[tor-commits] [tor/release-0.4.5] Backport changelog entries
nickm at torproject.org
nickm at torproject.org
Mon Jun 14 15:03:35 UTC 2021
commit 5f710eb0871beec55d9d549dac8834d3e756a31c
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Jun 10 13:13:54 2021 -0400
Backport changelog entries
---
ChangeLog | 37 +++++++++++++++++++++++++++++++++++++
changes/bug40391 | 9 ---------
changes/bug40392 | 4 ----
changes/geoip-2021-06-10 | 3 ---
changes/ticket40389 | 3 ---
changes/ticket40390 | 8 --------
6 files changed, 37 insertions(+), 27 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 0881e7e500..8bee9f12df 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,12 +1,49 @@
Changes in version 0.4.5.9 - 2021-06-1?
BLURB HERE
+ o Major bugfixes (security, backport from 0.4.6.5):
+ - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
+ half-closed streams. Previously, clients failed to validate which
+ hop sent these cells: this would allow a relay on a circuit to end
+ a stream that wasn't actually built with it. Fixes bug 40389;
+ bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
+ 003 and CVE-2021-34548.
+
+ o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5):
+ - Detect more failure conditions from the OpenSSL RNG code.
+ Previously, we would detect errors from a missing RNG
+ implementation, but not failures from the RNG code itself.
+ Fortunately, it appears those failures do not happen in practice
+ when Tor is using OpenSSL's default RNG implementation. Fixes bug
+ 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
+ TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
+
+ o Major bugfixes (security, denial of service, backport from 0.4.6.5):
+ - Resist a hashtable-based CPU denial-of-service attack against
+ relays. Previously we used a naive unkeyed hash function to look
+ up circuits in a circuitmux object. An attacker could exploit this
+ to construct circuits with chosen circuit IDs, to create
+ collisions and make the hash table inefficient. Now we use a
+ SipHash construction here instead. Fixes bug 40391; bugfix on
+ 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
+ CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
+ - Fix an out-of-bounds memory access in v3 onion service descriptor
+ parsing. An attacker could exploit this bug by crafting an onion
+ service descriptor that would crash any client that tried to visit
+ it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
+ tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
+ Glazunov from Google's Project Zero.
+
o Minor features (compatibility, backport from 0.4.6.4-rc):
- Remove an assertion function related to TLS renegotiation. It was
used nowhere outside the unit tests, and it was breaking
compilation with recent alpha releases of OpenSSL 3.0.0. Closes
ticket 40399.
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2021/06/10.
+
o Minor bugfixes (control, sandbox, backport from 0.4.6.4-rc):
- Allow the control command SAVECONF to succeed when the seccomp
sandbox is enabled, and make SAVECONF keep only one backup file to
diff --git a/changes/bug40391 b/changes/bug40391
deleted file mode 100644
index e3c186275f..0000000000
--- a/changes/bug40391
+++ /dev/null
@@ -1,9 +0,0 @@
- o Major bugfixes (security):
- - Resist a hashtable-based CPU denial-of-service attack against
- relays. Previously we used a naive unkeyed hash function to look up
- circuits in a circuitmux object. An attacker could exploit this to
- construct circuits with chosen circuit IDs in order to try to create
- collisions and make the hash table inefficient. Now we use a SipHash
- construction for this hash table instead. Fixes bug 40391; bugfix on
- 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005.
- Reported by Jann Horn from Google's Project Zero.
diff --git a/changes/bug40392 b/changes/bug40392
deleted file mode 100644
index 4dffa50bb2..0000000000
--- a/changes/bug40392
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes (security, denial of service, onion services):
- - Fix an out-of-bounds memory access in v3 descriptor parsing. Fixes bug
- 40392; bugfix on 0.3.0.1-alpha. This issue is also tracked as
- TROVE-2021-006. Reported by Sergei Glazunov from Google's Project Zero.
\ No newline at end of file
diff --git a/changes/geoip-2021-06-10 b/changes/geoip-2021-06-10
deleted file mode 100644
index 2b798012c8..0000000000
--- a/changes/geoip-2021-06-10
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2021/06/10.
diff --git a/changes/ticket40389 b/changes/ticket40389
deleted file mode 100644
index 7dcf65b32e..0000000000
--- a/changes/ticket40389
+++ /dev/null
@@ -1,3 +0,0 @@
- o Major bugfixes (relay, TROVE):
- - Don't allow entry or middle relays to spoof RELAY_END or RELAY_RESOLVED
- cell on half-closed streams. Fixes bug 40389; bugfix on 0.3.5.1-alpha.
diff --git a/changes/ticket40390 b/changes/ticket40390
deleted file mode 100644
index b56fa4d9da..0000000000
--- a/changes/ticket40390
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major bugfixes (security, defense-in-depth):
- - Detect a wider variety of failure conditions from the OpenSSL RNG
- code. Previously, we would detect errors from a missing RNG
- implementation, but not failures from the RNG code itself.
- Fortunately, it appears those failures do not happen in practice
- when Tor is using OpenSSL's default RNG implementation.
- Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
- TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
More information about the tor-commits
mailing list