[tor-commits] [tor/release-0.2.8] 0.2.8.12 releasenotes

nickm at torproject.org nickm at torproject.org
Mon Dec 19 13:26:34 UTC 2016


commit 9b024fb2810e08569d199e46f922245954477046
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Dec 19 08:26:15 2016 -0500

    0.2.8.12 releasenotes
---
 ChangeLog                  | 33 +++++++++++++++++++++++++++++++++
 ReleaseNotes               | 29 ++++++++++++++++++++++-------
 changes/bug21018           | 11 -----------
 changes/geoip-december2016 |  4 ----
 changes/ticket20170-v3     |  5 -----
 5 files changed, 55 insertions(+), 27 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a735f44..507e68f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,36 @@
+Changes in version 0.2.8.12 - 2016-12-19
+  Tor 0.2.8.12 backports a fix for a medium-severity issue (bug 21018
+  below) where Tor clients could crash when attempting to visit a
+  hostile hidden service. Clients are recommended to upgrade as packages
+  become available for their systems.
+
+  It also includes an updated list of fallback directories, backported
+  from 0.2.9.
+
+  Now that the Tor 0.2.9 series is stable, only major bugfixes will be
+  backported to 0.2.8 in the future.
+
+  o Major bugfixes (parsing, security, backported from 0.2.9.8):
+    - Fix a bug in parsing that could cause clients to read a single
+      byte past the end of an allocated region. This bug could be used
+      to cause hardened clients (built with --enable-expensive-hardening)
+      to crash if they tried to visit a hostile hidden service. Non-
+      hardened clients are only affected depending on the details of
+      their platform's memory allocator. Fixes bug 21018; bugfix on
+      0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
+      2016-12-002 and as CVE-2016-1254.
+
+  o Minor features (fallback directory list, backported from 0.2.9.8):
+    - Replace the 81 remaining fallbacks of the 100 originally
+      introduced in Tor 0.2.8.3-alpha in March 2016, with a list of 177
+      fallbacks (123 new, 54 existing, 27 removed) generated in December
+      2016. Resolves ticket 20170.
+
+  o Minor features (geoip, backported from 0.2.9.7-rc):
+    - Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2
+      Country database.
+
+
 Changes in version 0.2.8.11 - 2016-12-08
   Tor 0.2.8.11 backports fixes for additional portability issues that
   could prevent Tor from building correctly on OSX Sierra, or with
diff --git a/ReleaseNotes b/ReleaseNotes
index 163ef67..7f51fe3 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -12,13 +12,28 @@ Changes in version 0.2.8.12 - 2016-12-19
   It also includes an updated list of fallback directories, backported
   from 0.2.9.
 
-  With the release of Tor 0.2.9.8, the Tor 0.2.8 series is now
-  officially old: only major bugfixes will be backported to 0.2.8 in the
-  future.
-
-
-
-
+  Now that the Tor 0.2.9 series is stable, only major bugfixes will be
+  backported to 0.2.8 in the future.
+
+  o Major bugfixes (parsing, security, backported from 0.2.9.8):
+    - Fix a bug in parsing that could cause clients to read a single
+      byte past the end of an allocated region. This bug could be used
+      to cause hardened clients (built with --enable-expensive-hardening)
+      to crash if they tried to visit a hostile hidden service. Non-
+      hardened clients are only affected depending on the details of
+      their platform's memory allocator. Fixes bug 21018; bugfix on
+      0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
+      2016-12-002 and as CVE-2016-1254.
+
+  o Minor features (fallback directory list, backported from 0.2.9.8):
+    - Replace the 81 remaining fallbacks of the 100 originally
+      introduced in Tor 0.2.8.3-alpha in March 2016, with a list of 177
+      fallbacks (123 new, 54 existing, 27 removed) generated in December
+      2016. Resolves ticket 20170.
+
+  o Minor features (geoip, backported from 0.2.9.7-rc):
+    - Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2
+      Country database.
 
 
 Changes in version 0.2.8.11 - 2016-12-08
diff --git a/changes/bug21018 b/changes/bug21018
deleted file mode 100644
index 49a8b47..0000000
--- a/changes/bug21018
+++ /dev/null
@@ -1,11 +0,0 @@
-  o Major bugfixes (parsing, security):
-
-    - Fix a bug in parsing that could cause clients to read a single
-      byte past the end of an allocated region. This bug could be
-      used to cause hardened clients (built with
-      --enable-expensive-hardening) to crash if they tried to visit
-      a hostile hidden service.  Non-hardened clients are only
-      affected depending on the details of their platform's memory
-      allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by
-      using libFuzzer. Also tracked as TROVE-2016-12-002 and as
-      CVE-2016-1254.
diff --git a/changes/geoip-december2016 b/changes/geoip-december2016
deleted file mode 100644
index 60754ea..0000000
--- a/changes/geoip-december2016
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2
-      Country database.
-
diff --git a/changes/ticket20170-v3 b/changes/ticket20170-v3
deleted file mode 100644
index d634e72..0000000
--- a/changes/ticket20170-v3
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor features (fallback directory list):
-    - Replace the 81 remaining fallbacks of the 100 originally introduced
-      in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks
-      (123 new, 54 existing, 27 removed) generated in December 2016.
-      Resolves ticket 20170.



More information about the tor-commits mailing list