./net/tor, Anonymizing overlay network for TCP

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version:, Package name: tor-, Maintainer: pkgsrc-users

The simple version: Tor provides a distributed network of servers ("onion
routers"). Users bounce their TCP streams (web traffic, FTP, SSH, etc.) around
the routers. This makes it hard for recipients, observers, and even the onion
routers themselves to track the source of the stream.

The complex version: Onion Routing is a connection-oriented anonymizing
communication service. Users choose a source-routed path through a set of
nodes, and negotiate a "virtual circuit" through the network, in which each
node knows its predecessor and successor, but no others. Traffic flowing down
the circuit is unwrapped by a symmetric key at each node, which reveals the
downstream node.

Required to run:
[security/openssl] [devel/libevent] [archivers/zstd]

Required to build:
[textproc/asciidoc] [pkgtools/cwrappers]

Package options: doc

Master sites:

SHA1: a7a48e4199097b5198c86448b5871732fba2ac76
RMD160: 86d23f25cfec136a8b2abc0567fa2708f6078252
Filesize: 7426.636 KB

Version history: (Expand)

CVS history: (Expand)

   2020-03-18 17:43:49 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor: update to

Changes in version - 2020-03-18
  This is the third stable release in the 0.4.2.x series. It backports
  numerous fixes from later releases, including a fix for TROVE-2020-
  002, a major denial-of-service vulnerability that affected all
  released Tor instances since Using this vulnerability,
  an attacker could cause Tor instances to consume a huge amount of CPU,
  disrupting their operations for several seconds or minutes. This
  attack could be launched by anybody against a relay, or by a directory
  cache against any client that had connected to it. The attacker could
  launch this attack as much as they wanted, thereby disrupting service
  or creating patterns that could aid in traffic analysis. This issue
  was found by OSS-Fuzz, and is also tracked as CVE-2020-10592.

  We do not have reason to believe that this attack is currently being
  exploited in the wild, but nonetheless we advise everyone to upgrade
  as soon as packages are available.

  o Major bugfixes (security, denial-of-service, backport from
    - Fix a denial-of-service bug that could be used by anyone to
      consume a bunch of CPU on any Tor relay or authority, or by
      directories to consume a bunch of CPU on clients or hidden
      services. Because of the potential for CPU consumption to
      introduce observable timing patterns, we are treating this as a
      high-severity security issue. Fixes bug 33119; bugfix on Found by OSS-Fuzz. We are also tracking this issue
      as TROVE-2020-002 and CVE-2020-10592.

  o Major bugfixes (circuit padding, memory leak, backport from
    - Avoid a remotely triggered memory leak in the case that a circuit
      padding machine is somehow negotiated twice on the same circuit.
      Fixes bug 33619; bugfix on Found by Tobias Pulls.
      This is also tracked as TROVE-2020-004 and CVE-2020-10593.

  o Major bugfixes (directory authority, backport from
    - Directory authorities will now send a 503 (not enough bandwidth)
      code to clients when under bandwidth pressure. Known relays and
      other authorities will always be answered regardless of the
      bandwidth situation. Fixes bug 33029; bugfix on

  o Minor features (continuous integration, backport from
    - Stop allowing failures on the Travis CI stem tests job. It looks
      like all the stem hangs we were seeing before are now fixed.
      Closes ticket 33075.

  o Minor bugfixes (bridges, backport from
    - Lowercase the configured value of BridgeDistribution before adding
      it to the descriptor. Fixes bug 32753; bugfix on

  o Minor bugfixes (logging, backport from
    - If we encounter a bug when flushing a buffer to a TLS connection,
      only log the bug once per invocation of the Tor process.
      Previously we would log with every occurrence, which could cause
      us to run out of disk space. Fixes bug 33093; bugfix

  o Minor bugfixes (onion services v3, backport from
    - Fix an assertion failure that could result from a corrupted
      ADD_ONION control port command. Found by Saibato. Fixes bug 33137;
      bugfix on This issue is also tracked
      as TROVE-2020-003.

  o Minor bugfixes (rust, build, backport from
    - Fix a syntax warning given by newer versions of Rust that was
      creating problems for our continuous integration. Fixes bug 33212;
      bugfix on

  o Testing (Travis CI, backport from
    - Remove a redundant distcheck job. Closes ticket 33194.
    - Sort the Travis jobs in order of speed: putting the slowest jobs
      first takes full advantage of Travis job concurrency. Closes
      ticket 33194.
    - Stop allowing the Chutney IPv6 Travis job to fail. This job was
      previously configured to fast_finish (which requires
      allow_failure), to speed up the build. Closes ticket 33195.
    - When a Travis chutney job fails, use chutney's new "diagnostics.sh"
      tool to produce detailed diagnostic output. Closes ticket 32792.
   2020-01-30 22:15:41 by Leonardo Taccari | Files touched by this commit (1)
Log message:
tor: Readd accidentally removed .crate in distinfo

XXX: It would be nice that `makesum' target do that independently of `rust'
XXX: option.
   2020-01-30 22:02:49 by Leonardo Taccari | Files touched by this commit (2) | Package updated
Log message:
tor: Update to

  This is the second stable release in the 0.4.2.x series. It backports
  several bugfixes from, including some that had affected
  the Linux seccomp2 sandbox or Windows services. If you're running with
  one of those configurations, you'll probably want to upgrade;
  otherwise, you should be fine with

  o Major bugfixes (linux seccomp sandbox, backport from
    - Correct how we use libseccomp. Particularly, stop assuming that
      rules are applied in a particular order or that more rules are
      processed after the first match. Neither is the case! In
      libseccomp <2.4.0 this lead to some rules having no effect.
      libseccomp 2.4.0 changed how rules are generated, leading to a
      different ordering, which in turn led to a fatal crash during
      startup. Fixes bug 29819; bugfix on Patch by
      Peter Gerber.
    - Fix crash when reloading logging configuration while the
      experimental sandbox is enabled. Fixes bug 32841; bugfix on Patch by Peter Gerber.

  o Minor bugfixes (correctness checks, backport from
    - Use GCC/Clang's printf-checking feature to make sure that
      tor_assertf() arguments are correctly typed. Fixes bug 32765;
      bugfix on

  o Minor bugfixes (logging, crash, backport from
    - Avoid a possible crash when trying to log a (fatal) assertion
      failure about mismatched magic numbers in configuration objects.
      Fixes bug 32771; bugfix on

  o Minor bugfixes (testing, backport from
    - When TOR_DISABLE_PRACTRACKER is set, do not apply it to the
      test_practracker.sh script. Doing so caused a test failure. Fixes
      bug 32705; bugfix on
    - When TOR_DISABLE_PRACTRACKER is set, log a notice to stderr when
      skipping practracker checks. Fixes bug 32705; bugfix

  o Minor bugfixes (windows service, backport from
    - Initialize the publish/subscribe system when running as a windows
      service. Fixes bug 32778; bugfix on

  o Testing (backport from
    - Turn off Tor's Sandbox in Chutney jobs, and run those jobs on
      Ubuntu Bionic. Turning off the Sandbox is a work-around, until we
      fix the sandbox errors in 32722. Closes ticket 32240.
    - Re-enable the Travis CI macOS Chutney build, but don't let it
      prevent the Travis job from finishing. (The Travis macOS jobs are
      slow, so we don't want to have it delay the whole CI process.)
      Closes ticket 32629.

  o Testing (continuous integration, backport from
    - Use zstd in our Travis Linux builds. Closes ticket 32242.
   2020-01-26 18:32:28 by Roland Illig | Files touched by this commit (981)
Log message:
all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
   2020-01-25 11:45:12 by Jonathan Perkin | Files touched by this commit (24)
Log message:
*: Remove obsolete BUILDLINK_API_DEPENDS.openssl.
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-12-10 14:06:23 by ng0 | Files touched by this commit (3) | Package updated
Log message:
Update net/tor to version


Changes in version - 2019-12-09
  This is the first stable release in the 0.4.2.x series. This series
  improves reliability and stability, and includes several stability and
  correctness improvements for onion services. It also fixes many smaller
  bugs present in previous series.

  Per our support policy, we will support the 0.4.2.x series for nine
  months, or until three months after the release of a stable 0.4.3.x:
  whichever is longer. If you need longer-term support, please stick
  with 0.3.5.x, which will we plan to support until Feb 2022.

  Per our support policy, we will support the 0.4.2.x series for nine
  months, or until three months after the release of a stable 0.4.3.x:
  whichever is longer. If you need longer-term support, please stick
  with 0.3.5.x, which will we plan to support until Feb 2022.

  Below are the changes since For a complete list of changes
  since, see the ReleaseNotes file.

  o Minor features (geoip):
    - Update geoip and geoip6 to the December 3 2019 Maxmind GeoLite2
      Country database. Closes ticket 32685.

  o Testing:
    - Require C99 standards-conforming code in Travis CI, but allow GNU
      gcc extensions. Also activates clang's -Wtypedef-redefinition
      warnings. Build some jobs with -std=gnu99, and some jobs without.
      Closes ticket 32500.

Changes in version - 2019-11-15
  Tor is the first release candidate in its series. It fixes
  several bugs from earlier versions, including a few that would result in
  stack traces or incorrect behavior.

  o Minor features (build system):
    - Make pkg-config use --prefix when cross-compiling, if
      PKG_CONFIG_PATH is not set. Closes ticket 32191.

  o Minor features (geoip):
    - Update geoip and geoip6 to the November 6 2019 Maxmind GeoLite2
      Country database. Closes ticket 32440.

  o Minor bugfixes (client, onion service v3):
    - Fix a BUG() assertion that occurs within a very small race window
      between when a client intro circuit opens and when its descriptor
      gets cleaned up from the cache. The circuit is now closed early,
      which will trigger a re-fetch of the descriptor and continue the
      connection. Fixes bug 28970; bugfix on

  o Minor bugfixes (code quality):
    - Fix "make check-includes" so it runs correctly on out-of-tree
      builds. Fixes bug 31335; bugfix on

  o Minor bugfixes (configuration):
    - Log the option name when skipping an obsolete option. Fixes bug
      32295; bugfix on

  o Minor bugfixes (crash):
    - When running Tor with an option like --verify-config or
      --dump-config that does not start the event loop, avoid crashing
      if we try to exit early because of an error. Fixes bug 32407;
      bugfix on

  o Minor bugfixes (directory):
    - When checking if a directory connection is anonymous, test if the
      circuit was marked for close before looking at its channel. This
      avoids a BUG() stacktrace if the circuit was previously closed.
      Fixes bug 31958; bugfix on

  o Minor bugfixes (shellcheck):
    - Fix minor shellcheck errors in the git-*.sh scripts. Fixes bug
      32402; bugfix on
    - Start checking most scripts for shellcheck errors again. Fixes bug
      32402; bugfix on

  o Testing (continuous integration):
    - Use Ubuntu Bionic images for our Travis CI builds, so we can get a
      recent version of coccinelle. But leave chutney on Ubuntu Trusty,
      until we can fix some Bionic permissions issues (see ticket
      32240). Related to ticket 31919.
    - Install the mingw OpenSSL package in Appveyor. This makes sure
      that the OpenSSL headers and libraries match in Tor's Appveyor
      builds. (This bug was triggered by an Appveyor image update.)
      Fixes bug 32449; bugfix on
    - In Travis, use Xcode 11.2 on macOS 10.14. Closes ticket 32241.

Changes in version - 2019-10-24
  This release fixes several bugs from the previous alpha release, and
  from earlier versions of Tor.

  o Major bugfixes (relay):
    - Relays now respect their AccountingMax bandwidth again. When
      relays entered "soft" hibernation (which typically starts when
      we've hit 90% of our AccountingMax), we had stopped checking
      whether we should enter hard hibernation. Soft hibernation refuses
      new connections and new circuits, but the existing circuits can
      continue, meaning that relays could have exceeded their configured
      AccountingMax. Fixes bug 32108; bugfix on

  o Major bugfixes (v3 onion services):
    - Onion services now always use the exact number of intro points
      configured with the HiddenServiceNumIntroductionPoints option (or
      fewer if nodes are excluded). Before, a service could sometimes
      pick more intro points than configured. Fixes bug 31548; bugfix

  o Minor feature (onion services, control port):
    - The ADD_ONION command's keyword "BEST" now defaults to ED25519-V3
      (v3) onion services. Previously it defaulted to RSA1024 (v2).
      Closes ticket 29669.

  o Minor features (testing):
    - When running tests that attempt to look up hostnames, replace the
      libc name lookup functions with ones that do not actually touch
      the network. This way, the tests complete more quickly in the
      presence of a slow or missing DNS resolver. Closes ticket 31841.

  o Minor features (testing, continuous integration):
    - Disable all but one Travis CI macOS build, to mitigate slow
      scheduling of Travis macOS jobs. Closes ticket 32177.
    - Run the chutney IPv6 networks as part of Travis CI. Closes
      ticket 30860.
    - Simplify the Travis CI build matrix, and optimise for build time.
      Closes ticket 31859.
    - Use Windows Server 2019 instead of Windows Server 2016 in our
      Appveyor builds. Closes ticket 32086.

  o Minor bugfixes (build system):
    - Interpret "--disable-module-dirauth=no" correctly. Fixes bug
      32124; bugfix on
    - Interpret "--with-tcmalloc=no" correctly. Fixes bug 32124; bugfix
    - Stop failing when jemalloc is requested, but tcmalloc is not
      found. Fixes bug 32124; bugfix on
    - When pkg-config is not installed, or a library that depends on
      pkg-config is not found, tell the user what to do to fix the
      problem. Fixes bug 31922; bugfix on

  o Minor bugfixes (connections):
    - Avoid trying to read data from closed connections, which can cause
      needless loops in Libevent and infinite loops in Shadow. Fixes bug
      30344; bugfix on

  o Minor bugfixes (error handling):
    - Always lock the backtrace buffer before it is used. Fixes bug
      31734; bugfix on

  o Minor bugfixes (mainloop, periodic events, in-process API):
    - Reset the periodic events' "enabled" flag when Tor is shut down
      cleanly. Previously, this flag was left on, which caused periodic
      events not to be re-enabled when Tor was relaunched in-process
      with tor_api.h after a shutdown. Fixes bug 32058; bugfix

  o Minor bugfixes (process management):
    - Remove overly strict assertions that triggered when a pluggable
      transport failed to launch. Fixes bug 31091; bugfix
    - Remove an assertion in the Unix process backend. This assertion
      would trigger when we failed to find the executable for a child
      process. Fixes bug 31810; bugfix on

  o Minor bugfixes (testing):
    - Avoid intermittent test failures due to a test that had relied on
      inconsistent timing sources. Fixes bug 31995; bugfix
    - When testing port rebinding, don't busy-wait for tor to log.
      Instead, actually sleep for a short time before polling again.
      Also improve the formatting of control commands and log messages.
      Fixes bug 31837; bugfix on

  o Minor bugfixes (tls, logging):
    - Log bugs about the TLS read buffer's length only once, rather than
      filling the logs with similar warnings. Fixes bug 31939; bugfix

  o Minor bugfixes (v3 onion services):
    - Fix an implicit conversion from ssize_t to size_t discovered by
      Coverity. Fixes bug 31682; bugfix on
    - Fix a memory leak in an unlikely error code path when encoding HS
      DoS establish intro extension cell. Fixes bug 32063; bugfix
    - When cleaning up intro circuits for a v3 onion service, don't
      remove circuits that have an established or pending circuit, even
      if they ran out of retries. This way, we don't remove a circuit on
      its last retry. Fixes bug 31652; bugfix on

  o Documentation:
    - Correct the description of "GuardLifetime". Fixes bug 31189;
      bugfix on
    - Make clear in the man page, in both the bandwidth section and the
      AccountingMax section, that Tor counts in powers of two, not
      powers of ten: 1 GByte is 1024*1024*1024 bytes, not one billion
      bytes. Resolves ticket 32106.

Changes in version - 2019-10-07
  This release fixes several bugs from the previous alpha release, and
  from earlier versions. It also includes a change in authorities, so
  that they begin to reject the currently unsupported release series.

  o Major features (directory authorities):
    - Directory authorities now reject relays running all currently
      deprecated release series. The currently supported release series
      are: 0.2.9, 0.3.5, 0.4.0, 0.4.1, and 0.4.2. Closes ticket 31549.

  o Major bugfixes (embedded Tor):
    - Avoid a possible crash when restarting Tor in embedded mode and
      enabling a different set of publish/subscribe messages. Fixes bug
      31898; bugfix on

  o Major bugfixes (torrc parsing):
    - Stop ignoring torrc options after an %include directive, when the
      included directory ends with a file that does not contain any
      config options (but does contain comments or whitespace). Fixes
      bug 31408; bugfix on

  o Minor features (auto-formatting scripts):
    - When annotating C macros, never generate a line that our check-
      spaces script would reject. Closes ticket 31759.
    - When annotating C macros, try to remove cases of double-negation.
      Closes ticket 31779.

  o Minor features (continuous integration):
    - When building on Appveyor and Travis, pass the "-k" flag to make,
      so that we are informed of all compilation failures, not just the
      first one or two. Closes ticket 31372.

  o Minor features (geoip):
    - Update geoip and geoip6 to the October 1 2019 Maxmind GeoLite2
      Country database. Closes ticket 31931.

  o Minor features (maintenance scripts):
    - Add a Coccinelle script to detect bugs caused by incrementing or
      decrementing a variable inside a call to log_debug(). Since
      log_debug() is a macro whose arguments are conditionally
      evaluated, it is usually an error to do this. One such bug was
      30628, in which SENDME cells were miscounted by a decrement
      operator inside a log_debug() call. Closes ticket 30743.

  o Minor features (onion services v3):
    - Assist users who try to setup v2 client authorization in v3 onion
      services by pointing them to the right documentation. Closes
      ticket 28966.

  o Minor bugfixes (Appveyor continuous integration):
    - Avoid spurious errors when Appveyor CI fails before the install
      step. Fixes bug 31884; bugfix on

  o Minor bugfixes (best practices tracker):
    - When listing overbroad exceptions, do not also list problems, and
      do not list insufficiently broad exceptions. Fixes bug 31338;
      bugfix on

  o Minor bugfixes (controller protocol):
    - Fix the MAPADDRESS controller command to accept one or more
      arguments. Previously, it required two or more arguments, and
      ignored the first. Fixes bug 31772; bugfix on

  o Minor bugfixes (logging):
    - Add a missing check for HAVE_PTHREAD_H, because the backtrace code
      uses mutexes. Fixes bug 31614; bugfix on
    - Disable backtrace signal handlers when shutting down tor. Fixes
      bug 31614; bugfix on
    - Rate-limit our the logging message about the obsolete .exit
      notation. Previously, there was no limit on this warning, which
      could potentially be triggered many times by a hostile website.
      Fixes bug 31466; bugfix on
    - When initialising log domain masks, only set known log domains.
      Fixes bug 31854; bugfix on

  o Minor bugfixes (logging, protocol violations):
    - Do not log a nonfatal assertion failure when receiving a VERSIONS
      cell on a connection using the obsolete v1 link protocol. Log a
      protocol_warn instead. Fixes bug 31107; bugfix on

  o Minor bugfixes (modules):
    - Explain what the optional Directory Authority module is, and what
      happens when it is disabled. Fixes bug 31825; bugfix

  o Minor bugfixes (multithreading):
    - Avoid some undefined behaviour when freeing mutexes. Fixes bug
      31736; bugfix on 0.0.7.

  o Minor bugfixes (relay):
    - Avoid crashing when starting with a corrupt keys directory where
      the old ntor key and the new ntor key are identical. Fixes bug
      30916; bugfix on

  o Minor bugfixes (tests, SunOS):
    - Avoid a map_anon_nofork test failure due to a signed/unsigned
      integer comparison. Fixes bug 31897; bugfix on

  o Code simplification and refactoring:
    - Refactor connection_control_process_inbuf() to reduce the size of
      a practracker exception. Closes ticket 31840.
    - Refactor the microdescs_parse_from_string() function into smaller
      pieces, for better comprehensibility. Closes ticket 31675.
    - Use SEVERITY_MASK_IDX() to find the LOG_* mask indexes in the unit
      tests and fuzzers, rather than using hard-coded values. Closes
      ticket 31334.
    - Interface for function `decrypt_desc_layer` cleaned up. Closes
      ticket 31589.

  o Documentation:
    - Document the signal-safe logging behaviour in the tor man page.
      Also add some comments to the relevant functions. Closes
      ticket 31839.
    - Explain why we can't destroy the backtrace buffer mutex. Explain
      why we don't need to destroy the log mutex. Closes ticket 31736.
    - The Tor source code repository now includes a (somewhat dated)
      description of Tor's modular architecture, in doc/HACKING/design.
      This is based on the old "tor-guts.git" repository, which we are
      adopting and superseding. Closes ticket 31849.
   2019-11-24 19:42:16 by ng0 | Files touched by this commit (2)
Log message:
net/tor: Add rust option to build the rust features in tor.