Loading ChangeLog +38 −42 Original line number Diff line number Diff line Changes in version 0.3.4.2-alpha - 2018-06-12 Tor 0.3.4.2-alpha fixes several minor bugs in the previous alpha release, and forward-ports an authority-only security fix from 0.3.3.6. Tor 0.3.4.2-alpha fixes several minor bugs in the previous alpha release, and forward-ports an authority-only security fix from 0.3.3.6. o Major bugfixes (security, directory authority, denial-of-service, also in 0.3.3.6): - Fix a bug that could have allowed an attacker to force a directory authority to use up all its RAM by passing it a maliciously crafted protocol versions string. Fixes bug 25517; bugfix on 0.2.9.4-alpha. This issue is also tracked as TROVE-2018-005. - Fix a bug that could have allowed an attacker to force a directory authority to use up all its RAM by passing it a maliciously crafted protocol versions string. Fixes bug 25517; bugfix on 0.2.9.4-alpha. This issue is also tracked as TROVE-2018-005. o Minor features (continuous integration): - Add the necessary configuration files for continuous integration testing on Windows, via the Appveyor platform. Closes ticket 25549. Patches from Marcin Cieślak and Isis Lovecruft. o Minor bugfixes (compatibility, openssl): - Work around a change in OpenSSL 1.1.1 where return values that would previously indicate "no password" now indicate an empty password. Without this workaround, Tor instances running with OpenSSL 1.1.1 would accept descriptors that other Tor instances would reject. Fixes bug 26116; bugfix on 0.2.5.16. o Minor bugfixes (compilation): - Silence unused-const-variable warnings in zstd.h on some gcc versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha. o Minor bugfixes (C correctness): - Avoid casting return value of smartlist_len() to double as compiler does not like it when -Wbad-function-cast is on. Fixes bug 26283; bugfix on 0.2.4.10-alpha. testing on Windows, via the Appveyor platform. Closes ticket 25549. Patches from Marcin Cieślak and Isis Lovecruft. o Minor features (geoip): - Update geoip and geoip6 to the June 7 2018 Maxmind GeoLite2 Country database. Closes ticket 26351. o Minor bugfixes (C correctness): - Avoid casting return value of smartlist_len() to double as compiler does not like it when -Wbad-function-cast is on. Fixes bug 26283; bugfix on 0.2.4.10-alpha. o Minor bugfixes (compatibility, openssl): - Work around a change in OpenSSL 1.1.1 where return values that would previously indicate "no password" now indicate an empty password. Without this workaround, Tor instances running with OpenSSL 1.1.1 would accept descriptors that other Tor instances would reject. Fixes bug 26116; bugfix on 0.2.5.16. o Minor bugfixes (compilation): - Fix compilation when building with OpenSSL 1.1.0 with the "no-deprecated" flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha. - Silence unused-const-variable warnings in zstd.h on some gcc versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha. - Fix compilation when building with OpenSSL 1.1.0 with the "no- deprecated" flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha. o Minor bugfixes (control port): - Do not count 0-length RELAY_COMMAND_DATA cells as valid data in CIRC_BW events. Previously, such cells were counted entirely in the OVERHEAD field. Now they are not. Fixes bug 26259; bugfix on 0.3.4.1-alpha. - Do not count 0-length RELAY_COMMAND_DATA cells as valid data in CIRC_BW events. Previously, such cells were counted entirely in the OVERHEAD field. Now they are not. Fixes bug 26259; bugfix on 0.3.4.1-alpha. o Minor bugfixes (controller): - Improve accuracy of the BUILDTIMEOUT_SET control port event's TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting the total number of circuits for these field values.) Fixes bug 26121; bugfix on 0.3.3.1-alpha. TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting the total number of circuits for these field values.) Fixes bug 26121; bugfix on 0.3.3.1-alpha. o Minor bugfixes (hardening): - Prevent a possible out-of-bounds smartlist read in protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. o Minor bugfixes (onion services): - Fix a bug that blocked the creation of ephemeral v3 onion services. Fixes bug 25939; bugfix on 0.3.4.1-alpha. - Fix a bug that blocked the creation of ephemeral v3 onion services. Fixes bug 25939; bugfix on 0.3.4.1-alpha. o Minor bugfixes (test coverage tools): - Update our "cov-diff" script to handle output from the latest version of gcov, and to remove extraneous timestamp information from its output. Fixes bugs 26101 and 26102; bugfix on 0.2.5.1-alpha. from its output. Fixes bugs 26101 and 26102; bugfix on 0.2.5.1-alpha. o Documentation: - In code comment, point the reader to the exact section in Tor specification that specifies circuit close error code values. Resolves ticket 25237. - In code comment, point the reader to the exact section in Tor specification that specifies circuit close error code values. Resolves ticket 25237. Changes in version 0.3.3.6 - 2018-05-22 Loading
ChangeLog +38 −42 Original line number Diff line number Diff line Changes in version 0.3.4.2-alpha - 2018-06-12 Tor 0.3.4.2-alpha fixes several minor bugs in the previous alpha release, and forward-ports an authority-only security fix from 0.3.3.6. Tor 0.3.4.2-alpha fixes several minor bugs in the previous alpha release, and forward-ports an authority-only security fix from 0.3.3.6. o Major bugfixes (security, directory authority, denial-of-service, also in 0.3.3.6): - Fix a bug that could have allowed an attacker to force a directory authority to use up all its RAM by passing it a maliciously crafted protocol versions string. Fixes bug 25517; bugfix on 0.2.9.4-alpha. This issue is also tracked as TROVE-2018-005. - Fix a bug that could have allowed an attacker to force a directory authority to use up all its RAM by passing it a maliciously crafted protocol versions string. Fixes bug 25517; bugfix on 0.2.9.4-alpha. This issue is also tracked as TROVE-2018-005. o Minor features (continuous integration): - Add the necessary configuration files for continuous integration testing on Windows, via the Appveyor platform. Closes ticket 25549. Patches from Marcin Cieślak and Isis Lovecruft. o Minor bugfixes (compatibility, openssl): - Work around a change in OpenSSL 1.1.1 where return values that would previously indicate "no password" now indicate an empty password. Without this workaround, Tor instances running with OpenSSL 1.1.1 would accept descriptors that other Tor instances would reject. Fixes bug 26116; bugfix on 0.2.5.16. o Minor bugfixes (compilation): - Silence unused-const-variable warnings in zstd.h on some gcc versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha. o Minor bugfixes (C correctness): - Avoid casting return value of smartlist_len() to double as compiler does not like it when -Wbad-function-cast is on. Fixes bug 26283; bugfix on 0.2.4.10-alpha. testing on Windows, via the Appveyor platform. Closes ticket 25549. Patches from Marcin Cieślak and Isis Lovecruft. o Minor features (geoip): - Update geoip and geoip6 to the June 7 2018 Maxmind GeoLite2 Country database. Closes ticket 26351. o Minor bugfixes (C correctness): - Avoid casting return value of smartlist_len() to double as compiler does not like it when -Wbad-function-cast is on. Fixes bug 26283; bugfix on 0.2.4.10-alpha. o Minor bugfixes (compatibility, openssl): - Work around a change in OpenSSL 1.1.1 where return values that would previously indicate "no password" now indicate an empty password. Without this workaround, Tor instances running with OpenSSL 1.1.1 would accept descriptors that other Tor instances would reject. Fixes bug 26116; bugfix on 0.2.5.16. o Minor bugfixes (compilation): - Fix compilation when building with OpenSSL 1.1.0 with the "no-deprecated" flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha. - Silence unused-const-variable warnings in zstd.h on some gcc versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha. - Fix compilation when building with OpenSSL 1.1.0 with the "no- deprecated" flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha. o Minor bugfixes (control port): - Do not count 0-length RELAY_COMMAND_DATA cells as valid data in CIRC_BW events. Previously, such cells were counted entirely in the OVERHEAD field. Now they are not. Fixes bug 26259; bugfix on 0.3.4.1-alpha. - Do not count 0-length RELAY_COMMAND_DATA cells as valid data in CIRC_BW events. Previously, such cells were counted entirely in the OVERHEAD field. Now they are not. Fixes bug 26259; bugfix on 0.3.4.1-alpha. o Minor bugfixes (controller): - Improve accuracy of the BUILDTIMEOUT_SET control port event's TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting the total number of circuits for these field values.) Fixes bug 26121; bugfix on 0.3.3.1-alpha. TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting the total number of circuits for these field values.) Fixes bug 26121; bugfix on 0.3.3.1-alpha. o Minor bugfixes (hardening): - Prevent a possible out-of-bounds smartlist read in protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. o Minor bugfixes (onion services): - Fix a bug that blocked the creation of ephemeral v3 onion services. Fixes bug 25939; bugfix on 0.3.4.1-alpha. - Fix a bug that blocked the creation of ephemeral v3 onion services. Fixes bug 25939; bugfix on 0.3.4.1-alpha. o Minor bugfixes (test coverage tools): - Update our "cov-diff" script to handle output from the latest version of gcov, and to remove extraneous timestamp information from its output. Fixes bugs 26101 and 26102; bugfix on 0.2.5.1-alpha. from its output. Fixes bugs 26101 and 26102; bugfix on 0.2.5.1-alpha. o Documentation: - In code comment, point the reader to the exact section in Tor specification that specifies circuit close error code values. Resolves ticket 25237. - In code comment, point the reader to the exact section in Tor specification that specifies circuit close error code values. Resolves ticket 25237. Changes in version 0.3.3.6 - 2018-05-22
