[tor-commits] [tor/release-0.2.9] Begin work on an 0.2.9.10 changelog
nickm at torproject.org
nickm at torproject.org
Thu Feb 23 22:50:36 UTC 2017
commit a98608efe8052c8a19e1f9e75d31e93a7a29d718
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Feb 23 16:18:17 2017 -0500
Begin work on an 0.2.9.10 changelog
This one is much more normal than the 0.2.[45678] changelogs
I just started, since there has been a much shorter gap since the
most recent 0.2.9 release.
---
ChangeLog | 64 +++++++++++++++++++++++++++++++++++++++++++++
changes/21359 | 8 ------
changes/bug21108_029 | 6 -----
changes/bug21278_extras | 3 ---
changes/bug21278_prevention | 4 ---
changes/bug21280 | 5 ----
changes/bug21357 | 7 -----
changes/bug21450 | 4 ---
changes/geoip-february2017 | 4 ---
changes/trove-2017-001.2 | 8 ------
10 files changed, 64 insertions(+), 49 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 512c245..973a43c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,67 @@
+Changes in version 0.2.9.10 - 2017-03-??
+ Tor 0.2.9.10 backports a security fix from later Tor releass.
+
+ Tor 0.2.9.10 also includes fixes for some major issues affecting
+ directory authorities, LibreSSL compatibility, and IPv6 correctness.
+
+ The Tor 0.2.9.x release series is now marked as a long-term-support
+ series. We intend to backport security fixes to 0.2.9.x until at
+ least March of 2020.
+
+ o Major bugfixes (directory authority, 0.3.0.3-alpha):
+ - During voting, when marking a relay as a probable sybil, do not
+ clear its BadExit flag: sybils can still be bad in other ways
+ too. (We still clear the other flags.) Fixes bug 21108; bugfix
+ on 0.2.0.13-alpha.
+
+ o Major bugfixes (IPv6 Exits, backport from 0.3.0.3-alpha):
+ - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
+ any IPv6 addresses. Instead, only reject a port over IPv6 if the
+ exit policy rejects that port on more than an IPv6 /16 of
+ addresses. This bug was made worse by 17027 in 0.2.8.1-alpha,
+ which rejected a relay's own IPv6 address by default. Fixes bug
+ 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
+
+ o Major bugfixes (parsing, also in 0.3.0.4-rc):
+ - Fix an integer underflow bug when comparing malformed Tor versions.
+ This bug is harmless, except when Tor has been built with
+ --enable-expensive-hardening, which would turn it into a crash;
+ or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with
+ -ftrapv by default.
+ Part of TROVE-2017-001. Fixes bug 21278; bugfix on
+ 0.0.8pre1. Found by OSS-Fuzz.
+
+ o Minor features (directory authority, also in 0.3.0.4-rc):
+ - Directory authorities now reject descriptors that claim to be
+ malformed versions of Tor. Helps prevent exploitation of bug 21278.
+
+ o Minor features (portability, compilation, backport from 0.3.0.3-alpha):
+ - Autoconf now checks to determine if OpenSSL structures are opaque,
+ instead of explicitly checking for OpenSSL version numbers. Part
+ of ticket 21359.
+ - Support building with recent LibreSSL code that uses opaque
+ structures. Closes ticket 21359.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (code correctness, also in 0.3.0.4-rc):
+ - Repair a couple of (unreachable or harmless) cases of the risky
+ comparison-by-subtraction pattern that caused bug 21278.
+
+ o Minor bugfixes (tor-resolve, backport from 0.3.0.3-alpha):
+ - The tor-resolve command line tool now rejects hostnames over 255
+ characters in length. Previously, it would silently truncate them,
+ which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
+ Patch by "junglefowl".
+
+ o Minor bugfixes (voting consistency, also in 0.3.0.4-rc):
+ - Reject version numbers with components that exceed INT32_MAX.
+ Otherwise 32-bit and 64-bit platforms would behave inconsistently.
+ Fixes bug 21450; bugfix on 0.0.8pre1.
+
+
Changes in version 0.2.9.9 - 2017-01-23
Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could
cause relays and clients to crash, even if they were not built with
diff --git a/changes/21359 b/changes/21359
deleted file mode 100644
index cc9b377..0000000
--- a/changes/21359
+++ /dev/null
@@ -1,8 +0,0 @@
-
- o Minor features (portability, compilationc)
- - Support building with recent LibreSSL code that uses opaque
- structures. Closes ticket 21359.
- - Autoconf now check to determine if OpenSSL
- structures are opaque, instead of explicitly checking for
- OpenSSL version numbers.
- Part of ticket 21359.
diff --git a/changes/bug21108_029 b/changes/bug21108_029
deleted file mode 100644
index 3a3f004..0000000
--- a/changes/bug21108_029
+++ /dev/null
@@ -1,6 +0,0 @@
- o Major bugfixes (directory authority):
- - During voting, when marking a node as a probable sybil, do not
- clear its BadExit flag: sybils can still be bad in other ways
- too. (We still clear the other flags.) Fixes bug 21108; bugfix
- on 0.2.0.13-alpha.
-
diff --git a/changes/bug21278_extras b/changes/bug21278_extras
deleted file mode 100644
index ffdf4a0..0000000
--- a/changes/bug21278_extras
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (code correctness):
- - Repair a couple of (unreachable or harmless) cases of the risky
- comparison-by-subtraction pattern that caused bug 21278.
diff --git a/changes/bug21278_prevention b/changes/bug21278_prevention
deleted file mode 100644
index e07f0a6..0000000
--- a/changes/bug21278_prevention
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (directory authority):
- - Directory authorities now reject descriptors that claim to be
- malformed versions of Tor. Helps prevent exploitation of bug 21278.
-
diff --git a/changes/bug21280 b/changes/bug21280
deleted file mode 100644
index e9f0bc1..0000000
--- a/changes/bug21280
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (tor-resolve):
- - The tor-resolve command line tool now rejects hostnames over 255
- characters in length. Previously, it would silently truncate
- them, which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
- Patch by "junglefowl".
diff --git a/changes/bug21357 b/changes/bug21357
deleted file mode 100644
index a1cb43a..0000000
--- a/changes/bug21357
+++ /dev/null
@@ -1,7 +0,0 @@
- o Major bugfixes (IPv6 Exits):
- - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects IPv6
- addresses. Instead, only reject a port over IPv6 if the exit policy
- rejects that port on more than an IPv6 /16 of addresses. This bug was
- made worse by 17027 in 0.2.8.1-alpha, which rejects a relay's own IPv6
- address by default.
- Fixes bug 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
diff --git a/changes/bug21450 b/changes/bug21450
deleted file mode 100644
index a1cf89a..0000000
--- a/changes/bug21450
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (voting consistency):
- - Reject version numbers with components that exceed INT32_MAX.
- Otherwise 32-bit and 64-bit platforms would behave inconsistently.
- Fixes bug 21450; bugfix on 0.0.8pre1.
diff --git a/changes/geoip-february2017 b/changes/geoip-february2017
deleted file mode 100644
index ec54b61..0000000
--- a/changes/geoip-february2017
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/trove-2017-001.2 b/changes/trove-2017-001.2
deleted file mode 100644
index 3ef073c..0000000
--- a/changes/trove-2017-001.2
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major bugfixes (parsing):
- - Fix an integer underflow bug when comparing malformed Tor versions.
- This bug is harmless, except when Tor has been built with
- --enable-expensive-hardening, which would turn it into a crash;
- or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with
- -ftrapv by default.
- Part of TROVE-2017-001. Fixes bug 21278; bugfix on
- 0.0.8pre1. Found by OSS-Fuzz.
More information about the tor-commits
mailing list