commit 93379889003a6d8df14a1e1262c9c8b8b994107a Author: Nick Mathewson nickm@torproject.org Date: Thu Nov 30 15:21:29 2017 -0500
changelog for 0.2.8.17 --- ChangeLog | 59 ++++++++++++++++++++++++++++++++++++++++++++ changes/bastet_v6 | 4 --- changes/bug18329-minimal | 6 ----- changes/bug23291 | 3 --- changes/bug24313 | 5 ---- changes/geoip-2017-11-06 | 4 --- changes/trove-2017-009 | 10 -------- changes/trove-2017-011 | 8 ------ changes/trove-2017-012-part1 | 6 ----- 9 files changed, 59 insertions(+), 46 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 60eaf8017..a31c70a86 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,62 @@ +Changes in version 0.2.8.17 - 2017-12-01 + Tor 0.2.8.17 backports important security and stability bugfixes from + later Tor releases. All Tor users should upgrade to this release, or + to another of the releases coming out today. + + Note: the Tor 0.2.8 series will no longer be supported after 1 Jan + 2018. If you need a release with long-term support, please stick with + the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later. + + o Major bugfixes (security, backport from 0.3.2.6-alpha): + - Fix a denial of service bug where an attacker could use a + malformed directory object to cause a Tor instance to pause while + OpenSSL would try to read a passphrase from the terminal. (Tor + instances run without a terminal, which is the case for most Tor + packages, are not impacted.) Fixes bug 24246; bugfix on every + version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. + Found by OSS-Fuzz as testcase 6360145429790720. + - When checking for replays in the INTRODUCE1 cell data for a + (legacy) onion service, correctly detect replays in the RSA- + encrypted part of the cell. We were previously checking for + replays on the entire cell, but those can be circumvented due to + the malleability of Tor's legacy hybrid encryption. This fix helps + prevent a traffic confirmation attack. Fixes bug 24244; bugfix on + 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 + and CVE-2017-8819. + + o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha): + - Fix a use-after-free error that could crash v2 Tor onion services + when they failed to open circuits while expiring introduction + points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is + also tracked as TROVE-2017-013 and CVE-2017-8823. + + o Major bugfixes (security, relay, backport from 0.3.2.6-alpha): + - When running as a relay, make sure that we never build a path through + ourselves, even in the case where we have somehow lost the version of + our descriptor appearing in the consensus. Fixes part of bug 21534; + bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 + and CVE-2017-8822. + + o Minor features (bridge, backport from 0.3.1.9): + - Bridges now include notice in their descriptors that they are + bridges, and notice of their distribution status, based on their + publication settings. Implements ticket 18329. For more fine- + grained control of how a bridge is distributed, upgrade to 0.3.2.x + or later. + + o Minor features (directory authority, backport from 0.3.2.6-alpha): + - Add an IPv6 address for the "bastet" directory authority. Closes + ticket 24394. + + o Minor features (geoip): + - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (testing, backport from 0.3.1.6-rc): + - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291; + bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij. + + Changes in version 0.2.8.16 - 2017-10-25 Tor 0.2.8.16 backports a collection of bugfixes from later Tor release series, including a bugfix for a crash issue that had affected relays diff --git a/changes/bastet_v6 b/changes/bastet_v6 deleted file mode 100644 index ee4e2c809..000000000 --- a/changes/bastet_v6 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (directory authority): - - Add an IPv6 address for the "bastet" directory authority. - Closes ticket 24394. - diff --git a/changes/bug18329-minimal b/changes/bug18329-minimal deleted file mode 100644 index 804c4e8dd..000000000 --- a/changes/bug18329-minimal +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (bridge): - - Bridges now include notice in their descriptors that they are bridges, - and notice of their distribution status, based on their publication - settings. Implements ticket 18329. For more fine-grained control of - how a bridge is distributed, upgrade to 0.3.2.x or later. - diff --git a/changes/bug23291 b/changes/bug23291 deleted file mode 100644 index a5b0efda0..000000000 --- a/changes/bug23291 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (testing): - - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291; bugfix on - 0.2.7.2-alpha. Found and patched by Ties Stuij. diff --git a/changes/bug24313 b/changes/bug24313 deleted file mode 100644 index b927ec3ba..000000000 --- a/changes/bug24313 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, hidden service v2): - - Fix a use-after-free error that could crash v2 Tor hidden services - when it failed to open circuits while expiring introductions - points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This - issue is also tracked as TROVE-2017-013 and CVE-2017-8823. diff --git a/changes/geoip-2017-11-06 b/changes/geoip-2017-11-06 deleted file mode 100644 index f034be900..000000000 --- a/changes/geoip-2017-11-06 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2 - Country database. - diff --git a/changes/trove-2017-009 b/changes/trove-2017-009 deleted file mode 100644 index 166a5faec..000000000 --- a/changes/trove-2017-009 +++ /dev/null @@ -1,10 +0,0 @@ - o Major bugfixes (security): - - When checking for replays in the INTRODUCE1 cell data for a (legacy) - hiddden service, correctly detect replays in the RSA-encrypted part of - the cell. We were previously checking for replays on the entire cell, - but those can be circumvented due to the malleability of Tor's legacy - hybrid encryption. This fix helps prevent a traffic confirmation - attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also - tracked as TROVE-2017-009 and CVE-2017-8819. - - diff --git a/changes/trove-2017-011 b/changes/trove-2017-011 deleted file mode 100644 index 82d20d9e7..000000000 --- a/changes/trove-2017-011 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (security): - - Fix a denial of service bug where an attacker could use a malformed - directory object to cause a Tor instance to pause while OpenSSL would - try to read a passphrase from the terminal. (If the terminal was not - available, tor would continue running.) Fixes bug 24246; bugfix on - every version of Tor. Also tracked as TROVE-2017-011 and - CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720. - diff --git a/changes/trove-2017-012-part1 b/changes/trove-2017-012-part1 deleted file mode 100644 index 9fccc2cf6..000000000 --- a/changes/trove-2017-012-part1 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security, relay): - - When running as a relay, make sure that we never build a path through - ourselves, even in the case where we have somehow lost the version of - our descriptor appearing in the consensus. Fixes part of bug 21534; - bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 - and CVE-2017-8822.
tor-commits@lists.torproject.org