[or-cvs] [tor/release-0.2.2] repeat overlapping changelog entries

arma at torproject.org arma at torproject.org
Sat Jan 15 23:36:05 UTC 2011 

commit 34d457ea7d05bdd34c5ef25b1a67454133883919
Author: Roger Dingledine <arma at torproject.org>
Date:   Sat Jan 15 18:34:48 2011 -0500

    repeat overlapping changelog entries
---
 ChangeLog                  |   65 ++++++++++++++++++++++++++++++++++++++++++++
 changes/bug2190            |   11 -------
 changes/bug2305            |    5 ---
 changes/bug2313            |    4 ---
 changes/bug2324            |    4 ---
 changes/bug2324_uncompress |    5 ---
 changes/bug2326            |    6 ----
 changes/bug2328            |    9 ------
 changes/bug2332            |    4 ---
 changes/bug2352            |    6 ----
 changes/bug2384            |    6 ----
 changes/geoip-jan2011      |    3 --
 changes/tolen_asserts      |    8 -----
 13 files changed, 65 insertions(+), 71 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 1c57418..c3a132d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,68 @@
+Changes in version 0.2.2.21-alpha - 2011-01-15
+  o Major bugfixes (security):
+    - Fix a heap overflow bug where an adversary could cause heap
+      corruption. This bug probably allows remote code execution
+      attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on
+      0.1.2.10-rc.
+    - Prevent a denial-of-service attack by disallowing any
+      zlib-compressed data whose compression factor is implausibly
+      high. Fixes part of bug 2324; reported by "doors".
+    - Zero out a few more keys in memory before freeing them. Fixes bug
+      2384 and part of bug 2385. These key instances found by
+      "cypherpunks". Bugfix on 0.0.2pre9.
+
+  o Major bugfixes (crashes):
+    - Prevent calls to Libevent from inside Libevent log handlers.
+      This had potential to cause a nasty set of crashes, especially
+      if running Libevent with debug logging enabled, and running
+      Tor with a controller watching for low-severity log messages.
+      Bugfix on 0.1.0.2-rc. Fixes bug 2190.
+    - Add a check for SIZE_T_MAX to tor_realloc() to try to avoid
+      underflow errors there too. Fixes the other part of bug 2324.
+    - Fix a bug where we would assert if we ever had a
+      cached-descriptors.new file (or another file read directly into
+      memory) of exactly SIZE_T_CEILING bytes. Found by doors; fixes
+      bug 2326; bugfix on 0.2.1.25.
+    - Fix some potential asserts and parsing issues with grossly
+      malformed router caches. Fixes bug 2352. Found by doorss. Bugfix
+      on Tor 0.2.1.27.
+
+  o Minor bugfixes (other):
+    - Fix a bug with handling misformed replies to reverse DNS lookup
+      requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a
+      bug reported by doorss.
+    - Fix compilation on mingw when a pthreads compatibility library
+      has been installed. (We don't want to use it, so we shouldn't
+      be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc.
+    - Fix a bug where we would declare that we had run out of virtual
+      addresses when the address space was only half-exhausted. Bugfix
+      on 0.1.2.1-alpha.
+    - Correctly handle the case where AutomapHostsOnResolve is set but no
+      virtual addresses are available. Fixes bug2328, bugfix on
+      0.1.2.1-alpha. Bug found by doorss.
+    - Correctly handle wrapping around to when we run out of virtual
+      address space. Found by cypherpunks, bugfix on 0.2.0.5-alpha.
+    - The 0.2.1.28 tarball was missing src/common/OpenBSD_malloc_Linux.c
+      because we built it with a too-old version of automake. Thus that
+      release broke ./configure --enable-openbsd-malloc, which is popular
+      among really fast exit relays on Linux.
+
+  o Minor features:
+    - Update to the January 1 2011 Maxmind GeoLite Country database.
+    - Introduce output size checks on all of our decryption functions.
+
+  o Build changes:
+    - Tor does not build packages correctly with Automake 1.6 and earlier;
+      added a check to Makefile.am to make sure that we're building with
+      Automake 1.7 or later.
+
+  o Minor bugfixes
+    - Make Libevent log messages get delievered to controllers later,
+      and not from inside the Libevent log handler.  This prevents
+      unsafe reentrant Libevent calls while still letting the log
+      messages get through.
+
+
 Changes in version 0.2.2.20-alpha - 2010-12-17
   Tor 0.2.2.20-alpha does some code cleanup to reduce the risk of remotely
   exploitable bugs. We also fix a variety of other significant bugs,
diff --git a/changes/bug2190 b/changes/bug2190
deleted file mode 100644
index 0591acb..0000000
--- a/changes/bug2190
+++ /dev/null
@@ -1,11 +0,0 @@
-  o Minor bugfixes
-    - Prevent calls from Libevent from inside Libevent log handlers.
-      This had potential to cause a nasty set of crashes, especially if
-      running Libevent with debug logging enabled, and running Tor
-      with a controller watching for low-severity log messages.
-      Bugfix on 0.1.0.2-rc.  Fixes bug 2190.
-    - Make Libevent log messages get delievered to controllers later,
-      and not from inside the Libevent log handler.  This prevents
-      unsafe reentrant Libevent calls while still letting the log
-      messages get through.
-
diff --git a/changes/bug2305 b/changes/bug2305
deleted file mode 100644
index c979d5f..0000000
--- a/changes/bug2305
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Build changes
-    - Tor does not build packages correctly with Automake 1.6 and earlier;
-      added a check to Makefile.am to make sure that we're building with
-      Automake 1.7 or later.
-
diff --git a/changes/bug2313 b/changes/bug2313
deleted file mode 100644
index 0ffbe4a..0000000
--- a/changes/bug2313
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes
-    - Fix compilation on mingw when a pthreads compatibility library
-      has been installed.  (We don't want to use it, so we shouldn't
-      be including pthread.h.)  Fixes bug 2313; bugfix on 0.1.0.1-rc.
diff --git a/changes/bug2324 b/changes/bug2324
deleted file mode 100644
index eefc837..0000000
--- a/changes/bug2324
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes
-    - Add a check for SIZE_T_MAX to tor_realloc to try to avoid
-      underflow errors there too.  Fixes bug 2324.
-
diff --git a/changes/bug2324_uncompress b/changes/bug2324_uncompress
deleted file mode 100644
index 223a3ce..0000000
--- a/changes/bug2324_uncompress
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Major bugfixes (security):
-    - Prevent a DoS attack by disallowing any zlib-compressed data
-      whose compression factor is implausibly high.  Fixes the
-      second part of bug2324; found by doors.
-
diff --git a/changes/bug2326 b/changes/bug2326
deleted file mode 100644
index 239a383..0000000
--- a/changes/bug2326
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor bugfixes
-    - Fix a bug where we would assert if we ever had a
-      cached-descriptors.new file (or another file read directly into
-      memory) of exactly SIZE_T_CEILING bytes.  Found by doors; fixes
-      bug 2326; bugfix on 0.2.1.25.
-
diff --git a/changes/bug2328 b/changes/bug2328
deleted file mode 100644
index fee80a1..0000000
--- a/changes/bug2328
+++ /dev/null
@@ -1,9 +0,0 @@
-  o Minor bugfixes
-    - Fix a bug where we would declare that we had run out of virtual
-      addresses when the address space was only half-exhausted.  Bugfix
-      on 0.1.2.1-alpha.
-    - Correctly handle the case where AutomapHostsOnResolve is set but no
-      virtual addresses are available.  Fixes bug2328, bugfix on
-      0.1.2.1-alpha.  Bug found by doorss.
-    - Correctly handle wrapping around to when we run out of virtual address
-      space.  Found by cypherpunks, bugfix on 0.2.0.5-alpha.
diff --git a/changes/bug2332 b/changes/bug2332
deleted file mode 100644
index 5f73ddd..0000000
--- a/changes/bug2332
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes
-    - Fix a bug with handling misformed replies to reverse DNS lookup
-      requests in DNSPort.  Bugfix on Tor 0.2.0.1-alpha.  Related to a bug
-      reported by doorss.
diff --git a/changes/bug2352 b/changes/bug2352
deleted file mode 100644
index 744dbdb..0000000
--- a/changes/bug2352
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor bugfixes
-    - Fix some potential asserts and partsing issues with grossly
-      malformed router caches.  Fixes bug 2352.  Found by doorss.
-      Bugfix on Tor 0.2.1.27.
-
-
diff --git a/changes/bug2384 b/changes/bug2384
deleted file mode 100644
index ded5eee..0000000
--- a/changes/bug2384
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor bugfixes
-    - Zero out a few more keys in memory before freeing them.  Fixes bug
-      2384 and part of bug 2385.  These key instances found by
-      "cypherpunks".  Bugfix on 0.0.2pre9.
-
-
diff --git a/changes/geoip-jan2011 b/changes/geoip-jan2011
deleted file mode 100644
index b58805a..0000000
--- a/changes/geoip-jan2011
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update to the January 1 2011 Maxmind GeoLite Country database.
-
diff --git a/changes/tolen_asserts b/changes/tolen_asserts
deleted file mode 100644
index a9834ab..0000000
--- a/changes/tolen_asserts
+++ /dev/null
@@ -1,8 +0,0 @@
-  o Major bugfixes (security)
-    - Fix a heap overflow bug where an adversary could cause heap
-      corruption.  This bug potentially allows remote code execution
-      attacks.  Found by debuger.  Fixes CVE-2011-0427.  Bugfix on
-      0.1.2.10-rc.
-  o Defensive programming
-    - Introduce output size checks on all of our decryption functions.
-

More information about the tor-commits mailing list