Reflow 0.3.0.4-rc changelog
This commit is contained in:
parent
46e096f2eb
commit
96e471693f
104
ChangeLog
104
ChangeLog
|
@ -1,11 +1,11 @@
|
||||||
Changes in version 0.3.0.4-rc - 2017-03-??
|
Changes in version 0.3.0.4-rc - 2017-03-??
|
||||||
Tor 0.3.0.4-rc fixes some remaining bugs, large and small, in the 0.3.0
|
Tor 0.3.0.4-rc fixes some remaining bugs, large and small, in the
|
||||||
release series, and introduces a few reliability features to keep them
|
0.3.0 release series, and introduces a few reliability features to
|
||||||
from coming back.
|
keep them from coming back.
|
||||||
|
|
||||||
This is the first release candidate in the Tor 0.3.0 series.
|
This is the first release candidate in the Tor 0.3.0 series. If we
|
||||||
If we find no new bugs or regressions here, the first stable 0.2.8
|
find no new bugs or regressions here, the first stable 0.2.8 release
|
||||||
release will be identical to it.
|
will be identical to it.
|
||||||
|
|
||||||
o Major bugfixes (bridges):
|
o Major bugfixes (bridges):
|
||||||
- When the same bridge is configured multiple times at different
|
- When the same bridge is configured multiple times at different
|
||||||
|
@ -15,29 +15,28 @@ Changes in version 0.3.0.4-rc - 2017-03-??
|
||||||
again. Fixes bug 21027; bugfix on 0.3.0.1-alpha.
|
again. Fixes bug 21027; bugfix on 0.3.0.1-alpha.
|
||||||
|
|
||||||
o Major bugfixes (hidden service directory v3):
|
o Major bugfixes (hidden service directory v3):
|
||||||
- When a descriptor lookup was done and it was not found in the directory
|
- When a descriptor lookup was done and it was not found in the
|
||||||
cache, it would crash on a NULL pointer instead of returning the 404
|
directory cache, it would crash on a NULL pointer instead of
|
||||||
code back to the client like it was suppose to. Fixes bug 21471;
|
returning the 404 code back to the client like it was suppose to.
|
||||||
bugfixes on tor-0.3.0.1-alpha.
|
Fixes bug 21471; bugfixes on tor-0.3.0.1-alpha.
|
||||||
|
|
||||||
o Major bugfixes (HTTP, parsing):
|
o Major bugfixes (HTTP, parsing):
|
||||||
- When parsing a malformed content-length field from an HTTP message,
|
- When parsing a malformed content-length field from an HTTP
|
||||||
do not read off the end of the buffer. This bug was a potential
|
message, do not read off the end of the buffer. This bug was a
|
||||||
remote denial-of-service attack against Tor clients and relays.
|
potential remote denial-of-service attack against Tor clients and
|
||||||
A workaround was released in October 2016, which prevents this
|
relays. A workaround was released in October 2016, which prevents
|
||||||
bug from crashing Tor. This is a fix for the underlying issue,
|
this bug from crashing Tor. This is a fix for the underlying
|
||||||
which should no longer matter (if you applied the earlier patch).
|
issue, which should no longer matter (if you applied the earlier
|
||||||
Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing
|
patch). Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by
|
||||||
using AFL (http://lcamtuf.coredump.cx/afl/).
|
fuzzing using AFL (http://lcamtuf.coredump.cx/afl/).
|
||||||
|
|
||||||
o Major bugfixes (parsing):
|
o Major bugfixes (parsing):
|
||||||
- Fix an integer underflow bug when comparing malformed Tor versions.
|
- Fix an integer underflow bug when comparing malformed Tor
|
||||||
This bug is harmless, except when Tor has been built with
|
versions. This bug is harmless, except when Tor has been built
|
||||||
--enable-expensive-hardening, which would turn it into a crash;
|
with --enable-expensive-hardening, which would turn it into a
|
||||||
or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with
|
crash; or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were
|
||||||
-ftrapv by default.
|
built with -ftrapv by default. Part of TROVE-2017-001. Fixes bug
|
||||||
Part of TROVE-2017-001. Fixes bug 21278; bugfix on
|
21278; bugfix on 0.0.8pre1. Found by OSS-Fuzz.
|
||||||
0.0.8pre1. Found by OSS-Fuzz.
|
|
||||||
|
|
||||||
o Minor feature (protover):
|
o Minor feature (protover):
|
||||||
- Add new protocol version for proposal 224. HSIntro now advertises
|
- Add new protocol version for proposal 224. HSIntro now advertises
|
||||||
|
@ -45,7 +44,8 @@ Changes in version 0.3.0.4-rc - 2017-03-??
|
||||||
|
|
||||||
o Minor features (directory authority):
|
o Minor features (directory authority):
|
||||||
- Directory authorities now reject descriptors that claim to be
|
- Directory authorities now reject descriptors that claim to be
|
||||||
malformed versions of Tor. Helps prevent exploitation of bug 21278.
|
malformed versions of Tor. Helps prevent exploitation of
|
||||||
|
bug 21278.
|
||||||
|
|
||||||
o Minor features (geoip):
|
o Minor features (geoip):
|
||||||
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
|
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
|
||||||
|
@ -53,17 +53,17 @@ Changes in version 0.3.0.4-rc - 2017-03-??
|
||||||
|
|
||||||
o Minor features (reliability, crash):
|
o Minor features (reliability, crash):
|
||||||
- Try better to detect problems in buffers where they might grow (or
|
- Try better to detect problems in buffers where they might grow (or
|
||||||
think they have grown) over 2 GB in size. Diagnostic for bug 21369.
|
think they have grown) over 2 GB in size. Diagnostic for
|
||||||
|
bug 21369.
|
||||||
|
|
||||||
o Minor features (testing):
|
o Minor features (testing):
|
||||||
- During 'make test-network-all', if tor logs any warnings, ask chutney
|
- During 'make test-network-all', if tor logs any warnings, ask
|
||||||
to output them. Requires a recent version of chutney with the 21572
|
chutney to output them. Requires a recent version of chutney with
|
||||||
patch.
|
the 21572 patch. Implements 21570.
|
||||||
Implements 21570.
|
|
||||||
|
|
||||||
o Minor bugfixes (certificate expiration time):
|
o Minor bugfixes (certificate expiration time):
|
||||||
- Avoid using link certificates that don't become valid till
|
- Avoid using link certificates that don't become valid till some
|
||||||
some time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha
|
time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha
|
||||||
|
|
||||||
o Minor bugfixes (code correctness):
|
o Minor bugfixes (code correctness):
|
||||||
- Repair a couple of (unreachable or harmless) cases of the risky
|
- Repair a couple of (unreachable or harmless) cases of the risky
|
||||||
|
@ -75,12 +75,12 @@ Changes in version 0.3.0.4-rc - 2017-03-??
|
||||||
bugfix on 0.3.0.1-alpha.
|
bugfix on 0.3.0.1-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (directory mirrors):
|
o Minor bugfixes (directory mirrors):
|
||||||
- Allow relays to use directory mirrors without a DirPort: these relays
|
- Allow relays to use directory mirrors without a DirPort: these
|
||||||
need to be contacted over their ORPorts using a begindir connection.
|
relays need to be contacted over their ORPorts using a begindir
|
||||||
Fixes bug 20711; bugfix on 0.2.8.2-alpha.
|
connection. Fixes bug 20711; bugfix on 0.2.8.2-alpha.
|
||||||
- Clarify the message logged when a remote relay is unexpectedly missing
|
- Clarify the message logged when a remote relay is unexpectedly
|
||||||
an ORPort or DirPort: users were confusing this with a local port.
|
missing an ORPort or DirPort: users were confusing this with a
|
||||||
Fixes bug 20711; bugfix on 0.2.8.2-alpha.
|
local port. Fixes bug 20711; bugfix on 0.2.8.2-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (guards):
|
o Minor bugfixes (guards):
|
||||||
- Don't warn about a missing guard state on timeout-measurement
|
- Don't warn about a missing guard state on timeout-measurement
|
||||||
|
@ -88,21 +88,22 @@ Changes in version 0.3.0.4-rc - 2017-03-??
|
||||||
instance of bug 21007; bugfix on 0.3.0.1-alpha.
|
instance of bug 21007; bugfix on 0.3.0.1-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (hidden service):
|
o Minor bugfixes (hidden service):
|
||||||
- When encoding a legacy ESTABLISH_INTRO cell, we were using the sizeof()
|
- When encoding a legacy ESTABLISH_INTRO cell, we were using the
|
||||||
on a pointer instead of real size of the destination buffer leading to
|
sizeof() on a pointer instead of real size of the destination
|
||||||
an overflow passing an enormous value to the signing digest function.
|
buffer leading to an overflow passing an enormous value to the
|
||||||
Fortunately, that value was only used to make sure the destination
|
signing digest function. Fortunately, that value was only used to
|
||||||
buffer length was big enough for the key size and in this case it was.
|
make sure the destination buffer length was big enough for the key
|
||||||
Fixes bug 21553; bugfix on 0.3.0.1-alpha.
|
size and in this case it was. Fixes bug 21553; bugfix
|
||||||
|
on 0.3.0.1-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (testing):
|
o Minor bugfixes (testing):
|
||||||
- Fix Raspbian build missing socket errno in test util. Fixes bug 21116;
|
- Fix Raspbian build missing socket errno in test util. Fixes bug
|
||||||
bugfix on tor-0.2.8.2. Patch by "hein".
|
21116; bugfix on tor-0.2.8.2. Patch by "hein".
|
||||||
- Rename "make fuzz" to "make test-fuzz-corpora", since it doesn't
|
- Rename "make fuzz" to "make test-fuzz-corpora", since it doesn't
|
||||||
actually fuzz anything. Fixes bug 21447; bugfix on 0.3.0.3-alpha.
|
actually fuzz anything. Fixes bug 21447; bugfix on 0.3.0.3-alpha.
|
||||||
- Use bash in src/test/test-network.sh. This ensures we reliably call
|
- Use bash in src/test/test-network.sh. This ensures we reliably
|
||||||
chutney's newer tools/test-network.sh when available.
|
call chutney's newer tools/test-network.sh when available. Fixes
|
||||||
Fixes bug 21562; bugfix on 0.2.9.1-alpha.
|
bug 21562; bugfix on 0.2.9.1-alpha.
|
||||||
|
|
||||||
o Minor bugfixes (voting consistency):
|
o Minor bugfixes (voting consistency):
|
||||||
- Reject version numbers with components that exceed INT32_MAX.
|
- Reject version numbers with components that exceed INT32_MAX.
|
||||||
|
@ -110,8 +111,7 @@ Changes in version 0.3.0.4-rc - 2017-03-??
|
||||||
Fixes bug 21450; bugfix on 0.0.8pre1.
|
Fixes bug 21450; bugfix on 0.0.8pre1.
|
||||||
|
|
||||||
o Documentation:
|
o Documentation:
|
||||||
- Small fixes to the fuzzing documentation. Closes ticket
|
- Small fixes to the fuzzing documentation. Closes ticket 21472.
|
||||||
21472.
|
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.3.0.3-alpha - 2017-02-03
|
Changes in version 0.3.0.3-alpha - 2017-02-03
|
||||||
|
|
Loading…
Reference in New Issue