From b645e95a384cd058a79693dc9d263972e2ecce72 Mon Sep 17 00:00:00 2001 From: Tor CI Release Date: Thu, 9 Nov 2023 14:21:48 +0000 Subject: release: ChangeLog and ReleaseNotes for 0.4.8.9 --- ChangeLog | 29 +++++++++++++++++++++++++++++ ReleaseNotes | 29 +++++++++++++++++++++++++++++ changes/bug40876 | 8 -------- changes/fallbackdirs-2023-11-09 | 2 -- changes/geoip-2023-11-09 | 3 --- changes/ticket40883 | 4 ---- 6 files changed, 58 insertions(+), 17 deletions(-) delete mode 100644 changes/bug40876 delete mode 100644 changes/fallbackdirs-2023-11-09 delete mode 100644 changes/geoip-2023-11-09 delete mode 100644 changes/ticket40883 diff --git a/ChangeLog b/ChangeLog index 85833f2afa..632cd8a751 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,32 @@ +Changes in version 0.4.8.9 - 2023-11-09 + This is another security release fixing a high severity bug affecting onion + services which is tracked by TROVE-2023-006. We are also releasing a guard + major bugfix as well. If you are an onion service operator, we strongly + recommend to update as soon as possible. + + o Major bugfixes (guard usage): + - When Tor excluded a guard due to temporary circuit restrictions, + it considered *additional* primary guards for potential usage by + that circuit. This could result in more than the specified number + of guards (currently 2) being used, long-term, by the tor client. + This could happen when a Guard was also selected as an Exit node, + but it was exacerbated by the Conflux guard restrictions. Both + instances have been fixed. Fixes bug 40876; bugfix + on 0.3.0.1-alpha. + + o Major bugfixes (onion service, TROVE-2023-006): + - Fix a possible hard assert on a NULL pointer when recording a + failed rendezvous circuit on the service side for the MetricsPort. + Fixes bug 40883; bugfix on 0.4.8.1-alpha + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on November 09, 2023. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2023/11/09. + + Changes in version 0.4.8.8 - 2023-11-03 We are releasing today a fix for a high security issue, TROVE-2023-004, that is affecting relays. Also a few minor bugfixes detailed below. Please upgrade diff --git a/ReleaseNotes b/ReleaseNotes index be16a00fbc..6030c1ac77 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,35 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.4.8.9 - 2023-11-09 + This is another security release fixing a high severity bug affecting onion + services which is tracked by TROVE-2023-006. We are also releasing a guard + major bugfix as well. If you are an onion service operator, we strongly + recommend to update as soon as possible. + + o Major bugfixes (guard usage): + - When Tor excluded a guard due to temporary circuit restrictions, + it considered *additional* primary guards for potential usage by + that circuit. This could result in more than the specified number + of guards (currently 2) being used, long-term, by the tor client. + This could happen when a Guard was also selected as an Exit node, + but it was exacerbated by the Conflux guard restrictions. Both + instances have been fixed. Fixes bug 40876; bugfix + on 0.3.0.1-alpha. + + o Major bugfixes (onion service, TROVE-2023-006): + - Fix a possible hard assert on a NULL pointer when recording a + failed rendezvous circuit on the service side for the MetricsPort. + Fixes bug 40883; bugfix on 0.4.8.1-alpha + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on November 09, 2023. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2023/11/09. + + Changes in version 0.4.8.8 - 2023-11-03 We are releasing today a fix for a high security issue, TROVE-2023-004, that is affecting relays. Also a few minor bugfixes detailed below. Please upgrade diff --git a/changes/bug40876 b/changes/bug40876 deleted file mode 100644 index a467cf64c1..0000000000 --- a/changes/bug40876 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (guard usage): - - When Tor excluded a guard due to temporary circuit restrictions, - it considered *additional* primary guards for potential usage - by that circuit. This could result in more than the specified number - of guards (currently 2) being used, long-term, by the tor client. - This could happen when a Guard was also selected as an Exit node, - but it was exacerbated by the Conflux guard restrictions. Both - instances have been fixed. Fixes bug 40876; bugfix on 0.3.0.1-alpha. diff --git a/changes/fallbackdirs-2023-11-09 b/changes/fallbackdirs-2023-11-09 deleted file mode 100644 index fcdc92280b..0000000000 --- a/changes/fallbackdirs-2023-11-09 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on November 09, 2023. diff --git a/changes/geoip-2023-11-09 b/changes/geoip-2023-11-09 deleted file mode 100644 index cf38ab9b47..0000000000 --- a/changes/geoip-2023-11-09 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2023/11/09. diff --git a/changes/ticket40883 b/changes/ticket40883 deleted file mode 100644 index 1186571122..0000000000 --- a/changes/ticket40883 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (onion service, TROVE-2023-006): - - Fix a possible hard assert on a NULL pointer when recording a failed - rendezvous circuit on the service side for the MetricsPort. Fixes bug - 40883; bugfix on 0.4.8.1-alpha -- cgit v1.2.3-54-g00ecf