[or-cvs] [tor/release-0.2.2] fold in more changes entries

Sun Jan 16 00:33:56 UTC 2011

commit 54777960ceda94eb9561e25986d3453cf7e80807
Author: Roger Dingledine <arma at torproject.org>
Date:   Sat Jan 15 19:33:29 2011 -0500

    fold in more changes entries
---
 ChangeLog       |   75 ++++++++++++++++++++++++++++++++++++++++--------------
 changes/bug2060 |    4 ---
 changes/bug2314 |    4 ---
 changes/bug2330 |    7 -----
 changes/bug2331 |    7 -----
 changes/bug2337 |    3 --
 changes/bug2346 |    6 ----
 changes/bug2363 |    6 ----
 changes/bug2364 |    4 ---
 9 files changed, 55 insertions(+), 61 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c3a132d..a77eee3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,17 +1,25 @@
 Changes in version 0.2.2.21-alpha - 2011-01-15
-  o Major bugfixes (security):
+  Tor 0.2.2.21-alpha includes all the patches from Tor 0.2.1.29, which
+  continues our recent code security audit work. The main fix resolves
+  a remote heap overflow vulnerability that can allow remote code
+  execution (CVE-2011-0427). Other fixes address a variety of assert
+  and crash bugs, most of which we think are hard to exploit remotely.
+
+  o Major bugfixes (security), also included in 0.2.1.29:
     - Fix a heap overflow bug where an adversary could cause heap
       corruption. This bug probably allows remote code execution
       attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on
       0.1.2.10-rc.
     - Prevent a denial-of-service attack by disallowing any
       zlib-compressed data whose compression factor is implausibly
-      high. Fixes part of bug 2324; reported by "doors".
-    - Zero out a few more keys in memory before freeing them. Fixes bug
-      2384 and part of bug 2385. These key instances found by
-      "cypherpunks". Bugfix on 0.0.2pre9.
-
-  o Major bugfixes (crashes):
+      high. Fixes part of bug 2324; reported by "doorss".
+    - Zero out a few more keys in memory before freeing them. Fixes
+      bug 2384 and part of bug 2385. These key instances found by
+      "cypherpunks", based on Andrew Case's report about being able
+      to find sensitive data in Tor's memory space if you have enough
+      permissions. Bugfix on 0.0.2pre9.
+
+  o Major bugfixes (crashes), also included in 0.2.1.29:
     - Prevent calls to Libevent from inside Libevent log handlers.
       This had potential to cause a nasty set of crashes, especially
       if running Libevent with debug logging enabled, and running
@@ -21,13 +29,13 @@ Changes in version 0.2.2.21-alpha - 2011-01-15
       underflow errors there too. Fixes the other part of bug 2324.
     - Fix a bug where we would assert if we ever had a
       cached-descriptors.new file (or another file read directly into
-      memory) of exactly SIZE_T_CEILING bytes. Found by doors; fixes
-      bug 2326; bugfix on 0.2.1.25.
+      memory) of exactly SIZE_T_CEILING bytes. Fixes bug 2326; bugfix
+      on 0.2.1.25. Found by doorss.
     - Fix some potential asserts and parsing issues with grossly
-      malformed router caches. Fixes bug 2352. Found by doorss. Bugfix
-      on Tor 0.2.1.27.
+      malformed router caches. Fixes bug 2352; bugfix on Tor 0.2.1.27.
+      Found by doorss.
 
-  o Minor bugfixes (other):
+  o Minor bugfixes (other), also included in 0.2.1.29:
     - Fix a bug with handling misformed replies to reverse DNS lookup
       requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a
       bug reported by doorss.
@@ -37,8 +45,8 @@ Changes in version 0.2.2.21-alpha - 2011-01-15
     - Fix a bug where we would declare that we had run out of virtual
       addresses when the address space was only half-exhausted. Bugfix
       on 0.1.2.1-alpha.
-    - Correctly handle the case where AutomapHostsOnResolve is set but no
-      virtual addresses are available. Fixes bug2328, bugfix on
+    - Correctly handle the case where AutomapHostsOnResolve is set but
+      no virtual addresses are available. Fixes bug 2328; bugfix on
       0.1.2.1-alpha. Bug found by doorss.
     - Correctly handle wrapping around to when we run out of virtual
       address space. Found by cypherpunks, bugfix on 0.2.0.5-alpha.
@@ -47,20 +55,47 @@ Changes in version 0.2.2.21-alpha - 2011-01-15
       release broke ./configure --enable-openbsd-malloc, which is popular
       among really fast exit relays on Linux.
 
-  o Minor features:
+  o Minor features, also included in 0.2.1.29:
     - Update to the January 1 2011 Maxmind GeoLite Country database.
     - Introduce output size checks on all of our decryption functions.
 
-  o Build changes:
+  o Build changes, also included in 0.2.1.29:
     - Tor does not build packages correctly with Automake 1.6 and earlier;
       added a check to Makefile.am to make sure that we're building with
       Automake 1.7 or later.
 
-  o Minor bugfixes
-    - Make Libevent log messages get delievered to controllers later,
-      and not from inside the Libevent log handler.  This prevents
-      unsafe reentrant Libevent calls while still letting the log
-      messages get through.
+  o Minor features, new in 0.2.2.21-alpha:
+    - Make sure to disable DirPort if running as a bridge. DirPorts aren't
+      used on bridges, and it makes bridge scanning somewhat easier.
+    - If writing the state file to disk fails, wait up to an hour before
+      retrying again, rather than trying again each second. Fixes bug
+      2346; bugfix on Tor 0.1.1.3-alpha.
+    - Make Libevent log messages get delivered to controllers later,
+      and not from inside the Libevent log handler. This prevents unsafe
+      reentrant Libevent calls while still letting the log messages
+      get through.
+    - Detect platforms that brokenly use a signed size_t, and refuse to
+      build there. Found and analyzed by doorss and rransom.
+    - Fix a bunch of compile warnings revealed by mingw with gcc 4.5.
+      Resolves bug 2314.
+
+  o Minor bugfixes, new in 0.2.2.21-alpha:
+    - Handle SOCKS messages longer than 128 bytes long correctly, rather
+      than waiting forever for them to finish. Fixes bug 2330; bugfix
+      on 0.2.0.16-alpha. Found by doorss.
+    - Add assertions to check for overflow in arguments to
+      base32_encode() and base32_decode(); fix a signed-unsigned
+      comparison there too. These bugs are not actually reachable in Tor,
+      but it's good to prevent future errors too. Found by doorss.
+    - Correctly detect failures to create DNS requests when using Libevent
+      versions before v2. (Before Libevent 2, we used our own evdns
+      implementation. Its return values for Libevent's evdns_resolve_*()
+      functions are not consistent with those from Libevent.) Fixes bug
+      2363; bugfix on 0.2.2.6-alpha. Found by "lodger".
+
+  o Documentation, new in 0.2.2.21-alpha:
+    - Document the default socks host and port (127.0.0.1:9050) for
+      tor-resolve.
 
 
 Changes in version 0.2.2.20-alpha - 2010-12-17
diff --git a/changes/bug2060 b/changes/bug2060
deleted file mode 100644
index eb95aed..0000000
--- a/changes/bug2060
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features
-    - Make sure to disable DirPort if running as a bridge.  DirPorts aren't
-      used on bridges, and it makes bridge scanning way too easy.
-
diff --git a/changes/bug2314 b/changes/bug2314
deleted file mode 100644
index 41a2328..0000000
--- a/changes/bug2314
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Fix a bunch of compile warnings revealed by mingw with gcc 4.5. Fixes
-      bug 2314.
-
diff --git a/changes/bug2330 b/changes/bug2330
deleted file mode 100644
index fc0c4d8..0000000
--- a/changes/bug2330
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Minor bugfixes
-    - Handle SOCKS messages longer than 128 bytes long correctly, rather
-      than waiting forever for them to finish.  Fixes bug 2330.  Bugfix on
-      0.2.0.16-alpha.  Found by doorss.
-
-
-
diff --git a/changes/bug2331 b/changes/bug2331
deleted file mode 100644
index 9940b59..0000000
--- a/changes/bug2331
+++ /dev/null
@@ -1,7 +0,0 @@
-  o Minor bugfixes:
-    - Add assertions to check for overflow in arguments to
-      base32_encode and base32_decode; fix a signed-unsigned
-      comparison there too.  These bugs are not actually reachable in
-      Tor, but it's good to prevent future errors too.  Found by
-      doorss.
-
diff --git a/changes/bug2337 b/changes/bug2337
deleted file mode 100644
index a4f052d..0000000
--- a/changes/bug2337
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes
-    - Detect broken platforms with a signed size_t, and refuse to
-      build there.  Found and analyzed by doorss and rransom.
diff --git a/changes/bug2346 b/changes/bug2346
deleted file mode 100644
index 0f78b84..0000000
--- a/changes/bug2346
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor features
-    - If writing the state file to disk fails, wait up to an hour
-      before retrying again.  (Our old code would retry the write
-      immediately.)  Fixes bug 2346.  Bugfix on Tor 0.1.1.3-alpha.
-
-
diff --git a/changes/bug2363 b/changes/bug2363
deleted file mode 100644
index 179925f..0000000
--- a/changes/bug2363
+++ /dev/null
@@ -1,6 +0,0 @@
-  o Minor bugfixes
-    - Correctly detect failures to create DNS requests when using Libevent
-      versions before v2.  (Before Libevent 2, we used our own evdns
-      implementation.  Its return values for Libevent's evdns_resolve_*()
-      functions are not consistent with those from Libevent.) Found by
-      Lodger; fixes bug 2363; bugfix on 0.2.2.6-alpha.
diff --git a/changes/bug2364 b/changes/bug2364
deleted file mode 100644
index 37de6ef..0000000
--- a/changes/bug2364
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Documentation
-    - Document the default socks host and port (127.0.0.1:9050) for
-      tor-resolve.
-

