[tor-talk] Tor 0.3.4.2-alpha is released!
nickm at freehaven.net
Tue Jun 12 16:57:51 UTC 2018
There's a new alpha Tor release! Because it's an alpha, you should
only run it if you're ready to find more bugs than usual, and report
them on trac.torproject.org.
The source code is available from the usual place on
www.torproject.org; if you build Tor from source, why not give it a
try? And if you don't build Tor from source, packages should be ready
over the coming days, with a Tor Browser alpha release likely some
time in the next few weeks.
There's also a new stable release coming out today; as usual, that one
gets announced on the tor-announce mailing list.
Changes in version 0.3.4.2-alpha - 2018-06-12
Tor 0.3.4.2-alpha fixes several minor bugs in the previous alpha
release, and forward-ports an authority-only security fix from 0.3.3.6.
o Directory authority changes:
- Add an IPv6 address for the "dannenberg" directory authority.
Closes ticket 26343.
o Major bugfixes (security, directory authority, denial-of-service,
also in 0.3.3.6):
- Fix a bug that could have allowed an attacker to force a directory
authority to use up all its RAM by passing it a maliciously
crafted protocol versions string. Fixes bug 25517; bugfix on
0.2.9.4-alpha. This issue is also tracked as TROVE-2018-005.
o Minor features (continuous integration):
- Add the necessary configuration files for continuous integration
testing on Windows, via the Appveyor platform. Closes ticket
25549. Patches from Marcin Cieślak and Isis Lovecruft.
o Minor features (geoip):
- Update geoip and geoip6 to the June 7 2018 Maxmind GeoLite2
Country database. Closes ticket 26351.
o Minor bugfixes (compatibility, openssl):
- Work around a change in OpenSSL 1.1.1 where return values that
would previously indicate "no password" now indicate an empty
password. Without this workaround, Tor instances running with
OpenSSL 1.1.1 would accept descriptors that other Tor instances
would reject. Fixes bug 26116; bugfix on 0.2.5.16.
o Minor bugfixes (compilation):
- Silence unused-const-variable warnings in zstd.h with some GCC
versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha.
- Fix compilation when using OpenSSL 1.1.0 with the "no-deprecated"
flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha.
- Avoid a compiler warning when casting the return value of
smartlist_len() to double with DEBUG_SMARTLIST enabled. Fixes bug
26283; bugfix on 0.2.4.10-alpha.
o Minor bugfixes (control port):
- Do not count 0-length RELAY_COMMAND_DATA cells as valid data in
CIRC_BW events. Previously, such cells were counted entirely in
the OVERHEAD field. Now they are not. Fixes bug 26259; bugfix
o Minor bugfixes (controller):
- Improve accuracy of the BUILDTIMEOUT_SET control port event's
TIMEOUT_RATE and CLOSE_RATE fields. (We were previously
miscounting the total number of circuits for these field values.)
Fixes bug 26121; bugfix on 0.3.3.1-alpha.
o Minor bugfixes (hardening):
- Prevent a possible out-of-bounds smartlist read in
protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.
o Minor bugfixes (onion services):
- Fix a bug that blocked the creation of ephemeral v3 onion
services. Fixes bug 25939; bugfix on 0.3.4.1-alpha.
o Minor bugfixes (test coverage tools):
- Update our "cov-diff" script to handle output from the latest
version of gcov, and to remove extraneous timestamp information
from its output. Fixes bugs 26101 and 26102; bugfix
More information about the tor-talk