mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 15:43:32 +01:00
fwd-port more changelogs (0.2.4 through 0.2.8)
This commit is contained in:
parent
a95202d781
commit
dc47d936d4
112
ChangeLog
112
ChangeLog
@ -238,6 +238,118 @@ Changes in version 0.2.9.11 - 2017-06-08
|
||||
keypinning, free the router descriptor rather than leaking the
|
||||
memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
|
||||
|
||||
Changes in version 0.2.8.14 - 2017-06-08
|
||||
Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
|
||||
remotely crash a hidden service with an assertion failure. Anyone
|
||||
running a hidden service should upgrade to this version, or to some
|
||||
other version with fixes for TROVE-2017-005. (Versions before 0.3.0
|
||||
are not affected by TROVE-2017-004.)
|
||||
|
||||
o Major bugfixes (hidden service, relay, security):
|
||||
- Fix a remotely triggerable assertion failure caused by receiving a
|
||||
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
|
||||
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
|
||||
on 0.2.2.1-alpha.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
|
||||
- Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
|
||||
December 2016 (of which ~126 were still functional) with a list of
|
||||
151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
|
||||
2017. Resolves ticket 21564.
|
||||
|
||||
o Minor bugfixes (correctness):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||
|
||||
Changes in version 0.2.7.8 - 2017-06-08
|
||||
Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
|
||||
remotely crash a hidden service with an assertion failure. Anyone
|
||||
running a hidden service should upgrade to this version, or to some
|
||||
other version with fixes for TROVE-2017-005. (Versions before 0.3.0
|
||||
are not affected by TROVE-2017-004.)
|
||||
|
||||
o Major bugfixes (hidden service, relay, security):
|
||||
- Fix a remotely triggerable assertion failure caused by receiving a
|
||||
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
|
||||
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
|
||||
on 0.2.2.1-alpha.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (correctness):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||
|
||||
|
||||
Changes in version 0.2.6.12 - 2017-06-08
|
||||
Tor 0.2.6.12 backports a fix for a bug that would allow an attacker to
|
||||
remotely crash a hidden service with an assertion failure. Anyone
|
||||
running a hidden service should upgrade to this version, or to some
|
||||
other version with fixes for TROVE-2017-005. (Versions before 0.3.0
|
||||
are not affected by TROVE-2017-004.)
|
||||
|
||||
o Major bugfixes (hidden service, relay, security):
|
||||
- Fix a remotely triggerable assertion failure caused by receiving a
|
||||
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
|
||||
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
|
||||
on 0.2.2.1-alpha.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (correctness):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||
|
||||
Changes in version 0.2.5.14 - 2017-06-08
|
||||
Tor 0.2.5.14 backports a fix for a bug that would allow an attacker to
|
||||
remotely crash a hidden service with an assertion failure. Anyone
|
||||
running a hidden service should upgrade to this version, or to some
|
||||
other version with fixes for TROVE-2017-005. (Versions before 0.3.0
|
||||
are not affected by TROVE-2017-004.)
|
||||
|
||||
o Major bugfixes (hidden service, relay, security):
|
||||
- Fix a remotely triggerable assertion failure caused by receiving a
|
||||
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
|
||||
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
|
||||
on 0.2.2.1-alpha.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (correctness):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||
|
||||
Changes in version 0.2.4.29 - 2017-06-08
|
||||
Tor 0.2.4.29 backports a fix for a bug that would allow an attacker to
|
||||
remotely crash a hidden service with an assertion failure. Anyone
|
||||
running a hidden service should upgrade to this version, or to some
|
||||
other version with fixes for TROVE-2017-005. (Versions before 0.3.0
|
||||
are not affected by TROVE-2017-004.)
|
||||
|
||||
o Major bugfixes (hidden service, relay, security):
|
||||
- Fix a remotely triggerable assertion failure caused by receiving a
|
||||
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
|
||||
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
|
||||
on 0.2.2.1-alpha.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (correctness):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||
|
||||
|
||||
Changes in version 0.3.1.2-alpha - 2017-05-26
|
||||
Tor 0.3.1.2-alpha is the second release in the 0.3.1.x series. It
|
||||
|
112
ReleaseNotes
112
ReleaseNotes
@ -153,6 +153,118 @@ Changes in version 0.2.9.11 - 2017-06-08
|
||||
keypinning, free the router descriptor rather than leaking the
|
||||
memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
|
||||
|
||||
Changes in version 0.2.8.14 - 2017-06-08
|
||||
Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
|
||||
remotely crash a hidden service with an assertion failure. Anyone
|
||||
running a hidden service should upgrade to this version, or to some
|
||||
other version with fixes for TROVE-2017-005. (Versions before 0.3.0
|
||||
are not affected by TROVE-2017-004.)
|
||||
|
||||
o Major bugfixes (hidden service, relay, security):
|
||||
- Fix a remotely triggerable assertion failure caused by receiving a
|
||||
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
|
||||
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
|
||||
on 0.2.2.1-alpha.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
|
||||
- Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
|
||||
December 2016 (of which ~126 were still functional) with a list of
|
||||
151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
|
||||
2017. Resolves ticket 21564.
|
||||
|
||||
o Minor bugfixes (correctness):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||
|
||||
Changes in version 0.2.7.8 - 2017-06-08
|
||||
Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
|
||||
remotely crash a hidden service with an assertion failure. Anyone
|
||||
running a hidden service should upgrade to this version, or to some
|
||||
other version with fixes for TROVE-2017-005. (Versions before 0.3.0
|
||||
are not affected by TROVE-2017-004.)
|
||||
|
||||
o Major bugfixes (hidden service, relay, security):
|
||||
- Fix a remotely triggerable assertion failure caused by receiving a
|
||||
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
|
||||
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
|
||||
on 0.2.2.1-alpha.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (correctness):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||
|
||||
|
||||
Changes in version 0.2.6.12 - 2017-06-08
|
||||
Tor 0.2.6.12 backports a fix for a bug that would allow an attacker to
|
||||
remotely crash a hidden service with an assertion failure. Anyone
|
||||
running a hidden service should upgrade to this version, or to some
|
||||
other version with fixes for TROVE-2017-005. (Versions before 0.3.0
|
||||
are not affected by TROVE-2017-004.)
|
||||
|
||||
o Major bugfixes (hidden service, relay, security):
|
||||
- Fix a remotely triggerable assertion failure caused by receiving a
|
||||
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
|
||||
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
|
||||
on 0.2.2.1-alpha.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (correctness):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||
|
||||
Changes in version 0.2.5.14 - 2017-06-08
|
||||
Tor 0.2.5.14 backports a fix for a bug that would allow an attacker to
|
||||
remotely crash a hidden service with an assertion failure. Anyone
|
||||
running a hidden service should upgrade to this version, or to some
|
||||
other version with fixes for TROVE-2017-005. (Versions before 0.3.0
|
||||
are not affected by TROVE-2017-004.)
|
||||
|
||||
o Major bugfixes (hidden service, relay, security):
|
||||
- Fix a remotely triggerable assertion failure caused by receiving a
|
||||
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
|
||||
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
|
||||
on 0.2.2.1-alpha.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (correctness):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||
|
||||
Changes in version 0.2.4.29 - 2017-06-08
|
||||
Tor 0.2.4.29 backports a fix for a bug that would allow an attacker to
|
||||
remotely crash a hidden service with an assertion failure. Anyone
|
||||
running a hidden service should upgrade to this version, or to some
|
||||
other version with fixes for TROVE-2017-005. (Versions before 0.3.0
|
||||
are not affected by TROVE-2017-004.)
|
||||
|
||||
o Major bugfixes (hidden service, relay, security):
|
||||
- Fix a remotely triggerable assertion failure caused by receiving a
|
||||
BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
|
||||
22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
|
||||
on 0.2.2.1-alpha.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Minor bugfixes (correctness):
|
||||
- Avoid undefined behavior when parsing IPv6 entries from the geoip6
|
||||
file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
|
||||
|
||||
|
||||
Changes in version 0.3.0.7 - 2017-05-15
|
||||
Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions
|
||||
|
Loading…
Reference in New Issue
Block a user