./net/tor, Anonymizing overlay network for TCP

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2015Q1, Version: 0.2.5.12, Package name: tor-0.2.5.12, Maintainer: athaba

The simple version: Tor provides a distributed network of servers ("onion
routers"). Users bounce their TCP streams (web traffic, FTP, SSH, etc.) around
the routers. This makes it hard for recipients, observers, and even the onion
routers themselves to track the source of the stream.

The complex version: Onion Routing is a connection-oriented anonymizing
communication service. Users choose a source-routed path through a set of
nodes, and negotiate a "virtual circuit" through the network, in which each
node knows its predecessor and successor, but no others. Traffic flowing down
the circuit is unwrapped by a symmetric key at each node, which reveals the
downstream node.


Required to build:
[textproc/asciidoc]

Package options: doc, threads

Master sites:

SHA1: 256e6d77d71420a21a67bba270f43fcf356f8737
RMD160: 8e6ab8660c0c833849ff0aa8bbf44dcf2097e3eb
Filesize: 3233.812 KB

Version history: (Expand)


CVS history: (Expand)


   2015-04-08 22:53:25 by Matthias Scheler | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #4657 - requested by wiz
net/tor: security update

Revisions pulled up:
- net/tor/Makefile                                              1.102
- net/tor/distinfo                                              1.63

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Apr  8 05:26:02 UTC 2015

   Modified Files:
   	pkgsrc/net/tor: Makefile distinfo

   Log message:
   Update to 0.2.5.12,  from Christian Sturm in PR 49823.

   Changes in version 0.2.5.12 - 2015-04-06
     Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that
     could be used by an attacker to crash hidden services, or crash clients
     visiting hidden services. Hidden services should upgrade as soon as
     possible; clients should upgrade whenever packages become available.

     This release also backports a simple improvement to make hidden
     services a bit less vulnerable to denial-of-service attacks.

     o Major bugfixes (security, hidden service):
       - Fix an issue that would allow a malicious client to trigger an
         assertion failure and halt a hidden service. Fixes bug 15600;
         bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
       - Fix a bug that could cause a client to crash with an assertion
         failure when parsing a malformed hidden service descriptor. Fixes
         bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".

     o Minor features (DoS-resistance, hidden service):
       - Introduction points no longer allow multiple INTRODUCE1 cells to
         arrive on the same circuit. This should make it more expensive for
         attackers to overwhelm hidden services with introductions.
         Resolves ticket 15515.