Copy forward ChangeLog and ReleaseNotes from 0.3.5.15, 0.4.4.9, and 0.4.5.9

author: Nick Mathewson <nickm@torproject.org> 2021-06-14 11:55:48 -0400
committer: Nick Mathewson <nickm@torproject.org> 2021-06-14 11:55:48 -0400
commit: ec2094a76e74d2fcca96593058b6a422419b628e (patch)
tree: b2ca6572ded4114a5e4a7acf1d7a4be624a91275 /ChangeLog
parent: e04831a0d27b1acb15f1dfbbe9aaa9d596d1dba3 (diff)
download: tor-ec2094a76e74d2fcca96593058b6a422419b628e.tar.gz
tor-ec2094a76e74d2fcca96593058b6a422419b628e.zip
1 files changed, 188 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 39f668a137..68319eecf4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,191 @@
+Changes in version 0.4.5.9 - 2021-06-14
+  Tor 0.4.5.9 fixes several security issues, including a
+  denial-of-service attack against onion service clients, and another
+  denial-of-service attack against relays. Everybody should upgrade to
+  one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5.
+
+  o Major bugfixes (security, backport from 0.4.6.5):
+    - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
+      half-closed streams. Previously, clients failed to validate which
+      hop sent these cells: this would allow a relay on a circuit to end
+      a stream that wasn't actually built with it. Fixes bug 40389;
+      bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
+      003 and CVE-2021-34548.
+
+  o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5):
+    - Detect more failure conditions from the OpenSSL RNG code.
+      Previously, we would detect errors from a missing RNG
+      implementation, but not failures from the RNG code itself.
+      Fortunately, it appears those failures do not happen in practice
+      when Tor is using OpenSSL's default RNG implementation. Fixes bug
+      40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
+      TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
+
+  o Major bugfixes (security, denial of service, backport from 0.4.6.5):
+    - Resist a hashtable-based CPU denial-of-service attack against
+      relays. Previously we used a naive unkeyed hash function to look
+      up circuits in a circuitmux object. An attacker could exploit this
+      to construct circuits with chosen circuit IDs, to create
+      collisions and make the hash table inefficient. Now we use a
+      SipHash construction here instead. Fixes bug 40391; bugfix on
+      0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
+      CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
+    - Fix an out-of-bounds memory access in v3 onion service descriptor
+      parsing. An attacker could exploit this bug by crafting an onion
+      service descriptor that would crash any client that tried to visit
+      it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
+      tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
+      Glazunov from Google's Project Zero.
+
+  o Minor features (compatibility, backport from 0.4.6.4-rc):
+    - Remove an assertion function related to TLS renegotiation. It was
+      used nowhere outside the unit tests, and it was breaking
+      compilation with recent alpha releases of OpenSSL 3.0.0. Closes
+      ticket 40399.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2021/06/10.
+
+  o Minor bugfixes (control, sandbox, backport from 0.4.6.4-rc):
+    - Allow the control command SAVECONF to succeed when the seccomp
+      sandbox is enabled, and make SAVECONF keep only one backup file to
+      simplify implementation. Previously SAVECONF allowed a large
+      number of backup files, which made it incompatible with the
+      sandbox. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by
+      Daniel Pinto.
+
+  o Minor bugfixes (metrics port, backport from 0.4.6.4-rc):
+    - Fix a bug that made tor try to re-bind() on an already open
+      MetricsPort every 60 seconds. Fixes bug 40370; bugfix
+      on 0.4.5.1-alpha.
+
+
+Changes in version 0.4.4.9 - 2021-06-14
+  Tor 0.4.4.9 fixes several security issues, including a
+  denial-of-service attack against onion service clients, and another
+  denial-of-service attack against relays. Everybody should upgrade to
+  one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5.
+
+  Note that the scheduled end-of-life date for the Tor 0.4.4.x series is
+  June 15. This is therefore the last release in its series. Everybody
+  still running 0.4.4.x should plan to upgrade to 0.4.5.x or later.
+
+  o Major bugfixes (security, backport from 0.4.6.5):
+    - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
+      half-closed streams. Previously, clients failed to validate which
+      hop sent these cells: this would allow a relay on a circuit to end
+      a stream that wasn't actually built with it. Fixes bug 40389;
+      bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
+      003 and CVE-2021-34548.
+
+  o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5):
+    - Detect more failure conditions from the OpenSSL RNG code.
+      Previously, we would detect errors from a missing RNG
+      implementation, but not failures from the RNG code itself.
+      Fortunately, it appears those failures do not happen in practice
+      when Tor is using OpenSSL's default RNG implementation. Fixes bug
+      40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
+      TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
+
+  o Major bugfixes (security, denial of service, backport from 0.4.6.5):
+    - Resist a hashtable-based CPU denial-of-service attack against
+      relays. Previously we used a naive unkeyed hash function to look
+      up circuits in a circuitmux object. An attacker could exploit this
+      to construct circuits with chosen circuit IDs, to create
+      collisions and make the hash table inefficient. Now we use a
+      SipHash construction here instead. Fixes bug 40391; bugfix on
+      0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
+      CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
+    - Fix an out-of-bounds memory access in v3 onion service descriptor
+      parsing. An attacker could exploit this bug by crafting an onion
+      service descriptor that would crash any client that tried to visit
+      it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
+      tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
+      Glazunov from Google's Project Zero.
+
+  o Minor features (compatibility, backport from 0.4.6.4-rc):
+    - Remove an assertion function related to TLS renegotiation. It was
+      used nowhere outside the unit tests, and it was breaking
+      compilation with recent alpha releases of OpenSSL 3.0.0. Closes
+      ticket 40399.
+
+  o Minor features (fallback directory list, backport from 0.4.6.2-alpha):
+    - Regenerate the list of fallback directories to contain a new set
+      of 200 relays. Closes ticket 40265.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2021/06/10.
+
+  o Minor bugfixes (channel, DoS, backport from 0.4.6.2-alpha):
+    - Fix a non-fatal BUG() message due to a too-early free of a string,
+      when listing a client connection from the DoS defenses subsystem.
+      Fixes bug 40345; bugfix on 0.4.3.4-rc.
+
+  o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc):
+    - Fix an indentation problem that led to a warning from GCC 11.1.1.
+      Fixes bug 40380; bugfix on 0.3.0.1-alpha.
+
+
+Changes in version 0.3.5.15 - 2021-06-14
+  Tor 0.3.5.15 fixes several security issues, including a
+  denial-of-service attack against onion service clients, and another
+  denial-of-service attack against relays. Everybody should upgrade to
+  one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5.
+
+  o Major bugfixes (security, backport from 0.4.6.5):
+    - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
+      half-closed streams. Previously, clients failed to validate which
+      hop sent these cells: this would allow a relay on a circuit to end
+      a stream that wasn't actually built with it. Fixes bug 40389;
+      bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
+      003 and CVE-2021-34548.
+
+  o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5):
+    - Detect more failure conditions from the OpenSSL RNG code.
+      Previously, we would detect errors from a missing RNG
+      implementation, but not failures from the RNG code itself.
+      Fortunately, it appears those failures do not happen in practice
+      when Tor is using OpenSSL's default RNG implementation. Fixes bug
+      40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
+      TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
+
+  o Major bugfixes (security, denial of service, backport from 0.4.6.5):
+    - Resist a hashtable-based CPU denial-of-service attack against
+      relays. Previously we used a naive unkeyed hash function to look
+      up circuits in a circuitmux object. An attacker could exploit this
+      to construct circuits with chosen circuit IDs, to create
+      collisions and make the hash table inefficient. Now we use a
+      SipHash construction here instead. Fixes bug 40391; bugfix on
+      0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
+      CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
+    - Fix an out-of-bounds memory access in v3 onion service descriptor
+      parsing. An attacker could exploit this bug by crafting an onion
+      service descriptor that would crash any client that tried to visit
+      it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
+      tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
+      Glazunov from Google's Project Zero.
+
+  o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc):
+    - Fix an indentation problem that led to a warning from GCC 11.1.1.
+      Fixes bug 40380; bugfix on 0.3.0.1-alpha.
+
+  o Minor features (compatibility, backport from 0.4.6.4-rc):
+    - Remove an assertion function related to TLS renegotiation. It was
+      used nowhere outside the unit tests, and it was breaking
+      compilation with recent alpha releases of OpenSSL 3.0.0. Closes
+      ticket 40399.
+
+  o Minor features (fallback directory list, backport from 0.4.6.2-alpha):
+    - Regenerate the list of fallback directories to contain a new set
+      of 200 relays. Closes ticket 40265.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2021/06/10.
+
+
 Changes in version 0.4.6.5 - 2021-06-14
   Tor 0.4.6.5 is the first stable release in its series. The 0.4.6.x
   series includes numerous features and bugfixes, including a significant
author	Nick Mathewson <nickm@torproject.org>	2021-06-14 11:55:48 -0400
committer	Nick Mathewson <nickm@torproject.org>	2021-06-14 11:55:48 -0400
commit	ec2094a76e74d2fcca96593058b6a422419b628e (patch)
tree	b2ca6572ded4114a5e4a7acf1d7a4be624a91275 /ChangeLog
parent	e04831a0d27b1acb15f1dfbbe9aaa9d596d1dba3 (diff)
download	tor-ec2094a76e74d2fcca96593058b6a422419b628e.tar.gz tor-ec2094a76e74d2fcca96593058b6a422419b628e.zip