2014-06-01 14:49:35 by Thomas Klausner | Files touched by this commit (208) |
Log message:
Remove FETCH_USING.
It is a user-defined variable and should NOT be set in Makefiles.
|
2013-09-12 00:09:07 by Christian St. | Files touched by this commit (3) | |
Log message:
update tor from 0.2.4.11-alpha to 0.2.4.17-rc
|
2013-03-25 07:17:16 by Christian St. | Files touched by this commit (3) | |
Log message:
update tor-dev to 0.2.4.11-alpha
|
2012-10-07 19:17:35 by Aleksej Saushev | Files touched by this commit (55) |
Log message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Mark packages that don't or might probably not have staged installation.
|
2012-06-21 11:35:53 by Christian St. | Files touched by this commit (2) |
Log message:
Update to 0.2.3.17 (too many changes and versions to list here)
Fixed torify's path like in net/tor.
Original patch by Blair Sadewitz in PR pkg/46598.
|
2011-10-08 01:44:05 by Christian St. | Files touched by this commit (2) | |
Log message:
update tor to 2.3.5
|
2011-03-13 02:39:16 by Christian St. | Files touched by this commit (3) |
Log message:
Changes in version 0.2.2.23-alpha - 2011-03-08
Tor 0.2.2.23-alpha lets relays record their bandwidth history so when
they restart they don't lose their bandwidth capacity estimate. This
release also fixes a diverse set of user-facing bugs, ranging from
relays overrunning their rate limiting to clients falsely warning about
clock skew to bridge descriptor leaks by our bridge directory authority.
o Major bugfixes:
- Stop sending a CLOCK_SKEW controller status event whenever
we fetch directory information from a relay that has a wrong clock.
Instead, only inform the controller when it's a trusted authority
that claims our clock is wrong. Bugfix on 0.1.2.6-alpha; fixes
the rest of bug 1074.
- Fix an assert in parsing router descriptors containing IPv6
addresses. This one took down the directory authorities when
somebody tried some experimental code. Bugfix on 0.2.1.3-alpha.
- Make the bridge directory authority refuse to answer directory
requests for "all" descriptors. It used to include bridge
descriptors in its answer, which was a major information leak.
Found by "piebeer". Bugfix on 0.2.0.3-alpha.
- If relays set RelayBandwidthBurst but not RelayBandwidthRate,
Tor would ignore their RelayBandwidthBurst setting,
potentially using more bandwidth than expected. Bugfix on
0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470.
- Ignore and warn if the user mistakenly sets "PublishServerDescriptor
hidserv" in her torrc. The 'hidserv' argument never controlled
publication of hidden service descriptors. Bugfix on 0.2.0.1-alpha.
o Major features:
- Relays now save observed peak bandwidth throughput rates to their
state file (along with total usage, which was already saved)
so that they can determine their correct estimated bandwidth on
restart. Resolves bug 1863, where Tor relays would reset their
estimated bandwidth to 0 after restarting.
- Directory authorities now take changes in router IP address and
ORPort into account when determining router stability. Previously,
if a router changed its IP or ORPort, the authorities would not
treat it as having any downtime for the purposes of stability
calculation, whereas clients would experience downtime since the
change could take a while to propagate to them. Resolves issue 1035.
- Enable Address Space Layout Randomization (ASLR) and Data Execution
Prevention (DEP) by default on Windows to make it harder for
attackers to exploit vulnerabilities. Patch from John Brooks.
|
2011-02-19 02:51:18 by Christian St. | Files touched by this commit (2) |
Log message:
Update tor to 0.2.2.22
Changes in version 0.2.2.22-alpha - 2011-01-25
Tor 0.2.2.22-alpha fixes a few more less-critical security issues. The
main other change is a slight tweak to Tor's TLS handshake that makes
relays and bridges that run this new version reachable from Iran again.
We don't expect this tweak will win the arms race long-term, but it
will buy us a bit more time until we roll out a better solution.
o Major bugfixes:
- Fix a bounds-checking error that could allow an attacker to
remotely crash a directory authority. Bugfix on 0.2.1.5-alpha.
Found by "piebeer".
- Don't assert when changing from bridge to relay or vice versa
via the controller. The assert happened because we didn't properly
initialize our keys in this case. Bugfix on 0.2.2.18-alpha; fixes
bug 2433. Reported by bastik.
o Minor features:
- Adjust our TLS Diffie-Hellman parameters to match those used by
Apache's mod_ssl.
- Provide a log message stating which geoip file we're parsing
instead of just stating that we're parsing the geoip file.
Implements ticket 2432.
o Minor bugfixes:
- Check for and reject overly long directory certificates and
directory tokens before they have a chance to hit any assertions.
Bugfix on 0.2.1.28 / 0.2.2.20-alpha. Found by "doorss".
|
2010-12-03 16:37:16 by Christian St. | Files touched by this commit (2) |
Log message:
Changes in version 0.2.2.19-alpha - 2010-11-22
Yet another OpenSSL security patch broke its compatibility with Tor:
Tor 0.2.2.19-alpha makes relays work with OpenSSL 0.9.8p and 1.0.0.b.
o Major bugfixes:
- Resolve an incompatibility with OpenSSL 0.9.8p and OpenSSL 1.0.0b:
No longer set the tlsext_host_name extension on server SSL objects;
but continue to set it on client SSL objects. Our goal in setting
it was to imitate a browser, not a vhosting server. Fixes bug 2204;
bugfix on 0.2.1.1-alpha.
o Minor bugfixes:
- Try harder not to exceed the maximum length of 50 KB when writing
statistics to extra-info descriptors. This bug was triggered by very
fast relays reporting exit-port, entry, and dirreq statistics.
Reported by Olaf Selke. Bugfix on 0.2.2.1-alpha. Fixes bug 2183.
- Publish a router descriptor even if generating an extra-info
descriptor fails. Previously we would not publish a router
descriptor without an extra-info descriptor; this can cause fast
exit relays collecting exit-port statistics to drop from the
consensus. Bugfix on 0.1.2.9-rc; fixes bug 2195.
|
2010-04-28 13:48:41 by Christian St. | Files touched by this commit (2) | |
Log message:
update tor to 0.2.2.13-alpha
Changes in version 0.2.2.13-alpha - 2010-04-24
o Major bugfixes:
- Teach relays to defend themselves from connection overload. Relays
now close idle circuits early if it looks like they were intended
for directory fetches. Relays are also more aggressive about closing
TLS connections that have no circuits on them. Such circuits are
unlikely to be re-used, and tens of thousands of them were piling
up at the fast relays, causing the relays to run out of sockets
and memory. Bugfix on 0.2.0.22-rc (where clients started tunneling
their directory fetches over TLS).
o Minor features:
- Finally get rid of the deprecated and now harmful notion of "clique
mode", where directory authorities maintain TLS connections to
every other relay.
- Directory authorities now do an immediate reachability check as soon
as they hear about a new relay. This change should slightly reduce
the time between setting up a relay and getting listed as running
in the consensus. It should also improve the time between setting
up a bridge and seeing use by bridge users.
- Directory authorities no longer launch a TLS connection to every
relay as they startup. Now that we have 2k+ descriptors cached,
the resulting network hiccup is becoming a burden. Besides,
authorities already avoid voting about Running for the first half
hour of their uptime.
|