[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] fwd-port more changelogs (0.2.4 through 0.2.8)
commit dc47d936d47ffc25dc0b5e59009435cda542d240
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Thu Jun 8 10:15:41 2017 -0400
fwd-port more changelogs (0.2.4 through 0.2.8)
---
ChangeLog | 112 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ReleaseNotes | 112 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 224 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index e9ff845..b1f64c9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -238,6 +238,118 @@ Changes in version 0.2.9.11 - 2017-06-08
keypinning, free the router descriptor rather than leaking the
memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
+Changes in version 0.2.8.14 - 2017-06-08
+ Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
+ remotely crash a hidden service with an assertion failure. Anyone
+ running a hidden service should upgrade to this version, or to some
+ other version with fixes for TROVE-2017-005. (Versions before 0.3.0
+ are not affected by TROVE-2017-004.)
+
+ o Major bugfixes (hidden service, relay, security):
+ - Fix a remotely triggerable assertion failure caused by receiving a
+ BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+ 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+ on 0.2.2.1-alpha.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
+ - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
+ December 2016 (of which ~126 were still functional) with a list of
+ 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
+ 2017. Resolves ticket 21564.
+
+ o Minor bugfixes (correctness):
+ - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+ file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+Changes in version 0.2.7.8 - 2017-06-08
+ Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
+ remotely crash a hidden service with an assertion failure. Anyone
+ running a hidden service should upgrade to this version, or to some
+ other version with fixes for TROVE-2017-005. (Versions before 0.3.0
+ are not affected by TROVE-2017-004.)
+
+ o Major bugfixes (hidden service, relay, security):
+ - Fix a remotely triggerable assertion failure caused by receiving a
+ BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+ 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+ on 0.2.2.1-alpha.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (correctness):
+ - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+ file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+
+Changes in version 0.2.6.12 - 2017-06-08
+ Tor 0.2.6.12 backports a fix for a bug that would allow an attacker to
+ remotely crash a hidden service with an assertion failure. Anyone
+ running a hidden service should upgrade to this version, or to some
+ other version with fixes for TROVE-2017-005. (Versions before 0.3.0
+ are not affected by TROVE-2017-004.)
+
+ o Major bugfixes (hidden service, relay, security):
+ - Fix a remotely triggerable assertion failure caused by receiving a
+ BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+ 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+ on 0.2.2.1-alpha.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (correctness):
+ - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+ file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+Changes in version 0.2.5.14 - 2017-06-08
+ Tor 0.2.5.14 backports a fix for a bug that would allow an attacker to
+ remotely crash a hidden service with an assertion failure. Anyone
+ running a hidden service should upgrade to this version, or to some
+ other version with fixes for TROVE-2017-005. (Versions before 0.3.0
+ are not affected by TROVE-2017-004.)
+
+ o Major bugfixes (hidden service, relay, security):
+ - Fix a remotely triggerable assertion failure caused by receiving a
+ BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+ 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+ on 0.2.2.1-alpha.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (correctness):
+ - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+ file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+Changes in version 0.2.4.29 - 2017-06-08
+ Tor 0.2.4.29 backports a fix for a bug that would allow an attacker to
+ remotely crash a hidden service with an assertion failure. Anyone
+ running a hidden service should upgrade to this version, or to some
+ other version with fixes for TROVE-2017-005. (Versions before 0.3.0
+ are not affected by TROVE-2017-004.)
+
+ o Major bugfixes (hidden service, relay, security):
+ - Fix a remotely triggerable assertion failure caused by receiving a
+ BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+ 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+ on 0.2.2.1-alpha.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (correctness):
+ - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+ file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
Changes in version 0.3.1.2-alpha - 2017-05-26
Tor 0.3.1.2-alpha is the second release in the 0.3.1.x series. It
diff --git a/ReleaseNotes b/ReleaseNotes
index c6d6917..1e56ffa 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -153,6 +153,118 @@ Changes in version 0.2.9.11 - 2017-06-08
keypinning, free the router descriptor rather than leaking the
memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
+Changes in version 0.2.8.14 - 2017-06-08
+ Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
+ remotely crash a hidden service with an assertion failure. Anyone
+ running a hidden service should upgrade to this version, or to some
+ other version with fixes for TROVE-2017-005. (Versions before 0.3.0
+ are not affected by TROVE-2017-004.)
+
+ o Major bugfixes (hidden service, relay, security):
+ - Fix a remotely triggerable assertion failure caused by receiving a
+ BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+ 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+ on 0.2.2.1-alpha.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
+ - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
+ December 2016 (of which ~126 were still functional) with a list of
+ 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
+ 2017. Resolves ticket 21564.
+
+ o Minor bugfixes (correctness):
+ - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+ file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+Changes in version 0.2.7.8 - 2017-06-08
+ Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
+ remotely crash a hidden service with an assertion failure. Anyone
+ running a hidden service should upgrade to this version, or to some
+ other version with fixes for TROVE-2017-005. (Versions before 0.3.0
+ are not affected by TROVE-2017-004.)
+
+ o Major bugfixes (hidden service, relay, security):
+ - Fix a remotely triggerable assertion failure caused by receiving a
+ BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+ 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+ on 0.2.2.1-alpha.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (correctness):
+ - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+ file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+
+Changes in version 0.2.6.12 - 2017-06-08
+ Tor 0.2.6.12 backports a fix for a bug that would allow an attacker to
+ remotely crash a hidden service with an assertion failure. Anyone
+ running a hidden service should upgrade to this version, or to some
+ other version with fixes for TROVE-2017-005. (Versions before 0.3.0
+ are not affected by TROVE-2017-004.)
+
+ o Major bugfixes (hidden service, relay, security):
+ - Fix a remotely triggerable assertion failure caused by receiving a
+ BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+ 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+ on 0.2.2.1-alpha.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (correctness):
+ - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+ file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+Changes in version 0.2.5.14 - 2017-06-08
+ Tor 0.2.5.14 backports a fix for a bug that would allow an attacker to
+ remotely crash a hidden service with an assertion failure. Anyone
+ running a hidden service should upgrade to this version, or to some
+ other version with fixes for TROVE-2017-005. (Versions before 0.3.0
+ are not affected by TROVE-2017-004.)
+
+ o Major bugfixes (hidden service, relay, security):
+ - Fix a remotely triggerable assertion failure caused by receiving a
+ BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+ 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+ on 0.2.2.1-alpha.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (correctness):
+ - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+ file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+Changes in version 0.2.4.29 - 2017-06-08
+ Tor 0.2.4.29 backports a fix for a bug that would allow an attacker to
+ remotely crash a hidden service with an assertion failure. Anyone
+ running a hidden service should upgrade to this version, or to some
+ other version with fixes for TROVE-2017-005. (Versions before 0.3.0
+ are not affected by TROVE-2017-004.)
+
+ o Major bugfixes (hidden service, relay, security):
+ - Fix a remotely triggerable assertion failure caused by receiving a
+ BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+ 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+ on 0.2.2.1-alpha.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfixes (correctness):
+ - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+ file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
Changes in version 0.3.0.7 - 2017-05-15
Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits