[tor-commits] [tor/release-0.2.8] Pick a date, update ReleaseNotes. (0.2.8)

nickm at torproject.org nickm at torproject.org
Fri Mar 3 19:58:37 UTC 2017


commit 4e5df7355514377338c3b284950daedd7091edbd
Author: Nick Mathewson <nickm at torproject.org>
Date:   Fri Mar 3 14:57:50 2017 -0500

    Pick a date, update ReleaseNotes. (0.2.8)
---
 ChangeLog    |  2 +-
 ReleaseNotes | 24 ++++++++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 14474a6..843bffa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,4 @@
-Changes in version 0.2.8.13 - 2017-03-??
+Changes in version 0.2.8.13 - 2017-03-03
   Tor 0.2.8.13 backports a security fix from later Tor
   releases.  Anybody running Tor 0.2.8.12 or earlier should upgrade to this
   this release, if for some reason they cannot upgrade to a later
diff --git a/ReleaseNotes b/ReleaseNotes
index ee2410a..afbe79b 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -2,6 +2,30 @@ This document summarizes new features and bugfixes in each stable release
 of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.
 
+Changes in version 0.2.8.13 - 2017-03-03
+  Tor 0.2.8.13 backports a security fix from later Tor
+  releases.  Anybody running Tor 0.2.8.12 or earlier should upgrade to this
+  this release, if for some reason they cannot upgrade to a later
+  release series, and if they build Tor with the --enable-expensive-hardening
+  option.
+
+  Note that support for Tor 0.2.8.x is ending next year: we will not issue
+  any fixes for the Tor 0.2.8.x series after 1 Jan 2018.  If you need
+  a Tor release series with longer-term support, we recommend Tor 0.2.9.x.
+
+  o Major bugfixes (parsing, backported from 0.3.0.4-rc):
+    - Fix an integer underflow bug when comparing malformed Tor
+      versions. This bug could crash Tor when built with
+      --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor
+      0.2.9.8, which were built with -ftrapv by default. In other cases
+      it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
+      on 0.0.8pre1. Found by OSS-Fuzz.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
+      Country database.
+
+
 Changes in version 0.2.8.12 - 2016-12-19
   Tor 0.2.8.12 backports a fix for a medium-severity issue (bug 21018
   below) where Tor clients could crash when attempting to visit a



More information about the tor-commits mailing list