Draft changelog for 0.3.2.10
This commit is contained in:
parent
bc8b5fb559
commit
499bdd81a7
60
ChangeLog
60
ChangeLog
|
@ -3,7 +3,37 @@ Changes in version 0.3.2.10 - 2018-03-??
|
||||||
backports a number of bugfixes, including important fixes for security
|
backports a number of bugfixes, including important fixes for security
|
||||||
issues.
|
issues.
|
||||||
|
|
||||||
BLURB HERE.
|
It includes an important security fix for a remote crash attack
|
||||||
|
against directory authorities, tracked as TROVE-2018-001.
|
||||||
|
|
||||||
|
Additionally, it backports a fix for a bug whose severity we have
|
||||||
|
upgraded: Bug 24700, which was fixed in 0.3.3.2-alpha, can be remotely
|
||||||
|
triggered in order to crash relays with a use-after-free pattern. As
|
||||||
|
such, we are now tracking that bug as TROVE-2018-002 and
|
||||||
|
CVE-2018-0491, and backporting it to earlier releases. This bug
|
||||||
|
affected versions 0.3.2.1-alpha through 0.3.2.9, as well as version
|
||||||
|
0.3.3.1-alpha.
|
||||||
|
|
||||||
|
This release also backports our new system for improved resistance to
|
||||||
|
denial-of-service attacks against relays.
|
||||||
|
|
||||||
|
This release also fixes several minor bugs and annoyances from
|
||||||
|
earlier releases.
|
||||||
|
|
||||||
|
All directory authorities should upgrade to one of the versions
|
||||||
|
released today. All relays not already running Tor 0.3.3.2-alpha or
|
||||||
|
later should upgrade to this release.
|
||||||
|
|
||||||
|
o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
|
||||||
|
- Fix a protocol-list handling bug that could be used to remotely crash
|
||||||
|
directory authorities with a null-pointer exception. Fixes bug 25074;
|
||||||
|
bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
|
||||||
|
CVE-2018-0490.
|
||||||
|
|
||||||
|
o Major bugfixes (scheduler, KIST, denial-of-service, backport from 0.3.3.2-alpha):
|
||||||
|
- Avoid adding the same channel twice in the KIST scheduler pending
|
||||||
|
list, which could lead to remote denial-of-service use-after-free
|
||||||
|
attacks against relays. Fixes bug 24700; bugfix on 0.3.2.1-alpha.
|
||||||
|
|
||||||
o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
|
o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
|
||||||
- Give relays some defenses against the recent network overload. We
|
- Give relays some defenses against the recent network overload. We
|
||||||
|
@ -75,6 +105,14 @@ Changes in version 0.3.2.10 - 2018-03-??
|
||||||
making decisions about how to handle the incoming connection.
|
making decisions about how to handle the incoming connection.
|
||||||
Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
|
Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
|
||||||
|
|
||||||
|
o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
|
||||||
|
- Fix a possible crash on malformed consensus. If a consensus had
|
||||||
|
contained an unparseable protocol line, it could have made clients
|
||||||
|
and relays crash with a null-pointer exception. To exploit this
|
||||||
|
issue, however, an attacker would need to be able to subvert the
|
||||||
|
directory authority system. Fixes bug 25251; bugfix on
|
||||||
|
0.2.9.4-alpha. Also tracked as TROVE-2018-004.
|
||||||
|
|
||||||
o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
|
o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
|
||||||
- Directory authorities, when refusing a descriptor from a rejected
|
- Directory authorities, when refusing a descriptor from a rejected
|
||||||
relay, now explicitly tell the relay (in its logs) to set a valid
|
relay, now explicitly tell the relay (in its logs) to set a valid
|
||||||
|
@ -86,17 +124,6 @@ Changes in version 0.3.2.10 - 2018-03-??
|
||||||
around the issue at https://github.com/rust-lang/rust/issues/46797.
|
around the issue at https://github.com/rust-lang/rust/issues/46797.
|
||||||
Fixes bug 24652; bugfix on 0.3.1.1-alpha.
|
Fixes bug 24652; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
|
||||||
[[[[ OMIT
|
|
||||||
o Minor bugfixes (DoS mitigation):
|
|
||||||
- Add extra safety checks when refilling the circuit creation bucket to
|
|
||||||
ensure we never set a value that is above the allowed burst. Fixes
|
|
||||||
bug 25202; bugfix on 0.3.3.2-alpha.
|
|
||||||
- Make sure we don't modify consensus parameters if we aren't a public
|
|
||||||
relay when a new consensus arrives. Fixes bug 25223; bugfix on
|
|
||||||
0.3.3.2-alpha.
|
|
||||||
OMIT]]]]
|
|
||||||
|
|
||||||
o Minor bugfixes (onion services, backport from 0.3.3.2-alpha):
|
o Minor bugfixes (onion services, backport from 0.3.3.2-alpha):
|
||||||
- Remove a BUG() statement when a client fetches an onion descriptor
|
- Remove a BUG() statement when a client fetches an onion descriptor
|
||||||
that has a lower revision counter than the one in its cache. This
|
that has a lower revision counter than the one in its cache. This
|
||||||
|
@ -118,10 +145,11 @@ Changes in version 0.3.2.10 - 2018-03-??
|
||||||
limit (which can happen sometimes on some versions of OSX). Fixes
|
limit (which can happen sometimes on some versions of OSX). Fixes
|
||||||
bug 21074; bugfix on 0.0.9pre5.
|
bug 21074; bugfix on 0.0.9pre5.
|
||||||
|
|
||||||
o Minor bugfixes (scheduler, KIST, backport from 0.3.3.2-alpha):
|
o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
|
||||||
- Avoid adding the same channel twice in the KIST scheduler pending
|
- Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
|
||||||
list, which would waste CPU cycles. Fixes bug 24700; bugfix
|
0.2.9.4-alpha.
|
||||||
on 0.3.2.1-alpha.
|
- Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
|
||||||
|
bugfix on 0.2.9.4-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (testing, backport from 0.3.3.1-alpha):
|
o Minor bugfixes (testing, backport from 0.3.3.1-alpha):
|
||||||
- Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
|
- Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (spec conformance):
|
|
||||||
- Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
|
|
||||||
0.2.9.4-alpha.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (spec conformance):
|
|
||||||
- Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
|
|
||||||
bugfix on 0.2.9.4-alpha.
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Major bugfixes (denial-of-service, directory authority):
|
|
||||||
- Fix a protocol-list handling bug that could be used to remotely crash
|
|
||||||
directory authorities with a null-pointer exception. Fixes bug 25074;
|
|
||||||
bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001.
|
|
||||||
|
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
o Minor bugfixes (denial-of-service):
|
|
||||||
- Fix a possible crash on malformed consensus. If a consensus had
|
|
||||||
contained an unparseable protocol line, it could have made clients
|
|
||||||
and relays crash with a null-pointer exception. To exploit this
|
|
||||||
issue, however, an attacker would need to be able to subvert the
|
|
||||||
directory-authority system. Fixes bug 25251; bugfix on
|
|
||||||
0.2.9.4-alpha. Also tracked as TROVE-2018-004.
|
|
||||||
|
|
Loading…
Reference in New Issue