[tor-commits] [tor/release-0.2.9] Adjust 0.2.9.10 changelog entries from 0.3.0.4-rc to match

nickm at torproject.org nickm at torproject.org
Tue Feb 28 15:06:13 UTC 2017


commit 5d018fc26a7023dace587b88dcfedd7716bcf241
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Feb 28 10:04:48 2017 -0500

    Adjust 0.2.9.10 changelog entries from 0.3.0.4-rc to match
---
 ChangeLog | 30 ++++++++++++++----------------
 1 file changed, 14 insertions(+), 16 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 4e9dc9e..2237690 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,5 @@
 Changes in version 0.2.9.10 - 2017-03-??
-  Tor 0.2.9.10 backports a security fix from later Tor releass.
+  Tor 0.2.9.10 backports a security fix from later Tor release.
 
   Tor 0.2.9.10 also includes fixes for some major issues affecting
   directory authorities, LibreSSL compatibility, and IPv6 correctness.
@@ -23,17 +23,20 @@ Changes in version 0.2.9.10 - 2017-03-??
       21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
 
   o Major bugfixes (parsing, also in 0.3.0.4-rc):
-    - Fix an integer underflow bug when comparing malformed Tor versions.
-      This bug is harmless, except when Tor has been built with
-      --enable-expensive-hardening, which would turn it into a crash;
-      or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with
-      -ftrapv by default.
-      Part of TROVE-2017-001. Fixes bug 21278; bugfix on
-      0.0.8pre1. Found by OSS-Fuzz.
-
-  o Minor features (directory authority, also in 0.3.0.4-rc):
+    - Fix an integer underflow bug when comparing malformed Tor
+      versions. This bug could crash Tor when built with
+      --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor
+      0.2.9.8, which were built with -ftrapv by default. In other cases
+      it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
+      on 0.0.8pre1. Found by OSS-Fuzz.
+
+  o Minor features (directory authorities, also in 0.3.0.4-rc):
     - Directory authorities now reject descriptors that claim to be
-      malformed versions of Tor. Helps prevent exploitation of bug 21278.
+      malformed versions of Tor. Helps prevent exploitation of
+      bug 21278.
+    - Reject version numbers with components that exceed INT32_MAX.
+      Otherwise 32-bit and 64-bit platforms would behave inconsistently.
+      Fixes bug 21450; bugfix on 0.0.8pre1.
 
   o Minor features (portability, compilation, backport from 0.3.0.3-alpha):
     - Autoconf now checks to determine if OpenSSL structures are opaque,
@@ -56,11 +59,6 @@ Changes in version 0.2.9.10 - 2017-03-??
       which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
       Patch by "junglefowl".
 
-  o Minor bugfixes (voting consistency, also in 0.3.0.4-rc):
-    - Reject version numbers with components that exceed INT32_MAX.
-      Otherwise 32-bit and 64-bit platforms would behave inconsistently.
-      Fixes bug 21450; bugfix on 0.0.8pre1.
-
 
 Changes in version 0.2.9.9 - 2017-01-23
   Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could



More information about the tor-commits mailing list