commit 1826ff6532804c2c074ade36a70262f986cfb3e3 Author: Nick Mathewson nickm@torproject.org Date: Thu Mar 1 16:41:17 2018 -0500
Draft changelog for 0.2.9.15 --- ChangeLog | 36 ++++++++++++++++++++++++++++++++++-- changes/bug25249 | 3 --- changes/bug25249.2 | 3 --- changes/trove-2018-001.1 | 6 ------ changes/trove-2018-004 | 8 -------- 5 files changed, 34 insertions(+), 22 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 6a3332f39..c3144378e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,25 @@ Changes in version 0.2.9.15 - 2018-03-xx Tor 0.2.9.15 backports important security and stability bugfixes from - later Tor releases. All Tor users should upgrade to this release, or - to another of the releases coming out today. + later Tor releases. + + It includes an important security fix for a remote crash attack + against directory authorities, tracked as TROVE-2018-001. + + This release also backports our new system for improved resistance to + denial-of-service attacks against relays. + + This release also fixes several minor bugs and annoyances from + earlier releases. + + All directory authorities should upgrade to one of the versions + released today. All relays not already running Tor 0.3.3.2-alpha or + later should upgrade to one of the versions released today. + + o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha): + - Fix a protocol-list handling bug that could be used to remotely crash + directory authorities with a null-pointer exception. Fixes bug 25074; + bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and + CVE-2018-0490.
o Major features (denial-of-service mitigation): - Give relays some defenses against the recent network overload. We @@ -98,6 +116,14 @@ with the OwningControllerProcess feature. Fixes bug 24198; bugfix on 0.2.5.1-alpha.
+ o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha): + - Fix a possible crash on malformed consensus. If a consensus had + contained an unparseable protocol line, it could have made clients + and relays crash with a null-pointer exception. To exploit this + issue, however, an attacker would need to be able to subvert the + directory authority system. Fixes bug 25251; bugfix on + 0.2.9.4-alpha. Also tracked as TROVE-2018-004. + o Minor bugfixes (memory usage): - When queuing DESTROY cells on a channel, only queue the circuit-id and reason fields: not the entire 514-byte cell. This fix should @@ -142,6 +168,12 @@ the other side ever sent a create_fast cell to us. Backports part of the fixes from bugs 22805 and 24898.
+ o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha): + - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on + 0.2.9.4-alpha. + - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249; + bugfix on 0.2.9.4-alpha. +
Changes in version 0.2.9.14 - 2017-12-01 Tor 0.2.9.14 backports important security and stability bugfixes from diff --git a/changes/bug25249 b/changes/bug25249 deleted file mode 100644 index b4153eeae..000000000 --- a/changes/bug25249 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (spec conformance): - - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on - 0.2.9.4-alpha. diff --git a/changes/bug25249.2 b/changes/bug25249.2 deleted file mode 100644 index 9058c1107..000000000 --- a/changes/bug25249.2 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (spec conformance): - - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249; - bugfix on 0.2.9.4-alpha. diff --git a/changes/trove-2018-001.1 b/changes/trove-2018-001.1 deleted file mode 100644 index f0ee92f40..000000000 --- a/changes/trove-2018-001.1 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (denial-of-service, directory authority): - - Fix a protocol-list handling bug that could be used to remotely crash - directory authorities with a null-pointer exception. Fixes bug 25074; - bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001. - - diff --git a/changes/trove-2018-004 b/changes/trove-2018-004 deleted file mode 100644 index 37e0a89b0..000000000 --- a/changes/trove-2018-004 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (denial-of-service): - - Fix a possible crash on malformed consensus. If a consensus had - contained an unparseable protocol line, it could have made clients - and relays crash with a null-pointer exception. To exploit this - issue, however, an attacker would need to be able to subvert the - directory-authority system. Fixes bug 25251; bugfix on - 0.2.9.4-alpha. Also tracked as TROVE-2018-004. -