diff options
34 files changed, 222 insertions, 165 deletions
@@ -1,3 +1,114 @@ +Changes in version 0.2.7.8 - 2017-06-08 + Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to + remotely crash a hidden service with an assertion failure. Anyone + running a hidden service should upgrade to this version, or to some + other version with fixes for TROVE-2017-005. (Versions before 0.3.0 + are not affected by TROVE-2017-004.) + + o Major bugfixes (hidden service, relay, security): + - Fix a remotely triggerable assertion failure caused by receiving a + BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug + 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix + on 0.2.2.1-alpha. + + o Minor features (geoip): + - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (correctness): + - Avoid undefined behavior when parsing IPv6 entries from the geoip6 + file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. + + +Changes in version 0.2.7.7 - 2017-03-03 + Tor 0.2.7.7 backports a number of security fixes from later Tor + releases. Anybody running Tor 0.2.7.6 or earlier should upgrade to + this release, if for some reason they cannot upgrade to a later + release series. + + Note that support for Tor 0.2.7.x is ending this year: we will not issue + any fixes for the Tor 0.2.7.x series after 1 August 2017. If you need + a Tor release series with longer-term support, we recommend Tor 0.2.9.x. + + o Directory authority changes (backport from 0.2.8.5-rc): + - Urras is no longer a directory authority. Closes ticket 19271. + + o Directory authority changes (backport from 0.2.9.2-alpha): + - The "Tonga" bridge authority has been retired; the new bridge + authority is "Bifroest". Closes tickets 19728 and 19690. + + o Directory authority key updates (backport from 0.2.8.1-alpha): + - Update the V3 identity key for the dannenberg directory authority: + it was changed on 18 November 2015. Closes task 17906. Patch + by "teor". + + o Major bugfixes (parsing, security, backport from 0.2.9.8): + - Fix a bug in parsing that could cause clients to read a single + byte past the end of an allocated region. This bug could be used + to cause hardened clients (built with --enable-expensive-hardening) + to crash if they tried to visit a hostile hidden service. Non- + hardened clients are only affected depending on the details of + their platform's memory allocator. Fixes bug 21018; bugfix on + 0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE- + 2016-12-002 and as CVE-2016-1254. + + o Major bugfixes (security, client, DNS proxy, backport from 0.2.8.3-alpha): + - Stop a crash that could occur when a client running with DNSPort + received a query with multiple address types, and the first + address type was not supported. Found and fixed by Scott Dial. + Fixes bug 18710; bugfix on 0.2.5.4-alpha. + - Prevent a class of security bugs caused by treating the contents + of a buffer chunk as if they were a NUL-terminated string. At + least one such bug seems to be present in all currently used + versions of Tor, and would allow an attacker to remotely crash + most Tor instances, especially those compiled with extra compiler + hardening. With this defense in place, such bugs can't crash Tor, + though we should still fix them as they occur. Closes ticket + 20384 (TROVE-2016-10-001). + + o Major bugfixes (security, pointers, backport from 0.2.8.2-alpha): + - Avoid a difficult-to-trigger heap corruption attack when extending + a smartlist to contain over 16GB of pointers. Fixes bug 18162; + bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely. + Reported by Guido Vranken. + + o Major bugfixes (dns proxy mode, crash, backport from 0.2.8.2-alpha): + - Avoid crashing when running as a DNS proxy. Fixes bug 16248; + bugfix on 0.2.0.1-alpha. Patch from "cypherpunks". + + o Major bugfixes (key management, backport from 0.2.8.3-alpha): + - If OpenSSL fails to generate an RSA key, do not retain a dangling + pointer to the previous (uninitialized) key value. The impact here + should be limited to a difficult-to-trigger crash, if OpenSSL is + running an engine that makes key generation failures possible, or + if OpenSSL runs out of memory. Fixes bug 19152; bugfix on + 0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and + Baishakhi Ray. + + o Major bugfixes (parsing, backported from 0.3.0.4-rc): + - Fix an integer underflow bug when comparing malformed Tor + versions. This bug could crash Tor when built with + --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor + 0.2.9.8, which were built with -ftrapv by default. In other cases + it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix + on 0.0.8pre1. Found by OSS-Fuzz. + + o Minor features (security, memory erasure, backport from 0.2.8.1-alpha): + - Make memwipe() do nothing when passed a NULL pointer or buffer of + zero size. Check size argument to memwipe() for underflow. Fixes + bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", + patch by "teor". + + o Minor features (bug-resistance, backport from 0.2.8.2-alpha): + - Make Tor survive errors involving connections without a + corresponding event object. Previously we'd fail with an + assertion; now we produce a log message. Related to bug 16248. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 + Country database. + + Changes in version 0.2.7.6 - 2015-12-10 Tor version 0.2.7.6 fixes a major bug in entry guard selection, as well as a minor bug in hidden service reliability. diff --git a/ReleaseNotes b/ReleaseNotes index f16a46a662..355caf8e47 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,117 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.2.7.8 - 2017-06-08 + Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to + remotely crash a hidden service with an assertion failure. Anyone + running a hidden service should upgrade to this version, or to some + other version with fixes for TROVE-2017-005. (Versions before 0.3.0 + are not affected by TROVE-2017-004.) + + o Major bugfixes (hidden service, relay, security): + - Fix a remotely triggerable assertion failure caused by receiving a + BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug + 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix + on 0.2.2.1-alpha. + + o Minor features (geoip): + - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (correctness): + - Avoid undefined behavior when parsing IPv6 entries from the geoip6 + file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. + + +Changes in version 0.2.7.7 - 2017-03-03 + Tor 0.2.7.7 backports a number of security fixes from later Tor + releases. Anybody running Tor 0.2.7.6 or earlier should upgrade to + this release, if for some reason they cannot upgrade to a later + release series. + + Note that support for Tor 0.2.7.x is ending this year: we will not issue + any fixes for the Tor 0.2.7.x series after 1 August 2017. If you need + a Tor release series with longer-term support, we recommend Tor 0.2.9.x. + + o Directory authority changes (backport from 0.2.8.5-rc): + - Urras is no longer a directory authority. Closes ticket 19271. + + o Directory authority changes (backport from 0.2.9.2-alpha): + - The "Tonga" bridge authority has been retired; the new bridge + authority is "Bifroest". Closes tickets 19728 and 19690. + + o Directory authority key updates (backport from 0.2.8.1-alpha): + - Update the V3 identity key for the dannenberg directory authority: + it was changed on 18 November 2015. Closes task 17906. Patch + by "teor". + + o Major bugfixes (parsing, security, backport from 0.2.9.8): + - Fix a bug in parsing that could cause clients to read a single + byte past the end of an allocated region. This bug could be used + to cause hardened clients (built with --enable-expensive-hardening) + to crash if they tried to visit a hostile hidden service. Non- + hardened clients are only affected depending on the details of + their platform's memory allocator. Fixes bug 21018; bugfix on + 0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE- + 2016-12-002 and as CVE-2016-1254. + + o Major bugfixes (security, client, DNS proxy, backport from 0.2.8.3-alpha): + - Stop a crash that could occur when a client running with DNSPort + received a query with multiple address types, and the first + address type was not supported. Found and fixed by Scott Dial. + Fixes bug 18710; bugfix on 0.2.5.4-alpha. + - Prevent a class of security bugs caused by treating the contents + of a buffer chunk as if they were a NUL-terminated string. At + least one such bug seems to be present in all currently used + versions of Tor, and would allow an attacker to remotely crash + most Tor instances, especially those compiled with extra compiler + hardening. With this defense in place, such bugs can't crash Tor, + though we should still fix them as they occur. Closes ticket + 20384 (TROVE-2016-10-001). + + o Major bugfixes (security, pointers, backport from 0.2.8.2-alpha): + - Avoid a difficult-to-trigger heap corruption attack when extending + a smartlist to contain over 16GB of pointers. Fixes bug 18162; + bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely. + Reported by Guido Vranken. + + o Major bugfixes (dns proxy mode, crash, backport from 0.2.8.2-alpha): + - Avoid crashing when running as a DNS proxy. Fixes bug 16248; + bugfix on 0.2.0.1-alpha. Patch from "cypherpunks". + + o Major bugfixes (key management, backport from 0.2.8.3-alpha): + - If OpenSSL fails to generate an RSA key, do not retain a dangling + pointer to the previous (uninitialized) key value. The impact here + should be limited to a difficult-to-trigger crash, if OpenSSL is + running an engine that makes key generation failures possible, or + if OpenSSL runs out of memory. Fixes bug 19152; bugfix on + 0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and + Baishakhi Ray. + + o Major bugfixes (parsing, backported from 0.3.0.4-rc): + - Fix an integer underflow bug when comparing malformed Tor + versions. This bug could crash Tor when built with + --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor + 0.2.9.8, which were built with -ftrapv by default. In other cases + it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix + on 0.0.8pre1. Found by OSS-Fuzz. + + o Minor features (security, memory erasure, backport from 0.2.8.1-alpha): + - Make memwipe() do nothing when passed a NULL pointer or buffer of + zero size. Check size argument to memwipe() for underflow. Fixes + bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", + patch by "teor". + + o Minor features (bug-resistance, backport from 0.2.8.2-alpha): + - Make Tor survive errors involving connections without a + corresponding event object. Previously we'd fail with an + assertion; now we produce a log message. Related to bug 16248. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 + Country database. + + Changes in version 0.2.7.6 - 2015-12-10 Tor version 0.2.7.6 fixes a major bug in entry guard selection, as well as a minor bug in hidden service reliability. diff --git a/changes/19271 b/changes/19271 deleted file mode 100644 index dc06ead999..0000000000 --- a/changes/19271 +++ /dev/null @@ -1,2 +0,0 @@ - o Directory authority changes: - - Urras is no longer a directory authority. Closes ticket 19271. diff --git a/changes/bifroest b/changes/bifroest deleted file mode 100644 index 41af658ed8..0000000000 --- a/changes/bifroest +++ /dev/null @@ -1,3 +0,0 @@ - o Directory authority changes (also in 0.2.8.7): - - The "Tonga" bridge authority has been retired; the new bridge - authority is "Bifroest". Closes tickets 19728 and 19690. diff --git a/changes/buf-sentinel b/changes/buf-sentinel deleted file mode 100644 index 7c5b829c19..0000000000 --- a/changes/buf-sentinel +++ /dev/null @@ -1,11 +0,0 @@ - o Major features (security fixes): - - - Prevent a class of security bugs caused by treating the contents - of a buffer chunk as if they were a NUL-terminated string. At - least one such bug seems to be present in all currently used - versions of Tor, and would allow an attacker to remotely crash - most Tor instances, especially those compiled with extra compiler - hardening. With this defense in place, such bugs can't crash Tor, - though we should still fix them as they occur. Closes ticket 20384 - (TROVE-2016-10-001). - diff --git a/changes/bug16248 b/changes/bug16248 deleted file mode 100644 index 399b7093cd..0000000000 --- a/changes/bug16248 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (dns proxy mode, crash): - - Avoid crashing when running as a DNS proxy. Closes bug 16248; bugfix on - 0.2.0.1-alpha. Patch from 'cypherpunks'. - - o Minor features (bug-resistance): - - Make Tor survive errors involving connections without a corresponding - event object. Previously we'd fail with an assertion; now we produce a - log message. Related to bug 16248. diff --git a/changes/bug17354 b/changes/bug17354 deleted file mode 100644 index 53da007fbb..0000000000 --- a/changes/bug17354 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (sandbox): - - Add the "hidserv-stats" filename to our sandbox filter for the - HiddenServiceStatistics option to work properly. Fixes bug 17354; - bugfix on tor-0.2.6.2-alpha~54^2~1. Patch from David Goulet. diff --git a/changes/bug17906 b/changes/bug17906 deleted file mode 100644 index fff76d1c59..0000000000 --- a/changes/bug17906 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (authorities): - - Update the V3 identity key for dannenberg, it was changed on - 18 November 2015. - Closes task #17906. Patch by "teor". diff --git a/changes/bug18089 b/changes/bug18089 deleted file mode 100644 index c1fb342f77..0000000000 --- a/changes/bug18089 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor fixes (security): - - Make memwipe() do nothing when passed a NULL pointer - or zero size. Check size argument to memwipe() for underflow. - Closes bug #18089. Reported by "gk", patch by "teor". - Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352), - commit 49dd5ef3 on 7 Nov 2012. diff --git a/changes/bug18162 b/changes/bug18162 deleted file mode 100644 index 0844d6f62f..0000000000 --- a/changes/bug18162 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (security, pointers): - - - Avoid a difficult-to-trigger heap corruption attack when extending - a smartlist to contain over 16GB of pointers. Fixes bug #18162; - bugfix on Tor 0.1.1.11-alpha, which fixed a related bug - incompletely. Reported by Guido Vranken. - diff --git a/changes/bug18710 b/changes/bug18710 deleted file mode 100644 index 269395563d..0000000000 --- a/changes/bug18710 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (DNS proxy): - - Stop a crash that could occur when a client running with DNSPort - received a query with multiple address types, where the first - address type was not supported. Found and fixed by Scott Dial. - Fixes bug 18710; bugfix on 0.2.5.4-alpha. - diff --git a/changes/bug20384 b/changes/bug20384 deleted file mode 100644 index 591015ad94..0000000000 --- a/changes/bug20384 +++ /dev/null @@ -1,10 +0,0 @@ - o Major features (security fixes): - - Prevent a class of security bugs caused by treating the contents - of a buffer chunk as if they were a NUL-terminated string. At - least one such bug seems to be present in all currently used - versions of Tor, and would allow an attacker to remotely crash - most Tor instances, especially those compiled with extra compiler - hardening. With this defense in place, such bugs can't crash Tor, - though we should still fix them as they occur. Closes ticket - 20384 (TROVE-2016-10-001). - diff --git a/changes/bug21018 b/changes/bug21018 deleted file mode 100644 index 49a8b47a25..0000000000 --- a/changes/bug21018 +++ /dev/null @@ -1,11 +0,0 @@ - o Major bugfixes (parsing, security): - - - Fix a bug in parsing that could cause clients to read a single - byte past the end of an allocated region. This bug could be - used to cause hardened clients (built with - --enable-expensive-hardening) to crash if they tried to visit - a hostile hidden service. Non-hardened clients are only - affected depending on the details of their platform's memory - allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by - using libFuzzer. Also tracked as TROVE-2016-12-002 and as - CVE-2016-1254. diff --git a/changes/bug22490 b/changes/bug22490 deleted file mode 100644 index 244dd50b36..0000000000 --- a/changes/bug22490 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (correctness): - - Avoid undefined behavior when parsing IPv6 entries from the geoip6 - file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. diff --git a/changes/geoip-april2016 b/changes/geoip-april2016 deleted file mode 100644 index 4cd03e556b..0000000000 --- a/changes/geoip-april2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the April 5 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-april2017 b/changes/geoip-april2017 deleted file mode 100644 index b489eaf016..0000000000 --- a/changes/geoip-april2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-august2016 b/changes/geoip-august2016 deleted file mode 100644 index 370ab64cac..0000000000 --- a/changes/geoip-august2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-december2016 b/changes/geoip-december2016 deleted file mode 100644 index 60754ea21d..0000000000 --- a/changes/geoip-december2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-february2016 b/changes/geoip-february2016 deleted file mode 100644 index 49a8041fad..0000000000 --- a/changes/geoip-february2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the February 2 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-february2017 b/changes/geoip-february2017 deleted file mode 100644 index ec54b6122a..0000000000 --- a/changes/geoip-february2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-january2016 b/changes/geoip-january2016 deleted file mode 100644 index fe2d5c7dc7..0000000000 --- a/changes/geoip-january2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-january2017 b/changes/geoip-january2017 deleted file mode 100644 index de1a4cbe2a..0000000000 --- a/changes/geoip-january2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-july2016 b/changes/geoip-july2016 deleted file mode 100644 index d9963bd6a8..0000000000 --- a/changes/geoip-july2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the July 6 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-jun2016 b/changes/geoip-jun2016 deleted file mode 100644 index 8d308f6f72..0000000000 --- a/changes/geoip-jun2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the June 7 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-march2016 b/changes/geoip-march2016 deleted file mode 100644 index d7b1bd42f9..0000000000 --- a/changes/geoip-march2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the March 3 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-march2017 b/changes/geoip-march2017 deleted file mode 100644 index 6dc92baa2f..0000000000 --- a/changes/geoip-march2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-may2016 b/changes/geoip-may2016 deleted file mode 100644 index 3fd42dce24..0000000000 --- a/changes/geoip-may2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the May 4 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-may2017 b/changes/geoip-may2017 deleted file mode 100644 index 4e504d7a0a..0000000000 --- a/changes/geoip-may2017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-november2016 b/changes/geoip-november2016 deleted file mode 100644 index 5190ed66f4..0000000000 --- a/changes/geoip-november2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-october2016 b/changes/geoip-october2016 deleted file mode 100644 index fff9a1eeb5..0000000000 --- a/changes/geoip-october2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/geoip-september2016 b/changes/geoip-september2016 deleted file mode 100644 index a14c7c699f..0000000000 --- a/changes/geoip-september2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/rsa_init_bug b/changes/rsa_init_bug deleted file mode 100644 index 6b5fb4f2f9..0000000000 --- a/changes/rsa_init_bug +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (key management): - - If OpenSSL fails to generate an RSA key, do not retain a dangling pointer - to the previous (uninitialized) key value. The impact here should be - limited to a difficult-to-trigger crash, if OpenSSL is running an - engine that makes key generation failures possible, or if OpenSSL runs - out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by - Yuan Jochen Kang, Suman Jana, and Baishakhi Ray. diff --git a/changes/trove-2017-001.2 b/changes/trove-2017-001.2 deleted file mode 100644 index 3ef073cf9f..0000000000 --- a/changes/trove-2017-001.2 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (parsing): - - Fix an integer underflow bug when comparing malformed Tor versions. - This bug is harmless, except when Tor has been built with - --enable-expensive-hardening, which would turn it into a crash; - or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with - -ftrapv by default. - Part of TROVE-2017-001. Fixes bug 21278; bugfix on - 0.0.8pre1. Found by OSS-Fuzz. diff --git a/changes/trove-2017-005 b/changes/trove-2017-005 deleted file mode 100644 index cebb013f86..0000000000 --- a/changes/trove-2017-005 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (hidden service, relay, security): - - Fix an assertion failure caused by receiving a BEGIN_DIR cell on - a hidden service rendezvous circuit. Fixes bug 22494, tracked as - TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found - by armadev. - - |