From a62438f7464d8e45203838cd1e619a6300266a0f Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Thu, 18 Apr 2024 09:10:03 -0400 Subject: [PATCH 1/2] forward-port the 0.4.8.10 and .11 changelogs --- ChangeLog | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++ ReleaseNotes | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+) diff --git a/ChangeLog b/ChangeLog index a0421ea3ac..5118278012 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,57 @@ +Changes in version 0.4.8.11 - 2024-04-10 + This is a minor release mostly to upgrade the fallbackdir list. Worth noting + also that directory authority running this version will now automatically + reject relays running the end of life 0.4.7.x version. + + o Minor feature (authority): + - Reject 0.4.7.x series at the authority level. Closes ticket 40896. + + o Minor feature (dirauth, tor26): + - New IP address and keys. + + o Minor feature (directory authority): + - Allow BandwidthFiles "node_id" KeyValue without the dollar sign at + the start of the hexdigit, in order to easier database queries + combining Tor documents in which the relays fingerprint does not + include it. Fixes bug 40891; bugfix on 0.4.7 (all supported + versions of Tor). + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on April 10, 2024. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2024/04/10. + + o Minor bugfixes (directory authorities): + - Add a warning when publishing a vote or signatures to another + directory authority fails. Fixes bug 40910; bugfix + on 0.2.0.3-alpha. + + +Changes in version 0.4.8.10 - 2023-12-08 + This is a security release fixing a high severity bug (TROVE-2023-007) + affecting Exit relays supporting Conflux. We strongly recommend to update as + soon as possible. + + o Major bugfixes (TROVE-2023-007, exit): + - Improper error propagation from a safety check in conflux leg + linking lead to a desynchronization of which legs were part of a + conflux set, ultimately causing a UAF and NULL pointer dereference + crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on December 08, 2023. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2023/12/08. + + o Minor bugfixes (bridges, statistics): + - Correctly report statistics for client count over Pluggable + transport. Fixes bug 40871; bugfix on 0.4.8.4 + + Changes in version 0.4.8.9 - 2023-11-09 This is another security release fixing a high severity bug affecting onion services which is tracked by TROVE-2023-006. We are also releasing a guard diff --git a/ReleaseNotes b/ReleaseNotes index 362e687306..e023f2b560 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,60 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.4.8.11 - 2024-04-10 + This is a minor release mostly to upgrade the fallbackdir list. Worth noting + also that directory authority running this version will now automatically + reject relays running the end of life 0.4.7.x version. + + o Minor feature (authority): + - Reject 0.4.7.x series at the authority level. Closes ticket 40896. + + o Minor feature (dirauth, tor26): + - New IP address and keys. + + o Minor feature (directory authority): + - Allow BandwidthFiles "node_id" KeyValue without the dollar sign at + the start of the hexdigit, in order to easier database queries + combining Tor documents in which the relays fingerprint does not + include it. Fixes bug 40891; bugfix on 0.4.7 (all supported + versions of Tor). + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on April 10, 2024. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2024/04/10. + + o Minor bugfixes (directory authorities): + - Add a warning when publishing a vote or signatures to another + directory authority fails. Fixes bug 40910; bugfix + on 0.2.0.3-alpha. + + +Changes in version 0.4.8.10 - 2023-12-08 + This is a security release fixing a high severity bug (TROVE-2023-007) + affecting Exit relays supporting Conflux. We strongly recommend to update as + soon as possible. + + o Major bugfixes (TROVE-2023-007, exit): + - Improper error propagation from a safety check in conflux leg + linking lead to a desynchronization of which legs were part of a + conflux set, ultimately causing a UAF and NULL pointer dereference + crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on December 08, 2023. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2023/12/08. + + o Minor bugfixes (bridges, statistics): + - Correctly report statistics for client count over Pluggable + transport. Fixes bug 40871; bugfix on 0.4.8.4 + + Changes in version 0.4.8.9 - 2023-11-09 This is another security release fixing a high severity bug affecting onion services which is tracked by TROVE-2023-006. We are also releasing a guard From 9124e99dc5159c5e46d883b4fc0353c1614f9343 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Fri, 19 Apr 2024 08:18:48 -0400 Subject: [PATCH 2/2] fix changelog typos and clean up a bit --- ChangeLog | 21 ++++++++------------- ReleaseNotes | 21 ++++++++------------- 2 files changed, 16 insertions(+), 26 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5118278012..55b02340fb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,15 +1,11 @@ Changes in version 0.4.8.11 - 2024-04-10 - This is a minor release mostly to upgrade the fallbackdir list. Worth noting - also that directory authority running this version will now automatically + This is a minor release mostly to upgrade the fallbackdir list. + Directory authorities running this version will now automatically reject relays running the end of life 0.4.7.x version. - o Minor feature (authority): + o Minor features (directory authorities): - Reject 0.4.7.x series at the authority level. Closes ticket 40896. - - o Minor feature (dirauth, tor26): - - New IP address and keys. - - o Minor feature (directory authority): + - New IP address and keys for tor26. - Allow BandwidthFiles "node_id" KeyValue without the dollar sign at the start of the hexdigit, in order to easier database queries combining Tor documents in which the relays fingerprint does not @@ -25,8 +21,7 @@ Changes in version 0.4.8.11 - 2024-04-10 o Minor bugfixes (directory authorities): - Add a warning when publishing a vote or signatures to another - directory authority fails. Fixes bug 40910; bugfix - on 0.2.0.3-alpha. + directory authority fails. Fixes bug 40910; bugfix on 0.2.0.3-alpha. Changes in version 0.4.8.10 - 2023-12-08 @@ -36,7 +31,7 @@ Changes in version 0.4.8.10 - 2023-12-08 o Major bugfixes (TROVE-2023-007, exit): - Improper error propagation from a safety check in conflux leg - linking lead to a desynchronization of which legs were part of a + linking led to a desynchronization of which legs were part of a conflux set, ultimately causing a UAF and NULL pointer dereference crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha. @@ -48,8 +43,8 @@ Changes in version 0.4.8.10 - 2023-12-08 retrieved on 2023/12/08. o Minor bugfixes (bridges, statistics): - - Correctly report statistics for client count over Pluggable - transport. Fixes bug 40871; bugfix on 0.4.8.4 + - Correctly report statistics for client count over pluggable + transports. Fixes bug 40871; bugfix on 0.4.8.4. Changes in version 0.4.8.9 - 2023-11-09 diff --git a/ReleaseNotes b/ReleaseNotes index e023f2b560..151236620d 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -3,17 +3,13 @@ release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. Changes in version 0.4.8.11 - 2024-04-10 - This is a minor release mostly to upgrade the fallbackdir list. Worth noting - also that directory authority running this version will now automatically + This is a minor release mostly to upgrade the fallbackdir list. + Directory authorities running this version will now automatically reject relays running the end of life 0.4.7.x version. - o Minor feature (authority): + o Minor features (directory authorities): - Reject 0.4.7.x series at the authority level. Closes ticket 40896. - - o Minor feature (dirauth, tor26): - - New IP address and keys. - - o Minor feature (directory authority): + - New IP address and keys for tor26. - Allow BandwidthFiles "node_id" KeyValue without the dollar sign at the start of the hexdigit, in order to easier database queries combining Tor documents in which the relays fingerprint does not @@ -29,8 +25,7 @@ Changes in version 0.4.8.11 - 2024-04-10 o Minor bugfixes (directory authorities): - Add a warning when publishing a vote or signatures to another - directory authority fails. Fixes bug 40910; bugfix - on 0.2.0.3-alpha. + directory authority fails. Fixes bug 40910; bugfix on 0.2.0.3-alpha. Changes in version 0.4.8.10 - 2023-12-08 @@ -40,7 +35,7 @@ Changes in version 0.4.8.10 - 2023-12-08 o Major bugfixes (TROVE-2023-007, exit): - Improper error propagation from a safety check in conflux leg - linking lead to a desynchronization of which legs were part of a + linking led to a desynchronization of which legs were part of a conflux set, ultimately causing a UAF and NULL pointer dereference crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha. @@ -52,8 +47,8 @@ Changes in version 0.4.8.10 - 2023-12-08 retrieved on 2023/12/08. o Minor bugfixes (bridges, statistics): - - Correctly report statistics for client count over Pluggable - transport. Fixes bug 40871; bugfix on 0.4.8.4 + - Correctly report statistics for client count over pluggable + transports. Fixes bug 40871; bugfix on 0.4.8.4. Changes in version 0.4.8.9 - 2023-11-09