clean up changelog more, add blurb

1 files changed, 24 insertions, 17 deletions

diff --git a/ChangeLog b/ChangeLog
index d97ec5f611..f6dbc6e8fc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,28 +1,44 @@
 Changes in version 0.2.1.29 - 2011-01-15
+  Tor 0.2.1.29 continues our recent code security audit work. The main
+  fix resolves a remote heap overflow vulnerability that can allow remote
+  code execution (CVE-2011-0427). Other fixes address a variety of assert
+  and crash bugs, most of which we think are hard to exploit remotely.
+
   o Major bugfixes (security):
     - Fix a heap overflow bug where an adversary could cause heap
-      corruption. This bug potentially allows remote code execution
+      corruption. This bug probably allows remote code execution
       attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on
       0.1.2.10-rc.
     - Prevent a denial-of-service attack by disallowing any
       zlib-compressed data whose compression factor is implausibly
-      high. Fixes the second part of bug 2324; reported by "doors".
+      high. Fixes part of bug 2324; reported by "doors".
+    - Zero out a few more keys in memory before freeing them. Fixes bug
+      2384 and part of bug 2385. These key instances found by
+      "cypherpunks". Bugfix on 0.0.2pre9.
 
-  o Minor bugfixes:
-    - Prevent calls from Libevent from inside Libevent log handlers.
+  o Major bugfixes (crashes):
+    - Prevent calls to Libevent from inside Libevent log handlers.
       This had potential to cause a nasty set of crashes, especially
       if running Libevent with debug logging enabled, and running
       Tor with a controller watching for low-severity log messages.
       Bugfix on 0.1.0.2-rc. Fixes bug 2190.
-    - Fix compilation on mingw when a pthreads compatibility library
-      has been installed. (We don't want to use it, so we shouldn't
-      be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc.
     - Add a check for SIZE_T_MAX to tor_realloc() to try to avoid
-      underflow errors there too. Fixes bug 2324.
+      underflow errors there too. Fixes the other part of bug 2324.
     - Fix a bug where we would assert if we ever had a
       cached-descriptors.new file (or another file read directly into
       memory) of exactly SIZE_T_CEILING bytes. Found by doors; fixes
       bug 2326; bugfix on 0.2.1.25.
+    - Fix some potential asserts and parsing issues with grossly
+      malformed router caches. Fixes bug 2352. Found by doorss. Bugfix
+      on Tor 0.2.1.27.
+
+  o Minor bugfixes (other):
+    - Fix a bug with handling misformed replies to reverse DNS lookup
+      requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a
+      bug reported by doorss.
+    - Fix compilation on mingw when a pthreads compatibility library
+      has been installed. (We don't want to use it, so we shouldn't
+      be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc.
     - Fix a bug where we would declare that we had run out of virtual
       addresses when the address space was only half-exhausted. Bugfix
       on 0.1.2.1-alpha.
@@ -31,15 +47,6 @@ Changes in version 0.2.1.29 - 2011-01-15
       0.1.2.1-alpha. Bug found by doorss.
     - Correctly handle wrapping around to when we run out of virtual
       address space. Found by cypherpunks, bugfix on 0.2.0.5-alpha.
-    - Fix a bug with handling misformed replies to reverse DNS lookup
-      requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a
-      bug reported by doorss.
-    - Fix some potential asserts and partsing issues with grossly
-      malformed router caches. Fixes bug 2352. Found by doorss. Bugfix
-      on Tor 0.2.1.27.
-    - Zero out a few more keys in memory before freeing them. Fixes bug
-      2384 and part of bug 2385. These key instances found by
-      "cypherpunks". Bugfix on 0.0.2pre9.
 
   o Minor features:
     - Update to the January 1 2011 Maxmind GeoLite Country database.