[tor-commits] [tor/release-0.2.5] Pick a date, update ReleaseNotes. (0.2.5)

nickm at torproject.org nickm at torproject.org
Fri Mar 3 19:58:37 UTC 2017

commit 45245fe29e2e5a0e36c6e4a340d44c6d98cbba1d
Author: Nick Mathewson <nickm at torproject.org>
Date:   Fri Mar 3 14:56:01 2017 -0500

    Pick a date, update ReleaseNotes. (0.2.5)
 ChangeLog    |   2 +-
 ReleaseNotes | 122 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 123 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 2d897f0..3e3ca32 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,4 @@
-Changes in version - 2017-03-??
+Changes in version - 2017-03-03
   Tor backports a number of security fixes from later Tor
   releases.  Anybody running Tor or earlier should upgrade to
   this release, if for some reason they cannot upgrade to a later
diff --git a/ReleaseNotes b/ReleaseNotes
index e3889d1..f9a2fa9 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -2,6 +2,128 @@ This document summarizes new features and bugfixes in each stable release
 of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.
+Changes in version - 2017-03-03
+  Tor backports a number of security fixes from later Tor
+  releases.  Anybody running Tor or earlier should upgrade to
+  this release, if for some reason they cannot upgrade to a later
+  release series.
+  Note that support for Tor 0.2.5.x is ending next year: we will not issue
+  any fixes for the Tor 0.2.5.x series after 1 May 2018.  If you need
+  a Tor release series with longer-term support, we recommend Tor 0.2.9.x.
+  o Directory authority changes (backport from
+    - Urras is no longer a directory authority. Closes ticket 19271.
+  o Directory authority changes (backport from
+    - The "Tonga" bridge authority has been retired; the new bridge
+      authority is "Bifroest". Closes tickets 19728 and 19690.
+  o Directory authority key updates (backport from
+    - Update the V3 identity key for the dannenberg directory authority:
+      it was changed on 18 November 2015. Closes task 17906. Patch
+      by "teor".
+  o Major features (security fixes, backport from
+    - Prevent a class of security bugs caused by treating the contents
+      of a buffer chunk as if they were a NUL-terminated string. At
+      least one such bug seems to be present in all currently used
+      versions of Tor, and would allow an attacker to remotely crash
+      most Tor instances, especially those compiled with extra compiler
+      hardening. With this defense in place, such bugs can't crash Tor,
+      though we should still fix them as they occur. Closes ticket
+      20384 (TROVE-2016-10-001).
+  o Major bugfixes (parsing, security, backport from
+    - Fix a bug in parsing that could cause clients to read a single
+      byte past the end of an allocated region. This bug could be used
+      to cause hardened clients (built with --enable-expensive-hardening)
+      to crash if they tried to visit a hostile hidden service. Non-
+      hardened clients are only affected depending on the details of
+      their platform's memory allocator. Fixes bug 21018; bugfix on
+ Found by using libFuzzer. Also tracked as TROVE-
+      2016-12-002 and as CVE-2016-1254.
+  o Major bugfixes (security, client, DNS proxy, backport from
+    - Stop a crash that could occur when a client running with DNSPort
+      received a query with multiple address types, and the first
+      address type was not supported. Found and fixed by Scott Dial.
+      Fixes bug 18710; bugfix on
+  o Major bugfixes (security, correctness, backport from
+    - Fix an error that could cause us to read 4 bytes before the
+      beginning of an openssl string. This bug could be used to cause
+      Tor to crash on systems with unusual malloc implementations, or
+      systems with unusual hardening installed. Fixes bug 17404; bugfix
+      on
+  o Major bugfixes (security, pointers, backport from
+    - Avoid a difficult-to-trigger heap corruption attack when extending
+      a smartlist to contain over 16GB of pointers. Fixes bug 18162;
+      bugfix on, which fixed a related bug incompletely.
+      Reported by Guido Vranken.
+  o Major bugfixes (dns proxy mode, crash, backport from
+    - Avoid crashing when running as a DNS proxy. Fixes bug 16248;
+      bugfix on Patch from "cypherpunks".
+  o Major bugfixes (guard selection, backport from
+    - Actually look at the Guard flag when selecting a new directory
+      guard. When we implemented the directory guard design, we
+      accidentally started treating all relays as if they have the Guard
+      flag during guard selection, leading to weaker anonymity and worse
+      performance. Fixes bug 17772; bugfix on Discovered
+      by Mohsen Imani.
+  o Major bugfixes (key management, backport from
+    - If OpenSSL fails to generate an RSA key, do not retain a dangling
+      pointer to the previous (uninitialized) key value. The impact here
+      should be limited to a difficult-to-trigger crash, if OpenSSL is
+      running an engine that makes key generation failures possible, or
+      if OpenSSL runs out of memory. Fixes bug 19152; bugfix on
+ Found by Yuan Jochen Kang, Suman Jana, and
+      Baishakhi Ray.
+  o Major bugfixes (parsing, backported from
+    - Fix an integer underflow bug when comparing malformed Tor
+      versions. This bug could crash Tor when built with
+      --enable-expensive-hardening, or on Tor through Tor
+, which were built with -ftrapv by default. In other cases
+      it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
+      on 0.0.8pre1. Found by OSS-Fuzz.
+  o Minor features (security, memory erasure, backport from
+    - Make memwipe() do nothing when passed a NULL pointer or buffer of
+      zero size. Check size argument to memwipe() for underflow. Fixes
+      bug 18089; bugfix on and Reported by "gk",
+      patch by "teor".
+  o Minor features (bug-resistance, backport from
+    - Make Tor survive errors involving connections without a
+      corresponding event object. Previously we'd fail with an
+      assertion; now we produce a log message. Related to bug 16248.
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
+      Country database.
+  o Minor bugfixes (compilation, backport from
+    - Fix a compilation warning with Clang 3.6: Do not check the
+      presence of an address which can never be NULL. Fixes bug 17781.
+  o Minor bugfixes (crypto error-handling, backport from
+    - Check for failures from crypto_early_init, and refuse to continue.
+      A previous typo meant that we could keep going with an
+      uninitialized crypto library, and would have OpenSSL initialize
+      its own PRNG. Fixes bug 16360; bugfix on, introduced
+      when implementing ticket 4900. Patch by "teor".
+  o Minor bugfixes (hidden service, backport from
+    - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
+      a client authorized hidden service. Fixes bug 15823; bugfix
+      on
 Changes in version - 2015-04-06
   Tor backports two fixes from for security issues that
   could be used by an attacker to crash hidden services, or crash clients

More information about the tor-commits mailing list