mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 13:53:31 +01:00
Add 0.3.0.9 to changelog and releasenotes
This commit is contained in:
parent
e0aa6bee4a
commit
700ecce265
55
ChangeLog
55
ChangeLog
@ -1,3 +1,58 @@
|
|||||||
|
|
||||||
|
Changes in version 0.3.0.9 - 2017-06-29
|
||||||
|
Tor 0.3.0.9 fixes a path selection bug that would allow a client
|
||||||
|
to use a guard that was in the same network family as a chosen exit
|
||||||
|
relay. This is a security regression; all clients running earlier
|
||||||
|
versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or
|
||||||
|
0.3.1.4-alpha.
|
||||||
|
|
||||||
|
This release also backports several other bugfixes from the 0.3.1.x
|
||||||
|
series.
|
||||||
|
|
||||||
|
o Major bugfixes (path selection, security, backport from 0.3.1.4-alpha):
|
||||||
|
- When choosing which guard to use for a circuit, avoid the exit's
|
||||||
|
family along with the exit itself. Previously, the new guard
|
||||||
|
selection logic avoided the exit, but did not consider its family.
|
||||||
|
Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2016-
|
||||||
|
006 and CVE-2017-0377.
|
||||||
|
|
||||||
|
o Major bugfixes (entry guards, backport from 0.3.1.1-alpha):
|
||||||
|
- Don't block bootstrapping when a primary bridge is offline and we
|
||||||
|
can't get its descriptor. Fixes bug 22325; fixes one case of bug
|
||||||
|
21969; bugfix on 0.3.0.3-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (entry guards, backport from 0.3.1.4-alpha):
|
||||||
|
- When starting with an old consensus, do not add new entry guards
|
||||||
|
unless the consensus is "reasonably live" (under 1 day old). Fixes
|
||||||
|
one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor features (geoip):
|
||||||
|
- Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor bugfixes (voting consistency, backport from 0.3.1.1-alpha):
|
||||||
|
- Reject version numbers with non-numeric prefixes (such as +, -, or
|
||||||
|
whitespace). Disallowing whitespace prevents differential version
|
||||||
|
parsing between POSIX-based and Windows platforms. Fixes bug 21507
|
||||||
|
and part of 21508; bugfix on 0.0.8pre1.
|
||||||
|
|
||||||
|
o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.4-alpha):
|
||||||
|
- Permit the fchmod system call, to avoid crashing on startup when
|
||||||
|
starting with the seccomp2 sandbox and an unexpected set of
|
||||||
|
permissions on the data directory or its contents. Fixes bug
|
||||||
|
22516; bugfix on 0.2.5.4-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (defensive programming, backport from 0.3.1.4-alpha):
|
||||||
|
- Fix a memset() off the end of an array when packing cells. This
|
||||||
|
bug should be harmless in practice, since the corrupted bytes are
|
||||||
|
still in the same structure, and are always padding bytes,
|
||||||
|
ignored, or immediately overwritten, depending on compiler
|
||||||
|
behavior. Nevertheless, because the memset()'s purpose is to make
|
||||||
|
sure that any other cell-handling bugs can't expose bytes to the
|
||||||
|
network, we need to fix it. Fixes bug 22737; bugfix on
|
||||||
|
0.2.4.11-alpha. Fixes CID 1401591.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.3.1.3-alpha - 2017-06-08
|
Changes in version 0.3.1.3-alpha - 2017-06-08
|
||||||
Tor 0.3.1.3-alpha fixes a pair of bugs that would allow an attacker to
|
Tor 0.3.1.3-alpha fixes a pair of bugs that would allow an attacker to
|
||||||
remotely crash a hidden service with an assertion failure. Anyone
|
remotely crash a hidden service with an assertion failure. Anyone
|
||||||
|
54
ReleaseNotes
54
ReleaseNotes
@ -2,6 +2,60 @@ This document summarizes new features and bugfixes in each stable release
|
|||||||
of Tor. If you want to see more detailed descriptions of the changes in
|
of Tor. If you want to see more detailed descriptions of the changes in
|
||||||
each development snapshot, see the ChangeLog file.
|
each development snapshot, see the ChangeLog file.
|
||||||
|
|
||||||
|
Changes in version 0.3.0.9 - 2017-06-29
|
||||||
|
Tor 0.3.0.9 fixes a path selection bug that would allow a client
|
||||||
|
to use a guard that was in the same network family as a chosen exit
|
||||||
|
relay. This is a security regression; all clients running earlier
|
||||||
|
versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or
|
||||||
|
0.3.1.4-alpha.
|
||||||
|
|
||||||
|
This release also backports several other bugfixes from the 0.3.1.x
|
||||||
|
series.
|
||||||
|
|
||||||
|
o Major bugfixes (path selection, security, backport from 0.3.1.4-alpha):
|
||||||
|
- When choosing which guard to use for a circuit, avoid the exit's
|
||||||
|
family along with the exit itself. Previously, the new guard
|
||||||
|
selection logic avoided the exit, but did not consider its family.
|
||||||
|
Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2016-
|
||||||
|
006 and CVE-2017-0377.
|
||||||
|
|
||||||
|
o Major bugfixes (entry guards, backport from 0.3.1.1-alpha):
|
||||||
|
- Don't block bootstrapping when a primary bridge is offline and we
|
||||||
|
can't get its descriptor. Fixes bug 22325; fixes one case of bug
|
||||||
|
21969; bugfix on 0.3.0.3-alpha.
|
||||||
|
|
||||||
|
o Major bugfixes (entry guards, backport from 0.3.1.4-alpha):
|
||||||
|
- When starting with an old consensus, do not add new entry guards
|
||||||
|
unless the consensus is "reasonably live" (under 1 day old). Fixes
|
||||||
|
one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
|
||||||
|
|
||||||
|
o Minor features (geoip):
|
||||||
|
- Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
|
||||||
|
Country database.
|
||||||
|
|
||||||
|
o Minor bugfixes (voting consistency, backport from 0.3.1.1-alpha):
|
||||||
|
- Reject version numbers with non-numeric prefixes (such as +, -, or
|
||||||
|
whitespace). Disallowing whitespace prevents differential version
|
||||||
|
parsing between POSIX-based and Windows platforms. Fixes bug 21507
|
||||||
|
and part of 21508; bugfix on 0.0.8pre1.
|
||||||
|
|
||||||
|
o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.4-alpha):
|
||||||
|
- Permit the fchmod system call, to avoid crashing on startup when
|
||||||
|
starting with the seccomp2 sandbox and an unexpected set of
|
||||||
|
permissions on the data directory or its contents. Fixes bug
|
||||||
|
22516; bugfix on 0.2.5.4-alpha.
|
||||||
|
|
||||||
|
o Minor bugfixes (defensive programming, backport from 0.3.1.4-alpha):
|
||||||
|
- Fix a memset() off the end of an array when packing cells. This
|
||||||
|
bug should be harmless in practice, since the corrupted bytes are
|
||||||
|
still in the same structure, and are always padding bytes,
|
||||||
|
ignored, or immediately overwritten, depending on compiler
|
||||||
|
behavior. Nevertheless, because the memset()'s purpose is to make
|
||||||
|
sure that any other cell-handling bugs can't expose bytes to the
|
||||||
|
network, we need to fix it. Fixes bug 22737; bugfix on
|
||||||
|
0.2.4.11-alpha. Fixes CID 1401591.
|
||||||
|
|
||||||
|
|
||||||
Changes in version 0.3.0.8 - 2017-06-08
|
Changes in version 0.3.0.8 - 2017-06-08
|
||||||
Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to
|
Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to
|
||||||
remotely crash a hidden service with an assertion failure. Anyone
|
remotely crash a hidden service with an assertion failure. Anyone
|
||||||
|
Loading…
Reference in New Issue
Block a user