summaryrefslogtreecommitdiff
path: root/net/tor
AgeCommit message (Collapse)AuthorFilesLines
2011-12-17update to 0.2.2.35drochner2-6/+6
changes: -fixes a critical heap-overflow security issue (CVE-2011-2778) -more fixes, mostly affecting hidden services and relays
2011-10-30update to 0.2.2.34drochner2-6/+6
fixes a critical anonymity vulnerability where an attacker can deanonymize Tor users (CVE-2011-2768)
2011-10-06update to 0.2.2.33drochner2-6/+6
changes: minor fixes
2011-09-07USE_TOOLS+= gmakegdt1-1/+5
Build fails with BSD make. Reported to tor-talk@.
2011-09-06Add a comment explaining why curl is needed to fetch (https redirect).gdt1-1/+2
2011-09-06update to 0.2.2.32drochner4-11/+17
Tor 0.2.2.32, the first stable release in the 0.2.2 branch, is finally ready. More than two years in the making, this release features improved client performance and hidden service reliability, better compatibility for Android, correct behavior for bridges that listen on more than one address, more extensible and flexible directory object handling, better reporting of network statistics, improved code security, and many many other features and bugfixes.
2011-03-09update to 0.2.1.30, from Christian Sturm (the MAINTAINER) per PR pkg/44702drochner2-14/+13
changes: -fixes for less critical bugs -make TLS D-H parameters match those of Apache's mod_ssl pkgsrc changes: Makefile cleanup, appease plglint
2011-02-11revbump(1) for devel/libevent update.tnn1-1/+2
2011-01-17update to 0.2.1.29drochner2-6/+6
changes: -Fix a heap overflow (probably allows remote code execution) (CVE-2011-0427) -Prevent a denial-of-service attack by disallowing any zlib-compressed data whose compression factor is implausibly high -Zero out a few more keys in memory before freeing them -bugfixes -Update to the January 1 2011 Maxmind GeoLite Country db -Introduce output size checks on all of our decryption functions
2010-12-21Update to 0.2.1.28, resolving CVE-2010-1676.gdt2-6/+6
Changes in version 0.2.1.28 - 2010-12-17 o Major bugfixes: - Fix a remotely exploitable bug that could be used to crash instances of Tor remotely by overflowing on the heap. Remote-code execution hasn't been confirmed, but can't be ruled out. Everyone should upgrade. Bugfix on the 0.1.1 series and later. o Directory authority changes: - Change IP address and ports for gabelmoo (v3 directory authority). o Minor features: - Update to the December 1 2010 Maxmind GeoLite Country database.
2010-11-29update to 0.2.1.27drochner2-7/+6
changes: -fix incompatibility with the recent openssl security fix (CVE-2010-3864) -update ip->geo db -add a directory authority -bugfixes
2010-08-02Add RCS Id.wiz2-2/+4
2010-07-30Add patch that should have been in previous commit.gdt1-0/+40
2010-07-30Add patch from Taylor R Campbell to choose a working way to re-enablegdt2-2/+4
TLS renegotiation.
2010-05-13Update to 0.2.1.26, from maintainer Christian Sturm in PR 43302:wiz2-6/+6
Changes in version 0.2.1.26 - 2010-05-02 Tor 0.2.1.26 addresses the recent connection and memory overload problems we've been seeing on relays, especially relays with their DirPort open. If your relay has been crashing, or you turned it off because it used too many resources, give this release a try. This release also fixes yet another instance of broken OpenSSL libraries that was causing some relays to drop out of the consensus. o Major bugfixes: - Teach relays to defend themselves from connection overload. Relays now close idle circuits early if it looks like they were intended for directory fetches. Relays are also more aggressive about closing TLS connections that have no circuits on them. Such circuits are unlikely to be re-used, and tens of thousands of them were piling up at the fast relays, causing the relays to run out of sockets and memory. Bugfix on 0.2.0.22-rc (where clients started tunneling their directory fetches over TLS). - Fix SSL renegotiation behavior on OpenSSL versions like on Centos that claim to be earlier than 0.9.8m, but which have in reality backported huge swaths of 0.9.8m or 0.9.8n renegotiation behavior. Possible fix for some cases of bug 1346. - Directory mirrors were fetching relay descriptors only from v2 directory authorities, rather than v3 authorities like they should. Only 2 v2 authorities remain (compared to 7 v3 authorities), leading to a serious bottleneck. Bugfix on 0.2.0.9-alpha. Fixes bug 1324. o Minor bugfixes: - Finally get rid of the deprecated and now harmful notion of "clique mode", where directory authorities maintain TLS connections to every other relay. o Testsuite fixes: - In the util/threads test, no longer free the test_mutex before all worker threads have finished. Bugfix on 0.2.1.6-alpha. - The master thread could starve the worker threads quite badly on certain systems, causing them to run only partially in the allowed window. This resulted in test failures. Now the master thread sleeps occasionally for a few microseconds while the two worker-threads compete for the mutex. Bugfix on 0.2.0.1-alpha.
2010-04-02Update to 0.2.1.25, provided by maintainer Christian Sturm in PR 43103:wiz2-6/+6
Changes in version 0.2.1.25 - 2010-03-16 o Major bugfixes: - Fix a regression from our patch for bug 1244 that caused relays to guess their IP address incorrectly if they didn't set Address in their torrc and/or their address fails to resolve. Bugfix on 0.2.1.23; fixes bug 1269. - When freeing a session key, zero it out completely. We only zeroed the first ptrsize bytes. Bugfix on 0.0.2pre8. Discovered and patched by ekir. Fixes bug 1254. o Minor bugfixes: - Fix a dereference-then-NULL-check sequence when publishing descriptors. Bugfix on 0.2.1.5-alpha. Discovered by ekir; fixes bug 1255. - Fix another dereference-then-NULL-check sequence. Bugfix on 0.2.1.14-rc. Discovered by ekir; fixes bug 1256. - Make sure we treat potentially not NUL-terminated strings correctly. Bugfix on 0.1.1.13-alpha. Discovered by rieo; fixes bug 1257.
2010-03-02Update tor to 0.2.1.24 per maintainer update request by PR#42911.obache2-6/+6
Changes in version 0.2.1.24 - 2010-02-21 Tor 0.2.1.24 makes Tor work again on the latest OS X -- this time for sure! o Minor bugfixes: - Work correctly out-of-the-box with even more vendor-patched versions of OpenSSL. In particular, make it so Debian and OS X don't need customized patches to run/build. Changes in version 0.2.1.23 - 2010-02-13 Tor 0.2.1.23 fixes a huge client-side performance bug, makes Tor work again on the latest OS X, and updates the location of a directory authority. o Major bugfixes (performance): - We were selecting our guards uniformly at random, and then weighting which of our guards we'd use uniformly at random. This imbalance meant that Tor clients were severely limited on throughput (and probably latency too) by the first hop in their circuit. Now we select guards weighted by currently advertised bandwidth. We also automatically discard guards picked using the old algorithm. Fixes bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry. o Major bugfixes: - Make Tor work again on the latest OS X: when deciding whether to use strange flags to turn TLS renegotiation on, detect the OpenSSL version at run-time, not compile time. We need to do this because Apple doesn't update its dev-tools headers when it updates its libraries in a security patch. - Fix a potential buffer overflow in lookup_last_hid_serv_request() that could happen on 32-bit platforms with 64-bit time_t. Also fix a memory leak when requesting a hidden service descriptor we've requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found by aakova. o Minor bugfixes: - Refactor resolve_my_address() to not use gethostbyname() anymore. Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike Mestnik. o Minor features: - Avoid a mad rush at the beginning of each month when each client rotates half of its guards. Instead we spread the rotation out throughout the month, but we still avoid leaving a precise timestamp in the state file about when we first picked the guard. Improves over the behavior introduced in 0.1.2.17.
2010-01-21Update to 0.2.1.22, from maintainer Christian Sturm in PR 42655:wiz2-7/+6
o Directory authority changes: - Rotate keys (both v3 identity and relay identity) for moria1 and gabelmoo. o Major bugfixes: - Stop bridge directory authorities from answering dbg-stability.txt directory queries, which would let people fetch a list of all bridge identities they track. Bugfix on 0.2.1.6-alpha.
2010-01-17Recursive PKGREVISION bump for jpeg update to 8.wiz1-1/+2
2010-01-05Update to 0.2.1.21, provided by Christian Sturm in PR 42541, approvedwiz2-6/+6
by dillo@ Changes in version 0.2.1.21 - 2009-12-21 o Major bugfixes: - Work around a security feature in OpenSSL 0.9.8l that prevents our handshake from working unless we explicitly tell OpenSSL that we are using SSL renegotiation safely. We are, of course, but OpenSSL 0.9.8l won't work unless we say we are. - Avoid crashing if the client is trying to upload many bytes and the circuit gets torn down at the same time, or if the flip side happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150. o Minor bugfixes: - Do not refuse to learn about authority certs and v2 networkstatus documents that are older than the latest consensus. This bug might have degraded client bootstrapping. Bugfix on 0.2.0.10-alpha. Spotted and fixed by xmux. - Fix a couple of very-hard-to-trigger memory leaks, and one hard-to- trigger platform-specific option misparsing case found by Coverity Scan. - Fix a compilation warning on Fedora 12 by removing an impossible-to- trigger assert. Fixes bug 1173.
2009-11-15Update to 0.2.1.20. From Christian Sturm in PR pkg/42311.snj2-6/+6
Changes in version 0.2.1.20 - 2009-10-15 o Major bugfixes: - Send circuit or stream sendme cells when our window has decreased by 100 cells, not when it has decreased by 101 cells. Bug uncovered by Karsten when testing the "reduce circuit window" performance patch. Bugfix on the 54th commit on Tor -- from July 2002, before the release of Tor 0.0.0. This is the new winner of the oldest-bug prize. - Fix a remotely triggerable memory leak when a consensus document contains more than one signature from the same voter. Bugfix on 0.2.0.3-alpha. - Avoid segfault in rare cases when finishing an introduction circuit as a client and finding out that we don't have an introduction key for it. Fixes bug 1073. o Major features: - Tor now reads the "circwindow" parameter out of the consensus, and uses that value for its circuit package window rather than the default of 1000 cells. Begins the implementation of proposal 168. o New directory authorities: - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory authority. - Move moria1 and tonga to alternate IP addresses. o Minor bugfixes: - Fix a signed/unsigned compile warning in 0.2.1.19. - Fix possible segmentation fault on directory authorities. Bugfix on 0.2.1.14-rc. - Fix an extremely rare infinite recursion bug that could occur if we tried to log a message after shutting down the log subsystem. Found by Matt Edman. Bugfix on 0.2.0.16-alpha. - Fix an obscure bug where hidden services on 64-bit big-endian systems might mis-read the timestamp in v3 introduce cells, and refuse to connect back to the client. Bugfix on 0.2.1.6-alpha. - We were triggering a CLOCK_SKEW controller status event whenever we connect via the v2 connection protocol to any relay that has a wrong clock. Instead, we should only inform the controller when it's a trusted authority that claims our clock is wrong. Bugfix on 0.2.0.20-rc; starts to fix bug 1074. - We were telling the controller about CHECKING_REACHABILITY and REACHABILITY_FAILED status events whenever we launch a testing circuit or notice that one has failed. Instead, only tell the controller when we want to inform the user of overall success or overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. - Don't warn when we're using a circuit that ends with a node excluded in ExcludeExitNodes, but the circuit is not used to access the outside world. This should help fix bug 1090. Bugfix on 0.2.1.6-alpha. - Work around a small memory leak in some versions of OpenSSL that stopped the memory used by the hostname TLS extension from being freed. o Minor features: - Add a "getinfo status/accepted-server-descriptor" controller command, which is the recommended way for controllers to learn whether our server descriptor has been successfully received by at least on directory authority. Un-recommend good-server-descriptor getinfo and status events until we have a better design for them.
2009-08-18Update tor to 0.2.1.19.obache6-45/+10
Based on maintainer update request via PR 41828. (remove patch-a{a,b} and make to simplify by me). Tor 0.2.1.18 lays the foundations for performance improvements, adds status events to help users diagnose bootstrap problems, adds optional authentication/authorization for hidden services, fixes a variety of potential anonymity problems, and includes a huge pile of other features and bug fixes. Tor 0.2.1.19 fixes a major bug with accessing and providing hidden services.
2009-08-16Bump PKGREVISION for libevent ABI bump.wiz1-1/+2
2009-07-09Update tor to 0.2.0.35.obache2-8/+9
maintainer update request via PR 41688. Changes in version 0.2.0.35 - 2009-06-24 o Security fix: - Avoid crashing in the presence of certain malformed descriptors. Found by lark, and by automated fuzzing. - Fix an edge case where a malicious exit relay could convince a controller that the client's DNS question resolves to an internal IP address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta. o Major bugfixes: - Finally fix the bug where dynamic-IP relays disappear when their IP address changes: directory mirrors were mistakenly telling them their old address if they asked via begin_dir, so they never got an accurate answer about their new address, so they just vanished after a day. For belt-and-suspenders, relays that don't set Address in their config now avoid using begin_dir for all direct connections. Should fix bugs 827, 883, and 900. - Fix a timing-dependent, allocator-dependent, DNS-related crash bug that would occur on some exit nodes when DNS failures and timeouts occurred in certain patterns. Fix for bug 957. o Minor bugfixes: - When starting with a cache over a few days old, do not leak memory for the obsolete router descriptors in it. Bugfix on 0.2.0.33; fixes bug 672. - Hidden service clients didn't use a cached service descriptor that was older than 15 minutes, but wouldn't fetch a new one either, because there was already one in the cache. Now, fetch a v2 descriptor unless the same descriptor was added to the cache within the last 15 minutes. Fixes bug 997; reported by Marcus Griep.
2009-06-14Remove @dirrm entries from PLISTsjoerg1-3/+1
2009-02-27Bump PKGREVISION for libevent ABI bump.wiz1-1/+2
2009-02-15Update tor to 0.2.0.34.obache3-21/+7
Patch provided by Christian Sturm and back to maintainer. Changes in version 0.2.0.34 - 2009-02-08 o Security fixes: - Fix an infinite-loop bug on handling corrupt votes under certain circumstances. Bugfix on 0.2.0.8-alpha. - Fix a temporary DoS vulnerability that could be performed by a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark. - Avoid a potential crash on exit nodes when processing malformed input. Remote DoS opportunity. Bugfix on 0.2.0.33. - Do not accept incomplete ipv4 addresses (like 192.168.0) as valid. Spec conformance issue. Bugfix on Tor 0.0.2pre27. o Minor bugfixes: - Fix compilation on systems where time_t is a 64-bit integer. Patch from Matthias Drochner. - Don't consider expiring already-closed client connections. Fixes bug 893. Bugfix on 0.0.2pre20.
2009-01-22update to 0.2.0.33drochner2-6/+6
changes: -Security fix: Fix a heap-corruption bug that may be remotely triggerable on some platforms. -many bugfixes
2009-01-22make this build with 64-bit time_tdrochner2-1/+15
(There are some unclean typecasts in the code, but the cases I've seen are harmless -- as long as poll intervals, cert lifetimes etc don't reach into y2037 which would be problematic in any case.)
2008-12-30Reset maintainer on his request.wiz1-2/+2
2008-12-21Update tor to 0.2.0.32.obache3-12/+13
Based on PR 40241 by Taylor R Campbell. While here, add DESTDIR support. Changes in version 0.2.0.32 - 2008-11-20 o Security fixes: - The "User" and "Group" config options did not clear the supplementary group entries for the Tor process. The "User" option is now more robust, and we now set the groups to the specified user's primary group. The "Group" option is now ignored. For more detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857. - The "ClientDNSRejectInternalAddresses" config option wasn't being consistently obeyed: if an exit relay refuses a stream because its exit policy doesn't allow it, we would remember what IP address the relay said the destination address resolves to, even if it's an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv. o Major bugfixes: - Fix a DOS opportunity during the voting signature collection process at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x. o Major bugfixes (hidden services): - When fetching v0 and v2 rendezvous service descriptors in parallel, we were failing the whole hidden service request when the v0 descriptor fetch fails, even if the v2 fetch is still pending and might succeed. Similarly, if the last v2 fetch fails, we were failing the whole hidden service request even if a v0 fetch is still pending. Fixes bug 814. Bugfix on 0.2.0.10-alpha. - When extending a circuit to a hidden service directory to upload a rendezvous descriptor using a BEGIN_DIR cell, almost 1/6 of all requests failed, because the router descriptor has not been downloaded yet. In these cases, do not attempt to upload the rendezvous descriptor, but wait until the router descriptor is downloaded and retry. Likewise, do not attempt to fetch a rendezvous descriptor from a hidden service directory for which the router descriptor has not yet been downloaded. Fixes bug 767. Bugfix on 0.2.0.10-alpha. o Minor bugfixes: - Fix several infrequent memory leaks spotted by Coverity. - When testing for libevent functions, set the LDFLAGS variable correctly. Found by Riastradh. - Avoid a bug where the FastFirstHopPK 0 option would keep Tor from bootstrapping with tunneled directory connections. Bugfix on 0.1.2.5-alpha. Fixes bug 797. Found by Erwin Lam. - When asked to connect to A.B.exit:80, if we don't know the IP for A and we know that server B rejects most-but-not all connections to port 80, we would previously reject the connection. Now, we assume the user knows what they were asking for. Fixes bug 752. Bugfix on 0.0.9rc5. Diagnosed by BarkerJr. - If we overrun our per-second write limits a little, count this as having used up our write allocation for the second, and choke outgoing directory writes. Previously, we had only counted this when we had met our limits precisely. Fixes bug 824. Patch from by rovv. Bugfix on 0.2.0.x (??). - Remove the old v2 directory authority 'lefkada' from the default list. It has been gone for many months. - Stop doing unaligned memory access that generated bus errors on sparc64. Bugfix on 0.2.0.10-alpha. Fixes bug 862. - Make USR2 log-level switch take effect immediately. Bugfix on 0.1.2.8-beta. o Minor bugfixes (controller): - Make DNS resolved events into "CLOSED", not "FAILED". Bugfix on 0.1.2.5-alpha. Fix by Robert Hogan. Resolves bug 807.
2008-12-21Broken INSTALL script was removed.obache1-2/+1
No need to remove superfluous directory now.
2008-12-21Re-remove redundant and broken INSTALL script.obache1-15/+0
It was removed as part of fix PR 37195, but re-added when merged new version from pkgsrc-wip.
2008-10-16PKGREVISION bump for libevent shlib name change.wiz1-1/+2
2008-09-08Update to 0.2.0.31:wiz2-7/+6
Changes in version 0.2.0.31 - 2008-09-03 o Major bugfixes: - Make sure that two circuits can never exist on the same connection with the same circuit ID, even if one is marked for close. This is conceivably a bugfix for bug 779. Bugfix on 0.1.0.4-rc. - Relays now reject risky extend cells: if the extend cell includes a digest of all zeroes, or asks to extend back to the relay that sent the extend cell, tear down the circuit. Ideas suggested by rovv. - If not enough of our entry guards are available so we add a new one, we might use the new one even if it overlapped with the current circuit's exit relay (or its family). Anonymity bugfix pointed out by rovv. o Minor bugfixes: - Recover 3-7 bytes that were wasted per memory chunk. Fixes bug 794; bug spotted by rovv. Bugfix on 0.2.0.1-alpha. - Correctly detect the presence of the linux/netfilter_ipv4.h header when building against recent kernels. Bugfix on 0.1.2.1-alpha. - Pick size of default geoip filename string correctly on windows. Fixes bug 806. Bugfix on 0.2.0.30. - Make the autoconf script accept the obsolete --with-ssl-dir option as an alias for the actually-working --with-openssl-dir option. Fix the help documentation to recommend --with-openssl-dir. Based on a patch by "Dave". Bugfix on 0.2.0.1-alpha. - Disallow session resumption attempts during the renegotiation stage of the v2 handshake protocol. Clients should never be trying session resumption at this point, but apparently some did, in ways that caused the handshake to fail. Bug found by Geoff Goodell. Bugfix on 0.2.0.20-rc. - When using the TransPort option on OpenBSD, and using the User option to change UID and drop privileges, make sure to open /dev/pf before dropping privileges. Fixes bug 782. Patch from Christopher Davis. Bugfix on 0.1.2.1-alpha. - Try to attach connections immediately upon receiving a RENDEZVOUS2 or RENDEZVOUS_ESTABLISHED cell. This can save a second or two on the client side when connecting to a hidden service. Bugfix on 0.0.6pre1. Found and fixed by Christian Wilms; resolves bug 743. - When closing an application-side connection because its circuit is getting torn down, generate the stream event correctly. Bugfix on 0.1.2.x. Anonymous patch.
2008-09-06Bump PKGREVISION for libevent users due to 1.4.3->1.4.5 shlib name change.wiz1-1/+2
2008-08-01New file for tor-0.2.0.30.wiz1-0/+15
2008-08-01Update to current stable version, tor-0.2.0.30, based on wip/tor.wiz10-75/+52
Thanks to athaba, netcap, and tvierling. Changes in version 0.2.0.30 - 2008-07-15 This new stable release switches to a more efficient directory distribution design, adds features to make connections to the Tor network harder to block, allows Tor to act as a DNS proxy, adds separate rate limiting for relayed traffic to make it easier for clients to become relays, fix a variety of potential anonymity problems, and includes the usual huge pile of other features and bug fixes.
2008-04-22revbumps due to libevent update.tnn1-1/+2
2008-02-19Adjust patch-ae to same as previous revision.obache2-16/+14
Should fix PR 38046.
2008-02-19Pass --with-libevent-dir unconditionally, since BUILDLINK_PREFIX.libevent isobache1-3/+1
unusable here yet.
2008-01-20Update to 0.1.2.19:jschauma3-19/+20
Tor 0.1.2.19 fixes a huge memory leak on exit relays, makes the default exit policy a little bit more conservative so it's safer to run an exit relay on a home system, and fixes a variety of smaller issues. https://www.torproject.org/download.html Changes in version 0.1.2.19 - 2008-01-17 o Security fixes: - Exit policies now reject connections that are addressed to a relay's public (external) IP address too, unless ExitPolicyRejectPrivate is turned off. We do this because too many relays are running nearby to services that trust them based on network address. o Major bugfixes: - When the clock jumps forward a lot, do not allow the bandwidth buckets to become negative. Fixes bug 544. - Fix a memory leak on exit relays; we were leaking a cached_resolve_t on every successful resolve. Reported by Mike Perry. - Purge old entries from the "rephist" database and the hidden service descriptor database even when DirPort is zero. - Stop thinking that 0.1.2.x directory servers can handle "begin_dir" requests. Should ease bugs 406 and 419 where 0.1.2.x relays are crashing or mis-answering these requests. - When we decide to send a 503 response to a request for servers, do not then also send the server descriptors: this defeats the whole purpose. Fixes bug 539. o Minor bugfixes: - Changing the ExitPolicyRejectPrivate setting should cause us to rebuild our server descriptor. - Fix handling of hex nicknames when answering controller requests for networkstatus by name, or when deciding whether to warn about unknown routers in a config option. (Patch from mwenge.) - Fix a couple of hard-to-trigger autoconf problems that could result in really weird results on platforms whose sys/types.h files define nonstandard integer types. - Don't try to create the datadir when running --verify-config or --hash-password. Resolves bug 540. - If we were having problems getting a particular descriptor from the directory caches, and then we learned about a new descriptor for that router, we weren't resetting our failure count. Reported by lodger. - Although we fixed bug 539 (where servers would send HTTP status 503 responses _and_ send a body too), there are still servers out there that haven't upgraded. Therefore, make clients parse such bodies when they receive them. - Run correctly on systems where rlim_t is larger than unsigned long. This includes some 64-bit systems. - Run correctly on platforms (like some versions of OS X 10.5) where the real limit for number of open files is OPEN_FILES, not rlim_max from getrlimit(RLIMIT_NOFILES). - Avoid a spurious free on base64 failure. - Avoid segfaults on certain complex invocations of router_get_by_hexdigest(). - Fix rare bug on REDIRECTSTREAM control command when called with no port set: it could erroneously report an error when none had happened.
2008-01-18Per the process outlined in revbump(1), perform a recursive revbumptnn1-1/+2
on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@
2008-01-06correct suggested link on how to torify your browsersjschauma1-2/+3
2008-01-06new homepage and dist site is http://www.torproject.org/jschauma1-3/+3
2007-12-16+ CVS Idrillig1-0/+2
2007-11-16Update to version 0.1.2.18. Changes since the last release:bjs3-7/+36
o Major bugfixes (crashes): - If a connection is shut down abruptly because of something that happened inside connection_flushed_some(), do not call connection_finished_flushing(). Should fix bug 451: "connection_stop_writing: Assertion conn->write_event failed" Bugfix on 0.1.2.7-alpha. - Fix possible segfaults in functions called from rend_process_relay_cell(). o Major bugfixes (hidden services): - Hidden services were choosing introduction points uniquely by hexdigest, but when constructing the hidden service descriptor they merely wrote the (potentially ambiguous) nickname. - Clients now use the v2 intro format for hidden service connections: they specify their chosen rendezvous point by identity digest rather than by (potentially ambiguous) nickname. These changes could speed up hidden service connections dramatically. o Major bugfixes (other): - Stop publishing a new server descriptor just because we get a HUP signal. This led (in a roundabout way) to some servers getting dropped from the networkstatus lists for a few hours each day. - When looking for a circuit to cannibalize, consider family as well as identity. Fixes bug 438. Bugfix on 0.1.0.x (which introduced circuit cannibalization). - When a router wasn't listed in a new networkstatus, we were leaving the flags for that router alone -- meaning it remained Named, Running, etc -- even though absence from the networkstatus means that it shouldn't be considered to exist at all anymore. Now we clear all the flags for routers that fall out of the networkstatus consensus. Fixes bug 529. o Minor bugfixes: - Don't try to access (or alter) the state file when running --list-fingerprint or --verify-config or --hash-password. Resolves bug 499. - When generating information telling us how to extend to a given router, do not try to include the nickname if it is absent. Resolves bug 467. - Fix a user-triggerable segfault in expand_filename(). (There isn't a way to trigger this remotely.) - When sending a status event to the controller telling it that an OR address is readable, set the port correctly. (Previously we were reporting the dir port.) - Fix a minor memory leak whenever a controller sends the PROTOCOLINFO command. Bugfix on 0.1.2.17. - When loading bandwidth history, do not believe any information in the future. Fixes bug 434. - When loading entry guard information, do not believe any information in the future. - When we have our clock set far in the future and generate an onion key, then re-set our clock to be correct, we should not stop the onion key from getting rotated. - On some platforms, accept() can return a broken address. Detect this more quietly, and deal accordingly. Fixes bug 483. - It's not actually an error to find a non-pending entry in the DNS cache when canceling a pending resolve. Don't log unless stuff is fishy. Resolves bug 463. - Don't reset trusted dir server list when we set a configuration option. Patch from Robert Hogan.
2007-10-25Change to pass PKG_SYSCONFDIR to configure, fixes PR 37195.obache2-22/+13
While here, change user/group and directory handling to the usual manner. Bump PKGREVISION.
2007-09-11Update tor to 0.1.2.17.obache3-17/+17
Changes in version 0.1.2.17 - 2007-08-30 o Major bugfixes (security): - We removed support for the old (v0) control protocol. It has been deprecated since Tor 0.1.1.1-alpha, and keeping it secure has become more of a headache than it's worth. o Major bugfixes (load balancing): - When choosing nodes for non-guard positions, weight guards proportionally less, since they already have enough load. Patch from Mike Perry. - Raise the "max believable bandwidth" from 1.5MB/s to 10MB/s. This will allow fast Tor servers to get more attention. - When we're upgrading from an old Tor version, forget our current guards and pick new ones according to the new weightings. These three load balancing patches could raise effective network capacity by a factor of four. Thanks to Mike Perry for measurements. o Major bugfixes (stream expiration): - Expire not-yet-successful application streams in all cases if they've been around longer than SocksTimeout. Right now there are some cases where the stream will live forever, demanding a new circuit every 15 seconds. Fixes bug 454; reported by lodger. o Minor features (controller): - Add a PROTOCOLINFO controller command. Like AUTHENTICATE, it is valid before any authentication has been received. It tells a controller what kind of authentication is expected, and what protocol is spoken. Implements proposal 119. o Minor bugfixes (performance): - Save on most routerlist_assert_ok() calls in routerlist.c, thus greatly speeding up loading cached-routers from disk on startup. - Disable sentinel-based debugging for buffer code: we squashed all the bugs that this was supposed to detect a long time ago, and now its only effect is to change our buffer sizes from nice powers of two (which platform mallocs tend to like) to values slightly over powers of two (which make some platform mallocs sad). o Minor bugfixes (misc): - If exit bandwidth ever exceeds one third of total bandwidth, then use the correct formula to weight exit nodes when choosing paths. Based on patch from Mike Perry. - Choose perfectly fairly among routers when choosing by bandwidth and weighting by fraction of bandwidth provided by exits. Previously, we would choose with only approximate fairness, and correct ourselves if we ran off the end of the list. - If we require CookieAuthentication but we fail to write the cookie file, we would warn but not exit, and end up in a state where no controller could authenticate. Now we exit. - If we require CookieAuthentication, stop generating a new cookie every time we change any piece of our config. - Refuse to start with certain directory authority keys, and encourage people using them to stop. - Terminate multi-line control events properly. Original patch from tup. - Fix a minor memory leak when we fail to find enough suitable servers to choose a circuit. - Stop leaking part of the descriptor when we run into a particularly unparseable piece of it.
2007-09-11Use standard rc script handler, instead of custom.obache1-11/+2
Fixes PR 36965.