commit 8be3513743aa953d03ff321ceee029cace1f78d8
parent f399887cfec8ddaf33cac06b2abad25a3d42aac9
Author: Nick Mathewson <nickm@torproject.org>
Date: Mon, 11 Jun 2018 16:37:08 -0400
start the 0.3.4.2-alpha changelog
Diffstat:
11 files changed, 59 insertions(+), 47 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,62 @@
+Changes in version 0.3.4.2-alpha - 2018-06-12
+ Tor 0.3.4.2-alpha fixes several minor bugs in the previous alpha release,
+ and forward-ports an authority-only security fix from 0.3.3.6.
+
+ o Major bugfixes (security, directory authority, denial-of-service, also in 0.3.3.6):
+ - Fix a bug that could have allowed an attacker to force a
+ directory authority to use up all its RAM by passing it a
+ maliciously crafted protocol versions string. Fixes bug 25517;
+ bugfix on 0.2.9.4-alpha. This issue is also tracked as
+ TROVE-2018-005.
+
+ o Minor features (continuous integration):
+ - Add the necessary configuration files for continuous integration
+ testing on Windows, via the Appveyor platform. Closes ticket 25549.
+ Patches from Marcin Cieślak and Isis Lovecruft.
+
+ o Minor bugfixes (compatibility, openssl):
+ - Work around a change in OpenSSL 1.1.1 where
+ return values that would previously indicate "no password" now
+ indicate an empty password. Without this workaround, Tor instances
+ running with OpenSSL 1.1.1 would accept descriptors that other Tor
+ instances would reject. Fixes bug 26116; bugfix on 0.2.5.16.
+
+ o Minor bugfixes (compilation):
+ - Fix compilation when building with OpenSSL 1.1.0 with the
+ "no-deprecated" flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha.
+
+ o Minor bugfixes (control port):
+ - Do not count 0-length RELAY_COMMAND_DATA cells as valid data in CIRC_BW
+ events. Previously, such cells were counted entirely in the OVERHEAD
+ field. Now they are not. Fixes bug 26259; bugfix on 0.3.4.1-alpha.
+
+ o Minor bugfixes (controller):
+ - Improve accuracy of the BUILDTIMEOUT_SET control port event's
+ TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting
+ the total number of circuits for these field values.) Fixes bug
+ 26121; bugfix on 0.3.3.1-alpha.
+
+ o Minor bugfixes (hardening):
+ - Prevent a possible out-of-bounds smartlist read in
+ protover_compute_vote(). Fixes bug 26196; bugfix on
+ 0.2.9.4-alpha.
+
+ o Minor bugfixes (onion services):
+ - Fix a bug that blocked the creation of ephemeral v3 onion services. Fixes
+ bug 25939; bugfix on 0.3.4.1-alpha.
+
+ o Minor bugfixes (test coverage tools):
+ - Update our "cov-diff" script to handle output from the latest
+ version of gcov, and to remove extraneous timestamp information
+ from its output. Fixes bugs 26101 and 26102; bugfix on
+ 0.2.5.1-alpha.
+
+ o Documentation:
+ - In code comment, point the reader to the exact section
+ in Tor specification that specifies circuit close error
+ code values. Resolves ticket 25237.
+
+
Changes in version 0.3.3.6 - 2018-05-22
Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It
backports several important fixes from the 0.3.4.1-alpha.
diff --git a/changes/TROVE-2018-005 b/changes/TROVE-2018-005
@@ -1,6 +0,0 @@
- o Major bugfixes (security, directory authority, denial-of-service):
- - Fix a bug that could have allowed an attacker to force a
- directory authority to use up all its RAM by passing it a
- maliciously crafted protocol versions string. Fixes bug 25517;
- bugfix on 0.2.9.4-alpha. This issue is also tracked as
- TROVE-2018-005.
diff --git a/changes/bug25939 b/changes/bug25939
@@ -1,3 +0,0 @@
- o Minor bugfixes (onion services):
- - Fix a bug that blocked the creation of ephemeral v3 onion services. Fixes
- bug 25939; bugfix on 0.3.4.1-alpha.
diff --git a/changes/bug26101_26102 b/changes/bug26101_26102
@@ -1,5 +0,0 @@
- o Minor bugfixes (test coverage tools):
- - Update our "cov-diff" script to handle output from the latest
- version of gcov, and to remove extraneous timestamp information
- from its output. Fixes bugs 26101 and 26102; bugfix on
- 0.2.5.1-alpha.
-\ No newline at end of file
diff --git a/changes/bug26116 b/changes/bug26116
@@ -1,7 +0,0 @@
- o Minor bugfixes (compatibility, openssl):
- - Work around a change in OpenSSL 1.1.1 where
- return values that would previously indicate "no password" now
- indicate an empty password. Without this workaround, Tor instances
- running with OpenSSL 1.1.1 would accept descriptors that other Tor
- instances would reject. Fixes bug 26116; bugfix on 0.2.5.16.
-
diff --git a/changes/bug26121 b/changes/bug26121
@@ -1,6 +0,0 @@
- o Minor bugfixes (controller):
- - Improve accuracy of the BUILDTIMEOUT_SET control port event's
- TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting
- the total number of circuits for these field values.) Fixes bug
- 26121; bugfix on 0.3.3.1-alpha.
-
diff --git a/changes/bug26156 b/changes/bug26156
@@ -1,3 +0,0 @@
- o Minor bugfixes (compilation):
- - Fix compilation when building with OpenSSL 1.1.0 with the
- "no-deprecated" flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha.
diff --git a/changes/bug26196 b/changes/bug26196
@@ -1,4 +0,0 @@
- o Minor bugfixes (hardening):
- - Prevent a possible out-of-bounds smartlist read in
- protover_compute_vote(). Fixes bug 26196; bugfix on
- 0.2.9.4-alpha.
diff --git a/changes/bug26259 b/changes/bug26259
@@ -1,4 +0,0 @@
- o Minor bugfixes (control port):
- - Do not count 0-length RELAY_COMMAND_DATA cells as valid data in CIRC_BW
- events. Previously, such cells were counted entirely in the OVERHEAD
- field. Now they are not. Fixes bug 26259; bugfix on 0.3.4.1-alpha.
diff --git a/changes/doc25237 b/changes/doc25237
@@ -1,4 +0,0 @@
- o Documentation:
- - In code comment, point the reader to the exact section
- in Tor specification that specifies circuit close error
- code values. Resolves ticket 25237.
diff --git a/changes/ticket25549 b/changes/ticket25549
@@ -1,4 +0,0 @@
- o Minor features (continuous integration):
- - Add the necessary configuration files for continuous integration
- testing on Windows, via the Appveyor platform. Closes ticket 25549.
- Patches from Marcin Cieślak and Isis Lovecruft.
