[or-cvs] [tor/release-0.2.1] start cleaning up 0.2.1.29 changelog
arma at torproject.org
arma at torproject.org
Sat Jan 15 21:26:16 UTC 2011
commit bcd788f33f530003e33abbd3a1d66f090cf2b9a4
Author: Roger Dingledine <arma at torproject.org>
Date: Sat Jan 15 16:25:52 2011 -0500
start cleaning up 0.2.1.29 changelog
---
ChangeLog | 53 ++++++++++++++++++++++++++++++++++++++++++++
changes/bug2190 | 6 -----
changes/bug2305 | 5 ----
changes/bug2313 | 4 ---
changes/bug2324 | 4 ---
changes/bug2324_uncompress | 5 ----
changes/bug2326 | 6 -----
changes/bug2328 | 9 -------
changes/bug2332 | 4 ---
changes/bug2352 | 6 -----
changes/bug2384 | 6 -----
changes/geoip-jan2011 | 3 --
changes/tolen_asserts | 8 ------
13 files changed, 53 insertions(+), 66 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index ffe768e..d97ec5f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,56 @@
+Changes in version 0.2.1.29 - 2011-01-15
+ o Major bugfixes (security):
+ - Fix a heap overflow bug where an adversary could cause heap
+ corruption. This bug potentially allows remote code execution
+ attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on
+ 0.1.2.10-rc.
+ - Prevent a denial-of-service attack by disallowing any
+ zlib-compressed data whose compression factor is implausibly
+ high. Fixes the second part of bug 2324; reported by "doors".
+
+ o Minor bugfixes:
+ - Prevent calls from Libevent from inside Libevent log handlers.
+ This had potential to cause a nasty set of crashes, especially
+ if running Libevent with debug logging enabled, and running
+ Tor with a controller watching for low-severity log messages.
+ Bugfix on 0.1.0.2-rc. Fixes bug 2190.
+ - Fix compilation on mingw when a pthreads compatibility library
+ has been installed. (We don't want to use it, so we shouldn't
+ be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc.
+ - Add a check for SIZE_T_MAX to tor_realloc() to try to avoid
+ underflow errors there too. Fixes bug 2324.
+ - Fix a bug where we would assert if we ever had a
+ cached-descriptors.new file (or another file read directly into
+ memory) of exactly SIZE_T_CEILING bytes. Found by doors; fixes
+ bug 2326; bugfix on 0.2.1.25.
+ - Fix a bug where we would declare that we had run out of virtual
+ addresses when the address space was only half-exhausted. Bugfix
+ on 0.1.2.1-alpha.
+ - Correctly handle the case where AutomapHostsOnResolve is set but no
+ virtual addresses are available. Fixes bug2328, bugfix on
+ 0.1.2.1-alpha. Bug found by doorss.
+ - Correctly handle wrapping around to when we run out of virtual
+ address space. Found by cypherpunks, bugfix on 0.2.0.5-alpha.
+ - Fix a bug with handling misformed replies to reverse DNS lookup
+ requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a
+ bug reported by doorss.
+ - Fix some potential asserts and partsing issues with grossly
+ malformed router caches. Fixes bug 2352. Found by doorss. Bugfix
+ on Tor 0.2.1.27.
+ - Zero out a few more keys in memory before freeing them. Fixes bug
+ 2384 and part of bug 2385. These key instances found by
+ "cypherpunks". Bugfix on 0.0.2pre9.
+
+ o Minor features:
+ - Update to the January 1 2011 Maxmind GeoLite Country database.
+ - Introduce output size checks on all of our decryption functions.
+
+ o Build changes:
+ - Tor does not build packages correctly with Automake 1.6 and earlier;
+ added a check to Makefile.am to make sure that we're building with
+ Automake 1.7 or later.
+
+
Changes in version 0.2.1.28 - 2010-12-17
Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely
exploitable bugs. We also took this opportunity to change the IP address
diff --git a/changes/bug2190 b/changes/bug2190
deleted file mode 100644
index 92ecba7..0000000
--- a/changes/bug2190
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes
- - Prevent calls from Libevent from inside Libevent log handlers.
- This had potential to cause a nasty set of crashes, especially if
- running Libevent with debug logging enabled, and running Tor
- with a controller watching for low-severity log messages.
- Bugfix on 0.1.0.2-rc. Fixes bug 2190.
diff --git a/changes/bug2305 b/changes/bug2305
deleted file mode 100644
index c979d5f..0000000
--- a/changes/bug2305
+++ /dev/null
@@ -1,5 +0,0 @@
- o Build changes
- - Tor does not build packages correctly with Automake 1.6 and earlier;
- added a check to Makefile.am to make sure that we're building with
- Automake 1.7 or later.
-
diff --git a/changes/bug2313 b/changes/bug2313
deleted file mode 100644
index 0ffbe4a..0000000
--- a/changes/bug2313
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes
- - Fix compilation on mingw when a pthreads compatibility library
- has been installed. (We don't want to use it, so we shouldn't
- be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc.
diff --git a/changes/bug2324 b/changes/bug2324
deleted file mode 100644
index eefc837..0000000
--- a/changes/bug2324
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes
- - Add a check for SIZE_T_MAX to tor_realloc to try to avoid
- underflow errors there too. Fixes bug 2324.
-
diff --git a/changes/bug2324_uncompress b/changes/bug2324_uncompress
deleted file mode 100644
index 223a3ce..0000000
--- a/changes/bug2324_uncompress
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes (security):
- - Prevent a DoS attack by disallowing any zlib-compressed data
- whose compression factor is implausibly high. Fixes the
- second part of bug2324; found by doors.
-
diff --git a/changes/bug2326 b/changes/bug2326
deleted file mode 100644
index 239a383..0000000
--- a/changes/bug2326
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes
- - Fix a bug where we would assert if we ever had a
- cached-descriptors.new file (or another file read directly into
- memory) of exactly SIZE_T_CEILING bytes. Found by doors; fixes
- bug 2326; bugfix on 0.2.1.25.
-
diff --git a/changes/bug2328 b/changes/bug2328
deleted file mode 100644
index fee80a1..0000000
--- a/changes/bug2328
+++ /dev/null
@@ -1,9 +0,0 @@
- o Minor bugfixes
- - Fix a bug where we would declare that we had run out of virtual
- addresses when the address space was only half-exhausted. Bugfix
- on 0.1.2.1-alpha.
- - Correctly handle the case where AutomapHostsOnResolve is set but no
- virtual addresses are available. Fixes bug2328, bugfix on
- 0.1.2.1-alpha. Bug found by doorss.
- - Correctly handle wrapping around to when we run out of virtual address
- space. Found by cypherpunks, bugfix on 0.2.0.5-alpha.
diff --git a/changes/bug2332 b/changes/bug2332
deleted file mode 100644
index 5f73ddd..0000000
--- a/changes/bug2332
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes
- - Fix a bug with handling misformed replies to reverse DNS lookup
- requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a bug
- reported by doorss.
diff --git a/changes/bug2352 b/changes/bug2352
deleted file mode 100644
index 744dbdb..0000000
--- a/changes/bug2352
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes
- - Fix some potential asserts and partsing issues with grossly
- malformed router caches. Fixes bug 2352. Found by doorss.
- Bugfix on Tor 0.2.1.27.
-
-
diff --git a/changes/bug2384 b/changes/bug2384
deleted file mode 100644
index ded5eee..0000000
--- a/changes/bug2384
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes
- - Zero out a few more keys in memory before freeing them. Fixes bug
- 2384 and part of bug 2385. These key instances found by
- "cypherpunks". Bugfix on 0.0.2pre9.
-
-
diff --git a/changes/geoip-jan2011 b/changes/geoip-jan2011
deleted file mode 100644
index b58805a..0000000
--- a/changes/geoip-jan2011
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor features:
- - Update to the January 1 2011 Maxmind GeoLite Country database.
-
diff --git a/changes/tolen_asserts b/changes/tolen_asserts
deleted file mode 100644
index a9834ab..0000000
--- a/changes/tolen_asserts
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major bugfixes (security)
- - Fix a heap overflow bug where an adversary could cause heap
- corruption. This bug potentially allows remote code execution
- attacks. Found by debuger. Fixes CVE-2011-0427. Bugfix on
- 0.1.2.10-rc.
- o Defensive programming
- - Introduce output size checks on all of our decryption functions.
-
More information about the tor-commits
mailing list