From d6b62571213c34fb55c9ba5a09dbd642f7c876f4 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 28 Feb 2017 09:55:09 -0500 Subject: [PATCH] More changelog edits --- ChangeLog | 61 ++++++++++++++++++++++++------------------------------- 1 file changed, 26 insertions(+), 35 deletions(-) diff --git a/ChangeLog b/ChangeLog index dbe48b5cf..737a39810 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,29 +8,25 @@ Changes in version 0.3.0.4-rc - 2017-03-?? will be nearly identical to it. o Major bugfixes (bridges): - - When the same bridge is configured multiple times at different - address:port combinations (but with the same identity), treat - those bridge instances as separate guards. This allows clients to - configure the same bridge with multiple pluggable transports, once - again. Fixes bug 21027; bugfix on 0.3.0.1-alpha. + - When the same bridge is configured multiple times with the same + identity, but at different address:port combinations, treat those + bridge instances as separate guards. This fix restores the ability + of clients to configure the same bridge with multiple pluggable + transports. Fixes bug 21027; bugfix on 0.3.0.1-alpha. o Major bugfixes (hidden service directory v3): - - When a descriptor lookup was done and it was not found in the - directory cache, it would crash on a NULL pointer instead of - returning the 404 code back to the client like it was suppose to. - Fixes bug 21471; bugfixes on tor-0.3.0.1-alpha. + - Stop crashing on a failed v3 hidden service descriptor lookup + failure. Fixes bug 21471; bugfixes on tor-0.3.0.1-alpha. - o Major bugfixes (HTTP, parsing): + o Major bugfixes (parsing): - When parsing a malformed content-length field from an HTTP message, do not read off the end of the buffer. This bug was a potential remote denial-of-service attack against Tor clients and - relays. A workaround was released in October 2016, which prevents - this bug from crashing Tor. This is a fix for the underlying - issue, which should no longer matter (if you applied the earlier - patch). Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by - fuzzing using AFL (http://lcamtuf.coredump.cx/afl/). - - o Major bugfixes (parsing): + relays. A workaround was released in October 2016, to prevent this + bug from crashing Tor. This is a fix for the underlying issue, + which should no longer matter (if you applied the earlier patch). + Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing + using AFL (http://lcamtuf.coredump.cx/afl/). - Fix an integer underflow bug when comparing malformed Tor versions. This bug could crash Tor when built with --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor @@ -38,14 +34,17 @@ Changes in version 0.3.0.4-rc - 2017-03-?? it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix on 0.0.8pre1. Found by OSS-Fuzz. - o Minor feature (protover): + o Minor feature (protocol versioning): - Add new protocol version for proposal 224. HSIntro now advertises version "3-4" and HSDir version "1-2". Fixes ticket 20656. - o Minor features (directory authority): + o Minor features (directory authorities): - Directory authorities now reject descriptors that claim to be malformed versions of Tor. Helps prevent exploitation of bug 21278. + - Reject version numbers with components that exceed INT32_MAX. + Otherwise 32-bit and 64-bit platforms would behave inconsistently. + Fixes bug 21450; bugfix on 0.0.8pre1. o Minor features (geoip): - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 @@ -68,8 +67,6 @@ Changes in version 0.3.0.4-rc - 2017-03-?? o Minor bugfixes (code correctness): - Repair a couple of (unreachable or harmless) cases of the risky comparison-by-subtraction pattern that caused bug 21278. - - o Minor bugfixes (correctness): - Remove a redundant check for the UseEntryGuards option from the options_transition_affects_guards() function. Fixes bug 21492; bugfix on 0.3.0.1-alpha. @@ -88,28 +85,22 @@ Changes in version 0.3.0.4-rc - 2017-03-?? instance of bug 21007; bugfix on 0.3.0.1-alpha. o Minor bugfixes (hidden service): - - When encoding a legacy ESTABLISH_INTRO cell, we were using the - sizeof() on a pointer instead of real size of the destination - buffer leading to an overflow passing an enormous value to the - signing digest function. Fortunately, that value was only used to - make sure the destination buffer length was big enough for the key - size and in this case it was. Fixes bug 21553; bugfix - on 0.3.0.1-alpha. + - Pass correct buffer length when encoding legacy ESTABLISH_INTRO + cells. Previously, we were using sizeof() on a pointer, instead of + the real destination buffer. Fortunately, that value was only used + to double-check that there was enough room--which was already + enforced elsewhere. Fixes bug 21553; bugfix on 0.3.0.1-alpha. o Minor bugfixes (testing): - - Fix Raspbian build missing socket errno in test util. Fixes bug - 21116; bugfix on tor-0.2.8.2. Patch by "hein". + - Fix Raspbian build issues related to missing socket errno in + test_util.c. Fixes bug 21116; bugfix on tor-0.2.8.2. Patch + by "hein". - Rename "make fuzz" to "make test-fuzz-corpora", since it doesn't actually fuzz anything. Fixes bug 21447; bugfix on 0.3.0.3-alpha. - Use bash in src/test/test-network.sh. This ensures we reliably call chutney's newer tools/test-network.sh when available. Fixes bug 21562; bugfix on 0.2.9.1-alpha. - o Minor bugfixes (voting consistency): - - Reject version numbers with components that exceed INT32_MAX. - Otherwise 32-bit and 64-bit platforms would behave inconsistently. - Fixes bug 21450; bugfix on 0.0.8pre1. - o Documentation: - Small fixes to the fuzzing documentation. Closes ticket 21472.