[tor-commits] [tor/release-0.3.1] Fold in changes entry for 22753, and write a blurb.

nickm at torproject.org nickm at torproject.org
Thu Jun 29 20:02:50 UTC 2017 

commit 20a46bdce6b573b9c219bb6f599fb28a22a64833
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Jun 29 16:02:47 2017 -0400

    Fold in changes entry for 22753, and write a blurb.
---
 ChangeLog        | 25 ++++++++++++++++++-------
 changes/bug22753 |  7 -------
 2 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 097482c..4bf8e6f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,20 @@
-Changes in version 0.3.1.4-alpha - 2017-06-29:
-  blurb goes here.
+Changes in version 0.3.1.4-alpha - 2017-06-29
+  Tor 0.3.1.4-alpha fixes a path selection bug that would allow a client
+  to use a guard that was in the same network family as a chosen exit
+  node. This is a security regression; all clients running earlier
+  versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or
+  0.3.1.4-alpha.
+
+  This release also fixes several other bugs related to new features in
+  0.3.0.x and 0.3.1.x, including others that can effect bandwidth usage
+  and correctness.
+
+  o Major bugfixes (path selection, security):
+    - When choosing which guard to use for a circuit, avoid the
+      exit's family along with the exit itself. Previously, the new
+      guard selection logic avoided the exit, but did not consider
+      its family.  Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked
+      as TROVE-2016-006 and CVE-2017-0377.
 
   o New dependencies:
     - To build with zstd and lzma support, Tor now requires the pkg-
@@ -78,21 +93,17 @@ Changes in version 0.3.1.4-alpha - 2017-06-29:
       permissions on the data directory or its contents. Fixes bug
       22516; bugfix on 0.2.5.4-alpha.
 
-  o Minor bugfixes (logging, compression):
+  o Minor bugfixes (logging):
     - When decompressing, do not warn if we fail to decompress using a
       compression method that we merely guessed. Fixes part of bug
       22670; bugfix on 0.1.1.14-alpha.
     - When decompressing, treat mismatch between content-encoding and
       actual compression type as a protocol warning. Fixes part of bug
       22670; bugfix on 0.1.1.9-alpha.
-
-  o Minor bugfixes (logging, relay):
     - Downgrade "assigned_to_cpuworker failed" message to INFO-level
       severity. In every case that can reach it, either a better warning
       has already been logged, or no warning is warranted. Fixes bug
       22356; bugfix on 0.2.6.3-alpha.
-
-  o Minor bugfixes (netflow padding logging):
     - Demote a warn that was caused by libevent delays to info if the
       padding is less than 4.5 seconds late, or notice if it is more
       (4.5 seconds is the amount of time that a netflow record might be
diff --git a/changes/bug22753 b/changes/bug22753
deleted file mode 100644
index 32a6dfa..0000000
--- a/changes/bug22753
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Major bugfixes (path selection, security):
-    - When choosing which guard to use for a circuit, avoid the
-      exit's family along with the exit itself. Previously, the new
-      guard selection logic avoided the exit, but did not consider
-      its family.  Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked
-      as TROVE-2016-006 and CVE-2017-0377.
-

More information about the tor-commits mailing list