[or-cvs] [tor/release-0.2.1] clean up changelog more, add blurb
arma at torproject.org
arma at torproject.org
Sat Jan 15 22:30:02 UTC 2011
commit f90fcaff6460f1e189e3f3b1bf28fb59d6213e41
Author: Roger Dingledine <arma at torproject.org>
Date: Sat Jan 15 17:29:42 2011 -0500
clean up changelog more, add blurb
---
ChangeLog | 41 ++++++++++++++++++++++++-----------------
1 files changed, 24 insertions(+), 17 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index d97ec5f..f6dbc6e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,28 +1,44 @@
Changes in version 0.2.1.29 - 2011-01-15
+ Tor 0.2.1.29 continues our recent code security audit work. The main
+ fix resolves a remote heap overflow vulnerability that can allow remote
+ code execution (CVE-2011-0427). Other fixes address a variety of assert
+ and crash bugs, most of which we think are hard to exploit remotely.
+
o Major bugfixes (security):
- Fix a heap overflow bug where an adversary could cause heap
- corruption. This bug potentially allows remote code execution
+ corruption. This bug probably allows remote code execution
attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on
0.1.2.10-rc.
- Prevent a denial-of-service attack by disallowing any
zlib-compressed data whose compression factor is implausibly
- high. Fixes the second part of bug 2324; reported by "doors".
+ high. Fixes part of bug 2324; reported by "doors".
+ - Zero out a few more keys in memory before freeing them. Fixes bug
+ 2384 and part of bug 2385. These key instances found by
+ "cypherpunks". Bugfix on 0.0.2pre9.
- o Minor bugfixes:
- - Prevent calls from Libevent from inside Libevent log handlers.
+ o Major bugfixes (crashes):
+ - Prevent calls to Libevent from inside Libevent log handlers.
This had potential to cause a nasty set of crashes, especially
if running Libevent with debug logging enabled, and running
Tor with a controller watching for low-severity log messages.
Bugfix on 0.1.0.2-rc. Fixes bug 2190.
- - Fix compilation on mingw when a pthreads compatibility library
- has been installed. (We don't want to use it, so we shouldn't
- be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc.
- Add a check for SIZE_T_MAX to tor_realloc() to try to avoid
- underflow errors there too. Fixes bug 2324.
+ underflow errors there too. Fixes the other part of bug 2324.
- Fix a bug where we would assert if we ever had a
cached-descriptors.new file (or another file read directly into
memory) of exactly SIZE_T_CEILING bytes. Found by doors; fixes
bug 2326; bugfix on 0.2.1.25.
+ - Fix some potential asserts and parsing issues with grossly
+ malformed router caches. Fixes bug 2352. Found by doorss. Bugfix
+ on Tor 0.2.1.27.
+
+ o Minor bugfixes (other):
+ - Fix a bug with handling misformed replies to reverse DNS lookup
+ requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a
+ bug reported by doorss.
+ - Fix compilation on mingw when a pthreads compatibility library
+ has been installed. (We don't want to use it, so we shouldn't
+ be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc.
- Fix a bug where we would declare that we had run out of virtual
addresses when the address space was only half-exhausted. Bugfix
on 0.1.2.1-alpha.
@@ -31,15 +47,6 @@ Changes in version 0.2.1.29 - 2011-01-15
0.1.2.1-alpha. Bug found by doorss.
- Correctly handle wrapping around to when we run out of virtual
address space. Found by cypherpunks, bugfix on 0.2.0.5-alpha.
- - Fix a bug with handling misformed replies to reverse DNS lookup
- requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a
- bug reported by doorss.
- - Fix some potential asserts and partsing issues with grossly
- malformed router caches. Fixes bug 2352. Found by doorss. Bugfix
- on Tor 0.2.1.27.
- - Zero out a few more keys in memory before freeing them. Fixes bug
- 2384 and part of bug 2385. These key instances found by
- "cypherpunks". Bugfix on 0.0.2pre9.
o Minor features:
- Update to the January 1 2011 Maxmind GeoLite Country database.
More information about the tor-commits
mailing list