[tor-commits] [tor/release-0.3.0] More changelog edits
nickm at torproject.org
nickm at torproject.org
Tue Feb 28 14:55:14 UTC 2017
commit d6b62571213c34fb55c9ba5a09dbd642f7c876f4
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue Feb 28 09:55:09 2017 -0500
More changelog edits
---
ChangeLog | 61 ++++++++++++++++++++++++++-----------------------------------
1 file changed, 26 insertions(+), 35 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index dbe48b5..737a398 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,29 +8,25 @@ Changes in version 0.3.0.4-rc - 2017-03-??
will be nearly identical to it.
o Major bugfixes (bridges):
- - When the same bridge is configured multiple times at different
- address:port combinations (but with the same identity), treat
- those bridge instances as separate guards. This allows clients to
- configure the same bridge with multiple pluggable transports, once
- again. Fixes bug 21027; bugfix on 0.3.0.1-alpha.
+ - When the same bridge is configured multiple times with the same
+ identity, but at different address:port combinations, treat those
+ bridge instances as separate guards. This fix restores the ability
+ of clients to configure the same bridge with multiple pluggable
+ transports. Fixes bug 21027; bugfix on 0.3.0.1-alpha.
o Major bugfixes (hidden service directory v3):
- - When a descriptor lookup was done and it was not found in the
- directory cache, it would crash on a NULL pointer instead of
- returning the 404 code back to the client like it was suppose to.
- Fixes bug 21471; bugfixes on tor-0.3.0.1-alpha.
+ - Stop crashing on a failed v3 hidden service descriptor lookup
+ failure. Fixes bug 21471; bugfixes on tor-0.3.0.1-alpha.
- o Major bugfixes (HTTP, parsing):
+ o Major bugfixes (parsing):
- When parsing a malformed content-length field from an HTTP
message, do not read off the end of the buffer. This bug was a
potential remote denial-of-service attack against Tor clients and
- relays. A workaround was released in October 2016, which prevents
- this bug from crashing Tor. This is a fix for the underlying
- issue, which should no longer matter (if you applied the earlier
- patch). Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by
- fuzzing using AFL (http://lcamtuf.coredump.cx/afl/).
-
- o Major bugfixes (parsing):
+ relays. A workaround was released in October 2016, to prevent this
+ bug from crashing Tor. This is a fix for the underlying issue,
+ which should no longer matter (if you applied the earlier patch).
+ Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing
+ using AFL (http://lcamtuf.coredump.cx/afl/).
- Fix an integer underflow bug when comparing malformed Tor
versions. This bug could crash Tor when built with
--enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor
@@ -38,14 +34,17 @@ Changes in version 0.3.0.4-rc - 2017-03-??
it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
on 0.0.8pre1. Found by OSS-Fuzz.
- o Minor feature (protover):
+ o Minor feature (protocol versioning):
- Add new protocol version for proposal 224. HSIntro now advertises
version "3-4" and HSDir version "1-2". Fixes ticket 20656.
- o Minor features (directory authority):
+ o Minor features (directory authorities):
- Directory authorities now reject descriptors that claim to be
malformed versions of Tor. Helps prevent exploitation of
bug 21278.
+ - Reject version numbers with components that exceed INT32_MAX.
+ Otherwise 32-bit and 64-bit platforms would behave inconsistently.
+ Fixes bug 21450; bugfix on 0.0.8pre1.
o Minor features (geoip):
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
@@ -68,8 +67,6 @@ Changes in version 0.3.0.4-rc - 2017-03-??
o Minor bugfixes (code correctness):
- Repair a couple of (unreachable or harmless) cases of the risky
comparison-by-subtraction pattern that caused bug 21278.
-
- o Minor bugfixes (correctness):
- Remove a redundant check for the UseEntryGuards option from the
options_transition_affects_guards() function. Fixes bug 21492;
bugfix on 0.3.0.1-alpha.
@@ -88,28 +85,22 @@ Changes in version 0.3.0.4-rc - 2017-03-??
instance of bug 21007; bugfix on 0.3.0.1-alpha.
o Minor bugfixes (hidden service):
- - When encoding a legacy ESTABLISH_INTRO cell, we were using the
- sizeof() on a pointer instead of real size of the destination
- buffer leading to an overflow passing an enormous value to the
- signing digest function. Fortunately, that value was only used to
- make sure the destination buffer length was big enough for the key
- size and in this case it was. Fixes bug 21553; bugfix
- on 0.3.0.1-alpha.
+ - Pass correct buffer length when encoding legacy ESTABLISH_INTRO
+ cells. Previously, we were using sizeof() on a pointer, instead of
+ the real destination buffer. Fortunately, that value was only used
+ to double-check that there was enough room--which was already
+ enforced elsewhere. Fixes bug 21553; bugfix on 0.3.0.1-alpha.
o Minor bugfixes (testing):
- - Fix Raspbian build missing socket errno in test util. Fixes bug
- 21116; bugfix on tor-0.2.8.2. Patch by "hein".
+ - Fix Raspbian build issues related to missing socket errno in
+ test_util.c. Fixes bug 21116; bugfix on tor-0.2.8.2. Patch
+ by "hein".
- Rename "make fuzz" to "make test-fuzz-corpora", since it doesn't
actually fuzz anything. Fixes bug 21447; bugfix on 0.3.0.3-alpha.
- Use bash in src/test/test-network.sh. This ensures we reliably
call chutney's newer tools/test-network.sh when available. Fixes
bug 21562; bugfix on 0.2.9.1-alpha.
- o Minor bugfixes (voting consistency):
- - Reject version numbers with components that exceed INT32_MAX.
- Otherwise 32-bit and 64-bit platforms would behave inconsistently.
- Fixes bug 21450; bugfix on 0.0.8pre1.
-
o Documentation:
- Small fixes to the fuzzing documentation. Closes ticket 21472.
More information about the tor-commits
mailing list