ChangeLog for 0.2.6.7

2015-04-06 09:37:36 -04:00 · 2015-04-06 09:37:36 -04:00 · a5df309d89
parent 164c8349fb
commit a5df309d89
5 changed files with 27 additions and 18 deletions
--- a/27
+++ b/27
@ -1,3 +1,30 @@
+Changes in version 0.2.6.7 - 2015-04-06
+  Tor 0.2.6.7 fixes two security issues that could be used by an
+  attacker to crash hidden services, or crash clients visiting hidden
+  services. Hidden services should upgrade as soon as possible; clients
+  should upgrade whenever packages become available.
+
+  This release also contains two simple improvements to make hidden
+  services a bit less vulnerable to denial-of-service attacks.
+
+  o Major bugfixes (security, hidden service):
+    - Fix an issue that would allow a malicious client to trigger an
+      assertion failure and halt a hidden service. Fixes bug 15600;
+      bugfix on 0.2.1.6-alpha. Reported by "skruffy".
+    - Fix a bug that could cause a client to crash with an assertion
+      failure when parsing a malformed hidden service descriptor. Fixes
+      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha".
+
+  o Minor features (DoS-resistance, hidden service):
+    - Make it harder for attackers to overwhelm hidden services with
+      introductions, by blocking multiple introduction requests on the
+      same circuit. Resolves ticket #15515.
+    - Decrease the amount of reattempts that a hidden service is willing
+      to perform when its rendezvous circuits fail. This reduces the
+      computational cost for hidden service under heavy load. Resolves
+      ticket #11447.
+
+
 Changes in version 0.2.6.6 - 2015-03-24
  Tor 0.2.6.6 is the first stable release in the 0.2.6 series.

--- a/changes/bug11447
+++ b/changes/bug11447
@ -1,5 +0,0 @@
-  o Minor features (DoS-resistance):
-    - Decrease the amount of reattempts that a hidden service is
-      willing to perform when its rendezvous circuits fail. This
-      reduces the computational cost for hidden service under heavy
-      load. Resolves ticket #11447.
--- a/changes/bug15515
+++ b/changes/bug15515
@ -1,4 +0,0 @@
-  o Minor features (DoS-resistance):
-    - Make it harder for attackers to overwhelm hidden services with
-      introductions, by blocking multiple introduction requests on the
-      same circuit. Resolves ticket #15515.
--- a/changes/bug15600
+++ b/changes/bug15600
@ -1,5 +0,0 @@
-  o Major bugfixes (security, hidden service):
-    - Fix an issue that would allow a malicious client to trigger
-      an assertion failure and halt a hidden service. Fixes
-      bug 15600; bugfix on 0.2.1.6-alpha. Reported by "skruffy".
-
--- a/changes/bug15601
+++ b/changes/bug15601
@ -1,4 +0,0 @@
-  o Major bugfixes (security, hidden service):
-    - Fix a bug that could cause a client to crash with an assertion
-      failure when parsing a malformed hidden service descriptor.
-      Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha".