Loading ChangeLog +28 −0 Original line number Diff line number Diff line Changes in version 0.2.8.14 - 2017-06-08 Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-005. (Versions before 0.3.0 are not affected by TROVE-2017-004.) o Major bugfixes (hidden service, relay, security): - Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. o Minor features (geoip): - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database. o Minor features (fallback directory list, backport from 0.3.1.3-alpha): - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in December 2016 (of which ~126 were still functional) with a list of 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May 2017. Resolves ticket 21564. o Minor bugfixes (correctness): - Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. Changes in version 0.2.8.13 - 2017-03-03 Tor 0.2.8.13 backports a security fix from later Tor releases. Anybody running Tor 0.2.8.12 or earlier should upgrade to this ReleaseNotes +28 −0 Original line number Diff line number Diff line Loading @@ -2,6 +2,34 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. Changes in version 0.2.8.14 - 2017-06-08 Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-005. (Versions before 0.3.0 are not affected by TROVE-2017-004.) o Major bugfixes (hidden service, relay, security): - Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. o Minor features (geoip): - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database. o Minor features (fallback directory list, backport from 0.3.1.3-alpha): - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in December 2016 (of which ~126 were still functional) with a list of 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May 2017. Resolves ticket 21564. o Minor bugfixes (correctness): - Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. Changes in version 0.2.8.13 - 2017-03-03 Tor 0.2.8.13 backports a security fix from later Tor releases. Anybody running Tor 0.2.8.12 or earlier should upgrade to this Loading changes/bug22490deleted 100644 → 0 +0 −3 Original line number Diff line number Diff line o Minor bugfixes (correctness): - Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. changes/geoip-april2017deleted 100644 → 0 +0 −4 Original line number Diff line number Diff line o Minor features: - Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2 Country database. changes/geoip-march2017deleted 100644 → 0 +0 −4 Original line number Diff line number Diff line o Minor features: - Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2 Country database. Loading
ChangeLog +28 −0 Original line number Diff line number Diff line Changes in version 0.2.8.14 - 2017-06-08 Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-005. (Versions before 0.3.0 are not affected by TROVE-2017-004.) o Major bugfixes (hidden service, relay, security): - Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. o Minor features (geoip): - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database. o Minor features (fallback directory list, backport from 0.3.1.3-alpha): - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in December 2016 (of which ~126 were still functional) with a list of 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May 2017. Resolves ticket 21564. o Minor bugfixes (correctness): - Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. Changes in version 0.2.8.13 - 2017-03-03 Tor 0.2.8.13 backports a security fix from later Tor releases. Anybody running Tor 0.2.8.12 or earlier should upgrade to this
ReleaseNotes +28 −0 Original line number Diff line number Diff line Loading @@ -2,6 +2,34 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. Changes in version 0.2.8.14 - 2017-06-08 Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-005. (Versions before 0.3.0 are not affected by TROVE-2017-004.) o Major bugfixes (hidden service, relay, security): - Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. o Minor features (geoip): - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database. o Minor features (fallback directory list, backport from 0.3.1.3-alpha): - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in December 2016 (of which ~126 were still functional) with a list of 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May 2017. Resolves ticket 21564. o Minor bugfixes (correctness): - Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. Changes in version 0.2.8.13 - 2017-03-03 Tor 0.2.8.13 backports a security fix from later Tor releases. Anybody running Tor 0.2.8.12 or earlier should upgrade to this Loading
changes/bug22490deleted 100644 → 0 +0 −3 Original line number Diff line number Diff line o Minor bugfixes (correctness): - Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
changes/geoip-april2017deleted 100644 → 0 +0 −4 Original line number Diff line number Diff line o Minor features: - Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2 Country database.
changes/geoip-march2017deleted 100644 → 0 +0 −4 Original line number Diff line number Diff line o Minor features: - Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2 Country database.
