diff options
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 14 |
1 files changed, 7 insertions, 7 deletions
@@ -1,18 +1,18 @@ Changes in version 0.2.9.9 - 2017-01-23 Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could - cause relays and clients (including hidden services) to crash, even if - they were not built with the --enable-expensive-hardening option. This - bug affects all 0.2.9.x versions, and also affects 0.3.0.1-alpha: all - relays running an affected version should upgrade. + cause relays and clients to crash, even if they were not built with + the --enable-expensive-hardening option. This bug affects all 0.2.9.x + versions, and also affects 0.3.0.1-alpha: all relays running an affected + version should upgrade. This release also resolves a client-side onion service reachability - bug, and relays a pair of small portability issues. + bug, and resolves a pair of small portability issues. o Major bugfixes (security): - Downgrade the "-ftrapv" option from "always on" to "only on when --enable-expensive-hardening is provided." This hardening option, - like others, can turn survivable bugs into crashes--and having it - on by default made a (relatively harmless) integer overflow bug + like others, can turn survivable bugs into crashes -- and having + it on by default made a (relatively harmless) integer overflow bug into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on 0.2.9.1-alpha. |