diff options
| author | Roger Dingledine <arma@torproject.org> | 2011-01-15 18:34:48 -0500 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2011-01-15 18:34:48 -0500 |
| commit | 34d457ea7d05bdd34c5ef25b1a67454133883919 (patch) | |
| tree | c8e312281b6f66a875ea265a6fc0c854d995aef2 | |
| parent | 7454fe3d9861c1b664cc14ba253a8679bc5cac1e (diff) | |
| download | tor-34d457ea7d05bdd34c5ef25b1a67454133883919.tar.gz tor-34d457ea7d05bdd34c5ef25b1a67454133883919.zip | |
repeat overlapping changelog entries
| -rw-r--r-- | ChangeLog | 65 | ||||
| -rw-r--r-- | changes/bug2190 | 11 | ||||
| -rw-r--r-- | changes/bug2305 | 5 | ||||
| -rw-r--r-- | changes/bug2313 | 4 | ||||
| -rw-r--r-- | changes/bug2324 | 4 | ||||
| -rw-r--r-- | changes/bug2324_uncompress | 5 | ||||
| -rw-r--r-- | changes/bug2326 | 6 | ||||
| -rw-r--r-- | changes/bug2328 | 9 | ||||
| -rw-r--r-- | changes/bug2332 | 4 | ||||
| -rw-r--r-- | changes/bug2352 | 6 | ||||
| -rw-r--r-- | changes/bug2384 | 6 | ||||
| -rw-r--r-- | changes/geoip-jan2011 | 3 | ||||
| -rw-r--r-- | changes/tolen_asserts | 8 |
13 files changed, 65 insertions, 71 deletions
@@ -1,3 +1,68 @@ +Changes in version 0.2.2.21-alpha - 2011-01-15 + o Major bugfixes (security): + - Fix a heap overflow bug where an adversary could cause heap + corruption. This bug probably allows remote code execution + attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on + 0.1.2.10-rc. + - Prevent a denial-of-service attack by disallowing any + zlib-compressed data whose compression factor is implausibly + high. Fixes part of bug 2324; reported by "doors". + - Zero out a few more keys in memory before freeing them. Fixes bug + 2384 and part of bug 2385. These key instances found by + "cypherpunks". Bugfix on 0.0.2pre9. + + o Major bugfixes (crashes): + - Prevent calls to Libevent from inside Libevent log handlers. + This had potential to cause a nasty set of crashes, especially + if running Libevent with debug logging enabled, and running + Tor with a controller watching for low-severity log messages. + Bugfix on 0.1.0.2-rc. Fixes bug 2190. + - Add a check for SIZE_T_MAX to tor_realloc() to try to avoid + underflow errors there too. Fixes the other part of bug 2324. + - Fix a bug where we would assert if we ever had a + cached-descriptors.new file (or another file read directly into + memory) of exactly SIZE_T_CEILING bytes. Found by doors; fixes + bug 2326; bugfix on 0.2.1.25. + - Fix some potential asserts and parsing issues with grossly + malformed router caches. Fixes bug 2352. Found by doorss. Bugfix + on Tor 0.2.1.27. + + o Minor bugfixes (other): + - Fix a bug with handling misformed replies to reverse DNS lookup + requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a + bug reported by doorss. + - Fix compilation on mingw when a pthreads compatibility library + has been installed. (We don't want to use it, so we shouldn't + be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc. + - Fix a bug where we would declare that we had run out of virtual + addresses when the address space was only half-exhausted. Bugfix + on 0.1.2.1-alpha. + - Correctly handle the case where AutomapHostsOnResolve is set but no + virtual addresses are available. Fixes bug2328, bugfix on + 0.1.2.1-alpha. Bug found by doorss. + - Correctly handle wrapping around to when we run out of virtual + address space. Found by cypherpunks, bugfix on 0.2.0.5-alpha. + - The 0.2.1.28 tarball was missing src/common/OpenBSD_malloc_Linux.c + because we built it with a too-old version of automake. Thus that + release broke ./configure --enable-openbsd-malloc, which is popular + among really fast exit relays on Linux. + + o Minor features: + - Update to the January 1 2011 Maxmind GeoLite Country database. + - Introduce output size checks on all of our decryption functions. + + o Build changes: + - Tor does not build packages correctly with Automake 1.6 and earlier; + added a check to Makefile.am to make sure that we're building with + Automake 1.7 or later. + + o Minor bugfixes + - Make Libevent log messages get delievered to controllers later, + and not from inside the Libevent log handler. This prevents + unsafe reentrant Libevent calls while still letting the log + messages get through. + + Changes in version 0.2.2.20-alpha - 2010-12-17 Tor 0.2.2.20-alpha does some code cleanup to reduce the risk of remotely exploitable bugs. We also fix a variety of other significant bugs, diff --git a/changes/bug2190 b/changes/bug2190 deleted file mode 100644 index 0591acb6ff..0000000000 --- a/changes/bug2190 +++ /dev/null @@ -1,11 +0,0 @@ - o Minor bugfixes - - Prevent calls from Libevent from inside Libevent log handlers. - This had potential to cause a nasty set of crashes, especially if - running Libevent with debug logging enabled, and running Tor - with a controller watching for low-severity log messages. - Bugfix on 0.1.0.2-rc. Fixes bug 2190. - - Make Libevent log messages get delievered to controllers later, - and not from inside the Libevent log handler. This prevents - unsafe reentrant Libevent calls while still letting the log - messages get through. - diff --git a/changes/bug2305 b/changes/bug2305 deleted file mode 100644 index c979d5fd3a..0000000000 --- a/changes/bug2305 +++ /dev/null @@ -1,5 +0,0 @@ - o Build changes - - Tor does not build packages correctly with Automake 1.6 and earlier; - added a check to Makefile.am to make sure that we're building with - Automake 1.7 or later. - diff --git a/changes/bug2313 b/changes/bug2313 deleted file mode 100644 index 0ffbe4ab07..0000000000 --- a/changes/bug2313 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes - - Fix compilation on mingw when a pthreads compatibility library - has been installed. (We don't want to use it, so we shouldn't - be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc. diff --git a/changes/bug2324 b/changes/bug2324 deleted file mode 100644 index eefc8370ef..0000000000 --- a/changes/bug2324 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes - - Add a check for SIZE_T_MAX to tor_realloc to try to avoid - underflow errors there too. Fixes bug 2324. - diff --git a/changes/bug2324_uncompress b/changes/bug2324_uncompress deleted file mode 100644 index 223a3ce35b..0000000000 --- a/changes/bug2324_uncompress +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security): - - Prevent a DoS attack by disallowing any zlib-compressed data - whose compression factor is implausibly high. Fixes the - second part of bug2324; found by doors. - diff --git a/changes/bug2326 b/changes/bug2326 deleted file mode 100644 index 239a383faf..0000000000 --- a/changes/bug2326 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes - - Fix a bug where we would assert if we ever had a - cached-descriptors.new file (or another file read directly into - memory) of exactly SIZE_T_CEILING bytes. Found by doors; fixes - bug 2326; bugfix on 0.2.1.25. - diff --git a/changes/bug2328 b/changes/bug2328 deleted file mode 100644 index fee80a1585..0000000000 --- a/changes/bug2328 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes - - Fix a bug where we would declare that we had run out of virtual - addresses when the address space was only half-exhausted. Bugfix - on 0.1.2.1-alpha. - - Correctly handle the case where AutomapHostsOnResolve is set but no - virtual addresses are available. Fixes bug2328, bugfix on - 0.1.2.1-alpha. Bug found by doorss. - - Correctly handle wrapping around to when we run out of virtual address - space. Found by cypherpunks, bugfix on 0.2.0.5-alpha. diff --git a/changes/bug2332 b/changes/bug2332 deleted file mode 100644 index 5f73ddd7af..0000000000 --- a/changes/bug2332 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes - - Fix a bug with handling misformed replies to reverse DNS lookup - requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a bug - reported by doorss. diff --git a/changes/bug2352 b/changes/bug2352 deleted file mode 100644 index 744dbdb20f..0000000000 --- a/changes/bug2352 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes - - Fix some potential asserts and partsing issues with grossly - malformed router caches. Fixes bug 2352. Found by doorss. - Bugfix on Tor 0.2.1.27. - - diff --git a/changes/bug2384 b/changes/bug2384 deleted file mode 100644 index ded5eee992..0000000000 --- a/changes/bug2384 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes - - Zero out a few more keys in memory before freeing them. Fixes bug - 2384 and part of bug 2385. These key instances found by - "cypherpunks". Bugfix on 0.0.2pre9. - - diff --git a/changes/geoip-jan2011 b/changes/geoip-jan2011 deleted file mode 100644 index b58805ad37..0000000000 --- a/changes/geoip-jan2011 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features: - - Update to the January 1 2011 Maxmind GeoLite Country database. - diff --git a/changes/tolen_asserts b/changes/tolen_asserts deleted file mode 100644 index a9834ab669..0000000000 --- a/changes/tolen_asserts +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (security) - - Fix a heap overflow bug where an adversary could cause heap - corruption. This bug potentially allows remote code execution - attacks. Found by debuger. Fixes CVE-2011-0427. Bugfix on - 0.1.2.10-rc. - o Defensive programming - - Introduce output size checks on all of our decryption functions. - |