[tor-commits] [tor/release-0.2.9] Try to write a trove-2017-001 blurb

nickm at torproject.org nickm at torproject.org
Mon Jan 23 14:16:51 UTC 2017 

commit 956d08fe872958a6a2d67de095c70dcc91d78648
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Jan 23 09:13:19 2017 -0500

    Try to write a trove-2017-001 blurb
---
 ChangeLog              | 17 ++++++++++++++++-
 changes/trove-2017-001 |  8 --------
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 5fe4b5d..c372631dc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,20 @@
 Changes in version 0.2.9.9 - 2017-01-23
-  Blurb here
+  Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could
+  cause relays and clients (including hidden services) to crash, even if
+  they were not built with the --enable-expensive-hardening option. This
+  bug affects all 0.2.9.x versions, and also affects 0.3.0.1-alpha: all
+  relays running an affected version should upgrade.
+
+  This release also resolves a client-side onion service reachability
+  bug, and relays a pair of small portability issues.
+
+  o Major bugfixes (security):
+    - Downgrade the "-ftrapv" option from "always on" to "only on when
+      --enable-expensive-hardening is provided." This hardening option,
+      like others, can turn survivable bugs into crashes--and having it
+      on by default made a (relatively harmless) integer overflow bug
+      into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001);
+      bugfix on 0.2.9.1-alpha.
 
   o Major bugfixes (client, onion service):
     - Fix a client-side onion service reachability bug, where multiple
diff --git a/changes/trove-2017-001 b/changes/trove-2017-001
deleted file mode 100644
index 5187e6d..0000000
--- a/changes/trove-2017-001
+++ /dev/null
@@ -1,8 +0,0 @@
-  o Major bugfixes (security):
-    - Downgrade the "-ftrapv" option from "always on" to "only on when
-      --enable-expensive-hardening is provided."  This hardening option, like
-      others, can turn survivable bugs into crashes--and having it on by
-      default made a (relatively harmless) integer overflow bug into a
-      denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on
-      0.2.9.1-alpha.
-

More information about the tor-commits mailing list