forward-port trove-2017-001 entry and blurb.

1 files changed, 15 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 34035313f3..9827884e70 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,10 +1,24 @@
 Changes in version 0.3.0.2-alpha - 2017-01-23
-  Tor 0.3.0.2-alpha improves how exit relays and clients handle DNS
+  Tor 0.3.0.2-alpha fixes a denial-of-service bug where an attacker could
+  cause relays and clients (including hidden services) to crash, even if
+  they were not built with the --enable-expensive-hardening option.
+  This bug affects all 0.2.9.x versions, and also affects 0.3.0.1-alpha:
+  all relays running an affected version should upgrade.
+
+  Tor 0.3.0.2-alpha also improves how exit relays and clients handle DNS
   time-to-live values, makes directory authorities enforce the 1-to-1
   mapping of relay RSA identity keys to ED25519 identity keys, fixes a
   client-side onion service reachability bug, does better at selecting
   the set of fallback directories, and more.
 
+  o Major bugfixes (security, also in 0.2.9.9):
+    - Downgrade the "-ftrapv" option from "always on" to "only on when
+      --enable-expensive-hardening is provided."  This hardening option, like
+      others, can turn survivable bugs into crashes--and having it on by
+      default made a (relatively harmless) integer overflow bug into a
+      denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on
+      0.2.9.1-alpha.
+
   o Major features (security):
     - Change the algorithm used to decide DNS TTLs on client and server
       side, to better resist DNS-based correlation attacks like the