This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch main in repository tor.
commit edde188cf228807ff89799e580a1a5abcec342ca Author: Tor CI Release no-email@torproject.org AuthorDate: Fri Jun 17 14:01:09 2022 +0000
release: ChangeLog and ReleaseNotes for 0.4.7.8 --- ChangeLog | 39 +++++++++++++++++++++++++++++++++++++++ ReleaseNotes | 39 +++++++++++++++++++++++++++++++++++++++ changes/bug40603 | 5 ----- changes/bug40612 | 5 ----- changes/bug40620 | 3 --- changes/bug40626 | 6 ------ changes/fallbackdirs-2022-06-17 | 2 -- changes/geoip-2022-06-17 | 3 --- changes/ticket40601 | 4 ---- 9 files changed, 78 insertions(+), 28 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 9150976378..0ed1710d7b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,42 @@ +Changes in version 0.4.7.8 - 2022-06-17 + This version fixes several bugfixes including a High severity security issue + categorized as a Denial of Service. Everyone running an earlier version + should upgrade to this version. + + o Major bugfixes (congestion control, TROVE-2022-001): + - Fix a scenario where RTT estimation can become wedged, seriously + degrading congestion control performance on all circuits. This + impacts clients, onion services, and relays, and can be triggered + remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes + bug 40626; bugfix on 0.4.7.5-alpha. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on June 17, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/06/17. + + o Minor bugfixes (linux seccomp2 sandbox): + - Allow the rseq system call in the sandbox. This solves a crash + issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug + 40601; bugfix on 0.3.5.11. + + o Minor bugfixes (logging): + - Demote a harmless warn log message about finding a second hop to + from warn level to info level, if we do not have enough + descriptors yet. Leave it at notice level for other cases. Fixes + bug 40603; bugfix on 0.4.7.1-alpha. + - Demote a notice log message about "Unexpected path length" to info + level. These cases seem to happen arbitrarily, and we likely will + never find all of them before the switch to arti. Fixes bug 40612; + bugfix on 0.4.7.5-alpha. + + o Minor bugfixes (relay, logging): + - Demote a harmless XOFF log message to from notice level to info + level. Fixes bug 40620; bugfix on 0.4.7.5-alpha. + + Changes in version 0.4.7.7 - 2022-04-27 This is the first stable version of the 0.4.7.x series. This series includes several major bugfixes from previous series and one massive new feature: diff --git a/ReleaseNotes b/ReleaseNotes index d664bcfb58..ae90f71510 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,45 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file.
+Changes in version 0.4.7.8 - 2022-06-17 + This version fixes several bugfixes including a High severity security issue + categorized as a Denial of Service. Everyone running an earlier version + should upgrade to this version. + + o Major bugfixes (congestion control, TROVE-2022-001): + - Fix a scenario where RTT estimation can become wedged, seriously + degrading congestion control performance on all circuits. This + impacts clients, onion services, and relays, and can be triggered + remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes + bug 40626; bugfix on 0.4.7.5-alpha. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on June 17, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/06/17. + + o Minor bugfixes (linux seccomp2 sandbox): + - Allow the rseq system call in the sandbox. This solves a crash + issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug + 40601; bugfix on 0.3.5.11. + + o Minor bugfixes (logging): + - Demote a harmless warn log message about finding a second hop to + from warn level to info level, if we do not have enough + descriptors yet. Leave it at notice level for other cases. Fixes + bug 40603; bugfix on 0.4.7.1-alpha. + - Demote a notice log message about "Unexpected path length" to info + level. These cases seem to happen arbitrarily, and we likely will + never find all of them before the switch to arti. Fixes bug 40612; + bugfix on 0.4.7.5-alpha. + + o Minor bugfixes (relay, logging): + - Demote a harmless XOFF log message to from notice level to info + level. Fixes bug 40620; bugfix on 0.4.7.5-alpha. + + Changes in version 0.4.7.7 - 2022-04-27 This is the first stable version of the 0.4.7.x series. This series includes several major bugfixes from previous series and several features diff --git a/changes/bug40603 b/changes/bug40603 deleted file mode 100644 index aa00718a48..0000000000 --- a/changes/bug40603 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (logging): - - Demote a harmless warn log message about finding a second hop to from - warn level to info level, if we do not have enough descriptors yet. - Leave it at notice level for other cases. Fixes bug 40603; - bugfix on 0.4.7.1-alpha. diff --git a/changes/bug40612 b/changes/bug40612 deleted file mode 100644 index 526f23bdd6..0000000000 --- a/changes/bug40612 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (logging): - - Demote a notice log message about "Unexpected path length" to info - level. These cases seem to happen arbitrarily, and we likely will - never find all of them before the switch to arti. Fixes bug 40612; - bugfix on 0.4.7.5-alpha. diff --git a/changes/bug40620 b/changes/bug40620 deleted file mode 100644 index 086a71d3f6..0000000000 --- a/changes/bug40620 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (relay, logging): - - Demote a harmless XOFF log message to from notice level to info level. - Fixes bug 40620; bugfix on 0.4.7.5-alpha. diff --git a/changes/bug40626 b/changes/bug40626 deleted file mode 100644 index cda8abe4d7..0000000000 --- a/changes/bug40626 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (congestion control, TROVE-2022-001): - - Fix a scenario where RTT estimation can become wedged, seriously - degrading congestion control performance on all circuits. This impacts - clients, onion services, and relays, and can be triggered remotely by a - malicious endpoint. Tracked as CVE-2022-33903. Fixes bug 40626; bugfix - on 0.4.7.5-alpha. diff --git a/changes/fallbackdirs-2022-06-17 b/changes/fallbackdirs-2022-06-17 deleted file mode 100644 index a1f18e8d0f..0000000000 --- a/changes/fallbackdirs-2022-06-17 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on June 17, 2022. diff --git a/changes/geoip-2022-06-17 b/changes/geoip-2022-06-17 deleted file mode 100644 index 6fd4302329..0000000000 --- a/changes/geoip-2022-06-17 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2022/06/17. diff --git a/changes/ticket40601 b/changes/ticket40601 deleted file mode 100644 index 529e3badfe..0000000000 --- a/changes/ticket40601 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (linux seccomp2 sandbox): - - Allow the rseq system call in the sandbox. This solves a crash issue with - glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug 40601; bugfix on - 0.3.5.11.