commit 8be3513743aa953d03ff321ceee029cace1f78d8 Author: Nick Mathewson <nickm@torproject.org> Date: Mon Jun 11 16:37:08 2018 -0400 start the 0.3.4.2-alpha changelog --- ChangeLog | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++ changes/TROVE-2018-005 | 6 ----- changes/bug25939 | 3 --- changes/bug26101_26102 | 5 ----- changes/bug26116 | 7 ------ changes/bug26121 | 6 ----- changes/bug26156 | 3 --- changes/bug26196 | 4 ---- changes/bug26259 | 4 ---- changes/doc25237 | 4 ---- changes/ticket25549 | 4 ---- 11 files changed, 59 insertions(+), 46 deletions(-) diff --git a/ChangeLog b/ChangeLog index 757700a72..4bdc524c8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,62 @@ +Changes in version 0.3.4.2-alpha - 2018-06-12 + Tor 0.3.4.2-alpha fixes several minor bugs in the previous alpha release, + and forward-ports an authority-only security fix from 0.3.3.6. + + o Major bugfixes (security, directory authority, denial-of-service, also in 0.3.3.6): + - Fix a bug that could have allowed an attacker to force a + directory authority to use up all its RAM by passing it a + maliciously crafted protocol versions string. Fixes bug 25517; + bugfix on 0.2.9.4-alpha. This issue is also tracked as + TROVE-2018-005. + + o Minor features (continuous integration): + - Add the necessary configuration files for continuous integration + testing on Windows, via the Appveyor platform. Closes ticket 25549. + Patches from Marcin Cieślak and Isis Lovecruft. + + o Minor bugfixes (compatibility, openssl): + - Work around a change in OpenSSL 1.1.1 where + return values that would previously indicate "no password" now + indicate an empty password. Without this workaround, Tor instances + running with OpenSSL 1.1.1 would accept descriptors that other Tor + instances would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (compilation): + - Fix compilation when building with OpenSSL 1.1.0 with the + "no-deprecated" flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (control port): + - Do not count 0-length RELAY_COMMAND_DATA cells as valid data in CIRC_BW + events. Previously, such cells were counted entirely in the OVERHEAD + field. Now they are not. Fixes bug 26259; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (controller): + - Improve accuracy of the BUILDTIMEOUT_SET control port event's + TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting + the total number of circuits for these field values.) Fixes bug + 26121; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (hardening): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on + 0.2.9.4-alpha. + + o Minor bugfixes (onion services): + - Fix a bug that blocked the creation of ephemeral v3 onion services. Fixes + bug 25939; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (test coverage tools): + - Update our "cov-diff" script to handle output from the latest + version of gcov, and to remove extraneous timestamp information + from its output. Fixes bugs 26101 and 26102; bugfix on + 0.2.5.1-alpha. + + o Documentation: + - In code comment, point the reader to the exact section + in Tor specification that specifies circuit close error + code values. Resolves ticket 25237. + + Changes in version 0.3.3.6 - 2018-05-22 Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It backports several important fixes from the 0.3.4.1-alpha. diff --git a/changes/TROVE-2018-005 b/changes/TROVE-2018-005 deleted file mode 100644 index 769c653f4..000000000 --- a/changes/TROVE-2018-005 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security, directory authority, denial-of-service): - - Fix a bug that could have allowed an attacker to force a - directory authority to use up all its RAM by passing it a - maliciously crafted protocol versions string. Fixes bug 25517; - bugfix on 0.2.9.4-alpha. This issue is also tracked as - TROVE-2018-005. diff --git a/changes/bug25939 b/changes/bug25939 deleted file mode 100644 index a11c73ad0..000000000 --- a/changes/bug25939 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion services): - - Fix a bug that blocked the creation of ephemeral v3 onion services. Fixes - bug 25939; bugfix on 0.3.4.1-alpha. diff --git a/changes/bug26101_26102 b/changes/bug26101_26102 deleted file mode 100644 index bc3bc84b2..000000000 --- a/changes/bug26101_26102 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (test coverage tools): - - Update our "cov-diff" script to handle output from the latest - version of gcov, and to remove extraneous timestamp information - from its output. Fixes bugs 26101 and 26102; bugfix on - 0.2.5.1-alpha. \ No newline at end of file diff --git a/changes/bug26116 b/changes/bug26116 deleted file mode 100644 index 3bfde74f7..000000000 --- a/changes/bug26116 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (compatibility, openssl): - - Work around a change in OpenSSL 1.1.1 where - return values that would previously indicate "no password" now - indicate an empty password. Without this workaround, Tor instances - running with OpenSSL 1.1.1 would accept descriptors that other Tor - instances would reject. Fixes bug 26116; bugfix on 0.2.5.16. - diff --git a/changes/bug26121 b/changes/bug26121 deleted file mode 100644 index 5f734dd56..000000000 --- a/changes/bug26121 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (controller): - - Improve accuracy of the BUILDTIMEOUT_SET control port event's - TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting - the total number of circuits for these field values.) Fixes bug - 26121; bugfix on 0.3.3.1-alpha. - diff --git a/changes/bug26156 b/changes/bug26156 deleted file mode 100644 index dcb3ca637..000000000 --- a/changes/bug26156 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix compilation when building with OpenSSL 1.1.0 with the - "no-deprecated" flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha. diff --git a/changes/bug26196 b/changes/bug26196 deleted file mode 100644 index 47fcffa0f..000000000 --- a/changes/bug26196 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (hardening): - - Prevent a possible out-of-bounds smartlist read in - protover_compute_vote(). Fixes bug 26196; bugfix on - 0.2.9.4-alpha. diff --git a/changes/bug26259 b/changes/bug26259 deleted file mode 100644 index f5383dab3..000000000 --- a/changes/bug26259 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (control port): - - Do not count 0-length RELAY_COMMAND_DATA cells as valid data in CIRC_BW - events. Previously, such cells were counted entirely in the OVERHEAD - field. Now they are not. Fixes bug 26259; bugfix on 0.3.4.1-alpha. diff --git a/changes/doc25237 b/changes/doc25237 deleted file mode 100644 index c54307a83..000000000 --- a/changes/doc25237 +++ /dev/null @@ -1,4 +0,0 @@ - o Documentation: - - In code comment, point the reader to the exact section - in Tor specification that specifies circuit close error - code values. Resolves ticket 25237. diff --git a/changes/ticket25549 b/changes/ticket25549 deleted file mode 100644 index 82b41278a..000000000 --- a/changes/ticket25549 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (continuous integration): - - Add the necessary configuration files for continuous integration - testing on Windows, via the Appveyor platform. Closes ticket 25549. - Patches from Marcin Cieślak and Isis Lovecruft.