[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] forward-port changelog and releasenotes
commit f9f51933c19e3c4abefac3c04d4a1cb03444d3f7
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Mon May 15 18:28:49 2017 -0400
forward-port changelog and releasenotes
---
ChangeLog | 33 +++++++++++++++++++++++++++++++++
ReleaseNotes | 33 +++++++++++++++++++++++++++++++++
2 files changed, 66 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index 65850b3..2662e2b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,39 @@
Changes in version 0.3.1.1-alpha - 2017-??-??
+Changes in version 0.3.0.7 - 2017-05-15
+ Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions
+ of Tor 0.3.0.x, where an attacker could cause a Tor relay process
+ to exit. Relays running earlier versions of Tor 0.3.0.x should upgrade;
+ clients are not affected.
+
+ o Major bugfixes (hidden service directory, security):
+ - Fix an assertion failure in the hidden service directory code, which
+ could be used by an attacker to remotely cause a Tor relay process to
+ exit. Relays running earlier versions of Tor 0.3.0.x should upgrade.
+ This security issue is tracked as tracked as
+ TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha.
+
+ o Minor features:
+ - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (future-proofing):
+ - Tor no longer refuses to download microdescriptors or descriptors
+ if they are listed as "published in the future". This change will
+ eventually allow us to stop listing meaningful "published" dates
+ in microdescriptor consensuses, and thereby allow us to reduce the
+ resources required to download consensus diffs by over 50%.
+ Implements part of ticket 21642; implements part of proposal 275.
+
+ o Minor bugfixes (Linux seccomp2 sandbox):
+ - The getpid() system call is now permitted under the Linux seccomp2
+ sandbox, to avoid crashing with versions of OpenSSL (and other
+ libraries) that attempt to learn the process's PID by using the
+ syscall rather than the VDSO code. Fixes bug 21943; bugfix
+ on 0.2.5.1-alpha.
+
+
Changes in version 0.3.0.6 - 2017-04-26
Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series.
diff --git a/ReleaseNotes b/ReleaseNotes
index ca5a30d..cbd656e 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -3,6 +3,39 @@ of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
+Changes in version 0.3.0.7 - 2017-05-15
+ Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions
+ of Tor 0.3.0.x, where an attacker could cause a Tor relay process
+ to exit. Relays running earlier versions of Tor 0.3.0.x should upgrade;
+ clients are not affected.
+
+ o Major bugfixes (hidden service directory, security):
+ - Fix an assertion failure in the hidden service directory code, which
+ could be used by an attacker to remotely cause a Tor relay process to
+ exit. Relays running earlier versions of Tor 0.3.0.x should upgrade.
+ This security issue is tracked as tracked as
+ TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha.
+
+ o Minor features:
+ - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (future-proofing):
+ - Tor no longer refuses to download microdescriptors or descriptors
+ if they are listed as "published in the future". This change will
+ eventually allow us to stop listing meaningful "published" dates
+ in microdescriptor consensuses, and thereby allow us to reduce the
+ resources required to download consensus diffs by over 50%.
+ Implements part of ticket 21642; implements part of proposal 275.
+
+ o Minor bugfixes (Linux seccomp2 sandbox):
+ - The getpid() system call is now permitted under the Linux seccomp2
+ sandbox, to avoid crashing with versions of OpenSSL (and other
+ libraries) that attempt to learn the process's PID by using the
+ syscall rather than the VDSO code. Fixes bug 21943; bugfix
+ on 0.2.5.1-alpha.
+
+
Changes in version 0.3.0.6 - 2017-04-26
Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits