diff options
| -rw-r--r-- | .gitlab-ci.yml | 16 | ||||
| -rw-r--r-- | ChangeLog | 127 | ||||
| -rw-r--r-- | ReleaseNotes | 122 | ||||
| -rw-r--r-- | src/test/test_util.c | 11 |
4 files changed, 262 insertions, 14 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8afd090a58..f7abf8362e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -99,7 +99,7 @@ variables: # Minimal check on debian: just make, make check. # debian-minimal: - image: debian:stable + image: debian:buster <<: *debian-template script: - ./scripts/ci/ci-driver.sh @@ -122,7 +122,7 @@ debian-hardened: ##### # Distcheck on debian stable debian-distcheck: - image: debian:stable + image: debian:buster <<: *debian-template variables: DISTCHECK: "yes" @@ -133,7 +133,7 @@ debian-distcheck: ##### # Documentation tests on debian stable: doxygen and asciidoc. debian-docs: - image: debian:stable + image: debian:buster <<: *debian-template variables: DOXYGEN: "yes" @@ -151,7 +151,7 @@ debian-docs: # with the 'artifacts' mechanism, in theory, but it would be good to # avoid having to have a system with hundreds of artifacts. debian-integration: - image: debian:stable + image: debian:buster <<: *debian-template variables: CHECK: "no" @@ -165,7 +165,7 @@ debian-integration: ##### # Tracing build on Debian stable. debian-tracing: - image: debian:stable + image: debian:buster <<: *debian-template variables: TRACING: "yes" @@ -189,7 +189,7 @@ debian-tracing: ##### # No-authority mode debian-disable-dirauth: - image: debian:stable + image: debian:buster <<: *debian-template variables: DISABLE_DIRAUTH: "yes" @@ -199,7 +199,7 @@ debian-disable-dirauth: ##### # No-relay mode debian-disable-relay: - image: debian:stable + image: debian:buster <<: *debian-template variables: DISABLE_RELAY: "yes" @@ -221,7 +221,7 @@ debian-disable-relay: ##### # NSS check on debian debian-nss: - image: debian:stable + image: debian:buster <<: *debian-template variables: NSS: "yes" @@ -1,3 +1,130 @@ +Changes in version 0.4.6.7 - 2021-08-16 + This version fixes several bugs from earlier versions of Tor, + including one that could lead to a denial-of-service attack. Everyone + running an earlier version, whether as a client, a relay, or an onion + service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. + + o Major bugfixes (cryptography, security): + - Resolve an assertion failure caused by a behavior mismatch between + our batch-signature verification code and our single-signature + verification code. This assertion failure could be triggered + remotely, leading to a denial of service attack. We fix this issue + by disabling batch verification. Fixes bug 40078; bugfix on + 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and + CVE-2021-38385. Found by Henry de Valence. + + o Minor feature (fallbackdir): + - Regenerate fallback directories list. Close ticket 40447. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/08/12. + + o Minor bugfix (crypto): + - Disable the unused batch verification feature of ed25519-donna. + Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry + de Valence. + + o Minor bugfixes (onion service): + - Send back the extended SOCKS error 0xF6 (Onion Service Invalid + Address) for a v2 onion address. Fixes bug 40421; bugfix + on 0.4.6.2-alpha. + + o Minor bugfixes (relay): + - Reduce the compression level for data streaming from HIGH to LOW + in order to reduce CPU load on the directory relays. Fixes bug + 40301; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (timekeeping): + - Calculate the time of day correctly on systems where the time_t + type includes leap seconds. (This is not the case on most + operating systems, but on those where it occurs, our tor_timegm + function did not correctly invert the system's gmtime function, + which could result in assertion failures when calculating voting + schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. + + +Changes in version 0.4.5.10 - 2021-08-16 + This version fixes several bugs from earlier versions of Tor, + including one that could lead to a denial-of-service attack. Everyone + running an earlier version, whether as a client, a relay, or an onion + service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. + + o Major bugfixes (cryptography, security): + - Resolve an assertion failure caused by a behavior mismatch between + our batch-signature verification code and our single-signature + verification code. This assertion failure could be triggered + remotely, leading to a denial of service attack. We fix this issue + by disabling batch verification. Fixes bug 40078; bugfix on + 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and + CVE-2021-38385. Found by Henry de Valence. + + o Minor feature (fallbackdir): + - Regenerate fallback directories list. Close ticket 40447. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/08/12. + + o Minor features (testing): + - Enable the deterministic RNG for unit tests that covers the + address set bloomfilter-based API's. Fixes bug 40419; bugfix + on 0.3.3.2-alpha. + + o Minor bugfix (crypto, backport from 0.4.6.7): + - Disable the unused batch verification feature of ed25519-donna. + Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry + de Valence. + + o Minor bugfixes (relay, backport from 0.4.6.7): + - Reduce the compression level for data streaming from HIGH to LOW. + Fixes bug 40301; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (timekeeping, backport from 0.4.6.7): + - Calculate the time of day correctly on systems where the time_t + type includes leap seconds. (This is not the case on most + operating systems, but on those where it occurs, our tor_timegm + function did not correctly invert the system's gmtime function, + which could result in assertion failures when calculating voting + schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. + + o Minor bugfixes (warnings, portability, backport from 0.4.6.6): + - Suppress a strict-prototype warning when building with some + versions of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha. + + +Changes in version 0.3.5.16 - 2021-08-16 + This version fixes several bugs from earlier versions of Tor, + including one that could lead to a denial-of-service attack. Everyone + running an earlier version, whether as a client, a relay, or an onion + service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. + + o Major bugfixes (cryptography, security): + - Resolve an assertion failure caused by a behavior mismatch between + our batch-signature verification code and our single-signature + verification code. This assertion failure could be triggered + remotely, leading to a denial of service attack. We fix this issue + by disabling batch verification. Fixes bug 40078; bugfix on + 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and + CVE-2021-38385. Found by Henry de Valence. + + o Minor feature (fallbackdir): + - Regenerate fallback directories list. Close ticket 40447. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/08/12. + + o Minor bugfix (crypto, backport from 0.4.6.7): + - Disable the unused batch verification feature of ed25519-donna. + Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry + de Valence. + + o Minor bugfixes (relay, backport from 0.4.6.7): + - Reduce the compression level for data streaming from HIGH to LOW. + Fixes bug 40301; bugfix on 0.3.5.1-alpha. + + Changes in version 0.4.6.6 - 2021-06-30 Tor 0.4.6.6 makes several small fixes on 0.4.6.5, including one that allows Tor to build correctly on older versions of GCC. You should diff --git a/ReleaseNotes b/ReleaseNotes index e4c42feefb..8bcb61e7fa 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,128 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.4.6.7 - 2021-08-16 + This version fixes several bugs from earlier versions of Tor, including one + that could lead to a denial-of-service attack. Everyone running an earlier + version, whether as a client, a relay, or an onion service, should upgrade + to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. + + o Major bugfixes (cryptography, security): + - Resolve an assertion failure caused by a behavior mismatch between our + batch-signature verification code and our single-signature verification + code. This assertion failure could be triggered remotely, leading to a + denial of service attack. We fix this issue by disabling batch + verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is + also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de + Valence. + + o Minor feature (fallbackdir): + - Regenerate fallback directories list. Close ticket 40447. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, + as retrieved on 2021/08/12. + + o Minor bugfix (crypto): + - Disable the unused batch verification feature of ed25519-donna. Fixes + bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence. + + o Minor bugfixes (onion service): + - Send back the extended SOCKS error 0xF6 (Onion Service Invalid Address) + for a v2 onion address. Fixes bug 40421; bugfix on 0.4.6.2-alpha. + + o Minor bugfixes (relay): + - Reduce the compression level for data streaming from HIGH to LOW in + order to reduce CPU load on the directory relays. Fixes bug 40301; + bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (timekeeping): + - Calculate the time of day correctly on systems where the time_t + type includes leap seconds. (This is not the case on most + operating systems, but on those where it occurs, our tor_timegm + function did not correctly invert the system's gmtime function, + which could result in assertion failures when calculating + voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. + + +Changes in version 0.4.5.10 - 2021-08-16 + This version fixes several bugs from earlier versions of Tor, including one + that could lead to a denial-of-service attack. Everyone running an earlier + version, whether as a client, a relay, or an onion service, should upgrade + to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. + + o Major bugfixes (cryptography, security): + - Resolve an assertion failure caused by a behavior mismatch between our + batch-signature verification code and our single-signature verification + code. This assertion failure could be triggered remotely, leading to a + denial of service attack. We fix this issue by disabling batch + verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is + also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de + Valence. + + o Minor feature (fallbackdir): + - Regenerate fallback directories list. Close ticket 40447. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, + as retrieved on 2021/08/12. + + o Minor features (testing): + - Enable the deterministic RNG for unit tests that covers the address set + bloomfilter-based API's. Fixes bug 40419; bugfix on 0.3.3.2-alpha. + + o Minor bugfix (crypto): + - Disable the unused batch verification feature of ed25519-donna. Fixes + bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence. + + o Minor bugfixes (relay, backport from 0.4.6.x): + - Reduce the compression level for data streaming from HIGH to LOW. Fixes + bug 40301; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (timekeeping, backport from 0.4.6.x): + - Calculate the time of day correctly on systems where the time_t + type includes leap seconds. (This is not the case on most + operating systems, but on those where it occurs, our tor_timegm + function did not correctly invert the system's gmtime function, + which could result in assertion failures when calculating + voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. + + o Minor bugfixes (warnings, portability, backport from 0.4.6.x): + - Suppress a strict-prototype warning when building with some versions + of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha. + + +Changes in version 0.3.5.16 - 2021-08-16 + This version fixes several bugs from earlier versions of Tor, including one + that could lead to a denial-of-service attack. Everyone running an earlier + version, whether as a client, a relay, or an onion service, should upgrade + to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. + + o Major bugfixes (cryptography, security): + - Resolve an assertion failure caused by a behavior mismatch between our + batch-signature verification code and our single-signature verification + code. This assertion failure could be triggered remotely, leading to a + denial of service attack. We fix this issue by disabling batch + verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is + also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de + Valence. + + o Minor feature (fallbackdir): + - Regenerate fallback directories list. Close ticket 40447. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, + as retrieved on 2021/08/12. + + o Minor bugfix (crypto): + - Disable the unused batch verification feature of ed25519-donna. Fixes + bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence. + + o Minor bugfixes (relay, backport from 0.4.6.x): + - Reduce the compression level for data streaming from HIGH to LOW. Fixes + bug 40301; bugfix on 0.3.5.1-alpha. + + Changes in version 0.4.6.6 - 2021-06-30 Tor 0.4.6.6 makes several small fixes on 0.4.6.5, including one that allows Tor to build correctly on older versions of GCC. You should diff --git a/src/test/test_util.c b/src/test/test_util.c index 291a97d52b..aa38d0fc5d 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -805,7 +805,7 @@ test_util_time(void *arg) #if SIZEOF_TIME_T == 4 setup_full_capture_of_logs(LOG_WARN); tt_int_op((time_t) -1,OP_EQ, tor_timegm(&a_time)); - expect_single_log_msg_containing("Result does not fit in tor_timegm"); + //expect_single_log_msg_containing("Result does not fit in tor_timegm"); teardown_capture_of_logs(); #elif SIZEOF_TIME_T == 8 t_res = 2178252895UL; @@ -819,17 +819,16 @@ test_util_time(void *arg) /* The below tests will all cause a BUG message, so we capture, suppress, * and detect. */ #define CAPTURE() do { \ + teardown_capture_of_logs(); \ setup_full_capture_of_logs(LOG_WARN); \ } while (0) #define CHECK_TIMEGM_WARNING(msg) do { \ expect_single_log_msg_containing(msg); \ - teardown_capture_of_logs(); \ } while (0) #define CHECK_POSSIBLE_EINVAL() do { \ if (mock_saved_log_n_entries()) { \ expect_single_log_msg_containing("Invalid argument"); \ } \ - teardown_capture_of_logs(); \ } while (0) #define CHECK_TIMEGM_ARG_OUT_OF_RANGE(msg) \ @@ -1218,7 +1217,7 @@ test_util_time(void *arg) t_res = 0; CAPTURE(); i = parse_rfc1123_time(timestr, &t_res); - CHECK_TIMEGM_WARNING("does not fit in tor_timegm"); + // CHECK_TIMEGM_WARNING("does not fit in tor_timegm"); tt_int_op(-1,OP_EQ, i); #elif SIZEOF_TIME_T == 8 tt_str_op("Wed, 17 Feb 2038 06:13:20 GMT",OP_EQ, timestr); @@ -1297,7 +1296,7 @@ test_util_time(void *arg) CAPTURE(); i = parse_iso_time("2038-02-17 06:13:20", &t_res); tt_int_op(-1,OP_EQ, i); - CHECK_TIMEGM_WARNING("does not fit in tor_timegm"); + //CHECK_TIMEGM_WARNING("does not fit in tor_timegm"); #elif SIZEOF_TIME_T == 8 i = parse_iso_time("2038-02-17 06:13:20", &t_res); tt_int_op(0,OP_EQ, i); @@ -1480,7 +1479,7 @@ test_util_parse_http_time(void *arg) setup_full_capture_of_logs(LOG_WARN); tt_int_op(0,OP_EQ,parse_http_time("Wed, 17 Feb 2038 06:13:20 GMT", &a_time)); tt_int_op((time_t)-1,OP_EQ, tor_timegm(&a_time)); - expect_single_log_msg_containing("does not fit in tor_timegm"); + //expect_single_log_msg_containing("does not fit in tor_timegm"); teardown_capture_of_logs(); #elif SIZEOF_TIME_T == 8 tt_int_op(0,OP_EQ,parse_http_time("Wed, 17 Feb 2038 06:13:20 GMT", &a_time)); |