[tor-commits] [tor/release-0.3.5] Final 0.3.5.11 changelog entries
nickm at torproject.org
nickm at torproject.org
Thu Jul 9 14:26:49 UTC 2020
commit 011e56ae266e225ee498d9d27cce91d3320bccab
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Jul 9 10:21:55 2020 -0400
Final 0.3.5.11 changelog entries
---
ChangeLog | 28 ++++++++++++++++++++++++++--
changes/bug33119 | 4 ----
changes/bug40028 | 3 ---
changes/ticket40026 | 3 ---
4 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index da40ed074..8ebda3622 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,21 @@
-Changes in version 0.3.5.11 - 2020-07-??
- Tor 0.3.5.11 backports fixes from later tor releases, including XXX
+Changes in version 0.3.5.11 - 2020-07-09
+ Tor 0.3.5.11 backports fixes from later tor releases, including several
+ usability, portability, and reliability fixes.
+
+ This release also fixes TROVE-2020-001, a medium-severity denial of
+ service vulnerability affecting all versions of Tor when compiled with
+ the NSS encryption library. (This is not the default configuration.)
+ Using this vulnerability, an attacker could cause an affected Tor
+ instance to crash remotely. This issue is also tracked as CVE-2020-
+ 15572. Anybody running a version of Tor built with the NSS library
+ should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha
+ or later.
+
+ o Major bugfixes (NSS, security, backport from 0.4.4.2-alpha):
+ - Fix a crash due to an out-of-bound memory access when Tor is
+ compiled with NSS support. Fixes bug 33119; bugfix on
+ 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001
+ and CVE-2020-15572.
o Major bugfixes (DoS defenses, bridges, pluggable transport, backport from 0.4.3.4-rc):
- Fix a bug that was preventing DoS defenses from running on bridges
@@ -15,6 +31,10 @@ Changes in version 0.3.5.11 - 2020-07-??
that are failing on Appveyor because of mismatched OpenSSL
libraries. Part of ticket 33643.
+ o Minor bugfix (CI, Windows, backport from 0.4.4.2-alpha):
+ - Use the correct 64-bit printf format when compiling with MINGW on
+ Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha.
+
o Minor bugfix (relay, configuration, backport from 0.4.3.3-alpha):
- Warn if the ContactInfo field is not set, and tell the relay
operator that not having a ContactInfo field set might cause their
@@ -33,6 +53,10 @@ Changes in version 0.3.5.11 - 2020-07-??
__attribute__((fallthrough)) instead, so that's what we're using
now. Fixes bug 34078; bugfix on 0.3.1.3-alpha.
+ o Minor bugfixes (compiler warnings, backport from 0.4.4.2-alpha):
+ - Fix a compiler warning on platforms with 32-bit time_t values.
+ Fixes bug 40028; bugfix on 0.3.2.8-rc.
+
o Minor bugfixes (embedded Tor, backport from 0.4.3.1-alpha):
- When starting Tor any time after the first time in a process,
register the thread in which it is running as the main thread.
diff --git a/changes/bug33119 b/changes/bug33119
deleted file mode 100644
index c976654b2..000000000
--- a/changes/bug33119
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes (NSS):
- - Fix out-of-bound memory access in `tor_tls_cert_matches_key()` when Tor is
- compiled with NSS support. Fixes bug 33119; bugfix on 0.3.5.1-alpha. This
- issue is also tracked as TROVE-2020-001.
diff --git a/changes/bug40028 b/changes/bug40028
deleted file mode 100644
index cfd1ffe51..000000000
--- a/changes/bug40028
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (compiler warnings):
- - Fix a compiler warning on platforms with 32-bit time_t values.
- Fixes bug 40028; bugfix on 0.3.2.8-rc.
diff --git a/changes/ticket40026 b/changes/ticket40026
deleted file mode 100644
index f87c2964e..000000000
--- a/changes/ticket40026
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfix (CI, Windows):
- - Don't use stdio 64 bit printf format when compiling with MINGW on
- Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha.
More information about the tor-commits
mailing list