - Send back the extended SOCKS error 0xF6 (Onion Service Invalid
- Address) for a v2 onion address. Fixes bug 40421; bugfix
- on 0.4.6.2-alpha.
-
- o Minor bugfixes (relay):
- - Reduce the compression level for data streaming from HIGH to LOW
- in order to reduce CPU load on the directory relays. Fixes bug
- 40301; bugfix on 0.3.5.1-alpha.
-
- o Minor bugfixes (timekeeping):
- - Calculate the time of day correctly on systems where the time_t
- type includes leap seconds. (This is not the case on most
- operating systems, but on those where it occurs, our tor_timegm
- function did not correctly invert the system's gmtime function,
- which could result in assertion failures when calculating voting
- schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
-
-
Changes in version 0.4.5.11 - 2021-10-26
The major change in this version is that v2 onion services are now
disabled at the client, service, and relay: any Tor nodes running this
@@ -430,6 +290,183 @@ Changes in version 0.4.5.11 - 2021-10-26
Fixes bug 40474; bugfix on 0.4.5.8.
+Changes in version 0.3.5.17 - 2021-10-26
+ The major change in this version is that v2 onion services are now
+ disabled at the client, service, and relay: any Tor nodes running this
+ version and onward will stop supporting v2 onion services. This is the
+ last step in the long deprecation process of v2 onion services.
+ Everyone running an earlier version, whether as a client, a relay, or
+ an onion service, should upgrade to Tor 0.3.5.17, 0.4.5.11,
+ or 0.4.6.8.
+
+ o Major feature (onion service v2, backport from 0.4.5.11):
+ - See https://blog.torproject.org/v2-deprecation-timeline for
+ details on how to transition from v2 to v3.
+ - The control port commands HSFETCH and HSPOST no longer allow
+ version 2, and it is no longer possible to create a v2 service
+ with ADD_ONION.
+ - Tor no longer allows creating v2 services, or connecting as a
+ client to a v2 service. Relays will decline to be a v2 HSDir or
+ introduction point. This effectively disables onion service
+ version 2 Tor-wide. Closes ticket 40476.
+
+ o Minor features (bridge, backport from 0.4.6.8):
+ - We now announce the URL to Tor's new bridge status at
+ https://bridges.torproject.org/ when Tor is configured to run as a
+ bridge relay. Closes ticket 30477.
+
+ o Minor features (fallbackdir):
+ - Regenerate fallback directories for October 2021. Closes
+ ticket 40493.
+
+ o Minor bugfixes (compatibility, backport from 0.4.6.8):
+ - Fix compatibility with the most recent Libevent versions, which no
+ longer have an evdns_set_random_bytes() function. Because this
+ function has been a no-op since Libevent 2.0.4-alpha, it is safe
+ for us to just stop calling it. Fixes bug 40371; bugfix
+ on 0.2.1.7-alpha.
+
+
+Changes in version 0.4.7.1-alpha - 2021-09-17
+ This version is the first alpha release of the 0.4.7.x series. One
+ major feature is Vanguards Lite, from proposal 333, to help mitigate
+ guard discovery attacks against onion services. It also includes
+ numerous bugfixes.
+
+ o Major features (Proposal 332, onion services, guard selection algorithm):
+ - Clients and onion services now choose four long-lived "layer 2"
+ guard relays for use as the middle hop in all onion circuits.
+ These relays are kept in place for a randomized duration averaging
+ 1 week. This mitigates guard discovery attacks against clients and
+ short-lived onion services such as OnionShare. Long-lived onion
+ services that need high security should still use the Vanguards
+ addon (https://github.com/mikeperry-tor/vanguards). Closes ticket
+ 40363; implements proposal 333.
+
+ o Minor features (bridge testing support):
+ - Let external bridge reachability testing tools discard cached
+ bridge descriptors when setting new bridges, so they can be sure
+ to get a clean reachability test. Implements ticket 40209.
+
+ o Minor features (fuzzing):
+ - When building with --enable-libfuzzer, use a set of compiler flags
+ that works with more recent versions of the library. Previously we
+ were using a set of flags from 2017. Closes ticket 40407.
+
+ o Minor features (testing configuration):
+ - When TestingTorNetwork is enabled, skip the permissions check on
+ hidden service directories. Closes ticket 40338.
+ - On a testing network, relays can now use the
+ TestingMinTimeToReportBandwidth option to change the smallest
+ amount of time over which they're willing to report their observed
+ maximum bandwidth. Previously, this was fixed at 1 day. For
+ safety, values under 2 hours are only supported on testing
+ networks. Part of a fix for ticket 40337.
+ - Relays on testing networks no longer rate-limit how frequently
+ they are willing to report new bandwidth measurements. Part of a
+ fix for ticket 40337.
+ - Relays on testing networks now report their observed bandwidths
+ immediately from startup. Previously, they waited until they had
+ been running for a full day. Closes ticket 40337.
+
+ o Minor bugfixes (circuit padding):
+ - Don't send STOP circuit padding cells when the other side has
+ already shut down the corresponding padding machine. Fixes bug
+ 40435; bugfix on 0.4.0.1-alpha.
+
+ o Minor bugfixes (compatibility):
+ - Fix compatibility with the most recent Libevent versions, which no
+ longer have an evdns_set_random_bytes() function. Because this
+ function has been a no-op since Libevent 2.0.4-alpha, it is safe
+ for us to just stop calling it. Fixes bug 40371; bugfix
+ on 0.2.1.7-alpha.
+
+ o Minor bugfixes (control, sandbox):
+ - Allows the control command SAVECONF to succeed when the seccomp
+ sandbox is enabled. Makes SAVECONF keep only one backup file, to
+ simplify implementation. Fixes bug 40317; bugfix on 0.2.5.4-alpha.
+ Patch by Daniel Pinto.
+
+ o Minor bugfixes (heartbeat):
+ - Adjust the heartbeat log message about distinct clients to
+ consider the HeartbeatPeriod rather than a flat 6-hour delay.
+ Fixes bug 40330; bugfix on 0.2.6.3-alpha.
+
+ o Minor bugfixes (logging, relay):
+ - Add spaces between the "and" when logging the "Your server has not
+ managed to confirm reachability for its" on dual-stack relays.
+ Fixes bug 40453; bugfix on 0.4.5.1-alpha. Patch by Neel Chauhan.
+
+ o Minor bugfixes (onion service):
+ - Do not flag an HSDir as non-running in case the descriptor upload
+ or fetch fails. An onion service closes pending directory
+ connections before uploading a new descriptor which leads to
+ wrongly flagging many relays and thus affecting circuit path
+ selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha.
+
+ o Minor bugfixes (statistics):
+ - Fix a fencepost issue when we check stability_last_downrated where
+ we called rep_hist_downrate_old_runs() twice. Fixes bug 40394;
+ bugfix on 0.2.0.5-alpha. Patch by Neel Chauhan.
+
+ o Minor bugfixes (tests):
+ - Fix a bug that prevented some tests from running with the correct
+ names. Fixes bug 40365; bugfix on 0.4.3.1-alpha.
+
+ o Documentation:
+ - Add links to original tor design paper and anonbib to
+ docs/HACKING/README.1st.md. Closes ticket 33742. Patch from
+ Emily Bones.
+ - Describe the "fingerprint-ed25519" file in the tor.1 man page.
+ Fixes bug 40467; bugfix on 0.4.3.1-alpha. Patch by Neel Chauhan.
+
+
+Changes in version 0.4.6.7 - 2021-08-16
+ This version fixes several bugs from earlier versions of Tor,
+ including one that could lead to a denial-of-service attack. Everyone
+ running an earlier version, whether as a client, a relay, or an onion
+ service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
+
+ o Major bugfixes (cryptography, security):
+ - Resolve an assertion failure caused by a behavior mismatch between
+ our batch-signature verification code and our single-signature
+ verification code. This assertion failure could be triggered
+ remotely, leading to a denial of service attack. We fix this issue
+ by disabling batch verification. Fixes bug 40078; bugfix on
+ 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and
+ CVE-2021-38385. Found by Henry de Valence.
+
+ o Minor feature (fallbackdir):
+ - Regenerate fallback directories list. Close ticket 40447.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2021/08/12.
+
+ o Minor bugfix (crypto):
+ - Disable the unused batch verification feature of ed25519-donna.
+ Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry
+ de Valence.
+
+ o Minor bugfixes (onion service):
+ - Send back the extended SOCKS error 0xF6 (Onion Service Invalid
+ Address) for a v2 onion address. Fixes bug 40421; bugfix
+ on 0.4.6.2-alpha.
+
+ o Minor bugfixes (relay):
+ - Reduce the compression level for data streaming from HIGH to LOW
+ in order to reduce CPU load on the directory relays. Fixes bug
+ 40301; bugfix on 0.3.5.1-alpha.
+
+ o Minor bugfixes (timekeeping):
+ - Calculate the time of day correctly on systems where the time_t
+ type includes leap seconds. (This is not the case on most
+ operating systems, but on those where it occurs, our tor_timegm
+ function did not correctly invert the system's gmtime function,
+ which could result in assertion failures when calculating voting
+ schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
+
+
Changes in version 0.4.5.10 - 2021-08-16
This version fixes several bugs from earlier versions of Tor,
including one that could lead to a denial-of-service attack. Everyone
@@ -479,43 +516,6 @@ Changes in version 0.4.5.10 - 2021-08-16
versions of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha.
-Changes in version 0.3.5.17 - 2021-10-26
- The major change in this version is that v2 onion services are now
- disabled at the client, service, and relay: any Tor nodes running this
- version and onward will stop supporting v2 onion services. This is the
- last step in the long deprecation process of v2 onion services.
- Everyone running an earlier version, whether as a client, a relay, or
- an onion service, should upgrade to Tor 0.3.5.17, 0.4.5.11,
- or 0.4.6.8.
-
- o Major feature (onion service v2, backport from 0.4.5.11):
- - See https://blog.torproject.org/v2-deprecation-timeline for
- details on how to transition from v2 to v3.
- - The control port commands HSFETCH and HSPOST no longer allow
- version 2, and it is no longer possible to create a v2 service
- with ADD_ONION.
- - Tor no longer allows creating v2 services, or connecting as a
- client to a v2 service. Relays will decline to be a v2 HSDir or
- introduction point. This effectively disables onion service
- version 2 Tor-wide. Closes ticket 40476.
-
- o Minor features (bridge, backport from 0.4.6.8):
- - We now announce the URL to Tor's new bridge status at
- https://bridges.torproject.org/ when Tor is configured to run as a
- bridge relay. Closes ticket 30477.
-
- o Minor features (fallbackdir):
- - Regenerate fallback directories for October 2021. Closes
- ticket 40493.
-
- o Minor bugfixes (compatibility, backport from 0.4.6.8):
- - Fix compatibility with the most recent Libevent versions, which no
- longer have an evdns_set_random_bytes() function. Because this
- function has been a no-op since Libevent 2.0.4-alpha, it is safe
- for us to just stop calling it. Fixes bug 40371; bugfix
- on 0.2.1.7-alpha.
-
-
Changes in version 0.3.5.16 - 2021-08-16
This version fixes several bugs from earlier versions of Tor,
including one that could lead to a denial-of-service attack. Everyone
diff --git a/ReleaseNotes b/ReleaseNotes
index 73c351fa83..8401162ebe 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -61,54 +61,6 @@ Changes in version 0.4.6.8 - 2021-10-26
Fixes bug 40474; bugfix on 0.4.5.8.
-Changes in version 0.4.6.7 - 2021-08-16
- This version fixes several bugs from earlier versions of Tor, including one
- that could lead to a denial-of-service attack. Everyone running an earlier
- version, whether as a client, a relay, or an onion service, should upgrade
- to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
-
- o Major bugfixes (cryptography, security):
- - Resolve an assertion failure caused by a behavior mismatch between our
- batch-signature verification code and our single-signature verification
- code. This assertion failure could be triggered remotely, leading to a
- denial of service attack. We fix this issue by disabling batch
- verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
- also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
- Valence.
-
- o Minor feature (fallbackdir):
- - Regenerate fallback directories list. Close ticket 40447.
-
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2021/08/12.
-
- o Minor bugfix (crypto):
- - Disable the unused batch verification feature of ed25519-donna. Fixes
- bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence.
-
- o Minor bugfixes (onion service):
- - Send back the extended SOCKS error 0xF6 (Onion Service Invalid Address)
- for a v2 onion address. Fixes bug 40421; bugfix on 0.4.6.2-alpha.
-
- o Minor bugfix (CI, onion service):
- - Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500;
- bugfix on 0.3.2.1-alpha.
-
- o Minor bugfixes (relay):
- - Reduce the compression level for data streaming from HIGH to LOW in
- order to reduce CPU load on the directory relays. Fixes bug 40301;
- bugfix on 0.3.5.1-alpha.
-
- o Minor bugfixes (timekeeping):
- - Calculate the time of day correctly on systems where the time_t
- type includes leap seconds. (This is not the case on most
- operating systems, but on those where it occurs, our tor_timegm
- function did not correctly invert the system's gmtime function,
- which could result in assertion failures when calculating
- voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
-
-
Changes in version 0.4.5.11 - 2021-10-26
The major change in this version is that v2 onion services are now
disabled at the client, service, and relay: any Tor nodes running this
@@ -190,53 +142,6 @@ Changes in version 0.4.5.11 - 2021-10-26
Fixes bug 40474; bugfix on 0.4.5.8.
-Changes in version 0.4.5.10 - 2021-08-16
- This version fixes several bugs from earlier versions of Tor, including one
- that could lead to a denial-of-service attack. Everyone running an earlier
- version, whether as a client, a relay, or an onion service, should upgrade
- to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
-
- o Major bugfixes (cryptography, security):
- - Resolve an assertion failure caused by a behavior mismatch between our
- batch-signature verification code and our single-signature verification
- code. This assertion failure could be triggered remotely, leading to a
- denial of service attack. We fix this issue by disabling batch
- verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
- also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
- Valence.
-
- o Minor feature (fallbackdir):
- - Regenerate fallback directories list. Close ticket 40447.
-
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2021/08/12.
-
- o Minor features (testing):
- - Enable the deterministic RNG for unit tests that covers the address set
- bloomfilter-based API's. Fixes bug 40419; bugfix on 0.3.3.2-alpha.
-
- o Minor bugfix (crypto):
- - Disable the unused batch verification feature of ed25519-donna. Fixes
- bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence.
-
- o Minor bugfixes (relay, backport from 0.4.6.x):
- - Reduce the compression level for data streaming from HIGH to LOW. Fixes
- bug 40301; bugfix on 0.3.5.1-alpha.
-
- o Minor bugfixes (timekeeping, backport from 0.4.6.x):
- - Calculate the time of day correctly on systems where the time_t
- type includes leap seconds. (This is not the case on most
- operating systems, but on those where it occurs, our tor_timegm
- function did not correctly invert the system's gmtime function,
- which could result in assertion failures when calculating
- voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
-
- o Minor bugfixes (warnings, portability, backport from 0.4.6.x):
- - Suppress a strict-prototype warning when building with some versions
- of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha.
-
-
Changes in version 0.3.5.17 - 2021-10-26
The major change in this version is that v2 onion services are now
disabled at the client, service, and relay: any Tor nodes running this
@@ -274,7 +179,7 @@ Changes in version 0.3.5.17 - 2021-10-26
on 0.2.1.7-alpha.
-Changes in version 0.3.5.16 - 2021-08-16
+Changes in version 0.4.6.7 - 2021-08-16
This version fixes several bugs from earlier versions of Tor, including one
that could lead to a denial-of-service attack. Everyone running an earlier
version, whether as a client, a relay, or an onion service, should upgrade
@@ -300,216 +205,123 @@ Changes in version 0.3.5.16 - 2021-08-16
- Disable the unused batch verification feature of ed25519-donna. Fixes
bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence.
- o Minor bugfixes (relay, backport from 0.4.6.x):
- - Reduce the compression level for data streaming from HIGH to LOW. Fixes
- bug 40301; bugfix on 0.3.5.1-alpha.
-
-
-Changes in version 0.4.6.6 - 2021-06-30
- Tor 0.4.6.6 makes several small fixes on 0.4.6.5, including one that
- allows Tor to build correctly on older versions of GCC. You should
- upgrade to this version if you were having trouble building Tor
- 0.4.6.5; otherwise, there is probably no need.
-
- o Minor bugfixes (compilation):
- - Fix a compilation error when trying to build Tor with a compiler
- that does not support const variables in static initializers.
- Fixes bug 40410; bugfix on 0.4.6.5.
- - Suppress a strict-prototype warning when building with some
- versions of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha.
+ o Minor bugfixes (onion service):
+ - Send back the extended SOCKS error 0xF6 (Onion Service Invalid Address)
+ for a v2 onion address. Fixes bug 40421; bugfix on 0.4.6.2-alpha.
- o Minor bugfixes (testing):
- - Enable the deterministic RNG for unit tests that covers the
- address set bloomfilter-based API's. Fixes bug 40419; bugfix
- on 0.3.3.2-alpha.
+ o Minor bugfix (CI, onion service):
+ - Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500;
+ bugfix on 0.3.2.1-alpha.
+ o Minor bugfixes (relay):
+ - Reduce the compression level for data streaming from HIGH to LOW in
+ order to reduce CPU load on the directory relays. Fixes bug 40301;
+ bugfix on 0.3.5.1-alpha.
-Changes in version 0.4.5.9 - 2021-06-14
- Tor 0.4.5.9 fixes several security issues, including a
- denial-of-service attack against onion service clients, and another
- denial-of-service attack against relays. Everybody should upgrade to
- one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5.
+ o Minor bugfixes (timekeeping):
+ - Calculate the time of day correctly on systems where the time_t
+ type includes leap seconds. (This is not the case on most
+ operating systems, but on those where it occurs, our tor_timegm
+ function did not correctly invert the system's gmtime function,
+ which could result in assertion failures when calculating
+ voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
- o Major bugfixes (security, backport from 0.4.6.5):
- - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
- half-closed streams. Previously, clients failed to validate which
- hop sent these cells: this would allow a relay on a circuit to end
- a stream that wasn't actually built with it. Fixes bug 40389;
- bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
- 003 and CVE-2021-34548.
- o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5):
- - Detect more failure conditions from the OpenSSL RNG code.
- Previously, we would detect errors from a missing RNG
- implementation, but not failures from the RNG code itself.
- Fortunately, it appears those failures do not happen in practice
- when Tor is using OpenSSL's default RNG implementation. Fixes bug
- 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
- TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
+Changes in version 0.4.5.10 - 2021-08-16
+ This version fixes several bugs from earlier versions of Tor, including one
+ that could lead to a denial-of-service attack. Everyone running an earlier
+ version, whether as a client, a relay, or an onion service, should upgrade
+ to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
- o Major bugfixes (security, denial of service, backport from 0.4.6.5):
- - Resist a hashtable-based CPU denial-of-service attack against
- relays. Previously we used a naive unkeyed hash function to look
- up circuits in a circuitmux object. An attacker could exploit this
- to construct circuits with chosen circuit IDs, to create
- collisions and make the hash table inefficient. Now we use a
- SipHash construction here instead. Fixes bug 40391; bugfix on
- 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
- CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
- - Fix an out-of-bounds memory access in v3 onion service descriptor
- parsing. An attacker could exploit this bug by crafting an onion
- service descriptor that would crash any client that tried to visit
- it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
- tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
- Glazunov from Google's Project Zero.
+ o Major bugfixes (cryptography, security):
+ - Resolve an assertion failure caused by a behavior mismatch between our
+ batch-signature verification code and our single-signature verification
+ code. This assertion failure could be triggered remotely, leading to a
+ denial of service attack. We fix this issue by disabling batch
+ verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
+ also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
+ Valence.
- o Minor features (compatibility, backport from 0.4.6.4-rc):
- - Remove an assertion function related to TLS renegotiation. It was
- used nowhere outside the unit tests, and it was breaking
- compilation with recent alpha releases of OpenSSL 3.0.0. Closes
- ticket 40399.
+ o Minor feature (fallbackdir):
+ - Regenerate fallback directories list. Close ticket 40447.
o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database, as
- retrieved on 2021/06/10.
-
- o Minor bugfixes (control, sandbox, backport from 0.4.6.4-rc):
- - Allow the control command SAVECONF to succeed when the seccomp
- sandbox is enabled, and make SAVECONF keep only one backup file to
- simplify implementation. Previously SAVECONF allowed a large
- number of backup files, which made it incompatible with the
- sandbox. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by
- Daniel Pinto.
-
- o Minor bugfixes (metrics port, backport from 0.4.6.4-rc):
- - Fix a bug that made tor try to re-bind() on an already open
- MetricsPort every 60 seconds. Fixes bug 40370; bugfix
- on 0.4.5.1-alpha.
-
-
-Changes in version 0.4.4.9 - 2021-06-14
- Tor 0.4.4.9 fixes several security issues, including a
- denial-of-service attack against onion service clients, and another
- denial-of-service attack against relays. Everybody should upgrade to
- one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5.
-
- Note that the scheduled end-of-life date for the Tor 0.4.4.x series is
- June 15. This is therefore the last release in its series. Everybody
- still running 0.4.4.x should plan to upgrade to 0.4.5.x or later.
-
- o Major bugfixes (security, backport from 0.4.6.5):
- - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
- half-closed streams. Previously, clients failed to validate which
- hop sent these cells: this would allow a relay on a circuit to end
- a stream that wasn't actually built with it. Fixes bug 40389;
- bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
- 003 and CVE-2021-34548.
+ - Update the geoip files to match the IPFire Location Database,
+ as retrieved on 2021/08/12.
- o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5):
- - Detect more failure conditions from the OpenSSL RNG code.
- Previously, we would detect errors from a missing RNG
- implementation, but not failures from the RNG code itself.
- Fortunately, it appears those failures do not happen in practice
- when Tor is using OpenSSL's default RNG implementation. Fixes bug
- 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
- TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
+ o Minor features (testing):
+ - Enable the deterministic RNG for unit tests that covers the address set
+ bloomfilter-based API's. Fixes bug 40419; bugfix on 0.3.3.2-alpha.
- o Major bugfixes (security, denial of service, backport from 0.4.6.5):
- - Resist a hashtable-based CPU denial-of-service attack against
- relays. Previously we used a naive unkeyed hash function to look
- up circuits in a circuitmux object. An attacker could exploit this
- to construct circuits with chosen circuit IDs, to create
- collisions and make the hash table inefficient. Now we use a
- SipHash construction here instead. Fixes bug 40391; bugfix on
- 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
- CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
- - Fix an out-of-bounds memory access in v3 onion service descriptor
- parsing. An attacker could exploit this bug by crafting an onion
- service descriptor that would crash any client that tried to visit
- it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
- tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
- Glazunov from Google's Project Zero.
+ o Minor bugfix (crypto):
+ - Disable the unused batch verification feature of ed25519-donna. Fixes
+ bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence.
- o Minor features (compatibility, backport from 0.4.6.4-rc):
- - Remove an assertion function related to TLS renegotiation. It was
- used nowhere outside the unit tests, and it was breaking
- compilation with recent alpha releases of OpenSSL 3.0.0. Closes
- ticket 40399.
+ o Minor bugfixes (relay, backport from 0.4.6.x):
+ - Reduce the compression level for data streaming from HIGH to LOW. Fixes
+ bug 40301; bugfix on 0.3.5.1-alpha.
- o Minor features (fallback directory list, backport from 0.4.6.2-alpha):
- - Regenerate the list of fallback directories to contain a new set
- of 200 relays. Closes ticket 40265.
+ o Minor bugfixes (timekeeping, backport from 0.4.6.x):
+ - Calculate the time of day correctly on systems where the time_t
+ type includes leap seconds. (This is not the case on most
+ operating systems, but on those where it occurs, our tor_timegm
+ function did not correctly invert the system's gmtime function,
+ which could result in assertion failures when calculating
+ voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database, as
- retrieved on 2021/06/10.
+ o Minor bugfixes (warnings, portability, backport from 0.4.6.x):
+ - Suppress a strict-prototype warning when building with some versions
+ of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha.
- o Minor bugfixes (channel, DoS, backport from 0.4.6.2-alpha):
- - Fix a non-fatal BUG() message due to a too-early free of a string,
- when listing a client connection from the DoS defenses subsystem.
- Fixes bug 40345; bugfix on 0.4.3.4-rc.
- o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc):
- - Fix an indentation problem that led to a warning from GCC 11.1.1.
- Fixes bug 40380; bugfix on 0.3.0.1-alpha.
+Changes in version 0.3.5.16 - 2021-08-16
+ This version fixes several bugs from earlier versions of Tor, including one
+ that could lead to a denial-of-service attack. Everyone running an earlier
+ version, whether as a client, a relay, or an onion service, should upgrade
+ to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
+ o Major bugfixes (cryptography, security):
+ - Resolve an assertion failure caused by a behavior mismatch between our
+ batch-signature verification code and our single-signature verification
+ code. This assertion failure could be triggered remotely, leading to a
+ denial of service attack. We fix this issue by disabling batch
+ verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
+ also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
+ Valence.
-Changes in version 0.3.5.15 - 2021-06-14
- Tor 0.3.5.15 fixes several security issues, including a
- denial-of-service attack against onion service clients, and another
- denial-of-service attack against relays. Everybody should upgrade to
- one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5.
+ o Minor feature (fallbackdir):
+ - Regenerate fallback directories list. Close ticket 40447.
- o Major bugfixes (security, backport from 0.4.6.5):
- - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
- half-closed streams. Previously, clients failed to validate which
- hop sent these cells: this would allow a relay on a circuit to end
- a stream that wasn't actually built with it. Fixes bug 40389;
- bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
- 003 and CVE-2021-34548.
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database,
+ as retrieved on 2021/08/12.
- o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5):
- - Detect more failure conditions from the OpenSSL RNG code.
- Previously, we would detect errors from a missing RNG
- implementation, but not failures from the RNG code itself.
- Fortunately, it appears those failures do not happen in practice
- when Tor is using OpenSSL's default RNG implementation. Fixes bug
- 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
- TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
+ o Minor bugfix (crypto):
+ - Disable the unused batch verification feature of ed25519-donna. Fixes
+ bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence.
- o Major bugfixes (security, denial of service, backport from 0.4.6.5):
- - Resist a hashtable-based CPU denial-of-service attack against
- relays. Previously we used a naive unkeyed hash function to look
- up circuits in a circuitmux object. An attacker could exploit this
- to construct circuits with chosen circuit IDs, to create
- collisions and make the hash table inefficient. Now we use a
- SipHash construction here instead. Fixes bug 40391; bugfix on
- 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
- CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
- - Fix an out-of-bounds memory access in v3 onion service descriptor
- parsing. An attacker could exploit this bug by crafting an onion
- service descriptor that would crash any client that tried to visit
- it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
- tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
- Glazunov from Google's Project Zero.
+ o Minor bugfixes (relay, backport from 0.4.6.x):
+ - Reduce the compression level for data streaming from HIGH to LOW. Fixes
+ bug 40301; bugfix on 0.3.5.1-alpha.
- o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc):
- - Fix an indentation problem that led to a warning from GCC 11.1.1.
- Fixes bug 40380; bugfix on 0.3.0.1-alpha.
- o Minor features (compatibility, backport from 0.4.6.4-rc):
- - Remove an assertion function related to TLS renegotiation. It was
- used nowhere outside the unit tests, and it was breaking
- compilation with recent alpha releases of OpenSSL 3.0.0. Closes
- ticket 40399.
+Changes in version 0.4.6.6 - 2021-06-30
+ Tor 0.4.6.6 makes several small fixes on 0.4.6.5, including one that
+ allows Tor to build correctly on older versions of GCC. You should
+ upgrade to this version if you were having trouble building Tor
+ 0.4.6.5; otherwise, there is probably no need.
- o Minor features (fallback directory list, backport from 0.4.6.2-alpha):
- - Regenerate the list of fallback directories to contain a new set
- of 200 relays. Closes ticket 40265.
+ o Minor bugfixes (compilation):
+ - Fix a compilation error when trying to build Tor with a compiler
+ that does not support const variables in static initializers.
+ Fixes bug 40410; bugfix on 0.4.6.5.
+ - Suppress a strict-prototype warning when building with some
+ versions of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha.
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database, as
- retrieved on 2021/06/10.
+ o Minor bugfixes (testing):
+ - Enable the deterministic RNG for unit tests that covers the
+ address set bloomfilter-based API's. Fixes bug 40419; bugfix
+ on 0.3.3.2-alpha.
Changes in version 0.4.6.5 - 2021-06-14
@@ -822,6 +634,194 @@ Changes in version 0.4.6.5 - 2021-06-14
for now.) Closes ticket 40282.
+Changes in version 0.4.5.9 - 2021-06-14
+ Tor 0.4.5.9 fixes several security issues, including a
+ denial-of-service attack against onion service clients, and another
+ denial-of-service attack against relays. Everybody should upgrade to
+ one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5.
+
+ o Major bugfixes (security, backport from 0.4.6.5):
+ - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
+ half-closed streams. Previously, clients failed to validate which
+ hop sent these cells: this would allow a relay on a circuit to end
+ a stream that wasn't actually built with it. Fixes bug 40389;
+ bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
+ 003 and CVE-2021-34548.
+
+ o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5):
+ - Detect more failure conditions from the OpenSSL RNG code.
+ Previously, we would detect errors from a missing RNG
+ implementation, but not failures from the RNG code itself.
+ Fortunately, it appears those failures do not happen in practice
+ when Tor is using OpenSSL's default RNG implementation. Fixes bug
+ 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
+ TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
+
+ o Major bugfixes (security, denial of service, backport from 0.4.6.5):
+ - Resist a hashtable-based CPU denial-of-service attack against
+ relays. Previously we used a naive unkeyed hash function to look
+ up circuits in a circuitmux object. An attacker could exploit this
+ to construct circuits with chosen circuit IDs, to create
+ collisions and make the hash table inefficient. Now we use a
+ SipHash construction here instead. Fixes bug 40391; bugfix on
+ 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
+ CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
+ - Fix an out-of-bounds memory access in v3 onion service descriptor
+ parsing. An attacker could exploit this bug by crafting an onion
+ service descriptor that would crash any client that tried to visit
+ it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
+ tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
+ Glazunov from Google's Project Zero.
+
+ o Minor features (compatibility, backport from 0.4.6.4-rc):
+ - Remove an assertion function related to TLS renegotiation. It was
+ used nowhere outside the unit tests, and it was breaking
+ compilation with recent alpha releases of OpenSSL 3.0.0. Closes
+ ticket 40399.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2021/06/10.
+
+ o Minor bugfixes (control, sandbox, backport from 0.4.6.4-rc):
+ - Allow the control command SAVECONF to succeed when the seccomp
+ sandbox is enabled, and make SAVECONF keep only one backup file to
+ simplify implementation. Previously SAVECONF allowed a large
+ number of backup files, which made it incompatible with the
+ sandbox. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by
+ Daniel Pinto.
+
+ o Minor bugfixes (metrics port, backport from 0.4.6.4-rc):
+ - Fix a bug that made tor try to re-bind() on an already open
+ MetricsPort every 60 seconds. Fixes bug 40370; bugfix
+ on 0.4.5.1-alpha.
+
+
+Changes in version 0.4.4.9 - 2021-06-14
+ Tor 0.4.4.9 fixes several security issues, including a
+ denial-of-service attack against onion service clients, and another
+ denial-of-service attack against relays. Everybody should upgrade to
+ one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5.
+
+ Note that the scheduled end-of-life date for the Tor 0.4.4.x series is
+ June 15. This is therefore the last release in its series. Everybody
+ still running 0.4.4.x should plan to upgrade to 0.4.5.x or later.
+
+ o Major bugfixes (security, backport from 0.4.6.5):
+ - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
+ half-closed streams. Previously, clients failed to validate which
+ hop sent these cells: this would allow a relay on a circuit to end
+ a stream that wasn't actually built with it. Fixes bug 40389;
+ bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
+ 003 and CVE-2021-34548.
+
+ o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5):
+ - Detect more failure conditions from the OpenSSL RNG code.
+ Previously, we would detect errors from a missing RNG
+ implementation, but not failures from the RNG code itself.
+ Fortunately, it appears those failures do not happen in practice
+ when Tor is using OpenSSL's default RNG implementation. Fixes bug
+ 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
+ TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
+
+ o Major bugfixes (security, denial of service, backport from 0.4.6.5):
+ - Resist a hashtable-based CPU denial-of-service attack against
+ relays. Previously we used a naive unkeyed hash function to look
+ up circuits in a circuitmux object. An attacker could exploit this
+ to construct circuits with chosen circuit IDs, to create
+ collisions and make the hash table inefficient. Now we use a
+ SipHash construction here instead. Fixes bug 40391; bugfix on
+ 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
+ CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
+ - Fix an out-of-bounds memory access in v3 onion service descriptor
+ parsing. An attacker could exploit this bug by crafting an onion
+ service descriptor that would crash any client that tried to visit
+ it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
+ tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
+ Glazunov from Google's Project Zero.
+
+ o Minor features (compatibility, backport from 0.4.6.4-rc):
+ - Remove an assertion function related to TLS renegotiation. It was
+ used nowhere outside the unit tests, and it was breaking
+ compilation with recent alpha releases of OpenSSL 3.0.0. Closes
+ ticket 40399.
+
+ o Minor features (fallback directory list, backport from 0.4.6.2-alpha):
+ - Regenerate the list of fallback directories to contain a new set
+ of 200 relays. Closes ticket 40265.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2021/06/10.
+
+ o Minor bugfixes (channel, DoS, backport from 0.4.6.2-alpha):
+ - Fix a non-fatal BUG() message due to a too-early free of a string,
+ when listing a client connection from the DoS defenses subsystem.
+ Fixes bug 40345; bugfix on 0.4.3.4-rc.
+
+ o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc):
+ - Fix an indentation problem that led to a warning from GCC 11.1.1.
+ Fixes bug 40380; bugfix on 0.3.0.1-alpha.
+
+
+Changes in version 0.3.5.15 - 2021-06-14
+ Tor 0.3.5.15 fixes several security issues, including a
+ denial-of-service attack against onion service clients, and another
+ denial-of-service attack against relays. Everybody should upgrade to
+ one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5.
+
+ o Major bugfixes (security, backport from 0.4.6.5):
+ - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
+ half-closed streams. Previously, clients failed to validate which
+ hop sent these cells: this would allow a relay on a circuit to end
+ a stream that wasn't actually built with it. Fixes bug 40389;
+ bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
+ 003 and CVE-2021-34548.
+
+ o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5):
+ - Detect more failure conditions from the OpenSSL RNG code.
+ Previously, we would detect errors from a missing RNG
+ implementation, but not failures from the RNG code itself.
+ Fortunately, it appears those failures do not happen in practice
+ when Tor is using OpenSSL's default RNG implementation. Fixes bug
+ 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
+ TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
+
+ o Major bugfixes (security, denial of service, backport from 0.4.6.5):
+ - Resist a hashtable-based CPU denial-of-service attack against
+ relays. Previously we used a naive unkeyed hash function to look
+ up circuits in a circuitmux object. An attacker could exploit this
+ to construct circuits with chosen circuit IDs, to create
+ collisions and make the hash table inefficient. Now we use a
+ SipHash construction here instead. Fixes bug 40391; bugfix on
+ 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
+ CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
+ - Fix an out-of-bounds memory access in v3 onion service descriptor
+ parsing. An attacker could exploit this bug by crafting an onion
+ service descriptor that would crash any client that tried to visit
+ it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
+ tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
+ Glazunov from Google's Project Zero.
+
+ o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc):
+ - Fix an indentation problem that led to a warning from GCC 11.1.1.
+ Fixes bug 40380; bugfix on 0.3.0.1-alpha.
+
+ o Minor features (compatibility, backport from 0.4.6.4-rc):
+ - Remove an assertion function related to TLS renegotiation. It was
+ used nowhere outside the unit tests, and it was breaking
+ compilation with recent alpha releases of OpenSSL 3.0.0. Closes
+ ticket 40399.
+
+ o Minor features (fallback directory list, backport from 0.4.6.2-alpha):
+ - Regenerate the list of fallback directories to contain a new set
+ of 200 relays. Closes ticket 40265.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2021/06/10.
+
+
Changes in version 0.4.5.8 - 2021-05-10
Tor 0.4.5.8 fixes several bugs in earlier version, backporting fixes
from the 0.4.6.x series.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits