update to 0.2.3.25
from the announcement: Tor 0.2.3.25, the first stable release in the 0.2.3 branch, features significantly reduced directory overhead (via microdescriptors), enormous crypto performance improvements for fast relays on new enough hardware, a new v3 TLS handshake protocol that can better resist fingerprinting, support for protocol obfuscation plugins (aka pluggable transports), better scalability for hidden services, IPv6 support for bridges, performance improvements like allowing clients to skip the first round-trip on the circuit ("optimistic data") and refilling token buckets more often, a new "stream isolation" design to isolate different applications on different circuits, and many stability, security, and privacy fixes.
This commit is contained in:
parent
549e2d45e3
commit
bb44d406ef
3 changed files with 16 additions and 16 deletions
|
@ -1,7 +1,7 @@
|
|||
# $NetBSD: Makefile,v 1.90 2012/10/23 17:19:14 asau Exp $
|
||||
# $NetBSD: Makefile,v 1.91 2012/11/26 19:00:20 drochner Exp $
|
||||
#
|
||||
|
||||
DISTNAME= tor-0.2.2.39
|
||||
DISTNAME= tor-0.2.3.25
|
||||
CATEGORIES= net security
|
||||
MASTER_SITES= http://www.torproject.org/dist/
|
||||
# MASTER_SITES redirects to https, and ftp(1) cannot handle that.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
$NetBSD: distinfo,v 1.56 2012/09/13 17:09:01 drochner Exp $
|
||||
$NetBSD: distinfo,v 1.57 2012/11/26 19:00:20 drochner Exp $
|
||||
|
||||
SHA1 (tor-0.2.2.39.tar.gz) = cc5021a7656c0cd22de42da9f0ce7335026852bf
|
||||
RMD160 (tor-0.2.2.39.tar.gz) = 780949054474a99f4a035a7234f8341d3cfbb17f
|
||||
Size (tor-0.2.2.39.tar.gz) = 2929303 bytes
|
||||
SHA1 (patch-aa) = 5b89228dc37c459c48f24616933a5673a5a0a0d1
|
||||
SHA1 (tor-0.2.3.25.tar.gz) = ef02e5b0eb44ab1a5d6108c39bd4e28918de79dc
|
||||
RMD160 (tor-0.2.3.25.tar.gz) = d8c90343346bc447191616f86da2591a64100b51
|
||||
Size (tor-0.2.3.25.tar.gz) = 3190011 bytes
|
||||
SHA1 (patch-aa) = 9f65234c7f1c9ea4eba37aa7287f5496993d2dc1
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
$NetBSD: patch-aa,v 1.7 2011/09/06 19:34:01 drochner Exp $
|
||||
$NetBSD: patch-aa,v 1.8 2012/11/26 19:00:20 drochner Exp $
|
||||
|
||||
From: Taylor R Campbell
|
||||
Subject: patch for Tor to workaround OpenSSL renegotiation lossage on 5.1
|
||||
|
@ -20,23 +20,23 @@ put into NetBSD 5.1 (and SSL_OP_ALLOW_UNSAFE_RENEGOTIATION defined in
|
|||
ssl.h) so that this patch would be unnecessary.
|
||||
[2. text/plain; nbsd51-reneg]
|
||||
|
||||
--- ./src/common/tortls.c.~1~ 2010-05-02 22:02:50.000000000 +0000
|
||||
+++ ./src/common/tortls.c 2010-07-30 00:34:00.000000000 +0000
|
||||
@@ -356,6 +356,17 @@
|
||||
--- src/common/tortls.c.orig 2012-11-19 21:24:54.000000000 +0000
|
||||
+++ src/common/tortls.c
|
||||
@@ -477,6 +477,17 @@ tor_tls_init(void)
|
||||
* program should be allowed to use renegotiation unless it first passed
|
||||
* a test of intelligence and determination.
|
||||
*/
|
||||
+#ifdef __NetBSD__
|
||||
+ /* In NetBSD 5.1, OpenSSL 0.9.9-dev was imported and `fixed' to use
|
||||
+ the same scheme as 0.9.8l. */
|
||||
+ if (version == 0x00909000L) {
|
||||
+ if (version == OPENSSL_V_NOPATCH(0,9,9)) {
|
||||
+ log_notice(LD_GENERAL, "OpenSSL %s on NetBSD looks like version 0.9.8l; "
|
||||
+ "I will try SSL3_FLAGS to enable renegotation.",
|
||||
+ "I will try SSL3_FLAGS and SSL_OP to enable renegotation.",
|
||||
+ SSLeay_version(SSLEAY_VERSION));
|
||||
+ use_unsafe_renegotiation_flag = 1;
|
||||
+ use_unsafe_renegotiation_op = 1;
|
||||
+ } else
|
||||
+#endif
|
||||
if (version >= 0x009080c0L && version < 0x009080d0L) {
|
||||
log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; "
|
||||
"I will try SSL3_FLAGS to enable renegotation.",
|
||||
if (version > OPENSSL_V(0,9,8,'k') && version <= OPENSSL_V(0,9,8,'l')) {
|
||||
log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l, but "
|
||||
"some vendors have backported renegotiation code from "
|
||||
|
|
Loading…
Reference in a new issue