sarah
/
tor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Reflow 0.3.0.4-rc changelog

This commit is contained in:
Nick Mathewson 2017-02-28 09:25:39 -05:00
parent 46e096f2eb
commit 96e471693f
1 changed files with 52 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
ChangeLog
View File

@ -1,11 +1,11 @@
Changes in version 0.3.0.4-rc - 2017-03-?? Changes in version 0.3.0.4-rc - 2017-03-??
Tor 0.3.0.4-rc fixes some remaining bugs, large and small, in the 0.3.0 Tor 0.3.0.4-rc fixes some remaining bugs, large and small, in the
release series, and introduces a few reliability features to keep them 0.3.0 release series, and introduces a few reliability features to
from coming back. keep them from coming back.
This is the first release candidate in the Tor 0.3.0 series. This is the first release candidate in the Tor 0.3.0 series. If we
If we find no new bugs or regressions here, the first stable 0.2.8 find no new bugs or regressions here, the first stable 0.2.8 release
release will be identical to it. will be identical to it.
o Major bugfixes (bridges): o Major bugfixes (bridges):
- When the same bridge is configured multiple times at different - When the same bridge is configured multiple times at different
@ -15,29 +15,28 @@ Changes in version 0.3.0.4-rc - 2017-03-??
again. Fixes bug 21027; bugfix on 0.3.0.1-alpha. again. Fixes bug 21027; bugfix on 0.3.0.1-alpha.
o Major bugfixes (hidden service directory v3): o Major bugfixes (hidden service directory v3):
- When a descriptor lookup was done and it was not found in the directory - When a descriptor lookup was done and it was not found in the
cache, it would crash on a NULL pointer instead of returning the 404 directory cache, it would crash on a NULL pointer instead of
code back to the client like it was suppose to. Fixes bug 21471; returning the 404 code back to the client like it was suppose to.
bugfixes on tor-0.3.0.1-alpha. Fixes bug 21471; bugfixes on tor-0.3.0.1-alpha.
o Major bugfixes (HTTP, parsing): o Major bugfixes (HTTP, parsing):
- When parsing a malformed content-length field from an HTTP message, - When parsing a malformed content-length field from an HTTP
do not read off the end of the buffer. This bug was a potential message, do not read off the end of the buffer. This bug was a
remote denial-of-service attack against Tor clients and relays. potential remote denial-of-service attack against Tor clients and
A workaround was released in October 2016, which prevents this relays. A workaround was released in October 2016, which prevents
bug from crashing Tor. This is a fix for the underlying issue, this bug from crashing Tor. This is a fix for the underlying
which should no longer matter (if you applied the earlier patch). issue, which should no longer matter (if you applied the earlier
Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing patch). Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by
using AFL (http://lcamtuf.coredump.cx/afl/). fuzzing using AFL (http://lcamtuf.coredump.cx/afl/).
o Major bugfixes (parsing): o Major bugfixes (parsing):
- Fix an integer underflow bug when comparing malformed Tor versions. - Fix an integer underflow bug when comparing malformed Tor
This bug is harmless, except when Tor has been built with versions. This bug is harmless, except when Tor has been built
--enable-expensive-hardening, which would turn it into a crash; with --enable-expensive-hardening, which would turn it into a
or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with crash; or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were
-ftrapv by default. built with -ftrapv by default. Part of TROVE-2017-001. Fixes bug
Part of TROVE-2017-001. Fixes bug 21278; bugfix on 21278; bugfix on 0.0.8pre1. Found by OSS-Fuzz.
0.0.8pre1. Found by OSS-Fuzz.
o Minor feature (protover): o Minor feature (protover):
- Add new protocol version for proposal 224. HSIntro now advertises - Add new protocol version for proposal 224. HSIntro now advertises
@ -45,7 +44,8 @@ Changes in version 0.3.0.4-rc - 2017-03-??
o Minor features (directory authority): o Minor features (directory authority):
- Directory authorities now reject descriptors that claim to be - Directory authorities now reject descriptors that claim to be
malformed versions of Tor. Helps prevent exploitation of bug 21278. malformed versions of Tor. Helps prevent exploitation of
bug 21278.
o Minor features (geoip): o Minor features (geoip):
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
@ -53,17 +53,17 @@ Changes in version 0.3.0.4-rc - 2017-03-??
o Minor features (reliability, crash): o Minor features (reliability, crash):
- Try better to detect problems in buffers where they might grow (or - Try better to detect problems in buffers where they might grow (or
think they have grown) over 2 GB in size. Diagnostic for bug 21369. think they have grown) over 2 GB in size. Diagnostic for
bug 21369.
o Minor features (testing): o Minor features (testing):
- During 'make test-network-all', if tor logs any warnings, ask chutney - During 'make test-network-all', if tor logs any warnings, ask
to output them. Requires a recent version of chutney with the 21572 chutney to output them. Requires a recent version of chutney with
patch. the 21572 patch. Implements 21570.
Implements 21570.
o Minor bugfixes (certificate expiration time): o Minor bugfixes (certificate expiration time):
- Avoid using link certificates that don't become valid till - Avoid using link certificates that don't become valid till some
some time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha
o Minor bugfixes (code correctness): o Minor bugfixes (code correctness):
- Repair a couple of (unreachable or harmless) cases of the risky - Repair a couple of (unreachable or harmless) cases of the risky
@ -75,12 +75,12 @@ Changes in version 0.3.0.4-rc - 2017-03-??
bugfix on 0.3.0.1-alpha. bugfix on 0.3.0.1-alpha.
o Minor bugfixes (directory mirrors): o Minor bugfixes (directory mirrors):
- Allow relays to use directory mirrors without a DirPort: these relays - Allow relays to use directory mirrors without a DirPort: these
need to be contacted over their ORPorts using a begindir connection. relays need to be contacted over their ORPorts using a begindir
Fixes bug 20711; bugfix on 0.2.8.2-alpha. connection. Fixes bug 20711; bugfix on 0.2.8.2-alpha.
- Clarify the message logged when a remote relay is unexpectedly missing - Clarify the message logged when a remote relay is unexpectedly
an ORPort or DirPort: users were confusing this with a local port. missing an ORPort or DirPort: users were confusing this with a
Fixes bug 20711; bugfix on 0.2.8.2-alpha. local port. Fixes bug 20711; bugfix on 0.2.8.2-alpha.
o Minor bugfixes (guards): o Minor bugfixes (guards):
- Don't warn about a missing guard state on timeout-measurement - Don't warn about a missing guard state on timeout-measurement
@ -88,21 +88,22 @@ Changes in version 0.3.0.4-rc - 2017-03-??
instance of bug 21007; bugfix on 0.3.0.1-alpha. instance of bug 21007; bugfix on 0.3.0.1-alpha.
o Minor bugfixes (hidden service): o Minor bugfixes (hidden service):
- When encoding a legacy ESTABLISH_INTRO cell, we were using the sizeof() - When encoding a legacy ESTABLISH_INTRO cell, we were using the
on a pointer instead of real size of the destination buffer leading to sizeof() on a pointer instead of real size of the destination
an overflow passing an enormous value to the signing digest function. buffer leading to an overflow passing an enormous value to the
Fortunately, that value was only used to make sure the destination signing digest function. Fortunately, that value was only used to
buffer length was big enough for the key size and in this case it was. make sure the destination buffer length was big enough for the key
Fixes bug 21553; bugfix on 0.3.0.1-alpha. size and in this case it was. Fixes bug 21553; bugfix
on 0.3.0.1-alpha.
o Minor bugfixes (testing): o Minor bugfixes (testing):
- Fix Raspbian build missing socket errno in test util. Fixes bug 21116; - Fix Raspbian build missing socket errno in test util. Fixes bug
bugfix on tor-0.2.8.2. Patch by "hein". 21116; bugfix on tor-0.2.8.2. Patch by "hein".
- Rename "make fuzz" to "make test-fuzz-corpora", since it doesn't - Rename "make fuzz" to "make test-fuzz-corpora", since it doesn't
actually fuzz anything. Fixes bug 21447; bugfix on 0.3.0.3-alpha. actually fuzz anything. Fixes bug 21447; bugfix on 0.3.0.3-alpha.
- Use bash in src/test/test-network.sh. This ensures we reliably call - Use bash in src/test/test-network.sh. This ensures we reliably
chutney's newer tools/test-network.sh when available. call chutney's newer tools/test-network.sh when available. Fixes
Fixes bug 21562; bugfix on 0.2.9.1-alpha. bug 21562; bugfix on 0.2.9.1-alpha.
o Minor bugfixes (voting consistency): o Minor bugfixes (voting consistency):
- Reject version numbers with components that exceed INT32_MAX. - Reject version numbers with components that exceed INT32_MAX.
@ -110,8 +111,7 @@ Changes in version 0.3.0.4-rc - 2017-03-??
Fixes bug 21450; bugfix on 0.0.8pre1. Fixes bug 21450; bugfix on 0.0.8pre1.
o Documentation: o Documentation:
- Small fixes to the fuzzing documentation. Closes ticket - Small fixes to the fuzzing documentation. Closes ticket 21472.
21472.
Changes in version 0.3.0.3-alpha - 2017-02-03 Changes in version 0.3.0.3-alpha - 2017-02-03