Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

copy changelog and releasenotes forward from 0.2.9, 0.3.0

Nick Mathewson 6 years ago
parent
d2839eeac9
commit
a77a479fa5
2 changed files with 300 additions and 0 deletions
Split View Show Diff Stats
  1. 150 0
      ChangeLog
  2. 150 0
      ReleaseNotes

+ 150 - 0
ChangeLog
View File 

@@ -87,6 +87,156 @@ Changes in version 0.3.1.3-alpha - 2017-06-08
 
     - Clarify the manpage for the (deprecated) torify script. Closes
 
       ticket 6892.
 
 
+Changes in version 0.3.0.8 - 2017-06-08
 
+  Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to
 
+  remotely crash a hidden service with an assertion failure. Anyone
 
+  running a hidden service should upgrade to this version, or to some
 
+  other version with fixes for TROVE-2017-004 and TROVE-2017-005.
 
+
 
+  Tor 0.3.0.8 also includes fixes for several key management bugs
 
+  that sometimes made relays unreliable, as well as several other
 
+  bugfixes described below.
 
+
 
+  o Major bugfixes (hidden service, relay, security, backport
 
+    from 0.3.1.3-alpha):
 
+    - Fix a remotely triggerable assertion failure when a hidden service
 
+      handles a malformed BEGIN cell. Fixes bug 22493, tracked as
 
+      TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
 
+    - Fix a remotely triggerable assertion failure caused by receiving a
 
+      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
 
+      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
 
+      on 0.2.2.1-alpha.
 
+
 
+  o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
 
+    - When performing the v3 link handshake on a TLS connection, report
 
+      that we have the x509 certificate that we actually used on that
 
+      connection, even if we have changed certificates since that
 
+      connection was first opened. Previously, we would claim to have
 
+      used our most recent x509 link certificate, which would sometimes
 
+      make the link handshake fail. Fixes one case of bug 22460; bugfix
 
+      on 0.2.3.6-alpha.
 
+
 
+  o Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
 
+    - Regenerate link and authentication certificates whenever the key
 
+      that signs them changes; also, regenerate link certificates
 
+      whenever the signed key changes. Previously, these processes were
 
+      only weakly coupled, and we relays could (for minutes to hours)
 
+      wind up with an inconsistent set of keys and certificates, which
 
+      other relays would not accept. Fixes two cases of bug 22460;
 
+      bugfix on 0.3.0.1-alpha.
 
+    - When sending an Ed25519 signing->link certificate in a CERTS cell,
 
+      send the certificate that matches the x509 certificate that we
 
+      used on the TLS connection. Previously, there was a race condition
 
+      if the TLS context rotated after we began the TLS handshake but
 
+      before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
 
+      on 0.3.0.1-alpha.
 
+
 
+  o Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
 
+    - Stop rejecting v3 hidden service descriptors because their size
 
+      did not match an old padding rule. Fixes bug 22447; bugfix on
 
+      tor-0.3.0.1-alpha.
 
+
 
+  o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
 
+    - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
 
+      December 2016 (of which ~126 were still functional) with a list of
 
+      151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
 
+      2017. Resolves ticket 21564.
 
+
 
+  o Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
 
+    - Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes
 
+      bug 22252; bugfix on 0.2.9.3-alpha.
 
+
 
+  o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
 
+    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
 
+      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
 
+
 
+  o Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
 
+    - Lower the lifetime of the RSA->Ed25519 cross-certificate to six
 
+      months, and regenerate it when it is within one month of expiring.
 
+      Previously, we had generated this certificate at startup with a
 
+      ten-year lifetime, but that could lead to weird behavior when Tor
 
+      was started with a grossly inaccurate clock. Mitigates bug 22466;
 
+      mitigation on 0.3.0.1-alpha.
 
+
 
+  o Minor bugfixes (memory leak, directory authority, backport from
 
+    0.3.1.2-alpha):
 
+    - When directory authorities reject a router descriptor due to
 
+      keypinning, free the router descriptor rather than leaking the
 
+      memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
 
+
 
+
 
+Changes in version 0.2.9.11 - 2017-06-08
 
+  Tor 0.2.9.11 fixes a pair of bugs that would allow an attacker to
 
+  remotely crash a hidden service with an assertion failure. Anyone
 
+  running a hidden service should upgrade to this version, or to some
 
+  other version with fixes for TROVE-2017-004 and TROVE-2017-005.
 
+
 
+  Tor 0.2.9.11 also backports fixes for several key management bugs
 
+  that sometimes made relays unreliable, as well as several other
 
+  bugfixes described below.
 
+
 
+  o Major bugfixes (hidden service, relay, security, backport
 
+    from 0.3.1.3-alpha):
 
+    - Fix a remotely triggerable assertion failure caused by receiving a
 
+      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
 
+      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
 
+      on 0.2.2.1-alpha.
 
+
 
+  o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
 
+    - When performing the v3 link handshake on a TLS connection, report
 
+      that we have the x509 certificate that we actually used on that
 
+      connection, even if we have changed certificates since that
 
+      connection was first opened. Previously, we would claim to have
 
+      used our most recent x509 link certificate, which would sometimes
 
+      make the link handshake fail. Fixes one case of bug 22460; bugfix
 
+      on 0.2.3.6-alpha.
 
+
 
+  o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
 
+    - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
 
+      December 2016 (of which ~126 were still functional) with a list of
 
+      151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
 
+      2017. Resolves ticket 21564.
 
+
 
+  o Minor features (future-proofing, backport from 0.3.0.7):
 
+    - Tor no longer refuses to download microdescriptors or descriptors if
 
+      they are listed as "published in the future".  This change will
 
+      eventually allow us to stop listing meaningful "published" dates
 
+      in microdescriptor consensuses, and thereby allow us to reduce the
 
+      resources required to download consensus diffs by over 50%.
 
+      Implements part of ticket 21642; implements part of proposal 275.
 
+
 
+  o Minor features (directory authorities, backport from 0.3.0.4-rc)
 
+    - Directory authorities now reject relays running versions
 
+      0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
 
+      suffer from bug 20499 and don't keep their consensus cache
 
+      up-to-date. Resolves ticket 20509.
 
+
 
+  o Minor features (geoip):
 
+    - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
 
+      Country database.
 
+
 
+  o Minor bugfixes (control port, backport from 0.3.0.6):
 
+    - The GETINFO extra-info/digest/<digest> command was broken because
 
+      of a wrong base16 decode return value check, introduced when
 
+      refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha.
 
+
 
+  o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
 
+    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
 
+      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
 
+
 
+  o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.0.7):
 
+    - The getpid() system call is now permitted under the Linux seccomp2
 
+      sandbox, to avoid crashing with versions of OpenSSL (and other
 
+      libraries) that attempt to learn the process's PID by using the
 
+      syscall rather than the VDSO code. Fixes bug 21943; bugfix
 
+      on 0.2.5.1-alpha.
 
+
 
+  o Minor bugfixes (memory leak, directory authority, backport
 
+    from 0.3.1.2-alpha):
 
+    - When directory authorities reject a router descriptor due to
 
+      keypinning, free the router descriptor rather than leaking the
 
+      memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
 
+
 
 
 Changes in version 0.3.1.2-alpha - 2017-05-26
 
   Tor 0.3.1.2-alpha is the second release in the 0.3.1.x series. It

+ 150 - 0
ReleaseNotes
View File 

@@ -2,6 +2,156 @@ This document summarizes new features and bugfixes in each stable release
 
 of Tor. If you want to see more detailed descriptions of the changes in
 
 each development snapshot, see the ChangeLog file.
 
 
+Changes in version 0.3.0.8 - 2017-06-08
 
+  Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to
 
+  remotely crash a hidden service with an assertion failure. Anyone
 
+  running a hidden service should upgrade to this version, or to some
 
+  other version with fixes for TROVE-2017-004 and TROVE-2017-005.
 
+
 
+  Tor 0.3.0.8 also includes fixes for several key management bugs
 
+  that sometimes made relays unreliable, as well as several other
 
+  bugfixes described below.
 
+
 
+  o Major bugfixes (hidden service, relay, security, backport
 
+    from 0.3.1.3-alpha):
 
+    - Fix a remotely triggerable assertion failure when a hidden service
 
+      handles a malformed BEGIN cell. Fixes bug 22493, tracked as
 
+      TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
 
+    - Fix a remotely triggerable assertion failure caused by receiving a
 
+      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
 
+      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
 
+      on 0.2.2.1-alpha.
 
+
 
+  o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
 
+    - When performing the v3 link handshake on a TLS connection, report
 
+      that we have the x509 certificate that we actually used on that
 
+      connection, even if we have changed certificates since that
 
+      connection was first opened. Previously, we would claim to have
 
+      used our most recent x509 link certificate, which would sometimes
 
+      make the link handshake fail. Fixes one case of bug 22460; bugfix
 
+      on 0.2.3.6-alpha.
 
+
 
+  o Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
 
+    - Regenerate link and authentication certificates whenever the key
 
+      that signs them changes; also, regenerate link certificates
 
+      whenever the signed key changes. Previously, these processes were
 
+      only weakly coupled, and we relays could (for minutes to hours)
 
+      wind up with an inconsistent set of keys and certificates, which
 
+      other relays would not accept. Fixes two cases of bug 22460;
 
+      bugfix on 0.3.0.1-alpha.
 
+    - When sending an Ed25519 signing->link certificate in a CERTS cell,
 
+      send the certificate that matches the x509 certificate that we
 
+      used on the TLS connection. Previously, there was a race condition
 
+      if the TLS context rotated after we began the TLS handshake but
 
+      before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
 
+      on 0.3.0.1-alpha.
 
+
 
+  o Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
 
+    - Stop rejecting v3 hidden service descriptors because their size
 
+      did not match an old padding rule. Fixes bug 22447; bugfix on
 
+      tor-0.3.0.1-alpha.
 
+
 
+  o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
 
+    - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
 
+      December 2016 (of which ~126 were still functional) with a list of
 
+      151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
 
+      2017. Resolves ticket 21564.
 
+
 
+  o Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
 
+    - Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes
 
+      bug 22252; bugfix on 0.2.9.3-alpha.
 
+
 
+  o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
 
+    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
 
+      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
 
+
 
+  o Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
 
+    - Lower the lifetime of the RSA->Ed25519 cross-certificate to six
 
+      months, and regenerate it when it is within one month of expiring.
 
+      Previously, we had generated this certificate at startup with a
 
+      ten-year lifetime, but that could lead to weird behavior when Tor
 
+      was started with a grossly inaccurate clock. Mitigates bug 22466;
 
+      mitigation on 0.3.0.1-alpha.
 
+
 
+  o Minor bugfixes (memory leak, directory authority, backport from
 
+    0.3.1.2-alpha):
 
+    - When directory authorities reject a router descriptor due to
 
+      keypinning, free the router descriptor rather than leaking the
 
+      memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
 
+
 
+
 
+Changes in version 0.2.9.11 - 2017-06-08
 
+  Tor 0.2.9.11 fixes a pair of bugs that would allow an attacker to
 
+  remotely crash a hidden service with an assertion failure. Anyone
 
+  running a hidden service should upgrade to this version, or to some
 
+  other version with fixes for TROVE-2017-004 and TROVE-2017-005.
 
+
 
+  Tor 0.2.9.11 also backports fixes for several key management bugs
 
+  that sometimes made relays unreliable, as well as several other
 
+  bugfixes described below.
 
+
 
+  o Major bugfixes (hidden service, relay, security, backport
 
+    from 0.3.1.3-alpha):
 
+    - Fix a remotely triggerable assertion failure caused by receiving a
 
+      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
 
+      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
 
+      on 0.2.2.1-alpha.
 
+
 
+  o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
 
+    - When performing the v3 link handshake on a TLS connection, report
 
+      that we have the x509 certificate that we actually used on that
 
+      connection, even if we have changed certificates since that
 
+      connection was first opened. Previously, we would claim to have
 
+      used our most recent x509 link certificate, which would sometimes
 
+      make the link handshake fail. Fixes one case of bug 22460; bugfix
 
+      on 0.2.3.6-alpha.
 
+
 
+  o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
 
+    - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
 
+      December 2016 (of which ~126 were still functional) with a list of
 
+      151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
 
+      2017. Resolves ticket 21564.
 
+
 
+  o Minor features (future-proofing, backport from 0.3.0.7):
 
+    - Tor no longer refuses to download microdescriptors or descriptors if
 
+      they are listed as "published in the future".  This change will
 
+      eventually allow us to stop listing meaningful "published" dates
 
+      in microdescriptor consensuses, and thereby allow us to reduce the
 
+      resources required to download consensus diffs by over 50%.
 
+      Implements part of ticket 21642; implements part of proposal 275.
 
+
 
+  o Minor features (directory authorities, backport from 0.3.0.4-rc)
 
+    - Directory authorities now reject relays running versions
 
+      0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
 
+      suffer from bug 20499 and don't keep their consensus cache
 
+      up-to-date. Resolves ticket 20509.
 
+
 
+  o Minor features (geoip):
 
+    - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
 
+      Country database.
 
+
 
+  o Minor bugfixes (control port, backport from 0.3.0.6):
 
+    - The GETINFO extra-info/digest/<digest> command was broken because
 
+      of a wrong base16 decode return value check, introduced when
 
+      refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha.
 
+
 
+  o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
 
+    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
 
+      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
 
+
 
+  o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.0.7):
 
+    - The getpid() system call is now permitted under the Linux seccomp2
 
+      sandbox, to avoid crashing with versions of OpenSSL (and other
 
+      libraries) that attempt to learn the process's PID by using the
 
+      syscall rather than the VDSO code. Fixes bug 21943; bugfix
 
+      on 0.2.5.1-alpha.
 
+
 
+  o Minor bugfixes (memory leak, directory authority, backport
 
+    from 0.3.1.2-alpha):
 
+    - When directory authorities reject a router descriptor due to
 
+      keypinning, free the router descriptor rather than leaking the
 
+      memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
 
+
 
 
 Changes in version 0.3.0.7 - 2017-05-15
 
   Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions