Tor 0.3.4.2-alpha is released!

by nickm | June 12, 2018

Hi!  There's a new alpha release available for download.  If you build Tor from source, you can download the source code for 0.3.4.2-alpha from the usual place on the website.  Packages should be available over the coming weeks, with a new alpha Tor Browser release over the coming weeks.

Tor 0.3.4.2-alpha fixes several minor bugs in the previous alpha release, and forward-ports an authority-only security fix from 0.3.3.6.

Changes in version 0.3.4.2-alpha - 2018-06-12

  • Directory authority changes:
    • Add an IPv6 address for the "dannenberg" directory authority. Closes ticket 26343.
  • Major bugfixes (security, directory authority, denial-of-service, also in 0.3.3.6):
    • Fix a bug that could have allowed an attacker to force a directory authority to use up all its RAM by passing it a maliciously crafted protocol versions string. Fixes bug 25517; bugfix on 0.2.9.4-alpha. This issue is also tracked as TROVE-2018-005.

 

  • Minor features (continuous integration):
    • Add the necessary configuration files for continuous integration testing on Windows, via the Appveyor platform. Closes ticket 25549. Patches from Marcin Cieślak and Isis Lovecruft.
  • Minor features (geoip):
    • Update geoip and geoip6 to the June 7 2018 Maxmind GeoLite2 Country database. Closes ticket 26351.
  • Minor bugfixes (compatibility, openssl):
    • Work around a change in OpenSSL 1.1.1 where return values that would previously indicate "no password" now indicate an empty password. Without this workaround, Tor instances running with OpenSSL 1.1.1 would accept descriptors that other Tor instances would reject. Fixes bug 26116; bugfix on 0.2.5.16.
  • Minor bugfixes (compilation):
    • Silence unused-const-variable warnings in zstd.h with some GCC versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha.
    • Fix compilation when using OpenSSL 1.1.0 with the "no-deprecated" flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha.
    • Avoid a compiler warning when casting the return value of smartlist_len() to double with DEBUG_SMARTLIST enabled. Fixes bug 26283; bugfix on 0.2.4.10-alpha.
  • Minor bugfixes (control port):
    • Do not count 0-length RELAY_COMMAND_DATA cells as valid data in CIRC_BW events. Previously, such cells were counted entirely in the OVERHEAD field. Now they are not. Fixes bug 26259; bugfix on 0.3.4.1-alpha.
  • Minor bugfixes (controller):
    • Improve accuracy of the BUILDTIMEOUT_SET control port event's TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting the total number of circuits for these field values.) Fixes bug 26121; bugfix on 0.3.3.1-alpha.
  • Minor bugfixes (hardening):
    • Prevent a possible out-of-bounds smartlist read in protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.
  • Minor bugfixes (onion services):
    • Fix a bug that blocked the creation of ephemeral v3 onion services. Fixes bug 25939; bugfix on 0.3.4.1-alpha.
  • Minor bugfixes (test coverage tools):
    • Update our "cov-diff" script to handle output from the latest version of gcov, and to remove extraneous timestamp information from its output. Fixes bugs 26101 and 26102; bugfix on 0.2.5.1-alpha.

Comments

Comments are closed.