[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] 0.3.1.4-alpha is released (with guard-related security fix)

To: "tor-talk@xxxxxxxxxxxxxxxxxxxx" <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-talk] 0.3.1.4-alpha is released (with guard-related security fix)
From: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Thu, 29 Jun 2017 18:55:34 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 29 Jun 2017 19:04:53 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=TwxQNJEk1aR6LU7bH+eJlwKsOrYhPpGrTTeJ+42m1cg=; b=HhMojJl7STtNVuuemy902OSfbREO0C1vpQeZl1Wt3vM5NaPfCo6Qh/ObExvt2EDpL0 H43xtMh35DpcanJmgDQCm6+JXQowSvP/m/LpnmTFxKUTG4QatmsiTq0gBQXg+UAtJH8x QlLpKLZvxD5de3brXb5K9GsNCODtBE7LjfunOpng67yGtKnIZOlZgFXF0HAokDL2zwbl +RSvtoZ9Zj7seclc1S7yfupR5NVAfDxw5wYvzrdAdm0cNjgwcJ13QyuIsM/cCZJFrKso KizzKCpYND8VUpVcnyDwTEtZlgP72UPAwUx6KCjQKCos6g8/dXwpyObmnI02UelvJvFi COxQ==
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Hi, all!

The latest alpha, 0.3.1.3-alpha, is now released. The source is
available on the website, and packages should be available before
long. The Tor Browser team expects to get a release out early next
week.  This release has a security fix for clients, so if you are
running any 0.3.0.x or 0.3.1.x version released before today, you
should upgrade when you can.

This is an alpha release: if you aren't up for finding and reporting
bugs, you should stick with a stable release series.

As usual, I'll be sending alpha announcements here, and stable
announcements to tor-announce.

Please test these alpha releases if you *can* report bugs: we want to
have all the bugs squashed before 0.3.1.x is finally declared stable.


Changes in version 0.3.1.4-alpha - 2017-06-29
  Tor 0.3.1.4-alpha fixes a path selection bug that would allow a client
  to use a guard that was in the same network family as a chosen exit
  relay. This is a security regression; all clients running earlier
  versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9
  or 0.3.1.4-alpha.

  This release also fixes several other bugs introduced in 0.3.0.x
  and 0.3.1.x, including others that can affect bandwidth usage
  and correctness.

  o New dependencies:
    - To build with zstd and lzma support, Tor now requires the
      pkg-config tool at build time. (This requirement was new in
      0.3.1.1-alpha, but was not noted at the time. Noting it here to
      close ticket 22623.)

  o Major bugfixes (path selection, security):
    - When choosing which guard to use for a circuit, avoid the exit's
      family along with the exit itself. Previously, the new guard
      selection logic avoided the exit, but did not consider its family.
      Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2016-
      006 and CVE-2017-0377.

  o Major bugfixes (compression, zstd):
    - Correctly detect a full buffer when decompressing a large zstd-
      compressed input. Previously, we would sometimes treat a full
      buffer as an error. Fixes bug 22628; bugfix on 0.3.1.1-alpha.

  o Major bugfixes (directory protocol):
    - Ensure that we send "304 Not modified" as HTTP status code when a
      client is attempting to fetch a consensus or consensus diff, and
      the best one we can send them is one they already have. Fixes bug
      22702; bugfix on 0.3.1.1-alpha.

  o Major bugfixes (entry guards):
    - When starting with an old consensus, do not add new entry guards
      unless the consensus is "reasonably live" (under 1 day old). Fixes
      one root cause of bug 22400; bugfix on 0.3.0.1-alpha.

  o Minor features (bug mitigation, diagnostics, logging):
    - Avoid an assertion failure, and log a better error message, when
      unable to remove a file from the consensus cache on Windows.
      Attempts to mitigate and diagnose bug 22752.

  o Minor features (geoip):
    - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (compression):
    - When compressing or decompressing a buffer, check for a failure to
      create a compression object. Fixes bug 22626; bugfix
      on 0.3.1.1-alpha.
    - When decompressing a buffer, check for extra data after the end of
      the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha.
    - When decompressing an object received over an anonymous directory
      connection, if we have already decompressed it using an acceptable
      compression method, do not reject it for looking like an
      unacceptable compression method. Fixes part of bug 22670; bugfix
      on 0.3.1.1-alpha.
    - When serving directory votes compressed with zlib, do not claim to
      have compressed them with zstd. Fixes bug 22669; bugfix
      on 0.3.1.1-alpha.
    - When spooling compressed data to an output buffer, don't try to
      spool more data when there is no more data to spool and we are not
      trying to flush the input. Previously, we would sometimes launch
      compression requests with nothing to do, which interferes with our
      22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha.

  o Minor bugfixes (defensive programming):
    - Detect and break out of infinite loops in our compression code. We
      don't think that any such loops exist now, but it's best to be
      safe. Closes ticket 22672.
    - Fix a memset() off the end of an array when packing cells. This
      bug should be harmless in practice, since the corrupted bytes are
      still in the same structure, and are always padding bytes,
      ignored, or immediately overwritten, depending on compiler
      behavior. Nevertheless, because the memset()'s purpose is to make
      sure that any other cell-handling bugs can't expose bytes to the
      network, we need to fix it. Fixes bug 22737; bugfix on
      0.2.4.11-alpha. Fixes CID 1401591.

  o Minor bugfixes (linux seccomp2 sandbox):
    - Permit the fchmod system call, to avoid crashing on startup when
      starting with the seccomp2 sandbox and an unexpected set of
      permissions on the data directory or its contents. Fixes bug
      22516; bugfix on 0.2.5.4-alpha.
    - Fix a crash in the LZMA module, when the sandbox was enabled, and
      liblzma would allocate more than 16 MB of memory. We solve this by
      bumping the mprotect() limit in the sandbox module from 16 MB to
      20 MB. Fixes bug 22751; bugfix on 0.3.1.1-alpha.

  o Minor bugfixes (logging):
    - When decompressing, do not warn if we fail to decompress using a
      compression method that we merely guessed. Fixes part of bug
      22670; bugfix on 0.1.1.14-alpha.
    - When decompressing, treat mismatch between content-encoding and
      actual compression type as a protocol warning. Fixes part of bug
      22670; bugfix on 0.1.1.9-alpha.
    - Downgrade "assigned_to_cpuworker failed" message to info-level
      severity. In every case that can reach it, either a better warning
      has already been logged, or no warning is warranted. Fixes bug
      22356; bugfix on 0.2.6.3-alpha.
    - Demote a warn that was caused by libevent delays to info if
      netflow padding is less than 4.5 seconds late, or to notice
      if it is more (4.5 seconds is the amount of time that a netflow
      record might be emitted after, if we chose the maximum timeout).
      Fixes bug 22212; bugfix on 0.3.1.1-alpha.

  o Minor bugfixes (process behavior):
    - When exiting because of an error, always exit with a nonzero exit
      status. Previously, we would fail to report an error in our exit
      status in cases related to __OwningControllerProcess failure,
      lockfile contention, and Ed25519 key initialization. Fixes bug
      22720; bugfix on versions 0.2.1.6-alpha, 0.2.2.28-beta, and
      0.2.7.2-alpha respectively. Reported by "f55jwk4f"; patch
      from "huyvq".

  o Documentation:
    - Add a manpage description for the key-pinning-journal file. Closes
      ticket 22347.
    - Correctly note that bandwidth accounting values are stored in the
      state file, and the bw_accounting file is now obsolete. Closes
      ticket 16082.
    - Document more of the files in the Tor data directory, including
      cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats,
      approved-routers, sr-random, and diff-cache. Found while fixing
      ticket 22347.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] 0.3.1.4-alpha is released (with guard-related security fix)
  - From: Nick Mathewson
- Re: [tor-talk] 0.3.1.4-alpha is released (with guard-related security fix)
  - From: nusenu

Prev by Author: Re: [tor-talk] 0.3.1.4-alpha is released (with guard-related security fix)
Next by Author: Re: [tor-talk] Upcoming Tor releases tomorrow, to fix Hidden Service remote DoS bugs
Previous by thread: [tor-talk] tor related talks @ SHA2017
Next by thread: Re: [tor-talk] 0.3.1.4-alpha is released (with guard-related security fix)
Index(es):
- Author
- Thread