From 671e766bfe72809acde51ac492022e9836c272a2 Mon Sep 17 00:00:00 2001 From: jschauma Date: Thu, 11 Nov 2004 20:52:46 +0000 Subject: Update tor to latest stable version 0.0.8.1: Changes in version 0.0.8.1 - 2004-10-14 o Bugfixes: - Fix a seg fault that can be triggered remotely for Tor clients/servers with an open dirport. - Fix a rare assert trigger, where routerinfos for entries in our cpath would expire while we're building the path. - Fix a bug in OutboundBindAddress so it (hopefully) works. - Fix a rare seg fault for people running hidden services on intermittent connections. - Fix a bug in parsing opt keywords with objects. - Fix a stale pointer assert bug when a stream detaches and reattaches. - Fix a string format vulnerability (probably not exploitable) in reporting stats locally. - Fix an assert trigger: sometimes launching circuits can fail immediately, e.g. because too many circuits have failed recently. - Fix a compile warning on 64 bit platforms. Changes in version 0.0.8 - 2004-08-25 o Bugfixes: - Made our unit tests compile again on OpenBSD 3.5, and tor itself compile again on OpenBSD on a sparc64. - We were neglecting milliseconds when logging on win32, so everything appeared to happen at the beginning of each second. - Check directory signature _before_ you decide whether you're you're running an obsolete version and should exit. - Check directory signature _before_ you parse the running-routers list to decide who's running. - Check return value of fclose while writing to disk, so we don't end up with broken files when servers run out of disk space. - Port it to SunOS 5.9 / Athena - Fix two bugs in saving onion keys to disk when rotating, so hopefully we'll get fewer people using old onion keys. - Remove our mostly unused -- and broken -- hex_encode() function. Use base16_encode() instead. (Thanks to Timo Lindfors for pointing out this bug.) - Only pick and establish intro points after we've gotten a directory. - Fix assert triggers: if the other side returns an address 0.0.0.0, don't put it into the client dns cache. - If a begin failed due to exit policy, but we believe the IP address should have been allowed, switch that router to exitpolicy reject *:* until we get our next directory. o Protocol changes: - 'Extend' relay cell payloads now include the digest of the intended next hop's identity key. Now we can verify that we're extending to the right router, and also extend to routers we hadn't heard of before. o Features: - Tor nodes can now act as relays (with an advertised ORPort) without being manually verified by the dirserver operators. - Uploaded descriptors of unverified routers are now accepted by the dirservers, and included in the directory. - Verified routers are listed by nickname in the running-routers list; unverified routers are listed as "$". - We now use hash-of-identity-key in most places rather than nickname or addr:port, for improved security/flexibility. - AllowUnverifiedNodes config option to let circuits choose no-name routers in entry,middle,exit,introduction,rendezvous positions. Allow middle and rendezvous positions by default. - When picking unverified routers, skip those with low uptime and/or low bandwidth, depending on what properties you care about. - ClientOnly option for nodes that never want to become servers. - Directory caching. - "AuthoritativeDir 1" option for the official dirservers. - Now other nodes (clients and servers) will cache the latest directory they've pulled down. - They can enable their DirPort to serve it to others. - Clients will pull down a directory from any node with an open DirPort, and check the signature/timestamp correctly. - Authoritative dirservers now fetch directories from other authdirservers, to stay better synced. - Running-routers list tells who's down also, along with noting if they're verified (listed by nickname) or unverified (listed by hash-of-key). - Allow dirservers to serve running-router list separately. This isn't used yet. - You can now fetch $DIRURL/running-routers to get just the running-routers line, not the whole descriptor list. (But clients don't use this yet.) - Clients choose nodes proportional to advertised bandwidth. - Clients avoid using nodes with low uptime as introduction points. - Handle servers with dynamic IP addresses: don't just replace options->Address with the resolved one at startup, and detect our address right before we make a routerinfo each time. - 'FascistFirewall' option to pick dirservers and ORs on specific ports; plus 'FirewallPorts' config option to tell FascistFirewall which ports are open. (Defaults to 80,443) - Try other dirservers immediately if the one you try is down. This should tolerate down dirservers better now. - ORs connect-on-demand to other ORs - If you get an extend cell to an OR you're not connected to, connect, handshake, and forward the create cell. - The authoritative dirservers stay connected to everybody, and everybody stays connected to 0.0.7 servers, but otherwise clients/servers expire unused connections after 5 minutes. - When servers get a sigint, they delay 30 seconds (refusing new connections) then exit. A second sigint causes immediate exit. - File and name management: - Look for .torrc if no CONFDIR "torrc" is found. - If no datadir is defined, then choose, make, and secure ~/.tor as datadir. - If torrc not found, exitpolicy reject *:*. - Expands ~/ in filenames to $HOME/ (but doesn't yet expand ~arma). - If no nickname is defined, derive default from hostname. - Rename secret key files, e.g. identity.key -> secret_id_key, to discourage people from mailing their identity key to tor-ops. - Refuse to build a circuit before the directory has arrived -- it won't work anyway, since you won't know the right onion keys to use. - Parse tor version numbers so we can do an is-newer-than check rather than an is-in-the-list check. - New socks command 'resolve', to let us shim gethostbyname() locally. - A 'tor_resolve' script to access the socks resolve functionality. - A new socks-extensions.txt doc file to describe our interpretation and extensions to the socks protocols. - Add a ContactInfo option, which gets published in descriptor. - Write tor version at the top of each log file - New docs in the tarball: - tor-doc.html. - Document that you should proxy your SSL traffic too. - Log a warning if the user uses an unsafe socks variant, so people are more likely to learn about privoxy or socat. - Log a warning if you're running an unverified server, to let you know you might want to get it verified. - Change the default exit policy to reject the default edonkey, kazaa, gnutella ports. - Add replace_file() to util.[ch] to handle win32's rename(). - Publish OR uptime in descriptor (and thus in directory) too. - Remember used bandwidth (both in and out), and publish 15-minute snapshots for the past day into our descriptor. - Be more aggressive about trying to make circuits when the network has changed (e.g. when you unsuspend your laptop). - Check for time skew on http headers; report date in response to "GET /". - If the entrynode config line has only one node, don't pick it as an exitnode. - Add strict{entry|exit}nodes config options. If set to 1, then we refuse to build circuits that don't include the specified entry or exit nodes. - OutboundBindAddress config option, to bind to a specific IP address for outgoing connect()s. - End truncated log entries (e.g. directories) with "[truncated]". --- net/tor/Makefile | 5 ++--- net/tor/distinfo | 6 +++--- 2 files changed, 5 insertions(+), 6 deletions(-) (limited to 'net/tor') diff --git a/net/tor/Makefile b/net/tor/Makefile index c0826143b84..572fb976142 100644 --- a/net/tor/Makefile +++ b/net/tor/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.2 2004/10/03 00:18:00 tv Exp $ +# $NetBSD: Makefile,v 1.3 2004/11/11 20:52:46 jschauma Exp $ # -DISTNAME= tor-0.0.7 -PKGREVISION= 1 +DISTNAME= tor-0.0.8.1 CATEGORIES= net security MASTER_SITES= http://freehaven.net/tor/dist/ diff --git a/net/tor/distinfo b/net/tor/distinfo index d8c2ffb51f3..a6d4e0840f0 100644 --- a/net/tor/distinfo +++ b/net/tor/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.1.1.1 2004/08/13 19:33:41 jschauma Exp $ +$NetBSD: distinfo,v 1.2 2004/11/11 20:52:46 jschauma Exp $ -SHA1 (tor-0.0.7.tar.gz) = a41ad5af761b5934ad9b51d320032151805d6ee3 -Size (tor-0.0.7.tar.gz) = 378970 bytes +SHA1 (tor-0.0.8.1.tar.gz) = 68e92383ae004730ccd2288ab8eee21749bee77f +Size (tor-0.0.8.1.tar.gz) = 442666 bytes -- cgit v1.2.3