commit 066de45209f28d69f3ad0046e1d3122ae15364bc Author: Nick Mathewson nickm@torproject.org Date: Mon Mar 15 09:22:06 2021 -0400

Changelog for 0.4.5.7 --- ChangeLog | 85 +++++++++++++++++++++++++++++++++++++++++++++ changes/bug40256_045 | 3 -- changes/bug40287 | 4 --- changes/bug40298 | 3 -- changes/bug40315 | 5 --- changes/bug40316 | 5 --- changes/geoip-2021-03-12 | 9 ----- changes/ticket40286_minimal | 6 ---- changes/ticket40295 | 3 -- changes/ticket40300 | 8 ----- changes/ticket40309 | 3 -- changes/ticket40334 | 3 -- 12 files changed, 85 insertions(+), 52 deletions(-)

diff --git a/ChangeLog b/ChangeLog index c91d716c98..57480c08aa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,88 @@ +Changes in version 0.4.5.7 - 2021-03-16 + Tor 0.4.5.7 fixes two important denial-of-service bugs in earlier + versions of Tor. + + One of these vulnerabilities (TROVE-2021-001) would allow an attacker + who can send directory data to a Tor instance to force that Tor + instance to consume huge amounts of CPU. This is easiest to exploit + against authorities, since anybody can upload to them, but directory + caches could also exploit this vulnerability against relays or clients + when they download. The other vulnerability (TROVE-2021-002) only + affects directory authorities, and would allow an attacker to remotely + crash the authority with an assertion failure. Patches have already + been provided to the authority operators, to help ensure + network stability. + + We recommend that everybody upgrade to one of the releases that fixes + these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available + to you. + + This release also updates our GeoIP data source, and fixes a few + smaller bugs in earlier releases. + + o Major bugfixes (security, denial of service): + - Disable the dump_desc() function that we used to dump unparseable + information to disk. It was called incorrectly in several places, + in a way that could lead to excessive CPU usage. Fixes bug 40286; + bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021- + 001 and CVE-2021-28089. + - Fix a bug in appending detached signatures to a pending consensus + document that could be used to crash a directory authority. Fixes + bug 40316; bugfix on 0.2.2.6-alpha. Tracked as TROVE-2021-002 + and CVE-2021-28090. + + o Minor features (geoip data): + - We have switched geoip data sources. Previously we shipped IP-to- + country mappings from Maxmind's GeoLite2, but in 2019 they changed + their licensing term, so we were unable to update them after that + point. We now ship geoip files based on the IPFire Location + Database instead. (See https://location.ipfire.org/ for more + information). This release updates our geoip files to match the + IPFire Location Database as retrieved on 2021/03/12. Closes + ticket 40224. + + o Minor bugfixes (directory authority): + - Now that exit relays don't allow exit connections to directory + authority DirPorts (to prevent network reentry), disable + authorities' reachability self test on the DirPort. Fixes bug + 40287; bugfix on 0.4.5.5-rc. + + o Minor bugfixes (documentation): + - Fix a formatting error in the documentation for + VirtualAddrNetworkIPv6. Fixes bug 40256; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (Linux, relay): + - Fix a bug in determining total available system memory that would + have been triggered if the format of Linux's /proc/meminfo file + had ever changed to include "MemTotal:" in the middle of a line. + Fixes bug 40315; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (metrics port): + - Fix a BUG() warning on the MetricsPort for an internal missing + handler. Fixes bug 40295; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (onion service): + - Remove a harmless BUG() warning when reloading tor configured with + onion services. Fixes bug 40334; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (portability): + - Fix a non-portable usage of "==" with "test" in the configure + script. Fixes bug 40298; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (relay): + - Remove a spammy log notice falsely claiming that the IPv4/v6 + address was missing. Fixes bug 40300; bugfix on 0.4.5.1-alpha. + - Do not query the address cache early in the boot process when + deciding if we a relay needs to fetch early directory information + from an authority. This bug resulted in a relay falsely believing + it didn't have an address and thus triggering an authority fetch + at each boot. Related to our fix for 40300. + + o Removed features (mallinfo deprecated): + - Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. + Closes ticket 40309. + + Changes in version 0.4.5.6 - 2021-02-15 The Tor 0.4.5.x release series is dedicated to the memory of Karsten Loesing (1979-2020), Tor developer, cypherpunk, husband, and father. diff --git a/changes/bug40256_045 b/changes/bug40256_045 deleted file mode 100644 index 14e67659e0..0000000000 --- a/changes/bug40256_045 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (documentation): - - Fix a formatting error on the documentation for - VirtualAddrNetworkIPv6. Fixes bug 40256; bugfix on 0.2.9.4-alpha. diff --git a/changes/bug40287 b/changes/bug40287 deleted file mode 100644 index 5a9c899d52..0000000000 --- a/changes/bug40287 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (directory authority): - - Now that exit relays don't allow exit connections to directory authority - DirPorts (network reentry), disable authorities' reachability self test - on the DirPort. Fixes bug 40287; bugfix on 0.4.5.5-rc. diff --git a/changes/bug40298 b/changes/bug40298 deleted file mode 100644 index 8b8b0bbc12..0000000000 --- a/changes/bug40298 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (portability): - - Fix a non-portable usage of "==" with "test" in the configure script. - Fixes bug 40298; bugfix on 0.4.5.1-alpha. diff --git a/changes/bug40315 b/changes/bug40315 deleted file mode 100644 index 9e9c740d96..0000000000 --- a/changes/bug40315 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (Linux, relay): - - Fix a bug in determining total available system memory that would have - been triggered if the format of /proc/meminfo had ever changed - to include "MemTotal:" in the middle of a line. Fixes bug 40315; - bugfix on 0.2.5.4-alpha. diff --git a/changes/bug40316 b/changes/bug40316 deleted file mode 100644 index cd275b5c9c..0000000000 --- a/changes/bug40316 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, denial of service): - - Fix a bug in appending detached signatures to a pending consensus - document that could be used to crash a directory authority. - Fixes bug 40316; bugfix on 0.2.2.6-alpha. Tracked as - TROVE-2021-002 and CVE-2021-28090. diff --git a/changes/geoip-2021-03-12 b/changes/geoip-2021-03-12 deleted file mode 100644 index 01c1b0f162..0000000000 --- a/changes/geoip-2021-03-12 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features (geoip data): - - We have switched geoip data sources. Previously we shipped - IP-to-country mappings from Maxmind's GeoLite2, but in 2019 they - changed their licensing term, so we were unable to update them after - that point. We now ship geoip files based on the IPFire Location - Database instead. (See https://location.ipfire.org/ for more - information). This release updates our geoip files to match the - IPFire Location Database as retrieved on 2021/03/12. Closes - ticket 40224. diff --git a/changes/ticket40286_minimal b/changes/ticket40286_minimal deleted file mode 100644 index 6a04ca79eb..0000000000 --- a/changes/ticket40286_minimal +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security, denial of service): - - Disable the dump_desc() function that we used to dump unparseable - information to disk. It was called incorrectly in several places, - in a way that could lead to excessive CPU usage. Fixes bug 40286; - bugfix on 0.2.2.1-alpha. This bug is also tracked as - TROVE-2021-001 and CVE-2021-28089. diff --git a/changes/ticket40295 b/changes/ticket40295 deleted file mode 100644 index e6dba80120..0000000000 --- a/changes/ticket40295 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (metrics port): - - Fix a BUG() on the MetricsPort for an internal missing handler. Fixes bug - 40295; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40300 b/changes/ticket40300 deleted file mode 100644 index b772ff60a4..0000000000 --- a/changes/ticket40300 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (relay): - - Remove a spammy log notice that should not have been indicating the - operator that its IPv4/v6 was missing but it was not. Fixes bug 40300; - bugfix on 0.4.5.1-alpha. - - Do not query the address cache early in the boot process when deciding - if we a relay needs to fetch early directory information from an - authority. This resulted in a relay falsely believing it didn't have an - address and thus triggering an authority fetch at each boot. diff --git a/changes/ticket40309 b/changes/ticket40309 deleted file mode 100644 index 087ac36a4f..0000000000 --- a/changes/ticket40309 +++ /dev/null @@ -1,3 +0,0 @@ - o New system requirements (mallinfo() deprecated): - - Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. Closes - ticket 40309. diff --git a/changes/ticket40334 b/changes/ticket40334 deleted file mode 100644 index c1c34384a0..0000000000 --- a/changes/ticket40334 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion service): - - Remove a harmless BUG() warning when reloading tor configured with onion - services. Fixes bug 40334; bugfix on 0.4.5.1-alpha.