From bebf6c6c676e9d8df73743b2619bda23a59c54df Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 21 Oct 2015 15:34:30 -0400 Subject: [PATCH] forwardport the changelog for 0.2.7.4-rc --- ChangeLog | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/ChangeLog b/ChangeLog index 46005a9093..4c4d0143e6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,71 @@ +Changes in version 0.2.7.4-rc - 2015-10-21 + Tor 0.2.7.4-rc is the second release candidate in the 0.2.7 series. It + fixes some important memory leaks, and a scary-looking (but mostly + harmless in practice) invalid-read bug. It also has a few small + bugfixes, notably fixes for compilation and portability on different + platforms. If no further significant bounds are found, the next + release will the the official stable release. + + o Major bugfixes (security, correctness): + - Fix an error that could cause us to read 4 bytes before the + beginning of an openssl string. This bug could be used to cause + Tor to crash on systems with unusual malloc implementations, or + systems with unusual hardening installed. Fixes bug 17404; bugfix + on 0.2.3.6-alpha. + + o Major bugfixes (correctness): + - Fix a use-after-free bug in validate_intro_point_failure(). Fixes + bug 17401; bugfix on 0.2.7.3-rc. + + o Major bugfixes (memory leaks): + - Fix a memory leak in ed25519 batch signature checking. Fixes bug + 17398; bugfix on 0.2.6.1-alpha. + - Fix a memory leak in rend_cache_failure_entry_free(). Fixes bug + 17402; bugfix on 0.2.7.3-rc. + - Fix a memory leak when reading an expired signing key from disk. + Fixes bug 17403; bugfix on 0.2.7.2-rc. + + o Minor features (geoIP): + - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (compilation): + - Repair compilation with the most recent (unreleased, alpha) + vesions of OpenSSL 1.1. Fixes part of ticket 17237. + - Fix an integer overflow warning in test_crypto_slow.c. Fixes bug + 17251; bugfix on 0.2.7.2-alpha. + - Fix compilation of sandbox.c with musl-libc. Fixes bug 17347; + bugfix on 0.2.5.1-alpha. Patch from 'jamestk'. + + o Minor bugfixes (portability): + - Use libexecinfo on FreeBSD to enable backtrace support. Fixes + part of bug 17151; bugfix on 0.2.5.2-alpha. Patch from + Marcin Cieślak. + + o Minor bugfixes (sandbox): + - Add the "hidserv-stats" filename to our sandbox filter for the + HiddenServiceStatistics option to work properly. Fixes bug 17354; + bugfix on tor-0.2.6.2-alpha. Patch from David Goulet. + + o Minor bugfixes (testing): + - Add unit tests for get_interface_address* failure cases. Fixes bug + 17173; bugfix on 0.2.7.3-rc. Patch by fk/teor. + - Fix breakage when running 'make check' with BSD make. Fixes bug + 17154; bugfix on 0.2.7.3-rc. Patch by Marcin Cieślak. + - Make the get_ifaddrs_* unit tests more tolerant of different + network configurations. (Don't assume every test box has an IPv4 + address, and don't assume every test box has a non-localhost + address.) Fixes bug 17255; bugfix on 0.2.7.3-rc. Patch by "teor". + - Skip backtrace tests when backtrace support is not compiled in. + Fixes part of bug 17151; bugfix on 0.2.7.1-alpha. Patch from + Marcin Cieślak. + + o Documentation: + - Fix capitalization of SOCKS in sample torrc. Closes ticket 15609. + - Note that HiddenServicePorts can take a unix domain socket. Closes + ticket 17364. + + Changes in version 0.2.7.3-rc - 2015-09-25 Tor 0.2.7.3-rc is the first release candidate in the 0.2.7 series. It contains numerous usability fixes for Ed25519 keys, safeguards against