Commit Graph

65 Commits

Author SHA1 Message Date
espie
eae66e4a7b PERMIT_* / REGRESS->TEST sweep 2013-03-11 11:35:43 +00:00
pascal
12a2d09d56 Update to new major release, Tor 0.2.3.25.
Tor 0.2.3.25, the first stable release in the 0.2.3 branch, features
significantly reduced directory overhead (via microdescriptors),
enormous crypto performance improvements for fast relays on new
enough hardware, a new v3 TLS handshake protocol that can better
resist fingerprinting, support for protocol obfuscation plugins (aka
pluggable transports), better scalability for hidden services, IPv6
support for bridges, performance improvements like allowing clients
to skip the first round-trip on the circuit ("optimistic data") and
refilling token buckets more often, a new "stream isolation" design
to isolate different applications on different circuits, and many
stability, security, and privacy fixes.

Also kill unneeded pthread patch.

Tested by dhill & dcoppa@.

ok dcoppa@
2012-11-22 18:37:32 +00:00
pascal
e0085ac361 Update to tor 0.2.2.39, reminded by sthen@
Changes in version 0.2.2.39 - 2012-09-11
  Tor 0.2.2.39 fixes two more opportunities for remotely triggerable
  assertions.

  o Security fixes:
    - Fix an assertion failure in tor_timegm() that could be triggered
      by a badly formatted directory object. Bug found by fuzzing with
      Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
    - Do not crash when comparing an address with port value 0 to an
      address policy. This bug could have been used to cause a remote
      assertion failure by or against directory authorities, or to
      allow some applications to crash clients. Fixes bug 6690; bugfix
      on 0.2.1.10-alpha.

No CVEs for these vulnerabilities yet.
2012-09-12 21:09:28 +00:00
pascal
b6ee0c371b SECURITY update to tor 0.2.2.38. From the ChangeLog:
Changes in version 0.2.2.38 - 2012-08-12
  Tor 0.2.2.38 fixes a rare race condition that can crash exit relays;
  fixes a remotely triggerable crash bug; and fixes a timing attack that
  could in theory leak path information.
2012-08-13 16:39:35 +00:00
pascal
45ac429aa4 Security update tor tor 0.2.2.37, fixing a potential DoS.
Full release notes:
https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes

ok sthen@ jasper@
2012-06-13 11:27:16 +00:00
pascal
6c1c40420b Update to tor 0.2.2.36, including SECURITY fixes and various other bugfixes.
- Never use a bridge or a controller-supplied node as an exit, even
  if its exit policy allows it.
- Only build circuits if we have a sufficient threshold of the total
  descriptors that are marked in the consensus with the "Exit"
  flag.
- Provide controllers with a safer way to implement the cookie
  authentication mechanism. With the old method, if another locally
  running program could convince a controller that it was the Tor
  process, then that program could trick the contoller into telling
  it the contents of an arbitrary 32-byte file. The new "SAFECOOKIE"
  authentication method uses a challenge-response approach to prevent
  this attack.

We are not affected by the openssl vulnerability.

Full release notes:
https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes

ok sthen@ jasper@
2012-05-26 11:08:44 +00:00
ajacoutot
689f54b24a --localstatedir=/var is the default now. 2012-04-28 10:52:08 +00:00
sthen
7e0537c75c SECURITY update to tor 0.2.2.35
"Tor 0.2.2.35 fixes a critical heap-overflow security issue in Tor's
  buffers code. Absolutely everybody should upgrade."

More info https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
OK pascal@ (maintainer)
2011-12-16 20:08:50 +00:00
jcs
1642d2f395 security update to 0.2.2.34; from maintainer 2011-10-28 18:13:22 +00:00
sthen
a9040fb667 update to tor 0.2.2.33 from maintainer Pascal Stumpf
- fixes several bugs, and includes a slight tweak to Tor's TLS handshake that
  makes relays and bridges that run this new version reachable from Iran again.
2011-09-17 10:39:26 +00:00
jasper
0e707bc90f zap zap zap
spotted by nigel@
2011-09-08 06:59:15 +00:00
jasper
4ee0250bed - update to 0.2.2.32
from new maintainer pascal stumpf (rui@ timed-out too many times)
additional testing from roberth

ok sthen@
2011-09-07 07:55:41 +00:00
sthen
491c689745 bump for pfioc_natlook changes 2011-03-26 10:01:08 +00:00
ajacoutot
76dd1acdea Bugfix update to tor-0.2.1.30.
* amongst other things, add a tweak to Tor's TLS handshake that makes
relays and bridges that run this new version reachable from Iran.

Add an rc script.

from Pascal Stumpf.
MAINTAINER timeout.
2011-03-11 06:49:55 +00:00
jasper
33d32d6915 SECURITY update of tor 0.2.1.29
Fixes a heap overflow vulnerability.
More information: http://archives.seul.org/or/announce/Jan-2011/msg00000.html

from robert AT @openbsd.pap.st
2011-01-18 19:59:17 +00:00
benoit
808eba112e - update tor to 0.2.1.28
- maintainer timeout

SECURITY update of tor to 0.2.1.28 : CVE-2010-1676
2010-12-26 11:50:59 +00:00
benoit
b72319bec0 - update tor to 0.2.1.27
- maintainer timeout
2010-12-11 11:05:05 +00:00
espie
47ff75aa46 USE_GROFF=Yes 2010-10-18 18:36:45 +00:00
benoit
00b7da21b3 - update tor to 0.2.1.26
ok rui@
2010-06-20 07:57:07 +00:00
benoit
ee40a9f268 - update tor to 0.2.1.25
- update patches

ok rui@
2010-03-25 05:35:35 +00:00
sthen
d51fcc95b5 Update tor to 0.2.1.22; from robert at openbsd dot pap dot st, thanks!
"Some of their directories were compromised and they changed keys:
http://archives.seul.org/or/talk/Jan-2010/msg00161.html"

ok ajacoutot@ jasper@ espie@
2010-01-23 21:00:09 +00:00
benoit
574a30c096 - update tor to 0.2.1.21
ok rui@
2010-01-04 08:07:57 +00:00
benoit
96ac375702 - update tor to 0.2.1.20
- add patches using the new SSL/TLS renegotiation.

ok rui@, ajacoutot@
2009-11-14 10:09:05 +00:00
benoit
a0739f17c4 - update tor to 0.2.1.19
- update patch

ok rui@, ajacoutot@
2009-08-10 21:14:41 +00:00
jasper
28d25ff576 SECURITY UPDATE of tor to 0.2.0.35
for the full announcement, see: http://archives.seul.org/or/announce/Jun-2009/msg00000.html

ok rui@ (MAINTAINER), naddy@
2009-06-30 12:36:44 +00:00
rui
60a51b15fd Security: update tor to 0.2.0.34 which fixes Multiple Vulnerabilities.
Reference: http://secunia.com/advisories/33880/

ok merdely@
2009-02-10 23:10:13 +00:00
rui
d513b3cb62 Security: update tor to 0.2.0.33 which fixes an important security-related bug.
Reference: http://secunia.com/Advisories/33635

I got almost the same diff from merdely@ and robert at openbsd dot pap dot st

ok merdely@
2009-01-24 14:53:57 +00:00
rui
58cc46f7be SECURITY: update tor to 0.2.0.32 which fixes a major security problem
Reference: http://secunia.com/advisories/33025/

ok jasper@
2008-12-16 21:04:06 +00:00
rui
e2aedfbdc7 - update tor to 0.2.0.31.
- addresses two potential anonymity issues.
- starts to fix a bug where in rare cases traffic from one Tor stream gets mixed into another stream.
- fixes a variety of smaller issues.

ok fgsch@
2008-09-19 21:50:59 +00:00
rui
83335cf2ad - maintenance update to 0.1.2.19.
- update my email address while there.
2008-01-19 16:03:21 +00:00
espie
17d70806a3 tweak FAKE_FLAGS semantics to saner defaults. 2008-01-04 17:48:33 +00:00
rui
60e0a7460d update tor to 0.1.2.18. Changelog:
http://archives.seul.org/or/announce/Oct-2007/msg00000.html

ok merdely@
2007-11-04 08:39:20 +00:00
rui
4be3b741a6 update tor to 0.1.2.17, lots of bugfixes. Check the Changelog for more information.
ok jcs@
2007-09-03 22:10:49 +00:00
rui
9ad7bde84e SECURITY: update tor to 0.1.2.16 and fix a Security Bypass.
ok pvalchev@
2007-08-07 23:41:22 +00:00
rui
754e73c63e update tor to 0.1.2.15
- fixes several crash bugs
- fixes some anonymity-related problems
- fixes compilation on BSD
- fixes a variety of other bugs

ok jcs@
2007-07-23 16:34:22 +00:00
rui
f923d4dc18 update tor to 0.1.2.14
ok jcs@
2007-05-26 17:09:05 +00:00
rui
bc0c899ed5 update to tor 0.1.2.13, regen patches while here
ok robert@
2007-05-02 18:20:44 +00:00
espie
9eafbbfb35 base64 checksums. 2007-04-05 16:19:55 +00:00
jcs
c1b8dc3703 update to tor-0.1.1.26; from maintainer 2006-12-17 21:56:50 +00:00
sturm
c277e18755 update to tor 0.1.1.25
from rui reis
2006-11-07 11:51:46 +00:00
pvalchev
0ba0c431bb tor-0.1.1.24; from maintainer Rui Reis 2006-10-06 18:14:20 +00:00
jcs
47ab8f20f7 update to tor-0.1.1.23, from maintainer 2006-09-24 20:34:06 +00:00
ray
e7225ebe13 Create data directory for tor. Also daemonize and log to syslog by
default.

OK maintainer Rui Reis <rui at rui dot cx>
2006-09-20 22:06:36 +00:00
jcs
66ccabd505 update to tor-0.1.1.22, from maintainer
make default config drop privs to _tor user and group
2006-07-17 19:23:03 +00:00
steven
ed345404f7 SECURITY update to tor 0.1.1.20
fixes CVE-2006-0414

for details, see http://secunia.com/advisories/18576/
2006-06-10 08:33:36 +00:00
steven
ff36b84499 update to tor 0.1.0.17
from new maintainer Rui Reis (rui at rui dot cx)
2006-04-03 06:51:47 +00:00
sturm
e91da59a87 bugfix update to tor-0.1.0.16
from maintainer Jon Trembley <jon at brain-box.net>
2006-01-18 22:17:22 +00:00
naddy
3169eb6ee8 now that we have a dynamic libevent, it needs to go into WANTLIB 2005-11-16 23:23:34 +00:00
alek
ca4a05aee2 Update to 0.1.0.15
From Jon Trembley <jon@brain-box.net> (MAINTAINER)
2005-09-30 09:18:10 +00:00
sturm
0d88196840 bump PKGNAME so that 3.7 won't have higher PKGNAMEs than 3.8
suggested by espie@, ok pval@
2005-08-31 19:55:36 +00:00