diff options
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/19271 | 2 | ||||
| -rw-r--r-- | changes/bug15823 | 4 | ||||
| -rw-r--r-- | changes/bug17404 | 6 | ||||
| -rw-r--r-- | changes/bug18089 | 6 | ||||
| -rw-r--r-- | changes/bug21018 | 11 | ||||
| -rw-r--r-- | changes/geoip-august2016 | 4 | ||||
| -rw-r--r-- | changes/geoip-december2016 | 4 | ||||
| -rw-r--r-- | changes/geoip-january2017 | 4 | ||||
| -rw-r--r-- | changes/geoip-july2016 | 4 | ||||
| -rw-r--r-- | changes/geoip-jun2016 | 4 | ||||
| -rw-r--r-- | changes/geoip-november2016 | 4 | ||||
| -rw-r--r-- | changes/geoip-october2016 | 4 | ||||
| -rw-r--r-- | changes/geoip-september2016 | 4 |
13 files changed, 61 insertions, 0 deletions
diff --git a/changes/19271 b/changes/19271 new file mode 100644 index 0000000000..dc06ead999 --- /dev/null +++ b/changes/19271 @@ -0,0 +1,2 @@ + o Directory authority changes: + - Urras is no longer a directory authority. Closes ticket 19271. diff --git a/changes/bug15823 b/changes/bug15823 new file mode 100644 index 0000000000..987de5d9ac --- /dev/null +++ b/changes/bug15823 @@ -0,0 +1,4 @@ + o Minor bugfixes (hidden service): + - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells + on a client authorized hidden service. Fixes bug 15823; bugfix + on 0.2.1.6-alpha. diff --git a/changes/bug17404 b/changes/bug17404 new file mode 100644 index 0000000000..d524f6662d --- /dev/null +++ b/changes/bug17404 @@ -0,0 +1,6 @@ + o Major bugfixes (security, correctness): + - Fix a programming error that could cause us to read 4 bytes before + the beginning of an openssl string. This could be used to provoke + a crash on systems with an unusual malloc implementation, or + systems with unsual hardening installed. Fixes bug 17404; bugfix + on 0.2.3.6-alpha. diff --git a/changes/bug18089 b/changes/bug18089 new file mode 100644 index 0000000000..c1fb342f77 --- /dev/null +++ b/changes/bug18089 @@ -0,0 +1,6 @@ + o Minor fixes (security): + - Make memwipe() do nothing when passed a NULL pointer + or zero size. Check size argument to memwipe() for underflow. + Closes bug #18089. Reported by "gk", patch by "teor". + Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352), + commit 49dd5ef3 on 7 Nov 2012. diff --git a/changes/bug21018 b/changes/bug21018 new file mode 100644 index 0000000000..49a8b47a25 --- /dev/null +++ b/changes/bug21018 @@ -0,0 +1,11 @@ + o Major bugfixes (parsing, security): + + - Fix a bug in parsing that could cause clients to read a single + byte past the end of an allocated region. This bug could be + used to cause hardened clients (built with + --enable-expensive-hardening) to crash if they tried to visit + a hostile hidden service. Non-hardened clients are only + affected depending on the details of their platform's memory + allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by + using libFuzzer. Also tracked as TROVE-2016-12-002 and as + CVE-2016-1254. diff --git a/changes/geoip-august2016 b/changes/geoip-august2016 new file mode 100644 index 0000000000..370ab64cac --- /dev/null +++ b/changes/geoip-august2016 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-december2016 b/changes/geoip-december2016 new file mode 100644 index 0000000000..60754ea21d --- /dev/null +++ b/changes/geoip-december2016 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-january2017 b/changes/geoip-january2017 new file mode 100644 index 0000000000..de1a4cbe2a --- /dev/null +++ b/changes/geoip-january2017 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-july2016 b/changes/geoip-july2016 new file mode 100644 index 0000000000..d9963bd6a8 --- /dev/null +++ b/changes/geoip-july2016 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the July 6 2016 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-jun2016 b/changes/geoip-jun2016 new file mode 100644 index 0000000000..8d308f6f72 --- /dev/null +++ b/changes/geoip-jun2016 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the June 7 2016 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-november2016 b/changes/geoip-november2016 new file mode 100644 index 0000000000..5190ed66f4 --- /dev/null +++ b/changes/geoip-november2016 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-october2016 b/changes/geoip-october2016 new file mode 100644 index 0000000000..fff9a1eeb5 --- /dev/null +++ b/changes/geoip-october2016 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2 + Country database. + diff --git a/changes/geoip-september2016 b/changes/geoip-september2016 new file mode 100644 index 0000000000..a14c7c699f --- /dev/null +++ b/changes/geoip-september2016 @@ -0,0 +1,4 @@ + o Minor features: + - Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2 + Country database. + |