mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-12-03 17:13:33 +01:00
Begin an 0.2.6.11 changelog
To build this changelog, I've gone through the entries in release-0.2.6's changes subdirectory, and looked up the ChangeLog entry for each. I have not sorted them yet.
This commit is contained in:
parent
48c4bbe9c7
commit
9689b93990
111
ChangeLog
111
ChangeLog
@ -1,3 +1,114 @@
|
|||||||
|
Changes in version 0.2.6.11 - 2017-03-??
|
||||||
|
Tor 0.2.6.11 backports a number of security fixes from later Tor
|
||||||
|
releases. Anybody running Tor 0.2.6.10 or earlier should upgrade to
|
||||||
|
this release, if for some reason they cannot upgrade to a later
|
||||||
|
release series.
|
||||||
|
|
||||||
|
Note that support for Tor 0.2.6.x is ending next year: we will not issue
|
||||||
|
any fixes for the Tor 0.2.6.x series after 1 August 2017. If you need
|
||||||
|
a Tor release series with longer-term support, we recommend Tor 0.2.9.x.
|
||||||
|
|
||||||
|
o Directory authority changes (backport from 0.2.8.5-rc):
|
||||||
|
- Urras is no longer a directory authority. Closes ticket 19271.
|
||||||
|
|
||||||
|
o Directory authority changes (backport from 0.2.9.2-alpha):
|
||||||
|
- The "Tonga" bridge authority has been retired; the new bridge
|
||||||
|
authority is "Bifroest". Closes tickets 19728 and 19690.
|
||||||
|
|
||||||
|
o Directory authority key updates (backport from 0.2.8.1-alpha):
|
||||||
|
- Update the V3 identity key for the dannenberg directory authority:
|
||||||
|
it was changed on 18 November 2015. Closes task 17906. Patch
|
||||||
|
by "teor".
|
||||||
|
|
||||||
|
o Major bugfixes (dns proxy mode, crash, backport from 0.2.8.2-alpha):
|
||||||
|
- Avoid crashing when running as a DNS proxy. Fixes bug 16248;
|
||||||
|
bugfix on 0.2.0.1-alpha. Patch from "cypherpunks".
|
||||||
|
|
||||||
|
o Minor features (bug-resistance, backport from 0.2.8.2-alpha):
|
||||||
|
- Make Tor survive errors involving connections without a
|
||||||
|
corresponding event object. Previously we'd fail with an
|
||||||
|
assertion; now we produce a log message. Related to bug 16248.
|
||||||
|
|
||||||
|
o Major bugfixes (security, correctness, backport from 0.2.7.4-rc):
|
||||||
|
- Fix an error that could cause us to read 4 bytes before the
|
||||||
|
beginning of an openssl string. This bug could be used to cause
|
||||||
|
Tor to crash on systems with unusual malloc implementations, or
|
||||||
|
systems with unusual hardening installed. Fixes bug 17404; bugfix
|
||||||
|
on 0.2.3.6-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (guard selection, backport from 0.2.7.6):
|
||||||
|
- Actually look at the Guard flag when selecting a new directory
|
||||||
|
guard. When we implemented the directory guard design, we
|
||||||
|
accidentally started treating all relays as if they have the Guard
|
||||||
|
flag during guard selection, leading to weaker anonymity and worse
|
||||||
|
performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered
|
||||||
|
by Mohsen Imani.
|
||||||
|
|
||||||
|
o Minor bugfixes (compilation, backport from 0.2.7.6)
|
||||||
|
- Fix a compilation warning with Clang 3.6: Do not check the
|
||||||
|
presence of an address which can never be NULL. Fixes bug 17781.
|
||||||
|
|
||||||
|
o Minor features (geoip):
|
||||||
|
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor features (security, memory erasure, backport from 0.2.8.1-alpha):
|
||||||
|
- Make memwipe() do nothing when passed a NULL pointer or buffer of
|
||||||
|
zero size. Check size argument to memwipe() for underflow. Fixes
|
||||||
|
bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk",
|
||||||
|
patch by "teor".
|
||||||
|
|
||||||
|
o Major bugfixes (security, pointers, backport from 0.2.8.2-alpha):
|
||||||
|
- Avoid a difficult-to-trigger heap corruption attack when extending
|
||||||
|
a smartlist to contain over 16GB of pointers. Fixes bug 18162;
|
||||||
|
bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely.
|
||||||
|
Reported by Guido Vranken.
|
||||||
|
|
||||||
|
o Major bugfixes (security, client, DNS proxy, backport from 0.2.8.3-alpha):
|
||||||
|
- Stop a crash that could occur when a client running with DNSPort
|
||||||
|
received a query with multiple address types, and the first
|
||||||
|
address type was not supported. Found and fixed by Scott Dial.
|
||||||
|
Fixes bug 18710; bugfix on 0.2.5.4-alpha.
|
||||||
|
|
||||||
|
o Major features (security fixes, backport from 0.2.9.4-alpha):
|
||||||
|
- Prevent a class of security bugs caused by treating the contents
|
||||||
|
of a buffer chunk as if they were a NUL-terminated string. At
|
||||||
|
least one such bug seems to be present in all currently used
|
||||||
|
versions of Tor, and would allow an attacker to remotely crash
|
||||||
|
most Tor instances, especially those compiled with extra compiler
|
||||||
|
hardening. With this defense in place, such bugs can't crash Tor,
|
||||||
|
though we should still fix them as they occur. Closes ticket
|
||||||
|
20384 (TROVE-2016-10-001).
|
||||||
|
|
||||||
|
o Major bugfixes (parsing, security, backport from 0.2.9.8):
|
||||||
|
- Fix a bug in parsing that could cause clients to read a single
|
||||||
|
byte past the end of an allocated region. This bug could be used
|
||||||
|
to cause hardened clients (built with --enable-expensive-hardening)
|
||||||
|
to crash if they tried to visit a hostile hidden service. Non-
|
||||||
|
hardened clients are only affected depending on the details of
|
||||||
|
their platform's memory allocator. Fixes bug 21018; bugfix on
|
||||||
|
0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
|
||||||
|
2016-12-002 and as CVE-2016-1254.
|
||||||
|
|
||||||
|
o Major bugfixes (key management, backport from 0.2.8.3-alpha):
|
||||||
|
- If OpenSSL fails to generate an RSA key, do not retain a dangling
|
||||||
|
pointer to the previous (uninitialized) key value. The impact here
|
||||||
|
should be limited to a difficult-to-trigger crash, if OpenSSL is
|
||||||
|
running an engine that makes key generation failures possible, or
|
||||||
|
if OpenSSL runs out of memory. Fixes bug 19152; bugfix on
|
||||||
|
0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and
|
||||||
|
Baishakhi Ray.
|
||||||
|
|
||||||
|
o Major bugfixes (parsing, also in 0.3.0.4-rc):
|
||||||
|
- Fix an integer underflow bug when comparing malformed Tor versions.
|
||||||
|
This bug is harmless, except when Tor has been built with
|
||||||
|
--enable-expensive-hardening, which would turn it into a crash;
|
||||||
|
or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with
|
||||||
|
-ftrapv by default.
|
||||||
|
Part of TROVE-2017-001. Fixes bug 21278; bugfix on
|
||||||
|
0.0.8pre1. Found by OSS-Fuzz.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.6.10 - 2015-07-12
|
Changes in version 0.2.6.10 - 2015-07-12
|
||||||
Tor version 0.2.6.10 fixes some significant stability and hidden
|
Tor version 0.2.6.10 fixes some significant stability and hidden
|
||||||
service client bugs, bulletproofs the cryptography init process, and
|
service client bugs, bulletproofs the cryptography init process, and
|
||||||
|
@ -1,2 +0,0 @@
|
|||||||
o Directory authority changes:
|
|
||||||
- Urras is no longer a directory authority. Closes ticket 19271.
|
|
@ -1,3 +0,0 @@
|
|||||||
o Directory authority changes (also in 0.2.8.7):
|
|
||||||
- The "Tonga" bridge authority has been retired; the new bridge
|
|
||||||
authority is "Bifroest". Closes tickets 19728 and 19690.
|
|
@ -1,11 +0,0 @@
|
|||||||
o Major features (security fixes):
|
|
||||||
|
|
||||||
- Prevent a class of security bugs caused by treating the contents
|
|
||||||
of a buffer chunk as if they were a NUL-terminated string. At
|
|
||||||
least one such bug seems to be present in all currently used
|
|
||||||
versions of Tor, and would allow an attacker to remotely crash
|
|
||||||
most Tor instances, especially those compiled with extra compiler
|
|
||||||
hardening. With this defense in place, such bugs can't crash Tor,
|
|
||||||
though we should still fix them as they occur. Closes ticket 20384
|
|
||||||
(TROVE-2016-10-001).
|
|
||||||
|
|
@ -1,8 +0,0 @@
|
|||||||
o Major bugfixes (dns proxy mode, crash):
|
|
||||||
- Avoid crashing when running as a DNS proxy. Closes bug 16248; bugfix on
|
|
||||||
0.2.0.1-alpha. Patch from 'cypherpunks'.
|
|
||||||
|
|
||||||
o Minor features (bug-resistance):
|
|
||||||
- Make Tor survive errors involving connections without a corresponding
|
|
||||||
event object. Previously we'd fail with an assertion; now we produce a
|
|
||||||
log message. Related to bug 16248.
|
|
@ -1,6 +0,0 @@
|
|||||||
o Major bugfixes (security, correctness):
|
|
||||||
- Fix a programming error that could cause us to read 4 bytes before
|
|
||||||
the beginning of an openssl string. This could be used to provoke
|
|
||||||
a crash on systems with an unusual malloc implementation, or
|
|
||||||
systems with unsual hardening installed. Fixes bug 17404; bugfix
|
|
||||||
on 0.2.3.6-alpha.
|
|
@ -1,7 +0,0 @@
|
|||||||
o Major bugfixes (guard selection):
|
|
||||||
- Actually look at the Guard flag when selecting a new directory
|
|
||||||
guard. When we implemented the directory guard design, we
|
|
||||||
accidentally started treating all relays as if they have the Guard
|
|
||||||
flag during guard selection, leading to weaker anonymity and worse
|
|
||||||
performance. Fixes bug 17222; bugfix on 0.2.4.8-alpha. Discovered
|
|
||||||
by Mohsen Imani.
|
|
@ -1,3 +0,0 @@
|
|||||||
o Compilation fixes:
|
|
||||||
- Fix a compilation warning with Clang 3.6: Do not check the
|
|
||||||
presence of an address which can never be NULL. Fixes bug 17781.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features (authorities):
|
|
||||||
- Update the V3 identity key for dannenberg, it was changed on
|
|
||||||
18 November 2015.
|
|
||||||
Closes task #17906. Patch by "teor".
|
|
@ -1,6 +0,0 @@
|
|||||||
o Minor fixes (security):
|
|
||||||
- Make memwipe() do nothing when passed a NULL pointer
|
|
||||||
or zero size. Check size argument to memwipe() for underflow.
|
|
||||||
Closes bug #18089. Reported by "gk", patch by "teor".
|
|
||||||
Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
|
|
||||||
commit 49dd5ef3 on 7 Nov 2012.
|
|
@ -1,7 +0,0 @@
|
|||||||
o Major bugfixes (security, pointers):
|
|
||||||
|
|
||||||
- Avoid a difficult-to-trigger heap corruption attack when extending
|
|
||||||
a smartlist to contain over 16GB of pointers. Fixes bug #18162;
|
|
||||||
bugfix on Tor 0.1.1.11-alpha, which fixed a related bug
|
|
||||||
incompletely. Reported by Guido Vranken.
|
|
||||||
|
|
@ -1,6 +0,0 @@
|
|||||||
o Major bugfixes (DNS proxy):
|
|
||||||
- Stop a crash that could occur when a client running with DNSPort
|
|
||||||
received a query with multiple address types, where the first
|
|
||||||
address type was not supported. Found and fixed by Scott Dial.
|
|
||||||
Fixes bug 18710; bugfix on 0.2.5.4-alpha.
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
o Major features (security fixes):
|
|
||||||
- Prevent a class of security bugs caused by treating the contents
|
|
||||||
of a buffer chunk as if they were a NUL-terminated string. At
|
|
||||||
least one such bug seems to be present in all currently used
|
|
||||||
versions of Tor, and would allow an attacker to remotely crash
|
|
||||||
most Tor instances, especially those compiled with extra compiler
|
|
||||||
hardening. With this defense in place, such bugs can't crash Tor,
|
|
||||||
though we should still fix them as they occur. Closes ticket
|
|
||||||
20384 (TROVE-2016-10-001).
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
|||||||
o Major bugfixes (parsing, security):
|
|
||||||
|
|
||||||
- Fix a bug in parsing that could cause clients to read a single
|
|
||||||
byte past the end of an allocated region. This bug could be
|
|
||||||
used to cause hardened clients (built with
|
|
||||||
--enable-expensive-hardening) to crash if they tried to visit
|
|
||||||
a hostile hidden service. Non-hardened clients are only
|
|
||||||
affected depending on the details of their platform's memory
|
|
||||||
allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by
|
|
||||||
using libFuzzer. Also tracked as TROVE-2016-12-002 and as
|
|
||||||
CVE-2016-1254.
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the April 5 2016 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the February 2 2016 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the July 8 2015 Maxmind GeoLite2 Country database.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the July 6 2016 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the June 7 2016 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the March 3 2016 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the May 4 2016 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2 Country database.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the September 3 2015 Maxmind GeoLite2 Country database.
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
o Minor features:
|
|
||||||
- Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
|||||||
o Major bugfixes (key management):
|
|
||||||
- If OpenSSL fails to generate an RSA key, do not retain a dangling pointer
|
|
||||||
to the previous (uninitialized) key value. The impact here should be
|
|
||||||
limited to a difficult-to-trigger crash, if OpenSSL is running an
|
|
||||||
engine that makes key generation failures possible, or if OpenSSL runs
|
|
||||||
out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by
|
|
||||||
Yuan Jochen Kang, Suman Jana, and Baishakhi Ray.
|
|
@ -1,8 +0,0 @@
|
|||||||
o Major bugfixes (parsing):
|
|
||||||
- Fix an integer underflow bug when comparing malformed Tor versions.
|
|
||||||
This bug is harmless, except when Tor has been built with
|
|
||||||
--enable-expensive-hardening, which would turn it into a crash;
|
|
||||||
or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with
|
|
||||||
-ftrapv by default.
|
|
||||||
Part of TROVE-2017-001. Fixes bug 21278; bugfix on
|
|
||||||
0.0.8pre1. Found by OSS-Fuzz.
|
|
Loading…
Reference in New Issue
Block a user