diff options
author | Roger Dingledine <arma@torproject.org> | 2011-01-15 17:29:42 -0500 |
---|---|---|
committer | Roger Dingledine <arma@torproject.org> | 2011-01-15 17:29:42 -0500 |
commit | f90fcaff6460f1e189e3f3b1bf28fb59d6213e41 (patch) | |
tree | 7d4308539df8b7157e92ef8b30d235d821165252 | |
parent | bcd788f33f530003e33abbd3a1d66f090cf2b9a4 (diff) | |
download | tor-f90fcaff6460f1e189e3f3b1bf28fb59d6213e41.tar.gz tor-f90fcaff6460f1e189e3f3b1bf28fb59d6213e41.zip |
clean up changelog more, add blurb
-rw-r--r-- | ChangeLog | 41 |
1 files changed, 24 insertions, 17 deletions
@@ -1,28 +1,44 @@ Changes in version 0.2.1.29 - 2011-01-15 + Tor 0.2.1.29 continues our recent code security audit work. The main + fix resolves a remote heap overflow vulnerability that can allow remote + code execution (CVE-2011-0427). Other fixes address a variety of assert + and crash bugs, most of which we think are hard to exploit remotely. + o Major bugfixes (security): - Fix a heap overflow bug where an adversary could cause heap - corruption. This bug potentially allows remote code execution + corruption. This bug probably allows remote code execution attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on 0.1.2.10-rc. - Prevent a denial-of-service attack by disallowing any zlib-compressed data whose compression factor is implausibly - high. Fixes the second part of bug 2324; reported by "doors". + high. Fixes part of bug 2324; reported by "doors". + - Zero out a few more keys in memory before freeing them. Fixes bug + 2384 and part of bug 2385. These key instances found by + "cypherpunks". Bugfix on 0.0.2pre9. - o Minor bugfixes: - - Prevent calls from Libevent from inside Libevent log handlers. + o Major bugfixes (crashes): + - Prevent calls to Libevent from inside Libevent log handlers. This had potential to cause a nasty set of crashes, especially if running Libevent with debug logging enabled, and running Tor with a controller watching for low-severity log messages. Bugfix on 0.1.0.2-rc. Fixes bug 2190. - - Fix compilation on mingw when a pthreads compatibility library - has been installed. (We don't want to use it, so we shouldn't - be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc. - Add a check for SIZE_T_MAX to tor_realloc() to try to avoid - underflow errors there too. Fixes bug 2324. + underflow errors there too. Fixes the other part of bug 2324. - Fix a bug where we would assert if we ever had a cached-descriptors.new file (or another file read directly into memory) of exactly SIZE_T_CEILING bytes. Found by doors; fixes bug 2326; bugfix on 0.2.1.25. + - Fix some potential asserts and parsing issues with grossly + malformed router caches. Fixes bug 2352. Found by doorss. Bugfix + on Tor 0.2.1.27. + + o Minor bugfixes (other): + - Fix a bug with handling misformed replies to reverse DNS lookup + requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a + bug reported by doorss. + - Fix compilation on mingw when a pthreads compatibility library + has been installed. (We don't want to use it, so we shouldn't + be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc. - Fix a bug where we would declare that we had run out of virtual addresses when the address space was only half-exhausted. Bugfix on 0.1.2.1-alpha. @@ -31,15 +47,6 @@ Changes in version 0.2.1.29 - 2011-01-15 0.1.2.1-alpha. Bug found by doorss. - Correctly handle wrapping around to when we run out of virtual address space. Found by cypherpunks, bugfix on 0.2.0.5-alpha. - - Fix a bug with handling misformed replies to reverse DNS lookup - requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a - bug reported by doorss. - - Fix some potential asserts and partsing issues with grossly - malformed router caches. Fixes bug 2352. Found by doorss. Bugfix - on Tor 0.2.1.27. - - Zero out a few more keys in memory before freeing them. Fixes bug - 2384 and part of bug 2385. These key instances found by - "cypherpunks". Bugfix on 0.0.2pre9. o Minor features: - Update to the January 1 2011 Maxmind GeoLite Country database. |