This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch release-0.4.5 in repository tor.
commit 11ac6c3adc50153826d30c46dffa43977ffc1f69 Author: Tor CI Release no-email@torproject.org AuthorDate: Thu Jan 12 16:01:04 2023 +0000
release: ChangeLog and ReleaseNotes for 0.4.5.16 --- ChangeLog | 29 +++++++++++++++++++++++++++++ ReleaseNotes | 29 +++++++++++++++++++++++++++++ changes/bug40563 | 8 -------- changes/fallbackdirs-2023-01-12 | 2 -- changes/geoip-2023-01-12 | 3 --- changes/ticket40730 | 5 ----- 6 files changed, 58 insertions(+), 18 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 7a31917078..bffc3c402a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,32 @@ +Changes in version 0.4.5.16 - 2023-01-12 + This version has one major bugfix for relay and a security fix, + TROVE-2022-002, affecting clients. We strongly recommend to upgrade to our + 0.4.7.x stable series. As a reminder, this series is EOL on February 15th, + 2023. + + o Major bugfixes (relay): + - When opening a channel because of a circuit request that did not + include an Ed25519 identity, record the Ed25519 identity that we + actually received, so that we can use the channel for other + circuit requests that _do_ list an Ed25519 identity. (Previously + we had code to record this identity, but a logic bug caused it to + be disabled.) Fixes bug 40563; bugfix on 0.3.0.1-alpha. Patch + from "cypherpunks". + + o Major bugfixes (TROVE-2022-002, client): + - The SafeSocks option had its logic inverted for SOCKS4 and + SOCKS4a. It would let the unsafe SOCKS4 pass but not the safe + SOCKS4a one. This is TROVE-2022-002 which was reported on + Hackerone by "cojabo". Fixes bug 40730; bugfix on 0.3.5.1-alpha. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on January 12, 2023. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2023/01/12. + + Changes in version 0.4.5.15 - 2022-12-06 This version has several major changes for directory authorities. And a major bugfix on OSX. Again, we strongly recommend to upgrade to our 0.4.7.x diff --git a/ReleaseNotes b/ReleaseNotes index d094336a66..cc2a0d920e 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,35 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file.
+Changes in version 0.4.5.16 - 2023-01-12 + This version has one major bugfix for relay and a security fix, + TROVE-2022-002, affecting clients. We strongly recommend to upgrade to our + 0.4.7.x stable series. As a reminder, this series is EOL on February 15th, + 2023. + + o Major bugfixes (relay): + - When opening a channel because of a circuit request that did not + include an Ed25519 identity, record the Ed25519 identity that we + actually received, so that we can use the channel for other + circuit requests that _do_ list an Ed25519 identity. (Previously + we had code to record this identity, but a logic bug caused it to + be disabled.) Fixes bug 40563; bugfix on 0.3.0.1-alpha. Patch + from "cypherpunks". + + o Major bugfixes (TROVE-2022-002, client): + - The SafeSocks option had its logic inverted for SOCKS4 and + SOCKS4a. It would let the unsafe SOCKS4 pass but not the safe + SOCKS4a one. This is TROVE-2022-002 which was reported on + Hackerone by "cojabo". Fixes bug 40730; bugfix on 0.3.5.1-alpha. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on January 12, 2023. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2023/01/12. + + Changes in version 0.4.5.15 - 2022-12-06 This version has several major changes for directory authorities. And a major bugfix on OSX. Again, we strongly recommend to upgrade to our 0.4.7.x diff --git a/changes/bug40563 b/changes/bug40563 deleted file mode 100644 index e7a3deec6d..0000000000 --- a/changes/bug40563 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (relay): - - When opening a channel because of a circuit request that did not - include an Ed25519 identity, record the Ed25519 identity that we - actually received, so that we can use the channel for other circuit - requests that _do_ list an Ed25519 identity. - (Previously we had code to record this identity, but a logic bug - caused it to be disabled.) Fixes bug 40563; bugfix on 0.3.0.1-alpha. - Patch from "cypherpunks". diff --git a/changes/fallbackdirs-2023-01-12 b/changes/fallbackdirs-2023-01-12 deleted file mode 100644 index e3788a16ae..0000000000 --- a/changes/fallbackdirs-2023-01-12 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on January 12, 2023. diff --git a/changes/geoip-2023-01-12 b/changes/geoip-2023-01-12 deleted file mode 100644 index 8378d34fbf..0000000000 --- a/changes/geoip-2023-01-12 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2023/01/12. diff --git a/changes/ticket40730 b/changes/ticket40730 deleted file mode 100644 index f6d4c9de3b..0000000000 --- a/changes/ticket40730 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (TROVE-2022-002, client): - - The SafeSocks option had its logic inverted for SOCKS4 and SOCKS4a. It - would let the unsafe SOCKS4 pass but not the safe SOCKS4a one. This is - TROVE-2022-002 which was reported on Hackerone by "cojabo". Fixes bug - 40730; bugfix on 0.3.5.1-alpha.