[tor-commits] [tor/release-0.3.0] copy changelog into releasenotes

nickm at torproject.org nickm at torproject.org
Mon May 15 22:52:17 UTC 2017 

commit 2da783ac8465441e26f5b69dae22b0c53e449e3e
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon May 15 18:28:25 2017 -0400

    copy changelog into releasenotes
---
 ReleaseNotes | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/ReleaseNotes b/ReleaseNotes
index c5ccfbe..a9c9c25 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -3,6 +3,39 @@ of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.
 
 
+Changes in version 0.3.0.7 - 2017-05-15
+  Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions
+  of Tor 0.3.0.x, where an attacker could cause a Tor relay process
+  to exit. Relays running earlier versions of Tor 0.3.0.x should upgrade;
+  clients are not affected.
+
+  o Major bugfixes (hidden service directory, security):
+    - Fix an assertion failure in the hidden service directory code, which
+      could be used by an attacker to remotely cause a Tor relay process to
+      exit. Relays running earlier versions of Tor 0.3.0.x should upgrade.
+      This security issue is tracked as tracked as
+      TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha.
+
+  o Minor features:
+    - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (future-proofing):
+    - Tor no longer refuses to download microdescriptors or descriptors
+      if they are listed as "published in the future". This change will
+      eventually allow us to stop listing meaningful "published" dates
+      in microdescriptor consensuses, and thereby allow us to reduce the
+      resources required to download consensus diffs by over 50%.
+      Implements part of ticket 21642; implements part of proposal 275.
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - The getpid() system call is now permitted under the Linux seccomp2
+      sandbox, to avoid crashing with versions of OpenSSL (and other
+      libraries) that attempt to learn the process's PID by using the
+      syscall rather than the VDSO code. Fixes bug 21943; bugfix
+      on 0.2.5.1-alpha.
+
+
 Changes in version 0.3.0.6 - 2017-04-26
   Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series.

More information about the tor-commits mailing list