Among the bugs fixed, note especially the entry guard and server DOS security fixes: "Changes in version 0.2.1.8-alpha - 2008-12-08 o Major features: - New DirPortFrontPage option that takes an html file and publishes it as "/" on the DirPort. Now relay operators can provide a disclaimer without needing to set up a separate webserver. There's a sample disclaimer in contrib/tor-exit-notice.html. o Security fixes: - When the client is choosing entry guards, now it selects at most one guard from a given relay family. Otherwise we could end up with all of our entry points into the network run by the same operator. Suggested by Camilo Viecco. Fix on 0.1.1.11-alpha. o Major bugfixes: - Fix a DOS opportunity during the voting signature collection process at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x. - Fix a possible segfault when establishing an exit connection. Bugfix on 0.2.1.5-alpha. o Minor bugfixes: - Get file locking working on win32. Bugfix on 0.2.1.6-alpha. Fixes bug 859. - Made Tor a little less aggressive about deleting expired certificates. Partial fix for bug 854. - Stop doing unaligned memory access that generated bus errors on sparc64. Bugfix on 0.2.0.10-alpha. Fix for bug 862. - Fix a crash bug when changing EntryNodes from the controller. Bugfix on 0.2.1.6-alpha. Fix for bug 867. Patched by Sebastian. - Make USR2 log-level switch take effect immediately. Bugfix on 0.1.2.8-beta. - If one win32 nameserver fails to get added, continue adding the rest, and don't automatically fail. - Use fcntl() for locking when flock() is not available. Should fix compilation on Solaris. Should fix Bug 873. Bugfix on 0.2.1.6-alpha. - Do not mark smartlist_bsearch_idx() function as ATTR_PURE. This bug could make gcc generate non-functional binary search code. Bugfix on 0.2.0.10-alpha. - Build correctly on platforms without socklen_t. - Avoid potential crash on internal error during signature collection. Fixes bug 864. Patch from rovv. - Do not use C's stdio library for writing to log files. This will improve logging performance by a minute amount, and will stop leaking fds when our disk is full. Fixes bug 861. - Stop erroneous use of O_APPEND in cases where we did not in fact want to re-seek to the end of a file before every last write(). - Correct handling of possible malformed authority signing key certificates with internal signature types. Fixes bug 880. Bugfix on 0.2.0.3-alpha. - Fix a hard-to-trigger resource leak when logging credential status. CID 349. o Minor features: - Directory mirrors no longer fetch the v1 directory or running-routers files. They are obsolete, and nobody asks for them anymore. This is the first step to making v1 authorities obsolete. o Minor features (controller): - Return circuit purposes in response to GETINFO circuit-status. Fixes bug 858." Fix: Patch attached with submission follows:
Responsible Changed From-To: freebsd-ports-bugs->miwi miwi@ wants his PRs (via the GNATS Auto Assign Tool)
Maintainer of security/tor-devel, Please note that PR ports/129540 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/129540 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Revise the patch to include the necessary changes from "ports/129353: security/tor-devel doesn't run after upgrade", by Peter's request (he is away for a week or two, and can't fix it himself right now). b.
Approved
State Changed From-To: feedback->closed Committed. Thanks!