pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

PR/49823 CVS commit: [pkgsrc-2015Q1] pkgsrc/net/tor



The following reply was made to PR pkg/49823; it has been noted by GNATS.

From: "Matthias Scheler" <tron%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/49823 CVS commit: [pkgsrc-2015Q1] pkgsrc/net/tor
Date: Wed, 8 Apr 2015 20:53:25 +0000

 Module Name:	pkgsrc
 Committed By:	tron
 Date:		Wed Apr  8 20:53:25 UTC 2015
 
 Modified Files:
 	pkgsrc/net/tor [pkgsrc-2015Q1]: Makefile distinfo
 
 Log Message:
 Pullup ticket #4657 - requested by wiz
 net/tor: security update
 
 Revisions pulled up:
 - net/tor/Makefile                                              1.102
 - net/tor/distinfo                                              1.63
 
 ---
    Module Name:	pkgsrc
    Committed By:	wiz
    Date:		Wed Apr  8 05:26:02 UTC 2015
 
    Modified Files:
    	pkgsrc/net/tor: Makefile distinfo
 
    Log Message:
    Update to 0.2.5.12,  from Christian Sturm in PR 49823.
 
    Changes in version 0.2.5.12 - 2015-04-06
      Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that
      could be used by an attacker to crash hidden services, or crash clients
      visiting hidden services. Hidden services should upgrade as soon as
      possible; clients should upgrade whenever packages become available.
 
      This release also backports a simple improvement to make hidden
      services a bit less vulnerable to denial-of-service attacks.
 
      o Major bugfixes (security, hidden service):
        - Fix an issue that would allow a malicious client to trigger an
          assertion failure and halt a hidden service. Fixes bug 15600;
          bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
        - Fix a bug that could cause a client to crash with an assertion
          failure when parsing a malformed hidden service descriptor. Fixes
          bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
 
      o Minor features (DoS-resistance, hidden service):
        - Introduction points no longer allow multiple INTRODUCE1 cells to
          arrive on the same circuit. This should make it more expensive for
          attackers to overwhelm hidden services with introductions.
          Resolves ticket 15515.
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.101 -r1.101.2.1 pkgsrc/net/tor/Makefile
 cvs rdiff -u -r1.62 -r1.62.2.1 pkgsrc/net/tor/distinfo
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.
 


Home | Main Index | Thread Index | Old Index