[tor-commits] [tor/release-0.4.6] Fold entries into changelog and releasenotes
nickm at torproject.org
nickm at torproject.org
Mon Jun 14 15:03:36 UTC 2021
commit 15b0980bd7b840c8d2de134e56a09dadf7b4683e
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Jun 10 13:13:29 2021 -0400
Fold entries into changelog and releasenotes
---
ChangeLog | 37 +++++++++++++++++++++++++++++++++++++
ReleaseNotes | 37 +++++++++++++++++++++++++++++++++++++
changes/bug40391 | 9 ---------
changes/bug40392 | 4 ----
changes/geoip-2021-06-10 | 3 ---
changes/ticket40389 | 3 ---
changes/ticket40390 | 8 --------
7 files changed, 74 insertions(+), 27 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 7169fd1a4d..2420b77780 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,43 @@ Changes in version 0.4.6.5 - 2021-06-1?
Below are the changes since 0.4.6.4-rc. For a complete list of changes
since 0.4.5.8, see the ReleaseNotes file.
+ o Major bugfixes (security):
+ - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
+ half-closed streams. Previously, clients failed to validate which
+ hop sent these cells: this would allow a relay on a circuit to end
+ a stream that wasn't actually built with it. Fixes bug 40389;
+ bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
+ 003 and CVE-2021-34548.
+
+ o Major bugfixes (security, defense-in-depth):
+ - Detect more failure conditions from the OpenSSL RNG code.
+ Previously, we would detect errors from a missing RNG
+ implementation, but not failures from the RNG code itself.
+ Fortunately, it appears those failures do not happen in practice
+ when Tor is using OpenSSL's default RNG implementation. Fixes bug
+ 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
+ TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
+
+ o Major bugfixes (security, denial of service):
+ - Resist a hashtable-based CPU denial-of-service attack against
+ relays. Previously we used a naive unkeyed hash function to look
+ up circuits in a circuitmux object. An attacker could exploit this
+ to construct circuits with chosen circuit IDs, to create
+ collisions and make the hash table inefficient. Now we use a
+ SipHash construction here instead. Fixes bug 40391; bugfix on
+ 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
+ CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
+ - Fix an out-of-bounds memory access in v3 onion service descriptor
+ parsing. An attacker could exploit this bug by crafting an onion
+ service descriptor that would crash any client that tried to visit
+ it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
+ tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
+ Glazunov from Google's Project Zero.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2021/06/10.
+
o Minor features (logging, diagnostic):
- Log decompression failures at a higher severity level, since they
can help provide missing context for other warning messages. We
diff --git a/ReleaseNotes b/ReleaseNotes
index d567fa4463..7c6da85d05 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -8,6 +8,39 @@ Changes in version 0.4.6.5 - 2021-06-1?
Below are the changes since 0.4.5.8. For a list of changes since
0.4.6.4-rc, see the ChangeLog file.
+ o Major bugfixes (security):
+ - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
+ half-closed streams. Previously, clients failed to validate which
+ hop sent these cells: this would allow a relay on a circuit to end
+ a stream that wasn't actually built with it. Fixes bug 40389;
+ bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
+ 003 and CVE-2021-34548.
+
+ o Major bugfixes (security, defense-in-depth):
+ - Detect more failure conditions from the OpenSSL RNG code.
+ Previously, we would detect errors from a missing RNG
+ implementation, but not failures from the RNG code itself.
+ Fortunately, it appears those failures do not happen in practice
+ when Tor is using OpenSSL's default RNG implementation. Fixes bug
+ 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
+ TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
+
+ o Major bugfixes (security, denial of service):
+ - Resist a hashtable-based CPU denial-of-service attack against
+ relays. Previously we used a naive unkeyed hash function to look
+ up circuits in a circuitmux object. An attacker could exploit this
+ to construct circuits with chosen circuit IDs, to create
+ collisions and make the hash table inefficient. Now we use a
+ SipHash construction here instead. Fixes bug 40391; bugfix on
+ 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
+ CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
+ - Fix an out-of-bounds memory access in v3 onion service descriptor
+ parsing. An attacker could exploit this bug by crafting an onion
+ service descriptor that would crash any client that tried to visit
+ it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
+ tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
+ Glazunov from Google's Project Zero.
+
o Major features (control port, onion services):
- Add controller support for creating version 3 onion services with
client authorization. Previously, only v2 onion services could be
@@ -114,6 +147,10 @@ Changes in version 0.4.6.5 - 2021-06-1?
control over whether the client can become dormant from
inactivity. Most people won't need this. Closes ticket 40228.
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2021/06/10.
+
o Minor features (logging):
- Edit heartbeat log messages so that more of them begin with the
string "Heartbeat: ". Closes ticket 40322; patch
diff --git a/changes/bug40391 b/changes/bug40391
deleted file mode 100644
index e3c186275f..0000000000
--- a/changes/bug40391
+++ /dev/null
@@ -1,9 +0,0 @@
- o Major bugfixes (security):
- - Resist a hashtable-based CPU denial-of-service attack against
- relays. Previously we used a naive unkeyed hash function to look up
- circuits in a circuitmux object. An attacker could exploit this to
- construct circuits with chosen circuit IDs in order to try to create
- collisions and make the hash table inefficient. Now we use a SipHash
- construction for this hash table instead. Fixes bug 40391; bugfix on
- 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005.
- Reported by Jann Horn from Google's Project Zero.
diff --git a/changes/bug40392 b/changes/bug40392
deleted file mode 100644
index 4dffa50bb2..0000000000
--- a/changes/bug40392
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes (security, denial of service, onion services):
- - Fix an out-of-bounds memory access in v3 descriptor parsing. Fixes bug
- 40392; bugfix on 0.3.0.1-alpha. This issue is also tracked as
- TROVE-2021-006. Reported by Sergei Glazunov from Google's Project Zero.
\ No newline at end of file
diff --git a/changes/geoip-2021-06-10 b/changes/geoip-2021-06-10
deleted file mode 100644
index 2b798012c8..0000000000
--- a/changes/geoip-2021-06-10
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2021/06/10.
diff --git a/changes/ticket40389 b/changes/ticket40389
deleted file mode 100644
index 7dcf65b32e..0000000000
--- a/changes/ticket40389
+++ /dev/null
@@ -1,3 +0,0 @@
- o Major bugfixes (relay, TROVE):
- - Don't allow entry or middle relays to spoof RELAY_END or RELAY_RESOLVED
- cell on half-closed streams. Fixes bug 40389; bugfix on 0.3.5.1-alpha.
diff --git a/changes/ticket40390 b/changes/ticket40390
deleted file mode 100644
index b56fa4d9da..0000000000
--- a/changes/ticket40390
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major bugfixes (security, defense-in-depth):
- - Detect a wider variety of failure conditions from the OpenSSL RNG
- code. Previously, we would detect errors from a missing RNG
- implementation, but not failures from the RNG code itself.
- Fortunately, it appears those failures do not happen in practice
- when Tor is using OpenSSL's default RNG implementation.
- Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
- TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
More information about the tor-commits
mailing list