[tor-commits] [tor/release-0.3.0] Start on an 0.3.0.8 changelog
nickm at torproject.org
nickm at torproject.org
Thu Jun 8 13:04:20 UTC 2017
commit 17c61d98e40c74167daaebdd3eaa5502739826ed
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Jun 8 08:45:57 2017 -0400
Start on an 0.3.0.8 changelog
---
ChangeLog | 69 +++++++++++++++++++++++++++++++++++++++++++++
changes/bug20509 | 5 ----
changes/bug22252 | 3 --
changes/bug22370 | 4 ---
changes/bug22447 | 3 --
changes/bug22460_case1 | 16 -----------
changes/bug22460_case2 | 8 ------
changes/bug22466_regenerate | 8 ------
changes/bug22490 | 3 --
changes/ticket21564 | 6 ----
10 files changed, 69 insertions(+), 56 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 04ebabd..56a7ce0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,72 @@
+Changes in version 0.3.0.8 - 2017-06-08
+ Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to
+ remotely crash a hidden service with an assertion failure. Anyone
+ running a hidden service should upgrade to this version, or to some
+ other version with fixes for TROVE-2017-004 and TROVE-2017-005.
+
+ Tor 0.3.0.8 also includes fixes for several key management bugs
+ that sometimes made relays unreliable, as well as several other
+ bugfixes described below.
+
+ o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
+ - When performing the v3 link handshake on a TLS connection, report
+ that we have the x509 certificate that we actually used on that
+ connection, even if we have changed certificates since that
+ connection was first opened. Previously, we would claim to have
+ used our most recent x509 link certificate, which would sometimes
+ make the link handshake fail. Fixes one case of bug 22460; bugfix
+ on 0.2.3.6-alpha.
+
+ o Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
+ - Regenerate link and authentication certificates whenever the key
+ that signs them changes; also, regenerate link certificates
+ whenever the signed key changes. Previously, these processes were
+ only weakly coupled, and we relays could (for minutes to hours)
+ wind up with an inconsistent set of keys and certificates, which
+ other relays would not accept. Fixes two cases of bug 22460;
+ bugfix on 0.3.0.1-alpha.
+ - When sending an Ed25519 signing->link certificate in a CERTS cell,
+ send the certificate that matches the x509 certificate that we
+ used on the TLS connection. Previously, there was a race condition
+ if the TLS context rotated after we began the TLS handshake but
+ before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
+ on 0.3.0.1-alpha.
+
+ o Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
+ - Stop rejecting v3 hidden service descriptors because their size
+ did not match an old padding rule. Fixes bug 22447; bugfix on
+ tor-0.3.0.1-alpha.
+
+ o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
+ - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
+ December 2016 (of which ~126 were still functional) with a list of
+ 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
+ 2017. Resolves ticket 21564.
+
+ o Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
+ - Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes
+ bug 22252; bugfix on 0.2.9.3-alpha.
+
+ o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
+ - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+ file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+ o Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
+ - Lower the lifetime of the RSA->Ed25519 cross-certificate to six
+ months, and regenerate it when it is within one month of expiring.
+ Previously, we had generated this certificate at startup with a
+ ten-year lifetime, but that could lead to weird behavior when Tor
+ was started with a grossly inaccurate clock. Mitigates bug 22466;
+ mitigation on 0.3.0.1-alpha.
+
+ o Minor bugfixes (memory leak, directory authority, backport from
+ 0.3.1.2-alpha):
+ - When directory authorities reject a router descriptor due to
+ keypinning, free the router descriptor rather than leaking the
+ memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
+
+
+
Changes in version 0.3.0.7 - 2017-05-15
Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions
of Tor 0.3.0.x, where an attacker could cause a Tor relay process to
diff --git a/changes/bug20509 b/changes/bug20509
deleted file mode 100644
index a39ca9f..0000000
--- a/changes/bug20509
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features:
- - Directory authorities now reject relays running versions
- 0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
- suffer from bug 20499 and don't keep their consensus cache
- up-to-date. Resolves ticket 20509.
diff --git a/changes/bug22252 b/changes/bug22252
deleted file mode 100644
index 42b9d8e..0000000
--- a/changes/bug22252
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (configuration):
- - Do not crash when starting with LearnCircuitBuildTimeout 0.
- Fixes bug 22252; bugfix on 0.2.9.3-alpha.
diff --git a/changes/bug22370 b/changes/bug22370
deleted file mode 100644
index e0e87e3..0000000
--- a/changes/bug22370
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (memory handling):
- - When directory authorities reject a router descriptor due to keypinning,
- free the router descriptor rather than leaking the memory.
- Fixes bug 22370; bugfix on 0.2.7.2-alpha.
diff --git a/changes/bug22447 b/changes/bug22447
deleted file mode 100644
index f5649d6..0000000
--- a/changes/bug22447
+++ /dev/null
@@ -1,3 +0,0 @@
- o Major bugfixes (hidden service v3):
- - HSDir failed to validate the encrypted size of a v3 descriptor and thus
- rejecting it. Fixes bug 22447; bugfix on tor-0.3.0.1-alpha.
diff --git a/changes/bug22460_case1 b/changes/bug22460_case1
deleted file mode 100644
index cfe78ad..0000000
--- a/changes/bug22460_case1
+++ /dev/null
@@ -1,16 +0,0 @@
- o Major bugfixes (relays, key management):
- - Regenerate link and authentication certificates whenever the key that
- signs them changes; also, regenerate link certificates whenever the
- signed key changes. Previously, these processes were only weakly
- coupled, and we relays could (for minutes to hours) wind up with an
- inconsistent set of keys and certificates, which other relays
- would not accept. Fixes two cases of bug 22460; bugfix on
- 0.3.0.1-alpha.
- - When sending an Ed25519 signing->link certificate in a CERTS cell,
- send the certificate that matches the x509 certificate that we used
- on the TLS connection. Previously, there was a race condition if
- the TLS context rotated after we began the TLS handshake but
- before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
- on 0.3.0.1-alpha.
-
-
diff --git a/changes/bug22460_case2 b/changes/bug22460_case2
deleted file mode 100644
index 0a11759..0000000
--- a/changes/bug22460_case2
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major bugfixes (relay, link handshake):
-
- - When performing the v3 link handshake on a TLS connection, report that
- we have the x509 certificate that we actually used on that connection,
- even if we have changed certificates since that connection was first
- opened. Previously, we would claim to have used our most recent x509
- link certificate, which would sometimes make the link handshake fail.
- Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha.
diff --git a/changes/bug22466_regenerate b/changes/bug22466_regenerate
deleted file mode 100644
index 8dbda89..0000000
--- a/changes/bug22466_regenerate
+++ /dev/null
@@ -1,8 +0,0 @@
- o Minor bugfixes (link handshake):
- - Lower the lifetime of the RSA->Ed25519 cross-certificate to
- six months, and regenerate it when it is within one month of expiring.
- Previously, we had generated this certificate at startup with
- a ten-year lifetime, but that could lead to weird behavior when
- Tor was started with a grossly inaccurate clock. Mitigates
- bug 22466; mitigation on 0.3.0.1-alpha.
-
diff --git a/changes/bug22490 b/changes/bug22490
deleted file mode 100644
index 244dd50..0000000
--- a/changes/bug22490
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (correctness):
- - Avoid undefined behavior when parsing IPv6 entries from the geoip6
- file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
diff --git a/changes/ticket21564 b/changes/ticket21564
deleted file mode 100644
index 7e01f41..0000000
--- a/changes/ticket21564
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor features (fallback directory list):
- - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
- December 2016 (of which ~126 were still functional), with a list of
- 151 fallbacks (32 new, 119 existing, 58 removed) generated in
- May 2017.
- Resolves ticket 21564.
More information about the tor-commits
mailing list