Sort changelog in release-0.2.7-redux
This commit is contained in:
Nick Mathewson
parent
680d940298
commit
1fe5097132
80
ChangeLog
80
ChangeLog
|
|
@ -20,43 +20,6 @@ Changes in version 0.2.7.7 - 2017-03-??
|
|||
it was changed on 18 November 2015. Closes task 17906. Patch
|
||||
by "teor".
|
||||
|
||||
o Major bugfixes (dns proxy mode, crash, backport from 0.2.8.2-alpha):
|
||||
- Avoid crashing when running as a DNS proxy. Fixes bug 16248;
|
||||
bugfix on 0.2.0.1-alpha. Patch from "cypherpunks".
|
||||
|
||||
o Minor features (bug-resistance, backport from 0.2.8.2-alpha):
|
||||
- Make Tor survive errors involving connections without a
|
||||
corresponding event object. Previously we'd fail with an
|
||||
assertion; now we produce a log message. Related to bug 16248.
|
||||
|
||||
o Minor features (security, memory erasure, backport from 0.2.8.1-alpha):
|
||||
- Make memwipe() do nothing when passed a NULL pointer or buffer of
|
||||
zero size. Check size argument to memwipe() for underflow. Fixes
|
||||
bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk",
|
||||
patch by "teor".
|
||||
|
||||
o Major bugfixes (security, pointers, backport from 0.2.8.2-alpha):
|
||||
- Avoid a difficult-to-trigger heap corruption attack when extending
|
||||
a smartlist to contain over 16GB of pointers. Fixes bug 18162;
|
||||
bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely.
|
||||
Reported by Guido Vranken.
|
||||
|
||||
|
||||
o Major bugfixes (security, client, DNS proxy, backport from 0.2.8.3-alpha):
|
||||
- Stop a crash that could occur when a client running with DNSPort
|
||||
received a query with multiple address types, and the first
|
||||
address type was not supported. Found and fixed by Scott Dial.
|
||||
Fixes bug 18710; bugfix on 0.2.5.4-alpha.
|
||||
|
||||
- Prevent a class of security bugs caused by treating the contents
|
||||
of a buffer chunk as if they were a NUL-terminated string. At
|
||||
least one such bug seems to be present in all currently used
|
||||
versions of Tor, and would allow an attacker to remotely crash
|
||||
most Tor instances, especially those compiled with extra compiler
|
||||
hardening. With this defense in place, such bugs can't crash Tor,
|
||||
though we should still fix them as they occur. Closes ticket
|
||||
20384 (TROVE-2016-10-001).
|
||||
|
||||
o Major bugfixes (parsing, security, backport from 0.2.9.8):
|
||||
- Fix a bug in parsing that could cause clients to read a single
|
||||
byte past the end of an allocated region. This bug could be used
|
||||
|
|
@ -67,6 +30,30 @@ Changes in version 0.2.7.7 - 2017-03-??
|
|||
0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
|
||||
2016-12-002 and as CVE-2016-1254.
|
||||
|
||||
o Major bugfixes (security, client, DNS proxy, backport from 0.2.8.3-alpha):
|
||||
- Stop a crash that could occur when a client running with DNSPort
|
||||
received a query with multiple address types, and the first
|
||||
address type was not supported. Found and fixed by Scott Dial.
|
||||
Fixes bug 18710; bugfix on 0.2.5.4-alpha.
|
||||
- Prevent a class of security bugs caused by treating the contents
|
||||
of a buffer chunk as if they were a NUL-terminated string. At
|
||||
least one such bug seems to be present in all currently used
|
||||
versions of Tor, and would allow an attacker to remotely crash
|
||||
most Tor instances, especially those compiled with extra compiler
|
||||
hardening. With this defense in place, such bugs can't crash Tor,
|
||||
though we should still fix them as they occur. Closes ticket
|
||||
20384 (TROVE-2016-10-001).
|
||||
|
||||
o Major bugfixes (security, pointers, backport from 0.2.8.2-alpha):
|
||||
- Avoid a difficult-to-trigger heap corruption attack when extending
|
||||
a smartlist to contain over 16GB of pointers. Fixes bug 18162;
|
||||
bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely.
|
||||
Reported by Guido Vranken.
|
||||
|
||||
o Major bugfixes (dns proxy mode, crash, backport from 0.2.8.2-alpha):
|
||||
- Avoid crashing when running as a DNS proxy. Fixes bug 16248;
|
||||
bugfix on 0.2.0.1-alpha. Patch from "cypherpunks".
|
||||
|
||||
o Major bugfixes (key management, backport from 0.2.8.3-alpha):
|
||||
- If OpenSSL fails to generate an RSA key, do not retain a dangling
|
||||
pointer to the previous (uninitialized) key value. The impact here
|
||||
|
|
@ -76,10 +63,6 @@ Changes in version 0.2.7.7 - 2017-03-??
|
|||
0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and
|
||||
Baishakhi Ray.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
o Major bugfixes (parsing, backported from 0.3.0.4-rc):
|
||||
- Fix an integer underflow bug when comparing malformed Tor
|
||||
versions. This bug could crash Tor when built with
|
||||
|
|
@ -88,6 +71,21 @@ Changes in version 0.2.7.7 - 2017-03-??
|
|||
it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
|
||||
on 0.0.8pre1. Found by OSS-Fuzz.
|
||||
|
||||
o Minor features (security, memory erasure, backport from 0.2.8.1-alpha):
|
||||
- Make memwipe() do nothing when passed a NULL pointer or buffer of
|
||||
zero size. Check size argument to memwipe() for underflow. Fixes
|
||||
bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk",
|
||||
patch by "teor".
|
||||
|
||||
o Minor features (bug-resistance, backport from 0.2.8.2-alpha):
|
||||
- Make Tor survive errors involving connections without a
|
||||
corresponding event object. Previously we'd fail with an
|
||||
assertion; now we produce a log message. Related to bug 16248.
|
||||
|
||||
o Minor features (geoip):
|
||||
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
|
||||
Country database.
|
||||
|
||||
|
||||
Changes in version 0.2.7.6 - 2015-12-10
|
||||
Tor version 0.2.7.6 fixes a major bug in entry guard selection, as
|
||||
|
|
|
|||
Loading…
Reference in New Issue