[tor-commits] [tor/release-0.2.8] Finish changelog for 0.2.8.15

nickm at torproject.org nickm at torproject.org
Mon Sep 18 13:58:07 UTC 2017 

commit e25e980285a80231956dba6d3c89a25c27fdf94f
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Sep 18 09:57:45 2017 -0400

    Finish changelog for 0.2.8.15
---
 ChangeLog              | 13 ++++++++++++-
 ReleaseNotes           | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 changes/trove-2017-008 |  5 -----
 3 files changed, 62 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 602069f5f..28303c082 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
 Changes in version 0.2.8.15 - 2017-09-18
-  BLURB
+  Tor 0.2.8.15 backports a collection of bugfixes from later
+  Tor series.
+
+  Most significantly, it includes a fix for TROVE-2017-008, a
+  security bug that affects hidden services running with the
+  SafeLogging option disabled. For more information, see
+  https://trac.torproject.org/projects/tor/ticket/23490
+
+  Note that Tor 0.2.8.x will no longer be supported after 1 Jan
+  2018.  We suggest that you upgrade to the latest stable release if
+  possible.  If you can't, we recommend that you upgrade at least to
+  0.2.9, which will be supported until 2020.
 
   o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
     - Avoid an assertion failure bug affecting our implementation of
diff --git a/ReleaseNotes b/ReleaseNotes
index 9353cd086..2d67f5b89 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -2,6 +2,56 @@ This document summarizes new features and bugfixes in each stable release
 of Tor. If you want to see more detailed descriptions of the changes in
 each development snapshot, see the ChangeLog file.
 
+Changes in version 0.2.8.15 - 2017-09-18
+  Tor 0.2.8.15 backports a collection of bugfixes from later
+  Tor series.
+
+  Most significantly, it includes a fix for TROVE-2017-008, a
+  security bug that affects hidden services running with the
+  SafeLogging option disabled. For more information, see
+  https://trac.torproject.org/projects/tor/ticket/23490
+
+  Note that Tor 0.2.8.x will no longer be supported after 1 Jan
+  2018.  We suggest that you upgrade to the latest stable release if
+  possible.  If you can't, we recommend that you upgrade at least to
+  0.2.9, which will be supported until 2020.
+
+  o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
+    - Avoid an assertion failure bug affecting our implementation of
+      inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
+      handling of "0xx" differs from what we had expected. Fixes bug
+      22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
+
+  o Minor features:
+    - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
+    - Backport a fix for an "unused variable" warning that appeared
+      in some versions of mingw. Fixes bug 22838; bugfix on
+      0.2.8.1-alpha.
+
+  o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha):
+    - Fix a memset() off the end of an array when packing cells. This
+      bug should be harmless in practice, since the corrupted bytes are
+      still in the same structure, and are always padding bytes,
+      ignored, or immediately overwritten, depending on compiler
+      behavior. Nevertheless, because the memset()'s purpose is to make
+      sure that any other cell-handling bugs can't expose bytes to the
+      network, we need to fix it. Fixes bug 22737; bugfix on
+      0.2.4.11-alpha. Fixes CID 1401591.
+
+  o Build features (backport from 0.3.1.5-alpha):
+    - Tor's repository now includes a Travis Continuous Integration (CI)
+      configuration file (.travis.yml). This is meant to help new
+      developers and contributors who fork Tor to a Github repository be
+      better able to test their changes, and understand what we expect
+      to pass. To use this new build feature, you must fork Tor to your
+      Github account, then go into the "Integrations" menu in the
+      repository settings for your fork and enable Travis, then push
+      your changes. Closes ticket 22636.
+
+
 Changes in version 0.2.8.14 - 2017-06-08
   Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
   remotely crash a hidden service with an assertion failure. Anyone
diff --git a/changes/trove-2017-008 b/changes/trove-2017-008
deleted file mode 100644
index 4b9c5b0a1..000000000
--- a/changes/trove-2017-008
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Major bugfixes (security, hidden services, loggging):
-    - Fix a bug where we could log uninitialized stack when a certain
-      hidden service error occurred while SafeLogging was disabled.
-      Fixes bug #23490; bugfix on 0.2.7.2-alpha.
-      This is also tracked as TROVE-2017-008 and CVE-2017-0380.

More information about the tor-commits mailing list