Start on an 0.3.0.8 changelog

2017-06-08 08:45:57 -04:00 · 2017-06-08 08:45:57 -04:00 · 17c61d98e4
parent 9390ec043b
commit 17c61d98e4
10 changed files with 69 additions and 56 deletions
--- a/69
+++ b/69
@ -1,3 +1,72 @@
+Changes in version 0.3.0.8 - 2017-06-08
+  Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to
+  remotely crash a hidden service with an assertion failure. Anyone
+  running a hidden service should upgrade to this version, or to some
+  other version with fixes for TROVE-2017-004 and TROVE-2017-005.
+
+  Tor 0.3.0.8 also includes fixes for several key management bugs
+  that sometimes made relays unreliable, as well as several other
+  bugfixes described below.
+
+  o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
+    - When performing the v3 link handshake on a TLS connection, report
+      that we have the x509 certificate that we actually used on that
+      connection, even if we have changed certificates since that
+      connection was first opened. Previously, we would claim to have
+      used our most recent x509 link certificate, which would sometimes
+      make the link handshake fail. Fixes one case of bug 22460; bugfix
+      on 0.2.3.6-alpha.
+
+  o Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
+    - Regenerate link and authentication certificates whenever the key
+      that signs them changes; also, regenerate link certificates
+      whenever the signed key changes. Previously, these processes were
+      only weakly coupled, and we relays could (for minutes to hours)
+      wind up with an inconsistent set of keys and certificates, which
+      other relays would not accept. Fixes two cases of bug 22460;
+      bugfix on 0.3.0.1-alpha.
+    - When sending an Ed25519 signing->link certificate in a CERTS cell,
+      send the certificate that matches the x509 certificate that we
+      used on the TLS connection. Previously, there was a race condition
+      if the TLS context rotated after we began the TLS handshake but
+      before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
+      on 0.3.0.1-alpha.
+
+  o Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
+    - Stop rejecting v3 hidden service descriptors because their size
+      did not match an old padding rule. Fixes bug 22447; bugfix on
+      tor-0.3.0.1-alpha.
+
+  o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
+    - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
+      December 2016 (of which ~126 were still functional) with a list of
+      151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
+      2017. Resolves ticket 21564.
+
+  o Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
+    - Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes
+      bug 22252; bugfix on 0.2.9.3-alpha.
+
+  o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
+    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+  o Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
+    - Lower the lifetime of the RSA->Ed25519 cross-certificate to six
+      months, and regenerate it when it is within one month of expiring.
+      Previously, we had generated this certificate at startup with a
+      ten-year lifetime, but that could lead to weird behavior when Tor
+      was started with a grossly inaccurate clock. Mitigates bug 22466;
+      mitigation on 0.3.0.1-alpha.
+
+  o Minor bugfixes (memory leak, directory authority, backport from
+    0.3.1.2-alpha):
+    - When directory authorities reject a router descriptor due to
+      keypinning, free the router descriptor rather than leaking the
+      memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
+
+
+
 Changes in version 0.3.0.7 - 2017-05-15
  Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions
  of Tor 0.3.0.x, where an attacker could cause a Tor relay process to
--- a/changes/bug20509
+++ b/changes/bug20509
@ -1,5 +0,0 @@
-  o Minor features:
-    - Directory authorities now reject relays running versions
-      0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
-      suffer from bug 20499 and don't keep their consensus cache
-      up-to-date. Resolves ticket 20509.
--- a/changes/bug22252
+++ b/changes/bug22252
@ -1,3 +0,0 @@
-  o Minor bugfixes (configuration):
-    - Do not crash when starting with LearnCircuitBuildTimeout 0.
-      Fixes bug 22252; bugfix on 0.2.9.3-alpha.
--- a/changes/bug22370
+++ b/changes/bug22370
@ -1,4 +0,0 @@
-  o Minor bugfixes (memory handling):
-    - When directory authorities reject a router descriptor due to keypinning,
-      free the router descriptor rather than leaking the memory.
-      Fixes bug 22370; bugfix on 0.2.7.2-alpha.
--- a/changes/bug22447
+++ b/changes/bug22447
@ -1,3 +0,0 @@
-  o Major bugfixes (hidden service v3):
-    - HSDir failed to validate the encrypted size of a v3 descriptor and thus
-      rejecting it. Fixes bug 22447; bugfix on tor-0.3.0.1-alpha.
--- a/changes/bug22460_case1
+++ b/changes/bug22460_case1
@ -1,16 +0,0 @@
-  o Major bugfixes (relays, key management):
-    - Regenerate link and authentication certificates whenever the key that
-      signs them changes; also, regenerate link certificates whenever the
-      signed key changes. Previously, these processes were only weakly
-      coupled, and we relays could (for minutes to hours) wind up with an
-      inconsistent set of keys and certificates, which other relays
-      would not accept. Fixes two cases of bug 22460; bugfix on
-      0.3.0.1-alpha.
-    - When sending an Ed25519 signing->link certificate in a CERTS cell,
-      send the certificate that matches the x509 certificate that we used
-      on the TLS connection. Previously, there was a race condition if
-      the TLS context rotated after we began the TLS handshake but
-      before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
-      on 0.3.0.1-alpha.
-
-
--- a/changes/bug22460_case2
+++ b/changes/bug22460_case2
@ -1,8 +0,0 @@
-  o Major bugfixes (relay, link handshake):
-
-    - When performing the v3 link handshake on a TLS connection, report that
-      we have the x509 certificate that we actually used on that connection,
-      even if we have changed certificates since that connection was first
-      opened. Previously, we would claim to have used our most recent x509
-      link certificate, which would sometimes make the link handshake fail.
-      Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha.
--- a/changes/bug22466_regenerate
+++ b/changes/bug22466_regenerate
@ -1,8 +0,0 @@
-  o Minor bugfixes (link handshake):
-    - Lower the lifetime of the RSA->Ed25519 cross-certificate to
-      six months, and regenerate it when it is within one month of expiring.
-      Previously, we had generated this certificate at startup with
-      a ten-year lifetime, but that could lead to weird behavior when
-      Tor was started with a grossly inaccurate clock. Mitigates
-      bug 22466; mitigation on 0.3.0.1-alpha.
-
--- a/changes/bug22490
+++ b/changes/bug22490
@ -1,3 +0,0 @@
-  o Minor bugfixes (correctness):
-    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
-      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
--- a/changes/ticket21564
+++ b/changes/ticket21564
@ -1,6 +0,0 @@
-  o Minor features (fallback directory list):
-    - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
-      December 2016 (of which ~126 were still functional), with a list of
-      151 fallbacks (32 new, 119 existing, 58 removed) generated in
-      May 2017.
-      Resolves ticket 21564.