commit 2da783ac8465441e26f5b69dae22b0c53e449e3e Author: Nick Mathewson nickm@torproject.org Date: Mon May 15 18:28:25 2017 -0400
copy changelog into releasenotes --- ReleaseNotes | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+)
diff --git a/ReleaseNotes b/ReleaseNotes index c5ccfbe..a9c9c25 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -3,6 +3,39 @@ of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file.
+Changes in version 0.3.0.7 - 2017-05-15 + Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions + of Tor 0.3.0.x, where an attacker could cause a Tor relay process + to exit. Relays running earlier versions of Tor 0.3.0.x should upgrade; + clients are not affected. + + o Major bugfixes (hidden service directory, security): + - Fix an assertion failure in the hidden service directory code, which + could be used by an attacker to remotely cause a Tor relay process to + exit. Relays running earlier versions of Tor 0.3.0.x should upgrade. + This security issue is tracked as tracked as + TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha. + + o Minor features: + - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 + Country database. + + o Minor features (future-proofing): + - Tor no longer refuses to download microdescriptors or descriptors + if they are listed as "published in the future". This change will + eventually allow us to stop listing meaningful "published" dates + in microdescriptor consensuses, and thereby allow us to reduce the + resources required to download consensus diffs by over 50%. + Implements part of ticket 21642; implements part of proposal 275. + + o Minor bugfixes (Linux seccomp2 sandbox): + - The getpid() system call is now permitted under the Linux seccomp2 + sandbox, to avoid crashing with versions of OpenSSL (and other + libraries) that attempt to learn the process's PID by using the + syscall rather than the VDSO code. Fixes bug 21943; bugfix + on 0.2.5.1-alpha. + + Changes in version 0.3.0.6 - 2017-04-26 Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series.
tor-commits@lists.torproject.org