[tor-commits] [tor/release-0.3.0] Reflow 0.3.0.4-rc changelog
nickm at torproject.org
nickm at torproject.org
Tue Feb 28 14:25:54 UTC 2017
commit 96e471693f740b739ad419c83e0663ad82adb7ee
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue Feb 28 09:25:39 2017 -0500
Reflow 0.3.0.4-rc changelog
---
ChangeLog | 104 +++++++++++++++++++++++++++++++-------------------------------
1 file changed, 52 insertions(+), 52 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index b805f6f..8cf24c4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,11 +1,11 @@
Changes in version 0.3.0.4-rc - 2017-03-??
- Tor 0.3.0.4-rc fixes some remaining bugs, large and small, in the 0.3.0
- release series, and introduces a few reliability features to keep them
- from coming back.
+ Tor 0.3.0.4-rc fixes some remaining bugs, large and small, in the
+ 0.3.0 release series, and introduces a few reliability features to
+ keep them from coming back.
- This is the first release candidate in the Tor 0.3.0 series.
- If we find no new bugs or regressions here, the first stable 0.2.8
- release will be identical to it.
+ This is the first release candidate in the Tor 0.3.0 series. If we
+ find no new bugs or regressions here, the first stable 0.2.8 release
+ will be identical to it.
o Major bugfixes (bridges):
- When the same bridge is configured multiple times at different
@@ -15,29 +15,28 @@ Changes in version 0.3.0.4-rc - 2017-03-??
again. Fixes bug 21027; bugfix on 0.3.0.1-alpha.
o Major bugfixes (hidden service directory v3):
- - When a descriptor lookup was done and it was not found in the directory
- cache, it would crash on a NULL pointer instead of returning the 404
- code back to the client like it was suppose to. Fixes bug 21471;
- bugfixes on tor-0.3.0.1-alpha.
+ - When a descriptor lookup was done and it was not found in the
+ directory cache, it would crash on a NULL pointer instead of
+ returning the 404 code back to the client like it was suppose to.
+ Fixes bug 21471; bugfixes on tor-0.3.0.1-alpha.
o Major bugfixes (HTTP, parsing):
- - When parsing a malformed content-length field from an HTTP message,
- do not read off the end of the buffer. This bug was a potential
- remote denial-of-service attack against Tor clients and relays.
- A workaround was released in October 2016, which prevents this
- bug from crashing Tor. This is a fix for the underlying issue,
- which should no longer matter (if you applied the earlier patch).
- Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing
- using AFL (http://lcamtuf.coredump.cx/afl/).
+ - When parsing a malformed content-length field from an HTTP
+ message, do not read off the end of the buffer. This bug was a
+ potential remote denial-of-service attack against Tor clients and
+ relays. A workaround was released in October 2016, which prevents
+ this bug from crashing Tor. This is a fix for the underlying
+ issue, which should no longer matter (if you applied the earlier
+ patch). Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by
+ fuzzing using AFL (http://lcamtuf.coredump.cx/afl/).
o Major bugfixes (parsing):
- - Fix an integer underflow bug when comparing malformed Tor versions.
- This bug is harmless, except when Tor has been built with
- --enable-expensive-hardening, which would turn it into a crash;
- or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with
- -ftrapv by default.
- Part of TROVE-2017-001. Fixes bug 21278; bugfix on
- 0.0.8pre1. Found by OSS-Fuzz.
+ - Fix an integer underflow bug when comparing malformed Tor
+ versions. This bug is harmless, except when Tor has been built
+ with --enable-expensive-hardening, which would turn it into a
+ crash; or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were
+ built with -ftrapv by default. Part of TROVE-2017-001. Fixes bug
+ 21278; bugfix on 0.0.8pre1. Found by OSS-Fuzz.
o Minor feature (protover):
- Add new protocol version for proposal 224. HSIntro now advertises
@@ -45,7 +44,8 @@ Changes in version 0.3.0.4-rc - 2017-03-??
o Minor features (directory authority):
- Directory authorities now reject descriptors that claim to be
- malformed versions of Tor. Helps prevent exploitation of bug 21278.
+ malformed versions of Tor. Helps prevent exploitation of
+ bug 21278.
o Minor features (geoip):
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
@@ -53,17 +53,17 @@ Changes in version 0.3.0.4-rc - 2017-03-??
o Minor features (reliability, crash):
- Try better to detect problems in buffers where they might grow (or
- think they have grown) over 2 GB in size. Diagnostic for bug 21369.
+ think they have grown) over 2 GB in size. Diagnostic for
+ bug 21369.
o Minor features (testing):
- - During 'make test-network-all', if tor logs any warnings, ask chutney
- to output them. Requires a recent version of chutney with the 21572
- patch.
- Implements 21570.
+ - During 'make test-network-all', if tor logs any warnings, ask
+ chutney to output them. Requires a recent version of chutney with
+ the 21572 patch. Implements 21570.
o Minor bugfixes (certificate expiration time):
- - Avoid using link certificates that don't become valid till
- some time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha
+ - Avoid using link certificates that don't become valid till some
+ time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha
o Minor bugfixes (code correctness):
- Repair a couple of (unreachable or harmless) cases of the risky
@@ -75,12 +75,12 @@ Changes in version 0.3.0.4-rc - 2017-03-??
bugfix on 0.3.0.1-alpha.
o Minor bugfixes (directory mirrors):
- - Allow relays to use directory mirrors without a DirPort: these relays
- need to be contacted over their ORPorts using a begindir connection.
- Fixes bug 20711; bugfix on 0.2.8.2-alpha.
- - Clarify the message logged when a remote relay is unexpectedly missing
- an ORPort or DirPort: users were confusing this with a local port.
- Fixes bug 20711; bugfix on 0.2.8.2-alpha.
+ - Allow relays to use directory mirrors without a DirPort: these
+ relays need to be contacted over their ORPorts using a begindir
+ connection. Fixes bug 20711; bugfix on 0.2.8.2-alpha.
+ - Clarify the message logged when a remote relay is unexpectedly
+ missing an ORPort or DirPort: users were confusing this with a
+ local port. Fixes bug 20711; bugfix on 0.2.8.2-alpha.
o Minor bugfixes (guards):
- Don't warn about a missing guard state on timeout-measurement
@@ -88,21 +88,22 @@ Changes in version 0.3.0.4-rc - 2017-03-??
instance of bug 21007; bugfix on 0.3.0.1-alpha.
o Minor bugfixes (hidden service):
- - When encoding a legacy ESTABLISH_INTRO cell, we were using the sizeof()
- on a pointer instead of real size of the destination buffer leading to
- an overflow passing an enormous value to the signing digest function.
- Fortunately, that value was only used to make sure the destination
- buffer length was big enough for the key size and in this case it was.
- Fixes bug 21553; bugfix on 0.3.0.1-alpha.
+ - When encoding a legacy ESTABLISH_INTRO cell, we were using the
+ sizeof() on a pointer instead of real size of the destination
+ buffer leading to an overflow passing an enormous value to the
+ signing digest function. Fortunately, that value was only used to
+ make sure the destination buffer length was big enough for the key
+ size and in this case it was. Fixes bug 21553; bugfix
+ on 0.3.0.1-alpha.
o Minor bugfixes (testing):
- - Fix Raspbian build missing socket errno in test util. Fixes bug 21116;
- bugfix on tor-0.2.8.2. Patch by "hein".
+ - Fix Raspbian build missing socket errno in test util. Fixes bug
+ 21116; bugfix on tor-0.2.8.2. Patch by "hein".
- Rename "make fuzz" to "make test-fuzz-corpora", since it doesn't
actually fuzz anything. Fixes bug 21447; bugfix on 0.3.0.3-alpha.
- - Use bash in src/test/test-network.sh. This ensures we reliably call
- chutney's newer tools/test-network.sh when available.
- Fixes bug 21562; bugfix on 0.2.9.1-alpha.
+ - Use bash in src/test/test-network.sh. This ensures we reliably
+ call chutney's newer tools/test-network.sh when available. Fixes
+ bug 21562; bugfix on 0.2.9.1-alpha.
o Minor bugfixes (voting consistency):
- Reject version numbers with components that exceed INT32_MAX.
@@ -110,8 +111,7 @@ Changes in version 0.3.0.4-rc - 2017-03-??
Fixes bug 21450; bugfix on 0.0.8pre1.
o Documentation:
- - Small fixes to the fuzzing documentation. Closes ticket
- 21472.
+ - Small fixes to the fuzzing documentation. Closes ticket 21472.
Changes in version 0.3.0.3-alpha - 2017-02-03
More information about the tor-commits
mailing list