Commit graph

133 commits

Author SHA1 Message Date
drochner
a20e77c980 update to 0.2.2.33
changes: minor fixes
2011-10-06 18:06:15 +00:00
gdt
43407d5f63 USE_TOOLS+= gmake
Build fails with BSD make.  Reported to tor-talk@.
2011-09-07 00:34:56 +00:00
gdt
b9db0ce37b Add a comment explaining why curl is needed to fetch (https redirect). 2011-09-06 23:49:25 +00:00
drochner
798248cd3a update to 0.2.2.32
Tor 0.2.2.32, the first stable release in the 0.2.2 branch, is finally
ready. More than two years in the making, this release features improved
client performance and hidden service reliability, better compatibility
for Android, correct behavior for bridges that listen on more than
one address, more extensible and flexible directory object handling,
better reporting of network statistics, improved code security, and
many many other features and bugfixes.
2011-09-06 19:34:01 +00:00
drochner
6001388138 update to 0.2.1.30, from Christian Sturm (the MAINTAINER) per PR pkg/44702
changes:
-fixes for less critical bugs
-make TLS D-H parameters match those of Apache's mod_ssl
pkgsrc changes: Makefile cleanup, appease plglint
2011-03-09 10:03:06 +00:00
tnn
ce57998993 revbump(1) for devel/libevent update. 2011-02-11 21:22:02 +00:00
drochner
591017bb29 update to 0.2.1.29
changes:
-Fix a heap overflow (probably allows remote code execution)
 (CVE-2011-0427)
-Prevent a denial-of-service attack by disallowing any
 zlib-compressed data whose compression factor is implausibly
 high
-Zero out a few more keys in memory before freeing them
-bugfixes
-Update to the January 1 2011 Maxmind GeoLite Country db
-Introduce output size checks on all of our decryption functions
2011-01-17 14:06:53 +00:00
gdt
59c7c580e7 Update to 0.2.1.28, resolving CVE-2010-1676.
Changes in version 0.2.1.28 - 2010-12-17
  o Major bugfixes:
    - Fix a remotely exploitable bug that could be used to crash instances
      of Tor remotely by overflowing on the heap. Remote-code execution
      hasn't been confirmed, but can't be ruled out. Everyone should
      upgrade. Bugfix on the 0.1.1 series and later.

  o Directory authority changes:
    - Change IP address and ports for gabelmoo (v3 directory authority).

  o Minor features:
    - Update to the December 1 2010 Maxmind GeoLite Country database.
2010-12-21 00:07:28 +00:00
drochner
1d9ceb187c update to 0.2.1.27
changes:
-fix incompatibility with the recent openssl security fix (CVE-2010-3864)
-update ip->geo db
-add a directory authority
-bugfixes
2010-11-29 17:50:16 +00:00
gdt
9b9fc447dc Add patch from Taylor R Campbell to choose a working way to re-enable
TLS renegotiation.
2010-07-30 12:11:51 +00:00
wiz
3a7e14e3dc Update to 0.2.1.26, from maintainer Christian Sturm in PR 43302:
Changes in version 0.2.1.26 - 2010-05-02
  Tor 0.2.1.26 addresses the recent connection and memory overload
  problems we've been seeing on relays, especially relays with their
  DirPort open. If your relay has been crashing, or you turned it off
  because it used too many resources, give this release a try.

  This release also fixes yet another instance of broken OpenSSL libraries
  that was causing some relays to drop out of the consensus.

  o Major bugfixes:
    - Teach relays to defend themselves from connection overload. Relays
      now close idle circuits early if it looks like they were intended
      for directory fetches. Relays are also more aggressive about closing
      TLS connections that have no circuits on them. Such circuits are
      unlikely to be re-used, and tens of thousands of them were piling
      up at the fast relays, causing the relays to run out of sockets
      and memory. Bugfix on 0.2.0.22-rc (where clients started tunneling
      their directory fetches over TLS).
    - Fix SSL renegotiation behavior on OpenSSL versions like on Centos
      that claim to be earlier than 0.9.8m, but which have in reality
      backported huge swaths of 0.9.8m or 0.9.8n renegotiation
      behavior. Possible fix for some cases of bug 1346.
    - Directory mirrors were fetching relay descriptors only from v2
      directory authorities, rather than v3 authorities like they should.
      Only 2 v2 authorities remain (compared to 7 v3 authorities), leading
      to a serious bottleneck. Bugfix on 0.2.0.9-alpha. Fixes bug 1324.

  o Minor bugfixes:
    - Finally get rid of the deprecated and now harmful notion of "clique
      mode", where directory authorities maintain TLS connections to
      every other relay.

  o Testsuite fixes:
    - In the util/threads test, no longer free the test_mutex before all
      worker threads have finished. Bugfix on 0.2.1.6-alpha.
    - The master thread could starve the worker threads quite badly on
      certain systems, causing them to run only partially in the allowed
      window. This resulted in test failures. Now the master thread sleeps
      occasionally for a few microseconds while the two worker-threads
      compete for the mutex. Bugfix on 0.2.0.1-alpha.
2010-05-13 19:42:08 +00:00
wiz
690b97665a Update to 0.2.1.25, provided by maintainer Christian Sturm in PR 43103:
Changes in version 0.2.1.25 - 2010-03-16
  o Major bugfixes:
    - Fix a regression from our patch for bug 1244 that caused relays
      to guess their IP address incorrectly if they didn't set Address
      in their torrc and/or their address fails to resolve. Bugfix on
      0.2.1.23; fixes bug 1269.
    - When freeing a session key, zero it out completely. We only zeroed
      the first ptrsize bytes. Bugfix on 0.0.2pre8. Discovered and
      patched by ekir. Fixes bug 1254.

  o Minor bugfixes:
    - Fix a dereference-then-NULL-check sequence when publishing
      descriptors. Bugfix on 0.2.1.5-alpha. Discovered by ekir; fixes
      bug 1255.
    - Fix another dereference-then-NULL-check sequence. Bugfix on
      0.2.1.14-rc. Discovered by ekir; fixes bug 1256.
    - Make sure we treat potentially not NUL-terminated strings correctly.
      Bugfix on 0.1.1.13-alpha. Discovered by rieo; fixes bug 1257.
2010-04-02 09:58:44 +00:00
obache
aa24f61b96 Update tor to 0.2.1.24 per maintainer update request by PR#42911.
Changes in version 0.2.1.24 - 2010-02-21
  Tor 0.2.1.24 makes Tor work again on the latest OS X -- this time
  for sure!

  o Minor bugfixes:
    - Work correctly out-of-the-box with even more vendor-patched versions
      of OpenSSL. In particular, make it so Debian and OS X don't need
      customized patches to run/build.

Changes in version 0.2.1.23 - 2010-02-13
  Tor 0.2.1.23 fixes a huge client-side performance bug, makes Tor work
  again on the latest OS X, and updates the location of a directory
  authority.

  o Major bugfixes (performance):
    - We were selecting our guards uniformly at random, and then weighting
      which of our guards we'd use uniformly at random. This imbalance
      meant that Tor clients were severely limited on throughput (and
      probably latency too) by the first hop in their circuit. Now we
      select guards weighted by currently advertised bandwidth. We also
      automatically discard guards picked using the old algorithm. Fixes
      bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry.

  o Major bugfixes:
    - Make Tor work again on the latest OS X: when deciding whether to
      use strange flags to turn TLS renegotiation on, detect the OpenSSL
      version at run-time, not compile time. We need to do this because
      Apple doesn't update its dev-tools headers when it updates its
      libraries in a security patch.
    - Fix a potential buffer overflow in lookup_last_hid_serv_request()
      that could happen on 32-bit platforms with 64-bit time_t. Also fix
      a memory leak when requesting a hidden service descriptor we've
      requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found
      by aakova.

  o Minor bugfixes:
    - Refactor resolve_my_address() to not use gethostbyname() anymore.
      Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike Mestnik.

  o Minor features:
    - Avoid a mad rush at the beginning of each month when each client
      rotates half of its guards. Instead we spread the rotation out
      throughout the month, but we still avoid leaving a precise timestamp
      in the state file about when we first picked the guard. Improves
      over the behavior introduced in 0.1.2.17.
2010-03-02 11:25:59 +00:00
wiz
4d196edffd Update to 0.2.1.22, from maintainer Christian Sturm in PR 42655:
o Directory authority changes:
    - Rotate keys (both v3 identity and relay identity) for moria1
      and gabelmoo.

  o Major bugfixes:
    - Stop bridge directory authorities from answering dbg-stability.txt
      directory queries, which would let people fetch a list of all
      bridge identities they track. Bugfix on 0.2.1.6-alpha.
2010-01-21 11:47:23 +00:00
wiz
579796a3e5 Recursive PKGREVISION bump for jpeg update to 8. 2010-01-17 12:02:03 +00:00
wiz
848f063e60 Update to 0.2.1.21, provided by Christian Sturm in PR 42541, approved
by dillo@

Changes in version 0.2.1.21 - 2009-12-21
  o Major bugfixes:
    - Work around a security feature in OpenSSL 0.9.8l that prevents our
      handshake from working unless we explicitly tell OpenSSL that we
      are using SSL renegotiation safely. We are, of course, but OpenSSL
      0.9.8l won't work unless we say we are.
    - Avoid crashing if the client is trying to upload many bytes and the
      circuit gets torn down at the same time, or if the flip side
      happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.

  o Minor bugfixes:
    - Do not refuse to learn about authority certs and v2 networkstatus
      documents that are older than the latest consensus. This bug might
      have degraded client bootstrapping. Bugfix on 0.2.0.10-alpha.
      Spotted and fixed by xmux.
    - Fix a couple of very-hard-to-trigger memory leaks, and one hard-to-
      trigger platform-specific option misparsing case found by Coverity
      Scan.
    - Fix a compilation warning on Fedora 12 by removing an impossible-to-
      trigger assert. Fixes bug 1173.
2010-01-05 11:24:30 +00:00
snj
23c8424911 Update to 0.2.1.20. From Christian Sturm in PR pkg/42311.
Changes in version 0.2.1.20 - 2009-10-15
  o Major bugfixes:
    - Send circuit or stream sendme cells when our window has decreased
      by 100 cells, not when it has decreased by 101 cells. Bug uncovered
      by Karsten when testing the "reduce circuit window" performance
      patch. Bugfix on the 54th commit on Tor -- from July 2002,
      before the release of Tor 0.0.0. This is the new winner of the
      oldest-bug prize.
    - Fix a remotely triggerable memory leak when a consensus document
      contains more than one signature from the same voter. Bugfix on
      0.2.0.3-alpha.
    - Avoid segfault in rare cases when finishing an introduction circuit
      as a client and finding out that we don't have an introduction key
      for it. Fixes bug 1073.

  o Major features:
    - Tor now reads the "circwindow" parameter out of the consensus,
      and uses that value for its circuit package window rather than the
      default of 1000 cells. Begins the implementation of proposal 168.

  o New directory authorities:
    - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
      authority.
    - Move moria1 and tonga to alternate IP addresses.

  o Minor bugfixes:
    - Fix a signed/unsigned compile warning in 0.2.1.19.
    - Fix possible segmentation fault on directory authorities. Bugfix on
      0.2.1.14-rc.
    - Fix an extremely rare infinite recursion bug that could occur if
      we tried to log a message after shutting down the log subsystem.
      Found by Matt Edman. Bugfix on 0.2.0.16-alpha.
    - Fix an obscure bug where hidden services on 64-bit big-endian
      systems might mis-read the timestamp in v3 introduce cells, and
      refuse to connect back to the client.  Bugfix on 0.2.1.6-alpha.
    - We were triggering a CLOCK_SKEW controller status event whenever
      we connect via the v2 connection protocol to any relay that has
      a wrong clock. Instead, we should only inform the controller when
      it's a trusted authority that claims our clock is wrong. Bugfix
      on 0.2.0.20-rc; starts to fix bug 1074.
    - We were telling the controller about CHECKING_REACHABILITY and
      REACHABILITY_FAILED status events whenever we launch a testing
      circuit or notice that one has failed. Instead, only tell the
      controller when we want to inform the user of overall success or
      overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075.
    - Don't warn when we're using a circuit that ends with a node
      excluded in ExcludeExitNodes, but the circuit is not used to access
      the outside world. This should help fix bug 1090. Bugfix on
      0.2.1.6-alpha.
    - Work around a small memory leak in some versions of OpenSSL that
      stopped the memory used by the hostname TLS extension from being
      freed.

  o Minor features:
    - Add a "getinfo status/accepted-server-descriptor" controller
      command, which is the recommended way for controllers to learn
      whether our server descriptor has been successfully received by at
      least on directory authority. Un-recommend good-server-descriptor
      getinfo and status events until we have a better design for them.
2009-11-15 04:24:51 +00:00
obache
ef55334562 Update tor to 0.2.1.19.
Based on maintainer update request via PR 41828.
(remove patch-a{a,b} and make to simplify by me).

Tor 0.2.1.18 lays the foundations for performance improvements, adds
status events to help users diagnose bootstrap problems, adds optional
authentication/authorization for hidden services, fixes a variety of
potential anonymity problems, and includes a huge pile of other features
and bug fixes.

Tor 0.2.1.19 fixes a major bug with accessing and providing hidden
services.
2009-08-18 05:48:08 +00:00
wiz
124c14e18b Bump PKGREVISION for libevent ABI bump. 2009-08-16 15:35:43 +00:00
obache
9ccdc96217 Update tor to 0.2.0.35.
maintainer update request via PR 41688.

Changes in version 0.2.0.35 - 2009-06-24
  o Security fix:
    - Avoid crashing in the presence of certain malformed descriptors.
      Found by lark, and by automated fuzzing.
    - Fix an edge case where a malicious exit relay could convince a
      controller that the client's DNS question resolves to an internal IP
      address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.

  o Major bugfixes:
    - Finally fix the bug where dynamic-IP relays disappear when their
      IP address changes: directory mirrors were mistakenly telling
      them their old address if they asked via begin_dir, so they
      never got an accurate answer about their new address, so they
      just vanished after a day. For belt-and-suspenders, relays that
      don't set Address in their config now avoid using begin_dir for
      all direct connections. Should fix bugs 827, 883, and 900.
    - Fix a timing-dependent, allocator-dependent, DNS-related crash bug
      that would occur on some exit nodes when DNS failures and timeouts
      occurred in certain patterns. Fix for bug 957.

  o Minor bugfixes:
    - When starting with a cache over a few days old, do not leak
      memory for the obsolete router descriptors in it. Bugfix on
      0.2.0.33; fixes bug 672.
    - Hidden service clients didn't use a cached service descriptor that
      was older than 15 minutes, but wouldn't fetch a new one either,
      because there was already one in the cache. Now, fetch a v2
      descriptor unless the same descriptor was added to the cache within
      the last 15 minutes. Fixes bug 997; reported by Marcus Griep.
2009-07-09 11:52:31 +00:00
wiz
58a3420586 Bump PKGREVISION for libevent ABI bump. 2009-02-27 22:53:46 +00:00
obache
9a6d6d4ba5 Update tor to 0.2.0.34.
Patch provided by Christian Sturm and back to maintainer.

Changes in version 0.2.0.34 - 2009-02-08
  o Security fixes:
    - Fix an infinite-loop bug on handling corrupt votes under certain
      circumstances. Bugfix on 0.2.0.8-alpha.
    - Fix a temporary DoS vulnerability that could be performed by
      a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
    - Avoid a potential crash on exit nodes when processing malformed
      input. Remote DoS opportunity. Bugfix on 0.2.0.33.
    - Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
      Spec conformance issue. Bugfix on Tor 0.0.2pre27.

  o Minor bugfixes:
    - Fix compilation on systems where time_t is a 64-bit integer.
      Patch from Matthias Drochner.
    - Don't consider expiring already-closed client connections. Fixes
      bug 893. Bugfix on 0.0.2pre20.
2009-02-15 07:59:02 +00:00
drochner
4a2f3efb95 update to 0.2.0.33
changes:
-Security fix:
 Fix a heap-corruption bug that may be remotely triggerable on
 some platforms.
-many bugfixes
2009-01-22 12:50:57 +00:00
wiz
f69f1557e4 Reset maintainer on his request. 2008-12-30 09:33:59 +00:00
obache
0fb8300af8 Update tor to 0.2.0.32.
Based on PR 40241 by Taylor R Campbell.
While here, add DESTDIR support.

Changes in version 0.2.0.32 - 2008-11-20
  o Security fixes:
    - The "User" and "Group" config options did not clear the
      supplementary group entries for the Tor process. The "User" option
      is now more robust, and we now set the groups to the specified
      user's primary group. The "Group" option is now ignored. For more
      detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
      in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
      and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857.
    - The "ClientDNSRejectInternalAddresses" config option wasn't being
      consistently obeyed: if an exit relay refuses a stream because its
      exit policy doesn't allow it, we would remember what IP address
      the relay said the destination address resolves to, even if it's
      an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.

  o Major bugfixes:
    - Fix a DOS opportunity during the voting signature collection process
      at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x.

  o Major bugfixes (hidden services):
    - When fetching v0 and v2 rendezvous service descriptors in parallel,
      we were failing the whole hidden service request when the v0
      descriptor fetch fails, even if the v2 fetch is still pending and
      might succeed. Similarly, if the last v2 fetch fails, we were
      failing the whole hidden service request even if a v0 fetch is
      still pending. Fixes bug 814. Bugfix on 0.2.0.10-alpha.
    - When extending a circuit to a hidden service directory to upload a
      rendezvous descriptor using a BEGIN_DIR cell, almost 1/6 of all
      requests failed, because the router descriptor has not been
      downloaded yet. In these cases, do not attempt to upload the
      rendezvous descriptor, but wait until the router descriptor is
      downloaded and retry. Likewise, do not attempt to fetch a rendezvous
      descriptor from a hidden service directory for which the router
      descriptor has not yet been downloaded. Fixes bug 767. Bugfix
      on 0.2.0.10-alpha.

  o Minor bugfixes:
    - Fix several infrequent memory leaks spotted by Coverity.
    - When testing for libevent functions, set the LDFLAGS variable
      correctly. Found by Riastradh.
    - Avoid a bug where the FastFirstHopPK 0 option would keep Tor from
      bootstrapping with tunneled directory connections. Bugfix on
      0.1.2.5-alpha. Fixes bug 797. Found by Erwin Lam.
    - When asked to connect to A.B.exit:80, if we don't know the IP for A
      and we know that server B rejects most-but-not all connections to
      port 80, we would previously reject the connection. Now, we assume
      the user knows what they were asking for. Fixes bug 752. Bugfix
      on 0.0.9rc5. Diagnosed by BarkerJr.
    - If we overrun our per-second write limits a little, count this as
      having used up our write allocation for the second, and choke
      outgoing directory writes. Previously, we had only counted this when
      we had met our limits precisely. Fixes bug 824. Patch from by rovv.
      Bugfix on 0.2.0.x (??).
    - Remove the old v2 directory authority 'lefkada' from the default
      list. It has been gone for many months.
    - Stop doing unaligned memory access that generated bus errors on
      sparc64. Bugfix on 0.2.0.10-alpha. Fixes bug 862.
    - Make USR2 log-level switch take effect immediately. Bugfix on
      0.1.2.8-beta.

  o Minor bugfixes (controller):
    - Make DNS resolved events into "CLOSED", not "FAILED". Bugfix on
      0.1.2.5-alpha. Fix by Robert Hogan. Resolves bug 807.
2008-12-21 11:10:27 +00:00
obache
97bf58f7f7 Broken INSTALL script was removed.
No need to remove superfluous directory now.
2008-12-21 11:01:59 +00:00
wiz
d150578c8e PKGREVISION bump for libevent shlib name change. 2008-10-16 21:52:16 +00:00
wiz
302984f167 Update to 0.2.0.31:
Changes in version 0.2.0.31 - 2008-09-03
  o Major bugfixes:
    - Make sure that two circuits can never exist on the same connection
      with the same circuit ID, even if one is marked for close. This
      is conceivably a bugfix for bug 779. Bugfix on 0.1.0.4-rc.
    - Relays now reject risky extend cells: if the extend cell includes
      a digest of all zeroes, or asks to extend back to the relay that
      sent the extend cell, tear down the circuit. Ideas suggested
      by rovv.
    - If not enough of our entry guards are available so we add a new
      one, we might use the new one even if it overlapped with the
      current circuit's exit relay (or its family). Anonymity bugfix
      pointed out by rovv.

  o Minor bugfixes:
    - Recover 3-7 bytes that were wasted per memory chunk. Fixes bug
      794; bug spotted by rovv. Bugfix on 0.2.0.1-alpha.
    - Correctly detect the presence of the linux/netfilter_ipv4.h header
      when building against recent kernels. Bugfix on 0.1.2.1-alpha.
    - Pick size of default geoip filename string correctly on windows.
      Fixes bug 806. Bugfix on 0.2.0.30.
    - Make the autoconf script accept the obsolete --with-ssl-dir
      option as an alias for the actually-working --with-openssl-dir
      option. Fix the help documentation to recommend --with-openssl-dir.
      Based on a patch by "Dave". Bugfix on 0.2.0.1-alpha.
    - Disallow session resumption attempts during the renegotiation
      stage of the v2 handshake protocol. Clients should never be trying
      session resumption at this point, but apparently some did, in
      ways that caused the handshake to fail. Bug found by Geoff Goodell.
      Bugfix on 0.2.0.20-rc.
    - When using the TransPort option on OpenBSD, and using the User
      option to change UID and drop privileges, make sure to open
      /dev/pf before dropping privileges. Fixes bug 782. Patch from
      Christopher Davis. Bugfix on 0.1.2.1-alpha.
    - Try to attach connections immediately upon receiving a RENDEZVOUS2
      or RENDEZVOUS_ESTABLISHED cell. This can save a second or two
      on the client side when connecting to a hidden service. Bugfix
      on 0.0.6pre1. Found and fixed by Christian Wilms; resolves bug 743.
    - When closing an application-side connection because its circuit is
      getting torn down, generate the stream event correctly. Bugfix on
      0.1.2.x. Anonymous patch.
2008-09-08 19:28:28 +00:00
wiz
6d32cfc00d Bump PKGREVISION for libevent users due to 1.4.3->1.4.5 shlib name change. 2008-09-06 21:39:52 +00:00
wiz
fb585ec21a Update to current stable version, tor-0.2.0.30, based on wip/tor.
Thanks to athaba, netcap, and tvierling.

Changes in version 0.2.0.30 - 2008-07-15
  This new stable release switches to a more efficient directory
  distribution design, adds features to make connections to the Tor
  network harder to block, allows Tor to act as a DNS proxy, adds separate
  rate limiting for relayed traffic to make it easier for clients to
  become relays, fix a variety of potential anonymity problems, and
  includes the usual huge pile of other features and bug fixes.
2008-08-01 17:23:21 +00:00
tnn
a18f03ef3a revbumps due to libevent update. 2008-04-22 18:06:09 +00:00
obache
b3c1ef4733 Pass --with-libevent-dir unconditionally, since BUILDLINK_PREFIX.libevent is
unusable here yet.
2008-02-19 13:45:18 +00:00
jschauma
ba4165bc9c Update to 0.1.2.19:
Tor 0.1.2.19 fixes a huge memory leak on exit relays, makes the default
exit policy a little bit more conservative so it's safer to run an exit
relay on a home system, and fixes a variety of smaller issues.

https://www.torproject.org/download.html

Changes in version 0.1.2.19 - 2008-01-17
  o Security fixes:
    - Exit policies now reject connections that are addressed to a
      relay's public (external) IP address too, unless
      ExitPolicyRejectPrivate is turned off. We do this because too
      many relays are running nearby to services that trust them based
      on network address.

  o Major bugfixes:
    - When the clock jumps forward a lot, do not allow the bandwidth
      buckets to become negative. Fixes bug 544.
    - Fix a memory leak on exit relays; we were leaking a cached_resolve_t
      on every successful resolve. Reported by Mike Perry.
    - Purge old entries from the "rephist" database and the hidden
      service descriptor database even when DirPort is zero.
    - Stop thinking that 0.1.2.x directory servers can handle "begin_dir"
      requests. Should ease bugs 406 and 419 where 0.1.2.x relays are
      crashing or mis-answering these requests.
    - When we decide to send a 503 response to a request for servers, do
      not then also send the server descriptors: this defeats the whole
      purpose. Fixes bug 539.

  o Minor bugfixes:
    - Changing the ExitPolicyRejectPrivate setting should cause us to
      rebuild our server descriptor.
    - Fix handling of hex nicknames when answering controller requests for
      networkstatus by name, or when deciding whether to warn about
      unknown routers in a config option. (Patch from mwenge.)
    - Fix a couple of hard-to-trigger autoconf problems that could result
      in really weird results on platforms whose sys/types.h files define
      nonstandard integer types.
    - Don't try to create the datadir when running --verify-config or
      --hash-password. Resolves bug 540.
    - If we were having problems getting a particular descriptor from the
      directory caches, and then we learned about a new descriptor for
      that router, we weren't resetting our failure count. Reported
      by lodger.
    - Although we fixed bug 539 (where servers would send HTTP status 503
      responses _and_ send a body too), there are still servers out there
      that haven't upgraded. Therefore, make clients parse such bodies
      when they receive them.
    - Run correctly on systems where rlim_t is larger than unsigned long.
      This includes some 64-bit systems.
    - Run correctly on platforms (like some versions of OS X 10.5) where
      the real limit for number of open files is OPEN_FILES, not rlim_max
      from getrlimit(RLIMIT_NOFILES).
    - Avoid a spurious free on base64 failure.
    - Avoid segfaults on certain complex invocations of
      router_get_by_hexdigest().
    - Fix rare bug on REDIRECTSTREAM control command when called with no
      port set: it could erroneously report an error when none had
      happened.
2008-01-20 20:11:09 +00:00
tnn
ad6ceadd25 Per the process outlined in revbump(1), perform a recursive revbump
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
2008-01-18 05:06:18 +00:00
jschauma
e86115e28b new homepage and dist site is http://www.torproject.org/ 2008-01-06 19:44:23 +00:00
bjs
52b7990643 Update to version 0.1.2.18. Changes since the last release:
o Major bugfixes (crashes):
    - If a connection is shut down abruptly because of something that
      happened inside connection_flushed_some(), do not call
      connection_finished_flushing(). Should fix bug 451:
      "connection_stop_writing: Assertion conn->write_event failed"
      Bugfix on 0.1.2.7-alpha.
    - Fix possible segfaults in functions called from
      rend_process_relay_cell().

  o Major bugfixes (hidden services):
    - Hidden services were choosing introduction points uniquely by
      hexdigest, but when constructing the hidden service descriptor
      they merely wrote the (potentially ambiguous) nickname.
    - Clients now use the v2 intro format for hidden service
      connections: they specify their chosen rendezvous point by identity
      digest rather than by (potentially ambiguous) nickname. These
      changes could speed up hidden service connections dramatically.

  o Major bugfixes (other):
    - Stop publishing a new server descriptor just because we get a
      HUP signal. This led (in a roundabout way) to some servers getting
      dropped from the networkstatus lists for a few hours each day.
    - When looking for a circuit to cannibalize, consider family as well
      as identity. Fixes bug 438. Bugfix on 0.1.0.x (which introduced
      circuit cannibalization).
    - When a router wasn't listed in a new networkstatus, we were leaving
      the flags for that router alone -- meaning it remained Named,
      Running, etc -- even though absence from the networkstatus means
      that it shouldn't be considered to exist at all anymore. Now we
      clear all the flags for routers that fall out of the networkstatus
      consensus. Fixes bug 529.

  o Minor bugfixes:
    - Don't try to access (or alter) the state file when running
      --list-fingerprint or --verify-config or --hash-password. Resolves
      bug 499.
    - When generating information telling us how to extend to a given
      router, do not try to include the nickname if it is
      absent. Resolves bug 467.
    - Fix a user-triggerable segfault in expand_filename(). (There isn't
      a way to trigger this remotely.)
    - When sending a status event to the controller telling it that an
      OR address is readable, set the port correctly. (Previously we
      were reporting the dir port.)
    - Fix a minor memory leak whenever a controller sends the PROTOCOLINFO
      command. Bugfix on 0.1.2.17.
    - When loading bandwidth history, do not believe any information in
      the future. Fixes bug 434.
    - When loading entry guard information, do not believe any information
      in the future.
    - When we have our clock set far in the future and generate an
      onion key, then re-set our clock to be correct, we should not stop
      the onion key from getting rotated.
    - On some platforms, accept() can return a broken address. Detect
      this more quietly, and deal accordingly. Fixes bug 483.
    - It's not actually an error to find a non-pending entry in the DNS
      cache when canceling a pending resolve. Don't log unless stuff
      is fishy. Resolves bug 463.
    - Don't reset trusted dir server list when we set a configuration
      option. Patch from Robert Hogan.
2007-11-16 05:30:13 +00:00
obache
687e42d44f Change to pass PKG_SYSCONFDIR to configure, fixes PR 37195.
While here, change user/group and directory handling to the usual manner.

Bump PKGREVISION.
2007-10-25 14:58:29 +00:00
obache
c77ad8c6e8 Update tor to 0.1.2.17.
Changes in version 0.1.2.17 - 2007-08-30
  o Major bugfixes (security):
    - We removed support for the old (v0) control protocol. It has been
      deprecated since Tor 0.1.1.1-alpha, and keeping it secure has
      become more of a headache than it's worth.

  o Major bugfixes (load balancing):
    - When choosing nodes for non-guard positions, weight guards
      proportionally less, since they already have enough load. Patch
      from Mike Perry.
    - Raise the "max believable bandwidth" from 1.5MB/s to 10MB/s. This
      will allow fast Tor servers to get more attention.
    - When we're upgrading from an old Tor version, forget our current
      guards and pick new ones according to the new weightings. These
      three load balancing patches could raise effective network capacity
      by a factor of four. Thanks to Mike Perry for measurements.

  o Major bugfixes (stream expiration):
    - Expire not-yet-successful application streams in all cases if
      they've been around longer than SocksTimeout. Right now there are
      some cases where the stream will live forever, demanding a new
      circuit every 15 seconds. Fixes bug 454; reported by lodger.

  o Minor features (controller):
    - Add a PROTOCOLINFO controller command. Like AUTHENTICATE, it
      is valid before any authentication has been received. It tells
      a controller what kind of authentication is expected, and what
      protocol is spoken. Implements proposal 119.

  o Minor bugfixes (performance):
    - Save on most routerlist_assert_ok() calls in routerlist.c, thus
      greatly speeding up loading cached-routers from disk on startup.
    - Disable sentinel-based debugging for buffer code: we squashed all
      the bugs that this was supposed to detect a long time ago, and now
      its only effect is to change our buffer sizes from nice powers of
      two (which platform mallocs tend to like) to values slightly over
      powers of two (which make some platform mallocs sad).

  o Minor bugfixes (misc):
    - If exit bandwidth ever exceeds one third of total bandwidth, then
      use the correct formula to weight exit nodes when choosing paths.
      Based on patch from Mike Perry.
    - Choose perfectly fairly among routers when choosing by bandwidth and
      weighting by fraction of bandwidth provided by exits. Previously, we
      would choose with only approximate fairness, and correct ourselves
      if we ran off the end of the list.
    - If we require CookieAuthentication but we fail to write the
      cookie file, we would warn but not exit, and end up in a state
      where no controller could authenticate. Now we exit.
    - If we require CookieAuthentication, stop generating a new cookie
      every time we change any piece of our config.
    - Refuse to start with certain directory authority keys, and
      encourage people using them to stop.
    - Terminate multi-line control events properly. Original patch
      from tup.
    - Fix a minor memory leak when we fail to find enough suitable
      servers to choose a circuit.
    - Stop leaking part of the descriptor when we run into a particularly
      unparseable piece of it.
2007-09-11 15:53:57 +00:00
obache
7775df7a31 Use standard rc script handler, instead of custom.
Fixes PR 36965.
2007-09-11 15:26:14 +00:00
tnn
38c78edf17 Revbump sweep of all libevent consumers due to update to libevent-1.3d. 2007-08-16 09:27:03 +00:00
drochner
7c77ba6a52 Update to 0.1.2.16, which is the top of the new 0.1.2.x stable branch.
Too many changes to list here; most are not visible to client-only
users anyway.
I've tested client and anymous service functions. Couldn't test server
myself. Since noone responded when I asked for testers I'm committing
the update anyway, also because security flaws were reported without
telling whether they apply to the old 0.1.1 branch.
2007-08-09 19:33:58 +00:00
jlam
4390d56940 Make it easier to build and install packages "unprivileged", where
the owner of all installed files is a non-root user.  This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.

(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
    unprivileged.mk.  These two variables are lists of other bmake
    variables that define package-specific users and groups.  Packages
    that have user-settable variables for users and groups, e.g. apache
    and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
    etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
    so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
    and ${UNPRIVILEGED_GROUP}.

(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
2007-07-04 20:54:31 +00:00
tv
4fe1592d0f give away to pkgsrc-users 2007-04-26 20:04:37 +00:00
tnn
4726602c49 Bump PKGREVISIONs to chase update of devel/libevent. 2007-04-25 16:39:40 +00:00
tv
e6db44e8c5 PKGREVISION bump due to proper ABI_DEPENDS versioning in devel/libevent. 2007-02-11 05:22:24 +00:00
tv
cf1fd4c1a8 Update to 0.1.1.26 to fix information disclosure vuln.
Changes in version 0.1.1.26 - 2006-12-14
 o Security bugfixes:
   - Stop sending the HttpProxyAuthenticator string to directory
     servers when directory connections are tunnelled through Tor.
   - Clients no longer store bandwidth history in the state file.
   - Do not log introduction points for hidden services if SafeLogging
     is set.

 o Minor bugfixes:
   - Fix an assert failure when a directory authority sets
     AuthDirRejectUnlisted and then receives a descriptor from an
     unlisted router (reported by seeess).
2006-12-17 21:53:43 +00:00
jschauma
721b60b433 Instead of setting compiler flags in each package if it uses C99,
allow USE_LANGUAGES+=c99 and let gcc and mipspro do the right thing.
May need to be reviewed/added for other compilers.
ok rillig@
2006-12-02 22:32:59 +00:00
tv
ea8fa05df4 Update to 0.1.1.25.
Changes in version 0.1.1.25 - 2006-11-04
  o Major bugfixes:
    - When a client asks us to resolve (rather than connect to)
      an address, and we have a cached answer, give them the cached
      answer. Previously, we would give them no answer at all.
    - We were building exactly the wrong circuits when we predict
      hidden service requirements, meaning Tor would have to build all
      its circuits on demand.
    - If none of our live entry guards have a high uptime, but we
      require a guard with a high uptime, try adding a new guard before
      we give up on the requirement. This patch should make long-lived
      connections more stable on average.
    - When testing reachability of our DirPort, don't launch new
      tests when there's already one in progress -- unreachable
      servers were stacking up dozens of testing streams.

  o Security bugfixes:
    - When the user sends a NEWNYM signal, clear the client-side DNS
      cache too. Otherwise we continue to act on previous information.

  o Minor bugfixes:
    - Avoid a memory corruption bug when creating a hash table for
      the first time.
    - Avoid possibility of controller-triggered crash when misusing
      certain commands from a v0 controller on platforms that do not
      handle printf("%s",NULL) gracefully.
    - Avoid infinite loop on unexpected controller input.
    - Don't log spurious warnings when we see a circuit close reason we
      don't recognize; it's probably just from a newer version of Tor.
    - Add Vidalia to the OS X uninstaller script, so when we uninstall
      Tor/Privoxy we also uninstall Vidalia.
2006-11-08 19:41:10 +00:00
tv
b10a673706 Add CHECK_PORTABILITY_SKIP. 2006-10-26 14:47:37 +00:00
tv
eb438c3af7 Update to 0.1.1.24. Changes:
Changes in version 0.1.1.24 - 2006-09-29
 o Major bugfixes:
   - Allow really slow clients to not hang up five minutes into their
     directory downloads (suggested by Adam J. Richter).
   - Fix major performance regression from 0.1.0.x: instead of checking
     whether we have enough directory information every time we want to
     do something, only check when the directory information has changed.
     This should improve client CPU usage by 25-50%.
   - Don't crash if, after a server has been running for a while,
     it can't resolve its hostname.
   - When a client asks us to resolve (not connect to) an address,
     and we have a cached answer, give them the cached answer.
     Previously, we would give them no answer at all.

 o Minor bugfixes:
   - Allow Tor to start when RunAsDaemon is set but no logs are set.
   - Don't crash when the controller receives a third argument to an
     "extendcircuit" request.
   - Controller protocol fixes: fix encoding in "getinfo addr-mappings"
     response; fix error code when "getinfo dir/status/" fails.
   - Fix configure.in to not produce broken configure files with
     more recent versions of autoconf. Thanks to Clint for his auto*
     voodoo.
   - Fix security bug on NetBSD that could allow someone to force
     uninitialized RAM to be sent to a server's DNS resolver. This
     only affects NetBSD and other platforms that do not bounds-check
     tolower().
   - Warn user when using libevent 1.1a or earlier with win32 or kqueue
     methods: these are known to be buggy.
   - If we're a directory mirror and we ask for "all" network status
     documents, we would discard status documents from authorities
     we don't recognize.
2006-10-09 00:51:26 +00:00
tv
2110804230 Changes in version 0.1.1.23 - 2006-07-30
o Major bugfixes:
   - Fast Tor servers, especially exit nodes, were triggering asserts
     due to a bug in handling the list of pending DNS resolves. Some
     bugs still remain here; we're hunting them.
   - Entry guards could crash clients by sending unexpected input.
   - More fixes on reachability testing: if you find yourself reachable,
     then don't ever make any client requests (so you stop predicting
     circuits), then hup or have your clock jump, then later your IP
     changes, you won't think circuits are working, so you won't try to
     test reachability, so you won't publish.

 o Minor bugfixes:
   - Avoid a crash if the controller does a resetconf firewallports
     and then a setconf fascistfirewall=1.
   - Avoid an integer underflow when the dir authority decides whether
     a router is stable: we might wrongly label it stable, and compute
     a slightly wrong median stability, when a descriptor is published
     later than now.
   - Fix a place where we might trigger an assert if we can't build our
     own server descriptor yet.
2006-08-04 15:08:55 +00:00
jschauma
cabbde19c6 update tor to version 0.1.1.22:
Changes in version 0.1.1.22 - 2006-07-05
o Major bugfixes:
  - Fix a big bug that was causing servers to not find themselves
    reachable if they changed IP addresses. Since only 0.1.1.22+
    servers can do reachability testing correctly, now we automatically
    make sure to test via one of these.
  - Fix to allow clients and mirrors to learn directory info from
    descriptor downloads that get cut off partway through.
  - Directory authorities had a bug in deciding if a newly published
    descriptor was novel enough to make everybody want a copy -- a few
    servers seem to be publishing new descriptors many times a minute.
o Minor bugfixes:
  - Fix a rare bug that was causing some servers to complain about
    "closing wedged cpuworkers" and skip some circuit create requests.
  - Make the Exit flag in directory status documents actually work.


While here, patch sample config file to log to syslog per default to make
sure that tor starts as a daemon with the default config.
2006-07-09 15:03:54 +00:00
tv
9613ee9475 Changes in version 0.1.1.21 - 2006-06-10
o Crash and assert fixes from 0.1.1.20:
    - Fix a rare crash on Tor servers that have enabled hibernation.
    - Fix a seg fault on startup for Tor networks that use only one
      directory authority.
    - Fix an assert from a race condition that occurs on Tor servers
      while exiting, where various threads are trying to log that they're
      exiting, and delete the logs, at the same time.
    - Make our unit tests pass again on certain obscure platforms.

[Noncritical changes, of which there are many, are in the ChangeLog.]
2006-06-12 14:31:49 +00:00
rillig
b306eaa8cb Fixed some spelling mistakes. 2006-05-28 17:50:23 +00:00
jschauma
c4c1fb921a - Update tor to latest stable version 0.1.1.20 via files from pkgsrc-wip
- maintainer -> tv

Changes (summary):

some major security fixes, including entry guards to protect the
beginning of the circuit, exit enclaves to protect the end, and better
firewall support; a new directory protocol that improves bandwidth use
and keeps clients more up to date; two new directory authorities;
a new ascii-based controller protocol that lets people easily write
applications to interact with Tor; and
many scalability and performance improvements

Full changes available at
http://archives.seul.org/or/announce/May-2006/msg00000.html:
2006-05-26 02:21:41 +00:00
jlam
802ce74fcb Modify packages that set PKG_USERS and PKG_GROUPS to follow the new
syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.
2006-04-23 00:12:35 +00:00
reed
5abef9be14 Over 1200 files touched but no revisions bumped :)
RECOMMENDED is removed. It becomes ABI_DEPENDS.

BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.

BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.

BUILDLINK_DEPENDS does not change.

IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".

Added to obsolete.mk checking for IGNORE_RECOMMENDED.

I did not manually go through and fix any aesthetic tab/spacing issues.

I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.

I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.

As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.

As discussed on tech-pkg.

I will commit to revbump, pkglint, pkg_install, createbuildlink separately.

Note that if you use wip, it will fail!  I will commit to pkgsrc-wip
later (within day).
2006-04-06 06:21:32 +00:00
jlam
daad0f3d6c Modify the pkginstall framework so that it manages all aspects of
INSTALL/DEINSTALL script creation within pkgsrc.

If an INSTALL or DEINSTALL script is found in the package directory,
it is automatically used as a template for the pkginstall-generated
scripts.  If instead, they should be used simply as the full scripts,
then the package Makefile should set INSTALL_SRC or DEINSTALL_SRC
explicitly, e.g.:

	INSTALL_SRC=	${PKGDIR}/INSTALL
	DEINSTALL_SRC=	# emtpy

As part of the restructuring of the pkginstall framework internals,
we now *always* generate temporary INSTALL or DEINSTALL scripts.  By
comparing these temporary scripts with minimal INSTALL/DEINSTALL
scripts formed from only the base templates, we determine whether or
not the INSTALL/DEINSTALL scripts are actually needed by the package
(see the generate-install-scripts target in bsd.pkginstall.mk).

In addition, more variables in the framework have been made private.
The *_EXTRA_TMPL variables have been renamed to *_TEMPLATE, which are
more sensible names given the very few exported variables in this
framework.  The only public variables relating to the templates are:

	INSTALL_SRC		INSTALL_TEMPLATE
	DEINSTALL_SRC		DEINSTALL_TEMPLATE
				HEADER_TEMPLATE

The packages in pkgsrc have been modified to reflect the changes in
the pkginstall framework.
2006-03-14 01:14:26 +00:00
jschauma
90813d3831 Trivially update tor to 0.1.0.17:
Changes in version 0.1.0.17 - 2006-02-17
  o Crash bugfixes on 0.1.0.x:
    - When servers with a non-zero DirPort came out of hibernation,
      sometimes they would trigger an assert.

  o Other important bugfixes:
    - On platforms that don't have getrlimit (like Windows), we
      were artificially constraining ourselves to a max of 1024
      connections. Now just assume that we can handle
      as many as 15000 connections. Hopefully this won't cause
      other problems.

  o Backported features:
    - When we're a server, a client asks
      for an old-style directory,  and our write bucket is empty,
      don't give it to him. This way small servers can
      continue to serve the directory *sometimes*,
      without getting overloaded.
    - Whenever you get a 503 in response to a directory fetch, try
      once more. This will become important once servers start sending
      503's whenever they feel busy.
    - Fetch a new directory every 120 minutes, not every 40 minutes.
      Now that we have hundreds of thousands of users running the old
      directory algorithm, it's starting to hurt a lot.
    - Bump up the period for forcing a hidden service descriptor upload
      from 20 minutes to 1 hour.
2006-02-23 03:39:25 +00:00
jschauma
3ac155dba9 Update to tor-0.1.0.16
This update fixes nine rare crash bugs, and includes backports from
the 0.1.1.x tree to be more aggressive about retrying failed streams.
2006-01-15 19:08:06 +00:00
jlam
dc9594e09d Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
2005-12-29 06:21:30 +00:00
rillig
579e977969 Ran "pkglint --autofix", which corrected some of the quoting issues in
CONFIGURE_ARGS.
2005-12-05 23:55:01 +00:00
rillig
b71a1d488b Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in

    http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
2005-12-05 20:49:47 +00:00
tv
834ad8fba6 Changes in version 0.1.0.15 - 2005-09-23
o Bugfixes on 0.1.0.x:
    - Reject ports 465 and 587 (spam targets) in default exit policy.
    - Don't crash when we don't have any spare file descriptors and we
      try to spawn a dns or cpu worker.
    - Get rid of IgnoreVersion undocumented config option, and make us
      only warn, never exit, when we're running an obsolete version.
    - Don't try to print a null string when your server finds itself to
      be unreachable and the Address config option is empty.
    - Make the numbers in read-history and write-history into uint64s,
      so they don't overflow and publish negatives in the descriptor.
    - Fix a minor memory leak in smartlist_string_remove().
    - We were only allowing ourselves to upload a server descriptor at
      most every 20 minutes, even if it changed earlier than that.
    - Clean up log entries that pointed to old URLs.
2005-09-27 19:53:41 +00:00
tv
e600c9fe8a Use @PKG_HOME@ to store the pidfile, so that tor can actually create it
(/var/run is not writable by user "tor", and tor drops privs early).
2005-09-27 17:44:12 +00:00
tv
7f00eaada9 "Oops." BUILDLINK_DEPMETHOD.libevent was defaulting to "build", which is
no longer correct since update to libevent 1.x; it now uses libtool and
generates a shlib.

Remove the offending bl3 line, and bump all dependents' PKGREVISIONs, since
the binary pkg changes for any OS that doesn't have a sufficient builtin
libevent version (or the package has requested a non-builtin version).
2005-09-16 14:46:42 +00:00
drochner
20a73f15fa update to tor-0.1.0.14
Tor 0.1.0.14 fixes the second half of an important bug in the security of
our crypto handshakes. This time for sure. :) All clients should upgrade.

  o Bugfixes on 0.1.0.x:
    - Fix the other half of the bug with crypto handshakes.
    - Fix an assert trigger if you send a 'signal term' via the
      controller when it's listening for 'event info' messages.
2005-08-09 09:01:08 +00:00
jschauma
8041354cf3 Update to 0.1.0.13:
- Fix a critical bug in the security of our crypto handshakes.
- Fix a size_t underflow in smartlist_join_strings2() that made
  it do bad things when you hand it an empty smartlist.
- Fix Windows installer to ship Tor license (thanks to Aphex for
  pointing out this oversight) and put a link to the doc directory
  in the start menu.
- Explicitly set no-unaligned-access for sparc: it turns out the
  new gcc's let you compile broken code, but that doesn't make it
  not-broken
2005-08-05 01:43:59 +00:00
drochner
3801b030d8 update to 0.1.0.12
This is a major update, too many improvements to list here, see
the ChangeLog in the distribution for details.

pkgsrc changes:
-remove dependency on tsocks; this is just one possible way to
 make applications use SOCKS; add a hint to MESSAGE
-use the pkgsrc libevent - the NetBSD builtin is old, and tor
 complains loudly if it doesn't like the libevent version
-make the rc.d script executable
2005-08-04 10:55:31 +00:00
salo
638b61b0f8 Security update to version 0.0.9.10
Changes:
Bugfixes on 0.0.9.x (backported from 0.1.0.10):
 - Refuse relay cells that claim to have a length larger than the
   maximum allowed. This prevents a potential attack that could read
   arbitrary memory (e.g. keys) from an exit server's process.

Bugfixes on 0.0.9.x:
 - If unofficial Tor clients connect and send weird TLS certs, our
   Tor server triggers an assert. This release contains a minimal
   backport from the broader fix that we put into 0.1.0.4-rc.

Approved by <jlam>
2005-06-22 15:53:24 +00:00
jschauma
f194968805 Update tor to 0.0.9.8:
- Fix another race crash bug (thanks to Glenn Fink for reporting).
- Compare identity to identity, not to nickname, when extending to
  a router not already in the directory. This was preventing us from
  extending to unknown routers. Oops.
- Make sure to create OS X Tor user in <500 range, so we aren't
  creating actual system users.
- Note where connection-that-hasn't-sent-end was marked, and fix
  a few really loud instances of this harmless bug (it's fixed more
  in 0.1.0.x).

- We have a bug that I haven't found yet. Sometimes, very rarely,
  cpuworkers get stuck in the 'busy' state, even though the cpuworker
  thinks of itself as idle. This meant that no new circuits ever got
  established. Here's a workaround to kill any cpuworker that's been
  busy for more than 100 seconds.
2005-04-16 15:58:07 +00:00
tv
f816d81489 Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used. 2005-04-11 21:44:48 +00:00
jschauma
80d98f5582 Update tor to 0.0.9.6, with the following bugfixes:
- Add new end stream reasons to maintainance branch. Fix bug where
  reason (8) could trigger an assert.  Prevent bug from recurring.
- Apparently win32 stat wants paths to not end with a slash.
- Fix assert triggers in assert_cpath_layer_ok(), where we were
  blowing away the circuit that conn->cpath_layer points to, then
  checking to see if the circ is well-formed. Backport check to make
  sure we dont use the cpath on a closed connection.
- Prevent circuit_resume_edge_reading_helper() from trying to package
  inbufs for marked-for-close streams.
- Don't crash on hup if your options->address has become unresolvable.
- Some systems (like OS X) sometimes accept() a connection and tell
  you the remote host is 0.0.0.0:0. If this happens, due to some
  other mis-features, we get confused; so refuse the conn for now.
- Fix harmless but scary "Unrecognized content encoding" warn message.
- Add new stream error reason: TORPROTOCOL reason means "you are not
  speaking a version of Tor I understand; say bye-bye to your stream."
- Be willing to cache directories from up to ROUTER_MAX_AGE seconds
  into the future, now that we are more tolerant of skew. This
  resolves a bug where a Tor server would refuse to cache a directory
  because all the directories it gets are too far in the future;
  yet the Tor server never logs any complaints about clock skew.
2005-03-29 22:08:52 +00:00
jschauma
b386b0c8cd update tor to 0.0.9.5:
- Fix an assert race at exit nodes when resolve requests fail.
- Stop picking unverified dir mirrors--it only leads to misery.
- Patch from Dmitry Bely so Tor runs better as a service under
  the win32 SYSTEM account.  Service support is still not compiled
  into the executable by default.
- Make tor-resolve actually work (?) on Win32.
- Fix a sign bug when getrlimit claims to have 4+ billion
  file descriptors available.
- Stop refusing to start when bandwidthburst == bandwidthrate.
- When create cells have been on the onion queue more than five
  seconds, just send back a destroy and take them off the list.
2005-02-28 20:58:30 +00:00
jschauma
de65cb4332 This needs zlib, too.
PKGREVISION++
2005-02-18 04:13:04 +00:00
jschauma
b6a49f4b65 create RCD_SCRIPTS_EXAMPLEDIR if it doesn't exists 2005-02-17 17:53:45 +00:00
jschauma
0360cbf258 Make this work correctly as a binary package.
Bump PKGREVISION.
2005-02-14 18:51:58 +00:00
jschauma
19dad1b8a1 Update tor to 0.0.9.4.
pkgsrc changes:
 - depend on tsocks to allow torification of other applications
 - create a user for this application to run as
 - install a suitable rc script

ChangeLog says:
  o Bugfixes on 0.0.9:
    - Fix an assert bug that took down most of our servers: when
      a server claims to have 500 GB of bandwidthburst, don't
      freak out.
    - Don't crash as badly if we have spawned the max allowed number
      of dnsworkers, or we're out of file descriptors.
    - Block more file-sharing ports in the default exit policy.
    - MaxConn is now automatically set to the hard limit of max
      file descriptors we're allowed (ulimit -n), minus a few for
      logs, etc.
    - Give a clearer message when servers need to raise their
      ulimit -n when they start running out of file descriptors.
    - SGI Compatibility patches from Jan Schaumann.
    - Tolerate a corrupt cached directory better.
    - When a dirserver hasn't approved your server, list which one.
    - Go into soft hibernation after 95% of the bandwidth is used,
      not 99%. This is especially important for daily hibernators who
      have a small accounting max. Hopefully it will result in fewer
      cut connections when the hard hibernation starts.
    - Load-balance better when using servers that claim more than
      800kB/s of capacity.
    - Make NT services work (experimental, only used if compiled in).
2005-02-13 20:27:53 +00:00
jschauma
2a3e955656 Update tor to 0.0.9.3.
Pkgsrc changes:
- make this build under IRIX.
- tor has moved to tor.eff.org

Version changes since 0.0.9.2:

- Backport the cpu use fixes from main branch, so busy servers won't
  need as much processor time.
- Work better when we go offline and then come back, or when we
  run Tor at boot before the network is up. We do this by
  optimistically trying to fetch a new directory whenever an
  application request comes in and we think we're offline -- the
  human is hopefully a good measure of when the network is back.
- Backport some minimal hidserv bugfixes: keep rend circuits open as
  long as you keep using them; actually publish hidserv descriptors
  shortly after they change, rather than waiting 20-40 minutes.
- Enable Mac startup script by default.
- Fix duplicate dns_cancel_pending_resolve reported by Giorgos Pallas.
- When you update AllowUnverifiedNodes or FirewallPorts via the
  controller's setconf feature, we were always appending, never
  resetting.
- When you update HiddenServiceDir via setconf, it was screwing up
  the order of reading the lines, making it fail.
- Do not rewrite a cached directory back to the cache; otherwise we
  will think it is recent and not fetch a newer one on startup.
- Workaround for webservers that lie about Content-Encoding: Tor
  now tries to autodetect compressed directories and compression
  itself. This lets us Proxypass dir fetches through apache.
2005-02-02 16:41:22 +00:00
tv
eecb01b9fa Update to 0.0.9.2 (OK'd by jschauma@netbsd.org).
The ChangeLog is huge -- see it for changes.  This is still a pre-alpha
piece of software, so rapid development and change is currently expected.
2005-01-11 21:02:20 +00:00
jschauma
70b2412163 Update tor to latest stable version 0.0.8.1:
Changes in version 0.0.8.1 - 2004-10-14
  o Bugfixes:
    - Fix a seg fault that can be triggered remotely for Tor
      clients/servers with an open dirport.
    - Fix a rare assert trigger, where routerinfos for entries in
      our cpath would expire while we're building the path.
    - Fix a bug in OutboundBindAddress so it (hopefully) works.
    - Fix a rare seg fault for people running hidden services on
      intermittent connections.
    - Fix a bug in parsing opt keywords with objects.
    - Fix a stale pointer assert bug when a stream detaches and
      reattaches.
    - Fix a string format vulnerability (probably not exploitable)
      in reporting stats locally.
    - Fix an assert trigger: sometimes launching circuits can fail
      immediately, e.g. because too many circuits have failed recently.
    - Fix a compile warning on 64 bit platforms.


Changes in version 0.0.8 - 2004-08-25
  o Bugfixes:
    - Made our unit tests compile again on OpenBSD 3.5, and tor
      itself compile again on OpenBSD on a sparc64.
    - We were neglecting milliseconds when logging on win32, so
      everything appeared to happen at the beginning of each second.
    - Check directory signature _before_ you decide whether you're
      you're running an obsolete version and should exit.
    - Check directory signature _before_ you parse the running-routers
      list to decide who's running.
    - Check return value of fclose while writing to disk, so we don't
      end up with broken files when servers run out of disk space.
    - Port it to SunOS 5.9 / Athena
    - Fix two bugs in saving onion keys to disk when rotating, so
      hopefully we'll get fewer people using old onion keys.
    - Remove our mostly unused -- and broken -- hex_encode()
      function. Use base16_encode() instead. (Thanks to Timo Lindfors
      for pointing out this bug.)
    - Only pick and establish intro points after we've gotten a
      directory.
    - Fix assert triggers: if the other side returns an address 0.0.0.0,
      don't put it into the client dns cache.
    - If a begin failed due to exit policy, but we believe the IP
      address should have been allowed, switch that router to exitpolicy
      reject *:* until we get our next directory.

  o Protocol changes:
    - 'Extend' relay cell payloads now include the digest of the
      intended next hop's identity key. Now we can verify that we're
      extending to the right router, and also extend to routers we
      hadn't heard of before.

  o Features:
    - Tor nodes can now act as relays (with an advertised ORPort)
      without being manually verified by the dirserver operators.
      - Uploaded descriptors of unverified routers are now accepted
        by the dirservers, and included in the directory.
      - Verified routers are listed by nickname in the running-routers
        list; unverified routers are listed as "$<fingerprint>".
      - We now use hash-of-identity-key in most places rather than
        nickname or addr:port, for improved security/flexibility.
      - AllowUnverifiedNodes config option to let circuits choose no-name
        routers in entry,middle,exit,introduction,rendezvous positions.
        Allow middle and rendezvous positions by default.
      - When picking unverified routers, skip those with low uptime and/or
        low bandwidth, depending on what properties you care about.
      - ClientOnly option for nodes that never want to become servers.
    - Directory caching.
      - "AuthoritativeDir 1" option for the official dirservers.
      - Now other nodes (clients and servers) will cache the latest
        directory they've pulled down.
      - They can enable their DirPort to serve it to others.
      - Clients will pull down a directory from any node with an open
        DirPort, and check the signature/timestamp correctly.
      - Authoritative dirservers now fetch directories from other
        authdirservers, to stay better synced.
      - Running-routers list tells who's down also, along with noting
        if they're verified (listed by nickname) or unverified (listed
        by hash-of-key).
      - Allow dirservers to serve running-router list separately.
        This isn't used yet.
      - You can now fetch $DIRURL/running-routers to get just the
        running-routers line, not the whole descriptor list. (But
        clients don't use this yet.)
    - Clients choose nodes proportional to advertised bandwidth.
    - Clients avoid using nodes with low uptime as introduction points.
    - Handle servers with dynamic IP addresses: don't just replace
      options->Address with the resolved one at startup, and
      detect our address right before we make a routerinfo each time.
    - 'FascistFirewall' option to pick dirservers and ORs on specific
      ports; plus 'FirewallPorts' config option to tell FascistFirewall
      which ports are open. (Defaults to 80,443)
    - Try other dirservers immediately if the one you try is down. This
      should tolerate down dirservers better now.
    - ORs connect-on-demand to other ORs
      - If you get an extend cell to an OR you're not connected to,
        connect, handshake, and forward the create cell.
      - The authoritative dirservers stay connected to everybody,
        and everybody stays connected to 0.0.7 servers, but otherwise
        clients/servers expire unused connections after 5 minutes.
    - When servers get a sigint, they delay 30 seconds (refusing new
      connections) then exit. A second sigint causes immediate exit.
    - File and name management:
      - Look for .torrc if no CONFDIR "torrc" is found.
      - If no datadir is defined, then choose, make, and secure ~/.tor
        as datadir.
      - If torrc not found, exitpolicy reject *:*.
      - Expands ~/ in filenames to $HOME/ (but doesn't yet expand ~arma).
      - If no nickname is defined, derive default from hostname.
      - Rename secret key files, e.g. identity.key -> secret_id_key,
        to discourage people from mailing their identity key to tor-ops.
    - Refuse to build a circuit before the directory has arrived --
      it won't work anyway, since you won't know the right onion keys
      to use.
    - Parse tor version numbers so we can do an is-newer-than check
      rather than an is-in-the-list check.
    - New socks command 'resolve', to let us shim gethostbyname()
      locally.
      - A 'tor_resolve' script to access the socks resolve functionality.
      - A new socks-extensions.txt doc file to describe our
        interpretation and extensions to the socks protocols.
    - Add a ContactInfo option, which gets published in descriptor.
    - Write tor version at the top of each log file
    - New docs in the tarball:
      - tor-doc.html.
      - Document that you should proxy your SSL traffic too.
    - Log a warning if the user uses an unsafe socks variant, so people
      are more likely to learn about privoxy or socat.
    - Log a warning if you're running an unverified server, to let you
      know you might want to get it verified.
    - Change the default exit policy to reject the default edonkey,
      kazaa, gnutella ports.
    - Add replace_file() to util.[ch] to handle win32's rename().
    - Publish OR uptime in descriptor (and thus in directory) too.
    - Remember used bandwidth (both in and out), and publish 15-minute
      snapshots for the past day into our descriptor.
    - Be more aggressive about trying to make circuits when the network
      has changed (e.g. when you unsuspend your laptop).
    - Check for time skew on http headers; report date in response to
      "GET /".
    - If the entrynode config line has only one node, don't pick it as
      an exitnode.
    - Add strict{entry|exit}nodes config options. If set to 1, then
      we refuse to build circuits that don't include the specified entry
      or exit nodes.
    - OutboundBindAddress config option, to bind to a specific
      IP address for outgoing connect()s.
    - End truncated log entries (e.g. directories) with "[truncated]".
2004-11-11 20:52:46 +00:00
tv
c487cb967a Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10
in the process.  (More information on tech-pkg.)

Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.

Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
2004-10-03 00:12:51 +00:00
jschauma
00ba74d734 Import tor into pkgsrc:
The simple version: Tor provides a distributed network of servers ("onion
routers"). Users bounce their TCP streams (web traffic, FTP, SSH, etc.) around
the routers. This makes it hard for recipients, observers, and even the onion
routers themselves to track the source of the stream.

The complex version:  Onion Routing is a connection-oriented anonymizing
communication service. Users choose a source-routed path through a set of
nodes, and negotiate a "virtual circuit" through the network, in which each
node knows its predecessor and successor, but no others. Traffic flowing down
the circuit is unwrapped by a symmetric key at each node, which reveals the
downstream node.
2004-08-13 19:33:41 +00:00