copy changelog and releasenotes forward from 0.2.9, 0.3.0
This commit is contained in:
parent
d2839eeac9
commit
a77a479fa5
150
ChangeLog
150
ChangeLog
|
@ -87,6 +87,156 @@ Changes in version 0.3.1.3-alpha - 2017-06-08
|
||||||
- Clarify the manpage for the (deprecated) torify script. Closes
|
- Clarify the manpage for the (deprecated) torify script. Closes
|
||||||
ticket 6892.
|
ticket 6892.
|
||||||
|
|
||||||
|
Changes in version 0.3.0.8 - 2017-06-08
|
||||||
|
Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to
|
||||||
|
remotely crash a hidden service with an assertion failure. Anyone
|
||||||
|
running a hidden service should upgrade to this version, or to some
|
||||||
|
other version with fixes for TROVE-2017-004 and TROVE-2017-005.
|
||||||
|
|
||||||
|
Tor 0.3.0.8 also includes fixes for several key management bugs
|
||||||
|
that sometimes made relays unreliable, as well as several other
|
||||||
|
bugfixes described below.
|
||||||
|
|
||||||
|
o Major bugfixes (hidden service, relay, security, backport
|
||||||
|
from 0.3.1.3-alpha):
|
||||||
|
- Fix a remotely triggerable assertion failure when a hidden service
|
||||||
|
handles a malformed BEGIN cell. Fixes bug 22493, tracked as
|
||||||
|
TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
|
||||||
|
- Fix a remotely triggerable assertion failure caused by receiving a
|
||||||
|
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
|
||||||
|
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
|
||||||
|
on 0.2.2.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
|
||||||
|
- When performing the v3 link handshake on a TLS connection, report
|
||||||
|
that we have the x509 certificate that we actually used on that
|
||||||
|
connection, even if we have changed certificates since that
|
||||||
|
connection was first opened. Previously, we would claim to have
|
||||||
|
used our most recent x509 link certificate, which would sometimes
|
||||||
|
make the link handshake fail. Fixes one case of bug 22460; bugfix
|
||||||
|
on 0.2.3.6-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
|
||||||
|
- Regenerate link and authentication certificates whenever the key
|
||||||
|
that signs them changes; also, regenerate link certificates
|
||||||
|
whenever the signed key changes. Previously, these processes were
|
||||||
|
only weakly coupled, and we relays could (for minutes to hours)
|
||||||
|
wind up with an inconsistent set of keys and certificates, which
|
||||||
|
other relays would not accept. Fixes two cases of bug 22460;
|
||||||
|
bugfix on 0.3.0.1-alpha.
|
||||||
|
- When sending an Ed25519 signing->link certificate in a CERTS cell,
|
||||||
|
send the certificate that matches the x509 certificate that we
|
||||||
|
used on the TLS connection. Previously, there was a race condition
|
||||||
|
if the TLS context rotated after we began the TLS handshake but
|
||||||
|
before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
|
||||||
|
on 0.3.0.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
|
||||||
|
- Stop rejecting v3 hidden service descriptors because their size
|
||||||
|
did not match an old padding rule. Fixes bug 22447; bugfix on
|
||||||
|
tor-0.3.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
|
||||||
|
- Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
|
||||||
|
December 2016 (of which ~126 were still functional) with a list of
|
||||||
|
151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
|
||||||
|
2017. Resolves ticket 21564.
|
||||||
|
|
||||||
|
o Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
|
||||||
|
- Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes
|
||||||
|
bug 22252; bugfix on 0.2.9.3-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
|
||||||
|
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||||
|
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
|
||||||
|
- Lower the lifetime of the RSA->Ed25519 cross-certificate to six
|
||||||
|
months, and regenerate it when it is within one month of expiring.
|
||||||
|
Previously, we had generated this certificate at startup with a
|
||||||
|
ten-year lifetime, but that could lead to weird behavior when Tor
|
||||||
|
was started with a grossly inaccurate clock. Mitigates bug 22466;
|
||||||
|
mitigation on 0.3.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (memory leak, directory authority, backport from
|
||||||
|
0.3.1.2-alpha):
|
||||||
|
- When directory authorities reject a router descriptor due to
|
||||||
|
keypinning, free the router descriptor rather than leaking the
|
||||||
|
memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.2.9.11 - 2017-06-08
|
||||||
|
Tor 0.2.9.11 fixes a pair of bugs that would allow an attacker to
|
||||||
|
remotely crash a hidden service with an assertion failure. Anyone
|
||||||
|
running a hidden service should upgrade to this version, or to some
|
||||||
|
other version with fixes for TROVE-2017-004 and TROVE-2017-005.
|
||||||
|
|
||||||
|
Tor 0.2.9.11 also backports fixes for several key management bugs
|
||||||
|
that sometimes made relays unreliable, as well as several other
|
||||||
|
bugfixes described below.
|
||||||
|
|
||||||
|
o Major bugfixes (hidden service, relay, security, backport
|
||||||
|
from 0.3.1.3-alpha):
|
||||||
|
- Fix a remotely triggerable assertion failure caused by receiving a
|
||||||
|
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
|
||||||
|
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
|
||||||
|
on 0.2.2.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
|
||||||
|
- When performing the v3 link handshake on a TLS connection, report
|
||||||
|
that we have the x509 certificate that we actually used on that
|
||||||
|
connection, even if we have changed certificates since that
|
||||||
|
connection was first opened. Previously, we would claim to have
|
||||||
|
used our most recent x509 link certificate, which would sometimes
|
||||||
|
make the link handshake fail. Fixes one case of bug 22460; bugfix
|
||||||
|
on 0.2.3.6-alpha.
|
||||||
|
|
||||||
|
o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
|
||||||
|
- Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
|
||||||
|
December 2016 (of which ~126 were still functional) with a list of
|
||||||
|
151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
|
||||||
|
2017. Resolves ticket 21564.
|
||||||
|
|
||||||
|
o Minor features (future-proofing, backport from 0.3.0.7):
|
||||||
|
- Tor no longer refuses to download microdescriptors or descriptors if
|
||||||
|
they are listed as "published in the future". This change will
|
||||||
|
eventually allow us to stop listing meaningful "published" dates
|
||||||
|
in microdescriptor consensuses, and thereby allow us to reduce the
|
||||||
|
resources required to download consensus diffs by over 50%.
|
||||||
|
Implements part of ticket 21642; implements part of proposal 275.
|
||||||
|
|
||||||
|
o Minor features (directory authorities, backport from 0.3.0.4-rc)
|
||||||
|
- Directory authorities now reject relays running versions
|
||||||
|
0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
|
||||||
|
suffer from bug 20499 and don't keep their consensus cache
|
||||||
|
up-to-date. Resolves ticket 20509.
|
||||||
|
|
||||||
|
o Minor features (geoip):
|
||||||
|
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor bugfixes (control port, backport from 0.3.0.6):
|
||||||
|
- The GETINFO extra-info/digest/<digest> command was broken because
|
||||||
|
of a wrong base16 decode return value check, introduced when
|
||||||
|
refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
|
||||||
|
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||||
|
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.0.7):
|
||||||
|
- The getpid() system call is now permitted under the Linux seccomp2
|
||||||
|
sandbox, to avoid crashing with versions of OpenSSL (and other
|
||||||
|
libraries) that attempt to learn the process's PID by using the
|
||||||
|
syscall rather than the VDSO code. Fixes bug 21943; bugfix
|
||||||
|
on 0.2.5.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (memory leak, directory authority, backport
|
||||||
|
from 0.3.1.2-alpha):
|
||||||
|
- When directory authorities reject a router descriptor due to
|
||||||
|
keypinning, free the router descriptor rather than leaking the
|
||||||
|
memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.3.1.2-alpha - 2017-05-26
|
Changes in version 0.3.1.2-alpha - 2017-05-26
|
||||||
Tor 0.3.1.2-alpha is the second release in the 0.3.1.x series. It
|
Tor 0.3.1.2-alpha is the second release in the 0.3.1.x series. It
|
||||||
|
|
150
ReleaseNotes
150
ReleaseNotes
|
@ -2,6 +2,156 @@ This document summarizes new features and bugfixes in each stable release
|
||||||
of Tor. If you want to see more detailed descriptions of the changes in
|
of Tor. If you want to see more detailed descriptions of the changes in
|
||||||
each development snapshot, see the ChangeLog file.
|
each development snapshot, see the ChangeLog file.
|
||||||
|
|
||||||
|
Changes in version 0.3.0.8 - 2017-06-08
|
||||||
|
Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to
|
||||||
|
remotely crash a hidden service with an assertion failure. Anyone
|
||||||
|
running a hidden service should upgrade to this version, or to some
|
||||||
|
other version with fixes for TROVE-2017-004 and TROVE-2017-005.
|
||||||
|
|
||||||
|
Tor 0.3.0.8 also includes fixes for several key management bugs
|
||||||
|
that sometimes made relays unreliable, as well as several other
|
||||||
|
bugfixes described below.
|
||||||
|
|
||||||
|
o Major bugfixes (hidden service, relay, security, backport
|
||||||
|
from 0.3.1.3-alpha):
|
||||||
|
- Fix a remotely triggerable assertion failure when a hidden service
|
||||||
|
handles a malformed BEGIN cell. Fixes bug 22493, tracked as
|
||||||
|
TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
|
||||||
|
- Fix a remotely triggerable assertion failure caused by receiving a
|
||||||
|
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
|
||||||
|
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
|
||||||
|
on 0.2.2.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
|
||||||
|
- When performing the v3 link handshake on a TLS connection, report
|
||||||
|
that we have the x509 certificate that we actually used on that
|
||||||
|
connection, even if we have changed certificates since that
|
||||||
|
connection was first opened. Previously, we would claim to have
|
||||||
|
used our most recent x509 link certificate, which would sometimes
|
||||||
|
make the link handshake fail. Fixes one case of bug 22460; bugfix
|
||||||
|
on 0.2.3.6-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
|
||||||
|
- Regenerate link and authentication certificates whenever the key
|
||||||
|
that signs them changes; also, regenerate link certificates
|
||||||
|
whenever the signed key changes. Previously, these processes were
|
||||||
|
only weakly coupled, and we relays could (for minutes to hours)
|
||||||
|
wind up with an inconsistent set of keys and certificates, which
|
||||||
|
other relays would not accept. Fixes two cases of bug 22460;
|
||||||
|
bugfix on 0.3.0.1-alpha.
|
||||||
|
- When sending an Ed25519 signing->link certificate in a CERTS cell,
|
||||||
|
send the certificate that matches the x509 certificate that we
|
||||||
|
used on the TLS connection. Previously, there was a race condition
|
||||||
|
if the TLS context rotated after we began the TLS handshake but
|
||||||
|
before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
|
||||||
|
on 0.3.0.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
|
||||||
|
- Stop rejecting v3 hidden service descriptors because their size
|
||||||
|
did not match an old padding rule. Fixes bug 22447; bugfix on
|
||||||
|
tor-0.3.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
|
||||||
|
- Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
|
||||||
|
December 2016 (of which ~126 were still functional) with a list of
|
||||||
|
151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
|
||||||
|
2017. Resolves ticket 21564.
|
||||||
|
|
||||||
|
o Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
|
||||||
|
- Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes
|
||||||
|
bug 22252; bugfix on 0.2.9.3-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
|
||||||
|
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||||
|
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
|
||||||
|
- Lower the lifetime of the RSA->Ed25519 cross-certificate to six
|
||||||
|
months, and regenerate it when it is within one month of expiring.
|
||||||
|
Previously, we had generated this certificate at startup with a
|
||||||
|
ten-year lifetime, but that could lead to weird behavior when Tor
|
||||||
|
was started with a grossly inaccurate clock. Mitigates bug 22466;
|
||||||
|
mitigation on 0.3.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (memory leak, directory authority, backport from
|
||||||
|
0.3.1.2-alpha):
|
||||||
|
- When directory authorities reject a router descriptor due to
|
||||||
|
keypinning, free the router descriptor rather than leaking the
|
||||||
|
memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.2.9.11 - 2017-06-08
|
||||||
|
Tor 0.2.9.11 fixes a pair of bugs that would allow an attacker to
|
||||||
|
remotely crash a hidden service with an assertion failure. Anyone
|
||||||
|
running a hidden service should upgrade to this version, or to some
|
||||||
|
other version with fixes for TROVE-2017-004 and TROVE-2017-005.
|
||||||
|
|
||||||
|
Tor 0.2.9.11 also backports fixes for several key management bugs
|
||||||
|
that sometimes made relays unreliable, as well as several other
|
||||||
|
bugfixes described below.
|
||||||
|
|
||||||
|
o Major bugfixes (hidden service, relay, security, backport
|
||||||
|
from 0.3.1.3-alpha):
|
||||||
|
- Fix a remotely triggerable assertion failure caused by receiving a
|
||||||
|
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
|
||||||
|
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
|
||||||
|
on 0.2.2.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
|
||||||
|
- When performing the v3 link handshake on a TLS connection, report
|
||||||
|
that we have the x509 certificate that we actually used on that
|
||||||
|
connection, even if we have changed certificates since that
|
||||||
|
connection was first opened. Previously, we would claim to have
|
||||||
|
used our most recent x509 link certificate, which would sometimes
|
||||||
|
make the link handshake fail. Fixes one case of bug 22460; bugfix
|
||||||
|
on 0.2.3.6-alpha.
|
||||||
|
|
||||||
|
o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
|
||||||
|
- Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
|
||||||
|
December 2016 (of which ~126 were still functional) with a list of
|
||||||
|
151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
|
||||||
|
2017. Resolves ticket 21564.
|
||||||
|
|
||||||
|
o Minor features (future-proofing, backport from 0.3.0.7):
|
||||||
|
- Tor no longer refuses to download microdescriptors or descriptors if
|
||||||
|
they are listed as "published in the future". This change will
|
||||||
|
eventually allow us to stop listing meaningful "published" dates
|
||||||
|
in microdescriptor consensuses, and thereby allow us to reduce the
|
||||||
|
resources required to download consensus diffs by over 50%.
|
||||||
|
Implements part of ticket 21642; implements part of proposal 275.
|
||||||
|
|
||||||
|
o Minor features (directory authorities, backport from 0.3.0.4-rc)
|
||||||
|
- Directory authorities now reject relays running versions
|
||||||
|
0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
|
||||||
|
suffer from bug 20499 and don't keep their consensus cache
|
||||||
|
up-to-date. Resolves ticket 20509.
|
||||||
|
|
||||||
|
o Minor features (geoip):
|
||||||
|
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor bugfixes (control port, backport from 0.3.0.6):
|
||||||
|
- The GETINFO extra-info/digest/<digest> command was broken because
|
||||||
|
of a wrong base16 decode return value check, introduced when
|
||||||
|
refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
|
||||||
|
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||||
|
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.0.7):
|
||||||
|
- The getpid() system call is now permitted under the Linux seccomp2
|
||||||
|
sandbox, to avoid crashing with versions of OpenSSL (and other
|
||||||
|
libraries) that attempt to learn the process's PID by using the
|
||||||
|
syscall rather than the VDSO code. Fixes bug 21943; bugfix
|
||||||
|
on 0.2.5.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (memory leak, directory authority, backport
|
||||||
|
from 0.3.1.2-alpha):
|
||||||
|
- When directory authorities reject a router descriptor due to
|
||||||
|
keypinning, free the router descriptor rather than leaking the
|
||||||
|
memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.3.0.7 - 2017-05-15
|
Changes in version 0.3.0.7 - 2017-05-15
|
||||||
Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions
|
Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions
|
||||||
|
|
Loading…
Reference in New Issue