./net/tor, Anonymizing overlay network for TCP

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.4.6.9, Package name: tor-0.4.6.9, Maintainer: wiz

The simple version: Tor provides a distributed network of servers ("onion
routers"). Users bounce their TCP streams (web traffic, FTP, SSH, etc.) around
the routers. This makes it hard for recipients, observers, and even the onion
routers themselves to track the source of the stream.

The complex version: Onion Routing is a connection-oriented anonymizing
communication service. Users choose a source-routed path through a set of
nodes, and negotiate a "virtual circuit" through the network, in which each
node knows its predecessor and successor, but no others. Traffic flowing down
the circuit is unwrapped by a symmetric key at each node, which reveals the
downstream node.


Required to run:
[security/openssl] [devel/libevent] [archivers/zstd]

Required to build:
[textproc/asciidoc] [pkgtools/cwrappers]

Package options: doc, openssl

Master sites:

Filesize: 7614.919 KB

Version history: (Expand)


CVS history: (Expand)


   2021-12-17 20:09:28 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor: update to 0.4.6.9.

Changes in version 0.4.6.9 - 2021-12-15
  This version fixes several bugs from earlier versions of Tor. One important
  piece is the removal of DNS timeout metric from the overload general signal.
  See below for more details.

  o Major bugfixes (relay, overload):
    - Don't make Tor DNS timeout trigger an overload general state.
      These timeouts are different from DNS server timeout. They have to
      be seen as timeout related to UX and not because of a network
      problem. Fixes bug 40527; bugfix on 0.4.6.1-alpha.

  o Minor feature (reproducible build):
    - The repository can now build reproducible tarballs which adds the
      build command "make dist-reprod" for that purpose. Closes
      ticket 26299.

  o Minor features (compilation):
    - Give an error message if trying to build with a version of
      LibreSSL known not to work with Tor. (There's an incompatibility
      with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of
      their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes
      ticket 40511.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on December 15, 2021.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2021/12/15.

  o Minor bugfixes (compilation):
    - Fix our configuration logic to detect whether we had OpenSSL 3:
      previously, our logic was reversed. This has no other effect than
      to change whether we suppress deprecated API warnings. Fixes bug
      40429; bugfix on 0.3.5.13.

  o Minor bugfixes (relay):
    - Reject IPv6-only DirPorts. Our reachability self-test forces
      DirPorts to be IPv4, but our configuration parser allowed them to
      be IPv6-only, which led to an assertion failure. Fixes bug 40494;
      bugfix on 0.4.5.1-alpha.

  o Documentation (man, relay):
    - Missing "OverloadStatistics" in tor.1 manpage. Fixes bug 40504;
      bugfix on 0.4.6.1-alpha.
   2021-10-27 15:16:35 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor: update to 0.4.6.8.

Changes in version 0.4.6.8 - 2021-10-26
  This version fixes several bugs from earlier versions of Tor. One
  highlight is a fix on how we track DNS timeouts to report general
  relay overload.

  o Major bugfixes (relay, overload state):
    - Relays report the general overload state for DNS timeout errors
      only if X% of all DNS queries over Y seconds are errors. Before
      that, it only took 1 timeout to report the overload state which
      was just too low of a threshold. The X and Y values are 1% and 10
      minutes respectively but they are also controlled by consensus
      parameters. Fixes bug 40491; bugfix on 0.4.6.1-alpha.

  o Minor features (fallbackdir):
    - Regenerate fallback directories for October 2021. Closes
      ticket 40493.

  o Minor features (testing):
    - On a testing network, relays can now use the
      TestingMinTimeToReportBandwidth option to change the smallest
      amount of time over which they're willing to report their observed
      maximum bandwidth. Previously, this was fixed at 1 day. For
      safety, values under 2 hours are only supported on testing
      networks. Part of a fix for ticket 40337.
    - Relays on testing networks no longer rate-limit how frequently
      they are willing to report new bandwidth measurements. Part of a
      fix for ticket 40337.
    - Relays on testing networks now report their observed bandwidths
      immediately from startup. Previously, they waited until they had
      been running for a full day. Closes ticket 40337.

  o Minor bugfix (onion service):
    - Do not flag an HSDir as non-running in case the descriptor upload
      or fetch fails. An onion service closes pending directory
      connections before uploading a new descriptor which can thus lead
      to wrongly flagging many relays and thus affecting circuit building
      path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha.
    - Improve logging when a bad HS version is given. Fixes bug 40476;
      bugfix on 0.4.6.1-alpha.

  o Minor bugfix (CI, onion service):
    - Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500;
      bugfix on 0.3.2.1-alpha.

  o Minor bugfixes (compatibility):
    - Fix compatibility with the most recent Libevent versions, which no
      longer have an evdns_set_random_bytes() function. Because this
      function has been a no-op since Libevent 2.0.4-alpha, it is safe
      for us to just stop calling it. Fixes bug 40371; bugfix
      on 0.2.1.7-alpha.

  o Minor bugfixes (onion service, TROVE-2021-008):
    - Only log v2 access attempts once total, in order to not pollute
      the logs with warnings and to avoid recording the times on disk
      when v2 access was attempted. Note that the onion address was
      _never_ logged. This counts as a Low-severity security issue.
      Fixes bug 40474; bugfix on 0.4.5.8.
   2021-10-26 13:07:15 by Nia Alarie | Files touched by this commit (958)
Log message:
net: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts...):

net/radsecproxy/distinfo

The following distfiles could not be fetched (fetched conditionally?):

./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
   2021-10-07 16:43:07 by Nia Alarie | Files touched by this commit (962)
Log message:
net: Remove SHA1 hashes for distfiles
   2021-09-07 16:00:52 by Greg Troxel | Files touched by this commit (1)
Log message:
net/tor: Workaround upstream "micro-revision.i" bug

There is something wrong in tor's  makefiles which causes:

  src/lib/version/git_revision.c:21:10: fatal error: micro-revision.i: No such \ 
file or directory
   #include "micro-revision.i"
	    ^~~~~~~~~~~~~~~~~~
  compilation terminated.

obviously by not having built micro-revision.i when that compilation
is done.   This happens reliably for some people and not for others.

This commit adds a comment with the issue in tor's bug tracker, and a
workaround that builds micro-revision.i and then does the normal
build.

No PKGREVISION as this is just a build fix, and should have zero
effect if this built anyway.

ok @wiz
   2021-07-01 09:42:38 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
tor: update to 0.4.6.6.

Changes in version 0.4.6.6 - 2021-06-30
  Tor 0.4.6.6 makes several small fixes on 0.4.6.5, including one that
  allows Tor to build correctly on older versions of GCC. You should
  upgrade to this version if you were having trouble building Tor
  0.4.6.5; otherwise, there is probably no need.

  o Minor bugfixes (compilation):
    - Fix a compilation error when trying to build Tor with a compiler
      that does not support const variables in static initializers.
      Fixes bug 40410; bugfix on 0.4.6.5.
    - Suppress a strict-prototype warning when building with some
      versions of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha.

  o Minor bugfixes (testing):
    - Enable the deterministic RNG for unit tests that covers the
      address set bloomfilter-based API's. Fixes bug 40419; bugfix
      on 0.3.3.2-alpha.
   2021-06-28 09:03:44 by Thomas Klausner | Files touched by this commit (1) | Package updated
Log message:
tor: update rust option

This still does not build for me.
Add comment on tor implementation project in rust.
   2021-06-27 23:18:38 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
tor: update to 0.4.6.5.

Changes in version 0.4.6.5 - 2021-06-14
  Tor 0.4.6.5 is the first stable release in its series. The 0.4.6.x
  series includes numerous features and bugfixes, including a significant
  improvement to our circuit timeout algorithm that should improve
  observed client performance, and a way for relays to report when they are
  overloaded.

  This release also includes security fixes for several security issues,
  including a denial-of-service attack against onion service clients,
  and another denial-of-service attack against relays. Everybody should
  upgrade to one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5.

  o Major bugfixes (security):
    - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
      half-closed streams. Previously, clients failed to validate which
      hop sent these cells: this would allow a relay on a circuit to end
      a stream that wasn't actually built with it. Fixes bug 40389;
      bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
      003 and CVE-2021-34548.

  o Major bugfixes (security, defense-in-depth):
    - Detect more failure conditions from the OpenSSL RNG code.
      Previously, we would detect errors from a missing RNG
      implementation, but not failures from the RNG code itself.
      Fortunately, it appears those failures do not happen in practice
      when Tor is using OpenSSL's default RNG implementation. Fixes bug
      40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as
      TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.

  o Major bugfixes (security, denial of service):
    - Resist a hashtable-based CPU denial-of-service attack against
      relays. Previously we used a naive unkeyed hash function to look
      up circuits in a circuitmux object. An attacker could exploit this
      to construct circuits with chosen circuit IDs, to create
      collisions and make the hash table inefficient. Now we use a
      SipHash construction here instead. Fixes bug 40391; bugfix on
      0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
      CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
    - Fix an out-of-bounds memory access in v3 onion service descriptor
      parsing. An attacker could exploit this bug by crafting an onion
      service descriptor that would crash any client that tried to visit
      it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also
      tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
      Glazunov from Google's Project Zero.

  o Major features (control port, onion services):
    - Add controller support for creating version 3 onion services with
      client authorization. Previously, only v2 onion services could be
      created with client authorization. Closes ticket 40084. Patch by
      Neel Chauhan.

  o Major features (directory authority):
    - When voting on a relay with a Sybil-like appearance, add the Sybil
      flag when clearing out the other flags. This lets a relay operator
      know why their relay hasn't been included in the consensus. Closes
      ticket 40255. Patch by Neel Chauhan.

  o Major features (metrics):
    - Relays now report how overloaded they are in their extrainfo
      documents. This information is controlled with the
      OverloadStatistics torrc option, and it will be used to improve
      decisions about the network's load balancing. Implements proposal
      328; closes ticket 40222.

  o Major features (relay, denial of service):
    - Add a new DoS subsystem feature to control the rate of client
      connections for relays. Closes ticket 40253.

  o Major features (statistics):
    - Relays now publish statistics about the number of v3 onion
      services and volume of v3 onion service traffic, in the same
      manner they already do for v2 onions. Closes ticket 23126.

  o Major bugfixes (circuit build timeout):
    - Improve the accuracy of our circuit build timeout calculation for
      60%, 70%, and 80% build rates for various guard choices. We now
      use a maximum likelihood estimator for Pareto parameters of the
      circuit build time distribution, instead of a "right-censored
      estimator". This causes clients to ignore circuits that never
      finish building in their timeout calculations. Previously, clients
      were counting such unfinished circuits as having the highest
      possible build time value, when in reality these circuits most
      likely just contain relays that are offline. We also now wait a
      bit longer to let circuits complete for measurement purposes,
      lower the minimum possible effective timeout from 1.5 seconds to
      10ms, and increase the resolution of the circuit build time
      histogram from 50ms bin widths to 10ms bin widths. Additionally,
      we alter our estimate Xm by taking the maximum of the top 10 most
      common build time values of the 10ms histogram, and compute Xm as
      the average of these. Fixes bug 40168; bugfix on 0.2.2.14-alpha.
    - Remove max_time calculation and associated warning from circuit
      build timeout 'alpha' parameter estimation, as this is no longer
      needed by our new estimator from 40168. Fixes bug 34088; bugfix
      on 0.2.2.9-alpha.

  o Major bugfixes (signing key):
    - In the tor-gencert utility, give an informative error message if
      the passphrase given in `--create-identity-key` is too short.
      Fixes bug 40189; bugfix on 0.2.0.1-alpha. Patch by Neel Chauhan.

  o Minor features (bridge):
    - We now announce the URL to Tor's new bridge status at
      https://bridges.torproject.org/ when Tor is configured to run as a
      bridge relay. Closes ticket 30477.

  o Minor features (build system):
    - New "make lsp" command to auto generate the compile_commands.json
      file used by the ccls server. The "bear" program is needed for
      this. Closes ticket 40227.

  o Minor features (client):
    - Clients now check whether their streams are attempting to re-enter
      the Tor network (i.e. to send Tor traffic over Tor), and close
      them preemptively if they think exit relays will refuse them for
      this reason. See ticket 2667 for details. Closes ticket 40271.

  o Minor features (command line):
    - Add long format name "--torrc-file" equivalent to the existing
      command-line option "-f". Closes ticket 40324. Patch by
      Daniel Pinto.

  o Minor features (command-line interface):
    - Add build informations to `tor --version` in order to ease
      reproducible builds. Closes ticket 32102.
    - When parsing command-line flags that take an optional argument,
      treat the argument as absent if it would start with a '-'
      character. Arguments in that form are not intelligible for any of
      our optional-argument flags. Closes ticket 40223.
    - Allow a relay operator to list the ed25519 keys on the command
      line by adding the `rsa` and `ed25519` arguments to the
      --list-fingerprint flag to show the respective RSA and ed25519
      relay fingerprint. Closes ticket 33632. Patch by Neel Chauhan.

  o Minor features (compatibility):
    - Remove an assertion function related to TLS renegotiation. It was
      used nowhere outside the unit tests, and it was breaking
      compilation with recent alpha releases of OpenSSL 3.0.0. Closes
      ticket 40399.

  o Minor features (control port, stream handling):
    - Add the stream ID to the event line in the ADDRMAP control event.
      Closes ticket 40249. Patch by Neel Chauhan.

  o Minor features (dormant mode):
    - Add a new 'DormantTimeoutEnabled' option to allow coarse-grained
      control over whether the client ever becomes dormant from
      inactivity. Most people won't need this. Closes ticket 40228.
    - Add a new 'DormantTimeoutEnabled' option for coarse-grained
      control over whether the client can become dormant from
      inactivity. Most people won't need this. Closes ticket 40228.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2021/06/10.

  o Minor features (logging):
    - Edit heartbeat log messages so that more of them begin with the
      string "Heartbeat: ". Closes ticket 40322; patch
      from 'cypherpunks'.
    - Change the DoS subsystem heartbeat line format to be more clear on
      what has been detected/rejected, and which option is disabled (if
      any). Closes ticket 40308.
    - In src/core/mainloop/mainloop.c and src/core/mainloop/connection.c,
      put brackets around IPv6 addresses in log messages. Closes ticket
      40232. Patch by Neel Chauhan.

  o Minor features (logging, diagnostic):
    - Log decompression failures at a higher severity level, since they
      can help provide missing context for other warning messages. We
      rate-limit these messages, to avoid flooding the logs if they
      begin to occur frequently. Closes ticket 40175.

  o Minor features (onion services):
    - Add a warning message when trying to connect to (no longer
      supported) v2 onion services. Closes ticket 40373.

  o Minor features (performance, windows):
    - Use SRWLocks to implement locking on Windows. Replaces the
      "critical section" locking implementation with the faster
      SRWLocks, available since Windows Vista. Closes ticket 17927.
      Patch by Daniel Pinto.

  o Minor features (protocol, proxy support, defense in depth):
    - Close HAProxy connections if they somehow manage to send us data
      before we start reading. Closes another case of ticket 40017.

  o Minor features (tests, portability):
    - Port the hs_build_address.py test script to work with recent
      versions of python. Closes ticket 40213. Patch from
      Samanta Navarro.

  o Minor features (vote document):
    - Add a "stats" line to directory authority votes, to report various
      statistics that authorities compute about the relays. This will
      help us diagnose the network better. Closes ticket 40314.

  o Minor bugfixes (build):
    - The configure script now shows whether or not lzma and zstd have
      been used, not just if the enable flag was passed in. Fixes bug
      40236; bugfix on 0.4.3.1-alpha.

  o Minor bugfixes (compatibility):
    - Fix a failure in the test cases when running on the "hppa"
      architecture, along with a related test that might fail on other
      architectures in the future. Fixes bug 40274; bugfix
      on 0.2.5.1-alpha.

  o Minor bugfixes (compilation):
    - Fix a compilation warning about unused functions when building
      with a libc that lacks the GLOB_ALTDIRFUNC constant. Fixes bug
      40354; bugfix on 0.4.5.1-alpha. Patch by Daniel Pinto.

  o Minor bugfixes (consensus handling):
    - Avoid a set of bugs that could be caused by inconsistently
      preferring an out-of-date consensus stored in a stale directory
      cache over a more recent one stored on disk as the latest
      consensus. Fixes bug 40375; bugfix on 0.3.1.1-alpha.

  o Minor bugfixes (control, sandbox):
    - Allow the control command SAVECONF to succeed when the seccomp
      sandbox is enabled, and make SAVECONF keep only one backup file to
      simplify implementation. Previously SAVECONF allowed a large
      number of backup files, which made it incompatible with the
      sandbox. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by
      Daniel Pinto.

  o Minor bugfixes (directory authorities, voting):
    - Add a new consensus method (31) to support any future changes that
      authorities decide to make to the value of bwweightscale or
      maxunmeasuredbw. Previously, there was a bug that prevented the
      authorities from parsing these consensus parameters correctly under
      most circumstances. Fixes bug 19011; bugfix on 0.2.2.10-alpha.

  o Minor bugfixes (ipv6):
    - Allow non-SOCKSPorts to disable IPv4, IPv6, and PreferIPv4. Some
      rare configurations might break, but in this case you can disable
      NoIPv4Traffic and NoIPv6Traffic as needed. Fixes bug 33607; bugfix
      on 0.4.1.1-alpha. Patch by Neel Chauhan.

  o Minor bugfixes (key generation):
    - Do not require a valid torrc when using the `--keygen` argument to
      generate a signing key. This allows us to generate keys on systems
      or users which may not run Tor. Fixes bug 40235; bugfix on
      0.2.7.2-alpha. Patch by Neel Chauhan.

  o Minor bugfixes (logging, relay):
    - Emit a warning if an Address is found to be internal and tor can't
      use it. Fixes bug 40290; bugfix on 0.4.5.1-alpha.

  o Minor bugfixes (metrics port):
    - Fix a bug that made tor try to re-bind() on an already open
      MetricsPort every 60 seconds. Fixes bug 40370; bugfix
      on 0.4.5.1-alpha.

  o Minor bugfixes (onion services, logging):
    - Downgrade the severity of a few rendezvous circuit-related
      warnings from warning to info. Fixes bug 40207; bugfix on
      0.3.2.1-alpha. Patch by Neel Chauhan.

  o Minor bugfixes (relay):
    - Reduce the compression level for data streaming from HIGH to LOW.
      This should reduce the CPU and memory burden for directory caches.
      Fixes bug 40301; bugfix on 0.3.5.1-alpha.

  o Minor bugfixes (testing, BSD):
    - Fix pattern-matching errors when patterns expand to invalid paths
      on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by
      Daniel Pinto.

  o Code simplification and refactoring:
    - Remove the orconn_ext_or_id_map structure and related functions.
      (Nothing outside of unit tests used them.) Closes ticket 33383.
      Patch by Neel Chauhan.

  o Removed features:
    - Remove unneeded code for parsing private keys in directory
      documents. This code was only used for client authentication in v2
      onion services, which are now unsupported. Closes ticket 40374.
    - As of this release, Tor no longer supports the old v2 onion
      services. They were deprecated last July for security, and support
      will be removed entirely later this year. We strongly encourage
      everybody to migrate to v3 onion services. For more information,
      see https://blog.torproject.org/v2-deprecation-timeline . Closes
      ticket 40266. (NOTE: We accidentally released an earlier version
      of the 0.4.6.1-alpha changelog without this entry. Sorry for
      the confusion!)

  o Code simplification and refactoring (metrics, DoS):
    - Move the DoS subsystem into the subsys manager, including its
      configuration options. Closes ticket 40261.

  o Documentation (manual):
    - Move the ServerTransport* options to the "SERVER OPTIONS" section.
      Closes issue 40331.
    - Indicate that the HiddenServiceStatistics option also applies to
      bridges. Closes ticket 40346.
    - Move the description of BridgeRecordUsageByCountry to the section
      "STATISTICS OPTIONS". Closes ticket 40323.

  o Removed features (relay):
    - Because DirPorts are only used on authorities, relays no longer
      advertise them. Similarly, self-testing for DirPorts has been
      disabled, since an unreachable DirPort is no reason for a relay
      not to advertise itself. (Configuring a DirPort will still work,
      for now.) Closes ticket 40282.