[tor-commits] [tor/release-0.3.2] Draft changelog for 0.3.2.10
nickm at torproject.org
nickm at torproject.org
Sat Mar 3 13:17:13 UTC 2018
commit 499bdd81a7f653aa4176e1983804c04dd13d4ea1
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Mar 1 16:41:48 2018 -0500
Draft changelog for 0.3.2.10
---
ChangeLog | 60 +++++++++++++++++++++++++++++++++++-------------
changes/bug25249 | 3 ---
changes/bug25249.2 | 3 ---
changes/trove-2018-001.1 | 6 -----
changes/trove-2018-004 | 8 -------
5 files changed, 44 insertions(+), 36 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index dcae057a2..0320151a6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,7 +3,37 @@ Changes in version 0.3.2.10 - 2018-03-??
backports a number of bugfixes, including important fixes for security
issues.
- BLURB HERE.
+ It includes an important security fix for a remote crash attack
+ against directory authorities, tracked as TROVE-2018-001.
+
+ Additionally, it backports a fix for a bug whose severity we have
+ upgraded: Bug 24700, which was fixed in 0.3.3.2-alpha, can be remotely
+ triggered in order to crash relays with a use-after-free pattern. As
+ such, we are now tracking that bug as TROVE-2018-002 and
+ CVE-2018-0491, and backporting it to earlier releases. This bug
+ affected versions 0.3.2.1-alpha through 0.3.2.9, as well as version
+ 0.3.3.1-alpha.
+
+ This release also backports our new system for improved resistance to
+ denial-of-service attacks against relays.
+
+ This release also fixes several minor bugs and annoyances from
+ earlier releases.
+
+ All directory authorities should upgrade to one of the versions
+ released today. All relays not already running Tor 0.3.3.2-alpha or
+ later should upgrade to this release.
+
+ o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
+ - Fix a protocol-list handling bug that could be used to remotely crash
+ directory authorities with a null-pointer exception. Fixes bug 25074;
+ bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
+ CVE-2018-0490.
+
+ o Major bugfixes (scheduler, KIST, denial-of-service, backport from 0.3.3.2-alpha):
+ - Avoid adding the same channel twice in the KIST scheduler pending
+ list, which could lead to remote denial-of-service use-after-free
+ attacks against relays. Fixes bug 24700; bugfix on 0.3.2.1-alpha.
o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
- Give relays some defenses against the recent network overload. We
@@ -75,6 +105,14 @@ Changes in version 0.3.2.10 - 2018-03-??
making decisions about how to handle the incoming connection.
Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
+ o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
+ - Fix a possible crash on malformed consensus. If a consensus had
+ contained an unparseable protocol line, it could have made clients
+ and relays crash with a null-pointer exception. To exploit this
+ issue, however, an attacker would need to be able to subvert the
+ directory authority system. Fixes bug 25251; bugfix on
+ 0.2.9.4-alpha. Also tracked as TROVE-2018-004.
+
o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
- Directory authorities, when refusing a descriptor from a rejected
relay, now explicitly tell the relay (in its logs) to set a valid
@@ -86,17 +124,6 @@ Changes in version 0.3.2.10 - 2018-03-??
around the issue at https://github.com/rust-lang/rust/issues/46797.
Fixes bug 24652; bugfix on 0.3.1.1-alpha.
-
- [[[[ OMIT
- o Minor bugfixes (DoS mitigation):
- - Add extra safety checks when refilling the circuit creation bucket to
- ensure we never set a value that is above the allowed burst. Fixes
- bug 25202; bugfix on 0.3.3.2-alpha.
- - Make sure we don't modify consensus parameters if we aren't a public
- relay when a new consensus arrives. Fixes bug 25223; bugfix on
- 0.3.3.2-alpha.
- OMIT]]]]
-
o Minor bugfixes (onion services, backport from 0.3.3.2-alpha):
- Remove a BUG() statement when a client fetches an onion descriptor
that has a lower revision counter than the one in its cache. This
@@ -118,10 +145,11 @@ Changes in version 0.3.2.10 - 2018-03-??
limit (which can happen sometimes on some versions of OSX). Fixes
bug 21074; bugfix on 0.0.9pre5.
- o Minor bugfixes (scheduler, KIST, backport from 0.3.3.2-alpha):
- - Avoid adding the same channel twice in the KIST scheduler pending
- list, which would waste CPU cycles. Fixes bug 24700; bugfix
- on 0.3.2.1-alpha.
+ o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
+ - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
+ 0.2.9.4-alpha.
+ - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
+ bugfix on 0.2.9.4-alpha.
o Minor bugfixes (testing, backport from 0.3.3.1-alpha):
- Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
diff --git a/changes/bug25249 b/changes/bug25249
deleted file mode 100644
index b4153eeae..000000000
--- a/changes/bug25249
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (spec conformance):
- - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
- 0.2.9.4-alpha.
diff --git a/changes/bug25249.2 b/changes/bug25249.2
deleted file mode 100644
index 9058c1107..000000000
--- a/changes/bug25249.2
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (spec conformance):
- - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
- bugfix on 0.2.9.4-alpha.
diff --git a/changes/trove-2018-001.1 b/changes/trove-2018-001.1
deleted file mode 100644
index f0ee92f40..000000000
--- a/changes/trove-2018-001.1
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes (denial-of-service, directory authority):
- - Fix a protocol-list handling bug that could be used to remotely crash
- directory authorities with a null-pointer exception. Fixes bug 25074;
- bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001.
-
-
diff --git a/changes/trove-2018-004 b/changes/trove-2018-004
deleted file mode 100644
index 37e0a89b0..000000000
--- a/changes/trove-2018-004
+++ /dev/null
@@ -1,8 +0,0 @@
- o Minor bugfixes (denial-of-service):
- - Fix a possible crash on malformed consensus. If a consensus had
- contained an unparseable protocol line, it could have made clients
- and relays crash with a null-pointer exception. To exploit this
- issue, however, an attacker would need to be able to subvert the
- directory-authority system. Fixes bug 25251; bugfix on
- 0.2.9.4-alpha. Also tracked as TROVE-2018-004.
-
More information about the tor-commits
mailing list