diff options
author | Nick Mathewson <nickm@torproject.org> | 2020-07-09 10:21:55 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2020-07-09 10:21:55 -0400 |
commit | 011e56ae266e225ee498d9d27cce91d3320bccab (patch) | |
tree | 9ecf6962ce3bd9454f9db55cf0f898ea6eff2676 /ChangeLog | |
parent | e31bb4e76a67c043f778ba6bd62fd21ae1eb8d6c (diff) | |
download | tor-011e56ae266e225ee498d9d27cce91d3320bccab.tar.gz tor-011e56ae266e225ee498d9d27cce91d3320bccab.zip |
Final 0.3.5.11 changelog entries
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 28 |
1 files changed, 26 insertions, 2 deletions
@@ -1,5 +1,21 @@ -Changes in version 0.3.5.11 - 2020-07-?? - Tor 0.3.5.11 backports fixes from later tor releases, including XXX +Changes in version 0.3.5.11 - 2020-07-09 + Tor 0.3.5.11 backports fixes from later tor releases, including several + usability, portability, and reliability fixes. + + This release also fixes TROVE-2020-001, a medium-severity denial of + service vulnerability affecting all versions of Tor when compiled with + the NSS encryption library. (This is not the default configuration.) + Using this vulnerability, an attacker could cause an affected Tor + instance to crash remotely. This issue is also tracked as CVE-2020- + 15572. Anybody running a version of Tor built with the NSS library + should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha + or later. + + o Major bugfixes (NSS, security, backport from 0.4.4.2-alpha): + - Fix a crash due to an out-of-bound memory access when Tor is + compiled with NSS support. Fixes bug 33119; bugfix on + 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001 + and CVE-2020-15572. o Major bugfixes (DoS defenses, bridges, pluggable transport, backport from 0.4.3.4-rc): - Fix a bug that was preventing DoS defenses from running on bridges @@ -15,6 +31,10 @@ Changes in version 0.3.5.11 - 2020-07-?? that are failing on Appveyor because of mismatched OpenSSL libraries. Part of ticket 33643. + o Minor bugfix (CI, Windows, backport from 0.4.4.2-alpha): + - Use the correct 64-bit printf format when compiling with MINGW on + Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha. + o Minor bugfix (relay, configuration, backport from 0.4.3.3-alpha): - Warn if the ContactInfo field is not set, and tell the relay operator that not having a ContactInfo field set might cause their @@ -33,6 +53,10 @@ Changes in version 0.3.5.11 - 2020-07-?? __attribute__((fallthrough)) instead, so that's what we're using now. Fixes bug 34078; bugfix on 0.3.1.3-alpha. + o Minor bugfixes (compiler warnings, backport from 0.4.4.2-alpha): + - Fix a compiler warning on platforms with 32-bit time_t values. + Fixes bug 40028; bugfix on 0.3.2.8-rc. + o Minor bugfixes (embedded Tor, backport from 0.4.3.1-alpha): - When starting Tor any time after the first time in a process, register the thread in which it is running as the main thread. |