From 9d35ddf110dc1737af4f12c4135a03cb7ac3c85d Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 18 Sep 2017 09:50:05 -0400 Subject: [PATCH] Finish changelog and release notes for 0.3.1.7 --- ChangeLog | 20 +++++++++++++++----- ReleaseNotes | 20 +++++++++++++++----- changes/bug23533 | 4 ---- changes/trove-2017-008 | 5 ----- 4 files changed, 30 insertions(+), 19 deletions(-) delete mode 100644 changes/bug23533 delete mode 100644 changes/trove-2017-008 diff --git a/ChangeLog b/ChangeLog index 282cb3e8d..0c8c0d310 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,11 +9,10 @@ Changes in version 0.3.1.7 - 2017-09-18 small features, bugfixes on earlier release series, and groundwork for the hidden services revamp of 0.3.2. - Per our stable release policy, we plan to support the Tor 0.3.0 - release series for at least the next nine months, or for three months - after the first stable release of the 0.3.1 series: whichever is - longer. If you need a release with long-term support, we recommend - that you stay with the 0.2.9 series. + This release also includes a fix for TROVE-2017-008, a security bug + that affects hidden services running with the SafeLogging option + disabled. For more information, see + https://trac.torproject.org/projects/tor/ticket/23490 Per our stable release policy, we plan to support each stable release series for at least the next nine months, or for three months after @@ -24,6 +23,12 @@ Changes in version 0.3.1.7 - 2017-09-18 Below is a list of the changes since 0.3.1.6-rc. For a list of all changes since 0.3.0, see the ReleaseNotes file. + o Major bugfixes (security, hidden services, loggging): + - Fix a bug where we could log uninitialized stack when a certain + hidden service error occurred while SafeLogging was disabled. + Fixes bug #23490; bugfix on 0.2.7.2-alpha. This is also tracked as + TROVE-2017-008 and CVE-2017-0380. + o Minor features (defensive programming): - Create a pair of consensus parameters, nf_pad_tor2web and nf_pad_single_onion, to disable netflow padding in the consensus @@ -49,6 +54,11 @@ Changes in version 0.3.1.7 - 2017-09-18 - Do not crash when receiving a POSTDESCRIPTOR command with an empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha. + o Minor bugfixes (relay): + - Inform the geoip and rephist modules about all requests, even on + relays that are only fetching microdescriptors. Fixes a bug + related to 21585; bugfix on 0.3.0.1-alpha. + o Minor bugfixes (unit tests): - Fix a channelpadding unit test failure on slow systems by using mocked time instead of actual time. Fixes bug 23077; bugfix diff --git a/ReleaseNotes b/ReleaseNotes index 8328b63c1..e8a9f3b41 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -13,11 +13,10 @@ Changes in version 0.3.1.7 - 2017-09-18 small features, bugfixes on earlier release series, and groundwork for the hidden services revamp of 0.3.2. - Per our stable release policy, we plan to support the Tor 0.3.0 - release series for at least the next nine months, or for three months - after the first stable release of the 0.3.1 series: whichever is - longer. If you need a release with long-term support, we recommend - that you stay with the 0.2.9 series. + This release also includes a fix for TROVE-2017-008, a security bug + that affects hidden services running with the SafeLogging option + disabled. For more information, see + https://trac.torproject.org/projects/tor/ticket/23490 Per our stable release policy, we plan to support each stable release series for at least the next nine months, or for three months after @@ -32,6 +31,12 @@ Changes in version 0.3.1.7 - 2017-09-18 - To build with zstd and lzma support, Tor now requires the pkg-config tool at build time. + o Major bugfixes (security, hidden services, loggging): + - Fix a bug where we could log uninitialized stack when a certain + hidden service error occurred while SafeLogging was disabled. + Fixes bug #23490; bugfix on 0.2.7.2-alpha. + This is also tracked as TROVE-2017-008 and CVE-2017-0380. + o Major features (build system, continuous integration): - Tor's repository now includes a Travis Continuous Integration (CI) configuration file (.travis.yml). This is meant to help new @@ -515,6 +520,11 @@ Changes in version 0.3.1.7 - 2017-09-18 and are not relevant to the operator. Fixes bug 23078; bugfix on 0.3.0.1-alpha and 0.3.0.2-alpha. + o Minor bugfixes (relay): + - Inform the geoip and rephist modules about all requests, even on + relays that are only fetching microdescriptors. Fixes a bug + related to 21585; bugfix on 0.3.0.1-alpha. + o Minor bugfixes (memory leaks): - Fix a small memory leak at exit from the backtrace handler code. Fixes bug 21788; bugfix on 0.2.5.2-alpha. Patch from Daniel Pinto. diff --git a/changes/bug23533 b/changes/bug23533 deleted file mode 100644 index b5bfdc0ce..000000000 --- a/changes/bug23533 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay): - - Inform the geoip and rephist modules about all requests, even - on relays that are only fetching microdescriptors. Fixes a bug related - to 21585; bugfix on 0.3.0.1-alpha. diff --git a/changes/trove-2017-008 b/changes/trove-2017-008 deleted file mode 100644 index 4b9c5b0a1..000000000 --- a/changes/trove-2017-008 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, hidden services, loggging): - - Fix a bug where we could log uninitialized stack when a certain - hidden service error occurred while SafeLogging was disabled. - Fixes bug #23490; bugfix on 0.2.7.2-alpha. - This is also tracked as TROVE-2017-008 and CVE-2017-0380.