| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: tor | Distribution: SUSE Linux Enterprise 15 SP3 |
| Version: 0.4.5.7 | Vendor: openSUSE |
| Release: bp153.1.1 | Build date: Fri Apr 2 00:26:54 2021 |
| Group: Unspecified | Build host: obs-arm-5 |
| Size: 16604383 | Source RPM: tor-0.4.5.7-bp153.1.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://www.torproject.org/ | |
| Summary: Anonymizing overlay network for TCP (The onion router) | |
Tor is a connection-based low-latency anonymous communication system. This package provides the "tor" program, which serves as both a client and a relay node. Scripts will automatically create a "tor" user and a "tor" group, and set tor up to run as a daemon when the system is rebooted. Applications connect to the local Tor proxy using the SOCKS protocol. The tor client chooses a path through a set of relays, in which each relay knows its predecessor and successor, but no others. Traffic flowing down the circuit is unwrapped by a symmetric key at each relay, which reveals the downstream relay. Warnings: Tor does no protocol cleaning. That means there is a danger that application protocols and associated programs can be induced to reveal information about the initiator. Tor depends on Privoxy or similar protocol cleaners to solve this problem. This is alpha code, and is even more likely than released code to have anonymity-spoiling bugs. The present network is small -- this further reduces the strength of the anonymity provided. Tor is not presently suitable for high-stakes anonymity.
BSD-3-Clause
* Tue Mar 16 2021 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.5.7
* https://lists.torproject.org/pipermail/tor-announce/2021-March/000216.html
* Fix 2 denial of service security issues (boo#1183726)
+ Disable the dump_desc() function that we used to dump unparseable
information to disk (CVE-2021-28089)
+ Fix a bug in appending detached signatures to a pending consensus
document that could be used to crash a directory authority
(CVE-2021-28090)
* Ship geoip files based on the IPFire Location Database
* Tue Feb 16 2021 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.5.6
* https://lists.torproject.org/pipermail/tor-announce/2021-February/000214.html
* Introduce a new MetricsPort HTTP interface
* Support IPv6 in the torrc Address option
* Add event-tracing library support for USDT and LTTng-UST
* Try to read N of N bytes on a TLS connection
- Drop upstream tor-practracker.patch
* Fri Feb 05 2021 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.4.7
* https://blog.torproject.org/node/1990
* Stop requiring a live consensus for v3 clients and services
* Re-entry into the network is now denied at the Exit level
* Fix undefined behavior on our Keccak library
* Strip '\r' characters when reading text files on Unix platforms
* Handle partial SOCKS5 messages correctly
- Add tor-practracker.patch to fix tests
* Wed Jan 27 2021 Bernhard Wiedemann <bwiedemann@suse.com>
- Restrict service permissions with systemd
* Thu Nov 12 2020 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.4.6
* Check channels+circuits on relays more thoroughly
(TROVE-2020-005, boo#1178741)
* Tue Sep 15 2020 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.4.5
* Improve guard selection
* IPv6 improvements
* Wed Aug 19 2020 Dominique Leuenberger <dimstar@opensuse.org>
- Use %{_tmpfilesdir} instead of abusing %{_libexecdir}/tmpfiles.d.
* Thu Jul 09 2020 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.3.6
* Fix a crash due to an out-of-bound memory access (CVE-2020-15572)
* Some minor fixes
* Mon Jun 29 2020 Bernhard Wiedemann <bwiedemann@suse.com>
- Fix logrotate to not fail when tor is stopped (boo#1164275)
* Fri May 15 2020 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.3.5:
* first stable release in the 0.4.3.x series
* implement functionality needed for OnionBalance with v3 onion
services
* significant refactoring of our configuration and controller
functionality
* Add support for banning a relay's ed25519 keys in the
approved-routers file in support for migrating away from RSA
* support OR connections through a HAProxy server
* Wed Mar 18 2020 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.2.7
* CVE-2020-10592: CPU consumption DoS and timing patterns (boo#1167013)
* CVE-2020-10593: circuit padding memory leak (boo#1167014)
* Directory authorities now signal bandwidth pressure to clients
* Avoid excess logging on bug when flushing a buffer to a TLS connection
* Fri Jan 31 2020 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.2.6
* Correct how we use libseccomp
* Fix crash when reloading logging configuration while the
experimental sandbox is enabled
* Avoid a possible crash when logging an assertion
about mismatched magic numbers
* Tue Jan 07 2020 Bernhard Wiedemann <bwiedemann@suse.com>
- Update tor.service and add defaults-torrc
to work without dropped torctl (boo#1072274)
- Add tor-master.service to allow handling multiple tor daemons
* Sat Dec 14 2019 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.2.5:
* first stable release in the 0.4.2.x series
* improves reliability and stability
* several stability and correctness improvements for onion services
* fixes many smaller bugs present in previous series
* Tue Dec 10 2019 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.1.7:
* several bugfixes to improve stability and correctness
* fixes for relays relying on AccountingMax
* Mon Oct 07 2019 Martin Pluskal <mpluskal@suse.com>
- Update dependnecnies:
* python3 instead of python
* add libpcap and seccomp
- Use more suitable macros for building and systemd dependencies
* Thu Sep 19 2019 Bernhard Wiedemann <bwiedemann@suse.com>
- update to 0.4.1.6
* Tolerate systems (including some Linux installations) where
madvise MADV_DONTFORK / MADV_DONTDUMP are available at build-time,
but not at run time.
* Do not include the deprecated <sys/sysctl.h> on Linux
* Fix the MAPADDRESS controller command to accept one or more arguments
* Always retry v2+v3 single onion service intro and rendezvous circuits
with a 3-hop path
* Use RFC 2397 data URL scheme to embed an image into tor-exit-notice.html
* Tue Aug 20 2019 Bernhard Wiedemann <bwiedemann@suse.com>
- update to 0.4.1.5
* Onion service clients now add padding cells at the start of their
INTRODUCE and RENDEZVOUS circuits to make it look like
Exit traffic
* Add a generic publish-subscribe message-passing subsystem
* Controller commands are now parsed using a generalized parsing
subsystem
* Implement authenticated SENDMEs as detailed in proposal 289
* Our node selection algorithm now excludes nodes in linear time
* Construct a fast secure pseudorandom number generator for
each thread, to use when performance is critical
* Consider our directory information to have changed when our list
of bridges changes
* Do not count previously configured working bridges towards our
total of working bridges
* When considering upgrading circuits from "waiting for guard" to
"open", always ignore circuits that are marked for close
* Properly clean up the introduction point map when circuits change
purpose
* Fix an unreachable bug in which an introduction point could try to
send an INTRODUCE_ACK
* Clients can now handle unknown status codes from INTRODUCE_ACK
cells
- Remove upstreamed tor-0.3.5.8-no-ssl-version-warning.patch
- Compile without -Werror to build with LTO (boo#1146548)
- Add fix-test.patch to workaround a LTO-induced test-failure
* Fri Jul 26 2019 matthias.gerstner@suse.com
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
firewalld, see [1].
[1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
* Mon May 20 2019 Christophe Giboudeaux <christophe@krop.fr>
- Add the missing zlib requirement.
* Fri May 10 2019 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.0.5:
* new stable branch, but not a long-term support branch
* improvements for power management and bootstrap reporting
* preliminary backend support for circuit padding to prevent some
kinds of traffic analysis
* refactoring for long-term maintainability
- drop upstreamed tor-0.3.5.8-nonetwork.patch
* Mon Apr 15 2019 Bernhard Wiedemann <bwiedemann@suse.com>
- Add tor-0.3.5.8-no-ssl-version-warning.patch (boo#1129411)
- Update tor.tmpfiles to use /run instead of /var/run
* Mon Feb 25 2019 bwiedemann@suse.com
- Add tor-0.3.5.8-nonetwork.patch to fix test failures
without network
* Fri Feb 22 2019 bwiedemann@suse.com
- tor 0.3.5.8:
* CVE-2019-8955 prevent attackers from making tor run
out of memory and crash
* Allow SOCKS5 with empty username+password
* Update geoip and geoip6 to the February 5 2019 Maxmind
GeoLite2 Country database
* Select guards even if the consensus has expired, as long
as the consensus is still reasonably live
* Mon Jan 07 2019 astieger@suse.com
- tor 0.3.5.7:
* first stable release in 0.3.5.x LTS branch
* support client authorization for v3 onion services
* cleanups to bootstrap reporting
* support for improved bandwidth measurement tools
* the default version for newly created onion services is now v3
(HiddenServiceVersion option can be used to override)
* If stem is used, an update of stem mey be required
* Mon Jan 07 2019 astieger@suse.com
- tor 0.3.4.10:
* OpenSSL compatibility fixes
* Fixes for relay bugs
* update fallback directory list
* Sat Nov 03 2018 astieger@suse.com
- tor 0.3.4.9:
* Various bug fixes, including a bandwidth management bug that
was causing memory exhaustion on relays
* Mon Sep 10 2018 astieger@suse.com
- tor 0.3.4.8 (boo#1107847):
* improvements for running in low-power and embedded environments
* preliminary changes for new bandwidth measurement system
* refine anti-denial-of-service code
* Mon Sep 10 2018 astieger@suse.com
- tor 0.3.3.10:
* various build and compatibility fixes
* The control port now exposes the list of HTTPTunnelPorts and
ExtOrPorts via GETINFO net/listeners/httptunnel and
net/listeners/extor respectively
* Authorities no longer vote to make the subprotocol version
"LinkAuth=1" a requirement: it is unsupportable with NSS, and
hasn't been needed since Tor 0.3.0.1-alpha
* When voting for recommended versions, make sure that all of the
versions are well-formed and parsable
* various minor bug fixes on onion services
* Sat Jul 14 2018 astieger@suse.com
- tor 0.3.3.9:
* move to a new bridge authority
* backport some bug fixes
- refresh upstream signing keyring
* Mon Jul 09 2018 astieger@suse.com
- tor 0.3.3.8:
* directory authority memory leak fix
* various minor bug fixes
* Tue Jun 12 2018 astieger@suse.com
- tor 0.3.3.7:
* Add an IPv6 address for the "dannenberg" directory authority
* Improve accuracy of the BUILDTIMEOUT_SET control port event's
TIMEOUT_RATE and CLOSE_RATE fields
* Only select relays when tor has descriptors that it prefers to
use for them, avoiding nonfatal errors later
* Sun May 27 2018 astieger@suse.com
- tor 0.3.3.6:
* new stable release series
* controller support and other improvements for v3 onion services
* official support for embedding Tor within other application
* Improvements to IPv6 support
* Relay option ReducedExitPolicy to configure a reasonable default
* Revent DoS via malicious protocol version string (boo#1094283)
* Many other other bug fixes and improvements
* Sat Mar 03 2018 astieger@suse.com
- tor 0.3.2.10:
* CVE-2018-0490: remote crash vulnerability against directory
authorities (boo#1083845, TROVE-2018-001)
* CVE-2018-0491: remote relay crash (boo#1083846, TROVE-2018-002)
* New system for improved resistance to DoS attacks against relays
* Various other bug fixes
* Wed Jan 10 2018 astieger@suse.com
- tor 0.3.2.9:
* new onion service design (v3), not default
* new circuit scheduler algorithm for improved performance
* directory authority updates
* many other updates and improvements
* Fri Dec 01 2017 astieger@suse.com
- tor 0.3.1.9 with the following security fixes that prevent some
traffic confirmation, DoS and other problems (bsc#1070849):
* CVE-2017-8819: Replay-cache ineffective for v2 onion services
* CVE-2017-8820: Remote DoS attack against directory authorities
* CVE-2017-8821: An attacker can make Tor ask for a password
* CVE-2017-8822: Relays can pick themselves in a circuit path
* CVE-2017-8823: Use-after-free in onion service v2
* Wed Oct 25 2017 astieger@suse.com
- tor 0.3.1.8:
* Add "Bastet" as a ninth directory authority to the default list
* The directory authority "Longclaw" has changed its IP address
* Fix a timing-based assertion failure that could occur when the
circuit out-of-memory handler freed a connection's output buffer
* Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
Country database
- drop tor-0.3.1.7-fix-zstd-i586.patch, upstreamed
* Wed Sep 20 2017 astieger@suse.com
- tor 0.3.1.7:
* Serve and download directory information in more compact
formats
* New padding padding system to resist netflow-based traffic
analysis
* Improve protection against identification of tor traffic by ISP
via ConnectionPadding option
* Reduce the number of long-term connections open between relays
- add tor-0.3.1.7-fix-zstd-i586.patch to fix 32 bit build with zstd
* Mon Sep 18 2017 astieger@suse.com
- tor 0.3.0.11:
* CVE-2017-0380: hidden services with the SafeLogging option
disabled could disclose the stack TROVE-2017-008, boo#1059194
* Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
Country database.
* drop tor-0.3.0.7-gcc7-fallthrough.patch, now upstream
* Thu Aug 03 2017 jloehel@suse.com
- tor 0.3.0.10
* Fix a typo that had prevented TPROXY-based transparent proxying
from working under Linux.
* Avoid an assertion failure bug affecting our implementation of
inet_pton(AF_INET6) on certain OpenBSD systems.
* Fri Jun 30 2017 astieger@suse.com
- tor 0.3.0.9:
* CVE-2017-0377: Fix path selection bug that would allow a client
to use a guard that was in the same network family as a chosen
exit relay (bsc#1046845)
* Don't block bootstrapping when a primary bridge is offline and
tor cannot get its descriptor
* When starting with an old consensus, do not add new entry guards
unless the consensus is "reasonably live" (under 1 day old).
* Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
Country database.
* Thu Jun 08 2017 astieger@suse.com
- tor 0.3.0.8 fixing a pair of bugs that would allow an attacker to
remotely crash a hidden service with an assertion failure
* CVE-2017-0375: remotely triggerable assertion failure when a
hidden service handles a malformed BEGIN cell (bsc#1043455)
* CVE-2017-0376: remotely triggerable assertion failure caused by
receiving a BEGIN_DIR cell on a hidden service rendezvous
circuit (bsc#1043456)
- further bug fixes:
* link handshake fixes when changing x509 certificates
* Regenerate link and authentication certificates whenever the key
that signs them changes; also, regenerate link certificates
whenever the signed key changes
* When sending an Ed25519 signing->link certificate in a CERTS cell,
send the certificate that matches the x509 certificate that was
used on the TLS connection
* Stop rejecting v3 hidden service descriptors because their size
did not match an old padding rule
* Wed May 31 2017 astieger@suse.com
- fix build with GCC 7: warning-errors on implicit fallthrough
add tor-0.3.0.7-gcc7-fallthrough.patch bsc#1041262
* Tue May 16 2017 astieger@suse.com
- tor 0.3.0.7:
* Fix an assertion failure in the hidden service directory code,
which could be used by an attacker to remotely cause a Tor
relay process to exit. TROVE-2017-002 bsc#1039211
* Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
Country database.
* Tor no longer refuses to download microdescriptors or
descriptors if they are listed as "published in the future"
* The getpid() system call is now permitted under the Linux
seccomp2 sandbox, to avoid crashing with versions of OpenSSL
(and other libraries) that attempt to learn the process's PID
by using the syscall rather than the VDSO code
* Thu Apr 27 2017 astieger@suse.com
- tor 0.3.0.6:
* clients and relays now use Ed25519 keys to authenticate their
link connections to relays, rather than the old RSA1024 keys
that they used before.
* replace the guard selection and replacement algorithm to behave
more robustly in the presence of unreliable networks, and to
resist guard-capture attacks.
* numerous other small features and bugfixes
* groundwork for the upcoming hidden-services revamp
* Wed Mar 01 2017 astieger@suse.com
- tor 0.2.9.10:
* directory authority: During voting, when marking a relay as a
probable sybil, do not clear its BadExit flag: sybils can still
be bad in other ways too.
* IPv6 Exits: Stop rejecting all IPv6 traffic on Exits whose exit
policy rejects any IPv6 addresses. Instead, only reject a port
over IPv6 if the exit policy rejects that port on more than an
IPv6 /16 of addresses.
* parsing: Fix an integer underflow bug when comparing malformed
Tor versions. This bug could crash Tor when built with
- -enable-expensive-hardening, or on Tor 0.2.9.1-alpha through
Tor 0.2.9.8, which were built with -ftrapv by default. In other
cases it was harmless. Part of TROVE-2017-001 boo#1027539
* Directory authorities now reject descriptors that claim to be
malformed versions of Tor
* Reject version numbers with components that exceed INT32_MAX.
* Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
Country database.
* The tor-resolve command line tool now rejects hostnames over 255
characters in length
* Tue Jan 24 2017 astieger@suse.com
- tor 0.2.9.9:
* Downgrade the "-ftrapv" option from "always on" to "only on
when --enable-expensive-hardening is provided." This hardening
option, like others, can turn survivable bugs into crashes --
and having it on by default made a (relatively harmless)
integer overflow bug into a denial-of-service bug
* Fix a client-side onion service reachability bug
* Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2
Country database.
* Sun Jan 01 2017 tchvatal@suse.com
- Remove conditionals for the sle11 as we won't build there due to
openssl requirements. This reduces the logic in the spec file
quite a bit
* Mon Dec 19 2016 astieger@suse.com
- tor 0.2.9.8, the first stable release in the 0.2.9.x series:
* make mandatory a number of security features that were formerly
optional
* support a new shared-randomness protocol that will form the
basis for next generation hidden services
* single-hop hidden service mode for optimizing .onion services
that don't actually want to be hidden,
* try harder not to overload the directory authorities with
excessive downloads
* support a better protocol versioning scheme for improved
compatibility with other implementations of the Tor protocol
* deprecated options for security: CacheDNS, CacheIPv4DNS,
CacheIPv6DNS, UseDNSCache, UseIPv4Cache, and UseIPv6Cache,
AllowDotExit, AllowInvalidNodes, AllowSingleHopCircuits,
AllowSingleHopExits, ClientDNSRejectInternalAddresses,
CloseHSClientCircuitsImmediatelyOnTimeout,
CloseHSServiceRendCircuitsImmediatelyOnTimeout,
ExcludeSingleHopRelays, FastFirstHopPK, TLSECGroup,
UseNTorHandshake, and WarnUnsafeSocks.
* *ListenAddress options are now deprecated as unnecessary: the
corresponding *Port options should be used instead. The
affected options are:
ControlListenAddress, DNSListenAddress, DirListenAddress,
NATDListenAddress, ORListenAddress, SocksListenAddress,
and TransListenAddress.
* Mon Dec 19 2016 astieger@suse.com
- tor 0.2.8.12:
* CVE-2016-1254: A hostile hidden service could cause tor clients
to crash (bsc#1016343)
* update fallback directory list
* Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2
Country database.
* Tue Dec 13 2016 bwiedemann@suse.com
- recommend torsocks as it is needed by included torify
* Sun Dec 11 2016 astieger@suse.com
- tor 0.2.8.11:
* Fix compilation with OpenSSL 1.1
* Fri Dec 02 2016 astieger@suse.com
- tor 0.2.8.10:
* When Tor leaves standby because of a new application request,
open circuits as needed to serve that request
* Clients now respond to new application stream requests
immediately when they arrive, rather than waiting up to one
second before starting to handle them
* small portability and memory handling issues
* Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2
Country database.
* Wed Oct 19 2016 astieger@suse.com
- tor 0.2.8.9:
* security fix: prevent remote DoS TROVE-2016-10-001 boo#1005292
* Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2
Country database.
* Update signing key
* Sat Sep 24 2016 astieger@suse.com
- tor 0.2.8.8:
* fixes some crash bugs when using bridges
* fixes a timing-dependent assertion
* removes broken fallbacks from the hard-coded fallback directory
list
* Updates geoip and geoip6 to the September 6 2016 Maxmind
GeoLite2 Country database
* Wed Aug 24 2016 astieger@suse.com
- tor 0.2.8.7:
* The "Tonga" bridge authority has been retired; the new bridge
authority is "Bifroest"
* Only use the ReachableAddresses option to restrict the first
hop in a path. In earlier versions of 0.2.8.x, it would apply
to every hop in the path, with a possible degradation in
anonymity for anyone using an uncommon ReachableAddress setting
* Sat Aug 13 2016 astieger@suse.com
- tor 0.2.8.6:
* improve client bootstrapping performance
* improved identity keys for relays (authority side)
* numerous bug fixes and performance improvements
* Mon Mar 21 2016 astieger@suse.com
- adjust nologin shell for tor user boo#971872
* Fri Dec 11 2015 mpluskal@suse.com
- Make building more verbose
- Remove useless conditon for libevent, there is dependency for it
anyway
* Fri Dec 11 2015 astieger@suse.com
- skip tests on ports
* Fri Dec 11 2015 astieger@suse.com
- tor 0.2.7.6 fixes a major bug in entry guard selection, as well
as a minor bug in hidden service reliability. [boo#958729]
* Tue Nov 24 2015 astieger@suse.com
- 0.2.7.5:
* More secure identity key type for relays
* Improve cryptography performance
* Resolve several longstanding hidden-service performance issues
* Improve controller support for hidden services
- Features removed:
* tor-fw-helper is no longer part of thie packaged, it was
re-implemented as a separate project
- Packaging changes:
* drop upstreamed patch
tor-0.2.6.10-malformed-hostname-safe-logging.patch
* Wed Oct 14 2015 astieger@suse.com
- fix Factory build (ignore missing systemd-tmpfiles)
* Wed Aug 26 2015 astieger@suse.com
- Malformed hostnames in socks5 requests were written to the log
regardless of SafeLogging option (CWE-532) [boo#943362]
add tor-0.2.6.10-malformed-hostname-safe-logging.patch
* Sun Jul 12 2015 astieger@suse.com
- tor 0.2.6.10:
Significant stability and hidden service client fixes.
* Stop refusing to store updated hidden service descriptors on a
client.
* Stop crashing with an assertion failure when parsing certain
kinds of malformed or truncated microdescriptors.
* Stop random client-side assertion failures that could occur
when connecting to a busy hidden service, or connecting to a
hidden service while a NEWNYM is in progress.
* Thu Jun 11 2015 astieger@suse.com
- tor 0.2.6.9:
Clients using circuit isolation should upgrade;
all directory authorities should upgrade.
* fixes a regression in the circuit isolation code
* increases the requirements for receiving an HSDir flag
* addresses some small bugs in the systemd and sandbox code.
* Sat May 23 2015 astieger@suse.com
- tor 0.2.6.8:
This release fixes a bit of dodgy code in parsing INTRODUCE2 cells,
and fixes an authority-side bug in assigning the HSDir flag. All
directory authorities should upgrade.
- Revert commit that made directory authorities assign the HSDir
flag to relay without a DirPort; this was bad because such relays
can't handle BEGIN_DIR cells.
- Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells
on a client authorized hidden service.
- Update geoip to the April 8 2015 Maxmind GeoLite2 Country
database.
- Update geoip6 to the April 8 2015 Maxmind GeoLite2
Country database.
* Mon Apr 06 2015 astieger@suse.com
- tor 0.2.6.7
This releases fixes two security issues that could be used by an
attacker to crash hidden services, or crash clients visiting
hidden services. Hidden services should upgrade as soon as
possible. [boo#926097]
This release also contains two simple improvements to make hidden
services a bit less vulnerable to denial-of-service attacks.
- Fix an issue that would allow a malicious client to trigger an
assertion failure and halt a hidden service. CVE-2015-2928
- Fix a bug that could cause a client to crash with an assertion
failure when parsing a malformed hidden service descriptor.
CVE-2015-2929
- Introduction points no longer allow multiple INTRODUCE1 cells
to arrive on the same circuit. This should make it more
expensive for attackers to overwhelm hidden services with
introductions.
- Decrease the amount of reattempts that a hidden service
performs when its rendezvous circuits fail. This reduces the
computational cost for running a hidden service under heavy
load.
* Sun Mar 29 2015 astieger@suse.com
- tor 0.2.6.6, the first stable release in the 0.2.6 series:
* safety/security improvements
* correctness improvements
* performance improvements
* Client programs can be configured to use more kinds of sockets
* AutomapHosts works better
* multithreading backend is improved
* cell transmission is refactored
* test coverage is much higher
* more denial-of-service attacks are handled
* guard selection is improved to handle long-term guards better
* pluggable transports should work a bit better
* some annoying hidden service performance bugs addressed
- new minimal configuration file installed as active configuration
allows daemon to be run right after package installation
- build with systemd notifications where supported
* Wed Mar 25 2015 astieger@suse.com
- add CVE IDs for 0.2.5.11 release
* Thu Mar 19 2015 astieger@suse.com
- tor 0.2.5.11 [boo#923284]:
Contains several medium-level security fixes for relays and exit
nodes and also updates the list of directory authorities.
* Directory authority updates
* relay crashes trough assertion (CVE-2015-2688)
* exit node crash through assertion under high DNS load
(CVE-2015-2689)
* do not crash when receiving SIGHUP with the seccomp2 sandbox on
* do not crash sh during attempts to call wait4
* new "GETINFO bw-event-cache" for controllers
* update geoip/geoip6 to the March 3 2015
* Avoid crashing on malformed VirtualAddrNetworkIPv[4|6] config
* Fix a memory leak when using AutomapHostsOnResolve
* Allow directory authorities to fetch more data from one another
* Fri Jan 23 2015 andreas.stieger@gmx.de
- fix build for SLE 12, libminiupnpc-devel not available
* Fri Oct 24 2014 andreas.stieger@gmx.de
- tor 0.2.5.10, the first stable release in the 0.2.5 series.
* improved denial-of-service resistance for relays
* new compiler hardening options
* system-call sandbox for hardened installations on Linux
(requires seccomp2)
* controller protocol has several new features
* improvements in resolving IPv6 addresses
* relays more CPU-efficient
- adjust tor-0.2.4.x-logrotate.patch to tor-0.2.5.x-logrotate.patch
- run unit tests
* Thu Oct 23 2014 andreas.stieger@gmx.de
- tor 0.2.4.25 [boo#902476]
Disables SSL3 in response to the recent "POODLE" attack (even
though POODLE does not affect Tor).
It also works around a crash bug caused by some operating systems'
response to the "POODLE" attack (which does affect Tor).
- Disable support for SSLv3.
- Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
1.0.1j, built with the 'no-ssl3' configuration option.
/etc/logrotate.d/tor /etc/tor /etc/tor/torrc /etc/tor/torrc.minimal /etc/tor/torrc.sample /usr/bin/tor /usr/bin/tor-gencert /usr/bin/tor-print-ed-signing-cert /usr/bin/tor-resolve /usr/bin/torify /usr/lib/systemd/system/tor-master.service /usr/lib/systemd/system/tor.service /usr/lib/tmpfiles.d/tor.conf /usr/sbin/rctor /usr/share/doc/packages/tor /usr/share/doc/packages/tor/ChangeLog /usr/share/doc/packages/tor/HACKING /usr/share/doc/packages/tor/HACKING/CodingStandards.md /usr/share/doc/packages/tor/HACKING/CodingStandardsRust.md /usr/share/doc/packages/tor/HACKING/Fuzzing.md /usr/share/doc/packages/tor/HACKING/GettingStarted.md /usr/share/doc/packages/tor/HACKING/GettingStartedRust.md /usr/share/doc/packages/tor/HACKING/HelpfulTools.md /usr/share/doc/packages/tor/HACKING/HowToReview.md /usr/share/doc/packages/tor/HACKING/Module.md /usr/share/doc/packages/tor/HACKING/README.1st.md /usr/share/doc/packages/tor/HACKING/ReleasingTor.md /usr/share/doc/packages/tor/HACKING/WritingTests.md /usr/share/doc/packages/tor/README /usr/share/doc/packages/tor/tor-gencert.html /usr/share/doc/packages/tor/tor-print-ed-signing-cert.html /usr/share/doc/packages/tor/tor-resolve.html /usr/share/doc/packages/tor/tor.html /usr/share/doc/packages/tor/torify.html /usr/share/licenses/tor /usr/share/licenses/tor/LICENSE /usr/share/man/man1/tor-gencert.1.gz /usr/share/man/man1/tor-print-ed-signing-cert.1.gz /usr/share/man/man1/tor-resolve.1.gz /usr/share/man/man1/tor.1.gz /usr/share/man/man1/torify.1.gz /usr/share/tor /usr/share/tor/defaults-torrc /usr/share/tor/geoip /usr/share/tor/geoip6 /var/lib/tor /var/log/tor
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Apr 9 16:43:41 2024