commit 1bc35c59fbea02bc030e5f855fc65fb05475c0f9 Author: Nick Mathewson nickm@torproject.org Date: Thu Mar 1 16:41:56 2018 -0500
Draft changelog for 0.3.3.3-alpha --- ChangeLog | 35 +++++++++++++++++++++++++++++++++-- changes/bug25249 | 3 --- changes/bug25249.2 | 3 --- changes/trove-2018-001.1 | 6 ------ changes/trove-2018-004 | 8 -------- 5 files changed, 33 insertions(+), 22 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 76a001a81..1b7d29319 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,11 +1,28 @@ Changes in version 0.3.3.3-alpha - 2018-03-?? Tor 0.3.3.3-alpha is the third alpha release for the 0.3.3.x series. + It includes an important security fix for a remote crash attack + against directory authorities tracked as TROVE-2018-001.
- (TROVE BLURB HERE.) + Additionally, with this release, we are upgrading the severity of a + bug fixed in 0.3.3.2-alpha. Bug 24700, which was fixed in + 0.3.3.2-alpha, can be remotely triggered in order to crash relays with + a use-after-free pattern. As such, we are now tracking that bug as + TROVE-2018-002 and CVE-2018-0491. This bug affected versions + 0.3.2.1-alpha through 0.3.2.9, as well as 0.3.3.1-alpha.
- Additionally, it fixes several minor bugs and annoyances from + This release also fixes several minor bugs and annoyances from earlier releases.
+ All directory authorities should upgrade to one of the versions + released today. All relays not already running Tor 0.3.3.2-alpha or + later should upgrade to one of the versions released today. + + o Major bugfixes (denial-of-service, directory authority): + - Fix a protocol-list handling bug that could be used to remotely crash + directory authorities with a null-pointer exception. Fixes bug 25074; + bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and + CVE-2018-0490. + o Minor features (compatibility, OpenSSL): - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released. Previous versions of Tor would not have worked with OpenSSL 1.1.1, @@ -21,6 +38,14 @@ Changes in version 0.3.3.3-alpha - 2018-03-?? - Add a "make test-rust" target to run the rust tests only. Closes ticket 25071.
+ o Minor bugfixes (denial-of-service): + - Fix a possible crash on malformed consensus. If a consensus had + contained an unparseable protocol line, it could have made clients + and relays crash with a null-pointer exception. To exploit this + issue, however, an attacker would need to be able to subvert the + directory authority system. Fixes bug 25251; bugfix on + 0.2.9.4-alpha. Also tracked as TROVE-2018-004. + o Minor bugfixes (DoS mitigation): - Add extra safety checks when refilling the circuit creation bucket to ensure we never set a value above the allowed maximum burst. @@ -41,6 +66,12 @@ Changes in version 0.3.3.3-alpha - 2018-03-?? concurrent learning circuits to 10. Fixes bug 24769; bugfix on 0.3.1.1-alpha.
+ o Minor bugfixes (spec conformance): + - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on + 0.2.9.4-alpha. + - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249; + bugfix on 0.2.9.4-alpha. + o Code simplification and refactoring: - Update the "rust dependencies" submodule to be a project-level repository, rather than a user repository. Closes ticket 25323. diff --git a/changes/bug25249 b/changes/bug25249 deleted file mode 100644 index b4153eeae..000000000 --- a/changes/bug25249 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (spec conformance): - - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on - 0.2.9.4-alpha. diff --git a/changes/bug25249.2 b/changes/bug25249.2 deleted file mode 100644 index 9058c1107..000000000 --- a/changes/bug25249.2 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (spec conformance): - - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249; - bugfix on 0.2.9.4-alpha. diff --git a/changes/trove-2018-001.1 b/changes/trove-2018-001.1 deleted file mode 100644 index f0ee92f40..000000000 --- a/changes/trove-2018-001.1 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (denial-of-service, directory authority): - - Fix a protocol-list handling bug that could be used to remotely crash - directory authorities with a null-pointer exception. Fixes bug 25074; - bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001. - - diff --git a/changes/trove-2018-004 b/changes/trove-2018-004 deleted file mode 100644 index 37e0a89b0..000000000 --- a/changes/trove-2018-004 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (denial-of-service): - - Fix a possible crash on malformed consensus. If a consensus had - contained an unparseable protocol line, it could have made clients - and relays crash with a null-pointer exception. To exploit this - issue, however, an attacker would need to be able to subvert the - directory-authority system. Fixes bug 25251; bugfix on - 0.2.9.4-alpha. Also tracked as TROVE-2018-004. -
tor-commits@lists.torproject.org