|
@@ -3,6 +3,39 @@ of Tor. If you want to see more detailed descriptions of the changes in
|
|
|
each development snapshot, see the ChangeLog file.
|
|
|
|
|
|
|
|
|
+Changes in version 0.3.0.7 - 2017-05-15
|
|
|
+ Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions
|
|
|
+ of Tor 0.3.0.x, where an attacker could cause a Tor relay process
|
|
|
+ to exit. Relays running earlier versions of Tor 0.3.0.x should upgrade;
|
|
|
+ clients are not affected.
|
|
|
+
|
|
|
+ o Major bugfixes (hidden service directory, security):
|
|
|
+ - Fix an assertion failure in the hidden service directory code, which
|
|
|
+ could be used by an attacker to remotely cause a Tor relay process to
|
|
|
+ exit. Relays running earlier versions of Tor 0.3.0.x should upgrade.
|
|
|
+ This security issue is tracked as tracked as
|
|
|
+ TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha.
|
|
|
+
|
|
|
+ o Minor features:
|
|
|
+ - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
|
|
|
+ Country database.
|
|
|
+
|
|
|
+ o Minor features (future-proofing):
|
|
|
+ - Tor no longer refuses to download microdescriptors or descriptors
|
|
|
+ if they are listed as "published in the future". This change will
|
|
|
+ eventually allow us to stop listing meaningful "published" dates
|
|
|
+ in microdescriptor consensuses, and thereby allow us to reduce the
|
|
|
+ resources required to download consensus diffs by over 50%.
|
|
|
+ Implements part of ticket 21642; implements part of proposal 275.
|
|
|
+
|
|
|
+ o Minor bugfixes (Linux seccomp2 sandbox):
|
|
|
+ - The getpid() system call is now permitted under the Linux seccomp2
|
|
|
+ sandbox, to avoid crashing with versions of OpenSSL (and other
|
|
|
+ libraries) that attempt to learn the process's PID by using the
|
|
|
+ syscall rather than the VDSO code. Fixes bug 21943; bugfix
|
|
|
+ on 0.2.5.1-alpha.
|
|
|
+
|
|
|
+
|
|
|
Changes in version 0.3.0.6 - 2017-04-26
|
|
|
Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series.
|
|
|
|