May 2017 - tor-commits - lists.torproject.org

[tor/master] Merge branch 'maint-0.3.0'
by nickm＠torproject.org 15 May '17

15 May '17

commit a546487287f8f9c6b7747e15eed03547f7ca0b1c Merge: 294d800 0f718a8 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon May 15 18:24:38 2017 -0400 Merge branch 'maint-0.3.0' changes/bug22246 | 6 ++++++ src/or/main.c | 1 + 2 files changed, 7 insertions(+)

1 0

[tor/master] fix duplicate words in changelog
by nickm＠torproject.org 15 May '17

15 May '17

commit d88a19af7cc109895bc1b5e6670f2289e127ee2c Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon May 15 18:42:29 2017 -0400 fix duplicate words in changelog --- ChangeLog | 4 ++-- ReleaseNotes | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2662e2b..fdf7d0c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,8 +11,8 @@ Changes in version 0.3.0.7 - 2017-05-15 - Fix an assertion failure in the hidden service directory … [View More]

1 0

[tor/master] bump version to 0.3.0.7
by nickm＠torproject.org 15 May '17

15 May '17

commit 8324631dd99dc2ec801b3c631aa6930aea8e608b Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon May 15 18:25:07 2017 -0400 bump version to 0.3.0.7 --- configure.ac | 2 +- contrib/win32build/tor-mingw.nsi.in | 2 +- src/win32/orconfig.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index c4d6bb1..4c82638 100644 --- a/configure.ac +++ b/configure.ac @@ -4,7 +4,7 @@ dnl Copyright (c) … [View More]

1 0

[tor/master] Merge branch 'bug22246_030' into maint-0.3.0
by nickm＠torproject.org 15 May '17

15 May '17

commit 0f718a85eaad6cd2b4ad34aff2b7f4face4eb258 Merge: 716d485 3b8888c Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon May 15 18:24:24 2017 -0400 Merge branch 'bug22246_030' into maint-0.3.0 changes/bug22246 | 6 ++++++ src/or/main.c | 1 + 2 files changed, 7 insertions(+)

1 0

[tor/master] forward-port changelog and releasenotes
by nickm＠torproject.org 15 May '17

15 May '17

commit f9f51933c19e3c4abefac3c04d4a1cb03444d3f7 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon May 15 18:28:49 2017 -0400 forward-port changelog and releasenotes --- ChangeLog | 33 +++++++++++++++++++++++++++++++++ ReleaseNotes | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/ChangeLog b/ChangeLog index 65850b3..2662e2b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,39 @@ Changes in version 0.3.1.1-alpha - 2017-??-?? +… [View More]Changes in version 0.3.0.7 - 2017-05-15 + Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions + of Tor 0.3.0.x, where an attacker could cause a Tor relay process + to exit. Relays running earlier versions of Tor 0.3.0.x should upgrade; + clients are not affected. + + o Major bugfixes (hidden service directory, security): + - Fix an assertion failure in the hidden service directory code, which + could be used by an attacker to remotely cause a Tor relay process to + exit. Relays running earlier versions of Tor 0.3.0.x should upgrade. + This security issue is tracked as tracked as + TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha. + + o Minor features: + - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 + Country database. + + o Minor features (future-proofing): + - Tor no longer refuses to download microdescriptors or descriptors + if they are listed as "published in the future". This change will + eventually allow us to stop listing meaningful "published" dates + in microdescriptor consensuses, and thereby allow us to reduce the + resources required to download consensus diffs by over 50%. + Implements part of ticket 21642; implements part of proposal 275. + + o Minor bugfixes (Linux seccomp2 sandbox): + - The getpid() system call is now permitted under the Linux seccomp2 + sandbox, to avoid crashing with versions of OpenSSL (and other + libraries) that attempt to learn the process's PID by using the + syscall rather than the VDSO code. Fixes bug 21943; bugfix + on 0.2.5.1-alpha. + + Changes in version 0.3.0.6 - 2017-04-26 Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series. diff --git a/ReleaseNotes b/ReleaseNotes index ca5a30d..cbd656e 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -3,6 +3,39 @@ of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.3.0.7 - 2017-05-15 + Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions + of Tor 0.3.0.x, where an attacker could cause a Tor relay process + to exit. Relays running earlier versions of Tor 0.3.0.x should upgrade; + clients are not affected. + + o Major bugfixes (hidden service directory, security): + - Fix an assertion failure in the hidden service directory code, which + could be used by an attacker to remotely cause a Tor relay process to + exit. Relays running earlier versions of Tor 0.3.0.x should upgrade. + This security issue is tracked as tracked as + TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha. + + o Minor features: + - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 + Country database. + + o Minor features (future-proofing): + - Tor no longer refuses to download microdescriptors or descriptors + if they are listed as "published in the future". This change will + eventually allow us to stop listing meaningful "published" dates + in microdescriptor consensuses, and thereby allow us to reduce the + resources required to download consensus diffs by over 50%. + Implements part of ticket 21642; implements part of proposal 275. + + o Minor bugfixes (Linux seccomp2 sandbox): + - The getpid() system call is now permitted under the Linux seccomp2 + sandbox, to avoid crashing with versions of OpenSSL (and other + libraries) that attempt to learn the process's PID by using the + syscall rather than the VDSO code. Fixes bug 21943; bugfix + on 0.2.5.1-alpha. + + Changes in version 0.3.0.6 - 2017-04-26 Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series. [View Less]

1 0

[tor/master] Merge branch 'maint-0.3.0'
by nickm＠torproject.org 15 May '17

15 May '17

commit 9b88254d1e393c92bfa3c9dc47e4049b66cf7844 Merge: a546487 8324631 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon May 15 18:25:31 2017 -0400 Merge branch 'maint-0.3.0' "ours" merge to avoid feature bump

1 0

[webwml/master] bump to 0.3.0.7
by nickm＠torproject.org 15 May '17

15 May '17

commit 07e9541c399adae4f124fe27b059ddbf5c4c9da7 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon May 15 18:54:56 2017 -0400 bump to 0.3.0.7 --- Makefile | 4 ++-- include/versions.wmi | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 7420cae..0b5fcb0 100644 --- a/Makefile +++ b/Makefile @@ -14,8 +14,8 @@ # branch to your personal webwml repository, open a trac ticket in the # website component, and set it to … [View More]

1 0

[tor/maint-0.3.0] bump version to 0.3.0.7
by nickm＠torproject.org 15 May '17

15 May '17

commit 8324631dd99dc2ec801b3c631aa6930aea8e608b Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon May 15 18:25:07 2017 -0400 bump version to 0.3.0.7 --- configure.ac | 2 +- contrib/win32build/tor-mingw.nsi.in | 2 +- src/win32/orconfig.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index c4d6bb1..4c82638 100644 --- a/configure.ac +++ b/configure.ac @@ -4,7 +4,7 @@ dnl Copyright (c) … [View More]

1 0

[tor/maint-0.3.0] Initialize the HS cache at startup
by nickm＠torproject.org 15 May '17

15 May '17

commit 3b8888c544f3186f12295bc436cbbec1a99cbf02 Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon May 15 13:49:29 2017 -0400 Initialize the HS cache at startup Failure to do this caused an assertion failure with #22246 . This assertion failure can be triggered remotely, so we're tracking it as medium-severity TROVE-2017-002. --- changes/bug22246 | 6 ++++++ src/or/main.c | 1 + 2 files changed, 7 insertions(+) diff --git a/changes/bug22246 b/changes/… [View More]

1 0

[tor/maint-0.3.0] Merge branch 'bug22246_030' into maint-0.3.0
by nickm＠torproject.org 15 May '17

15 May '17

commit 0f718a85eaad6cd2b4ad34aff2b7f4face4eb258 Merge: 716d485 3b8888c Author: Nick Mathewson <nickm(a)torproject.org> Date: Mon May 15 18:24:24 2017 -0400 Merge branch 'bug22246_030' into maint-0.3.0 changes/bug22246 | 6 ++++++ src/or/main.c | 1 + 2 files changed, 7 insertions(+)

1 0