sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

0.3.1.9 changelog.

This commit is contained in:
Nick Mathewson 2017-11-30 14:58:58 -05:00
parent 94ad23deb2
commit 727d3f1b5e
16 changed files with 94 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
ChangeLog
View File

@ -1,3 +1,97 @@
Changes in version 0.3.1.9 - 2017-12-01:
Tor 0.3.1.9 backports important security and stability fixes from the
0.3.2 development series. All Tor users should upgrade to this
release, or to another of the releases coming out today.
o Major bugfixes (security, backport from 0.3.2.6-alpha):
- Fix a denial of service bug where an attacker could use a
malformed directory object to cause a Tor instance to pause while
OpenSSL would try to read a passphrase from the terminal. (Tor
instances run without a terminal, which is the case for most Tor
packages, are not impacted.) Fixes bug 24246; bugfix on every
version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
Found by OSS-Fuzz as testcase 6360145429790720.
- Fix a denial of service issue where an attacker could crash a
directory authority using a malformed router descriptor. Fixes bug
24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
and CVE-2017-8820.
- When checking for replays in the INTRODUCE1 cell data for a
(legacy) onion service, correctly detect replays in the RSA-
encrypted part of the cell. We were previously checking for
replays on the entire cell, but those can be circumvented due to
the malleability of Tor's legacy hybrid encryption. This fix helps
prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
and CVE-2017-8819.
o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
- Fix a use-after-free error that could crash v2 Tor onion services
when they failed to open circuits while expiring introduction
points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
also tracked as TROVE-2017-013 and CVE-2017-8823.
o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
- When running as a relay, make sure that we never build a path
through ourselves, even in the case where we have somehow lost the
version of our descriptor appearing in the consensus. Fixes part
of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
as TROVE-2017-012 and CVE-2017-8822.
- When running as a relay, make sure that we never choose ourselves
as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
- Fix an issue causing DNS to fail on high-bandwidth exit nodes,
making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
identifying and finding a workaround to this bug and to Moritz,
Arthur Edelstein, and Roger for helping to track it down and
analyze it.
o Minor features (bridge):
- Bridges now include notice in their descriptors that they are
bridges, and notice of their distribution status, based on their
publication settings. Implements ticket 18329. For more fine-
grained control of how a bridge is distributed, upgrade to 0.3.2.x
or later.
o Minor features (directory authority, backport from 0.3.2.6-alpha):
- Add an IPv6 address for the "bastet" directory authority. Closes
ticket 24394.
o Minor features (geoip):
- Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
Country database.
o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
- Avoid unnecessary calls to directory_fetches_from_authorities() on
relays, to prevent spurious address resolutions and descriptor
rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
bugfix on in 0.2.8.1-alpha.
o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
- Fix unused variable warnings in donna's Curve25519 SSE2 code.
Fixes bug 22895; bugfix on 0.2.7.2-alpha.
o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
- When a circuit is marked for close, do not attempt to package any
cells for channels on that circuit. Previously, we would detect
this condition lower in the call stack, when we noticed that the
circuit had no attached channel, and log an annoying message.
Fixes bug 8185; bugfix on 0.2.5.4-alpha.
o Minor bugfixes (onion service, backport from 0.3.2.5-alpha):
- Rename the consensus parameter "hsdir-interval" to "hsdir_interval"
so it matches dir-spec.txt. Fixes bug 24262; bugfix
on 0.3.1.1-alpha.
o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
- Avoid a crash when transitioning from client mode to bridge mode.
Previously, we would launch the worker threads whenever our
"public server" mode changed, but not when our "server" mode
changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
Changes in version 0.3.1.8 - 2017-10-25
Tor 0.3.1.8 is the second stable release in the 0.3.1 series.
It includes several bugfixes, including a bugfix for a crash issue

4
changes/bastet_v6
View File

@ -1,4 +0,0 @@
o Minor features (directory authority):
- Add an IPv6 address for the "bastet" directory authority.
Closes ticket 24394.

6
changes/bug18329-minimal
View File

@ -1,6 +0,0 @@
o Minor features (bridge):
- Bridges now include notice in their descriptors that they are bridges,
and notice of their distribution status, based on their publication
settings. Implements ticket 18329. For more fine-grained control of
how a bridge is distributed, upgrade to 0.3.2.x or later.

9
changes/bug21394
View File

@ -1,9 +0,0 @@
o Major bugfixes (Exit nodes):
- Fix an issue causing high-bandwidth exit nodes to fail a majority
or all of their DNS requests, making them basically unsuitable for
regular usage in Tor circuits. The problem is related to
libevent's DNS handling, but we can work around it in Tor. Fixes
bugs 21394 and 18580; bugfix on 0.1.2.2-alpha which introduced
eventdns. Credit goes to Dhalgren for identifying and finding a
workaround to this bug and to gamambel, arthuredelstein and
arma in helping to track it down and analyze it.

6
changes/bug23470
View File

@ -1,6 +0,0 @@
o Minor bugfix (relay address resolution):
- Avoid unnecessary calls to directory_fetches_from_authorities()
on relays. This avoids spurious address resolutions and
descriptor rebuilds. This is a mitigation for 21789. The original
bug was introduced in commit 35bbf2e as part of prop210.
Fixes 23470 in 0.2.8.1-alpha.

6
changes/bug23693
View File

@ -1,6 +0,0 @@
o Minor bugfixes (relay, crash):
- Avoid a crash when transitioning from client mode to bridge mode.
Previously, we would launch the worker threads whenever our "public
server" mode changed, but not when our "server" mode changed.
Fixes bug 23693; bugfix on 0.2.6.3-alpha.

3
changes/bug24262
View File

@ -1,3 +0,0 @@
o Minor bugfixes (hidden service):
- Fix the consensus parameter "hsdir-interval" to "hsdir_interval" so it
matches the dir-spec.txt. Fixes bug 24262; bugfix on 0.3.1.1-alpha.

5
changes/bug24313
View File

@ -1,5 +0,0 @@
o Major bugfixes (security, hidden service v2):
- Fix a use-after-free error that could crash v2 Tor hidden services
when it failed to open circuits while expiring introductions
points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This
issue is also tracked as TROVE-2017-013 and CVE-2017-8823.

6
changes/bug8185_025
View File

@ -1,6 +0,0 @@
o Minor bugfixes (logging, relay shutdown, annoyance):
- When a circuit is marked for close, do not attempt to package any cells
for channels on that circuit. Previously, we would detect this
condition lower in the call stack, when we noticed that the circuit had
no attached channel, and log an annoying message. Fixes bug 8185;
bugfix on 0.2.5.4-alpha.

4
changes/geoip-2017-11-06
View File

@ -1,4 +0,0 @@
o Minor features (geoip):
- Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
Country database.

3
changes/ticket22895
View File

@ -1,3 +0,0 @@
o Minor bugfixes (compilation):
- Fix unused variable warnings in donna's Curve25519 SSE2 code.
Fixes bug 22895; bugfix on 0.2.7.2-alpha.

10
changes/trove-2017-009
View File

@ -1,10 +0,0 @@
o Major bugfixes (security):
- When checking for replays in the INTRODUCE1 cell data for a (legacy)
hiddden service, correctly detect replays in the RSA-encrypted part of
the cell. We were previously checking for replays on the entire cell,
but those can be circumvented due to the malleability of Tor's legacy
hybrid encryption. This fix helps prevent a traffic confirmation
attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also
tracked as TROVE-2017-009 and CVE-2017-8819.

6
changes/trove-2017-010
View File

@ -1,6 +0,0 @@
o Major bugfixes (security):
- Fix a denial-of-service issue where an attacker could crash
a directory authority using a malformed router descriptor.
Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked
as TROVE-2017-010 and CVE-2017-8820.

8
changes/trove-2017-011
View File

@ -1,8 +0,0 @@
o Major bugfixes (security):
- Fix a denial of service bug where an attacker could use a malformed
directory object to cause a Tor instance to pause while OpenSSL would
try to read a passphrase from the terminal. (If the terminal was not
available, tor would continue running.) Fixes bug 24246; bugfix on
every version of Tor. Also tracked as TROVE-2017-011 and
CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720.

6
changes/trove-2017-012-part1
View File

@ -1,6 +0,0 @@
o Major bugfixes (security, relay):
- When running as a relay, make sure that we never build a path through
ourselves, even in the case where we have somehow lost the version of
our descriptor appearing in the consensus. Fixes part of bug 21534;
bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012
and CVE-2017-8822.

5
changes/trove-2017-012-part2
View File

@ -1,5 +0,0 @@
o Major bugfixes (security, relay):
- When running as a relay, make sure that we never ever choose ourselves
as a guard. Previously, this was possible. Fixes part of bug 21534;
bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012
and CVE-2017-8822.