From 94582b15801f6d06ce32625421fc75c48035bc85 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Tue, 11 Sep 2012 14:09:23 -0400 Subject: [PATCH] fold in 0.2.2.39 changelog items --- ChangeLog | 20 +++++++++++++++++--- ReleaseNotes | 20 +++++++++++++++++--- changes/bug6690 | 7 ------- changes/bug6811 | 5 ----- changes/note-releasenote-fix | 10 ---------- 5 files changed, 34 insertions(+), 28 deletions(-) delete mode 100644 changes/bug6690 delete mode 100644 changes/bug6811 delete mode 100644 changes/note-releasenote-fix diff --git a/ChangeLog b/ChangeLog index 600a2109d..cedc1c47c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,21 @@ +Changes in version 0.2.2.39 - 2012-09-11 + Tor 0.2.2.39 fixes two more opportunities for remotely triggerable + assertions. + + o Security fixes: + - Fix an assertion failure in tor_timegm() that could be triggered + by a badly formatted directory object. Bug found by fuzzing with + Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc. + - Do not crash when comparing an address with port value 0 to an + address policy. This bug could have been used to cause a remote + assertion failure by or against directory authorities, or to + allow some applications to crash clients. Fixes bug 6690; bugfix + on 0.2.1.10-alpha. + + Changes in version 0.2.2.38 - 2012-08-12 - Tor 0.2.2.38 fixes a rare race condition that can crash exit relays; - fixes a remotely triggerable crash bug; and fixes a timing attack that - could in theory leak path information. + Tor 0.2.2.38 fixes a remotely triggerable crash bug, and fixes a timing + attack that could in theory leak path information. o Security fixes: - Avoid an uninitialized memory read when reading a vote or consensus diff --git a/ReleaseNotes b/ReleaseNotes index e658694a0..693b0b7b7 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -3,10 +3,24 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.2.2.39 - 2012-09-11 + Tor 0.2.2.39 fixes two more opportunities for remotely triggerable + assertions. + + o Security fixes: + - Fix an assertion failure in tor_timegm() that could be triggered + by a badly formatted directory object. Bug found by fuzzing with + Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc. + - Do not crash when comparing an address with port value 0 to an + address policy. This bug could have been used to cause a remote + assertion failure by or against directory authorities, or to + allow some applications to crash clients. Fixes bug 6690; bugfix + on 0.2.1.10-alpha. + + Changes in version 0.2.2.38 - 2012-08-12 - Tor 0.2.2.38 fixes a rare race condition that can crash exit relays; - fixes a remotely triggerable crash bug; and fixes a timing attack that - could in theory leak path information. + Tor 0.2.2.38 fixes a remotely triggerable crash bug, and fixes a timing + attack that could in theory leak path information. o Security fixes: - Avoid an uninitialized memory read when reading a vote or consensus diff --git a/changes/bug6690 b/changes/bug6690 deleted file mode 100644 index 99d42976e..000000000 --- a/changes/bug6690 +++ /dev/null @@ -1,7 +0,0 @@ - o Major bugfixes (security): - - Do not crash when comparing an address with port value 0 to an - address policy. This bug could have been used to cause a remote - assertion failure by or against directory authorities, or to - allow some applications to crash clients. Fixes bug 6690; bugfix - on 0.2.1.10-alpha. - diff --git a/changes/bug6811 b/changes/bug6811 deleted file mode 100644 index 841ec1c54..000000000 --- a/changes/bug6811 +++ /dev/null @@ -1,5 +0,0 @@ - o Major security fixes: - - Fix an assertion failure in tor_timegm that could be triggered - by a badly formatted directory object. Bug found by fuzzing with - Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc. - diff --git a/changes/note-releasenote-fix b/changes/note-releasenote-fix deleted file mode 100644 index 586e2d263..000000000 --- a/changes/note-releasenote-fix +++ /dev/null @@ -1,10 +0,0 @@ - - o Documentation fix: - Remove the following entry from the 0.2.2.38 changelog, since the patch - was not, in fact, included in 0.2.2.38: - . - - Avoid read-from-freed-memory and double-free bugs that could occur - when a DNS request fails while launching it. Fixes bug 6480; - bugfix on 0.2.0.1-alpha. - . - Fixes bug 6657; bugfix on 0.2.2.38.