Sort changes into changelog file for 0.3.1.4-alpha
This commit is contained in:
parent
27688994a9
commit
ce64ab2f09
121
ChangeLog
121
ChangeLog
|
@ -1,3 +1,124 @@
|
||||||
|
Changes in version 0.3.1.4-alpha - 2017-06-29:
|
||||||
|
blurb goes here.
|
||||||
|
|
||||||
|
o Major bugfixes (compression):
|
||||||
|
- Fix crash in LZMA module, when the Sandbox is enabled, where
|
||||||
|
liblzma would allocate more than 16 MB of memory. We solve this
|
||||||
|
by bumping the mprotect() limit in the Sandbox module from 16 MB
|
||||||
|
to 20 MB. Fixes bug 22751; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (compression, zstd):
|
||||||
|
- Correctly detect a full buffer when decompessing a large
|
||||||
|
zstd-compressed input. Fixes bug 22628; bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (directory protocol):
|
||||||
|
- Ensure that we sent "304 Not modified" as HTTP status code when a
|
||||||
|
client is attempting to fetch a consensus or consensus diff that
|
||||||
|
matches the latest consensus we have available. Fixes bug 22702;
|
||||||
|
bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (entry guards):
|
||||||
|
- When starting with an old consensus, do not add new entry guards
|
||||||
|
unless the consensus is "reasonably live" (under 1 day old). Fixes
|
||||||
|
one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor features (bug mitigation, diagnostics, logging):
|
||||||
|
- Avoid an assertion failure, and log a better error message,
|
||||||
|
when unable to remove a file from the consensus cache on
|
||||||
|
Windows. Attempts to mitigate and diagnose bug 22752.
|
||||||
|
|
||||||
|
o Minor features (compression, defensive programming):
|
||||||
|
- Detect and break out of infinite loops in our compression code.
|
||||||
|
We don't think that any such loops exist now, but it's best to be
|
||||||
|
safe. Closes ticket 22672.
|
||||||
|
|
||||||
|
o Minor features (geoip):
|
||||||
|
- Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor bugfixes (compression):
|
||||||
|
- When compressing or decompressing a buffer, check for a failure to
|
||||||
|
create a compression object. Fixes bug 22626; bugfix on
|
||||||
|
0.3.1.1-alpha.
|
||||||
|
- When decompressing a buffer, check for extra data after the end of
|
||||||
|
the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha.
|
||||||
|
- When decompressing an object received over an anonymous directory
|
||||||
|
connection, if we have already successfully decompressed it using an
|
||||||
|
acceptable compression method, do not reject it for looking like an
|
||||||
|
unacceptable compression method. Fixes part of bug 22670; bugfix on
|
||||||
|
0.3.1.1-alpha.
|
||||||
|
- When serving directory votes compressed with zlib,
|
||||||
|
do not claim to have compressed them with zstd. Fixes bug 22669;
|
||||||
|
bugfix on 0.3.1.1-alpha.
|
||||||
|
- When spooling compressed data to an output buffer, don't try to
|
||||||
|
spool more data when there is no more data to spool and we are
|
||||||
|
not trying to flush the input. Previously, we would sometimes
|
||||||
|
launch compression requests with nothing to do, which interferes
|
||||||
|
with our 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (defensive programming, undefined behavior):
|
||||||
|
- Fix a memset() off the end of an array when packing cells. This
|
||||||
|
bug should be harmless in practice, since the corrupted bytes
|
||||||
|
are still in the same structure, and are always padding bytes,
|
||||||
|
ignored, or immediately overwritten, depending on compiler
|
||||||
|
behavior. Nevertheless, because the memset()'s purpose is to
|
||||||
|
make sure that any other cell-handling bugs can't expose bytes
|
||||||
|
to the network, we need to fix it. Fixes bug 22737; bugfix on
|
||||||
|
0.2.4.11-alpha. Fixes CID 1401591.
|
||||||
|
|
||||||
|
o Minor bugfixes (linux seccomp2 sandbox):
|
||||||
|
- Permit the fchmod system call, to avoid crashing on startup when
|
||||||
|
starting with the seccomp2 sandbox and an unexpected set of permissions
|
||||||
|
on the data directory or its contents. Fixes bug 22516; bugfix on
|
||||||
|
0.2.5.4-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (logging, compression):
|
||||||
|
- When decompressing, do not warn if we fail to decompress using a
|
||||||
|
compression method that we merely guessed. Fixes part of
|
||||||
|
bug 22670; bugfix on 0.1.1.14-alpha.
|
||||||
|
- When decompressing, treat mismatch between content-encoding and
|
||||||
|
actual compression type as a protocol warning. Fixes part of bug
|
||||||
|
22670; bugfix on 0.1.1.9-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (logging, relay):
|
||||||
|
- Downgrade "assigned_to_cpuworker failed" message to INFO-level
|
||||||
|
severity. In every case that can reach it, either a better warning
|
||||||
|
has already been logged, or no warning is warranted. Fixes bug 22356;
|
||||||
|
bugfix on 0.2.6.3-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (netflow padding logging):
|
||||||
|
- Demote a warn that was caused by libevent delays to info if
|
||||||
|
the padding is less than 4.5 seconds late, or notice if it is more
|
||||||
|
(4.5 seconds is the amount of time that a netflow record might
|
||||||
|
be emitted after, if we chose the maximum timeout). Fixes bug 22212;
|
||||||
|
bugfix on 0.3.1.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (process behavior):
|
||||||
|
- When exiting because of an error, always exit with a nonzero
|
||||||
|
exit status. Previously, we would fail to report an error in
|
||||||
|
our exit status in cases related to lockfile contention,
|
||||||
|
__OwningControllerProcess failure, and Ed25519 key
|
||||||
|
initialization. Fixes bug 22720; bugfix on versions
|
||||||
|
0.2.1.6-alpha, 0.2.2.28-beta, and 0.2.7.2-alpha
|
||||||
|
respectively. Reported by "f55jwk4f"; patch from "huyvq".
|
||||||
|
|
||||||
|
o Documentation:
|
||||||
|
- Add a manpage description for the key-pinning-journal file.
|
||||||
|
Closes ticket 22347.
|
||||||
|
- Correctly note that bandwidth accounting values are stored in the
|
||||||
|
state file, and the bw_accounting file is now obsolete. Closes
|
||||||
|
ticket 16082.
|
||||||
|
- Document more of the files in the Tor data directory, including
|
||||||
|
cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats,
|
||||||
|
approved-routers, sr-random, and diff-cache.
|
||||||
|
|
||||||
|
o New dependencies:
|
||||||
|
- To build with zstd and lzma support, Tor now requires the
|
||||||
|
pkg-config tool at build time. (This requirement was new in
|
||||||
|
0.3.1.1-alpha, but was not noted at the time. Noting it here to
|
||||||
|
close ticket 22623.)
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.3.1.3-alpha - 2017-06-08
|
Changes in version 0.3.1.3-alpha - 2017-06-08
|
||||||
Tor 0.3.1.3-alpha fixes a pair of bugs that would allow an attacker to
|
Tor 0.3.1.3-alpha fixes a pair of bugs that would allow an attacker to
|
||||||
remotely crash a hidden service with an assertion failure. Anyone
|
remotely crash a hidden service with an assertion failure. Anyone
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Documentation:
|
|
||||||
- Correctly note that bandwidth accounting values are stored in the
|
|
||||||
state file, and the bw_accounting file is now obsolete. Closes
|
|
||||||
ticket 16082.
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Minor bugfixes (netflow padding logging):
|
|
||||||
- Demote a warn that was caused by libevent delays to info if
|
|
||||||
the padding is less than 4.5 seconds late, or notice if it is more
|
|
||||||
(4.5 seconds is the amount of time that a netflow record might
|
|
||||||
be emitted after, if we chose the maximum timeout). Fixes bug 22212;
|
|
||||||
bugfix on 0.3.1.1-alpha.
|
|
|
@ -1,3 +0,0 @@
|
||||||
o Documentation:
|
|
||||||
- Add a manpage description for the key-pinning-journal file.
|
|
||||||
Closes ticket 22347.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes (logging, relay):
|
|
||||||
- Downgrade "assigned_to_cpuworker failed" message to INFO-level
|
|
||||||
severity. In every case that can reach it, either a better warning
|
|
||||||
has already been logged, or no warning is warranted. Fixes bug 22356;
|
|
||||||
bugfix on 0.2.6.3-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Major bugfixes (entry guards):
|
|
||||||
- When starting with an old consensus, do not add new entry guards
|
|
||||||
unless the consensus is "reasonably live" (under 1 day old). Fixes
|
|
||||||
one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
|
|
|
@ -1,12 +0,0 @@
|
||||||
o Major bugfixes (compression, zstd):
|
|
||||||
- Correctly detect a full buffer when decompessing a large
|
|
||||||
zstd-compressed input. Fixes bug 22628; bugfix on 0.3.1.1-alpha.
|
|
||||||
|
|
||||||
o Minor bugfixes (compression):
|
|
||||||
- When compressing or decompressing a buffer, check for a failure to
|
|
||||||
create a compression object. Fixes bug 22626; bugfix on
|
|
||||||
0.3.1.1-alpha.
|
|
||||||
|
|
||||||
- When decompressing a buffer, check for extra data after the end of
|
|
||||||
the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha.
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor bugfixes (linux seccomp2 sandbox):
|
|
||||||
- Permit the fchmod system call, to avoid crashing on startup when
|
|
||||||
starting with the seccomp2 sandbox and an unexpected set of permissions
|
|
||||||
on the data directory or its contents. Fixes bug 22516; bugfix on
|
|
||||||
0.2.5.4-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (compression):
|
|
||||||
- When serving directory votes compressed with zlib,
|
|
||||||
do not claim to have compressed them with zstd. Fixes bug 22669;
|
|
||||||
bugfix on 0.3.1.1-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (logging, compression):
|
|
||||||
- When decompressing, do not warn if we fail to decompress using a
|
|
||||||
compression method that we merely guessed. Fixes part of
|
|
||||||
bug 22670; bugfix on 0.1.1.14-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor bugfixes (logging, compression):
|
|
||||||
- When decompressing, treat mismatch between content-encoding and
|
|
||||||
actual compression type as a protocol warning. Fixes part of bug
|
|
||||||
22670; bugfix on 0.1.1.9-alpha.
|
|
|
@ -1,6 +0,0 @@
|
||||||
o Minor bugfixes (compression):
|
|
||||||
- When decompressing an object received over an anonymous directory
|
|
||||||
connection, if we have already successfully decompressed it using an
|
|
||||||
acceptable compression method, do not reject it for looking like an
|
|
||||||
unacceptable compression method. Fixes part of bug 22670; bugfix on
|
|
||||||
0.3.1.1-alpha.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Minor features (compression, defensive programming):
|
|
||||||
- Detect and break out of infinite loops in our compression code.
|
|
||||||
We don't think that any such loops exist now, but it's best to be
|
|
||||||
safe. Closes ticket 22672.
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Major bugfixes (directory protocol):
|
|
||||||
- Ensure that we sent "304 Not modified" as HTTP status code when a
|
|
||||||
client is attempting to fetch a consensus or consensus diff that
|
|
||||||
matches the latest consensus we have available. Fixes bug 22702;
|
|
||||||
bugfix on 0.3.1.1-alpha.
|
|
|
@ -1,7 +0,0 @@
|
||||||
o Minor bugfixes (compression):
|
|
||||||
- When spooling compressed data to an output buffer, don't try to
|
|
||||||
spool more data when there is no more data to spool and we are
|
|
||||||
not trying to flush the input. Previously, we would sometimes
|
|
||||||
launch compression requests with nothing to do, which interferes
|
|
||||||
with our 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha.
|
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
o Minor bugfixes (process behavior):
|
|
||||||
- When exiting because of an error, always exit with a nonzero
|
|
||||||
exit status. Previously, we would fail to report an error in
|
|
||||||
our exit status in cases related to lockfile contention,
|
|
||||||
__OwningControllerProcess failure, and Ed25519 key
|
|
||||||
initialization. Fixes bug 22720; bugfix on versions
|
|
||||||
0.2.1.6-alpha, 0.2.2.28-beta, and 0.2.7.2-alpha
|
|
||||||
respectively. Reported by "f55jwk4f"; patch from "huyvq".
|
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
o Minor bugfixes (defensive programming, undefined behavior):
|
|
||||||
|
|
||||||
- Fix a memset() off the end of an array when packing cells. This
|
|
||||||
bug should be harmless in practice, since the corrupted bytes
|
|
||||||
are still in the same structure, and are always padding bytes,
|
|
||||||
ignored, or immediately overwritten, depending on compiler
|
|
||||||
behavior. Nevertheless, because the memset()'s purpose is to
|
|
||||||
make sure that any other cell-handling bugs can't expose bytes
|
|
||||||
to the network, we need to fix it. Fixes bug 22737; bugfix on
|
|
||||||
0.2.4.11-alpha. Fixes CID 1401591.
|
|
||||||
|
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Major bugfixes (compression):
|
|
||||||
- Fix crash in LZMA module, when the Sandbox is enabled, where
|
|
||||||
liblzma would allocate more than 16 MB of memory. We solve this
|
|
||||||
by bumping the mprotect() limit in the Sandbox module from 16 MB
|
|
||||||
to 20 MB. Fixes bug 22751; bugfix on 0.3.1.1-alpha.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor features (bug mitigation, diagnostics, logging):
|
|
||||||
- Avoid an assertion failure, and log a better error message,
|
|
||||||
when unable to remove a file from the consensus cache on
|
|
||||||
Windows. Attempts to mitigate and diagnose bug 22752.
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Minor features (geoip):
|
|
||||||
- Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
|
|
||||||
Country database.
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
o Documentation:
|
|
||||||
- Document more of the files in the Tor data directory, including
|
|
||||||
cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats,
|
|
||||||
approved-routers, sr-random, and diff-cache.
|
|
|
@ -1,5 +0,0 @@
|
||||||
o New dependencies:
|
|
||||||
- To build with zstd and lzma support, Tor now requires the
|
|
||||||
pkg-config tool at build time. (This requirement was new in
|
|
||||||
0.3.1.1-alpha, but was not noted at the time. Noting it here to
|
|
||||||
close ticket 22623.)
|
|
Loading…
Reference in New Issue