diff options
| author | Nick Mathewson <nickm@torproject.org> | 2016-12-19 08:20:07 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-12-19 08:20:07 -0500 |
| commit | dab16f3a04e2e5d8ddb43ed876c3cadf4ed8c450 (patch) | |
| tree | b3b515b786949995b3a66b1e73ec92e980013c17 /ChangeLog | |
| parent | 49bdcfd4b6f392e6c0f15e6beaec7a7498aadc88 (diff) | |
| download | tor-dab16f3a04e2e5d8ddb43ed876c3cadf4ed8c450.tar.gz tor-dab16f3a04e2e5d8ddb43ed876c3cadf4ed8c450.zip | |
0.2.9.8 changelog and releasenotes
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 40 |
1 files changed, 40 insertions, 0 deletions
@@ -1,3 +1,43 @@ +Changes in version 0.2.9.8 - 2016-12-19 + + Tor 0.2.9.8 is the first stable release of the Tor 0.2.9 series. + + The Tor 0.2.9 series makes mandatory a number of security features + that were formerly optional. It includes support for a new shared- + randomness protocol that will form the basis for next generation + hidden services, includes a single-hop hidden service mode for + optimizing .onion services that don't actually want to be hidden, + tries harder not to overload the directory authorities with excessive + downloads, and supports a better protocol versioniing scheme for + improved compatibility with other implementations of the Tor protocol. + + And of course, there numerous other bugfixes and improvements. + + This release also includes a fix for a medium-severity issue (bug + 21018 below) where Tor clients could crash when attempting to visit a + hostile hidden service. Clients are recommended to upgrade as packages + become available for their systems. + + Below are the changes since 0.2.9.7-rc. For a list of all changes + since 0.2.8, see the ReleaseNotes file. + + o Major bugfixes (parsing, security): + - Fix a bug in parsing that could cause clients to read a single + byte past the end of an allocated region. This bug could be used + to cause hardened clients (built with --enable-expensive-hardening) + to crash if they tried to visit a hostile hidden service. Non- + hardened clients are only affected depending on the details of + their platform's memory allocator. Fixes bug 21018; bugfix on + 0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE- + 2016-12-002 and as CVE-2016-1254. + + o Minor features (fallback directory list): + - Replace the 81 remaining fallbacks of the 100 originally + introduced in Tor 0.2.8.3-alpha in March 2016, with a list of 177 + fallbacks (123 new, 54 existing, 27 removed) generated in December + 2016. Resolves ticket 20170. + + Changes in version 0.2.9.7-rc - 2016-12-12 Tor 0.2.9.7-rc fixes a few small bugs remaining in Tor 0.2.9.6-rc, including a few that had prevented tests from passing on |