Finish changelog for 0.2.8.15
This commit is contained in:
parent
7cab15eabc
commit
e25e980285
13
ChangeLog
13
ChangeLog
|
@ -1,5 +1,16 @@
|
||||||
Changes in version 0.2.8.15 - 2017-09-18
|
Changes in version 0.2.8.15 - 2017-09-18
|
||||||
BLURB
|
Tor 0.2.8.15 backports a collection of bugfixes from later
|
||||||
|
Tor series.
|
||||||
|
|
||||||
|
Most significantly, it includes a fix for TROVE-2017-008, a
|
||||||
|
security bug that affects hidden services running with the
|
||||||
|
SafeLogging option disabled. For more information, see
|
||||||
|
https://trac.torproject.org/projects/tor/ticket/23490
|
||||||
|
|
||||||
|
Note that Tor 0.2.8.x will no longer be supported after 1 Jan
|
||||||
|
2018. We suggest that you upgrade to the latest stable release if
|
||||||
|
possible. If you can't, we recommend that you upgrade at least to
|
||||||
|
0.2.9, which will be supported until 2020.
|
||||||
|
|
||||||
o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
|
o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
|
||||||
- Avoid an assertion failure bug affecting our implementation of
|
- Avoid an assertion failure bug affecting our implementation of
|
||||||
|
|
50
ReleaseNotes
50
ReleaseNotes
|
@ -2,6 +2,56 @@ This document summarizes new features and bugfixes in each stable release
|
||||||
of Tor. If you want to see more detailed descriptions of the changes in
|
of Tor. If you want to see more detailed descriptions of the changes in
|
||||||
each development snapshot, see the ChangeLog file.
|
each development snapshot, see the ChangeLog file.
|
||||||
|
|
||||||
|
Changes in version 0.2.8.15 - 2017-09-18
|
||||||
|
Tor 0.2.8.15 backports a collection of bugfixes from later
|
||||||
|
Tor series.
|
||||||
|
|
||||||
|
Most significantly, it includes a fix for TROVE-2017-008, a
|
||||||
|
security bug that affects hidden services running with the
|
||||||
|
SafeLogging option disabled. For more information, see
|
||||||
|
https://trac.torproject.org/projects/tor/ticket/23490
|
||||||
|
|
||||||
|
Note that Tor 0.2.8.x will no longer be supported after 1 Jan
|
||||||
|
2018. We suggest that you upgrade to the latest stable release if
|
||||||
|
possible. If you can't, we recommend that you upgrade at least to
|
||||||
|
0.2.9, which will be supported until 2020.
|
||||||
|
|
||||||
|
o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
|
||||||
|
- Avoid an assertion failure bug affecting our implementation of
|
||||||
|
inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
|
||||||
|
handling of "0xx" differs from what we had expected. Fixes bug
|
||||||
|
22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
|
||||||
|
|
||||||
|
o Minor features:
|
||||||
|
- Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
|
||||||
|
- Backport a fix for an "unused variable" warning that appeared
|
||||||
|
in some versions of mingw. Fixes bug 22838; bugfix on
|
||||||
|
0.2.8.1-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha):
|
||||||
|
- Fix a memset() off the end of an array when packing cells. This
|
||||||
|
bug should be harmless in practice, since the corrupted bytes are
|
||||||
|
still in the same structure, and are always padding bytes,
|
||||||
|
ignored, or immediately overwritten, depending on compiler
|
||||||
|
behavior. Nevertheless, because the memset()'s purpose is to make
|
||||||
|
sure that any other cell-handling bugs can't expose bytes to the
|
||||||
|
network, we need to fix it. Fixes bug 22737; bugfix on
|
||||||
|
0.2.4.11-alpha. Fixes CID 1401591.
|
||||||
|
|
||||||
|
o Build features (backport from 0.3.1.5-alpha):
|
||||||
|
- Tor's repository now includes a Travis Continuous Integration (CI)
|
||||||
|
configuration file (.travis.yml). This is meant to help new
|
||||||
|
developers and contributors who fork Tor to a Github repository be
|
||||||
|
better able to test their changes, and understand what we expect
|
||||||
|
to pass. To use this new build feature, you must fork Tor to your
|
||||||
|
Github account, then go into the "Integrations" menu in the
|
||||||
|
repository settings for your fork and enable Travis, then push
|
||||||
|
your changes. Closes ticket 22636.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.2.8.14 - 2017-06-08
|
Changes in version 0.2.8.14 - 2017-06-08
|
||||||
Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
|
Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
|
||||||
remotely crash a hidden service with an assertion failure. Anyone
|
remotely crash a hidden service with an assertion failure. Anyone
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
o Major bugfixes (security, hidden services, loggging):
|
|
||||||
- Fix a bug where we could log uninitialized stack when a certain
|
|
||||||
hidden service error occurred while SafeLogging was disabled.
|
|
||||||
Fixes bug #23490; bugfix on 0.2.7.2-alpha.
|
|
||||||
This is also tracked as TROVE-2017-008 and CVE-2017-0380.
|
|
Loading…
Reference in New Issue