Begin work on an 0.2.9.10 changelog
This one is much more normal than the 0.2.[45678] changelogs I just started, since there has been a much shorter gap since the most recent 0.2.9 release.
This commit is contained in:
parent
3c74bc73fc
commit
a98608efe8
64
ChangeLog
64
ChangeLog
|
@ -1,3 +1,67 @@
|
||||||
|
Changes in version 0.2.9.10 - 2017-03-??
|
||||||
|
Tor 0.2.9.10 backports a security fix from later Tor releass.
|
||||||
|
|
||||||
|
Tor 0.2.9.10 also includes fixes for some major issues affecting
|
||||||
|
directory authorities, LibreSSL compatibility, and IPv6 correctness.
|
||||||
|
|
||||||
|
The Tor 0.2.9.x release series is now marked as a long-term-support
|
||||||
|
series. We intend to backport security fixes to 0.2.9.x until at
|
||||||
|
least March of 2020.
|
||||||
|
|
||||||
|
o Major bugfixes (directory authority, 0.3.0.3-alpha):
|
||||||
|
- During voting, when marking a relay as a probable sybil, do not
|
||||||
|
clear its BadExit flag: sybils can still be bad in other ways
|
||||||
|
too. (We still clear the other flags.) Fixes bug 21108; bugfix
|
||||||
|
on 0.2.0.13-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (IPv6 Exits, backport from 0.3.0.3-alpha):
|
||||||
|
- Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
|
||||||
|
any IPv6 addresses. Instead, only reject a port over IPv6 if the
|
||||||
|
exit policy rejects that port on more than an IPv6 /16 of
|
||||||
|
addresses. This bug was made worse by 17027 in 0.2.8.1-alpha,
|
||||||
|
which rejected a relay's own IPv6 address by default. Fixes bug
|
||||||
|
21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (parsing, also in 0.3.0.4-rc):
|
||||||
|
- Fix an integer underflow bug when comparing malformed Tor versions.
|
||||||
|
This bug is harmless, except when Tor has been built with
|
||||||
|
--enable-expensive-hardening, which would turn it into a crash;
|
||||||
|
or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with
|
||||||
|
-ftrapv by default.
|
||||||
|
Part of TROVE-2017-001. Fixes bug 21278; bugfix on
|
||||||
|
0.0.8pre1. Found by OSS-Fuzz.
|
||||||
|
|
||||||
|
o Minor features (directory authority, also in 0.3.0.4-rc):
|
||||||
|
- Directory authorities now reject descriptors that claim to be
|
||||||
|
malformed versions of Tor. Helps prevent exploitation of bug 21278.
|
||||||
|
|
||||||
|
o Minor features (portability, compilation, backport from 0.3.0.3-alpha):
|
||||||
|
- Autoconf now checks to determine if OpenSSL structures are opaque,
|
||||||
|
instead of explicitly checking for OpenSSL version numbers. Part
|
||||||
|
of ticket 21359.
|
||||||
|
- Support building with recent LibreSSL code that uses opaque
|
||||||
|
structures. Closes ticket 21359.
|
||||||
|
|
||||||
|
o Minor features (geoip):
|
||||||
|
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor bugfixes (code correctness, also in 0.3.0.4-rc):
|
||||||
|
- Repair a couple of (unreachable or harmless) cases of the risky
|
||||||
|
comparison-by-subtraction pattern that caused bug 21278.
|
||||||
|
|
||||||
|
o Minor bugfixes (tor-resolve, backport from 0.3.0.3-alpha):
|
||||||
|
- The tor-resolve command line tool now rejects hostnames over 255
|
||||||
|
characters in length. Previously, it would silently truncate them,
|
||||||
|
which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
|
||||||
|
Patch by "junglefowl".
|
||||||
|
|
||||||
|
o Minor bugfixes (voting consistency, also in 0.3.0.4-rc):
|
||||||
|
- Reject version numbers with components that exceed INT32_MAX.
|
||||||
|
Otherwise 32-bit and 64-bit platforms would behave inconsistently.
|
||||||
|
Fixes bug 21450; bugfix on 0.0.8pre1.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.9.9 - 2017-01-23
|
Changes in version 0.2.9.9 - 2017-01-23
|
||||||
Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could
|
Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could
|
||||||
cause relays and clients to crash, even if they were not built with
|
cause relays and clients to crash, even if they were not built with
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
|
|
||||||
o Minor features (portability, compilationc)
|
|
||||||
- Support building with recent LibreSSL code that uses opaque
|
|
||||||
structures. Closes ticket 21359.
|
|
||||||
- Autoconf now check to determine if OpenSSL
|
|
||||||
structures are opaque, instead of explicitly checking for
|
|
||||||
OpenSSL version numbers.
|
|
||||||
Part of ticket 21359.
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Major bugfixes (directory authority):
|
|
||||||
- During voting, when marking a node as a probable sybil, do not
|
|
||||||
clear its BadExit flag: sybils can still be bad in other ways
|
|
||||||
too. (We still clear the other flags.) Fixes bug 21108; bugfix
|
|
||||||
on 0.2.0.13-alpha.
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Minor bugfixes (code correctness):
|
|
||||||
- Repair a couple of (unreachable or harmless) cases of the risky
|
|
||||||
comparison-by-subtraction pattern that caused bug 21278.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor features (directory authority):
|
|
||||||
- Directory authorities now reject descriptors that claim to be
|
|
||||||
malformed versions of Tor. Helps prevent exploitation of bug 21278.
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes (tor-resolve):
|
|
||||||
- The tor-resolve command line tool now rejects hostnames over 255
|
|
||||||
characters in length. Previously, it would silently truncate
|
|
||||||
them, which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
|
|
||||||
Patch by "junglefowl".
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Major bugfixes (IPv6 Exits):
|
|
||||||
- Stop rejecting all IPv6 traffic on Exits whose exit policy rejects IPv6
|
|
||||||
addresses. Instead, only reject a port over IPv6 if the exit policy
|
|
||||||
rejects that port on more than an IPv6 /16 of addresses. This bug was
|
|
||||||
made worse by 17027 in 0.2.8.1-alpha, which rejects a relay's own IPv6
|
|
||||||
address by default.
|
|
||||||
Fixes bug 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (voting consistency):
|
|
||||||
- Reject version numbers with components that exceed INT32_MAX.
|
|
||||||
Otherwise 32-bit and 64-bit platforms would behave inconsistently.
|
|
||||||
Fixes bug 21450; bugfix on 0.0.8pre1.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
o Major bugfixes (parsing):
|
|
||||||
- Fix an integer underflow bug when comparing malformed Tor versions.
|
|
||||||
This bug is harmless, except when Tor has been built with
|
|
||||||
--enable-expensive-hardening, which would turn it into a crash;
|
|
||||||
or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with
|
|
||||||
-ftrapv by default.
|
|
||||||
Part of TROVE-2017-001. Fixes bug 21278; bugfix on
|
|
||||||
0.0.8pre1. Found by OSS-Fuzz.
|
|
Loading…
Reference in New Issue