diff options
| author | Nick Mathewson <nickm@torproject.org> | 2015-04-06 09:37:36 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-04-06 09:37:36 -0400 |
| commit | a5df309d89b828bbff9962c8aba26f157a5ee1ce (patch) | |
| tree | 289cc95b7c72cacd49853f64fd3f02b1b15954ad | |
| parent | 164c8349fb445ecb3dded9547bd61cfbaeaf6ee8 (diff) | |
| download | tor-a5df309d89b828bbff9962c8aba26f157a5ee1ce.tar.gz tor-a5df309d89b828bbff9962c8aba26f157a5ee1ce.zip | |
ChangeLog for 0.2.6.7
| -rw-r--r-- | ChangeLog | 27 | ||||
| -rw-r--r-- | changes/bug11447 | 5 | ||||
| -rw-r--r-- | changes/bug15515 | 4 | ||||
| -rw-r--r-- | changes/bug15600 | 5 | ||||
| -rw-r--r-- | changes/bug15601 | 4 |
5 files changed, 27 insertions, 18 deletions
@@ -1,3 +1,30 @@ +Changes in version 0.2.6.7 - 2015-04-06 + Tor 0.2.6.7 fixes two security issues that could be used by an + attacker to crash hidden services, or crash clients visiting hidden + services. Hidden services should upgrade as soon as possible; clients + should upgrade whenever packages become available. + + This release also contains two simple improvements to make hidden + services a bit less vulnerable to denial-of-service attacks. + + o Major bugfixes (security, hidden service): + - Fix an issue that would allow a malicious client to trigger an + assertion failure and halt a hidden service. Fixes bug 15600; + bugfix on 0.2.1.6-alpha. Reported by "skruffy". + - Fix a bug that could cause a client to crash with an assertion + failure when parsing a malformed hidden service descriptor. Fixes + bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha". + + o Minor features (DoS-resistance, hidden service): + - Make it harder for attackers to overwhelm hidden services with + introductions, by blocking multiple introduction requests on the + same circuit. Resolves ticket #15515. + - Decrease the amount of reattempts that a hidden service is willing + to perform when its rendezvous circuits fail. This reduces the + computational cost for hidden service under heavy load. Resolves + ticket #11447. + + Changes in version 0.2.6.6 - 2015-03-24 Tor 0.2.6.6 is the first stable release in the 0.2.6 series. diff --git a/changes/bug11447 b/changes/bug11447 deleted file mode 100644 index 8cd4f5b467..0000000000 --- a/changes/bug11447 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (DoS-resistance): - - Decrease the amount of reattempts that a hidden service is - willing to perform when its rendezvous circuits fail. This - reduces the computational cost for hidden service under heavy - load. Resolves ticket #11447.
\ No newline at end of file diff --git a/changes/bug15515 b/changes/bug15515 deleted file mode 100644 index dda7c2fcd8..0000000000 --- a/changes/bug15515 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (DoS-resistance): - - Make it harder for attackers to overwhelm hidden services with - introductions, by blocking multiple introduction requests on the - same circuit. Resolves ticket #15515. diff --git a/changes/bug15600 b/changes/bug15600 deleted file mode 100644 index ee1d6cfe19..0000000000 --- a/changes/bug15600 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, hidden service): - - Fix an issue that would allow a malicious client to trigger - an assertion failure and halt a hidden service. Fixes - bug 15600; bugfix on 0.2.1.6-alpha. Reported by "skruffy". - diff --git a/changes/bug15601 b/changes/bug15601 deleted file mode 100644 index 2cc880af7f..0000000000 --- a/changes/bug15601 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (security, hidden service): - - Fix a bug that could cause a client to crash with an assertion - failure when parsing a malformed hidden service descriptor. - Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha". |