start the 0.3.4.2-alpha changelog

This commit is contained in:
Nick Mathewson 2018-06-11 16:37:08 -04:00
parent f399887cfe
commit 8be3513743
11 changed files with 59 additions and 46 deletions

View File

@ -1,3 +1,62 @@
Changes in version 0.3.4.2-alpha - 2018-06-12
Tor 0.3.4.2-alpha fixes several minor bugs in the previous alpha release,
and forward-ports an authority-only security fix from 0.3.3.6.
o Major bugfixes (security, directory authority, denial-of-service, also in 0.3.3.6):
- Fix a bug that could have allowed an attacker to force a
directory authority to use up all its RAM by passing it a
maliciously crafted protocol versions string. Fixes bug 25517;
bugfix on 0.2.9.4-alpha. This issue is also tracked as
TROVE-2018-005.
o Minor features (continuous integration):
- Add the necessary configuration files for continuous integration
testing on Windows, via the Appveyor platform. Closes ticket 25549.
Patches from Marcin Cieślak and Isis Lovecruft.
o Minor bugfixes (compatibility, openssl):
- Work around a change in OpenSSL 1.1.1 where
return values that would previously indicate "no password" now
indicate an empty password. Without this workaround, Tor instances
running with OpenSSL 1.1.1 would accept descriptors that other Tor
instances would reject. Fixes bug 26116; bugfix on 0.2.5.16.
o Minor bugfixes (compilation):
- Fix compilation when building with OpenSSL 1.1.0 with the
"no-deprecated" flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha.
o Minor bugfixes (control port):
- Do not count 0-length RELAY_COMMAND_DATA cells as valid data in CIRC_BW
events. Previously, such cells were counted entirely in the OVERHEAD
field. Now they are not. Fixes bug 26259; bugfix on 0.3.4.1-alpha.
o Minor bugfixes (controller):
- Improve accuracy of the BUILDTIMEOUT_SET control port event's
TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting
the total number of circuits for these field values.) Fixes bug
26121; bugfix on 0.3.3.1-alpha.
o Minor bugfixes (hardening):
- Prevent a possible out-of-bounds smartlist read in
protover_compute_vote(). Fixes bug 26196; bugfix on
0.2.9.4-alpha.
o Minor bugfixes (onion services):
- Fix a bug that blocked the creation of ephemeral v3 onion services. Fixes
bug 25939; bugfix on 0.3.4.1-alpha.
o Minor bugfixes (test coverage tools):
- Update our "cov-diff" script to handle output from the latest
version of gcov, and to remove extraneous timestamp information
from its output. Fixes bugs 26101 and 26102; bugfix on
0.2.5.1-alpha.
o Documentation:
- In code comment, point the reader to the exact section
in Tor specification that specifies circuit close error
code values. Resolves ticket 25237.
Changes in version 0.3.3.6 - 2018-05-22 Changes in version 0.3.3.6 - 2018-05-22
Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It
backports several important fixes from the 0.3.4.1-alpha. backports several important fixes from the 0.3.4.1-alpha.

View File

@ -1,6 +0,0 @@
o Major bugfixes (security, directory authority, denial-of-service):
- Fix a bug that could have allowed an attacker to force a
directory authority to use up all its RAM by passing it a
maliciously crafted protocol versions string. Fixes bug 25517;
bugfix on 0.2.9.4-alpha. This issue is also tracked as
TROVE-2018-005.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (onion services):
- Fix a bug that blocked the creation of ephemeral v3 onion services. Fixes
bug 25939; bugfix on 0.3.4.1-alpha.

View File

@ -1,5 +0,0 @@
o Minor bugfixes (test coverage tools):
- Update our "cov-diff" script to handle output from the latest
version of gcov, and to remove extraneous timestamp information
from its output. Fixes bugs 26101 and 26102; bugfix on
0.2.5.1-alpha.

View File

@ -1,7 +0,0 @@
o Minor bugfixes (compatibility, openssl):
- Work around a change in OpenSSL 1.1.1 where
return values that would previously indicate "no password" now
indicate an empty password. Without this workaround, Tor instances
running with OpenSSL 1.1.1 would accept descriptors that other Tor
instances would reject. Fixes bug 26116; bugfix on 0.2.5.16.

View File

@ -1,6 +0,0 @@
o Minor bugfixes (controller):
- Improve accuracy of the BUILDTIMEOUT_SET control port event's
TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting
the total number of circuits for these field values.) Fixes bug
26121; bugfix on 0.3.3.1-alpha.

View File

@ -1,3 +0,0 @@
o Minor bugfixes (compilation):
- Fix compilation when building with OpenSSL 1.1.0 with the
"no-deprecated" flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (hardening):
- Prevent a possible out-of-bounds smartlist read in
protover_compute_vote(). Fixes bug 26196; bugfix on
0.2.9.4-alpha.

View File

@ -1,4 +0,0 @@
o Minor bugfixes (control port):
- Do not count 0-length RELAY_COMMAND_DATA cells as valid data in CIRC_BW
events. Previously, such cells were counted entirely in the OVERHEAD
field. Now they are not. Fixes bug 26259; bugfix on 0.3.4.1-alpha.

View File

@ -1,4 +0,0 @@
o Documentation:
- In code comment, point the reader to the exact section
in Tor specification that specifies circuit close error
code values. Resolves ticket 25237.

View File

@ -1,4 +0,0 @@
o Minor features (continuous integration):
- Add the necessary configuration files for continuous integration
testing on Windows, via the Appveyor platform. Closes ticket 25549.
Patches from Marcin Cieślak and Isis Lovecruft.