Merge branch 'maint-0.4.4' into release-0.4.4

author: Nick Mathewson <nickm@torproject.org> 2021-06-10 08:37:34 -0400
committer: Nick Mathewson <nickm@torproject.org> 2021-06-10 08:37:34 -0400
commit: aa4da024ad5aac5630ca957bcc9b521185d12f3f (patch)
tree: e936a6de2b5fdb365455fef52b41a3e2823b0532 /changes
parent: 0e2d413d2ede3b79338c41b3be6e3c7ba0146e5d (diff)
parent: 7c19a4d924120f42c224ea357b388b73d05c2d89 (diff)
download: tor-aa4da024ad5aac5630ca957bcc9b521185d12f3f.tar.gz
tor-aa4da024ad5aac5630ca957bcc9b521185d12f3f.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/changes/ticket40390 b/changes/ticket40390
new file mode 100644
index 0000000000..b56fa4d9da
--- /dev/null
+++ b/changes/ticket40390
@@ -0,0 +1,8 @@
+  o Major bugfixes (security, defense-in-depth):
+    - Detect a wider variety of failure conditions from the OpenSSL RNG
+      code. Previously, we would detect errors from a missing RNG
+      implementation, but not failures from the RNG code itself.
+      Fortunately, it appears those failures do not happen in practice
+      when Tor is using OpenSSL's default RNG implementation.
+      Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
+      TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
author	Nick Mathewson <nickm@torproject.org>	2021-06-10 08:37:34 -0400
committer	Nick Mathewson <nickm@torproject.org>	2021-06-10 08:37:34 -0400
commit	aa4da024ad5aac5630ca957bcc9b521185d12f3f (patch)
tree	e936a6de2b5fdb365455fef52b41a3e2823b0532 /changes
parent	0e2d413d2ede3b79338c41b3be6e3c7ba0146e5d (diff)
parent	7c19a4d924120f42c224ea357b388b73d05c2d89 (diff)
download	tor-aa4da024ad5aac5630ca957bcc9b521185d12f3f.tar.gz tor-aa4da024ad5aac5630ca957bcc9b521185d12f3f.zip