pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

PR/49917 CVS commit: pkgsrc/net/tor

The following reply was made to PR pkg/49917; it has been noted by GNATS.

From: "Benny Siegert" <>
Subject: PR/49917 CVS commit: pkgsrc/net/tor
Date: Sat, 23 May 2015 08:53:11 +0000

 Module Name:	pkgsrc
 Committed By:	bsiegert
 Date:		Sat May 23 08:53:11 UTC 2015
 Modified Files:
 	pkgsrc/net/tor: Makefile distinfo
 Log Message:
 Update tor to From Christian Sturm in PR pkg/49917.
 Changes in version - 2015-05-21
   Tor fixes a bit of dodgy code in parsing INTRODUCE2 cells, and
   fixes an authority-side bug in assigning the HSDir flag. All directory
   authorities should upgrade.
   o Major bugfixes (hidden services, backport from
     - Revert commit that made directory authorities assign the HSDir
       flag to relay without a DirPort; this was bad because such relays
       can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix
       on tor-
   o Minor bugfixes (hidden service, backport from
     - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
       a client authorized hidden service. Fixes bug 15823; bugfix
   o Minor features (geoip):
     - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
     - Update geoip6 to the April 8 2015 Maxmind GeoLite2
       Country database.
 Changes in version - 2015-04-06
   Tor fixes two security issues that could be used by an
   attacker to crash hidden services, or crash clients visiting hidden
   services. Hidden services should upgrade as soon as possible; clients
   should upgrade whenever packages become available.
   This release also contains two simple improvements to make hidden
   services a bit less vulnerable to denial-of-service attacks.
   o Major bugfixes (security, hidden service):
     - Fix an issue that would allow a malicious client to trigger an
       assertion failure and halt a hidden service. Fixes bug 15600;
       bugfix on Reported by "disgleirio".
     - Fix a bug that could cause a client to crash with an assertion
       failure when parsing a malformed hidden service descriptor. Fixes
       bug 15601; bugfix on Found by "DonnchaC".
   o Minor features (DoS-resistance, hidden service):
     - Introduction points no longer allow multiple INTRODUCE1 cells to
       arrive on the same circuit. This should make it more expensive for
       attackers to overwhelm hidden services with introductions.
       Resolves ticket 15515.
     - Decrease the amount of reattempts that a hidden service performs
       when its rendezvous circuits fail. This reduces the computational
       cost for running a hidden service under heavy load. Resolves
       ticket 11447.
 To generate a diff of this commit:
 cvs rdiff -u -r1.102 -r1.103 pkgsrc/net/tor/Makefile
 cvs rdiff -u -r1.63 -r1.64 pkgsrc/net/tor/distinfo
 cvs rdiff -u -r1.6 -r1.7 pkgsrc/net/tor/
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index