diff --git a/ChangeLog b/ChangeLog index 5b5a5119fb..c7bddae4f5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,90 @@ -Changes in version 0.2.6.4-?? - 2015-0?-?? +Changes in version 0.2.6.4-rc - 2015-03-09 + Tor 0.2.6.4-alpha fixes an issue in the directory code that an + attacker might be able to use in order to crash certain Tor + directories. It also resolves some minor issues left over from, or + introduced in, Tor 0.2.6.3-alpha or earlier. + o Major bugfixes (crash, OSX, security): + - Fix a remote denial-of-service opportunity caused by a bug in + OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared + in OSX 10.9. + + o Major bugfixes (relay, stability, possible security): + - Fix a bug that could lead to a relay crashing with an assertion + failure if a buffer of exactly the wrong layout is passed to + buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on + 0.2.0.10-alpha. Patch from "cypherpunks". + - Do not assert if the 'data' pointer on a buffer is advanced to the + very end of the buffer; log a BUG message instead. Only assert if + it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha. + + o Major bugfixes (FreeBSD IPFW transparent proxy): + - Fix address detection with FreeBSD transparent proxies, when + "TransProxyType ipfw" is in use. Fixes bug 15064; bugfix + on 0.2.5.4-alpha. + + o Major bugfixes (Linux seccomp2 sandbox): + - Pass IPPROTO_TCP rather than 0 to socket(), so that the Linux + seccomp2 sandbox doesn't fail. Fixes bug 14989; bugfix + on 0.2.6.3-alpha. + - Allow AF_UNIX hidden services to be used with the seccomp2 + sandbox. Fixes bug 15003; bugfix on 0.2.6.3-alpha. + - Upon receiving sighup with the seccomp2 sandbox enabled, do not + crash during attempts to call wait4. Fixes bug 15088; bugfix on + 0.2.5.1-alpha. Patch from "sanic". + + o Minor features (controller): + - Messages about problems in the bootstrap process now include + information about the server we were trying to connect to when we + noticed the problem. Closes ticket 15006. + + o Minor features (geoip): + - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database. + - Update geoip6 to the March 3 2015 Maxmind GeoLite2 + Country database. + + o Minor features (logs): + - Quiet some log messages in the heartbeat and at startup. Closes + ticket 14950. + + o Minor bugfixes (certificate handling): + - If an authority operator accidentally makes a signing certificate + with a future publication time, do not discard its real signing + certificates. Fixes bug 11457; bugfix on 0.2.0.3-alpha. + - Remove any old authority certificates that have been superseded + for at least two days. Previously, we would keep superseded + certificates until they expired, if they were published close in + time to the certificate that superseded them. Fixes bug 11454; + bugfix on 0.2.1.8-alpha. + + o Minor bugfixes (compilation): + - Fix a compilation warning on s390. Fixes bug 14988; bugfix + on 0.2.5.2-alpha. + - Fix a compilation warning on FreeBSD. Fixes bug 15151; bugfix + on 0.2.6.2-alpha. + + o Minor bugfixes (testing): + - Fix endianness issues in unit test for resolve_my_address() to + have it pass on big endian systems. Fixes bug 14980; bugfix on + Tor 0.2.6.3-alpha. + - Avoid a side-effect in a tor_assert() in the unit tests. Fixes bug + 15188; bugfix on 0.1.2.3-alpha. Patch from Tom van der Woerdt. + - When running the new 'make test-stem' target, use the configured + python binary. Fixes bug 15037; bugfix on 0.2.6.3-alpha. Patch + from "cypherpunks". + - When running the zero-length-keys tests, do not use the default + torrc file. Fixes bug 15033; bugfix on 0.2.6.3-alpha. Reported + by "reezer". + + o Directory authority IP change: + - The directory authority Faravahar has a new IP address. This + closes ticket 14487. + + o Removed code: + - Remove some lingering dead code that once supported mempools. + Mempools were disabled by default in 0.2.5, and removed entirely + in 0.2.6.3-alpha. Closes more of ticket 14848; patch + by "cypherpunks". Changes in version 0.2.6.3-alpha - 2015-02-19