[tor-commits] [tor/release-0.2.7-redux] Sort changelog in release-0.2.7-redux
nickm at torproject.org
nickm at torproject.org
Tue Feb 28 15:12:35 UTC 2017
commit 1fe5097132704f35761110bbf55fd77cdb0669b2
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue Feb 28 10:11:45 2017 -0500
Sort changelog in release-0.2.7-redux
---
ChangeLog | 68 +++++++++++++++++++++++++++++++--------------------------------
1 file changed, 33 insertions(+), 35 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 5091e45..8b0bc09 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,34 +20,21 @@ Changes in version 0.2.7.7 - 2017-03-??
it was changed on 18 November 2015. Closes task 17906. Patch
by "teor".
- o Major bugfixes (dns proxy mode, crash, backport from 0.2.8.2-alpha):
- - Avoid crashing when running as a DNS proxy. Fixes bug 16248;
- bugfix on 0.2.0.1-alpha. Patch from "cypherpunks".
-
- o Minor features (bug-resistance, backport from 0.2.8.2-alpha):
- - Make Tor survive errors involving connections without a
- corresponding event object. Previously we'd fail with an
- assertion; now we produce a log message. Related to bug 16248.
-
- o Minor features (security, memory erasure, backport from 0.2.8.1-alpha):
- - Make memwipe() do nothing when passed a NULL pointer or buffer of
- zero size. Check size argument to memwipe() for underflow. Fixes
- bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk",
- patch by "teor".
-
- o Major bugfixes (security, pointers, backport from 0.2.8.2-alpha):
- - Avoid a difficult-to-trigger heap corruption attack when extending
- a smartlist to contain over 16GB of pointers. Fixes bug 18162;
- bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely.
- Reported by Guido Vranken.
-
+ o Major bugfixes (parsing, security, backport from 0.2.9.8):
+ - Fix a bug in parsing that could cause clients to read a single
+ byte past the end of an allocated region. This bug could be used
+ to cause hardened clients (built with --enable-expensive-hardening)
+ to crash if they tried to visit a hostile hidden service. Non-
+ hardened clients are only affected depending on the details of
+ their platform's memory allocator. Fixes bug 21018; bugfix on
+ 0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
+ 2016-12-002 and as CVE-2016-1254.
o Major bugfixes (security, client, DNS proxy, backport from 0.2.8.3-alpha):
- Stop a crash that could occur when a client running with DNSPort
received a query with multiple address types, and the first
address type was not supported. Found and fixed by Scott Dial.
Fixes bug 18710; bugfix on 0.2.5.4-alpha.
-
- Prevent a class of security bugs caused by treating the contents
of a buffer chunk as if they were a NUL-terminated string. At
least one such bug seems to be present in all currently used
@@ -57,15 +44,15 @@ Changes in version 0.2.7.7 - 2017-03-??
though we should still fix them as they occur. Closes ticket
20384 (TROVE-2016-10-001).
- o Major bugfixes (parsing, security, backport from 0.2.9.8):
- - Fix a bug in parsing that could cause clients to read a single
- byte past the end of an allocated region. This bug could be used
- to cause hardened clients (built with --enable-expensive-hardening)
- to crash if they tried to visit a hostile hidden service. Non-
- hardened clients are only affected depending on the details of
- their platform's memory allocator. Fixes bug 21018; bugfix on
- 0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
- 2016-12-002 and as CVE-2016-1254.
+ o Major bugfixes (security, pointers, backport from 0.2.8.2-alpha):
+ - Avoid a difficult-to-trigger heap corruption attack when extending
+ a smartlist to contain over 16GB of pointers. Fixes bug 18162;
+ bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely.
+ Reported by Guido Vranken.
+
+ o Major bugfixes (dns proxy mode, crash, backport from 0.2.8.2-alpha):
+ - Avoid crashing when running as a DNS proxy. Fixes bug 16248;
+ bugfix on 0.2.0.1-alpha. Patch from "cypherpunks".
o Major bugfixes (key management, backport from 0.2.8.3-alpha):
- If OpenSSL fails to generate an RSA key, do not retain a dangling
@@ -76,10 +63,6 @@ Changes in version 0.2.7.7 - 2017-03-??
0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and
Baishakhi Ray.
- o Minor features (geoip):
- - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
- Country database.
-
o Major bugfixes (parsing, backported from 0.3.0.4-rc):
- Fix an integer underflow bug when comparing malformed Tor
versions. This bug could crash Tor when built with
@@ -88,6 +71,21 @@ Changes in version 0.2.7.7 - 2017-03-??
it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
on 0.0.8pre1. Found by OSS-Fuzz.
+ o Minor features (security, memory erasure, backport from 0.2.8.1-alpha):
+ - Make memwipe() do nothing when passed a NULL pointer or buffer of
+ zero size. Check size argument to memwipe() for underflow. Fixes
+ bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk",
+ patch by "teor".
+
+ o Minor features (bug-resistance, backport from 0.2.8.2-alpha):
+ - Make Tor survive errors involving connections without a
+ corresponding event object. Previously we'd fail with an
+ assertion; now we produce a log message. Related to bug 16248.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
+ Country database.
+
Changes in version 0.2.7.6 - 2015-12-10
Tor version 0.2.7.6 fixes a major bug in entry guard selection, as
More information about the tor-commits
mailing list