0.2.8.12 releasenotes
This commit is contained in:
parent
fe7a0c34b0
commit
9b024fb281
33
ChangeLog
33
ChangeLog
|
@ -1,3 +1,36 @@
|
|||
Changes in version 0.2.8.12 - 2016-12-19
|
||||
Tor 0.2.8.12 backports a fix for a medium-severity issue (bug 21018
|
||||
below) where Tor clients could crash when attempting to visit a
|
||||
hostile hidden service. Clients are recommended to upgrade as packages
|
||||
become available for their systems.
|
||||
|
||||
It also includes an updated list of fallback directories, backported
|
||||
from 0.2.9.
|
||||
|
||||
Now that the Tor 0.2.9 series is stable, only major bugfixes will be
|
||||
backported to 0.2.8 in the future.
|
||||
|
||||
o Major bugfixes (parsing, security, backported from 0.2.9.8):
|
||||
- Fix a bug in parsing that could cause clients to read a single
|
||||
byte past the end of an allocated region. This bug could be used
|
||||
to cause hardened clients (built with --enable-expensive-hardening)
|
||||
to crash if they tried to visit a hostile hidden service. Non-
|
||||
hardened clients are only affected depending on the details of
|
||||
their platform's memory allocator. Fixes bug 21018; bugfix on
|
||||
0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
|
||||
2016-12-002 and as CVE-2016-1254.
|
||||
|
||||
o Minor features (fallback directory list, backported from 0.2.9.8):
|
||||
- Replace the 81 remaining fallbacks of the 100 originally
|
||||
introduced in Tor 0.2.8.3-alpha in March 2016, with a list of 177
|
||||
fallbacks (123 new, 54 existing, 27 removed) generated in December
|
||||
2016. Resolves ticket 20170.
|
||||
|
||||
o Minor features (geoip, backported from 0.2.9.7-rc):
|
||||
- Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
|
||||
Changes in version 0.2.8.11 - 2016-12-08
|
||||
Tor 0.2.8.11 backports fixes for additional portability issues that
|
||||
could prevent Tor from building correctly on OSX Sierra, or with
|
||||
|
|
23
ReleaseNotes
23
ReleaseNotes
|
@ -12,13 +12,28 @@ Changes in version 0.2.8.12 - 2016-12-19
|
|||
It also includes an updated list of fallback directories, backported
|
||||
from 0.2.9.
|
||||
|
||||
With the release of Tor 0.2.9.8, the Tor 0.2.8 series is now
|
||||
officially old: only major bugfixes will be backported to 0.2.8 in the
|
||||
future.
|
||||
|
||||
Now that the Tor 0.2.9 series is stable, only major bugfixes will be
|
||||
backported to 0.2.8 in the future.
|
||||
|
||||
o Major bugfixes (parsing, security, backported from 0.2.9.8):
|
||||
- Fix a bug in parsing that could cause clients to read a single
|
||||
byte past the end of an allocated region. This bug could be used
|
||||
to cause hardened clients (built with --enable-expensive-hardening)
|
||||
to crash if they tried to visit a hostile hidden service. Non-
|
||||
hardened clients are only affected depending on the details of
|
||||
their platform's memory allocator. Fixes bug 21018; bugfix on
|
||||
0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
|
||||
2016-12-002 and as CVE-2016-1254.
|
||||
|
||||
o Minor features (fallback directory list, backported from 0.2.9.8):
|
||||
- Replace the 81 remaining fallbacks of the 100 originally
|
||||
introduced in Tor 0.2.8.3-alpha in March 2016, with a list of 177
|
||||
fallbacks (123 new, 54 existing, 27 removed) generated in December
|
||||
2016. Resolves ticket 20170.
|
||||
|
||||
o Minor features (geoip, backported from 0.2.9.7-rc):
|
||||
- Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
|
||||
Changes in version 0.2.8.11 - 2016-12-08
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
o Major bugfixes (parsing, security):
|
||||
|
||||
- Fix a bug in parsing that could cause clients to read a single
|
||||
byte past the end of an allocated region. This bug could be
|
||||
used to cause hardened clients (built with
|
||||
--enable-expensive-hardening) to crash if they tried to visit
|
||||
a hostile hidden service. Non-hardened clients are only
|
||||
affected depending on the details of their platform's memory
|
||||
allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by
|
||||
using libFuzzer. Also tracked as TROVE-2016-12-002 and as
|
||||
CVE-2016-1254.
|
|
@ -1,4 +0,0 @@
|
|||
o Minor features:
|
||||
- Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
o Minor features (fallback directory list):
|
||||
- Replace the 81 remaining fallbacks of the 100 originally introduced
|
||||
in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks
|
||||
(123 new, 54 existing, 27 removed) generated in December 2016.
|
||||
Resolves ticket 20170.
|
Loading…
Reference in New Issue