|
|
@@ -1,3 +1,62 @@
|
|
|
+Changes in version 0.3.4.2-alpha - 2018-06-12
|
|
|
+ Tor 0.3.4.2-alpha fixes several minor bugs in the previous alpha release,
|
|
|
+ and forward-ports an authority-only security fix from 0.3.3.6.
|
|
|
+
|
|
|
+ o Major bugfixes (security, directory authority, denial-of-service, also in 0.3.3.6):
|
|
|
+ - Fix a bug that could have allowed an attacker to force a
|
|
|
+ directory authority to use up all its RAM by passing it a
|
|
|
+ maliciously crafted protocol versions string. Fixes bug 25517;
|
|
|
+ bugfix on 0.2.9.4-alpha. This issue is also tracked as
|
|
|
+ TROVE-2018-005.
|
|
|
+
|
|
|
+ o Minor features (continuous integration):
|
|
|
+ - Add the necessary configuration files for continuous integration
|
|
|
+ testing on Windows, via the Appveyor platform. Closes ticket 25549.
|
|
|
+ Patches from Marcin Cieślak and Isis Lovecruft.
|
|
|
+
|
|
|
+ o Minor bugfixes (compatibility, openssl):
|
|
|
+ - Work around a change in OpenSSL 1.1.1 where
|
|
|
+ return values that would previously indicate "no password" now
|
|
|
+ indicate an empty password. Without this workaround, Tor instances
|
|
|
+ running with OpenSSL 1.1.1 would accept descriptors that other Tor
|
|
|
+ instances would reject. Fixes bug 26116; bugfix on 0.2.5.16.
|
|
|
+
|
|
|
+ o Minor bugfixes (compilation):
|
|
|
+ - Fix compilation when building with OpenSSL 1.1.0 with the
|
|
|
+ "no-deprecated" flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (control port):
|
|
|
+ - Do not count 0-length RELAY_COMMAND_DATA cells as valid data in CIRC_BW
|
|
|
+ events. Previously, such cells were counted entirely in the OVERHEAD
|
|
|
+ field. Now they are not. Fixes bug 26259; bugfix on 0.3.4.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (controller):
|
|
|
+ - Improve accuracy of the BUILDTIMEOUT_SET control port event's
|
|
|
+ TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting
|
|
|
+ the total number of circuits for these field values.) Fixes bug
|
|
|
+ 26121; bugfix on 0.3.3.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (hardening):
|
|
|
+ - Prevent a possible out-of-bounds smartlist read in
|
|
|
+ protover_compute_vote(). Fixes bug 26196; bugfix on
|
|
|
+ 0.2.9.4-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (onion services):
|
|
|
+ - Fix a bug that blocked the creation of ephemeral v3 onion services. Fixes
|
|
|
+ bug 25939; bugfix on 0.3.4.1-alpha.
|
|
|
+
|
|
|
+ o Minor bugfixes (test coverage tools):
|
|
|
+ - Update our "cov-diff" script to handle output from the latest
|
|
|
+ version of gcov, and to remove extraneous timestamp information
|
|
|
+ from its output. Fixes bugs 26101 and 26102; bugfix on
|
|
|
+ 0.2.5.1-alpha.
|
|
|
+
|
|
|
+ o Documentation:
|
|
|
+ - In code comment, point the reader to the exact section
|
|
|
+ in Tor specification that specifies circuit close error
|
|
|
+ code values. Resolves ticket 25237.
|
|
|
+
|
|
|
+
|
|
|
Changes in version 0.3.3.6 - 2018-05-22
|
|
|
Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It
|
|
|
backports several important fixes from the 0.3.4.1-alpha.
|
Nick Mathewson