diff options
author | Nick Mathewson <nickm@torproject.org> | 2017-02-28 10:04:48 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2017-02-28 10:04:48 -0500 |
commit | 5d018fc26a7023dace587b88dcfedd7716bcf241 (patch) | |
tree | 4ae2e2df5e362e517da4c1bbb112e8e6297db196 | |
parent | 4cdb7bf450a7c8d6575494c0a2d191f75faa4844 (diff) | |
download | tor-5d018fc26a7023dace587b88dcfedd7716bcf241.tar.gz tor-5d018fc26a7023dace587b88dcfedd7716bcf241.zip |
Adjust 0.2.9.10 changelog entries from 0.3.0.4-rc to match
-rw-r--r-- | ChangeLog | 30 |
1 files changed, 14 insertions, 16 deletions
@@ -1,5 +1,5 @@ Changes in version 0.2.9.10 - 2017-03-?? - Tor 0.2.9.10 backports a security fix from later Tor releass. + Tor 0.2.9.10 backports a security fix from later Tor release. Tor 0.2.9.10 also includes fixes for some major issues affecting directory authorities, LibreSSL compatibility, and IPv6 correctness. @@ -23,17 +23,20 @@ Changes in version 0.2.9.10 - 2017-03-?? 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha. o Major bugfixes (parsing, also in 0.3.0.4-rc): - - Fix an integer underflow bug when comparing malformed Tor versions. - This bug is harmless, except when Tor has been built with - --enable-expensive-hardening, which would turn it into a crash; - or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with - -ftrapv by default. - Part of TROVE-2017-001. Fixes bug 21278; bugfix on - 0.0.8pre1. Found by OSS-Fuzz. - - o Minor features (directory authority, also in 0.3.0.4-rc): + - Fix an integer underflow bug when comparing malformed Tor + versions. This bug could crash Tor when built with + --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor + 0.2.9.8, which were built with -ftrapv by default. In other cases + it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix + on 0.0.8pre1. Found by OSS-Fuzz. + + o Minor features (directory authorities, also in 0.3.0.4-rc): - Directory authorities now reject descriptors that claim to be - malformed versions of Tor. Helps prevent exploitation of bug 21278. + malformed versions of Tor. Helps prevent exploitation of + bug 21278. + - Reject version numbers with components that exceed INT32_MAX. + Otherwise 32-bit and 64-bit platforms would behave inconsistently. + Fixes bug 21450; bugfix on 0.0.8pre1. o Minor features (portability, compilation, backport from 0.3.0.3-alpha): - Autoconf now checks to determine if OpenSSL structures are opaque, @@ -56,11 +59,6 @@ Changes in version 0.2.9.10 - 2017-03-?? which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5. Patch by "junglefowl". - o Minor bugfixes (voting consistency, also in 0.3.0.4-rc): - - Reject version numbers with components that exceed INT32_MAX. - Otherwise 32-bit and 64-bit platforms would behave inconsistently. - Fixes bug 21450; bugfix on 0.0.8pre1. - Changes in version 0.2.9.9 - 2017-01-23 Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could |