---
- branch: MAIN
  date: Wed Apr  8 05:26:02 UTC 2015
  files:
  - new: '1.102'
    old: '1.101'
    path: pkgsrc/net/tor/Makefile
    pathrev: pkgsrc/net/tor/Makefile@1.102
    type: modified
  - new: '1.63'
    old: '1.62'
    path: pkgsrc/net/tor/distinfo
    pathrev: pkgsrc/net/tor/distinfo@1.63
    type: modified
  id: 20150408T052602Z.85480a383855f6befdb85f6113a6726adbc62957
  log: |
    Update to 0.2.5.12,  from Christian Sturm in PR 49823.

    Changes in version 0.2.5.12 - 2015-04-06
      Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that
      could be used by an attacker to crash hidden services, or crash clients
      visiting hidden services. Hidden services should upgrade as soon as
      possible; clients should upgrade whenever packages become available.

      This release also backports a simple improvement to make hidden
      services a bit less vulnerable to denial-of-service attacks.

      o Major bugfixes (security, hidden service):
        - Fix an issue that would allow a malicious client to trigger an
          assertion failure and halt a hidden service. Fixes bug 15600;
          bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
        - Fix a bug that could cause a client to crash with an assertion
          failure when parsing a malformed hidden service descriptor. Fixes
          bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".

      o Minor features (DoS-resistance, hidden service):
        - Introduction points no longer allow multiple INTRODUCE1 cells to
          arrive on the same circuit. This should make it more expensive for
          attackers to overwhelm hidden services with introductions.
          Resolves ticket 15515.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/net/tor'
  unixtime: '1428470762'
  user: wiz