./net/tor, Anonymizing overlay network for TCP

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2008Q4, Version: 0.2.0.34, Package name: tor-0.2.0.34, Maintainer: athaba

The simple version: Tor provides a distributed network of servers ("onion
routers"). Users bounce their TCP streams (web traffic, FTP, SSH, etc.) around
the routers. This makes it hard for recipients, observers, and even the onion
routers themselves to track the source of the stream.

The complex version: Onion Routing is a connection-oriented anonymizing
communication service. Users choose a source-routed path through a set of
nodes, and negotiate a "virtual circuit" through the network, in which each
node knows its predecessor and successor, but no others. Traffic flowing down
the circuit is unwrapped by a symmetric key at each node, which reveals the
downstream node.


Required to run:
[devel/libevent]


Package options: threads

Master sites:

SHA1: 6797b85cf4bd44a3a1c3ff1ccb9c46b55f9391f9
RMD160: a7a1a78b32072524472c6b2973117689aab4823b
Filesize: 2119.991 KB

Version history: (Expand)


CVS history: (Expand)


   2009-02-15 12:45:00 by Matthias Scheler | Files touched by this commit (3) | Package updated
Log message:
Pullup ticket #2699 - requested by obache
tor: security update

Revisions pulled up:
- net/tor/Makefile				1.62
- net/tor/distinfo				1.34
- net/tor/patches/patch-ac			delete
---
Module Name:	pkgsrc
Committed By:	obache
Date:		Sun Feb 15 07:59:02 UTC 2009

Modified Files:
	pkgsrc/net/tor: Makefile distinfo
Removed Files:
	pkgsrc/net/tor/patches: patch-ac

Log message:
Update tor to 0.2.0.34.
Patch provided by Christian Sturm and back to maintainer.

Changes in version 0.2.0.34 - 2009-02-08
  o Security fixes:
    - Fix an infinite-loop bug on handling corrupt votes under certain
      circumstances. Bugfix on 0.2.0.8-alpha.
    - Fix a temporary DoS vulnerability that could be performed by
      a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
    - Avoid a potential crash on exit nodes when processing malformed
      input. Remote DoS opportunity. Bugfix on 0.2.0.33.
    - Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
      Spec conformance issue. Bugfix on Tor 0.0.2pre27.

  o Minor bugfixes:
    - Fix compilation on systems where time_t is a 64-bit integer.
      Patch from Matthias Drochner.
    - Don't consider expiring already-closed client connections. Fixes
      bug 893. Bugfix on 0.0.2pre20.
   2009-01-27 14:14:37 by Matthias Scheler | Files touched by this commit (3) | Package updated
Log message:
Pullup ticket #2656 - requested by drochner
tor: security update

Revisions pulled up:
- net/tor/Makefile		1.61
- net/tor/distinfo		1.32-1.33
- net/tor/patches/patch-ac	1.6
---
Module Name:    pkgsrc
Committed By:   drochner
Date:           Thu Jan 22 12:46:51 UTC 2009

Modified Files:
        pkgsrc/net/tor: distinfo
Added Files:
        pkgsrc/net/tor/patches: patch-ac

Log message:
make this build with 64-bit time_t
(There are some unclean typecasts in the code, but the cases I've
seen are harmless -- as long as poll intervals, cert lifetimes etc
don't reach into y2037 which would be problematic in any case.)
---
Module Name:    pkgsrc
Committed By:   drochner
Date:           Thu Jan 22 12:50:57 UTC 2009

Modified Files:
        pkgsrc/net/tor: Makefile distinfo

Log message:
update to 0.2.0.33
changes:
-Security fix:
 Fix a heap-corruption bug that may be remotely triggerable on
 some platforms.
-many bugfixes