[tor-commits] [tor/release-0.2.8] Changelog for 0.2.8.14
nickm at torproject.org
nickm at torproject.org
Thu Jun 8 14:16:40 UTC 2017
commit 64ac28ef5dae7b41d77d64d66f4582ffadbab196
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Jun 8 09:58:36 2017 -0400
Changelog for 0.2.8.14
---
ChangeLog | 28 ++++++++++++++++++++++++++++
ReleaseNotes | 28 ++++++++++++++++++++++++++++
changes/bug22490 | 3 ---
changes/geoip-april2017 | 4 ----
changes/geoip-march2017 | 4 ----
changes/geoip-may2017 | 4 ----
changes/ticket21564 | 6 ------
changes/trove-2017-005 | 7 -------
8 files changed, 56 insertions(+), 28 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 843bffa..7553cac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,31 @@
+Changes in version 0.2.8.14 - 2017-06-08
+ Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
+ remotely crash a hidden service with an assertion failure. Anyone
+ running a hidden service should upgrade to this version, or to some
+ other version with fixes for TROVE-2017-005. (Versions before 0.3.0
+ are not affected by TROVE-2017-004.)
+
+ o Major bugfixes (hidden service, relay, security):
+ - Fix a remotely triggerable assertion failure caused by receiving a
+ BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+ 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+ on 0.2.2.1-alpha.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
+ - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
+ December 2016 (of which ~126 were still functional) with a list of
+ 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
+ 2017. Resolves ticket 21564.
+
+ o Minor bugfixes (correctness):
+ - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+ file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+
Changes in version 0.2.8.13 - 2017-03-03
Tor 0.2.8.13 backports a security fix from later Tor
releases. Anybody running Tor 0.2.8.12 or earlier should upgrade to this
diff --git a/ReleaseNotes b/ReleaseNotes
index afbe79b..9353cd0 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -2,6 +2,34 @@ This document summarizes new features and bugfixes in each stable release
of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
+Changes in version 0.2.8.14 - 2017-06-08
+ Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
+ remotely crash a hidden service with an assertion failure. Anyone
+ running a hidden service should upgrade to this version, or to some
+ other version with fixes for TROVE-2017-005. (Versions before 0.3.0
+ are not affected by TROVE-2017-004.)
+
+ o Major bugfixes (hidden service, relay, security):
+ - Fix a remotely triggerable assertion failure caused by receiving a
+ BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+ 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+ on 0.2.2.1-alpha.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+ Country database.
+
+ o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
+ - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
+ December 2016 (of which ~126 were still functional) with a list of
+ 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
+ 2017. Resolves ticket 21564.
+
+ o Minor bugfixes (correctness):
+ - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+ file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+
Changes in version 0.2.8.13 - 2017-03-03
Tor 0.2.8.13 backports a security fix from later Tor
releases. Anybody running Tor 0.2.8.12 or earlier should upgrade to this
diff --git a/changes/bug22490 b/changes/bug22490
deleted file mode 100644
index 244dd50..0000000
--- a/changes/bug22490
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (correctness):
- - Avoid undefined behavior when parsing IPv6 entries from the geoip6
- file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
diff --git a/changes/geoip-april2017 b/changes/geoip-april2017
deleted file mode 100644
index b489eaf..0000000
--- a/changes/geoip-april2017
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-march2017 b/changes/geoip-march2017
deleted file mode 100644
index 6dc92ba..0000000
--- a/changes/geoip-march2017
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-may2017 b/changes/geoip-may2017
deleted file mode 100644
index 4e504d7..0000000
--- a/changes/geoip-may2017
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features:
- - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/ticket21564 b/changes/ticket21564
deleted file mode 100644
index 7e01f41..0000000
--- a/changes/ticket21564
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor features (fallback directory list):
- - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
- December 2016 (of which ~126 were still functional), with a list of
- 151 fallbacks (32 new, 119 existing, 58 removed) generated in
- May 2017.
- Resolves ticket 21564.
diff --git a/changes/trove-2017-005 b/changes/trove-2017-005
deleted file mode 100644
index cebb013..0000000
--- a/changes/trove-2017-005
+++ /dev/null
@@ -1,7 +0,0 @@
- o Major bugfixes (hidden service, relay, security):
- - Fix an assertion failure caused by receiving a BEGIN_DIR cell on
- a hidden service rendezvous circuit. Fixes bug 22494, tracked as
- TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found
- by armadev.
-
-
More information about the tor-commits
mailing list