|
@@ -1,5 +1,90 @@
|
|
|
-Changes in version 0.2.6.4-?? - 2015-0?-??
|
|
|
+Changes in version 0.2.6.4-rc - 2015-03-09
|
|
|
+ Tor 0.2.6.4-alpha fixes an issue in the directory code that an
|
|
|
+ attacker might be able to use in order to crash certain Tor
|
|
|
+ directories. It also resolves some minor issues left over from, or
|
|
|
+ introduced in, Tor 0.2.6.3-alpha or earlier.
|
|
|
+
|
|
|
+ o Major bugfixes (crash, OSX, security):
|
|
|
+ - Fix a remote denial-of-service opportunity caused by a bug in
|
|
|
+ OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
|
|
|
+ in OSX 10.9.
|
|
|
+
|
|
|
+ o Major bugfixes (relay, stability, possible security):
|
|
|
+ - Fix a bug that could lead to a relay crashing with an assertion
|
|
|
+ failure if a buffer of exactly the wrong layout is passed to
|
|
|
+ buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
|
|
|
+ 0.2.0.10-alpha. Patch from "cypherpunks".
|
|
|
+ - Do not assert if the 'data' pointer on a buffer is advanced to the
|
|
|
+ very end of the buffer; log a BUG message instead. Only assert if
|
|
|
+ it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
|
|
|
+
|
|
|
+ o Major bugfixes (FreeBSD IPFW transparent proxy):
|
|
|
+ - Fix address detection with FreeBSD transparent proxies, when
|
|
|
+ "TransProxyType ipfw" is in use. Fixes bug 15064; bugfix
|
|
|
+ on 0.2.5.4-alpha.
|
|
|
+
|
|
|
+ o Major bugfixes (Linux seccomp2 sandbox):
|
|
|
+ - Pass IPPROTO_TCP rather than 0 to socket(), so that the Linux
|
|
|
+ seccomp2 sandbox doesn't fail. Fixes bug 14989; bugfix
|
|
|
+ on 0.2.6.3-alpha.
|
|
|
+ - Allow AF_UNIX hidden services to be used with the seccomp2
|
|
|
+ sandbox. Fixes bug 15003; bugfix on 0.2.6.3-alpha.
|
|
|
+ - Upon receiving sighup with the seccomp2 sandbox enabled, do not
|
|
|
+ crash during attempts to call wait4. Fixes bug 15088; bugfix on
|
|
|
+ 0.2.5.1-alpha. Patch from "sanic".
|
|
|
+
|
|
|
+ o Minor features (controller):
|
|
|
+ - Messages about problems in the bootstrap process now include
|
|
|
+ information about the server we were trying to connect to when we
|
|
|
+ noticed the problem. Closes ticket 15006.
|
|
|
+
|
|
|
+ o Minor features (geoip):
|
|
|
+ - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
|
|
|
+ - Update geoip6 to the March 3 2015 Maxmind GeoLite2
|
|
|
+ Country database.
|
|
|
+
|
|
|
+ o Minor features (logs):
|
|
|
+ - Quiet some log messages in the heartbeat and at startup. Closes
|
|
|
+ ticket 14950.
|
|
|
|
|
|
+ o Minor bugfixes (certificate handling):
|
|
|
+ - If an authority operator accidentally makes a signing certificate
|
|
|
+ with a future publication time, do not discard its real signing
|
|
|
+ certificates. Fixes bug 11457; bugfix on 0.2.0.3-alpha.
|
|
|
+ - Remove any old authority certificates that have been superseded
|
|
|
+ for at least two days. Previously, we would keep superseded
|
|
|
+ certificates until they expired, if they were published close in
|
|
|
+ time to the certificate that superseded them. Fixes bug 11454;
|
|
|
+ bugfix on 0.2.1.8-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (compilation):
|
|
|
+ - Fix a compilation warning on s390. Fixes bug 14988; bugfix
|
|
|
+ on 0.2.5.2-alpha.
|
|
|
+ - Fix a compilation warning on FreeBSD. Fixes bug 15151; bugfix
|
|
|
+ on 0.2.6.2-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (testing):
|
|
|
+ - Fix endianness issues in unit test for resolve_my_address() to
|
|
|
+ have it pass on big endian systems. Fixes bug 14980; bugfix on
|
|
|
+ Tor 0.2.6.3-alpha.
|
|
|
+ - Avoid a side-effect in a tor_assert() in the unit tests. Fixes bug
|
|
|
+ 15188; bugfix on 0.1.2.3-alpha. Patch from Tom van der Woerdt.
|
|
|
+ - When running the new 'make test-stem' target, use the configured
|
|
|
+ python binary. Fixes bug 15037; bugfix on 0.2.6.3-alpha. Patch
|
|
|
+ from "cypherpunks".
|
|
|
+ - When running the zero-length-keys tests, do not use the default
|
|
|
+ torrc file. Fixes bug 15033; bugfix on 0.2.6.3-alpha. Reported
|
|
|
+ by "reezer".
|
|
|
+
|
|
|
+ o Directory authority IP change:
|
|
|
+ - The directory authority Faravahar has a new IP address. This
|
|
|
+ closes ticket 14487.
|
|
|
+
|
|
|
+ o Removed code:
|
|
|
+ - Remove some lingering dead code that once supported mempools.
|
|
|
+ Mempools were disabled by default in 0.2.5, and removed entirely
|
|
|
+ in 0.2.6.3-alpha. Closes more of ticket 14848; patch
|
|
|
+ by "cypherpunks".
|
|
|
|
|
|
|
|
|
Changes in version 0.2.6.3-alpha - 2015-02-19
|