[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/release-0.4.3] final entries for 0.4.3.6 changelog

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/release-0.4.3] final entries for 0.4.3.6 changelog
From: nickm@xxxxxxxxxxxxxx
Date: Thu, 9 Jul 2020 14:26:50 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 09 Jul 2020 10:27:07 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 9fd445f884beae277c1a14da6d0b542e577ed96d
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Thu Jul 9 10:18:03 2020 -0400

    final entries for 0.4.3.6 changelog
---
 ChangeLog           | 25 ++++++++++++++++++++++++-
 changes/bug33119    |  4 ----
 changes/bug40028    |  3 ---
 changes/ticket40026 |  3 ---
 4 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a363aa99d..7b6bd25c8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,13 +1,36 @@
-Changes in version 0.4.3.6 - 2020-07-??
+Changes in version 0.4.3.6 - 2020-07-09
   Tor 0.4.3.6 backports several bugfixes from later releases, including
   some affecting usability.
 
+  This release also fixes TROVE-2020-001, a medium-severity denial of
+  service vulnerability affecting all versions of Tor when compiled with
+  the NSS encryption library. (This is not the default configuration.)
+  Using this vulnerability, an attacker could cause an affected Tor
+  instance to crash remotely. This issue is also tracked as CVE-2020-
+  15572. Anybody running a version of Tor built with the NSS library
+  should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha
+  or later.
+
+  o Major bugfixes (NSS, security, backport from 0.4.4.2-alpha):
+    - Fix a crash due to an out-of-bound memory access when Tor is
+      compiled with NSS support. Fixes bug 33119; bugfix on
+      0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001
+      and CVE-2020-15572.
+
+  o Minor bugfix (CI, Windows, backport from 0.4.4.2-alpha):
+    - Use the correct 64-bit printf format when compiling with MINGW on
+      Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha.
+
   o Minor bugfixes (client performance, backport from 0.4.4.1-alpha):
     - Resume use of preemptively-built circuits when UseEntryGuards is set
       to 0. We accidentally disabled this feature with that config
       setting, leading to slower load times. Fixes bug 34303; bugfix
       on 0.3.3.2-alpha.
 
+  o Minor bugfixes (compiler warnings, backport from 0.4.4.2-alpha):
+    - Fix a compiler warning on platforms with 32-bit time_t values.
+      Fixes bug 40028; bugfix on 0.3.2.8-rc.
+
   o Minor bugfixes (linux seccomp sandbox, nss, backport from 0.4.4.1-alpha):
     - Fix a startup crash when tor is compiled with --enable-nss and
       sandbox support is enabled. Fixes bug 34130; bugfix on
diff --git a/changes/bug33119 b/changes/bug33119
deleted file mode 100644
index c976654b2..000000000
--- a/changes/bug33119
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Major bugfixes (NSS):
-    - Fix out-of-bound memory access in `tor_tls_cert_matches_key()` when Tor is
-      compiled with NSS support. Fixes bug 33119; bugfix on 0.3.5.1-alpha. This
-      issue is also tracked as TROVE-2020-001.
diff --git a/changes/bug40028 b/changes/bug40028
deleted file mode 100644
index cfd1ffe51..000000000
--- a/changes/bug40028
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (compiler warnings):
-    - Fix a compiler warning on platforms with 32-bit time_t values.
-      Fixes bug 40028; bugfix on 0.3.2.8-rc.
diff --git a/changes/ticket40026 b/changes/ticket40026
deleted file mode 100644
index f87c2964e..000000000
--- a/changes/ticket40026
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfix (CI, Windows):
-    - Don't use stdio 64 bit printf format when compiling with MINGW on
-      Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha.



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/release-0.4.4] Changes file for ticket 31812.
Next by Author: [tor-commits] [tor/master] Merge branch 'maint-0.4.4'
Previous by thread: [tor-commits] [tor/release-0.4.2] final entries for 0.4.2.8 changelog
Next by thread: [tor-commits] [tor/release-0.4.3] 043: copy changelog into release notes
Index(es):
- Author
- Thread