diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-05-15 18:28:49 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-05-15 18:28:49 -0400 |
| commit | f9f51933c19e3c4abefac3c04d4a1cb03444d3f7 (patch) | |
| tree | 63ffa40b6bfa4f23918da65ca17ef13fa6479679 /ReleaseNotes | |
| parent | 9b88254d1e393c92bfa3c9dc47e4049b66cf7844 (diff) | |
| download | tor-f9f51933c19e3c4abefac3c04d4a1cb03444d3f7.tar.gz tor-f9f51933c19e3c4abefac3c04d4a1cb03444d3f7.zip | |
forward-port changelog and releasenotes
Diffstat (limited to 'ReleaseNotes')
| -rw-r--r-- | ReleaseNotes | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/ReleaseNotes b/ReleaseNotes index ca5a30dd43..cbd656efd5 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -3,6 +3,39 @@ of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.3.0.7 - 2017-05-15 + Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions + of Tor 0.3.0.x, where an attacker could cause a Tor relay process + to exit. Relays running earlier versions of Tor 0.3.0.x should upgrade; + clients are not affected. + + o Major bugfixes (hidden service directory, security): + - Fix an assertion failure in the hidden service directory code, which + could be used by an attacker to remotely cause a Tor relay process to + exit. Relays running earlier versions of Tor 0.3.0.x should upgrade. + This security issue is tracked as tracked as + TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha. + + o Minor features: + - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 + Country database. + + o Minor features (future-proofing): + - Tor no longer refuses to download microdescriptors or descriptors + if they are listed as "published in the future". This change will + eventually allow us to stop listing meaningful "published" dates + in microdescriptor consensuses, and thereby allow us to reduce the + resources required to download consensus diffs by over 50%. + Implements part of ticket 21642; implements part of proposal 275. + + o Minor bugfixes (Linux seccomp2 sandbox): + - The getpid() system call is now permitted under the Linux seccomp2 + sandbox, to avoid crashing with versions of OpenSSL (and other + libraries) that attempt to learn the process's PID by using the + syscall rather than the VDSO code. Fixes bug 21943; bugfix + on 0.2.5.1-alpha. + + Changes in version 0.3.0.6 - 2017-04-26 Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series. |