[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor 0.2.7.4-rc is released



  Tor 0.2.7.4-rc is the second release candidate in the 0.2.7 series. It
  fixes some important memory leaks, and a scary-looking (but mostly
  harmless in practice) invalid-read bug. It also has a few small
  bugfixes, notably fixes for compilation and portability on different
  platforms. If no further significant bounds are found, the next
  release will the the official stable release.

You can download the source from the usual place on the website.
Packages should be up in a few days.

NOTE: This is a release candidate.  We think we've squashed most of
the bugs, but there are probably a few left over.

Changes in version 0.2.7.4-rc - 2015-10-21

  o Major bugfixes (security, correctness):
    - Fix an error that could cause us to read 4 bytes before the
      beginning of an openssl string. This bug could be used to cause
      Tor to crash on systems with unusual malloc implementations, or
      systems with unusual hardening installed. Fixes bug 17404; bugfix
      on 0.2.3.6-alpha.

  o Major bugfixes (correctness):
    - Fix a use-after-free bug in validate_intro_point_failure(). Fixes
      bug 17401; bugfix on 0.2.7.3-rc.

  o Major bugfixes (memory leaks):
    - Fix a memory leak in ed25519 batch signature checking. Fixes bug
      17398; bugfix on 0.2.6.1-alpha.
    - Fix a memory leak in rend_cache_failure_entry_free(). Fixes bug
      17402; bugfix on 0.2.7.3-rc.
    - Fix a memory leak when reading an expired signing key from disk.
      Fixes bug 17403; bugfix on 0.2.7.2-rc.

  o Minor features (geoIP):
    - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (compilation):
    - Repair compilation with the most recent (unreleased, alpha)
      vesions of OpenSSL 1.1. Fixes part of ticket 17237.
    - Fix an integer overflow warning in test_crypto_slow.c. Fixes bug
      17251; bugfix on 0.2.7.2-alpha.
    - Fix compilation of sandbox.c with musl-libc. Fixes bug 17347;
      bugfix on 0.2.5.1-alpha. Patch from 'jamestk'.

  o Minor bugfixes (portability):
    - Use libexecinfo on FreeBSD to enable backtrace support. Fixes
      part of bug 17151; bugfix on 0.2.5.2-alpha. Patch from
      Marcin CieÅlak.

  o Minor bugfixes (sandbox):
    - Add the "hidserv-stats" filename to our sandbox filter for the
      HiddenServiceStatistics option to work properly. Fixes bug 17354;
      bugfix on tor-0.2.6.2-alpha. Patch from David Goulet.

  o Minor bugfixes (testing):
    - Add unit tests for get_interface_address* failure cases. Fixes bug
      17173; bugfix on 0.2.7.3-rc. Patch by fk/teor.
    - Fix breakage when running 'make check' with BSD make. Fixes bug
      17154; bugfix on 0.2.7.3-rc. Patch by Marcin CieÅlak.
    - Make the get_ifaddrs_* unit tests more tolerant of different
      network configurations. (Don't assume every test box has an IPv4
      address, and don't assume every test box has a non-localhost
      address.) Fixes bug 17255; bugfix on 0.2.7.3-rc. Patch by "teor".
    - Skip backtrace tests when backtrace support is not compiled in.
      Fixes part of bug 17151; bugfix on 0.2.7.1-alpha. Patch from
      Marcin CieÅlak.

  o Documentation:
    - Fix capitalization of SOCKS in sample torrc. Closes ticket 15609.
    - Note that HiddenServicePorts can take a unix domain socket. Closes
      ticket 17364.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk