diff options
| author | Nick Mathewson <nickm@torproject.org> | 2016-12-19 08:26:15 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-12-19 08:26:15 -0500 |
| commit | 9b024fb2810e08569d199e46f922245954477046 (patch) | |
| tree | 152891c627fb7da28b98f6794338696878c5da35 | |
| parent | fe7a0c34b05db5f4a8a91353c1615ab9cde33095 (diff) | |
| download | tor-9b024fb2810e08569d199e46f922245954477046.tar.gz tor-9b024fb2810e08569d199e46f922245954477046.zip | |
0.2.8.12 releasenotes
| -rw-r--r-- | ChangeLog | 33 | ||||
| -rw-r--r-- | ReleaseNotes | 29 | ||||
| -rw-r--r-- | changes/bug21018 | 11 | ||||
| -rw-r--r-- | changes/geoip-december2016 | 4 | ||||
| -rw-r--r-- | changes/ticket20170-v3 | 5 |
5 files changed, 55 insertions, 27 deletions
@@ -1,3 +1,36 @@ +Changes in version 0.2.8.12 - 2016-12-19 + Tor 0.2.8.12 backports a fix for a medium-severity issue (bug 21018 + below) where Tor clients could crash when attempting to visit a + hostile hidden service. Clients are recommended to upgrade as packages + become available for their systems. + + It also includes an updated list of fallback directories, backported + from 0.2.9. + + Now that the Tor 0.2.9 series is stable, only major bugfixes will be + backported to 0.2.8 in the future. + + o Major bugfixes (parsing, security, backported from 0.2.9.8): + - Fix a bug in parsing that could cause clients to read a single + byte past the end of an allocated region. This bug could be used + to cause hardened clients (built with --enable-expensive-hardening) + to crash if they tried to visit a hostile hidden service. Non- + hardened clients are only affected depending on the details of + their platform's memory allocator. Fixes bug 21018; bugfix on + 0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE- + 2016-12-002 and as CVE-2016-1254. + + o Minor features (fallback directory list, backported from 0.2.9.8): + - Replace the 81 remaining fallbacks of the 100 originally + introduced in Tor 0.2.8.3-alpha in March 2016, with a list of 177 + fallbacks (123 new, 54 existing, 27 removed) generated in December + 2016. Resolves ticket 20170. + + o Minor features (geoip, backported from 0.2.9.7-rc): + - Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 + Country database. + + Changes in version 0.2.8.11 - 2016-12-08 Tor 0.2.8.11 backports fixes for additional portability issues that could prevent Tor from building correctly on OSX Sierra, or with diff --git a/ReleaseNotes b/ReleaseNotes index 163ef6796b..7f51fe3c7a 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -12,13 +12,28 @@ Changes in version 0.2.8.12 - 2016-12-19 It also includes an updated list of fallback directories, backported from 0.2.9. - With the release of Tor 0.2.9.8, the Tor 0.2.8 series is now - officially old: only major bugfixes will be backported to 0.2.8 in the - future. - - - - + Now that the Tor 0.2.9 series is stable, only major bugfixes will be + backported to 0.2.8 in the future. + + o Major bugfixes (parsing, security, backported from 0.2.9.8): + - Fix a bug in parsing that could cause clients to read a single + byte past the end of an allocated region. This bug could be used + to cause hardened clients (built with --enable-expensive-hardening) + to crash if they tried to visit a hostile hidden service. Non- + hardened clients are only affected depending on the details of + their platform's memory allocator. Fixes bug 21018; bugfix on + 0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE- + 2016-12-002 and as CVE-2016-1254. + + o Minor features (fallback directory list, backported from 0.2.9.8): + - Replace the 81 remaining fallbacks of the 100 originally + introduced in Tor 0.2.8.3-alpha in March 2016, with a list of 177 + fallbacks (123 new, 54 existing, 27 removed) generated in December + 2016. Resolves ticket 20170. + + o Minor features (geoip, backported from 0.2.9.7-rc): + - Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 + Country database. Changes in version 0.2.8.11 - 2016-12-08 diff --git a/changes/bug21018 b/changes/bug21018 deleted file mode 100644 index 49a8b47a25..0000000000 --- a/changes/bug21018 +++ /dev/null @@ -1,11 +0,0 @@ - o Major bugfixes (parsing, security): - - - Fix a bug in parsing that could cause clients to read a single - byte past the end of an allocated region. This bug could be - used to cause hardened clients (built with - --enable-expensive-hardening) to crash if they tried to visit - a hostile hidden service. Non-hardened clients are only - affected depending on the details of their platform's memory - allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by - using libFuzzer. Also tracked as TROVE-2016-12-002 and as - CVE-2016-1254. diff --git a/changes/geoip-december2016 b/changes/geoip-december2016 deleted file mode 100644 index 60754ea21d..0000000000 --- a/changes/geoip-december2016 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features: - - Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 - Country database. - diff --git a/changes/ticket20170-v3 b/changes/ticket20170-v3 deleted file mode 100644 index d634e72053..0000000000 --- a/changes/ticket20170-v3 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (fallback directory list): - - Replace the 81 remaining fallbacks of the 100 originally introduced - in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks - (123 new, 54 existing, 27 removed) generated in December 2016. - Resolves ticket 20170. |