Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
T
Tor
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Matthew Finkel
Tor
Commits
e25e9802
Commit
e25e9802
authored
7 years ago
by
Nick Mathewson
Browse files
Options
Downloads
Patches
Plain Diff
Finish changelog for 0.2.8.15
parent
7cab15ea
No related branches found
Branches containing commit
Tags
tor-0.4.2.3-alpha
Tags containing commit
No related merge requests found
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
ChangeLog
+12
-1
12 additions, 1 deletion
ChangeLog
ReleaseNotes
+50
-0
50 additions, 0 deletions
ReleaseNotes
changes/trove-2017-008
+0
-5
0 additions, 5 deletions
changes/trove-2017-008
with
62 additions
and
6 deletions
ChangeLog
+
12
−
1
View file @
e25e9802
Changes in version 0.2.8.15 - 2017-09-18
BLURB
Tor 0.2.8.15 backports a collection of bugfixes from later
Tor series.
Most significantly, it includes a fix for TROVE-2017-008, a
security bug that affects hidden services running with the
SafeLogging option disabled. For more information, see
https://trac.torproject.org/projects/tor/ticket/23490
Note that Tor 0.2.8.x will no longer be supported after 1 Jan
2018. We suggest that you upgrade to the latest stable release if
possible. If you can't, we recommend that you upgrade at least to
0.2.9, which will be supported until 2020.
o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
- Avoid an assertion failure bug affecting our implementation of
This diff is collapsed.
Click to expand it.
ReleaseNotes
+
50
−
0
View file @
e25e9802
...
...
@@ -2,6 +2,56 @@ This document summarizes new features and bugfixes in each stable release
of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
Changes in version 0.2.8.15 - 2017-09-18
Tor 0.2.8.15 backports a collection of bugfixes from later
Tor series.
Most significantly, it includes a fix for TROVE-2017-008, a
security bug that affects hidden services running with the
SafeLogging option disabled. For more information, see
https://trac.torproject.org/projects/tor/ticket/23490
Note that Tor 0.2.8.x will no longer be supported after 1 Jan
2018. We suggest that you upgrade to the latest stable release if
possible. If you can't, we recommend that you upgrade at least to
0.2.9, which will be supported until 2020.
o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
- Avoid an assertion failure bug affecting our implementation of
inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
handling of "0xx" differs from what we had expected. Fixes bug
22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
o Minor features:
- Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
Country database.
o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
- Backport a fix for an "unused variable" warning that appeared
in some versions of mingw. Fixes bug 22838; bugfix on
0.2.8.1-alpha.
o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha):
- Fix a memset() off the end of an array when packing cells. This
bug should be harmless in practice, since the corrupted bytes are
still in the same structure, and are always padding bytes,
ignored, or immediately overwritten, depending on compiler
behavior. Nevertheless, because the memset()'s purpose is to make
sure that any other cell-handling bugs can't expose bytes to the
network, we need to fix it. Fixes bug 22737; bugfix on
0.2.4.11-alpha. Fixes CID 1401591.
o Build features (backport from 0.3.1.5-alpha):
- Tor's repository now includes a Travis Continuous Integration (CI)
configuration file (.travis.yml). This is meant to help new
developers and contributors who fork Tor to a Github repository be
better able to test their changes, and understand what we expect
to pass. To use this new build feature, you must fork Tor to your
Github account, then go into the "Integrations" menu in the
repository settings for your fork and enable Travis, then push
your changes. Closes ticket 22636.
Changes in version 0.2.8.14 - 2017-06-08
Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to
remotely crash a hidden service with an assertion failure. Anyone
...
...
This diff is collapsed.
Click to expand it.
changes/trove-2017-008
deleted
100644 → 0
+
0
−
5
View file @
7cab15ea
o Major bugfixes (security, hidden services, loggging):
- Fix a bug where we could log uninitialized stack when a certain
hidden service error occurred while SafeLogging was disabled.
Fixes bug #23490; bugfix on 0.2.7.2-alpha.
This is also tracked as TROVE-2017-008 and CVE-2017-0380.
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment