From 52b2b2c82f304629eb1128ed46fdd6edeba7eb67 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 17 Oct 2016 14:55:05 -0400 Subject: [PATCH] Fold 20384 into changelog --- ChangeLog | 30 +++++++++++++++++++++++------- changes/buf-sentinel | 11 ----------- 2 files changed, 23 insertions(+), 18 deletions(-) delete mode 100644 changes/buf-sentinel diff --git a/ChangeLog b/ChangeLog index 5bf4ebd04c..aa9aace759 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,11 +1,27 @@ Changes in version 0.2.9.4-alpha - 2016-10-17 - Tor 0.2.9.4-alpha adds numerous small features and fix-ups to previous - versions of Tor, including the implementation of a feature to future- - proof the Tor ecosystem against protocol changes, some bug fixes - necessary for Tor Browser to use unix domain sockets correctly, and - several portability improvements. We anticipate that this will be the - last alpha in the Tor 0.2.9 series, and that the next release will be - a release candidate. + Tor 0.2.9.4-alpha fixes a security hole in previous versions of Tor + that would allow a remote attacker to crash a Tor client, hidden + service, relay, or authority. All Tor users should upgrade to this + version, or to 0.2.8.9. Patches will be released for older versions + of Tor. + + Tor 0.2.9.4-alpha also adds numerous small features and fix-ups to + previous versions of Tor, including the implementation of a feature to + future- proof the Tor ecosystem against protocol changes, some bug + fixes necessary for Tor Browser to use unix domain sockets correctly, + and several portability improvements. We anticipate that this will be + the last alpha in the Tor 0.2.9 series, and that the next release will + be a release candidate. + + o Major features (security fixes): + - Prevent a class of security bugs caused by treating the contents + of a buffer chunk as if they were a NUL-terminated string. At + least one such bug seems to be present in all currently used + versions of Tor, and would allow an attacker to remotely crash + most Tor instances, especially those compiled with extra compiler + hardening. With this defense in place, such bugs can't crash Tor, + though we should still fix them as they occur. Closes ticket + 20384 (TROVE-2016-10-001). o Major features (subprotocol versions): - Tor directory authorities now vote on a set of recommended diff --git a/changes/buf-sentinel b/changes/buf-sentinel deleted file mode 100644 index 7c5b829c19..0000000000 --- a/changes/buf-sentinel +++ /dev/null @@ -1,11 +0,0 @@ - o Major features (security fixes): - - - Prevent a class of security bugs caused by treating the contents - of a buffer chunk as if they were a NUL-terminated string. At - least one such bug seems to be present in all currently used - versions of Tor, and would allow an attacker to remotely crash - most Tor instances, especially those compiled with extra compiler - hardening. With this defense in place, such bugs can't crash Tor, - though we should still fix them as they occur. Closes ticket 20384 - (TROVE-2016-10-001). -