diff options
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bastet_v6 | 4 | ||||
| -rw-r--r-- | changes/bug18329-minimal | 6 | ||||
| -rw-r--r-- | changes/bug21074_downgrade | 4 | ||||
| -rw-r--r-- | changes/bug21394 | 9 | ||||
| -rw-r--r-- | changes/bug23985 | 9 | ||||
| -rw-r--r-- | changes/bug24167 | 7 | ||||
| -rw-r--r-- | changes/bug24313 | 5 | ||||
| -rw-r--r-- | changes/bug24480 | 3 | ||||
| -rw-r--r-- | changes/bug24633 | 5 | ||||
| -rw-r--r-- | changes/bug24666 | 7 | ||||
| -rw-r--r-- | changes/bug24736 | 6 | ||||
| -rw-r--r-- | changes/bug24895 | 8 | ||||
| -rw-r--r-- | changes/bug24978 | 7 | ||||
| -rw-r--r-- | changes/geoip-2017-12-06 | 4 | ||||
| -rw-r--r-- | changes/geoip-2018-01-05 | 4 | ||||
| -rw-r--r-- | changes/geoip-2018-02-07 | 4 | ||||
| -rw-r--r-- | changes/ticket23856 | 4 | ||||
| -rw-r--r-- | changes/ticket24315 | 3 | ||||
| -rw-r--r-- | changes/ticket24681 | 6 | ||||
| -rw-r--r-- | changes/ticket_24801 | 5 | ||||
| -rw-r--r-- | changes/trove-2017-009 | 10 | ||||
| -rw-r--r-- | changes/trove-2017-010 | 6 | ||||
| -rw-r--r-- | changes/trove-2017-011 | 8 | ||||
| -rw-r--r-- | changes/trove-2017-012-part1 | 6 |
24 files changed, 140 insertions, 0 deletions
diff --git a/changes/bastet_v6 b/changes/bastet_v6 new file mode 100644 index 0000000000..ee4e2c8094 --- /dev/null +++ b/changes/bastet_v6 @@ -0,0 +1,4 @@ + o Minor features (directory authority): + - Add an IPv6 address for the "bastet" directory authority. + Closes ticket 24394. + diff --git a/changes/bug18329-minimal b/changes/bug18329-minimal new file mode 100644 index 0000000000..804c4e8dd1 --- /dev/null +++ b/changes/bug18329-minimal @@ -0,0 +1,6 @@ + o Minor features (bridge): + - Bridges now include notice in their descriptors that they are bridges, + and notice of their distribution status, based on their publication + settings. Implements ticket 18329. For more fine-grained control of + how a bridge is distributed, upgrade to 0.3.2.x or later. + diff --git a/changes/bug21074_downgrade b/changes/bug21074_downgrade new file mode 100644 index 0000000000..c9f81bd137 --- /dev/null +++ b/changes/bug21074_downgrade @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Don't exit the Tor process if setrlimit() fails to change the file + limit (which can happen sometimes on some versions of OSX). Fixes + bug 21074; bugfix on 0.0.9pre5. diff --git a/changes/bug21394 b/changes/bug21394 new file mode 100644 index 0000000000..e5452e20ba --- /dev/null +++ b/changes/bug21394 @@ -0,0 +1,9 @@ + o Major bugfixes (Exit nodes): + - Fix an issue causing high-bandwidth exit nodes to fail a majority + or all of their DNS requests, making them basically unsuitable for + regular usage in Tor circuits. The problem is related to + libevent's DNS handling, but we can work around it in Tor. Fixes + bugs 21394 and 18580; bugfix on 0.1.2.2-alpha which introduced + eventdns. Credit goes to Dhalgren for identifying and finding a + workaround to this bug and to gamambel, arthuredelstein and + arma in helping to track it down and analyze it. diff --git a/changes/bug23985 b/changes/bug23985 new file mode 100644 index 0000000000..9cb5937962 --- /dev/null +++ b/changes/bug23985 @@ -0,0 +1,9 @@ + o Minor bugfixes (bootstrapping): + - Fetch descriptors aggressively whenever we lack enough + to build circuits, regardless of how many descriptors we are missing. + Previously, we would delay launching the fetch when we had fewer than + 15 missing descriptors, even if some of those descriptors were + blocking circuits from building. Fixes bug 23985; bugfix on + 0.1.1.11-alpha. The effects of this bug became worse in 0.3.0.3-alpha, + when we began treating missing descriptors from our primary guards + as a reason to delay circuits. diff --git a/changes/bug24167 b/changes/bug24167 new file mode 100644 index 0000000000..fd0d87efff --- /dev/null +++ b/changes/bug24167 @@ -0,0 +1,7 @@ + o Minor bugfixes (network layer): + - When closing a connection via close_connection_immediately(), we + mark it as "not blocked on bandwidth", to prevent later calls + from trying to unblock it, and give it permission to read. This + fixes a backtrace warning that can happen on relays under various + circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc. + diff --git a/changes/bug24313 b/changes/bug24313 new file mode 100644 index 0000000000..b927ec3ba6 --- /dev/null +++ b/changes/bug24313 @@ -0,0 +1,5 @@ + o Major bugfixes (security, hidden service v2): + - Fix a use-after-free error that could crash v2 Tor hidden services + when it failed to open circuits while expiring introductions + points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This + issue is also tracked as TROVE-2017-013 and CVE-2017-8823. diff --git a/changes/bug24480 b/changes/bug24480 new file mode 100644 index 0000000000..94e5b91a0c --- /dev/null +++ b/changes/bug24480 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Fix a signed/unsigned comparison warning introduced by our + fix to TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16. diff --git a/changes/bug24633 b/changes/bug24633 new file mode 100644 index 0000000000..028c7cc143 --- /dev/null +++ b/changes/bug24633 @@ -0,0 +1,5 @@ + o Minor bugfixes (portability, msvc): + - Fix a bug in the bit-counting parts of our timing-wheel code on + MSVC. (Note that MSVC is still not a supported build platform, + due to cyptographic timing channel risks.) Fixes bug 24633; + bugfix on 0.2.9.1-alpha. diff --git a/changes/bug24666 b/changes/bug24666 new file mode 100644 index 0000000000..830775f5f6 --- /dev/null +++ b/changes/bug24666 @@ -0,0 +1,7 @@ + o Minor bugfixes (memory usage): + + - When queuing DESTROY cells on a channel, only queue the + circuit-id and reason fields: not the entire 514-byte + cell. This fix should help mitigate any bugs or attacks that + fill up these queues, and free more RAM for other uses. Fixes + bug 24666; bugfix on 0.2.5.1-alpha. diff --git a/changes/bug24736 b/changes/bug24736 new file mode 100644 index 0000000000..632560932a --- /dev/null +++ b/changes/bug24736 @@ -0,0 +1,6 @@ + o Minor bugfixes (address selection): + - When the fascist_firewall_choose_address_ functions don't find a + reachable address, set the returned address to the null address and port. + This is a precautionary measure, because some callers do not check the + return value. + Fixes bug 24736; bugfix on 0.2.8.2-alpha. diff --git a/changes/bug24895 b/changes/bug24895 new file mode 100644 index 0000000000..7edde94a0b --- /dev/null +++ b/changes/bug24895 @@ -0,0 +1,8 @@ + o Major bugfixes (onion services): + - Fix an "off by 2" error in counting rendezvous failures on the onion + service side. While we thought we would stop the rendezvous attempt + after one failed circuit, we were actually making three circuit attempts + before giving up. Now switch to a default of 2, and allow the consensus + parameter "hs_service_max_rdv_failures" to override. Fixes bug 24895; + bugfix on 0.0.6. + diff --git a/changes/bug24978 b/changes/bug24978 new file mode 100644 index 0000000000..5dc45c7442 --- /dev/null +++ b/changes/bug24978 @@ -0,0 +1,7 @@ + o Minor features (compatibility, OpenSSL): + - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released. + Previous versions of Tor would not have worked with OpenSSL + 1.1.1, since they neither disabled TLS 1.3 nor enabled any of the + ciphersuites it requires. Here we enable the TLS 1.3 ciphersuites. + Closes ticket 24978. + diff --git a/changes/geoip-2017-12-06 b/changes/geoip-2017-12-06 new file mode 100644 index 0000000000..ae4fb1149f --- /dev/null +++ b/changes/geoip-2017-12-06 @@ -0,0 +1,4 @@ + o Minor features (geoip): + - Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-2018-01-05 b/changes/geoip-2018-01-05 new file mode 100644 index 0000000000..59aba02d09 --- /dev/null +++ b/changes/geoip-2018-01-05 @@ -0,0 +1,4 @@ + o Minor features (geoip): + - Update geoip and geoip6 to the January 5 2018 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-2018-02-07 b/changes/geoip-2018-02-07 new file mode 100644 index 0000000000..f45228fd76 --- /dev/null +++ b/changes/geoip-2018-02-07 @@ -0,0 +1,4 @@ + o Minor features (geoip): + - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2 + Country database. + diff --git a/changes/ticket23856 b/changes/ticket23856 new file mode 100644 index 0000000000..049da18d06 --- /dev/null +++ b/changes/ticket23856 @@ -0,0 +1,4 @@ + o Minor feature (relay statistics): + - Change relay bandwidth reporting stats interval from 4 hours to 24 hours + in order to reduce the efficiency of guard discovery attacks. Fixes + ticket 23856. diff --git a/changes/ticket24315 b/changes/ticket24315 new file mode 100644 index 0000000000..df34dbf412 --- /dev/null +++ b/changes/ticket24315 @@ -0,0 +1,3 @@ + o Major features (linux seccomp2 sandbox): + - Update the sandbox rules so that they should now work correctly with + Glibc 2.26. Closes ticket 24315. diff --git a/changes/ticket24681 b/changes/ticket24681 new file mode 100644 index 0000000000..cc0a42b2e0 --- /dev/null +++ b/changes/ticket24681 @@ -0,0 +1,6 @@ + o Minor features (fallback directory mirrors): + - Make the default DirAuthorityFallbackRate 0.1, so that clients on the + public tor network prefer to bootstrap off fallback directory mirrors. + This is a follow-up to 24679, which removed weights from the default + fallbacks. + Implements ticket 24681. diff --git a/changes/ticket_24801 b/changes/ticket_24801 new file mode 100644 index 0000000000..f5f6c831af --- /dev/null +++ b/changes/ticket_24801 @@ -0,0 +1,5 @@ + o Minor features (new fallback directories): + - The fallback directory list has been re-generated based on the + current status of the network. Tor uses fallback directories to + bootstrap it doesn't yet have up-to-date directory + information. Closes ticket 24801. diff --git a/changes/trove-2017-009 b/changes/trove-2017-009 new file mode 100644 index 0000000000..166a5faec6 --- /dev/null +++ b/changes/trove-2017-009 @@ -0,0 +1,10 @@ + o Major bugfixes (security): + - When checking for replays in the INTRODUCE1 cell data for a (legacy) + hiddden service, correctly detect replays in the RSA-encrypted part of + the cell. We were previously checking for replays on the entire cell, + but those can be circumvented due to the malleability of Tor's legacy + hybrid encryption. This fix helps prevent a traffic confirmation + attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also + tracked as TROVE-2017-009 and CVE-2017-8819. + + diff --git a/changes/trove-2017-010 b/changes/trove-2017-010 new file mode 100644 index 0000000000..d5bf9333da --- /dev/null +++ b/changes/trove-2017-010 @@ -0,0 +1,6 @@ + o Major bugfixes (security): + - Fix a denial-of-service issue where an attacker could crash + a directory authority using a malformed router descriptor. + Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked + as TROVE-2017-010 and CVE-2017-8820. + diff --git a/changes/trove-2017-011 b/changes/trove-2017-011 new file mode 100644 index 0000000000..82d20d9e78 --- /dev/null +++ b/changes/trove-2017-011 @@ -0,0 +1,8 @@ + o Major bugfixes (security): + - Fix a denial of service bug where an attacker could use a malformed + directory object to cause a Tor instance to pause while OpenSSL would + try to read a passphrase from the terminal. (If the terminal was not + available, tor would continue running.) Fixes bug 24246; bugfix on + every version of Tor. Also tracked as TROVE-2017-011 and + CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720. + diff --git a/changes/trove-2017-012-part1 b/changes/trove-2017-012-part1 new file mode 100644 index 0000000000..9fccc2cf65 --- /dev/null +++ b/changes/trove-2017-012-part1 @@ -0,0 +1,6 @@ + o Major bugfixes (security, relay): + - When running as a relay, make sure that we never build a path through + ourselves, even in the case where we have somehow lost the version of + our descriptor appearing in the consensus. Fixes part of bug 21534; + bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 + and CVE-2017-8822. |