commit 781dd1bd8ad43a7a3397d1d63dd3bf00c8e6d091 Author: Nick Mathewson <nickm@torproject.org> Date: Thu Jul 9 09:46:53 2020 -0400 Fold in more changelog entries, hope to finish changelog --- ChangeLog | 35 ++++++++++++++++++++++++++++++++++- changes/bug33119 | 4 ---- changes/bug34084 | 3 --- changes/bug40028 | 3 --- changes/ticket33873 | 4 ---- changes/ticket40026 | 3 --- 6 files changed, 34 insertions(+), 18 deletions(-) diff --git a/ChangeLog b/ChangeLog index 495f9f83c..4cc0fbd27 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,8 +1,23 @@ -Changes in version 0.4.4.2-alpha - 2020-07-?? +Changes in version 0.4.4.2-alpha - 2020-07-09 This is the second alpha release in the 0.4.4.x series. It fixes a few bugs in the previous release, and solves a few usability, compatibility, and portability issues. + This release also fixes TROVE-2020-001, a medium-severity denial of + service vulnerability affecting all versions of Tor when compiled with + the NSS encryption library. (This is not the default configuration.) + Using this vulnerability, an attacker could cause an affected Tor + instance to crash remotely. This issue is also tracked as CVE-2020- + 15572. Anybody running a version of Tor built with the NSS library + should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha + or later. + + o Major bugfixes (NSS, security): + - Fix a crash due to an out-of-bound memory access when Tor is + compiled with NSS support. Fixes bug 33119; bugfix on + 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001 + and CVE-2020-15572. + o Minor features (bootstrap reporting): - Report more detailed reasons for bootstrap failure when the failure happens due to a TLS error. Previously we would just call @@ -29,6 +44,19 @@ Changes in version 0.4.4.2-alpha - 2020-07-?? - Permit the unlinkat() syscall, which some Libc implementations use to implement unlink(). Closes ticket 33346. + o Minor bugfix (CI, Windows): + - Use the correct 64-bit printf format when compiling with MINGW on + Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha. + + o Minor bugfix (SOCKS, onion service client): + - Detect v3 onion service addresses of the wrong length when + returning the F6 ExtendedErrors code. Fixes bug 33873; bugfix + on 0.4.3.1-alpha. + + o Minor bugfixes (compiler warnings): + - Fix a compiler warning on platforms with 32-bit time_t values. + Fixes bug 40028; bugfix on 0.3.2.8-rc. + o Minor bugfixes (control port, onion service): - Consistently use 'address' in "Invalid v3 address" response to ONION_CLIENT_AUTH commands. Previously, we would sometimes say @@ -39,6 +67,11 @@ Changes in version 0.4.4.2-alpha - 2020-07-?? receiving an extrainfo document that we no longer want. Fixes bug 16016; bugfix on 0.2.6.3-alpha. + o Minor bugfixes (onion services v3): + - Avoid a non-fatal assertion failure in certain edge-cases when + opening an intro circuit as a client. Fixes bug 34084; bugfix + on 0.3.2.1-alpha. + o Deprecated features (onion service v2): - Add a deprecation warning for version 2 onion services. Closes ticket 40003. diff --git a/changes/bug33119 b/changes/bug33119 deleted file mode 100644 index c976654b2..000000000 --- a/changes/bug33119 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (NSS): - - Fix out-of-bound memory access in `tor_tls_cert_matches_key()` when Tor is - compiled with NSS support. Fixes bug 33119; bugfix on 0.3.5.1-alpha. This - issue is also tracked as TROVE-2020-001. diff --git a/changes/bug34084 b/changes/bug34084 deleted file mode 100644 index 524c4cf68..000000000 --- a/changes/bug34084 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion services v3): - - Avoid a non-fatal assert log in an edge-case of opening an intro circuit - as a client. Fixes bug 34084; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug40028 b/changes/bug40028 deleted file mode 100644 index cfd1ffe51..000000000 --- a/changes/bug40028 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compiler warnings): - - Fix a compiler warning on platforms with 32-bit time_t values. - Fixes bug 40028; bugfix on 0.3.2.8-rc. diff --git a/changes/ticket33873 b/changes/ticket33873 deleted file mode 100644 index c45191181..000000000 --- a/changes/ticket33873 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (SOCKS, onion service client): - - Also detect bad v3 onion service address of the wrong length when - returning the F6 ExtendedErrors code. Fixes bug 33873; bugfix on - 0.4.3.1-alpha. diff --git a/changes/ticket40026 b/changes/ticket40026 deleted file mode 100644 index f87c2964e..000000000 --- a/changes/ticket40026 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (CI, Windows): - - Don't use stdio 64 bit printf format when compiling with MINGW on - Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha.