[tor-commits] [tor/release-0.3.1] Finish changelog and release notes for 0.3.1.7

nickm at torproject.org nickm at torproject.org
Mon Sep 18 13:58:07 UTC 2017


commit 9d35ddf110dc1737af4f12c4135a03cb7ac3c85d
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Sep 18 09:50:05 2017 -0400

    Finish changelog and release notes for 0.3.1.7
---
 ChangeLog              | 20 +++++++++++++++-----
 ReleaseNotes           | 20 +++++++++++++++-----
 changes/bug23533       |  4 ----
 changes/trove-2017-008 |  5 -----
 4 files changed, 30 insertions(+), 19 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 282cb3e8d..0c8c0d310 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,11 +9,10 @@ Changes in version 0.3.1.7 - 2017-09-18
   small features, bugfixes on earlier release series, and groundwork for
   the hidden services revamp of 0.3.2.
 
-  Per our stable release policy, we plan to support the Tor 0.3.0
-  release series for at least the next nine months, or for three months
-  after the first stable release of the 0.3.1 series: whichever is
-  longer. If you need a release with long-term support, we recommend
-  that you stay with the 0.2.9 series.
+  This release also includes a fix for TROVE-2017-008, a security bug
+  that affects hidden services running with the SafeLogging option
+  disabled. For more information, see
+  https://trac.torproject.org/projects/tor/ticket/23490
 
   Per our stable release policy, we plan to support each stable release
   series for at least the next nine months, or for three months after
@@ -24,6 +23,12 @@ Changes in version 0.3.1.7 - 2017-09-18
   Below is a list of the changes since 0.3.1.6-rc. For a list of all
   changes since 0.3.0, see the ReleaseNotes file.
 
+  o Major bugfixes (security, hidden services, loggging):
+    - Fix a bug where we could log uninitialized stack when a certain
+      hidden service error occurred while SafeLogging was disabled.
+      Fixes bug #23490; bugfix on 0.2.7.2-alpha. This is also tracked as
+      TROVE-2017-008 and CVE-2017-0380.
+
   o Minor features (defensive programming):
     - Create a pair of consensus parameters, nf_pad_tor2web and
       nf_pad_single_onion, to disable netflow padding in the consensus
@@ -49,6 +54,11 @@ Changes in version 0.3.1.7 - 2017-09-18
     - Do not crash when receiving a POSTDESCRIPTOR command with an empty
       body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
 
+  o Minor bugfixes (relay):
+    - Inform the geoip and rephist modules about all requests, even on
+      relays that are only fetching microdescriptors. Fixes a bug
+      related to 21585; bugfix on 0.3.0.1-alpha.
+
   o Minor bugfixes (unit tests):
     - Fix a channelpadding unit test failure on slow systems by using
       mocked time instead of actual time. Fixes bug 23077; bugfix
diff --git a/ReleaseNotes b/ReleaseNotes
index 8328b63c1..e8a9f3b41 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -13,11 +13,10 @@ Changes in version 0.3.1.7 - 2017-09-18
   small features, bugfixes on earlier release series, and groundwork for
   the hidden services revamp of 0.3.2.
 
-  Per our stable release policy, we plan to support the Tor 0.3.0
-  release series for at least the next nine months, or for three months
-  after the first stable release of the 0.3.1 series: whichever is
-  longer. If you need a release with long-term support, we recommend
-  that you stay with the 0.2.9 series.
+  This release also includes a fix for TROVE-2017-008, a security bug
+  that affects hidden services running with the SafeLogging option
+  disabled. For more information, see
+  https://trac.torproject.org/projects/tor/ticket/23490
 
   Per our stable release policy, we plan to support each stable release
   series for at least the next nine months, or for three months after
@@ -32,6 +31,12 @@ Changes in version 0.3.1.7 - 2017-09-18
     - To build with zstd and lzma support, Tor now requires the
       pkg-config tool at build time.
 
+  o Major bugfixes (security, hidden services, loggging):
+    - Fix a bug where we could log uninitialized stack when a certain
+      hidden service error occurred while SafeLogging was disabled.
+      Fixes bug #23490; bugfix on 0.2.7.2-alpha.
+      This is also tracked as TROVE-2017-008 and CVE-2017-0380.
+
   o Major features (build system, continuous integration):
     - Tor's repository now includes a Travis Continuous Integration (CI)
       configuration file (.travis.yml). This is meant to help new
@@ -515,6 +520,11 @@ Changes in version 0.3.1.7 - 2017-09-18
       and are not relevant to the operator. Fixes bug 23078; bugfix on
       0.3.0.1-alpha and 0.3.0.2-alpha.
 
+  o Minor bugfixes (relay):
+    - Inform the geoip and rephist modules about all requests, even on
+      relays that are only fetching microdescriptors. Fixes a bug
+      related to 21585; bugfix on 0.3.0.1-alpha.
+
   o Minor bugfixes (memory leaks):
     - Fix a small memory leak at exit from the backtrace handler code.
       Fixes bug 21788; bugfix on 0.2.5.2-alpha. Patch from Daniel Pinto.
diff --git a/changes/bug23533 b/changes/bug23533
deleted file mode 100644
index b5bfdc0ce..000000000
--- a/changes/bug23533
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (relay):
-    - Inform the geoip and rephist modules about all requests, even
-      on relays that are only fetching microdescriptors. Fixes a bug related
-      to 21585; bugfix on 0.3.0.1-alpha.
diff --git a/changes/trove-2017-008 b/changes/trove-2017-008
deleted file mode 100644
index 4b9c5b0a1..000000000
--- a/changes/trove-2017-008
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Major bugfixes (security, hidden services, loggging):
-    - Fix a bug where we could log uninitialized stack when a certain
-      hidden service error occurred while SafeLogging was disabled.
-      Fixes bug #23490; bugfix on 0.2.7.2-alpha.
-      This is also tracked as TROVE-2017-008 and CVE-2017-0380.



More information about the tor-commits mailing list