[tor-commits] [tor/release-0.4.4] Fold in more changelog entries, hope to finish changelog

nickm at torproject.org nickm at torproject.org
Thu Jul 9 13:47:03 UTC 2020 

commit 781dd1bd8ad43a7a3397d1d63dd3bf00c8e6d091
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Jul 9 09:46:53 2020 -0400

    Fold in more changelog entries, hope to finish changelog
---
 ChangeLog           | 35 ++++++++++++++++++++++++++++++++++-
 changes/bug33119    |  4 ----
 changes/bug34084    |  3 ---
 changes/bug40028    |  3 ---
 changes/ticket33873 |  4 ----
 changes/ticket40026 |  3 ---
 6 files changed, 34 insertions(+), 18 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 495f9f83c..4cc0fbd27 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,23 @@
-Changes in version 0.4.4.2-alpha - 2020-07-??
+Changes in version 0.4.4.2-alpha - 2020-07-09
   This is the second alpha release in the 0.4.4.x series. It fixes a few
   bugs in the previous release, and solves a few usability,
   compatibility, and portability issues.
 
+  This release also fixes TROVE-2020-001, a medium-severity denial of
+  service vulnerability affecting all versions of Tor when compiled with
+  the NSS encryption library. (This is not the default configuration.)
+  Using this vulnerability, an attacker could cause an affected Tor
+  instance to crash remotely. This issue is also tracked as CVE-2020-
+  15572. Anybody running a version of Tor built with the NSS library
+  should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha
+  or later.
+
+  o Major bugfixes (NSS, security):
+    - Fix a crash due to an out-of-bound memory access when Tor is
+      compiled with NSS support. Fixes bug 33119; bugfix on
+      0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001
+      and CVE-2020-15572.
+
   o Minor features (bootstrap reporting):
     - Report more detailed reasons for bootstrap failure when the
       failure happens due to a TLS error. Previously we would just call
@@ -29,6 +44,19 @@ Changes in version 0.4.4.2-alpha - 2020-07-??
     - Permit the unlinkat() syscall, which some Libc implementations use
       to implement unlink(). Closes ticket 33346.
 
+  o Minor bugfix (CI, Windows):
+    - Use the correct 64-bit printf format when compiling with MINGW on
+      Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha.
+
+  o Minor bugfix (SOCKS, onion service client):
+    - Detect v3 onion service addresses of the wrong length when
+      returning the F6 ExtendedErrors code. Fixes bug 33873; bugfix
+      on 0.4.3.1-alpha.
+
+  o Minor bugfixes (compiler warnings):
+    - Fix a compiler warning on platforms with 32-bit time_t values.
+      Fixes bug 40028; bugfix on 0.3.2.8-rc.
+
   o Minor bugfixes (control port, onion service):
     - Consistently use 'address' in "Invalid v3 address" response to
       ONION_CLIENT_AUTH commands. Previously, we would sometimes say
@@ -39,6 +67,11 @@ Changes in version 0.4.4.2-alpha - 2020-07-??
       receiving an extrainfo document that we no longer want. Fixes bug
       16016; bugfix on 0.2.6.3-alpha.
 
+  o Minor bugfixes (onion services v3):
+    - Avoid a non-fatal assertion failure in certain edge-cases when
+      opening an intro circuit as a client. Fixes bug 34084; bugfix
+      on 0.3.2.1-alpha.
+
   o Deprecated features (onion service v2):
     - Add a deprecation warning for version 2 onion services. Closes
       ticket 40003.
diff --git a/changes/bug33119 b/changes/bug33119
deleted file mode 100644
index c976654b2..000000000
--- a/changes/bug33119
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Major bugfixes (NSS):
-    - Fix out-of-bound memory access in `tor_tls_cert_matches_key()` when Tor is
-      compiled with NSS support. Fixes bug 33119; bugfix on 0.3.5.1-alpha. This
-      issue is also tracked as TROVE-2020-001.
diff --git a/changes/bug34084 b/changes/bug34084
deleted file mode 100644
index 524c4cf68..000000000
--- a/changes/bug34084
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (onion services v3):
-    - Avoid a non-fatal assert log in an edge-case of opening an intro circuit
-      as a client. Fixes bug 34084; bugfix on 0.3.2.1-alpha.
diff --git a/changes/bug40028 b/changes/bug40028
deleted file mode 100644
index cfd1ffe51..000000000
--- a/changes/bug40028
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (compiler warnings):
-    - Fix a compiler warning on platforms with 32-bit time_t values.
-      Fixes bug 40028; bugfix on 0.3.2.8-rc.
diff --git a/changes/ticket33873 b/changes/ticket33873
deleted file mode 100644
index c45191181..000000000
--- a/changes/ticket33873
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfix (SOCKS, onion service client):
-    - Also detect bad v3 onion service address of the wrong length when
-      returning the F6 ExtendedErrors code. Fixes bug 33873; bugfix on
-      0.4.3.1-alpha.
diff --git a/changes/ticket40026 b/changes/ticket40026
deleted file mode 100644
index f87c2964e..000000000
--- a/changes/ticket40026
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfix (CI, Windows):
-    - Don't use stdio 64 bit printf format when compiling with MINGW on
-      Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha.

More information about the tor-commits mailing list