nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-24 04:13:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

final entries for 0.4.3.6 changelog

Browse Source
This commit is contained in:
Nick Mathewson 2020-07-09 10:18:03 -04:00
parent 18338f8771
commit 9fd445f884
4 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
ChangeLog
View File

@ -1,13 +1,36 @@
Changes in version 0.4.3.6 - 2020-07-??
Changes in version 0.4.3.6 - 2020-07-09
Tor 0.4.3.6 backports several bugfixes from later releases, including
some affecting usability.
This release also fixes TROVE-2020-001, a medium-severity denial of
service vulnerability affecting all versions of Tor when compiled with
the NSS encryption library. (This is not the default configuration.)
Using this vulnerability, an attacker could cause an affected Tor
instance to crash remotely. This issue is also tracked as CVE-2020-
15572. Anybody running a version of Tor built with the NSS library
should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha
or later.
o Major bugfixes (NSS, security, backport from 0.4.4.2-alpha):
- Fix a crash due to an out-of-bound memory access when Tor is
compiled with NSS support. Fixes bug 33119; bugfix on
0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001
and CVE-2020-15572.
o Minor bugfix (CI, Windows, backport from 0.4.4.2-alpha):
- Use the correct 64-bit printf format when compiling with MINGW on
Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha.
o Minor bugfixes (client performance, backport from 0.4.4.1-alpha):
- Resume use of preemptively-built circuits when UseEntryGuards is set
to 0. We accidentally disabled this feature with that config
setting, leading to slower load times. Fixes bug 34303; bugfix
on 0.3.3.2-alpha.
o Minor bugfixes (compiler warnings, backport from 0.4.4.2-alpha):
- Fix a compiler warning on platforms with 32-bit time_t values.
Fixes bug 40028; bugfix on 0.3.2.8-rc.
o Minor bugfixes (linux seccomp sandbox, nss, backport from 0.4.4.1-alpha):
- Fix a startup crash when tor is compiled with --enable-nss and
sandbox support is enabled. Fixes bug 34130; bugfix on

4
changes/bug33119
View File

@ -1,4 +0,0 @@
o Major bugfixes (NSS):
- Fix out-of-bound memory access in `tor_tls_cert_matches_key()` when Tor is
compiled with NSS support. Fixes bug 33119; bugfix on 0.3.5.1-alpha. This
issue is also tracked as TROVE-2020-001.

3
changes/bug40028
View File

@ -1,3 +0,0 @@
o Minor bugfixes (compiler warnings):
- Fix a compiler warning on platforms with 32-bit time_t values.
Fixes bug 40028; bugfix on 0.3.2.8-rc.

3
changes/ticket40026
View File

@ -1,3 +0,0 @@
o Minor bugfix (CI, Windows):
- Don't use stdio 64 bit printf format when compiling with MINGW on
Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha.