diff options
author | Nick Mathewson <nickm@torproject.org> | 2018-06-11 16:37:08 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2018-06-11 16:37:08 -0400 |
commit | 8be3513743aa953d03ff321ceee029cace1f78d8 (patch) | |
tree | 951b5e099457d96444cf90b1705c27525cc71330 /ChangeLog | |
parent | f399887cfec8ddaf33cac06b2abad25a3d42aac9 (diff) | |
download | tor-8be3513743aa953d03ff321ceee029cace1f78d8.tar.gz tor-8be3513743aa953d03ff321ceee029cace1f78d8.zip |
start the 0.3.4.2-alpha changelog
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 59 |
1 files changed, 59 insertions, 0 deletions
@@ -1,3 +1,62 @@ +Changes in version 0.3.4.2-alpha - 2018-06-12 + Tor 0.3.4.2-alpha fixes several minor bugs in the previous alpha release, + and forward-ports an authority-only security fix from 0.3.3.6. + + o Major bugfixes (security, directory authority, denial-of-service, also in 0.3.3.6): + - Fix a bug that could have allowed an attacker to force a + directory authority to use up all its RAM by passing it a + maliciously crafted protocol versions string. Fixes bug 25517; + bugfix on 0.2.9.4-alpha. This issue is also tracked as + TROVE-2018-005. + + o Minor features (continuous integration): + - Add the necessary configuration files for continuous integration + testing on Windows, via the Appveyor platform. Closes ticket 25549. + Patches from Marcin Cieślak and Isis Lovecruft. + + o Minor bugfixes (compatibility, openssl): + - Work around a change in OpenSSL 1.1.1 where + return values that would previously indicate "no password" now + indicate an empty password. Without this workaround, Tor instances + running with OpenSSL 1.1.1 would accept descriptors that other Tor + instances would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (compilation): + - Fix compilation when building with OpenSSL 1.1.0 with the + "no-deprecated" flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (control port): + - Do not count 0-length RELAY_COMMAND_DATA cells as valid data in CIRC_BW + events. Previously, such cells were counted entirely in the OVERHEAD + field. Now they are not. Fixes bug 26259; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (controller): + - Improve accuracy of the BUILDTIMEOUT_SET control port event's + TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting + the total number of circuits for these field values.) Fixes bug + 26121; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (hardening): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on + 0.2.9.4-alpha. + + o Minor bugfixes (onion services): + - Fix a bug that blocked the creation of ephemeral v3 onion services. Fixes + bug 25939; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (test coverage tools): + - Update our "cov-diff" script to handle output from the latest + version of gcov, and to remove extraneous timestamp information + from its output. Fixes bugs 26101 and 26102; bugfix on + 0.2.5.1-alpha. + + o Documentation: + - In code comment, point the reader to the exact section + in Tor specification that specifies circuit close error + code values. Resolves ticket 25237. + + Changes in version 0.3.3.6 - 2018-05-22 Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It backports several important fixes from the 0.3.4.1-alpha. |