commit a5df309d89b828bbff9962c8aba26f157a5ee1ce Author: Nick Mathewson nickm@torproject.org Date: Mon Apr 6 09:37:36 2015 -0400
ChangeLog for 0.2.6.7 --- ChangeLog | 27 +++++++++++++++++++++++++++ changes/bug11447 | 5 ----- changes/bug15515 | 4 ---- changes/bug15600 | 5 ----- changes/bug15601 | 4 ---- 5 files changed, 27 insertions(+), 18 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 22b4da0..057b42f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,30 @@ +Changes in version 0.2.6.7 - 2015-04-06 + Tor 0.2.6.7 fixes two security issues that could be used by an + attacker to crash hidden services, or crash clients visiting hidden + services. Hidden services should upgrade as soon as possible; clients + should upgrade whenever packages become available. + + This release also contains two simple improvements to make hidden + services a bit less vulnerable to denial-of-service attacks. + + o Major bugfixes (security, hidden service): + - Fix an issue that would allow a malicious client to trigger an + assertion failure and halt a hidden service. Fixes bug 15600; + bugfix on 0.2.1.6-alpha. Reported by "skruffy". + - Fix a bug that could cause a client to crash with an assertion + failure when parsing a malformed hidden service descriptor. Fixes + bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha". + + o Minor features (DoS-resistance, hidden service): + - Make it harder for attackers to overwhelm hidden services with + introductions, by blocking multiple introduction requests on the + same circuit. Resolves ticket #15515. + - Decrease the amount of reattempts that a hidden service is willing + to perform when its rendezvous circuits fail. This reduces the + computational cost for hidden service under heavy load. Resolves + ticket #11447. + + Changes in version 0.2.6.6 - 2015-03-24 Tor 0.2.6.6 is the first stable release in the 0.2.6 series.
diff --git a/changes/bug11447 b/changes/bug11447 deleted file mode 100644 index 8cd4f5b..0000000 --- a/changes/bug11447 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (DoS-resistance): - - Decrease the amount of reattempts that a hidden service is - willing to perform when its rendezvous circuits fail. This - reduces the computational cost for hidden service under heavy - load. Resolves ticket #11447. \ No newline at end of file diff --git a/changes/bug15515 b/changes/bug15515 deleted file mode 100644 index dda7c2f..0000000 --- a/changes/bug15515 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (DoS-resistance): - - Make it harder for attackers to overwhelm hidden services with - introductions, by blocking multiple introduction requests on the - same circuit. Resolves ticket #15515. diff --git a/changes/bug15600 b/changes/bug15600 deleted file mode 100644 index ee1d6cf..0000000 --- a/changes/bug15600 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, hidden service): - - Fix an issue that would allow a malicious client to trigger - an assertion failure and halt a hidden service. Fixes - bug 15600; bugfix on 0.2.1.6-alpha. Reported by "skruffy". - diff --git a/changes/bug15601 b/changes/bug15601 deleted file mode 100644 index 2cc880a..0000000 --- a/changes/bug15601 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (security, hidden service): - - Fix a bug that could cause a client to crash with an assertion - failure when parsing a malformed hidden service descriptor. - Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha".