[tor-commits] [tor/release-0.2.6] ChangeLog for 0.2.6.7
nickm at torproject.org
nickm at torproject.org
Mon Apr 6 13:40:21 UTC 2015
commit a5df309d89b828bbff9962c8aba26f157a5ee1ce
Author: Nick Mathewson <nickm at torproject.org>
Date: Mon Apr 6 09:37:36 2015 -0400
ChangeLog for 0.2.6.7
---
ChangeLog | 27 +++++++++++++++++++++++++++
changes/bug11447 | 5 -----
changes/bug15515 | 4 ----
changes/bug15600 | 5 -----
changes/bug15601 | 4 ----
5 files changed, 27 insertions(+), 18 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 22b4da0..057b42f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,30 @@
+Changes in version 0.2.6.7 - 2015-04-06
+ Tor 0.2.6.7 fixes two security issues that could be used by an
+ attacker to crash hidden services, or crash clients visiting hidden
+ services. Hidden services should upgrade as soon as possible; clients
+ should upgrade whenever packages become available.
+
+ This release also contains two simple improvements to make hidden
+ services a bit less vulnerable to denial-of-service attacks.
+
+ o Major bugfixes (security, hidden service):
+ - Fix an issue that would allow a malicious client to trigger an
+ assertion failure and halt a hidden service. Fixes bug 15600;
+ bugfix on 0.2.1.6-alpha. Reported by "skruffy".
+ - Fix a bug that could cause a client to crash with an assertion
+ failure when parsing a malformed hidden service descriptor. Fixes
+ bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha".
+
+ o Minor features (DoS-resistance, hidden service):
+ - Make it harder for attackers to overwhelm hidden services with
+ introductions, by blocking multiple introduction requests on the
+ same circuit. Resolves ticket #15515.
+ - Decrease the amount of reattempts that a hidden service is willing
+ to perform when its rendezvous circuits fail. This reduces the
+ computational cost for hidden service under heavy load. Resolves
+ ticket #11447.
+
+
Changes in version 0.2.6.6 - 2015-03-24
Tor 0.2.6.6 is the first stable release in the 0.2.6 series.
diff --git a/changes/bug11447 b/changes/bug11447
deleted file mode 100644
index 8cd4f5b..0000000
--- a/changes/bug11447
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features (DoS-resistance):
- - Decrease the amount of reattempts that a hidden service is
- willing to perform when its rendezvous circuits fail. This
- reduces the computational cost for hidden service under heavy
- load. Resolves ticket #11447.
\ No newline at end of file
diff --git a/changes/bug15515 b/changes/bug15515
deleted file mode 100644
index dda7c2f..0000000
--- a/changes/bug15515
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (DoS-resistance):
- - Make it harder for attackers to overwhelm hidden services with
- introductions, by blocking multiple introduction requests on the
- same circuit. Resolves ticket #15515.
diff --git a/changes/bug15600 b/changes/bug15600
deleted file mode 100644
index ee1d6cf..0000000
--- a/changes/bug15600
+++ /dev/null
@@ -1,5 +0,0 @@
- o Major bugfixes (security, hidden service):
- - Fix an issue that would allow a malicious client to trigger
- an assertion failure and halt a hidden service. Fixes
- bug 15600; bugfix on 0.2.1.6-alpha. Reported by "skruffy".
-
diff --git a/changes/bug15601 b/changes/bug15601
deleted file mode 100644
index 2cc880a..0000000
--- a/changes/bug15601
+++ /dev/null
@@ -1,4 +0,0 @@
- o Major bugfixes (security, hidden service):
- - Fix a bug that could cause a client to crash with an assertion
- failure when parsing a malformed hidden service descriptor.
- Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha".
More information about the tor-commits
mailing list