ports/146091: [UPDATE] security/tor-devel to version 0.2.2.13-alpha
Andrei Lavreniyuk
andy.lavr at gmail.com
Tue Apr 27 15:20:02 UTC 2010
>Number: 146091
>Category: ports
>Synopsis: [UPDATE] security/tor-devel to version 0.2.2.13-alpha
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Apr 27 15:20:01 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Andrei Lavreniyuk
>Release: FreeBSD 8.0-STABLE
>Organization:
Technica-03, Inc.
>Environment:
FreeBSD datacenter.technica-03.local 8.0-STABLE FreeBSD 8.0-STABLE #0: Thu Apr 22 13:55:08 EEST 2010 root at datacenter.technica-03.local:/usr/obj/usr/src/sys/SMP64 amd64
>Description:
Changes in version 0.2.2.13-alpha - 2010-04-24
o Major bugfixes:
- Teach relays to defend themselves from connection overload. Relays
now close idle circuits early if it looks like they were intended
for directory fetches. Relays are also more aggressive about closing
TLS connections that have no circuits on them. Such circuits are
unlikely to be re-used, and tens of thousands of them were piling
up at the fast relays, causing the relays to run out of sockets
and memory. Bugfix on 0.2.0.22-rc (where clients started tunneling
their directory fetches over TLS).
o Minor features:
- Finally get rid of the deprecated and now harmful notion of "clique
mode", where directory authorities maintain TLS connections to
every other relay.
- Directory authorities now do an immediate reachability check as soon
as they hear about a new relay. This change should slightly reduce
the time between setting up a relay and getting listed as running
in the consensus. It should also improve the time between setting
up a bridge and seeing use by bridge users.
- Directory authorities no longer launch a TLS connection to every
relay as they startup. Now that we have 2k+ descriptors cached,
the resulting network hiccup is becoming a burden. Besides,
authorities already avoid voting about Running for the first half
hour of their uptime.
Changes in version 0.2.2.12-alpha - 2010-04-20
Tor 0.2.2.12-alpha fixes a critical bug in how directory authorities
handle and vote on descriptors. It was causing relays to drop out of
the consensus.
o Major bugfixes:
- Many relays have been falling out of the consensus lately because
not enough authorities know about their descriptor for them to get
a majority of votes. When we deprecated the v2 directory protocol,
we got rid of the only way that v3 authorities can hear from each
other about other descriptors. Now authorities examine every v3
vote for new descriptors, and fetch them from that authority. Bugfix
on 0.2.1.23.
- Fix two typos in tor_vasprintf() that broke the compile on Windows,
and a warning in or.h related to bandwidth_weight_rule_t that
prevented clean compile on OS X. Fixes bug 1363; bugfix on
0.2.2.11-alpha.
- Fix a segfault on relays when DirReqStatistics is enabled
and 24 hours pass. Bug found by keb. Fixes bug 1365; bugfix on
0.2.2.11-alpha.
o Minor bugfixes:
- Demote a confusing TLS warning that relay operators might get when
someone tries to talk to their OrPort. It is neither the operator's
fault nor can they do anything about it. Fixes bug 1364; bugfix
on 0.2.0.14-alpha.
Changes in version 0.2.2.11-alpha - 2010-04-15
Tor 0.2.2.11-alpha fixes yet another instance of broken OpenSSL
libraries that was causing some relays to drop out of the consensus.
o Major bugfixes:
- Directory mirrors were fetching relay descriptors only from v2
directory authorities, rather than v3 authorities like they should.
Only 2 v2 authorities remain (compared to 7 v3 authorities), leading
to a serious bottleneck. Bugfix on 0.2.0.9-alpha. Fixes bug 1324.
- Fix a parsing error that made every possible value of
CircPriorityHalflifeMsec get treated as "1 msec". Bugfix
on 0.2.2.7-alpha. Rename CircPriorityHalflifeMsec to
CircuitPriorityHalflifeMsec, so authorities can tell newer relays
about the option without breaking older ones.
- Fix SSL renegotiation behavior on OpenSSL versions like on Centos
that claim to be earlier than 0.9.8m, but which have in reality
backported huge swaths of 0.9.8m or 0.9.8n renegotiation
behavior. Possible fix for some cases of bug 1346.
o Minor features:
- Experiment with a more aggressive approach to preventing clients
from making one-hop exit streams. Exit relays who want to try it
out can set "RefuseUnknownExits 1" in their torrc, and then look
for "Attempt by %s to open a stream" log messages. Let us know
how it goes!
- Add support for statically linking zlib by specifying
--enable-static-zlib, to go with our support for statically linking
openssl and libevent. Resolves bug 1358.
o Minor bugfixes:
- Fix a segfault that happens whenever a Tor client that is using
libevent2's bufferevents gets a hup signal. Bugfix on 0.2.2.5-alpha;
fixes bug 1341.
- When we cleaned up the contrib/tor-exit-notice.html file, we left
out the first line. Fixes bug 1295.
- When building the manpage from a tarball, we required asciidoc, but
the asciidoc -> roff/html conversion was already done for the
tarball. Make 'make' complain only when we need asciidoc (either
because we're compiling directly from git, or because we altered
the asciidoc manpage in the tarball). Bugfix on 0.2.2.9-alpha.
- When none of the directory authorities vote on any params, Tor
segfaulted when trying to make the consensus from the votes. We
didn't trigger the bug in practice, because authorities do include
params in their votes. Bugfix on 0.2.2.10-alpha; fixes bug 1322.
o Testsuite fixes:
- In the util/threads test, no longer free the test_mutex before all
worker threads have finished. Bugfix on 0.2.1.6-alpha.
- The master thread could starve the worker threads quite badly on
certain systems, causing them to run only partially in the allowed
window. This resulted in test failures. Now the master thread sleeps
occasionally for a few microseconds while the two worker-threads
compete for the mutex. Bugfix on 0.2.0.1-alpha.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -ruN tor-devel.bak/Makefile tor-devel/Makefile
--- tor-devel.bak/Makefile 2010-03-10 20:43:23.000000000 +0200
+++ tor-devel/Makefile 2010-04-27 18:02:00.000000000 +0300
@@ -6,7 +6,7 @@
#
PORTNAME= tor
-DISTVERSION= 0.2.2.10-alpha
+DISTVERSION= 0.2.2.13-alpha
CATEGORIES= security net ipv6
MASTER_SITES= http://www.torproject.org/dist/ \
http://tor.cypherpunks.at/dist/ \
diff -ruN tor-devel.bak/distinfo tor-devel/distinfo
--- tor-devel.bak/distinfo 2010-03-10 20:43:23.000000000 +0200
+++ tor-devel/distinfo 2010-04-27 18:02:00.000000000 +0300
@@ -1,3 +1,3 @@
-MD5 (tor-0.2.2.10-alpha.tar.gz) = e2576c3c355b1c6830c91fb0643f06be
-SHA256 (tor-0.2.2.10-alpha.tar.gz) = 839c1bfabde240985a60261173adc34c49f69e48816088cfa44d8dde200213e6
-SIZE (tor-0.2.2.10-alpha.tar.gz) = 2301340
+MD5 (tor-0.2.2.13-alpha.tar.gz) = 8e332a7a91f78cdc3071a6fd77609264
+SHA256 (tor-0.2.2.13-alpha.tar.gz) = abf0386ceec9b04a795ac270cdad40f0497916eaf1cec4f952c915a3a7da3dc2
+SIZE (tor-0.2.2.13-alpha.tar.gz) = 2306769
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list