mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
Copy changelogs for today's releases to master.
This commit is contained in:
parent
7059c32968
commit
7793ccdee4
340
ChangeLog
340
ChangeLog
@ -1,3 +1,343 @@
|
|||||||
|
Changes in version 0.4.3.3-alpha - 2020-03-18
|
||||||
|
Tor 0.4.3.3-alpha fixes several bugs in previous releases, including
|
||||||
|
TROVE-2020-002, a major denial-of-service vulnerability that affected
|
||||||
|
all released Tor instances since 0.2.1.5-alpha. Using this
|
||||||
|
vulnerability, an attacker could cause Tor instances to consume a huge
|
||||||
|
amount of CPU, disrupting their operations for several seconds or
|
||||||
|
minutes. This attack could be launched by anybody against a relay, or
|
||||||
|
by a directory cache against any client that had connected to it. The
|
||||||
|
attacker could launch this attack as much as they wanted, thereby
|
||||||
|
disrupting service or creating patterns that could aid in traffic
|
||||||
|
analysis. This issue was found by OSS-Fuzz, and is also tracked
|
||||||
|
as CVE-2020-10592.
|
||||||
|
|
||||||
|
We do not have reason to believe that this attack is currently being
|
||||||
|
exploited in the wild, but nonetheless we advise everyone to upgrade
|
||||||
|
as soon as packages are available.
|
||||||
|
|
||||||
|
o Major bugfixes (security, denial-of-service):
|
||||||
|
- Fix a denial-of-service bug that could be used by anyone to
|
||||||
|
consume a bunch of CPU on any Tor relay or authority, or by
|
||||||
|
directories to consume a bunch of CPU on clients or hidden
|
||||||
|
services. Because of the potential for CPU consumption to
|
||||||
|
introduce observable timing patterns, we are treating this as a
|
||||||
|
high-severity security issue. Fixes bug 33119; bugfix on
|
||||||
|
0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
|
||||||
|
as TROVE-2020-002 and CVE-2020-10592.
|
||||||
|
|
||||||
|
o Major bugfixes (circuit padding, memory leak):
|
||||||
|
- Avoid a remotely triggered memory leak in the case that a circuit
|
||||||
|
padding machine is somehow negotiated twice on the same circuit.
|
||||||
|
Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
|
||||||
|
This is also tracked as TROVE-2020-004 and CVE-2020-10593.
|
||||||
|
|
||||||
|
o Major bugfixes (directory authority):
|
||||||
|
- Directory authorities will now send a 503 (not enough bandwidth)
|
||||||
|
code to clients when under bandwidth pressure. Known relays and
|
||||||
|
other authorities will always be answered regardless of the
|
||||||
|
bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha.
|
||||||
|
|
||||||
|
o Minor features (diagnostic):
|
||||||
|
- Improve assertions and add some memory-poisoning code to try to
|
||||||
|
track down possible causes of a rare crash (32564) in the EWMA
|
||||||
|
code. Closes ticket 33290.
|
||||||
|
|
||||||
|
o Minor features (directory authorities):
|
||||||
|
- Directory authorities now reject descriptors from relays running
|
||||||
|
Tor versions from the 0.2.9 and 0.4.0 series. The 0.3.5 series is
|
||||||
|
still allowed. Resolves ticket 32672. Patch by Neel Chauhan.
|
||||||
|
|
||||||
|
o Minor features (usability):
|
||||||
|
- Include more information when failing to parse a configuration
|
||||||
|
value. This should make it easier to tell what's going wrong when
|
||||||
|
a configuration file doesn't parse. Closes ticket 33460.
|
||||||
|
|
||||||
|
o Minor bugfix (relay, configuration):
|
||||||
|
- Warn if the ContactInfo field is not set, and tell the relay
|
||||||
|
operator that not having a ContactInfo field set might cause their
|
||||||
|
relay to get rejected in the future. Fixes bug 33361; bugfix
|
||||||
|
on 0.1.1.10-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (coding best practices checks):
|
||||||
|
- Allow the "practracker" script to read unicode files when using
|
||||||
|
Python 2. We made the script use unicode literals in 0.4.3.1-alpha,
|
||||||
|
but didn't change the codec for opening files. Fixes bug 33374;
|
||||||
|
bugfix on 0.4.3.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (continuous integration):
|
||||||
|
- Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix
|
||||||
|
on 0.3.2.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (onion service v3, client):
|
||||||
|
- Remove a BUG() warning that would cause a stack trace if an onion
|
||||||
|
service descriptor was freed while we were waiting for a
|
||||||
|
rendezvous circuit to complete. Fixes bug 28992; bugfix
|
||||||
|
on 0.3.2.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (onion services v3):
|
||||||
|
- Fix an assertion failure that could result from a corrupted
|
||||||
|
ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
|
||||||
|
bugfix on 0.3.3.1-alpha. This issue is also tracked
|
||||||
|
as TROVE-2020-003.
|
||||||
|
|
||||||
|
o Documentation (manpage):
|
||||||
|
- Alphabetize the Server and Directory server sections of the tor
|
||||||
|
manpage. Also split Statistics options into their own section of
|
||||||
|
the manpage. Closes ticket 33188. Work by Swati Thacker as part of
|
||||||
|
Google Season of Docs.
|
||||||
|
- Document the __OwningControllerProcess torrc option and specify
|
||||||
|
its polling interval. Resolves issue 32971.
|
||||||
|
|
||||||
|
o Testing (Travis CI):
|
||||||
|
- Remove a redundant distcheck job. Closes ticket 33194.
|
||||||
|
- Sort the Travis jobs in order of speed: putting the slowest jobs
|
||||||
|
first takes full advantage of Travis job concurrency. Closes
|
||||||
|
ticket 33194.
|
||||||
|
- Stop allowing the Chutney IPv6 Travis job to fail. This job was
|
||||||
|
previously configured to fast_finish (which requires
|
||||||
|
allow_failure), to speed up the build. Closes ticket 33195.
|
||||||
|
- When a Travis chutney job fails, use chutney's new "diagnostics.sh"
|
||||||
|
tool to produce detailed diagnostic output. Closes ticket 32792.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.4.2.7 - 2020-03-18
|
||||||
|
This is the third stable release in the 0.4.2.x series. It backports
|
||||||
|
numerous fixes from later releases, including a fix for TROVE-2020-
|
||||||
|
002, a major denial-of-service vulnerability that affected all
|
||||||
|
released Tor instances since 0.2.1.5-alpha. Using this vulnerability,
|
||||||
|
an attacker could cause Tor instances to consume a huge amount of CPU,
|
||||||
|
disrupting their operations for several seconds or minutes. This
|
||||||
|
attack could be launched by anybody against a relay, or by a directory
|
||||||
|
cache against any client that had connected to it. The attacker could
|
||||||
|
launch this attack as much as they wanted, thereby disrupting service
|
||||||
|
or creating patterns that could aid in traffic analysis. This issue
|
||||||
|
was found by OSS-Fuzz, and is also tracked as CVE-2020-10592.
|
||||||
|
|
||||||
|
We do not have reason to believe that this attack is currently being
|
||||||
|
exploited in the wild, but nonetheless we advise everyone to upgrade
|
||||||
|
as soon as packages are available.
|
||||||
|
|
||||||
|
o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha):
|
||||||
|
- Fix a denial-of-service bug that could be used by anyone to
|
||||||
|
consume a bunch of CPU on any Tor relay or authority, or by
|
||||||
|
directories to consume a bunch of CPU on clients or hidden
|
||||||
|
services. Because of the potential for CPU consumption to
|
||||||
|
introduce observable timing patterns, we are treating this as a
|
||||||
|
high-severity security issue. Fixes bug 33119; bugfix on
|
||||||
|
0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
|
||||||
|
as TROVE-2020-002 and CVE-2020-10592.
|
||||||
|
|
||||||
|
o Major bugfixes (circuit padding, memory leak, backport from 0.4.3.3-alpha):
|
||||||
|
- Avoid a remotely triggered memory leak in the case that a circuit
|
||||||
|
padding machine is somehow negotiated twice on the same circuit.
|
||||||
|
Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
|
||||||
|
This is also tracked as TROVE-2020-004 and CVE-2020-10593.
|
||||||
|
|
||||||
|
o Major bugfixes (directory authority, backport from 0.4.3.3-alpha):
|
||||||
|
- Directory authorities will now send a 503 (not enough bandwidth)
|
||||||
|
code to clients when under bandwidth pressure. Known relays and
|
||||||
|
other authorities will always be answered regardless of the
|
||||||
|
bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha.
|
||||||
|
|
||||||
|
o Minor features (continuous integration, backport from 0.4.3.2-alpha):
|
||||||
|
- Stop allowing failures on the Travis CI stem tests job. It looks
|
||||||
|
like all the stem hangs we were seeing before are now fixed.
|
||||||
|
Closes ticket 33075.
|
||||||
|
|
||||||
|
o Minor bugfixes (bridges, backport from 0.4.3.1-alpha):
|
||||||
|
- Lowercase the configured value of BridgeDistribution before adding
|
||||||
|
it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (logging, backport from 0.4.3.2-alpha):
|
||||||
|
- If we encounter a bug when flushing a buffer to a TLS connection,
|
||||||
|
only log the bug once per invocation of the Tor process.
|
||||||
|
Previously we would log with every occurrence, which could cause
|
||||||
|
us to run out of disk space. Fixes bug 33093; bugfix
|
||||||
|
on 0.3.2.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha):
|
||||||
|
- Fix an assertion failure that could result from a corrupted
|
||||||
|
ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
|
||||||
|
bugfix on 0.3.3.1-alpha. This issue is also tracked
|
||||||
|
as TROVE-2020-003.
|
||||||
|
|
||||||
|
o Minor bugfixes (rust, build, backport from 0.4.3.2-alpha):
|
||||||
|
- Fix a syntax warning given by newer versions of Rust that was
|
||||||
|
creating problems for our continuous integration. Fixes bug 33212;
|
||||||
|
bugfix on 0.3.5.1-alpha.
|
||||||
|
|
||||||
|
o Testing (Travis CI, backport from 0.4.3.3-alpha):
|
||||||
|
- Remove a redundant distcheck job. Closes ticket 33194.
|
||||||
|
- Sort the Travis jobs in order of speed: putting the slowest jobs
|
||||||
|
first takes full advantage of Travis job concurrency. Closes
|
||||||
|
ticket 33194.
|
||||||
|
- Stop allowing the Chutney IPv6 Travis job to fail. This job was
|
||||||
|
previously configured to fast_finish (which requires
|
||||||
|
allow_failure), to speed up the build. Closes ticket 33195.
|
||||||
|
- When a Travis chutney job fails, use chutney's new "diagnostics.sh"
|
||||||
|
tool to produce detailed diagnostic output. Closes ticket 32792.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.4.1.9 - 2020-03-18
|
||||||
|
Tor 0.4.1.9 backports important fixes from later Tor releases,
|
||||||
|
including a fix for TROVE-2020-002, a major denial-of-service
|
||||||
|
vulnerability that affected all released Tor instances since
|
||||||
|
0.2.1.5-alpha. Using this vulnerability, an attacker could cause Tor
|
||||||
|
instances to consume a huge amount of CPU, disrupting their operations
|
||||||
|
for several seconds or minutes. This attack could be launched by
|
||||||
|
anybody against a relay, or by a directory cache against any client
|
||||||
|
that had connected to it. The attacker could launch this attack as
|
||||||
|
much as they wanted, thereby disrupting service or creating patterns
|
||||||
|
that could aid in traffic analysis. This issue was found by OSS-Fuzz,
|
||||||
|
and is also tracked as CVE-2020-10592.
|
||||||
|
|
||||||
|
We do not have reason to believe that this attack is currently being
|
||||||
|
exploited in the wild, but nonetheless we advise everyone to upgrade
|
||||||
|
as soon as packages are available.
|
||||||
|
|
||||||
|
o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha):
|
||||||
|
- Fix a denial-of-service bug that could be used by anyone to
|
||||||
|
consume a bunch of CPU on any Tor relay or authority, or by
|
||||||
|
directories to consume a bunch of CPU on clients or hidden
|
||||||
|
services. Because of the potential for CPU consumption to
|
||||||
|
introduce observable timing patterns, we are treating this as a
|
||||||
|
high-severity security issue. Fixes bug 33119; bugfix on
|
||||||
|
0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
|
||||||
|
as TROVE-2020-002 and CVE-2020-10592.
|
||||||
|
|
||||||
|
o Major bugfixes (circuit padding, memory leak, backport from 0.4.3.3-alpha):
|
||||||
|
- Avoid a remotely triggered memory leak in the case that a circuit
|
||||||
|
padding machine is somehow negotiated twice on the same circuit.
|
||||||
|
Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
|
||||||
|
This is also tracked as TROVE-2020-004 and CVE-2020-10593.
|
||||||
|
|
||||||
|
o Minor bugfixes (bridges, backport from 0.4.3.1-alpha):
|
||||||
|
- Lowercase the configured value of BridgeDistribution before adding
|
||||||
|
it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (logging, backport from 0.4.3.2-alpha):
|
||||||
|
- If we encounter a bug when flushing a buffer to a TLS connection,
|
||||||
|
only log the bug once per invocation of the Tor process.
|
||||||
|
Previously we would log with every occurrence, which could cause
|
||||||
|
us to run out of disk space. Fixes bug 33093; bugfix
|
||||||
|
on 0.3.2.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha):
|
||||||
|
- Fix an assertion failure that could result from a corrupted
|
||||||
|
ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
|
||||||
|
bugfix on 0.3.3.1-alpha. This issue is also tracked
|
||||||
|
as TROVE-2020-003.
|
||||||
|
|
||||||
|
o Minor bugfixes (rust, build, backport from 0.4.3.2-alpha):
|
||||||
|
- Fix a syntax warning given by newer versions of Rust that was
|
||||||
|
creating problems for our continuous integration. Fixes bug 33212;
|
||||||
|
bugfix on 0.3.5.1-alpha.
|
||||||
|
|
||||||
|
o Testing (Travis CI, backport from 0.4.3.3-alpha):
|
||||||
|
- Remove a redundant distcheck job. Closes ticket 33194.
|
||||||
|
- Sort the Travis jobs in order of speed: putting the slowest jobs
|
||||||
|
first takes full advantage of Travis job concurrency. Closes
|
||||||
|
ticket 33194.
|
||||||
|
- Stop allowing the Chutney IPv6 Travis job to fail. This job was
|
||||||
|
previously configured to fast_finish (which requires
|
||||||
|
allow_failure), to speed up the build. Closes ticket 33195.
|
||||||
|
- When a Travis chutney job fails, use chutney's new "diagnostics.sh"
|
||||||
|
tool to produce detailed diagnostic output. Closes ticket 32792.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.3.5.10 - 2020-03-18
|
||||||
|
Tor 0.3.5.10 backports many fixes from later Tor releases, including a
|
||||||
|
fix for TROVE-2020-002, a major denial-of-service vulnerability that
|
||||||
|
affected all released Tor instances since 0.2.1.5-alpha. Using this
|
||||||
|
vulnerability, an attacker could cause Tor instances to consume a huge
|
||||||
|
amount of CPU, disrupting their operations for several seconds or
|
||||||
|
minutes. This attack could be launched by anybody against a relay, or
|
||||||
|
by a directory cache against any client that had connected to it. The
|
||||||
|
attacker could launch this attack as much as they wanted, thereby
|
||||||
|
disrupting service or creating patterns that could aid in traffic
|
||||||
|
analysis. This issue was found by OSS-Fuzz, and is also tracked
|
||||||
|
as CVE-2020-10592.
|
||||||
|
|
||||||
|
We do not have reason to believe that this attack is currently being
|
||||||
|
exploited in the wild, but nonetheless we advise everyone to upgrade
|
||||||
|
as soon as packages are available.
|
||||||
|
|
||||||
|
o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha):
|
||||||
|
- Fix a denial-of-service bug that could be used by anyone to
|
||||||
|
consume a bunch of CPU on any Tor relay or authority, or by
|
||||||
|
directories to consume a bunch of CPU on clients or hidden
|
||||||
|
services. Because of the potential for CPU consumption to
|
||||||
|
introduce observable timing patterns, we are treating this as a
|
||||||
|
high-severity security issue. Fixes bug 33119; bugfix on
|
||||||
|
0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
|
||||||
|
as TROVE-2020-002 and CVE-2020-10592.
|
||||||
|
|
||||||
|
o Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha):
|
||||||
|
- Correct how we use libseccomp. Particularly, stop assuming that
|
||||||
|
rules are applied in a particular order or that more rules are
|
||||||
|
processed after the first match. Neither is the case! In
|
||||||
|
libseccomp <2.4.0 this lead to some rules having no effect.
|
||||||
|
libseccomp 2.4.0 changed how rules are generated, leading to a
|
||||||
|
different ordering, which in turn led to a fatal crash during
|
||||||
|
startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by
|
||||||
|
Peter Gerber.
|
||||||
|
|
||||||
|
o Minor features (continuous integration, backport from 0.4.3.2-alpha):
|
||||||
|
- Stop allowing failures on the Travis CI stem tests job. It looks
|
||||||
|
like all the stem hangs we were seeing before are now fixed.
|
||||||
|
Closes ticket 33075.
|
||||||
|
|
||||||
|
o Minor bugfixes (bridges, backport from 0.4.3.1-alpha):
|
||||||
|
- Lowercase the configured value of BridgeDistribution before adding
|
||||||
|
it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (crash, backport from 0.4.2.4-rc):
|
||||||
|
- When running Tor with an option like --verify-config or
|
||||||
|
--dump-config that does not start the event loop, avoid crashing
|
||||||
|
if we try to exit early because of an error. Fixes bug 32407;
|
||||||
|
bugfix on 0.3.3.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (logging, backport from 0.4.3.2-alpha):
|
||||||
|
- If we encounter a bug when flushing a buffer to a TLS connection,
|
||||||
|
only log the bug once per invocation of the Tor process.
|
||||||
|
Previously we would log with every occurrence, which could cause
|
||||||
|
us to run out of disk space. Fixes bug 33093; bugfix
|
||||||
|
on 0.3.2.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha):
|
||||||
|
- Fix an assertion failure that could result from a corrupted
|
||||||
|
ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
|
||||||
|
bugfix on 0.3.3.1-alpha. This issue is also tracked
|
||||||
|
as TROVE-2020-003.
|
||||||
|
|
||||||
|
o Minor bugfixes (rust, build, backport from 0.4.3.2-alpha):
|
||||||
|
- Fix a syntax warning given by newer versions of Rust that was
|
||||||
|
creating problems for our continuous integration. Fixes bug 33212;
|
||||||
|
bugfix on 0.3.5.1-alpha.
|
||||||
|
|
||||||
|
o Testing (backport from 0.4.3.1-alpha):
|
||||||
|
- Re-enable the Travis CI macOS Chutney build, but don't let it
|
||||||
|
prevent the Travis job from finishing. (The Travis macOS jobs are
|
||||||
|
slow, so we don't want to have it delay the whole CI process.)
|
||||||
|
Closes ticket 32629.
|
||||||
|
- Turn off Tor's Sandbox in Chutney jobs, and run those jobs on
|
||||||
|
Ubuntu Bionic. Turning off the Sandbox is a work-around, until we
|
||||||
|
fix the sandbox errors in 32722. Closes ticket 32240.
|
||||||
|
|
||||||
|
o Testing (continuous integration, backport from 0.4.3.1-alpha):
|
||||||
|
- Use zstd in our Travis Linux builds. Closes ticket 32242.
|
||||||
|
|
||||||
|
o Testing (Travis CI, backport from 0.4.3.3-alpha):
|
||||||
|
- Remove a redundant distcheck job. Closes ticket 33194.
|
||||||
|
- Sort the Travis jobs in order of speed: putting the slowest jobs
|
||||||
|
first takes full advantage of Travis job concurrency. Closes
|
||||||
|
ticket 33194.
|
||||||
|
- Stop allowing the Chutney IPv6 Travis job to fail. This job was
|
||||||
|
previously configured to fast_finish (which requires
|
||||||
|
- When a Travis chutney job fails, use chutney's new "diagnostics.sh"
|
||||||
|
tool to produce detailed diagnostic output. Closes ticket 32792.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.4.3.2-alpha - 2020-02-10
|
Changes in version 0.4.3.2-alpha - 2020-02-10
|
||||||
This is the second stable alpha release in the Tor 0.4.3.x series. It
|
This is the second stable alpha release in the Tor 0.4.3.x series. It
|
||||||
fixes several bugs present in the previous alpha release. Anybody
|
fixes several bugs present in the previous alpha release. Anybody
|
||||||
|
340
ReleaseNotes
340
ReleaseNotes
@ -2,6 +2,346 @@ This document summarizes new features and bugfixes in each stable
|
|||||||
release of Tor. If you want to see more detailed descriptions of the
|
release of Tor. If you want to see more detailed descriptions of the
|
||||||
changes in each development snapshot, see the ChangeLog file.
|
changes in each development snapshot, see the ChangeLog file.
|
||||||
|
|
||||||
|
Changes in version 0.4.3.3-alpha - 2020-03-18
|
||||||
|
Tor 0.4.3.3-alpha fixes several bugs in previous releases, including
|
||||||
|
TROVE-2020-002, a major denial-of-service vulnerability that affected
|
||||||
|
all released Tor instances since 0.2.1.5-alpha. Using this
|
||||||
|
vulnerability, an attacker could cause Tor instances to consume a huge
|
||||||
|
amount of CPU, disrupting their operations for several seconds or
|
||||||
|
minutes. This attack could be launched by anybody against a relay, or
|
||||||
|
by a directory cache against any client that had connected to it. The
|
||||||
|
attacker could launch this attack as much as they wanted, thereby
|
||||||
|
disrupting service or creating patterns that could aid in traffic
|
||||||
|
analysis. This issue was found by OSS-Fuzz, and is also tracked
|
||||||
|
as CVE-2020-10592.
|
||||||
|
|
||||||
|
We do not have reason to believe that this attack is currently being
|
||||||
|
exploited in the wild, but nonetheless we advise everyone to upgrade
|
||||||
|
as soon as packages are available.
|
||||||
|
|
||||||
|
o Major bugfixes (security, denial-of-service):
|
||||||
|
- Fix a denial-of-service bug that could be used by anyone to
|
||||||
|
consume a bunch of CPU on any Tor relay or authority, or by
|
||||||
|
directories to consume a bunch of CPU on clients or hidden
|
||||||
|
services. Because of the potential for CPU consumption to
|
||||||
|
introduce observable timing patterns, we are treating this as a
|
||||||
|
high-severity security issue. Fixes bug 33119; bugfix on
|
||||||
|
0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
|
||||||
|
as TROVE-2020-002 and CVE-2020-10592.
|
||||||
|
|
||||||
|
o Major bugfixes (circuit padding, memory leak):
|
||||||
|
- Avoid a remotely triggered memory leak in the case that a circuit
|
||||||
|
padding machine is somehow negotiated twice on the same circuit.
|
||||||
|
Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
|
||||||
|
This is also tracked as TROVE-2020-004 and CVE-2020-10593.
|
||||||
|
|
||||||
|
o Major bugfixes (directory authority):
|
||||||
|
- Directory authorities will now send a 503 (not enough bandwidth)
|
||||||
|
code to clients when under bandwidth pressure. Known relays and
|
||||||
|
other authorities will always be answered regardless of the
|
||||||
|
bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha.
|
||||||
|
|
||||||
|
o Minor features (diagnostic):
|
||||||
|
- Improve assertions and add some memory-poisoning code to try to
|
||||||
|
track down possible causes of a rare crash (32564) in the EWMA
|
||||||
|
code. Closes ticket 33290.
|
||||||
|
|
||||||
|
o Minor features (directory authorities):
|
||||||
|
- Directory authorities now reject descriptors from relays running
|
||||||
|
Tor versions from the 0.2.9 and 0.4.0 series. The 0.3.5 series is
|
||||||
|
still allowed. Resolves ticket 32672. Patch by Neel Chauhan.
|
||||||
|
|
||||||
|
o Minor features (usability):
|
||||||
|
- Include more information when failing to parse a configuration
|
||||||
|
value. This should make it easier to tell what's going wrong when
|
||||||
|
a configuration file doesn't parse. Closes ticket 33460.
|
||||||
|
|
||||||
|
o Minor bugfix (relay, configuration):
|
||||||
|
- Warn if the ContactInfo field is not set, and tell the relay
|
||||||
|
operator that not having a ContactInfo field set might cause their
|
||||||
|
relay to get rejected in the future. Fixes bug 33361; bugfix
|
||||||
|
on 0.1.1.10-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (coding best practices checks):
|
||||||
|
- Allow the "practracker" script to read unicode files when using
|
||||||
|
Python 2. We made the script use unicode literals in 0.4.3.1-alpha,
|
||||||
|
but didn't change the codec for opening files. Fixes bug 33374;
|
||||||
|
bugfix on 0.4.3.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (continuous integration):
|
||||||
|
- Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix
|
||||||
|
on 0.3.2.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (onion service v3, client):
|
||||||
|
- Remove a BUG() warning that would cause a stack trace if an onion
|
||||||
|
service descriptor was freed while we were waiting for a
|
||||||
|
rendezvous circuit to complete. Fixes bug 28992; bugfix
|
||||||
|
on 0.3.2.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (onion services v3):
|
||||||
|
- Fix an assertion failure that could result from a corrupted
|
||||||
|
ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
|
||||||
|
bugfix on 0.3.3.1-alpha. This issue is also tracked
|
||||||
|
as TROVE-2020-003.
|
||||||
|
|
||||||
|
o Documentation (manpage):
|
||||||
|
- Alphabetize the Server and Directory server sections of the tor
|
||||||
|
manpage. Also split Statistics options into their own section of
|
||||||
|
the manpage. Closes ticket 33188. Work by Swati Thacker as part of
|
||||||
|
Google Season of Docs.
|
||||||
|
- Document the __OwningControllerProcess torrc option and specify
|
||||||
|
its polling interval. Resolves issue 32971.
|
||||||
|
|
||||||
|
o Testing (Travis CI):
|
||||||
|
- Remove a redundant distcheck job. Closes ticket 33194.
|
||||||
|
- Sort the Travis jobs in order of speed: putting the slowest jobs
|
||||||
|
first takes full advantage of Travis job concurrency. Closes
|
||||||
|
ticket 33194.
|
||||||
|
- Stop allowing the Chutney IPv6 Travis job to fail. This job was
|
||||||
|
previously configured to fast_finish (which requires
|
||||||
|
allow_failure), to speed up the build. Closes ticket 33195.
|
||||||
|
- When a Travis chutney job fails, use chutney's new "diagnostics.sh"
|
||||||
|
tool to produce detailed diagnostic output. Closes ticket 32792.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.4.2.7 - 2020-03-18
|
||||||
|
This is the third stable release in the 0.4.2.x series. It backports
|
||||||
|
numerous fixes from later releases, including a fix for TROVE-2020-
|
||||||
|
002, a major denial-of-service vulnerability that affected all
|
||||||
|
released Tor instances since 0.2.1.5-alpha. Using this vulnerability,
|
||||||
|
an attacker could cause Tor instances to consume a huge amount of CPU,
|
||||||
|
disrupting their operations for several seconds or minutes. This
|
||||||
|
attack could be launched by anybody against a relay, or by a directory
|
||||||
|
cache against any client that had connected to it. The attacker could
|
||||||
|
launch this attack as much as they wanted, thereby disrupting service
|
||||||
|
or creating patterns that could aid in traffic analysis. This issue
|
||||||
|
was found by OSS-Fuzz, and is also tracked as CVE-2020-10592.
|
||||||
|
|
||||||
|
We do not have reason to believe that this attack is currently being
|
||||||
|
exploited in the wild, but nonetheless we advise everyone to upgrade
|
||||||
|
as soon as packages are available.
|
||||||
|
|
||||||
|
o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha):
|
||||||
|
- Fix a denial-of-service bug that could be used by anyone to
|
||||||
|
consume a bunch of CPU on any Tor relay or authority, or by
|
||||||
|
directories to consume a bunch of CPU on clients or hidden
|
||||||
|
services. Because of the potential for CPU consumption to
|
||||||
|
introduce observable timing patterns, we are treating this as a
|
||||||
|
high-severity security issue. Fixes bug 33119; bugfix on
|
||||||
|
0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
|
||||||
|
as TROVE-2020-002 and CVE-2020-10592.
|
||||||
|
|
||||||
|
o Major bugfixes (circuit padding, memory leak, backport from 0.4.3.3-alpha):
|
||||||
|
- Avoid a remotely triggered memory leak in the case that a circuit
|
||||||
|
padding machine is somehow negotiated twice on the same circuit.
|
||||||
|
Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
|
||||||
|
This is also tracked as TROVE-2020-004 and CVE-2020-10593.
|
||||||
|
|
||||||
|
o Major bugfixes (directory authority, backport from 0.4.3.3-alpha):
|
||||||
|
- Directory authorities will now send a 503 (not enough bandwidth)
|
||||||
|
code to clients when under bandwidth pressure. Known relays and
|
||||||
|
other authorities will always be answered regardless of the
|
||||||
|
bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha.
|
||||||
|
|
||||||
|
o Minor features (continuous integration, backport from 0.4.3.2-alpha):
|
||||||
|
- Stop allowing failures on the Travis CI stem tests job. It looks
|
||||||
|
like all the stem hangs we were seeing before are now fixed.
|
||||||
|
Closes ticket 33075.
|
||||||
|
|
||||||
|
o Minor bugfixes (bridges, backport from 0.4.3.1-alpha):
|
||||||
|
- Lowercase the configured value of BridgeDistribution before adding
|
||||||
|
it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (logging, backport from 0.4.3.2-alpha):
|
||||||
|
- If we encounter a bug when flushing a buffer to a TLS connection,
|
||||||
|
only log the bug once per invocation of the Tor process.
|
||||||
|
Previously we would log with every occurrence, which could cause
|
||||||
|
us to run out of disk space. Fixes bug 33093; bugfix
|
||||||
|
on 0.3.2.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha):
|
||||||
|
- Fix an assertion failure that could result from a corrupted
|
||||||
|
ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
|
||||||
|
bugfix on 0.3.3.1-alpha. This issue is also tracked
|
||||||
|
as TROVE-2020-003.
|
||||||
|
|
||||||
|
o Minor bugfixes (rust, build, backport from 0.4.3.2-alpha):
|
||||||
|
- Fix a syntax warning given by newer versions of Rust that was
|
||||||
|
creating problems for our continuous integration. Fixes bug 33212;
|
||||||
|
bugfix on 0.3.5.1-alpha.
|
||||||
|
|
||||||
|
o Testing (Travis CI, backport from 0.4.3.3-alpha):
|
||||||
|
- Remove a redundant distcheck job. Closes ticket 33194.
|
||||||
|
- Sort the Travis jobs in order of speed: putting the slowest jobs
|
||||||
|
first takes full advantage of Travis job concurrency. Closes
|
||||||
|
ticket 33194.
|
||||||
|
- Stop allowing the Chutney IPv6 Travis job to fail. This job was
|
||||||
|
previously configured to fast_finish (which requires
|
||||||
|
allow_failure), to speed up the build. Closes ticket 33195.
|
||||||
|
- When a Travis chutney job fails, use chutney's new "diagnostics.sh"
|
||||||
|
tool to produce detailed diagnostic output. Closes ticket 32792.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.4.1.9 - 2020-03-18
|
||||||
|
Tor 0.4.1.9 backports important fixes from later Tor releases,
|
||||||
|
including a fix for TROVE-2020-002, a major denial-of-service
|
||||||
|
vulnerability that affected all released Tor instances since
|
||||||
|
0.2.1.5-alpha. Using this vulnerability, an attacker could cause Tor
|
||||||
|
instances to consume a huge amount of CPU, disrupting their operations
|
||||||
|
for several seconds or minutes. This attack could be launched by
|
||||||
|
anybody against a relay, or by a directory cache against any client
|
||||||
|
that had connected to it. The attacker could launch this attack as
|
||||||
|
much as they wanted, thereby disrupting service or creating patterns
|
||||||
|
that could aid in traffic analysis. This issue was found by OSS-Fuzz,
|
||||||
|
and is also tracked as CVE-2020-10592.
|
||||||
|
|
||||||
|
We do not have reason to believe that this attack is currently being
|
||||||
|
exploited in the wild, but nonetheless we advise everyone to upgrade
|
||||||
|
as soon as packages are available.
|
||||||
|
|
||||||
|
o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha):
|
||||||
|
- Fix a denial-of-service bug that could be used by anyone to
|
||||||
|
consume a bunch of CPU on any Tor relay or authority, or by
|
||||||
|
directories to consume a bunch of CPU on clients or hidden
|
||||||
|
services. Because of the potential for CPU consumption to
|
||||||
|
introduce observable timing patterns, we are treating this as a
|
||||||
|
high-severity security issue. Fixes bug 33119; bugfix on
|
||||||
|
0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
|
||||||
|
as TROVE-2020-002 and CVE-2020-10592.
|
||||||
|
|
||||||
|
o Major bugfixes (circuit padding, memory leak, backport from 0.4.3.3-alpha):
|
||||||
|
- Avoid a remotely triggered memory leak in the case that a circuit
|
||||||
|
padding machine is somehow negotiated twice on the same circuit.
|
||||||
|
Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
|
||||||
|
This is also tracked as TROVE-2020-004 and CVE-2020-10593.
|
||||||
|
|
||||||
|
o Minor bugfixes (bridges, backport from 0.4.3.1-alpha):
|
||||||
|
- Lowercase the configured value of BridgeDistribution before adding
|
||||||
|
it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (logging, backport from 0.4.3.2-alpha):
|
||||||
|
- If we encounter a bug when flushing a buffer to a TLS connection,
|
||||||
|
only log the bug once per invocation of the Tor process.
|
||||||
|
Previously we would log with every occurrence, which could cause
|
||||||
|
us to run out of disk space. Fixes bug 33093; bugfix
|
||||||
|
on 0.3.2.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha):
|
||||||
|
- Fix an assertion failure that could result from a corrupted
|
||||||
|
ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
|
||||||
|
bugfix on 0.3.3.1-alpha. This issue is also tracked
|
||||||
|
as TROVE-2020-003.
|
||||||
|
|
||||||
|
o Minor bugfixes (rust, build, backport from 0.4.3.2-alpha):
|
||||||
|
- Fix a syntax warning given by newer versions of Rust that was
|
||||||
|
creating problems for our continuous integration. Fixes bug 33212;
|
||||||
|
bugfix on 0.3.5.1-alpha.
|
||||||
|
|
||||||
|
o Testing (Travis CI, backport from 0.4.3.3-alpha):
|
||||||
|
- Remove a redundant distcheck job. Closes ticket 33194.
|
||||||
|
- Sort the Travis jobs in order of speed: putting the slowest jobs
|
||||||
|
first takes full advantage of Travis job concurrency. Closes
|
||||||
|
ticket 33194.
|
||||||
|
- Stop allowing the Chutney IPv6 Travis job to fail. This job was
|
||||||
|
previously configured to fast_finish (which requires
|
||||||
|
allow_failure), to speed up the build. Closes ticket 33195.
|
||||||
|
- When a Travis chutney job fails, use chutney's new "diagnostics.sh"
|
||||||
|
tool to produce detailed diagnostic output. Closes ticket 32792.
|
||||||
|
|
||||||
|
|
||||||
|
Changes in version 0.3.5.10 - 2020-03-18
|
||||||
|
Tor 0.3.5.10 backports many fixes from later Tor releases, including a
|
||||||
|
fix for TROVE-2020-002, a major denial-of-service vulnerability that
|
||||||
|
affected all released Tor instances since 0.2.1.5-alpha. Using this
|
||||||
|
vulnerability, an attacker could cause Tor instances to consume a huge
|
||||||
|
amount of CPU, disrupting their operations for several seconds or
|
||||||
|
minutes. This attack could be launched by anybody against a relay, or
|
||||||
|
by a directory cache against any client that had connected to it. The
|
||||||
|
attacker could launch this attack as much as they wanted, thereby
|
||||||
|
disrupting service or creating patterns that could aid in traffic
|
||||||
|
analysis. This issue was found by OSS-Fuzz, and is also tracked
|
||||||
|
as CVE-2020-10592.
|
||||||
|
|
||||||
|
We do not have reason to believe that this attack is currently being
|
||||||
|
exploited in the wild, but nonetheless we advise everyone to upgrade
|
||||||
|
as soon as packages are available.
|
||||||
|
|
||||||
|
o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha):
|
||||||
|
- Fix a denial-of-service bug that could be used by anyone to
|
||||||
|
consume a bunch of CPU on any Tor relay or authority, or by
|
||||||
|
directories to consume a bunch of CPU on clients or hidden
|
||||||
|
services. Because of the potential for CPU consumption to
|
||||||
|
introduce observable timing patterns, we are treating this as a
|
||||||
|
high-severity security issue. Fixes bug 33119; bugfix on
|
||||||
|
0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue
|
||||||
|
as TROVE-2020-002 and CVE-2020-10592.
|
||||||
|
|
||||||
|
o Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha):
|
||||||
|
- Correct how we use libseccomp. Particularly, stop assuming that
|
||||||
|
rules are applied in a particular order or that more rules are
|
||||||
|
processed after the first match. Neither is the case! In
|
||||||
|
libseccomp <2.4.0 this lead to some rules having no effect.
|
||||||
|
libseccomp 2.4.0 changed how rules are generated, leading to a
|
||||||
|
different ordering, which in turn led to a fatal crash during
|
||||||
|
startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by
|
||||||
|
Peter Gerber.
|
||||||
|
|
||||||
|
o Minor features (continuous integration, backport from 0.4.3.2-alpha):
|
||||||
|
- Stop allowing failures on the Travis CI stem tests job. It looks
|
||||||
|
like all the stem hangs we were seeing before are now fixed.
|
||||||
|
Closes ticket 33075.
|
||||||
|
|
||||||
|
o Minor bugfixes (bridges, backport from 0.4.3.1-alpha):
|
||||||
|
- Lowercase the configured value of BridgeDistribution before adding
|
||||||
|
it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (crash, backport from 0.4.2.4-rc):
|
||||||
|
- When running Tor with an option like --verify-config or
|
||||||
|
--dump-config that does not start the event loop, avoid crashing
|
||||||
|
if we try to exit early because of an error. Fixes bug 32407;
|
||||||
|
bugfix on 0.3.3.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (logging, backport from 0.4.3.2-alpha):
|
||||||
|
- If we encounter a bug when flushing a buffer to a TLS connection,
|
||||||
|
only log the bug once per invocation of the Tor process.
|
||||||
|
Previously we would log with every occurrence, which could cause
|
||||||
|
us to run out of disk space. Fixes bug 33093; bugfix
|
||||||
|
on 0.3.2.2-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha):
|
||||||
|
- Fix an assertion failure that could result from a corrupted
|
||||||
|
ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
|
||||||
|
bugfix on 0.3.3.1-alpha. This issue is also tracked
|
||||||
|
as TROVE-2020-003.
|
||||||
|
|
||||||
|
o Minor bugfixes (rust, build, backport from 0.4.3.2-alpha):
|
||||||
|
- Fix a syntax warning given by newer versions of Rust that was
|
||||||
|
creating problems for our continuous integration. Fixes bug 33212;
|
||||||
|
bugfix on 0.3.5.1-alpha.
|
||||||
|
|
||||||
|
o Testing (backport from 0.4.3.1-alpha):
|
||||||
|
- Re-enable the Travis CI macOS Chutney build, but don't let it
|
||||||
|
prevent the Travis job from finishing. (The Travis macOS jobs are
|
||||||
|
slow, so we don't want to have it delay the whole CI process.)
|
||||||
|
Closes ticket 32629.
|
||||||
|
- Turn off Tor's Sandbox in Chutney jobs, and run those jobs on
|
||||||
|
Ubuntu Bionic. Turning off the Sandbox is a work-around, until we
|
||||||
|
fix the sandbox errors in 32722. Closes ticket 32240.
|
||||||
|
|
||||||
|
o Testing (continuous integration, backport from 0.4.3.1-alpha):
|
||||||
|
- Use zstd in our Travis Linux builds. Closes ticket 32242.
|
||||||
|
|
||||||
|
o Testing (Travis CI, backport from 0.4.3.3-alpha):
|
||||||
|
- Remove a redundant distcheck job. Closes ticket 33194.
|
||||||
|
- Sort the Travis jobs in order of speed: putting the slowest jobs
|
||||||
|
first takes full advantage of Travis job concurrency. Closes
|
||||||
|
ticket 33194.
|
||||||
|
- Stop allowing the Chutney IPv6 Travis job to fail. This job was
|
||||||
|
previously configured to fast_finish (which requires
|
||||||
|
- When a Travis chutney job fails, use chutney's new "diagnostics.sh"
|
||||||
|
tool to produce detailed diagnostic output. Closes ticket 32792.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.4.2.6 - 2020-01-30
|
Changes in version 0.4.2.6 - 2020-01-30
|
||||||
This is the second stable release in the 0.4.2.x series. It backports
|
This is the second stable release in the 0.4.2.x series. It backports
|
||||||
several bugfixes from 0.4.3.1-alpha, including some that had affected
|
several bugfixes from 0.4.3.1-alpha, including some that had affected
|
||||||
|
Loading…
Reference in New Issue
Block a user