commit e9ecb09786763a65838b9760e5d14dd3b4956b25 Author: Nick Mathewson nickm@torproject.org Date: Tue Jun 12 08:36:48 2018 -0400

format changelog. --- ChangeLog | 80 ++++++++++++++++++++++++++++++--------------------------------- 1 file changed, 38 insertions(+), 42 deletions(-)

diff --git a/ChangeLog b/ChangeLog index 93a58647f..181b8e16f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,74 +1,70 @@ Changes in version 0.3.4.2-alpha - 2018-06-12 - Tor 0.3.4.2-alpha fixes several minor bugs in the previous alpha release, - and forward-ports an authority-only security fix from 0.3.3.6. + Tor 0.3.4.2-alpha fixes several minor bugs in the previous alpha + release, and forward-ports an authority-only security fix from 0.3.3.6.

o Major bugfixes (security, directory authority, denial-of-service, also in 0.3.3.6): - - Fix a bug that could have allowed an attacker to force a - directory authority to use up all its RAM by passing it a - maliciously crafted protocol versions string. Fixes bug 25517; - bugfix on 0.2.9.4-alpha. This issue is also tracked as - TROVE-2018-005. + - Fix a bug that could have allowed an attacker to force a directory + authority to use up all its RAM by passing it a maliciously + crafted protocol versions string. Fixes bug 25517; bugfix on + 0.2.9.4-alpha. This issue is also tracked as TROVE-2018-005.

o Minor features (continuous integration): - Add the necessary configuration files for continuous integration - testing on Windows, via the Appveyor platform. Closes ticket 25549. - Patches from Marcin Cieślak and Isis Lovecruft. - - o Minor bugfixes (compatibility, openssl): - - Work around a change in OpenSSL 1.1.1 where - return values that would previously indicate "no password" now - indicate an empty password. Without this workaround, Tor instances - running with OpenSSL 1.1.1 would accept descriptors that other Tor - instances would reject. Fixes bug 26116; bugfix on 0.2.5.16. - - o Minor bugfixes (compilation): - - Silence unused-const-variable warnings in zstd.h on some gcc versions. - Fixes bug 26272; bugfix on 0.3.1.1-alpha. - - o Minor bugfixes (C correctness): - - Avoid casting return value of smartlist_len() to double as - compiler does not like it when -Wbad-function-cast is on. - Fixes bug 26283; bugfix on 0.2.4.10-alpha. + testing on Windows, via the Appveyor platform. Closes ticket + 25549. Patches from Marcin Cieślak and Isis Lovecruft.

o Minor features (geoip): - Update geoip and geoip6 to the June 7 2018 Maxmind GeoLite2 Country database. Closes ticket 26351.

+ o Minor bugfixes (C correctness): + - Avoid casting return value of smartlist_len() to double as + compiler does not like it when -Wbad-function-cast is on. Fixes + bug 26283; bugfix on 0.2.4.10-alpha. + + o Minor bugfixes (compatibility, openssl): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16.

o Minor bugfixes (compilation): - - Fix compilation when building with OpenSSL 1.1.0 with the - "no-deprecated" flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha. + - Silence unused-const-variable warnings in zstd.h on some gcc + versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha. + - Fix compilation when building with OpenSSL 1.1.0 with the "no- + deprecated" flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha.

o Minor bugfixes (control port): - - Do not count 0-length RELAY_COMMAND_DATA cells as valid data in CIRC_BW - events. Previously, such cells were counted entirely in the OVERHEAD - field. Now they are not. Fixes bug 26259; bugfix on 0.3.4.1-alpha. + - Do not count 0-length RELAY_COMMAND_DATA cells as valid data in + CIRC_BW events. Previously, such cells were counted entirely in + the OVERHEAD field. Now they are not. Fixes bug 26259; bugfix + on 0.3.4.1-alpha.

o Minor bugfixes (controller): - Improve accuracy of the BUILDTIMEOUT_SET control port event's - TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting - the total number of circuits for these field values.) Fixes bug - 26121; bugfix on 0.3.3.1-alpha. + TIMEOUT_RATE and CLOSE_RATE fields. (We were previously + miscounting the total number of circuits for these field values.) + Fixes bug 26121; bugfix on 0.3.3.1-alpha.

o Minor bugfixes (hardening): - Prevent a possible out-of-bounds smartlist read in - protover_compute_vote(). Fixes bug 26196; bugfix on - 0.2.9.4-alpha. + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.

o Minor bugfixes (onion services): - - Fix a bug that blocked the creation of ephemeral v3 onion services. Fixes - bug 25939; bugfix on 0.3.4.1-alpha. + - Fix a bug that blocked the creation of ephemeral v3 onion + services. Fixes bug 25939; bugfix on 0.3.4.1-alpha.

o Minor bugfixes (test coverage tools): - Update our "cov-diff" script to handle output from the latest version of gcov, and to remove extraneous timestamp information - from its output. Fixes bugs 26101 and 26102; bugfix on - 0.2.5.1-alpha. + from its output. Fixes bugs 26101 and 26102; bugfix + on 0.2.5.1-alpha.

o Documentation: - - In code comment, point the reader to the exact section - in Tor specification that specifies circuit close error - code values. Resolves ticket 25237. + - In code comment, point the reader to the exact section in Tor + specification that specifies circuit close error code values. + Resolves ticket 25237.

Changes in version 0.3.3.6 - 2018-05-22