From babd102f0b2071694eb0cb9fcbf4a5cbab5c8b7f Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 1 Mar 2018 16:41:35 -0500 Subject: [PATCH] Draft changelog for 0.3.1.10 --- ChangeLog | 42 ++++++++++++++++++++++++++++++++++++---- changes/bug25249 | 3 --- changes/bug25249.2 | 3 --- changes/trove-2018-001.1 | 6 ------ changes/trove-2018-004 | 8 -------- 5 files changed, 38 insertions(+), 24 deletions(-) delete mode 100644 changes/bug25249 delete mode 100644 changes/bug25249.2 delete mode 100644 changes/trove-2018-001.1 delete mode 100644 changes/trove-2018-004 diff --git a/ChangeLog b/ChangeLog index f13c8a193..7bbe95d50 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,7 +2,30 @@ Changes in version 0.3.1.10 - 2018-03-?? Tor 0.3.1.10 backports a number of bugfixes, including important fixes for security issues. - BLURB HERE. + It includes an important security fix for a remote crash attack + against directory authorities, tracked as TROVE-2018-001. + + This release also backports our new system for improved resistance to + denial-of-service attacks against relays. + + This release also fixes several minor bugs and annoyances from + earlier releases. + + All directory authorities should upgrade to one of the versions + released today. All relays not already running Tor 0.3.3.2-alpha or + later should upgrade to one of the versions released today. + + Please note: according to our release calendar, Tor 0.3.1 will no + longer be supported after 1 July 2018. If you will be running Tor + after that date, you should make sure to plan to upgrade to the latest + stable version, or downgrade to 0.2.9 (which will receive long-term + support). + + o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha): + - Fix a protocol-list handling bug that could be used to remotely crash + directory authorities with a null-pointer exception. Fixes bug 25074; + bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and + CVE-2018-0490. o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha): - Give relays some defenses against the recent network overload. We @@ -114,6 +137,14 @@ Changes in version 0.3.1.10 - 2018-03-?? with the OwningControllerProcess feature. Fixes bug 24198; bugfix on 0.2.5.1-alpha. + o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha): + - Fix a possible crash on malformed consensus. If a consensus had + contained an unparseable protocol line, it could have made clients + and relays crash with a null-pointer exception. To exploit this + issue, however, an attacker would need to be able to subvert the + directory authority system. Fixes bug 25251; bugfix on + 0.2.9.4-alpha. Also tracked as TROVE-2018-004. + o Minor bugfixes (directory cache, backport from 0.3.2.5-alpha): - Recover better from empty or corrupt files in the consensus cache directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha. @@ -186,14 +217,17 @@ Changes in version 0.3.1.10 - 2018-03-?? the other side ever sent a create_fast cell to us. Backports part of the fixes from bugs 22805 and 24898. + o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha): + - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on + 0.2.9.4-alpha. + - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249; + bugfix on 0.2.9.4-alpha. + o Code simplification and refactoring (backport from 0.3.3.3-alpha): - Update the "rust dependencies" submodule to be a project-level repository, rather than a user repository. Closes ticket 25323. - - - Changes in version 0.3.1.9 - 2017-12-01: Tor 0.3.1.9 backports important security and stability fixes from the 0.3.2 development series. All Tor users should upgrade to this diff --git a/changes/bug25249 b/changes/bug25249 deleted file mode 100644 index b4153eeae..000000000 --- a/changes/bug25249 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (spec conformance): - - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on - 0.2.9.4-alpha. diff --git a/changes/bug25249.2 b/changes/bug25249.2 deleted file mode 100644 index 9058c1107..000000000 --- a/changes/bug25249.2 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (spec conformance): - - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249; - bugfix on 0.2.9.4-alpha. diff --git a/changes/trove-2018-001.1 b/changes/trove-2018-001.1 deleted file mode 100644 index f0ee92f40..000000000 --- a/changes/trove-2018-001.1 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (denial-of-service, directory authority): - - Fix a protocol-list handling bug that could be used to remotely crash - directory authorities with a null-pointer exception. Fixes bug 25074; - bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001. - - diff --git a/changes/trove-2018-004 b/changes/trove-2018-004 deleted file mode 100644 index 37e0a89b0..000000000 --- a/changes/trove-2018-004 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (denial-of-service): - - Fix a possible crash on malformed consensus. If a consensus had - contained an unparseable protocol line, it could have made clients - and relays crash with a null-pointer exception. To exploit this - issue, however, an attacker would need to be able to subvert the - directory-authority system. Fixes bug 25251; bugfix on - 0.2.9.4-alpha. Also tracked as TROVE-2018-004. -