commit 15b0980bd7b840c8d2de134e56a09dadf7b4683e Author: Nick Mathewson nickm@torproject.org Date: Thu Jun 10 13:13:29 2021 -0400

Fold entries into changelog and releasenotes --- ChangeLog | 37 +++++++++++++++++++++++++++++++++++++ ReleaseNotes | 37 +++++++++++++++++++++++++++++++++++++ changes/bug40391 | 9 --------- changes/bug40392 | 4 ---- changes/geoip-2021-06-10 | 3 --- changes/ticket40389 | 3 --- changes/ticket40390 | 8 -------- 7 files changed, 74 insertions(+), 27 deletions(-)

diff --git a/ChangeLog b/ChangeLog index 7169fd1a4d..2420b77780 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,43 @@ Changes in version 0.4.6.5 - 2021-06-1? Below are the changes since 0.4.6.4-rc. For a complete list of changes since 0.4.5.8, see the ReleaseNotes file.

+ o Major bugfixes (security): + - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on + half-closed streams. Previously, clients failed to validate which + hop sent these cells: this would allow a relay on a circuit to end + a stream that wasn't actually built with it. Fixes bug 40389; + bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- + 003 and CVE-2021-34548. + + o Major bugfixes (security, defense-in-depth): + - Detect more failure conditions from the OpenSSL RNG code. + Previously, we would detect errors from a missing RNG + implementation, but not failures from the RNG code itself. + Fortunately, it appears those failures do not happen in practice + when Tor is using OpenSSL's default RNG implementation. Fixes bug + 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as + TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. + + o Major bugfixes (security, denial of service): + - Resist a hashtable-based CPU denial-of-service attack against + relays. Previously we used a naive unkeyed hash function to look + up circuits in a circuitmux object. An attacker could exploit this + to construct circuits with chosen circuit IDs, to create + collisions and make the hash table inefficient. Now we use a + SipHash construction here instead. Fixes bug 40391; bugfix on + 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and + CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. + - Fix an out-of-bounds memory access in v3 onion service descriptor + parsing. An attacker could exploit this bug by crafting an onion + service descriptor that would crash any client that tried to visit + it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also + tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei + Glazunov from Google's Project Zero. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/06/10. + o Minor features (logging, diagnostic): - Log decompression failures at a higher severity level, since they can help provide missing context for other warning messages. We diff --git a/ReleaseNotes b/ReleaseNotes index d567fa4463..7c6da85d05 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -8,6 +8,39 @@ Changes in version 0.4.6.5 - 2021-06-1? Below are the changes since 0.4.5.8. For a list of changes since 0.4.6.4-rc, see the ChangeLog file.

+ o Major bugfixes (security): + - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on + half-closed streams. Previously, clients failed to validate which + hop sent these cells: this would allow a relay on a circuit to end + a stream that wasn't actually built with it. Fixes bug 40389; + bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- + 003 and CVE-2021-34548. + + o Major bugfixes (security, defense-in-depth): + - Detect more failure conditions from the OpenSSL RNG code. + Previously, we would detect errors from a missing RNG + implementation, but not failures from the RNG code itself. + Fortunately, it appears those failures do not happen in practice + when Tor is using OpenSSL's default RNG implementation. Fixes bug + 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as + TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. + + o Major bugfixes (security, denial of service): + - Resist a hashtable-based CPU denial-of-service attack against + relays. Previously we used a naive unkeyed hash function to look + up circuits in a circuitmux object. An attacker could exploit this + to construct circuits with chosen circuit IDs, to create + collisions and make the hash table inefficient. Now we use a + SipHash construction here instead. Fixes bug 40391; bugfix on + 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and + CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. + - Fix an out-of-bounds memory access in v3 onion service descriptor + parsing. An attacker could exploit this bug by crafting an onion + service descriptor that would crash any client that tried to visit + it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also + tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei + Glazunov from Google's Project Zero. + o Major features (control port, onion services): - Add controller support for creating version 3 onion services with client authorization. Previously, only v2 onion services could be @@ -114,6 +147,10 @@ Changes in version 0.4.6.5 - 2021-06-1? control over whether the client can become dormant from inactivity. Most people won't need this. Closes ticket 40228.

+ o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/06/10. + o Minor features (logging): - Edit heartbeat log messages so that more of them begin with the string "Heartbeat: ". Closes ticket 40322; patch diff --git a/changes/bug40391 b/changes/bug40391 deleted file mode 100644 index e3c186275f..0000000000 --- a/changes/bug40391 +++ /dev/null @@ -1,9 +0,0 @@ - o Major bugfixes (security): - - Resist a hashtable-based CPU denial-of-service attack against - relays. Previously we used a naive unkeyed hash function to look up - circuits in a circuitmux object. An attacker could exploit this to - construct circuits with chosen circuit IDs in order to try to create - collisions and make the hash table inefficient. Now we use a SipHash - construction for this hash table instead. Fixes bug 40391; bugfix on - 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005. - Reported by Jann Horn from Google's Project Zero. diff --git a/changes/bug40392 b/changes/bug40392 deleted file mode 100644 index 4dffa50bb2..0000000000 --- a/changes/bug40392 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (security, denial of service, onion services): - - Fix an out-of-bounds memory access in v3 descriptor parsing. Fixes bug - 40392; bugfix on 0.3.0.1-alpha. This issue is also tracked as - TROVE-2021-006. Reported by Sergei Glazunov from Google's Project Zero. \ No newline at end of file diff --git a/changes/geoip-2021-06-10 b/changes/geoip-2021-06-10 deleted file mode 100644 index 2b798012c8..0000000000 --- a/changes/geoip-2021-06-10 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2021/06/10. diff --git a/changes/ticket40389 b/changes/ticket40389 deleted file mode 100644 index 7dcf65b32e..0000000000 --- a/changes/ticket40389 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes (relay, TROVE): - - Don't allow entry or middle relays to spoof RELAY_END or RELAY_RESOLVED - cell on half-closed streams. Fixes bug 40389; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40390 b/changes/ticket40390 deleted file mode 100644 index b56fa4d9da..0000000000 --- a/changes/ticket40390 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (security, defense-in-depth): - - Detect a wider variety of failure conditions from the OpenSSL RNG - code. Previously, we would detect errors from a missing RNG - implementation, but not failures from the RNG code itself. - Fortunately, it appears those failures do not happen in practice - when Tor is using OpenSSL's default RNG implementation. - Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as - TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.