./net/tor, Anonymizing overlay network for TCP

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.3.2.9, Package name: tor-0.3.2.9, Maintainer: reezer

The simple version: Tor provides a distributed network of servers ("onion
routers"). Users bounce their TCP streams (web traffic, FTP, SSH, etc.) around
the routers. This makes it hard for recipients, observers, and even the onion
routers themselves to track the source of the stream.

The complex version: Onion Routing is a connection-oriented anonymizing
communication service. Users choose a source-routed path through a set of
nodes, and negotiate a "virtual circuit" through the network, in which each
node knows its predecessor and successor, but no others. Traffic flowing down
the circuit is unwrapped by a symmetric key at each node, which reveals the
downstream node.


Required to build:
[textproc/asciidoc] [pkgtools/cwrappers]

Package options: doc

Master sites:

SHA1: 62c7d15b04c63c19453af7b2c39d638cb49b652e
RMD160: e2276ac6f01b7165c63ff11892b4fe3a378548c5
Filesize: 6103.947 KB

Version history: (Expand)


CVS history: (Expand)


   2018-01-09 16:13:25 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor: update to 0.3.2.9.

  Tor 0.3.2.9 is the first stable release in the 0.3.2 series.

  The 0.3.2 series includes our long-anticipated new onion service
  design, with numerous security features. (For more information, see
  our blog post at https://blog.torproject.org/fall-harvest.) We also
  have a new circuit scheduler algorithm for improved performance on
  relays everywhere (see https://blog.torproject.org/kist-and-tell),
  along with many smaller features and bugfixes.
   2017-12-02 13:22:14 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor: update to 0.3.1.9.

Changes in version 0.3.1.9 - 2017-12-01:
  Tor 0.3.1.9 backports important security and stability fixes from the
  0.3.2 development series. All Tor users should upgrade to this
  release, or to another of the releases coming out today.

  o Major bugfixes (security, backport from 0.3.2.6-alpha):
    - Fix a denial of service bug where an attacker could use a
      malformed directory object to cause a Tor instance to pause while
      OpenSSL would try to read a passphrase from the terminal. (Tor
      instances run without a terminal, which is the case for most Tor
      packages, are not impacted.) Fixes bug 24246; bugfix on every
      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
      Found by OSS-Fuzz as testcase 6360145429790720.
    - Fix a denial of service issue where an attacker could crash a
      directory authority using a malformed router descriptor. Fixes bug
      24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
      and CVE-2017-8820.
    - When checking for replays in the INTRODUCE1 cell data for a
      (legacy) onion service, correctly detect replays in the RSA-
      encrypted part of the cell. We were previously checking for
      replays on the entire cell, but those can be circumvented due to
      the malleability of Tor's legacy hybrid encryption. This fix helps
      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
      and CVE-2017-8819.

  o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
    - Fix a use-after-free error that could crash v2 Tor onion services
      when they failed to open circuits while expiring introduction
      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
      also tracked as TROVE-2017-013 and CVE-2017-8823.

  o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
    - When running as a relay, make sure that we never build a path
      through ourselves, even in the case where we have somehow lost the
      version of our descriptor appearing in the consensus. Fixes part
      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
      as TROVE-2017-012 and CVE-2017-8822.
    - When running as a relay, make sure that we never choose ourselves
      as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
      issue is also tracked as TROVE-2017-012 and CVE-2017-8822.

  o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
    - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
      making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
      0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
      identifying and finding a workaround to this bug and to Moritz,
      Arthur Edelstein, and Roger for helping to track it down and
      analyze it.

  o Minor features (bridge):
    - Bridges now include notice in their descriptors that they are
      bridges, and notice of their distribution status, based on their
      publication settings. Implements ticket 18329. For more fine-
      grained control of how a bridge is distributed, upgrade to 0.3.2.x
      or later.

  o Minor features (directory authority, backport from 0.3.2.6-alpha):
    - Add an IPv6 address for the "bastet" directory authority. Closes
      ticket 24394.

  o Minor features (geoip):
    - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
    - Avoid unnecessary calls to directory_fetches_from_authorities() on
      relays, to prevent spurious address resolutions and descriptor
      rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
      bugfix on in 0.2.8.1-alpha.

  o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
    - Fix unused variable warnings in donna's Curve25519 SSE2 code.
      Fixes bug 22895; bugfix on 0.2.7.2-alpha.

  o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
    - When a circuit is marked for close, do not attempt to package any
      cells for channels on that circuit. Previously, we would detect
      this condition lower in the call stack, when we noticed that the
      circuit had no attached channel, and log an annoying message.
      Fixes bug 8185; bugfix on 0.2.5.4-alpha.

  o Minor bugfixes (onion service, backport from 0.3.2.5-alpha):
    - Rename the consensus parameter "hsdir-interval" to \ 
"hsdir_interval"
      so it matches dir-spec.txt. Fixes bug 24262; bugfix
      on 0.3.1.1-alpha.

  o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
    - Avoid a crash when transitioning from client mode to bridge mode.
      Previously, we would launch the worker threads whenever our
      "public server" mode changed, but not when our \ 
"server" mode
      changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
   2017-10-27 14:56:59 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
tor: updated to 0.3.1.8

Changes in version 0.3.1.8:
  Tor 0.3.1.7 is the second stable release in the 0.3.1 series.
  It includes several bugfixes, including a bugfix for a crash issue
  that had affected relays under memory pressure. It also adds
  a new directory authority, Bastet.

  o Directory authority changes:
    - Add "Bastet" as a ninth directory authority to the default list.
    - The directory authority "Longclaw" has changed its IP address.

  o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
    - Fix a timing-based assertion failure that could occur when the
      circuit out-of-memory handler freed a connection's output buffer.

  o Minor features (directory authorities, backport from 0.3.2.2-alpha):
    - Remove longclaw's IPv6 address, as it will soon change. Authority
      IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
      3/8 directory authorities with IPv6 addresses, but there are also
      52 fallback directory mirrors with IPv6 addresses.

  o Minor features (geoip):
    - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (compilation, backport from 0.3.2.2-alpha):
    - Fix a compilation warning when building with zstd support on
      32-bit platforms.

  o Minor bugfixes (compression, backport from 0.3.2.2-alpha):
    - Handle a pathological case when decompressing Zstandard data when
      the output buffer size is zero.

  o Minor bugfixes (directory authority, backport from 0.3.2.1-alpha):
    - Remove the length limit on HTTP status lines that authorities can
      send in their replies.

  o Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha):
    - Avoid a possible double close of a circuit by the intro point on
      error of sending the INTRO_ESTABLISHED cell.

  o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
    - Clear the address when node_get_prim_orport() returns early.

  o Minor bugfixes (unit tests, backport from 0.3.2.2-alpha):
    - Fix additional channelpadding unit test failures by using mocked
      time instead of actual time for all tests.
   2017-09-19 16:13:22 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor: update to 0.3.0.11.

Changes in version 0.3.0.11 - 2017-09-18
  Tor 0.3.0.11 backports a collection of bugfixes from Tor the 0.3.1
  series.

  Most significantly, it includes a fix for TROVE-2017-008, a
  security bug that affects hidden services running with the
  SafeLogging option disabled. For more information, see
  https://trac.torproject.org/projects/tor/ticket/23490

  o Minor features (code style, backport from 0.3.1.7):
    - Add "Falls through" comments to our codebase, in order to silence
      GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
      Stieger. Closes ticket 22446.

  o Minor features:
    - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (compilation, backport from 0.3.1.7):
    - Avoid compiler warnings in the unit tests for calling tor_sscanf()
      with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.

  o Minor bugfixes (controller, backport from 0.3.1.7):
    - Do not crash when receiving a HSPOST command with an empty body.
      Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
    - Do not crash when receiving a POSTDESCRIPTOR command with an empty
      body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.

  o Minor bugfixes (file limits, osx, backport from 0.3.1.5-alpha):
    - When setting the maximum number of connections allowed by the OS,
      always allow some extra file descriptors for other files. Fixes
      bug 22797; bugfix on 0.2.0.10-alpha.

  o Minor bugfixes (logging, relay, backport from 0.3.1.6-rc):
    - Remove a forgotten debugging message when an introduction point
      successfully establishes a hidden service prop224 circuit with
      a client.
    - Change three other log_warn() for an introduction point to
      protocol warnings, because they can be failure from the network
      and are not relevant to the operator. Fixes bug 23078; bugfix on
      0.3.0.1-alpha and 0.3.0.2-alpha.
   2017-08-15 21:22:44 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated tor to 0.3.0.10.

Changes in version 0.3.0.10 - 2017-08-02
   Tor 0.3.0.10 backports a collection of small-to-medium bugfixes
   from the current Tor alpha series. OpenBSD users and TPROXY users
   should upgrade; others are probably okay sticking with 0.3.0.9.

  o Major features (build system, continuous integration, backport from \ 
0.3.1.5-alpha):
    - Tor's repository now includes a Travis Continuous Integration (CI)
      configuration file (.travis.yml). This is meant to help new
      developers and contributors who fork Tor to a Github repository be
      better able to test their changes, and understand what we expect
      to pass. To use this new build feature, you must fork Tor to your
      Github account, then go into the "Integrations" menu in the
      repository settings for your fork and enable Travis, then push
      your changes. Closes ticket 22636.

  o Major bugfixes (linux TPROXY support, backport from 0.3.1.1-alpha):
    - Fix a typo that had prevented TPROXY-based transparent proxying
      from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha.
      Patch from "d4fq0fQAgoJ".

  o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
    - Avoid an assertion failure bug affecting our implementation of
      inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
      handling of "0xfoo" differs from what we had expected. Fixes bug
      22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.

  o Minor features (backport from 0.3.1.5-alpha):
    - Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (bandwidth accounting, backport from 0.3.1.2-alpha):
    - Roll over monthly accounting at the configured hour and minute,
      rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1.
      Found by Andrey Karpov with PVS-Studio.

  o Minor bugfixes (compilation warnings, backport from 0.3.1.5-alpha):
    - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915;
      bugfix on 0.2.8.1-alpha.
    - Fix warnings when building with libscrypt and openssl scrypt
      support on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
    - When building with certain versions of the mingw C header files,
      avoid float-conversion warnings when calling the C functions
      isfinite(), isnan(), and signbit(). Fixes bug 22801; bugfix
      on 0.2.8.1-alpha.

  o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
    - Backport a fix for an "unused variable" warning that appeared
      in some versions of mingw. Fixes bug 22838; bugfix on
      0.2.8.1-alpha.

  o Minor bugfixes (coverity build support, backport from 0.3.1.5-alpha):
    - Avoid Coverity build warnings related to our BUG() macro. By
      default, Coverity treats BUG() as the Linux kernel does: an
      instant abort(). We need to override that so our BUG() macro
      doesn't prevent Coverity from analyzing functions that use it.
      Fixes bug 23030; bugfix on 0.2.9.1-alpha.

  o Minor bugfixes (directory authority, backport from 0.3.1.1-alpha):
    - When rejecting a router descriptor for running an obsolete version
      of Tor without ntor support, warn about the obsolete tor version,
      not the missing ntor key. Fixes bug 20270; bugfix on 0.2.9.3-alpha.

  o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.5-alpha):
    - Avoid a sandbox failure when trying to re-bind to a socket and
      mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.

  o Minor bugfixes (unit tests, backport from 0.3.1.5-alpha)
    - Fix a memory leak in the link-handshake/certs_ok_ed25519 test.
      Fixes bug 22803; bugfix on 0.3.0.1-alpha.
   2017-07-04 00:20:37 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated tor to 0.3.0.9.

Changes in version 0.3.0.9 - 2017-06-29
  Tor 0.3.0.9 fixes a path selection bug that would allow a client
  to use a guard that was in the same network family as a chosen exit
  relay. This is a security regression; all clients running earlier
  versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or
  0.3.1.4-alpha.

  This release also backports several other bugfixes from the 0.3.1.x
  series.

  o Major bugfixes (path selection, security, backport from 0.3.1.4-alpha):
    - When choosing which guard to use for a circuit, avoid the exit's
      family along with the exit itself. Previously, the new guard
      selection logic avoided the exit, but did not consider its family.
      Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2016-
      006 and CVE-2017-0377.

  o Major bugfixes (entry guards, backport from 0.3.1.1-alpha):
    - Don't block bootstrapping when a primary bridge is offline and we
      can't get its descriptor. Fixes bug 22325; fixes one case of bug
      21969; bugfix on 0.3.0.3-alpha.

  o Major bugfixes (entry guards, backport from 0.3.1.4-alpha):
    - When starting with an old consensus, do not add new entry guards
      unless the consensus is "reasonably live" (under 1 day old). Fixes
      one root cause of bug 22400; bugfix on 0.3.0.1-alpha.

  o Minor features (geoip):
    - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (voting consistency, backport from 0.3.1.1-alpha):
    - Reject version numbers with non-numeric prefixes (such as +, -, or
      whitespace). Disallowing whitespace prevents differential version
      parsing between POSIX-based and Windows platforms. Fixes bug 21507
      and part of 21508; bugfix on 0.0.8pre1.

  o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.4-alpha):
    - Permit the fchmod system call, to avoid crashing on startup when
      starting with the seccomp2 sandbox and an unexpected set of
      permissions on the data directory or its contents. Fixes bug
      22516; bugfix on 0.2.5.4-alpha.

  o Minor bugfixes (defensive programming, backport from 0.3.1.4-alpha):
    - Fix a memset() off the end of an array when packing cells. This
      bug should be harmless in practice, since the corrupted bytes are
      still in the same structure, and are always padding bytes,
      ignored, or immediately overwritten, depending on compiler
      behavior. Nevertheless, because the memset()'s purpose is to make
      sure that any other cell-handling bugs can't expose bytes to the
      network, we need to fix it. Fixes bug 22737; bugfix on
      0.2.4.11-alpha. Fixes CID 1401591.
   2017-06-14 18:16:04 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated tor to 0.3.0.8.

Changes in version 0.3.0.8 - 2017-06-08
  Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to
  remotely crash a hidden service with an assertion failure. Anyone
  running a hidden service should upgrade to this version, or to some
  other version with fixes for TROVE-2017-004 and TROVE-2017-005.

  Tor 0.3.0.8 also includes fixes for several key management bugs
  that sometimes made relays unreliable, as well as several other
  bugfixes described below.

  o Major bugfixes (hidden service, relay, security, backport
    from 0.3.1.3-alpha):
    - Fix a remotely triggerable assertion failure when a hidden service
      handles a malformed BEGIN cell. Fixes bug 22493, tracked as
      TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
    - Fix a remotely triggerable assertion failure caused by receiving a
      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
      on 0.2.2.1-alpha.

  o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
    - When performing the v3 link handshake on a TLS connection, report
      that we have the x509 certificate that we actually used on that
      connection, even if we have changed certificates since that
      connection was first opened. Previously, we would claim to have
      used our most recent x509 link certificate, which would sometimes
      make the link handshake fail. Fixes one case of bug 22460; bugfix
      on 0.2.3.6-alpha.

  o Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
    - Regenerate link and authentication certificates whenever the key
      that signs them changes; also, regenerate link certificates
      whenever the signed key changes. Previously, these processes were
      only weakly coupled, and we relays could (for minutes to hours)
      wind up with an inconsistent set of keys and certificates, which
      other relays would not accept. Fixes two cases of bug 22460;
      bugfix on 0.3.0.1-alpha.
    - When sending an Ed25519 signing->link certificate in a CERTS cell,
      send the certificate that matches the x509 certificate that we
      used on the TLS connection. Previously, there was a race condition
      if the TLS context rotated after we began the TLS handshake but
      before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
      on 0.3.0.1-alpha.

  o Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
    - Stop rejecting v3 hidden service descriptors because their size
      did not match an old padding rule. Fixes bug 22447; bugfix on
      tor-0.3.0.1-alpha.

  o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
    - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
      December 2016 (of which ~126 were still functional) with a list of
      151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
      2017. Resolves ticket 21564.

  o Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
    - Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes
      bug 22252; bugfix on 0.2.9.3-alpha.

  o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

  o Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
    - Lower the lifetime of the RSA->Ed25519 cross-certificate to six
      months, and regenerate it when it is within one month of expiring.
      Previously, we had generated this certificate at startup with a
      ten-year lifetime, but that could lead to weird behavior when Tor
      was started with a grossly inaccurate clock. Mitigates bug 22466;
      mitigation on 0.3.0.1-alpha.

  o Minor bugfixes (memory leak, directory authority, backport from
    0.3.1.2-alpha):
    - When directory authorities reject a router descriptor due to
      keypinning, free the router descriptor rather than leaking the
      memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
   2017-05-17 09:13:37 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
Changes in version 0.3.0.7 - 2017-05-15
  Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions
  of Tor 0.3.0.x, where an attacker could cause a Tor relay process to
  exit. Relays running earlier versions of Tor 0.3.0.x should upgrade;
  clients are not affected.

  o Major bugfixes (hidden service directory, security):
    - Fix an assertion failure in the hidden service directory code,
      which could be used by an attacker to remotely cause a Tor relay
      process to exit. Relays running earlier versions of Tor 0.3.0.x
      should upgrade. This security issue is tracked as TROVE-2017-002.
      Fixes bug 22246; bugfix on 0.3.0.1-alpha.

  o Minor features:
    - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
      Country database.

  o Minor features (future-proofing):
    - Tor no longer refuses to download microdescriptors or descriptors
      if they are listed as "published in the future". This change will
      eventually allow us to stop listing meaningful "published" dates
      in microdescriptor consensuses, and thereby allow us to reduce the
      resources required to download consensus diffs by over 50%.
      Implements part of ticket 21642; implements part of proposal 275.

  o Minor bugfixes (Linux seccomp2 sandbox):
    - The getpid() system call is now permitted under the Linux seccomp2
      sandbox, to avoid crashing with versions of OpenSSL (and other
      libraries) that attempt to learn the process's PID by using the
      syscall rather than the VDSO code. Fixes bug 21943; bugfix
      on 0.2.5.1-alpha.