tor/changes
David Goulet 88901c3967 Fix: mitigate as much as we can HS port scanning
Make hidden service port scanning harder by sending back REASON_DONE which
does not disclose that it was in fact an exit policy issue. After that, kill
the circuit immediately to avoid more bad requests on it.

This means that everytime an hidden service exit policy does match, the user
(malicious or not) needs to build a new circuit.

Fixes #13667.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2014-12-29 16:29:09 -05:00
..
13295 Don't use the getaddrinfo sandbox cache from tor-resolve 2014-09-29 12:57:07 -04:00
bufferevent_compilation update changes entry with info for 11578 patch 2014-07-21 14:00:10 -04:00
bug1038-3 Warn and drop the circuit if we receive an inbound 'relay early' cell 2014-07-28 02:44:05 -04:00
bug8093 Downgrade 'unexpected sendme cell from client' to PROTOCOL_WARN 2014-10-16 13:04:11 -04:00
bug8387 Fix a bug where streams would linger forever when we had no dirinfo 2014-07-09 16:15:05 -04:00
bug11200-caching Build circuits more readily when DisableNetwork goes to 0 2014-08-06 18:30:14 -04:00
bug12160 Correctly update channel local mark when address of incoming connection changes after handshake; fixes bug #12160 2014-09-05 11:12:08 -07:00
bug12602 Fix compilation with no-compression OpenSSL builds and forks 2014-07-17 11:25:56 +02:00
bug12700 Fix relay_command_to_string(); solve 12700. 2014-08-18 13:21:40 -04:00
bug12718 add a changes file for bug 12718 2014-07-27 15:41:30 -04:00
bug12730-systemd-verify-config Verify configuration file via ExecStartPre in the systemd unit file (#12730). 2014-07-30 16:56:55 +00:00
bug12731-systemd-no-run-as-daemon Explicitly disable RunAsDaemon in the systemd unit file (#12731). 2014-07-30 16:54:07 +00:00
bug12830 Fix some URLs in the README 2014-08-09 15:57:44 -04:00
bug12848 Don't send DESTROY to circID 0 when circuit_deliver_create_cell fails 2014-08-12 12:12:02 -04:00
bug12864 Restore functionality for CookieAuthFileGroupReadable. 2014-08-15 08:30:44 -04:00
bug12878 Adding changes file. 2014-09-01 16:22:52 -04:00
bug12908 Warn if Tor is a relay and a HS 2014-08-20 12:56:57 -04:00
bug12948 Resume expanding abbreviations for command-line options 2014-08-28 08:33:43 -04:00
bug12996 Downgrade "Unexpected onionskin length after decryption" warning 2014-08-29 16:38:54 -04:00
bug12997 Improve "Tried to establish rendezvous on non-OR or non-edge circuit" 2014-08-29 16:05:58 -04:00
bug13071 Add more escaped() calls in directory.c 2014-09-09 10:22:01 -04:00
bug13081 Clean up the MVSC nmake files so they work again. 2014-09-09 10:27:05 -04:00
bug13085 Expand the event_mask field in controller conns to 64 bits 2014-09-08 15:16:02 -04:00
bug13096 In routerlist_assert_ok(), check r2 before taking &(r2->cache_info) 2014-09-10 23:48:11 -04:00
bug13100 gabelmoo's IPv4 address changed 2014-09-20 16:46:02 -04:00
bug13124 Reduce log severity for unused ClientTransportPlugin lines 2014-09-11 08:02:37 -04:00
bug13151-client clients now send correct address for rendezvous point 2014-09-16 11:05:36 -04:00
bug13296 Add changes file for #13926 2014-11-12 15:25:52 -05:00
bug13325 Run correctly on OpenBSD systems without SSL_METHOD.get_cipher_by_char 2014-10-03 12:15:09 -04:00
bug13471 Note that our #13426 fix is also a #13471 fix. 2014-10-19 15:38:44 -04:00
bug13667 Fix: mitigate as much as we can HS port scanning 2014-12-29 16:29:09 -05:00
bug14013 whoops; missing changes file for 14013 2014-12-23 10:55:25 -05:00
curve25519-donna32-bug Put the bug number and correct credits in the changes file for the new curve25519-donna32 2014-07-23 21:25:53 -04:00
disable_sslv3 Disable SSLv3 unconditionally. Closes ticket 13426. 2014-10-15 11:50:05 -04:00
further-12184-diagnostic diagnostic for 12184: Add a call to channel_dump_statistics 2014-07-16 10:34:39 +02:00
geoip6-august2014 Update geoip6 to the August 7 2014 database. 2014-08-13 16:16:11 +02:00
geoip6-july2014 Update geoip6 to the July 10 2014 database. 2014-07-18 16:31:25 +02:00
geoip6-november2014 Update geoip6 to the November 15 2014 database. 2014-11-24 14:23:18 +01:00
geoip-august2014 Update geoip to the August 7 2014 database. 2014-08-13 16:08:33 +02:00
geoip-july2014 Update geoip to the July 10 2014 database. 2014-07-18 16:28:50 +02:00
geoip-november2014 Update geoip to the November 15 2014 database. 2014-11-24 14:21:31 +01:00
test.h_msvc Apply an MSVC compilation fix from Gisle Vanem 2014-08-13 15:11:00 -04:00
ticket12688 add a NumDirectoryGuards consensus param too 2014-07-24 16:19:47 -04:00
ticket12690 Raise guard threshold to top 25% or 2000 kilounits 2014-07-24 16:24:17 -04:00
ticket13036 Fix a number of clang analyzer false-positives 2014-09-02 11:56:56 -04:00