[tor-talk] Tor 0.2.7.4-rc is released

Brian Walker torrelay at outlook.com
Thu Oct 22 17:25:00 UTC 2015


Great news.  Will somebody compile a package for Win32?  I'd like to help test this on my relay.
 
Thanks,
Brian
 
> Date: Thu, 22 Oct 2015 09:17:49 -0400
> From: nickm at torproject.org
> To: tor-talk at lists.torproject.org
> Subject: [tor-talk] Tor 0.2.7.4-rc is released
> 
>   Tor 0.2.7.4-rc is the second release candidate in the 0.2.7 series. It
>   fixes some important memory leaks, and a scary-looking (but mostly
>   harmless in practice) invalid-read bug. It also has a few small
>   bugfixes, notably fixes for compilation and portability on different
>   platforms. If no further significant bounds are found, the next
>   release will the the official stable release.
> 
> You can download the source from the usual place on the website.
> Packages should be up in a few days.
> 
> NOTE: This is a release candidate.  We think we've squashed most of
> the bugs, but there are probably a few left over.
> 
> Changes in version 0.2.7.4-rc - 2015-10-21
> 
>   o Major bugfixes (security, correctness):
>     - Fix an error that could cause us to read 4 bytes before the
>       beginning of an openssl string. This bug could be used to cause
>       Tor to crash on systems with unusual malloc implementations, or
>       systems with unusual hardening installed. Fixes bug 17404; bugfix
>       on 0.2.3.6-alpha.
> 
>   o Major bugfixes (correctness):
>     - Fix a use-after-free bug in validate_intro_point_failure(). Fixes
>       bug 17401; bugfix on 0.2.7.3-rc.
> 
>   o Major bugfixes (memory leaks):
>     - Fix a memory leak in ed25519 batch signature checking. Fixes bug
>       17398; bugfix on 0.2.6.1-alpha.
>     - Fix a memory leak in rend_cache_failure_entry_free(). Fixes bug
>       17402; bugfix on 0.2.7.3-rc.
>     - Fix a memory leak when reading an expired signing key from disk.
>       Fixes bug 17403; bugfix on 0.2.7.2-rc.
> 
>   o Minor features (geoIP):
>     - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2
>       Country database.
> 
>   o Minor bugfixes (compilation):
>     - Repair compilation with the most recent (unreleased, alpha)
>       vesions of OpenSSL 1.1. Fixes part of ticket 17237.
>     - Fix an integer overflow warning in test_crypto_slow.c. Fixes bug
>       17251; bugfix on 0.2.7.2-alpha.
>     - Fix compilation of sandbox.c with musl-libc. Fixes bug 17347;
>       bugfix on 0.2.5.1-alpha. Patch from 'jamestk'.
> 
>   o Minor bugfixes (portability):
>     - Use libexecinfo on FreeBSD to enable backtrace support. Fixes
>       part of bug 17151; bugfix on 0.2.5.2-alpha. Patch from
>       Marcin Cieślak.
> 
>   o Minor bugfixes (sandbox):
>     - Add the "hidserv-stats" filename to our sandbox filter for the
>       HiddenServiceStatistics option to work properly. Fixes bug 17354;
>       bugfix on tor-0.2.6.2-alpha. Patch from David Goulet.
> 
>   o Minor bugfixes (testing):
>     - Add unit tests for get_interface_address* failure cases. Fixes bug
>       17173; bugfix on 0.2.7.3-rc. Patch by fk/teor.
>     - Fix breakage when running 'make check' with BSD make. Fixes bug
>       17154; bugfix on 0.2.7.3-rc. Patch by Marcin Cieślak.
>     - Make the get_ifaddrs_* unit tests more tolerant of different
>       network configurations. (Don't assume every test box has an IPv4
>       address, and don't assume every test box has a non-localhost
>       address.) Fixes bug 17255; bugfix on 0.2.7.3-rc. Patch by "teor".
>     - Skip backtrace tests when backtrace support is not compiled in.
>       Fixes part of bug 17151; bugfix on 0.2.7.1-alpha. Patch from
>       Marcin Cieślak.
> 
>   o Documentation:
>     - Fix capitalization of SOCKS in sample torrc. Closes ticket 15609.
>     - Note that HiddenServicePorts can take a unix domain socket. Closes
>       ticket 17364.
> -- 
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
 		 	   		  


More information about the tor-talk mailing list