Subject: CVS commit: [pkgsrc-2006Q3] pkgsrc/net/tor
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 12/18/2006 20:17:52
Module Name: pkgsrc
Committed By: salo
Date: Mon Dec 18 20:17:52 UTC 2006
Modified Files:
pkgsrc/net/tor [pkgsrc-2006Q3]: Makefile distinfo
Removed Files:
pkgsrc/net/tor/patches [pkgsrc-2006Q3]: patch-ae
Log Message:
Pullup ticket 1961 - requested by tv
security update for tor
Revisions pulled up:
- pkgsrc/net/tor/Makefile 1.34, 1.36, 1.38
- pkgsrc/net/tor/distinfo 1.21, 1.22, 1.23
- pkgsrc/net/tor/patches/patch-ae removed
Module Name: pkgsrc
Committed By: tv
Date: Mon Oct 9 00:51:26 UTC 2006
Modified Files:
pkgsrc/net/tor: Makefile distinfo
Removed Files:
pkgsrc/net/tor/patches: patch-ae
Log Message:
Update to 0.1.1.24. Changes:
Changes in version 0.1.1.24 - 2006-09-29
o Major bugfixes:
- Allow really slow clients to not hang up five minutes into their
directory downloads (suggested by Adam J. Richter).
- Fix major performance regression from 0.1.0.x: instead of checking
whether we have enough directory information every time we want to
do something, only check when the directory information has changed.
This should improve client CPU usage by 25-50%.
- Don't crash if, after a server has been running for a while,
it can't resolve its hostname.
- When a client asks us to resolve (not connect to) an address,
and we have a cached answer, give them the cached answer.
Previously, we would give them no answer at all.
o Minor bugfixes:
- Allow Tor to start when RunAsDaemon is set but no logs are set.
- Don't crash when the controller receives a third argument to an
"extendcircuit" request.
- Controller protocol fixes: fix encoding in "getinfo addr-mappings"
response; fix error code when "getinfo dir/status/" fails.
- Fix configure.in to not produce broken configure files with
more recent versions of autoconf. Thanks to Clint for his auto*
voodoo.
- Fix security bug on NetBSD that could allow someone to force
uninitialized RAM to be sent to a server's DNS resolver. This
only affects NetBSD and other platforms that do not bounds-check
tolower().
- Warn user when using libevent 1.1a or earlier with win32 or kqueue
methods: these are known to be buggy.
- If we're a directory mirror and we ask for "all" network status
documents, we would discard status documents from authorities
we don't recognize.
---
Module Name: pkgsrc
Committed By: tv
Date: Wed Nov 8 19:41:10 UTC 2006
Modified Files:
pkgsrc/net/tor: Makefile distinfo
Log Message:
Update to 0.1.1.25.
Changes in version 0.1.1.25 - 2006-11-04
o Major bugfixes:
- When a client asks us to resolve (rather than connect to)
an address, and we have a cached answer, give them the cached
answer. Previously, we would give them no answer at all.
- We were building exactly the wrong circuits when we predict
hidden service requirements, meaning Tor would have to build all
its circuits on demand.
- If none of our live entry guards have a high uptime, but we
require a guard with a high uptime, try adding a new guard before
we give up on the requirement. This patch should make long-lived
connections more stable on average.
- When testing reachability of our DirPort, don't launch new
tests when there's already one in progress -- unreachable
servers were stacking up dozens of testing streams.
o Security bugfixes:
- When the user sends a NEWNYM signal, clear the client-side DNS
cache too. Otherwise we continue to act on previous information.
o Minor bugfixes:
- Avoid a memory corruption bug when creating a hash table for
the first time.
- Avoid possibility of controller-triggered crash when misusing
certain commands from a v0 controller on platforms that do not
handle printf("%s",NULL) gracefully.
- Avoid infinite loop on unexpected controller input.
- Don't log spurious warnings when we see a circuit close reason we
don't recognize; it's probably just from a newer version of Tor.
- Add Vidalia to the OS X uninstaller script, so when we uninstall
Tor/Privoxy we also uninstall Vidalia.
---
Module Name: pkgsrc
Committed By: tv
Date: Sun Dec 17 21:53:44 UTC 2006
Modified Files:
pkgsrc/net/tor: Makefile distinfo
Log Message:
Update to 0.1.1.26 to fix information disclosure vuln.
Changes in version 0.1.1.26 - 2006-12-14
o Security bugfixes:
- Stop sending the HttpProxyAuthenticator string to directory
servers when directory connections are tunnelled through Tor.
- Clients no longer store bandwidth history in the state file.
- Do not log introduction points for hidden services if SafeLogging
is set.
o Minor bugfixes:
- Fix an assert failure when a directory authority sets
AuthDirRejectUnlisted and then receives a descriptor from an
unlisted router (reported by seeess).
To generate a diff of this commit:
cvs rdiff -r1.33 -r1.33.2.1 pkgsrc/net/tor/Makefile
cvs rdiff -r1.20 -r1.20.2.1 pkgsrc/net/tor/distinfo
cvs rdiff -r1.1 -r0 pkgsrc/net/tor/patches/patch-ae
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.