Commit graph

97 commits

Author SHA1 Message Date
drochner
6c4e312ea4 update to 0.2.2.34
fixes a critical anonymity vulnerability where an attacker
can deanonymize Tor users (CVE-2011-2768)
2011-10-30 17:49:18 +00:00
drochner
a20e77c980 update to 0.2.2.33
changes: minor fixes
2011-10-06 18:06:15 +00:00
gdt
43407d5f63 USE_TOOLS+= gmake
Build fails with BSD make.  Reported to tor-talk@.
2011-09-07 00:34:56 +00:00
gdt
b9db0ce37b Add a comment explaining why curl is needed to fetch (https redirect). 2011-09-06 23:49:25 +00:00
drochner
798248cd3a update to 0.2.2.32
Tor 0.2.2.32, the first stable release in the 0.2.2 branch, is finally
ready. More than two years in the making, this release features improved
client performance and hidden service reliability, better compatibility
for Android, correct behavior for bridges that listen on more than
one address, more extensible and flexible directory object handling,
better reporting of network statistics, improved code security, and
many many other features and bugfixes.
2011-09-06 19:34:01 +00:00
drochner
6001388138 update to 0.2.1.30, from Christian Sturm (the MAINTAINER) per PR pkg/44702
changes:
-fixes for less critical bugs
-make TLS D-H parameters match those of Apache's mod_ssl
pkgsrc changes: Makefile cleanup, appease plglint
2011-03-09 10:03:06 +00:00
tnn
ce57998993 revbump(1) for devel/libevent update. 2011-02-11 21:22:02 +00:00
drochner
591017bb29 update to 0.2.1.29
changes:
-Fix a heap overflow (probably allows remote code execution)
 (CVE-2011-0427)
-Prevent a denial-of-service attack by disallowing any
 zlib-compressed data whose compression factor is implausibly
 high
-Zero out a few more keys in memory before freeing them
-bugfixes
-Update to the January 1 2011 Maxmind GeoLite Country db
-Introduce output size checks on all of our decryption functions
2011-01-17 14:06:53 +00:00
gdt
59c7c580e7 Update to 0.2.1.28, resolving CVE-2010-1676.
Changes in version 0.2.1.28 - 2010-12-17
  o Major bugfixes:
    - Fix a remotely exploitable bug that could be used to crash instances
      of Tor remotely by overflowing on the heap. Remote-code execution
      hasn't been confirmed, but can't be ruled out. Everyone should
      upgrade. Bugfix on the 0.1.1 series and later.

  o Directory authority changes:
    - Change IP address and ports for gabelmoo (v3 directory authority).

  o Minor features:
    - Update to the December 1 2010 Maxmind GeoLite Country database.
2010-12-21 00:07:28 +00:00
drochner
1d9ceb187c update to 0.2.1.27
changes:
-fix incompatibility with the recent openssl security fix (CVE-2010-3864)
-update ip->geo db
-add a directory authority
-bugfixes
2010-11-29 17:50:16 +00:00
wiz
afe6700926 Add RCS Id. 2010-08-02 07:06:04 +00:00
gdt
f876a86e5e Add patch that should have been in previous commit. 2010-07-30 16:59:06 +00:00
gdt
9b9fc447dc Add patch from Taylor R Campbell to choose a working way to re-enable
TLS renegotiation.
2010-07-30 12:11:51 +00:00
wiz
3a7e14e3dc Update to 0.2.1.26, from maintainer Christian Sturm in PR 43302:
Changes in version 0.2.1.26 - 2010-05-02
  Tor 0.2.1.26 addresses the recent connection and memory overload
  problems we've been seeing on relays, especially relays with their
  DirPort open. If your relay has been crashing, or you turned it off
  because it used too many resources, give this release a try.

  This release also fixes yet another instance of broken OpenSSL libraries
  that was causing some relays to drop out of the consensus.

  o Major bugfixes:
    - Teach relays to defend themselves from connection overload. Relays
      now close idle circuits early if it looks like they were intended
      for directory fetches. Relays are also more aggressive about closing
      TLS connections that have no circuits on them. Such circuits are
      unlikely to be re-used, and tens of thousands of them were piling
      up at the fast relays, causing the relays to run out of sockets
      and memory. Bugfix on 0.2.0.22-rc (where clients started tunneling
      their directory fetches over TLS).
    - Fix SSL renegotiation behavior on OpenSSL versions like on Centos
      that claim to be earlier than 0.9.8m, but which have in reality
      backported huge swaths of 0.9.8m or 0.9.8n renegotiation
      behavior. Possible fix for some cases of bug 1346.
    - Directory mirrors were fetching relay descriptors only from v2
      directory authorities, rather than v3 authorities like they should.
      Only 2 v2 authorities remain (compared to 7 v3 authorities), leading
      to a serious bottleneck. Bugfix on 0.2.0.9-alpha. Fixes bug 1324.

  o Minor bugfixes:
    - Finally get rid of the deprecated and now harmful notion of "clique
      mode", where directory authorities maintain TLS connections to
      every other relay.

  o Testsuite fixes:
    - In the util/threads test, no longer free the test_mutex before all
      worker threads have finished. Bugfix on 0.2.1.6-alpha.
    - The master thread could starve the worker threads quite badly on
      certain systems, causing them to run only partially in the allowed
      window. This resulted in test failures. Now the master thread sleeps
      occasionally for a few microseconds while the two worker-threads
      compete for the mutex. Bugfix on 0.2.0.1-alpha.
2010-05-13 19:42:08 +00:00
wiz
690b97665a Update to 0.2.1.25, provided by maintainer Christian Sturm in PR 43103:
Changes in version 0.2.1.25 - 2010-03-16
  o Major bugfixes:
    - Fix a regression from our patch for bug 1244 that caused relays
      to guess their IP address incorrectly if they didn't set Address
      in their torrc and/or their address fails to resolve. Bugfix on
      0.2.1.23; fixes bug 1269.
    - When freeing a session key, zero it out completely. We only zeroed
      the first ptrsize bytes. Bugfix on 0.0.2pre8. Discovered and
      patched by ekir. Fixes bug 1254.

  o Minor bugfixes:
    - Fix a dereference-then-NULL-check sequence when publishing
      descriptors. Bugfix on 0.2.1.5-alpha. Discovered by ekir; fixes
      bug 1255.
    - Fix another dereference-then-NULL-check sequence. Bugfix on
      0.2.1.14-rc. Discovered by ekir; fixes bug 1256.
    - Make sure we treat potentially not NUL-terminated strings correctly.
      Bugfix on 0.1.1.13-alpha. Discovered by rieo; fixes bug 1257.
2010-04-02 09:58:44 +00:00
obache
aa24f61b96 Update tor to 0.2.1.24 per maintainer update request by PR#42911.
Changes in version 0.2.1.24 - 2010-02-21
  Tor 0.2.1.24 makes Tor work again on the latest OS X -- this time
  for sure!

  o Minor bugfixes:
    - Work correctly out-of-the-box with even more vendor-patched versions
      of OpenSSL. In particular, make it so Debian and OS X don't need
      customized patches to run/build.

Changes in version 0.2.1.23 - 2010-02-13
  Tor 0.2.1.23 fixes a huge client-side performance bug, makes Tor work
  again on the latest OS X, and updates the location of a directory
  authority.

  o Major bugfixes (performance):
    - We were selecting our guards uniformly at random, and then weighting
      which of our guards we'd use uniformly at random. This imbalance
      meant that Tor clients were severely limited on throughput (and
      probably latency too) by the first hop in their circuit. Now we
      select guards weighted by currently advertised bandwidth. We also
      automatically discard guards picked using the old algorithm. Fixes
      bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry.

  o Major bugfixes:
    - Make Tor work again on the latest OS X: when deciding whether to
      use strange flags to turn TLS renegotiation on, detect the OpenSSL
      version at run-time, not compile time. We need to do this because
      Apple doesn't update its dev-tools headers when it updates its
      libraries in a security patch.
    - Fix a potential buffer overflow in lookup_last_hid_serv_request()
      that could happen on 32-bit platforms with 64-bit time_t. Also fix
      a memory leak when requesting a hidden service descriptor we've
      requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found
      by aakova.

  o Minor bugfixes:
    - Refactor resolve_my_address() to not use gethostbyname() anymore.
      Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike Mestnik.

  o Minor features:
    - Avoid a mad rush at the beginning of each month when each client
      rotates half of its guards. Instead we spread the rotation out
      throughout the month, but we still avoid leaving a precise timestamp
      in the state file about when we first picked the guard. Improves
      over the behavior introduced in 0.1.2.17.
2010-03-02 11:25:59 +00:00
wiz
4d196edffd Update to 0.2.1.22, from maintainer Christian Sturm in PR 42655:
o Directory authority changes:
    - Rotate keys (both v3 identity and relay identity) for moria1
      and gabelmoo.

  o Major bugfixes:
    - Stop bridge directory authorities from answering dbg-stability.txt
      directory queries, which would let people fetch a list of all
      bridge identities they track. Bugfix on 0.2.1.6-alpha.
2010-01-21 11:47:23 +00:00
wiz
579796a3e5 Recursive PKGREVISION bump for jpeg update to 8. 2010-01-17 12:02:03 +00:00
wiz
848f063e60 Update to 0.2.1.21, provided by Christian Sturm in PR 42541, approved
by dillo@

Changes in version 0.2.1.21 - 2009-12-21
  o Major bugfixes:
    - Work around a security feature in OpenSSL 0.9.8l that prevents our
      handshake from working unless we explicitly tell OpenSSL that we
      are using SSL renegotiation safely. We are, of course, but OpenSSL
      0.9.8l won't work unless we say we are.
    - Avoid crashing if the client is trying to upload many bytes and the
      circuit gets torn down at the same time, or if the flip side
      happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.

  o Minor bugfixes:
    - Do not refuse to learn about authority certs and v2 networkstatus
      documents that are older than the latest consensus. This bug might
      have degraded client bootstrapping. Bugfix on 0.2.0.10-alpha.
      Spotted and fixed by xmux.
    - Fix a couple of very-hard-to-trigger memory leaks, and one hard-to-
      trigger platform-specific option misparsing case found by Coverity
      Scan.
    - Fix a compilation warning on Fedora 12 by removing an impossible-to-
      trigger assert. Fixes bug 1173.
2010-01-05 11:24:30 +00:00
snj
23c8424911 Update to 0.2.1.20. From Christian Sturm in PR pkg/42311.
Changes in version 0.2.1.20 - 2009-10-15
  o Major bugfixes:
    - Send circuit or stream sendme cells when our window has decreased
      by 100 cells, not when it has decreased by 101 cells. Bug uncovered
      by Karsten when testing the "reduce circuit window" performance
      patch. Bugfix on the 54th commit on Tor -- from July 2002,
      before the release of Tor 0.0.0. This is the new winner of the
      oldest-bug prize.
    - Fix a remotely triggerable memory leak when a consensus document
      contains more than one signature from the same voter. Bugfix on
      0.2.0.3-alpha.
    - Avoid segfault in rare cases when finishing an introduction circuit
      as a client and finding out that we don't have an introduction key
      for it. Fixes bug 1073.

  o Major features:
    - Tor now reads the "circwindow" parameter out of the consensus,
      and uses that value for its circuit package window rather than the
      default of 1000 cells. Begins the implementation of proposal 168.

  o New directory authorities:
    - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
      authority.
    - Move moria1 and tonga to alternate IP addresses.

  o Minor bugfixes:
    - Fix a signed/unsigned compile warning in 0.2.1.19.
    - Fix possible segmentation fault on directory authorities. Bugfix on
      0.2.1.14-rc.
    - Fix an extremely rare infinite recursion bug that could occur if
      we tried to log a message after shutting down the log subsystem.
      Found by Matt Edman. Bugfix on 0.2.0.16-alpha.
    - Fix an obscure bug where hidden services on 64-bit big-endian
      systems might mis-read the timestamp in v3 introduce cells, and
      refuse to connect back to the client.  Bugfix on 0.2.1.6-alpha.
    - We were triggering a CLOCK_SKEW controller status event whenever
      we connect via the v2 connection protocol to any relay that has
      a wrong clock. Instead, we should only inform the controller when
      it's a trusted authority that claims our clock is wrong. Bugfix
      on 0.2.0.20-rc; starts to fix bug 1074.
    - We were telling the controller about CHECKING_REACHABILITY and
      REACHABILITY_FAILED status events whenever we launch a testing
      circuit or notice that one has failed. Instead, only tell the
      controller when we want to inform the user of overall success or
      overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075.
    - Don't warn when we're using a circuit that ends with a node
      excluded in ExcludeExitNodes, but the circuit is not used to access
      the outside world. This should help fix bug 1090. Bugfix on
      0.2.1.6-alpha.
    - Work around a small memory leak in some versions of OpenSSL that
      stopped the memory used by the hostname TLS extension from being
      freed.

  o Minor features:
    - Add a "getinfo status/accepted-server-descriptor" controller
      command, which is the recommended way for controllers to learn
      whether our server descriptor has been successfully received by at
      least on directory authority. Un-recommend good-server-descriptor
      getinfo and status events until we have a better design for them.
2009-11-15 04:24:51 +00:00
obache
ef55334562 Update tor to 0.2.1.19.
Based on maintainer update request via PR 41828.
(remove patch-a{a,b} and make to simplify by me).

Tor 0.2.1.18 lays the foundations for performance improvements, adds
status events to help users diagnose bootstrap problems, adds optional
authentication/authorization for hidden services, fixes a variety of
potential anonymity problems, and includes a huge pile of other features
and bug fixes.

Tor 0.2.1.19 fixes a major bug with accessing and providing hidden
services.
2009-08-18 05:48:08 +00:00
wiz
124c14e18b Bump PKGREVISION for libevent ABI bump. 2009-08-16 15:35:43 +00:00
obache
9ccdc96217 Update tor to 0.2.0.35.
maintainer update request via PR 41688.

Changes in version 0.2.0.35 - 2009-06-24
  o Security fix:
    - Avoid crashing in the presence of certain malformed descriptors.
      Found by lark, and by automated fuzzing.
    - Fix an edge case where a malicious exit relay could convince a
      controller that the client's DNS question resolves to an internal IP
      address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.

  o Major bugfixes:
    - Finally fix the bug where dynamic-IP relays disappear when their
      IP address changes: directory mirrors were mistakenly telling
      them their old address if they asked via begin_dir, so they
      never got an accurate answer about their new address, so they
      just vanished after a day. For belt-and-suspenders, relays that
      don't set Address in their config now avoid using begin_dir for
      all direct connections. Should fix bugs 827, 883, and 900.
    - Fix a timing-dependent, allocator-dependent, DNS-related crash bug
      that would occur on some exit nodes when DNS failures and timeouts
      occurred in certain patterns. Fix for bug 957.

  o Minor bugfixes:
    - When starting with a cache over a few days old, do not leak
      memory for the obsolete router descriptors in it. Bugfix on
      0.2.0.33; fixes bug 672.
    - Hidden service clients didn't use a cached service descriptor that
      was older than 15 minutes, but wouldn't fetch a new one either,
      because there was already one in the cache. Now, fetch a v2
      descriptor unless the same descriptor was added to the cache within
      the last 15 minutes. Fixes bug 997; reported by Marcus Griep.
2009-07-09 11:52:31 +00:00
joerg
62d1ba2bac Remove @dirrm entries from PLISTs 2009-06-14 18:03:28 +00:00
wiz
58a3420586 Bump PKGREVISION for libevent ABI bump. 2009-02-27 22:53:46 +00:00
obache
9a6d6d4ba5 Update tor to 0.2.0.34.
Patch provided by Christian Sturm and back to maintainer.

Changes in version 0.2.0.34 - 2009-02-08
  o Security fixes:
    - Fix an infinite-loop bug on handling corrupt votes under certain
      circumstances. Bugfix on 0.2.0.8-alpha.
    - Fix a temporary DoS vulnerability that could be performed by
      a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
    - Avoid a potential crash on exit nodes when processing malformed
      input. Remote DoS opportunity. Bugfix on 0.2.0.33.
    - Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
      Spec conformance issue. Bugfix on Tor 0.0.2pre27.

  o Minor bugfixes:
    - Fix compilation on systems where time_t is a 64-bit integer.
      Patch from Matthias Drochner.
    - Don't consider expiring already-closed client connections. Fixes
      bug 893. Bugfix on 0.0.2pre20.
2009-02-15 07:59:02 +00:00
drochner
4a2f3efb95 update to 0.2.0.33
changes:
-Security fix:
 Fix a heap-corruption bug that may be remotely triggerable on
 some platforms.
-many bugfixes
2009-01-22 12:50:57 +00:00
drochner
dc9741a821 make this build with 64-bit time_t
(There are some unclean typecasts in the code, but the cases I've
seen are harmless -- as long as poll intervals, cert lifetimes etc
don't reach into y2037 which would be problematic in any case.)
2009-01-22 12:46:51 +00:00
wiz
f69f1557e4 Reset maintainer on his request. 2008-12-30 09:33:59 +00:00
obache
0fb8300af8 Update tor to 0.2.0.32.
Based on PR 40241 by Taylor R Campbell.
While here, add DESTDIR support.

Changes in version 0.2.0.32 - 2008-11-20
  o Security fixes:
    - The "User" and "Group" config options did not clear the
      supplementary group entries for the Tor process. The "User" option
      is now more robust, and we now set the groups to the specified
      user's primary group. The "Group" option is now ignored. For more
      detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
      in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
      and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857.
    - The "ClientDNSRejectInternalAddresses" config option wasn't being
      consistently obeyed: if an exit relay refuses a stream because its
      exit policy doesn't allow it, we would remember what IP address
      the relay said the destination address resolves to, even if it's
      an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.

  o Major bugfixes:
    - Fix a DOS opportunity during the voting signature collection process
      at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x.

  o Major bugfixes (hidden services):
    - When fetching v0 and v2 rendezvous service descriptors in parallel,
      we were failing the whole hidden service request when the v0
      descriptor fetch fails, even if the v2 fetch is still pending and
      might succeed. Similarly, if the last v2 fetch fails, we were
      failing the whole hidden service request even if a v0 fetch is
      still pending. Fixes bug 814. Bugfix on 0.2.0.10-alpha.
    - When extending a circuit to a hidden service directory to upload a
      rendezvous descriptor using a BEGIN_DIR cell, almost 1/6 of all
      requests failed, because the router descriptor has not been
      downloaded yet. In these cases, do not attempt to upload the
      rendezvous descriptor, but wait until the router descriptor is
      downloaded and retry. Likewise, do not attempt to fetch a rendezvous
      descriptor from a hidden service directory for which the router
      descriptor has not yet been downloaded. Fixes bug 767. Bugfix
      on 0.2.0.10-alpha.

  o Minor bugfixes:
    - Fix several infrequent memory leaks spotted by Coverity.
    - When testing for libevent functions, set the LDFLAGS variable
      correctly. Found by Riastradh.
    - Avoid a bug where the FastFirstHopPK 0 option would keep Tor from
      bootstrapping with tunneled directory connections. Bugfix on
      0.1.2.5-alpha. Fixes bug 797. Found by Erwin Lam.
    - When asked to connect to A.B.exit:80, if we don't know the IP for A
      and we know that server B rejects most-but-not all connections to
      port 80, we would previously reject the connection. Now, we assume
      the user knows what they were asking for. Fixes bug 752. Bugfix
      on 0.0.9rc5. Diagnosed by BarkerJr.
    - If we overrun our per-second write limits a little, count this as
      having used up our write allocation for the second, and choke
      outgoing directory writes. Previously, we had only counted this when
      we had met our limits precisely. Fixes bug 824. Patch from by rovv.
      Bugfix on 0.2.0.x (??).
    - Remove the old v2 directory authority 'lefkada' from the default
      list. It has been gone for many months.
    - Stop doing unaligned memory access that generated bus errors on
      sparc64. Bugfix on 0.2.0.10-alpha. Fixes bug 862.
    - Make USR2 log-level switch take effect immediately. Bugfix on
      0.1.2.8-beta.

  o Minor bugfixes (controller):
    - Make DNS resolved events into "CLOSED", not "FAILED". Bugfix on
      0.1.2.5-alpha. Fix by Robert Hogan. Resolves bug 807.
2008-12-21 11:10:27 +00:00
obache
97bf58f7f7 Broken INSTALL script was removed.
No need to remove superfluous directory now.
2008-12-21 11:01:59 +00:00
obache
6d54586480 Re-remove redundant and broken INSTALL script.
It was removed as part of fix PR 37195,
but re-added when merged new version from pkgsrc-wip.
2008-12-21 10:41:52 +00:00
wiz
d150578c8e PKGREVISION bump for libevent shlib name change. 2008-10-16 21:52:16 +00:00
wiz
302984f167 Update to 0.2.0.31:
Changes in version 0.2.0.31 - 2008-09-03
  o Major bugfixes:
    - Make sure that two circuits can never exist on the same connection
      with the same circuit ID, even if one is marked for close. This
      is conceivably a bugfix for bug 779. Bugfix on 0.1.0.4-rc.
    - Relays now reject risky extend cells: if the extend cell includes
      a digest of all zeroes, or asks to extend back to the relay that
      sent the extend cell, tear down the circuit. Ideas suggested
      by rovv.
    - If not enough of our entry guards are available so we add a new
      one, we might use the new one even if it overlapped with the
      current circuit's exit relay (or its family). Anonymity bugfix
      pointed out by rovv.

  o Minor bugfixes:
    - Recover 3-7 bytes that were wasted per memory chunk. Fixes bug
      794; bug spotted by rovv. Bugfix on 0.2.0.1-alpha.
    - Correctly detect the presence of the linux/netfilter_ipv4.h header
      when building against recent kernels. Bugfix on 0.1.2.1-alpha.
    - Pick size of default geoip filename string correctly on windows.
      Fixes bug 806. Bugfix on 0.2.0.30.
    - Make the autoconf script accept the obsolete --with-ssl-dir
      option as an alias for the actually-working --with-openssl-dir
      option. Fix the help documentation to recommend --with-openssl-dir.
      Based on a patch by "Dave". Bugfix on 0.2.0.1-alpha.
    - Disallow session resumption attempts during the renegotiation
      stage of the v2 handshake protocol. Clients should never be trying
      session resumption at this point, but apparently some did, in
      ways that caused the handshake to fail. Bug found by Geoff Goodell.
      Bugfix on 0.2.0.20-rc.
    - When using the TransPort option on OpenBSD, and using the User
      option to change UID and drop privileges, make sure to open
      /dev/pf before dropping privileges. Fixes bug 782. Patch from
      Christopher Davis. Bugfix on 0.1.2.1-alpha.
    - Try to attach connections immediately upon receiving a RENDEZVOUS2
      or RENDEZVOUS_ESTABLISHED cell. This can save a second or two
      on the client side when connecting to a hidden service. Bugfix
      on 0.0.6pre1. Found and fixed by Christian Wilms; resolves bug 743.
    - When closing an application-side connection because its circuit is
      getting torn down, generate the stream event correctly. Bugfix on
      0.1.2.x. Anonymous patch.
2008-09-08 19:28:28 +00:00
wiz
6d32cfc00d Bump PKGREVISION for libevent users due to 1.4.3->1.4.5 shlib name change. 2008-09-06 21:39:52 +00:00
wiz
43743eda4d New file for tor-0.2.0.30. 2008-08-01 17:23:46 +00:00
wiz
fb585ec21a Update to current stable version, tor-0.2.0.30, based on wip/tor.
Thanks to athaba, netcap, and tvierling.

Changes in version 0.2.0.30 - 2008-07-15
  This new stable release switches to a more efficient directory
  distribution design, adds features to make connections to the Tor
  network harder to block, allows Tor to act as a DNS proxy, adds separate
  rate limiting for relayed traffic to make it easier for clients to
  become relays, fix a variety of potential anonymity problems, and
  includes the usual huge pile of other features and bug fixes.
2008-08-01 17:23:21 +00:00
tnn
a18f03ef3a revbumps due to libevent update. 2008-04-22 18:06:09 +00:00
obache
0355cf21fd Adjust patch-ae to same as previous revision.
Should fix PR 38046.
2008-02-19 13:48:12 +00:00
obache
b3c1ef4733 Pass --with-libevent-dir unconditionally, since BUILDLINK_PREFIX.libevent is
unusable here yet.
2008-02-19 13:45:18 +00:00
jschauma
ba4165bc9c Update to 0.1.2.19:
Tor 0.1.2.19 fixes a huge memory leak on exit relays, makes the default
exit policy a little bit more conservative so it's safer to run an exit
relay on a home system, and fixes a variety of smaller issues.

https://www.torproject.org/download.html

Changes in version 0.1.2.19 - 2008-01-17
  o Security fixes:
    - Exit policies now reject connections that are addressed to a
      relay's public (external) IP address too, unless
      ExitPolicyRejectPrivate is turned off. We do this because too
      many relays are running nearby to services that trust them based
      on network address.

  o Major bugfixes:
    - When the clock jumps forward a lot, do not allow the bandwidth
      buckets to become negative. Fixes bug 544.
    - Fix a memory leak on exit relays; we were leaking a cached_resolve_t
      on every successful resolve. Reported by Mike Perry.
    - Purge old entries from the "rephist" database and the hidden
      service descriptor database even when DirPort is zero.
    - Stop thinking that 0.1.2.x directory servers can handle "begin_dir"
      requests. Should ease bugs 406 and 419 where 0.1.2.x relays are
      crashing or mis-answering these requests.
    - When we decide to send a 503 response to a request for servers, do
      not then also send the server descriptors: this defeats the whole
      purpose. Fixes bug 539.

  o Minor bugfixes:
    - Changing the ExitPolicyRejectPrivate setting should cause us to
      rebuild our server descriptor.
    - Fix handling of hex nicknames when answering controller requests for
      networkstatus by name, or when deciding whether to warn about
      unknown routers in a config option. (Patch from mwenge.)
    - Fix a couple of hard-to-trigger autoconf problems that could result
      in really weird results on platforms whose sys/types.h files define
      nonstandard integer types.
    - Don't try to create the datadir when running --verify-config or
      --hash-password. Resolves bug 540.
    - If we were having problems getting a particular descriptor from the
      directory caches, and then we learned about a new descriptor for
      that router, we weren't resetting our failure count. Reported
      by lodger.
    - Although we fixed bug 539 (where servers would send HTTP status 503
      responses _and_ send a body too), there are still servers out there
      that haven't upgraded. Therefore, make clients parse such bodies
      when they receive them.
    - Run correctly on systems where rlim_t is larger than unsigned long.
      This includes some 64-bit systems.
    - Run correctly on platforms (like some versions of OS X 10.5) where
      the real limit for number of open files is OPEN_FILES, not rlim_max
      from getrlimit(RLIMIT_NOFILES).
    - Avoid a spurious free on base64 failure.
    - Avoid segfaults on certain complex invocations of
      router_get_by_hexdigest().
    - Fix rare bug on REDIRECTSTREAM control command when called with no
      port set: it could erroneously report an error when none had
      happened.
2008-01-20 20:11:09 +00:00
tnn
ad6ceadd25 Per the process outlined in revbump(1), perform a recursive revbump
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
2008-01-18 05:06:18 +00:00
jschauma
874e70d459 correct suggested link on how to torify your browsers 2008-01-06 19:56:54 +00:00
jschauma
e86115e28b new homepage and dist site is http://www.torproject.org/ 2008-01-06 19:44:23 +00:00
rillig
155ab1210c + CVS Id 2007-12-16 21:51:54 +00:00
bjs
52b7990643 Update to version 0.1.2.18. Changes since the last release:
o Major bugfixes (crashes):
    - If a connection is shut down abruptly because of something that
      happened inside connection_flushed_some(), do not call
      connection_finished_flushing(). Should fix bug 451:
      "connection_stop_writing: Assertion conn->write_event failed"
      Bugfix on 0.1.2.7-alpha.
    - Fix possible segfaults in functions called from
      rend_process_relay_cell().

  o Major bugfixes (hidden services):
    - Hidden services were choosing introduction points uniquely by
      hexdigest, but when constructing the hidden service descriptor
      they merely wrote the (potentially ambiguous) nickname.
    - Clients now use the v2 intro format for hidden service
      connections: they specify their chosen rendezvous point by identity
      digest rather than by (potentially ambiguous) nickname. These
      changes could speed up hidden service connections dramatically.

  o Major bugfixes (other):
    - Stop publishing a new server descriptor just because we get a
      HUP signal. This led (in a roundabout way) to some servers getting
      dropped from the networkstatus lists for a few hours each day.
    - When looking for a circuit to cannibalize, consider family as well
      as identity. Fixes bug 438. Bugfix on 0.1.0.x (which introduced
      circuit cannibalization).
    - When a router wasn't listed in a new networkstatus, we were leaving
      the flags for that router alone -- meaning it remained Named,
      Running, etc -- even though absence from the networkstatus means
      that it shouldn't be considered to exist at all anymore. Now we
      clear all the flags for routers that fall out of the networkstatus
      consensus. Fixes bug 529.

  o Minor bugfixes:
    - Don't try to access (or alter) the state file when running
      --list-fingerprint or --verify-config or --hash-password. Resolves
      bug 499.
    - When generating information telling us how to extend to a given
      router, do not try to include the nickname if it is
      absent. Resolves bug 467.
    - Fix a user-triggerable segfault in expand_filename(). (There isn't
      a way to trigger this remotely.)
    - When sending a status event to the controller telling it that an
      OR address is readable, set the port correctly. (Previously we
      were reporting the dir port.)
    - Fix a minor memory leak whenever a controller sends the PROTOCOLINFO
      command. Bugfix on 0.1.2.17.
    - When loading bandwidth history, do not believe any information in
      the future. Fixes bug 434.
    - When loading entry guard information, do not believe any information
      in the future.
    - When we have our clock set far in the future and generate an
      onion key, then re-set our clock to be correct, we should not stop
      the onion key from getting rotated.
    - On some platforms, accept() can return a broken address. Detect
      this more quietly, and deal accordingly. Fixes bug 483.
    - It's not actually an error to find a non-pending entry in the DNS
      cache when canceling a pending resolve. Don't log unless stuff
      is fishy. Resolves bug 463.
    - Don't reset trusted dir server list when we set a configuration
      option. Patch from Robert Hogan.
2007-11-16 05:30:13 +00:00
obache
687e42d44f Change to pass PKG_SYSCONFDIR to configure, fixes PR 37195.
While here, change user/group and directory handling to the usual manner.

Bump PKGREVISION.
2007-10-25 14:58:29 +00:00
obache
c77ad8c6e8 Update tor to 0.1.2.17.
Changes in version 0.1.2.17 - 2007-08-30
  o Major bugfixes (security):
    - We removed support for the old (v0) control protocol. It has been
      deprecated since Tor 0.1.1.1-alpha, and keeping it secure has
      become more of a headache than it's worth.

  o Major bugfixes (load balancing):
    - When choosing nodes for non-guard positions, weight guards
      proportionally less, since they already have enough load. Patch
      from Mike Perry.
    - Raise the "max believable bandwidth" from 1.5MB/s to 10MB/s. This
      will allow fast Tor servers to get more attention.
    - When we're upgrading from an old Tor version, forget our current
      guards and pick new ones according to the new weightings. These
      three load balancing patches could raise effective network capacity
      by a factor of four. Thanks to Mike Perry for measurements.

  o Major bugfixes (stream expiration):
    - Expire not-yet-successful application streams in all cases if
      they've been around longer than SocksTimeout. Right now there are
      some cases where the stream will live forever, demanding a new
      circuit every 15 seconds. Fixes bug 454; reported by lodger.

  o Minor features (controller):
    - Add a PROTOCOLINFO controller command. Like AUTHENTICATE, it
      is valid before any authentication has been received. It tells
      a controller what kind of authentication is expected, and what
      protocol is spoken. Implements proposal 119.

  o Minor bugfixes (performance):
    - Save on most routerlist_assert_ok() calls in routerlist.c, thus
      greatly speeding up loading cached-routers from disk on startup.
    - Disable sentinel-based debugging for buffer code: we squashed all
      the bugs that this was supposed to detect a long time ago, and now
      its only effect is to change our buffer sizes from nice powers of
      two (which platform mallocs tend to like) to values slightly over
      powers of two (which make some platform mallocs sad).

  o Minor bugfixes (misc):
    - If exit bandwidth ever exceeds one third of total bandwidth, then
      use the correct formula to weight exit nodes when choosing paths.
      Based on patch from Mike Perry.
    - Choose perfectly fairly among routers when choosing by bandwidth and
      weighting by fraction of bandwidth provided by exits. Previously, we
      would choose with only approximate fairness, and correct ourselves
      if we ran off the end of the list.
    - If we require CookieAuthentication but we fail to write the
      cookie file, we would warn but not exit, and end up in a state
      where no controller could authenticate. Now we exit.
    - If we require CookieAuthentication, stop generating a new cookie
      every time we change any piece of our config.
    - Refuse to start with certain directory authority keys, and
      encourage people using them to stop.
    - Terminate multi-line control events properly. Original patch
      from tup.
    - Fix a minor memory leak when we fail to find enough suitable
      servers to choose a circuit.
    - Stop leaking part of the descriptor when we run into a particularly
      unparseable piece of it.
2007-09-11 15:53:57 +00:00
obache
7775df7a31 Use standard rc script handler, instead of custom.
Fixes PR 36965.
2007-09-11 15:26:14 +00:00
tnn
38c78edf17 Revbump sweep of all libevent consumers due to update to libevent-1.3d. 2007-08-16 09:27:03 +00:00