mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-09-20 13:06:20 +02:00
mirror repository of the tor core protocol in case of issues
f5c9f6d432
Turns out that the HS DoS defenses parameters were overwritten by the consensus parameters everytime a new consensus would arrive. This means that a service operator can still enable the defenses but as soon as the intro point relay would get a new consensus, they would be overwritten. And at this commit, the network is entirely disabling DoS defenses. Fix this by introducing an "explicit" flag that indicate if the ESTABLISH_INTRO cell DoS extension set those parameters or not. If set, avoid using the consenus at once. We are not bumping the protover HSIntro value for this because 0.4.2.x series is EOL in 1 month and thus 0.4.3.x would be the only series with this bug. We are confident that a backport and then upgrade path to the latest 0.4.4.x stable coming up soon is enough to mitigate this problem in the coming months. It avoids the upgrade path on the service side by keeping the requirement for protover HSIntro=5. Fixes #40109 Signed-off-by: David Goulet <dgoulet@torproject.org> |
||
---|---|---|
changes | ||
contrib | ||
doc | ||
m4 | ||
scripts | ||
src | ||
.appveyor.yml | ||
.editorconfig | ||
.gitignore | ||
.gitlab-ci.yml | ||
.gitmodules | ||
.travis.yml | ||
acinclude.m4 | ||
autogen.sh | ||
ChangeLog | ||
CODE_OF_CONDUCT | ||
config.rust.in | ||
configure.ac | ||
CONTRIBUTING | ||
Doxyfile.in | ||
INSTALL | ||
LICENSE | ||
Makefile.am | ||
Makefile.nmake | ||
README | ||
ReleaseNotes | ||
warning_flags.in |
Tor protects your privacy on the internet by hiding the connection between your Internet address and the services you use. We believe Tor is reasonably secure, but please ensure you read the instructions and configure it properly. To build Tor from source: ./configure && make && make install To build Tor from a just-cloned git repository: sh autogen.sh && ./configure && make && make install Home page: https://www.torproject.org/ Download new versions: https://www.torproject.org/download/download.html Documentation, including links to installation and setup instructions: https://www.torproject.org/docs/documentation.html Making applications work with Tor: https://wiki.torproject.org/projects/tor/wiki/doc/TorifyHOWTO Frequently Asked Questions: https://www.torproject.org/docs/faq.html To get started working on Tor development: See the doc/HACKING directory. Release timeline: https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases