diff options
| author | Nick Mathewson <nickm@torproject.org> | 2015-04-06 10:01:44 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-04-06 10:01:44 -0400 |
| commit | e98b8bc495510f390b0ef43e7bdc5e1c76f91aa0 (patch) | |
| tree | a0b3b3c678c77425e9970a57672995232c3c42c9 /ChangeLog | |
| parent | a201a5396e9aef779386216e2a21bfeb75d3d9c6 (diff) | |
| download | tor-e98b8bc495510f390b0ef43e7bdc5e1c76f91aa0.tar.gz tor-e98b8bc495510f390b0ef43e7bdc5e1c76f91aa0.zip | |
Forward-port today's changelogs and release notes
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 52 |
1 files changed, 52 insertions, 0 deletions
@@ -1,6 +1,58 @@ Changes in version 0.2.7.1-alpha - 2015-0?-?? +Changes in version 0.2.4.27 - 2015-04-06 + Tor 0.2.4.27 backports two fixes from 0.2.6.7 for security issues that + could be used by an attacker to crash hidden services, or crash clients + visiting hidden services. Hidden services should upgrade as soon as + possible; clients should upgrade whenever packages become available. + + This release also backports a simple improvement to make hidden + services a bit less vulnerable to denial-of-service attacks. + + o Major bugfixes (security, hidden service): + - Fix an issue that would allow a malicious client to trigger an + assertion failure and halt a hidden service. Fixes bug 15600; + bugfix on 0.2.1.6-alpha. Reported by "disgleirio". + - Fix a bug that could cause a client to crash with an assertion + failure when parsing a malformed hidden service descriptor. Fixes + bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC". + + o Minor features (DoS-resistance, hidden service): + - Introduction points no longer allow multiple INTRODUCE1 cells to + arrive on the same circuit. This should make it more expensive for + attackers to overwhelm hidden services with introductions. + Resolves ticket 15515. + + +Changes in version 0.2.6.7 - 2015-04-06 + Tor 0.2.6.7 fixes two security issues that could be used by an + attacker to crash hidden services, or crash clients visiting hidden + services. Hidden services should upgrade as soon as possible; clients + should upgrade whenever packages become available. + + This release also contains two simple improvements to make hidden + services a bit less vulnerable to denial-of-service attacks. + + o Major bugfixes (security, hidden service): + - Fix an issue that would allow a malicious client to trigger an + assertion failure and halt a hidden service. Fixes bug 15600; + bugfix on 0.2.1.6-alpha. Reported by "disgleirio". + - Fix a bug that could cause a client to crash with an assertion + failure when parsing a malformed hidden service descriptor. Fixes + bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC". + + o Minor features (DoS-resistance, hidden service): + - Introduction points no longer allow multiple INTRODUCE1 cells to + arrive on the same circuit. This should make it more expensive for + attackers to overwhelm hidden services with introductions. + Resolves ticket 15515. + - Decrease the amount of reattempts that a hidden service performs + when its rendezvous circuits fail. This reduces the computational + cost for running a hidden service under heavy load. Resolves + ticket 11447. + + Changes in version 0.2.6.6 - 2015-03-24 Tor 0.2.6.6 is the first stable release in the 0.2.6 series. |