[tor-talk] Tor 0.3.4.2-alpha is released!

Nick Mathewson nickm at freehaven.net
Tue Jun 12 16:57:51 UTC 2018


Hi, all!

There's a new alpha Tor release!  Because it's an alpha, you should
only run it if you're ready to find more bugs than usual, and report
them on trac.torproject.org.

The source code is available from the usual place on
www.torproject.org; if you build Tor from source, why not give it a
try?  And if you don't build Tor from source, packages should be ready
over the coming days, with a Tor Browser alpha release likely some
time in the next few weeks.

There's also a new stable release coming out today; as usual, that one
gets announced on the tor-announce mailing list.

=============

Changes in version 0.3.4.2-alpha - 2018-06-12
  Tor 0.3.4.2-alpha fixes several minor bugs in the previous alpha
  release, and forward-ports an authority-only security fix from 0.3.3.6.

  o Directory authority changes:
    - Add an IPv6 address for the "dannenberg" directory authority.
      Closes ticket 26343.

  o Major bugfixes (security, directory authority, denial-of-service,
also in 0.3.3.6):
    - Fix a bug that could have allowed an attacker to force a directory
      authority to use up all its RAM by passing it a maliciously
      crafted protocol versions string. Fixes bug 25517; bugfix on
      0.2.9.4-alpha. This issue is also tracked as TROVE-2018-005.

  o Minor features (continuous integration):
    - Add the necessary configuration files for continuous integration
      testing on Windows, via the Appveyor platform. Closes ticket
      25549. Patches from Marcin CieĊ›lak and Isis Lovecruft.

  o Minor features (geoip):
    - Update geoip and geoip6 to the June 7 2018 Maxmind GeoLite2
      Country database. Closes ticket 26351.

  o Minor bugfixes (compatibility, openssl):
    - Work around a change in OpenSSL 1.1.1 where return values that
      would previously indicate "no password" now indicate an empty
      password. Without this workaround, Tor instances running with
      OpenSSL 1.1.1 would accept descriptors that other Tor instances
      would reject. Fixes bug 26116; bugfix on 0.2.5.16.

  o Minor bugfixes (compilation):
    - Silence unused-const-variable warnings in zstd.h with some GCC
      versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha.
    - Fix compilation when using OpenSSL 1.1.0 with the "no-deprecated"
      flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha.
    - Avoid a compiler warning when casting the return value of
      smartlist_len() to double with DEBUG_SMARTLIST enabled. Fixes bug
      26283; bugfix on 0.2.4.10-alpha.

  o Minor bugfixes (control port):
    - Do not count 0-length RELAY_COMMAND_DATA cells as valid data in
      CIRC_BW events. Previously, such cells were counted entirely in
      the OVERHEAD field. Now they are not. Fixes bug 26259; bugfix
      on 0.3.4.1-alpha.

  o Minor bugfixes (controller):
    - Improve accuracy of the BUILDTIMEOUT_SET control port event's
      TIMEOUT_RATE and CLOSE_RATE fields. (We were previously
      miscounting the total number of circuits for these field values.)
      Fixes bug 26121; bugfix on 0.3.3.1-alpha.

  o Minor bugfixes (hardening):
    - Prevent a possible out-of-bounds smartlist read in
      protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.

  o Minor bugfixes (onion services):
    - Fix a bug that blocked the creation of ephemeral v3 onion
      services. Fixes bug 25939; bugfix on 0.3.4.1-alpha.

  o Minor bugfixes (test coverage tools):
    - Update our "cov-diff" script to handle output from the latest
      version of gcov, and to remove extraneous timestamp information
      from its output. Fixes bugs 26101 and 26102; bugfix
      on 0.2.5.1-alpha.


More information about the tor-talk mailing list