diff options
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/19271 | 2 | ||||
| -rw-r--r-- | changes/bifroest | 3 | ||||
| -rw-r--r-- | changes/bug16248 | 8 | ||||
| -rw-r--r-- | changes/bug17404 | 6 | ||||
| -rw-r--r-- | changes/bug18089 | 6 | ||||
| -rw-r--r-- | changes/bug21018 | 11 | ||||
| -rw-r--r-- | changes/geoip-august2016 | 4 | ||||
| -rw-r--r-- | changes/geoip-december2016 | 4 | ||||
| -rw-r--r-- | changes/geoip-january2017 | 4 | ||||
| -rw-r--r-- | changes/geoip-july2016 | 4 | ||||
| -rw-r--r-- | changes/geoip-jun2016 | 4 | ||||
| -rw-r--r-- | changes/geoip-may2016 | 4 | ||||
| -rw-r--r-- | changes/geoip-november2016 | 4 | ||||
| -rw-r--r-- | changes/geoip-october2016 | 4 | ||||
| -rw-r--r-- | changes/geoip-september2016 | 4 | ||||
| -rw-r--r-- | changes/rsa_init_bug | 7 |
16 files changed, 79 insertions, 0 deletions
diff --git a/changes/19271 b/changes/19271 new file mode 100644 index 0000000000..dc06ead999 --- /dev/null +++ b/changes/19271 @@ -0,0 +1,2 @@ + o Directory authority changes: + - Urras is no longer a directory authority. Closes ticket 19271. diff --git a/changes/bifroest b/changes/bifroest new file mode 100644 index 0000000000..41af658ed8 --- /dev/null +++ b/changes/bifroest @@ -0,0 +1,3 @@ + o Directory authority changes (also in 0.2.8.7): + - The "Tonga" bridge authority has been retired; the new bridge + authority is "Bifroest". Closes tickets 19728 and 19690. diff --git a/changes/bug16248 b/changes/bug16248 new file mode 100644 index 0000000000..399b7093cd --- /dev/null +++ b/changes/bug16248 @@ -0,0 +1,8 @@ + o Major bugfixes (dns proxy mode, crash): + - Avoid crashing when running as a DNS proxy. Closes bug 16248; bugfix on + 0.2.0.1-alpha. Patch from 'cypherpunks'. + + o Minor features (bug-resistance): + - Make Tor survive errors involving connections without a corresponding + event object. Previously we'd fail with an assertion; now we produce a + log message. Related to bug 16248. diff --git a/changes/bug17404 b/changes/bug17404 new file mode 100644 index 0000000000..d524f6662d --- /dev/null +++ b/changes/bug17404 @@ -0,0 +1,6 @@ + o Major bugfixes (security, correctness): + - Fix a programming error that could cause us to read 4 bytes before + the beginning of an openssl string. This could be used to provoke + a crash on systems with an unusual malloc implementation, or + systems with unsual hardening installed. Fixes bug 17404; bugfix + on 0.2.3.6-alpha. diff --git a/changes/bug18089 b/changes/bug18089 new file mode 100644 index 0000000000..c1fb342f77 --- /dev/null +++ b/changes/bug18089 @@ -0,0 +1,6 @@ + o Minor fixes (security): + - Make memwipe() do nothing when passed a NULL pointer + or zero size. Check size argument to memwipe() for underflow. + Closes bug #18089. Reported by "gk", patch by "teor". + Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352), + commit 49dd5ef3 on 7 Nov 2012. diff --git a/changes/bug21018 b/changes/bug21018 new file mode 100644 index 0000000000..49a8b47a25 --- /dev/null +++ b/changes/bug21018 @@ -0,0 +1,11 @@ + o Major bugfixes (parsing, security): + + - Fix a bug in parsing that could cause clients to read a single + byte past the end of an allocated region. This bug could be + used to cause hardened clients (built with + --enable-expensive-hardening) to crash if they tried to visit + a hostile hidden service. Non-hardened clients are only + affected depending on the details of their platform's memory + allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by + using libFuzzer. Also tracked as TROVE-2016-12-002 and as + CVE-2016-1254. diff --git a/changes/geoip-august2016 b/changes/geoip-august2016 new file mode 100644 index 0000000000..370ab64cac --- /dev/null +++ b/changes/geoip-august2016 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-december2016 b/changes/geoip-december2016 new file mode 100644 index 0000000000..60754ea21d --- /dev/null +++ b/changes/geoip-december2016 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-january2017 b/changes/geoip-january2017 new file mode 100644 index 0000000000..de1a4cbe2a --- /dev/null +++ b/changes/geoip-january2017 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-july2016 b/changes/geoip-july2016 new file mode 100644 index 0000000000..d9963bd6a8 --- /dev/null +++ b/changes/geoip-july2016 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the July 6 2016 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-jun2016 b/changes/geoip-jun2016 new file mode 100644 index 0000000000..8d308f6f72 --- /dev/null +++ b/changes/geoip-jun2016 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the June 7 2016 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-may2016 b/changes/geoip-may2016 new file mode 100644 index 0000000000..3fd42dce24 --- /dev/null +++ b/changes/geoip-may2016 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the May 4 2016 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-november2016 b/changes/geoip-november2016 new file mode 100644 index 0000000000..5190ed66f4 --- /dev/null +++ b/changes/geoip-november2016 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-october2016 b/changes/geoip-october2016 new file mode 100644 index 0000000000..fff9a1eeb5 --- /dev/null +++ b/changes/geoip-october2016 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-september2016 b/changes/geoip-september2016 new file mode 100644 index 0000000000..a14c7c699f --- /dev/null +++ b/changes/geoip-september2016 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2 + Country database. + diff --git a/changes/rsa_init_bug b/changes/rsa_init_bug new file mode 100644 index 0000000000..6b5fb4f2f9 --- /dev/null +++ b/changes/rsa_init_bug @@ -0,0 +1,7 @@ + o Major bugfixes (key management): + - If OpenSSL fails to generate an RSA key, do not retain a dangling pointer + to the previous (uninitialized) key value. The impact here should be + limited to a difficult-to-trigger crash, if OpenSSL is running an + engine that makes key generation failures possible, or if OpenSSL runs + out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by + Yuan Jochen Kang, Suman Jana, and Baishakhi Ray. |