diff options
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bastet_v6 | 4 | ||||
| -rw-r--r-- | changes/bug18859 | 7 | ||||
| -rw-r--r-- | changes/bug23603 | 7 | ||||
| -rw-r--r-- | changes/bug23696 | 5 | ||||
| -rw-r--r-- | changes/bug24050 | 5 | ||||
| -rw-r--r-- | changes/bug24086 | 7 | ||||
| -rw-r--r-- | changes/bug24099 | 4 | ||||
| -rw-r--r-- | changes/bug24313 | 5 | ||||
| -rw-r--r-- | changes/bug24480 | 3 | ||||
| -rw-r--r-- | changes/bug24502 | 4 | ||||
| -rw-r--r-- | changes/bug24590 | 5 | ||||
| -rw-r--r-- | changes/stack | 7 | ||||
| -rw-r--r-- | changes/ticket23856 | 4 | ||||
| -rw-r--r-- | changes/ticket24500 | 3 | ||||
| -rw-r--r-- | changes/trove-2017-009 | 10 | ||||
| -rw-r--r-- | changes/trove-2017-010 | 6 | ||||
| -rw-r--r-- | changes/trove-2017-011 | 8 | ||||
| -rw-r--r-- | changes/trove-2017-012-part1 | 6 | ||||
| -rw-r--r-- | changes/trove-2017-012-part2 | 5 |
19 files changed, 105 insertions, 0 deletions
diff --git a/changes/bastet_v6 b/changes/bastet_v6 new file mode 100644 index 0000000000..ee4e2c8094 --- /dev/null +++ b/changes/bastet_v6 @@ -0,0 +1,4 @@ + o Minor features (directory authority): + - Add an IPv6 address for the "bastet" directory authority. + Closes ticket 24394. + diff --git a/changes/bug18859 b/changes/bug18859 new file mode 100644 index 0000000000..1fe5bc2107 --- /dev/null +++ b/changes/bug18859 @@ -0,0 +1,7 @@ + o Major bugfixes (circuit prediction): + - Fix circuit prediction logic so that a client doesn't treat a stream as + being "handled" by a circuit if that circuit already has isolation + settings on it that might make it incompatible with the stream. This + change should make Tor clients more responsive by improving their + chances of having a pre-created circuit ready for use when a new client + request arrives. Fixes bug 18859; bugfix on 0.2.3.3-alpha. diff --git a/changes/bug23603 b/changes/bug23603 new file mode 100644 index 0000000000..dfb2052c9a --- /dev/null +++ b/changes/bug23603 @@ -0,0 +1,7 @@ + o Minor bugfixes (hidden service v3): + - Fix a race between the circuit close and free where the service would + launch a new intro circuit after the close, and then fail to register it + before the free of the previously closed circuit. This was making the + service unable to find the established intro circuit and thus not upload + its descriptor. It can make a service unavailable for up to 24 hours. + Fixes bug 23603; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug23696 b/changes/bug23696 new file mode 100644 index 0000000000..c5d18583d4 --- /dev/null +++ b/changes/bug23696 @@ -0,0 +1,5 @@ + o Minor bugfix (KIST scheduler): + - Downgrade a warning to log info when the monotonic time diff is + negative. This can happen on platform not supporting monotonic time. The + scheduler recovers from this without any problem. Fixes bug 23696; + bugfix on 0.3.2.1-alpha. diff --git a/changes/bug24050 b/changes/bug24050 new file mode 100644 index 0000000000..d184a77ac0 --- /dev/null +++ b/changes/bug24050 @@ -0,0 +1,5 @@ + o Minor bugfixes (client): + - By default, do not enable storage of client-side DNS values. + These values were unused by default previously, but they should + not have been cached at all. Fixes bug 24050; bugfix on + 0.2.6.3-alpha. diff --git a/changes/bug24086 b/changes/bug24086 new file mode 100644 index 0000000000..2ae0b37e65 --- /dev/null +++ b/changes/bug24086 @@ -0,0 +1,7 @@ + o Minor bugfixes (directory cache): + - When a consensus diff calculation is only partially successful, only + record the successful parts as having succeeded. Partial success + can happen if (for example) one compression method fails but + the others succeed. Previously we misrecorded all the calculations as + having succeeded, which would later cause a nonfatal assertion failure. + Fixes bug 24086; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug24099 b/changes/bug24099 new file mode 100644 index 0000000000..dca3992664 --- /dev/null +++ b/changes/bug24099 @@ -0,0 +1,4 @@ + o Minor bugfixes (directory cache): + - Recover better from empty or corrupt files in the consensus cache + directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha. + diff --git a/changes/bug24313 b/changes/bug24313 new file mode 100644 index 0000000000..b927ec3ba6 --- /dev/null +++ b/changes/bug24313 @@ -0,0 +1,5 @@ + o Major bugfixes (security, hidden service v2): + - Fix a use-after-free error that could crash v2 Tor hidden services + when it failed to open circuits while expiring introductions + points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This + issue is also tracked as TROVE-2017-013 and CVE-2017-8823. diff --git a/changes/bug24480 b/changes/bug24480 new file mode 100644 index 0000000000..94e5b91a0c --- /dev/null +++ b/changes/bug24480 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Fix a signed/unsigned comparison warning introduced by our + fix to TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16. diff --git a/changes/bug24502 b/changes/bug24502 new file mode 100644 index 0000000000..3fa6fb58dd --- /dev/null +++ b/changes/bug24502 @@ -0,0 +1,4 @@ + o Minor bugfixes (scheduler): + - Properly set the scheduler state of an unopened channel in the KIST + scheduler main loop. This prevents a harmless but annoying log warning. + Fixes bug 24502; bugfix on 0.3.2.4-alpha. diff --git a/changes/bug24590 b/changes/bug24590 new file mode 100644 index 0000000000..77e039f8d2 --- /dev/null +++ b/changes/bug24590 @@ -0,0 +1,5 @@ + o Minor bugfixes (scheduler, KIST): + - Avoid a possible integer overflow when computing the available space on + the TCP buffer of a channel. This has no security implications but can + make KIST not behave properly by allowing more cells on a already + saturated connection. Fixes bug 24590; bugfix on 0.3.2.1-alpha. diff --git a/changes/stack b/changes/stack new file mode 100644 index 0000000000..ffdf536cb9 --- /dev/null +++ b/changes/stack @@ -0,0 +1,7 @@ + o Minor bugfixes (correctness): + - Fix several places in our codebase where a C compiler would be likely + to eliminate a check, based on assuming that undefined behavior had not + happened elsewhere in the code. These cases are usually a sign of + redundant checking, or dubious arithmetic. Found by Georg Koppen using + the "STACK" tool from Wang, Zeldovich, Kaashoek, and + Solar-Lezama. Fixes bug 24423; bugfix on various Tor versions. diff --git a/changes/ticket23856 b/changes/ticket23856 new file mode 100644 index 0000000000..049da18d06 --- /dev/null +++ b/changes/ticket23856 @@ -0,0 +1,4 @@ + o Minor feature (relay statistics): + - Change relay bandwidth reporting stats interval from 4 hours to 24 hours + in order to reduce the efficiency of guard discovery attacks. Fixes + ticket 23856. diff --git a/changes/ticket24500 b/changes/ticket24500 new file mode 100644 index 0000000000..b49b7a5551 --- /dev/null +++ b/changes/ticket24500 @@ -0,0 +1,3 @@ + o Minor features (logging): + - Provide better warnings when the getrandom() syscall fails. + Closes ticket 24500. diff --git a/changes/trove-2017-009 b/changes/trove-2017-009 new file mode 100644 index 0000000000..166a5faec6 --- /dev/null +++ b/changes/trove-2017-009 @@ -0,0 +1,10 @@ + o Major bugfixes (security): + - When checking for replays in the INTRODUCE1 cell data for a (legacy) + hiddden service, correctly detect replays in the RSA-encrypted part of + the cell. We were previously checking for replays on the entire cell, + but those can be circumvented due to the malleability of Tor's legacy + hybrid encryption. This fix helps prevent a traffic confirmation + attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also + tracked as TROVE-2017-009 and CVE-2017-8819. + + diff --git a/changes/trove-2017-010 b/changes/trove-2017-010 new file mode 100644 index 0000000000..d5bf9333da --- /dev/null +++ b/changes/trove-2017-010 @@ -0,0 +1,6 @@ + o Major bugfixes (security): + - Fix a denial-of-service issue where an attacker could crash + a directory authority using a malformed router descriptor. + Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked + as TROVE-2017-010 and CVE-2017-8820. + diff --git a/changes/trove-2017-011 b/changes/trove-2017-011 new file mode 100644 index 0000000000..82d20d9e78 --- /dev/null +++ b/changes/trove-2017-011 @@ -0,0 +1,8 @@ + o Major bugfixes (security): + - Fix a denial of service bug where an attacker could use a malformed + directory object to cause a Tor instance to pause while OpenSSL would + try to read a passphrase from the terminal. (If the terminal was not + available, tor would continue running.) Fixes bug 24246; bugfix on + every version of Tor. Also tracked as TROVE-2017-011 and + CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720. + diff --git a/changes/trove-2017-012-part1 b/changes/trove-2017-012-part1 new file mode 100644 index 0000000000..9fccc2cf65 --- /dev/null +++ b/changes/trove-2017-012-part1 @@ -0,0 +1,6 @@ + o Major bugfixes (security, relay): + - When running as a relay, make sure that we never build a path through + ourselves, even in the case where we have somehow lost the version of + our descriptor appearing in the consensus. Fixes part of bug 21534; + bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 + and CVE-2017-8822. diff --git a/changes/trove-2017-012-part2 b/changes/trove-2017-012-part2 new file mode 100644 index 0000000000..ed994c5b02 --- /dev/null +++ b/changes/trove-2017-012-part2 @@ -0,0 +1,5 @@ + o Major bugfixes (security, relay): + - When running as a relay, make sure that we never ever choose ourselves + as a guard. Previously, this was possible. Fixes part of bug 21534; + bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012 + and CVE-2017-8822. |