Package Release Info

tor-0.4.8.9-bp155.2.6.1

Update Info: openSUSE-2023-378
Available in Package Hub : 15 SP5 Update

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

tor

Change Logs

Version: 0.4.8.11-bp156.1.1
* Thu Apr 11 2024 Bernhard Wiedemann <bwiedemann@suse.de>
- tor 0.4.8.11
  * Minor features and bugfixes
  * See https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes
* Wed Feb 14 2024 Martin Pluskal <mpluskal@suse.com>
- Enables scrypt support unconditionally
* Mon Feb 05 2024 Andreas Stieger <andreas.stieger@gmx.de>
- fix users/groups with rpm 4.19
Version: 0.4.8.10-bp154.2.21.1
* Fri Dec 08 2023 Bernhard Wiedemann <bwiedemann@suse.de>
- tor 0.4.8.10:
  * (TROVE-2023-007, exit) (boo#1217918)
  - fix a a UAF and NULL pointer dereference crash on Exit relays
Version: 0.4.8.9-bp154.2.18.1
* Thu Nov 09 2023 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.8.9:
  * (onion service, TROVE-2023-006):
  - Fix a possible hard assert on a NULL pointer
  * (guard usage):
  - When Tor excluded a guard due to temporary circuit restrictions,
    it considered *additional* primary guards for potential usage by
    that circuit.
Version: 0.4.8.8-bp154.2.15.1
* Fri Nov 03 2023 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.8.8:
  * Mitigate an issue when Tor compiled with OpenSSL can crash during
    handshake with a remote relay. (TROVE-2023-004, boo#1216873)
  * Regenerate fallback directories generated on November 03, 2023.
  * Update the geoip files to match the IPFire Location Database, as
    retrieved on 2023/11/03
  * directory authority: Look at the network parameter
    "maxunmeasuredbw" with the correct spelling
  * vanguards addon support: Count the conflux linked cell as
    valid when it is successfully processed. This will quiet a
    spurious warn in the vanguards addon
* Mon Sep 25 2023 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.8.7:
  * Fix an issue that prevented us from pre-building more conflux
    sets after existing sets had been used
* Tue Sep 19 2023 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.8.6:
  * onion service: Fix a reliability issue where services were
    expiring their introduction points every consensus update.
    This caused connectivity issues for clients caching the old
    descriptor and intro points
  * Log the input and output buffer sizes when we detect a potential
    compression bomb
  * Disable multiple BUG warnings of a missing relay identity key when
    starting an instance of Tor compiled without relay support
  * When reporting a pseudo-networkstatus as a bridge authority, or
    answering "ns/purpose/*" controller requests, include accurate
    published-on dates from our list of router descriptors
  * Use less frightening language and lower the log-level of our
    run-time ABI compatibility check message in our Zstd
    compression subsystem
* Wed Aug 30 2023 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.8.5:
  * bugfixes creating log BUG stacktrace
* Sun Aug 27 2023 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.8.4:
  * Extend DoS protection to partially opened channels and known
    relays
  * Dynamic Proof-Of-Work protocol to thwart flooding DoS attacks
    against hidden services. Disabled by default, enable via
    "HiddenServicePoW" in torrc
  * Implement conflux traffic splitting
  * Directory authorities and relays now interact properly with
    directory authorities if they change addresses
* Sun Jul 30 2023 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.7.14:
  * bugfix affecting vanguards (onion service), and minor fixes
* Fri Mar 10 2023 Martin Pluskal <mpluskal@suse.com>
- Enable support for scrypt()
Version: 0.3.5.18-28.1
* Fri Nov 10 2023 bwiedemann@suse.de
- tor 0.3.5.18
  see /usr/share/doc/packages/tor/ChangeLog for details
Version: 0.4.7.8-bp153.2.15.1
* Thu Jun 16 2022 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.7.8
  * Fix a scenario where RTT estimation can become wedged, seriously
    degrading congestion control performance on all circuits. This
    impacts clients, onion services, and relays, and can be triggered
    remotely by a malicious endpoint.
    (TROVE-2022-001, CVE-2022-33903, boo#1200672)
  * Regenerate fallback directories generated on June 17, 2022.
  * Update the geoip files to match the IPFire Location Database, as
    retrieved on 2022/06/17.
  * Allow the rseq system call in the sandbox
  * logging bug fixes
Version: 0.4.7.7-bp153.2.12.1
* Wed Apr 27 2022 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.7.7
  * New feature: Congestion control to improve traffic speed and
    stability on the network once a majority of Exit nodes upgrade
    boo#1198949
  * Directory authorities: improved handling of "MiddleOnly" relays
  * Improved mitigation against guard discovery attacks on clients
    and short-lived services
  * Improve observed performance under DNS load
  * Improve handling of overload state
  * end-of-life relays running version 0.4.2.x, 0.4.3.x,
    0.4.4.x and 0.4.5 alphas/rc, 0.3.5.x are now rejected
  * Onion service v2 addresses are no longer recognized
* Sun Feb 06 2022 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.6.10
  * minor bugfixes and features
  * https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.6/ReleaseNotes
* Fri Dec 17 2021 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.6.9:
  * remove the DNS timeout metric from the overload general signal
  * regenerate fallback directories generated on December 15, 2021
  * Update the geoip files to match the IPFire Location Database,
    as retrieved on 2021/12/15
  * Reject IPv6-only DirPort
Version: 0.4.7.13-bp153.2.24.1
* Fri Jan 13 2023 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.7.13:
  * fix SafeSocks option to avoid DNS leaks (boo#1207110, TROVE-2022-002)
  * improve congestion control
  * fix relay channel handling
* Tue Dec 06 2022 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.7.12:
  * new key for moria1
  * new metrics are exported on the MetricsPort for the congestion
    control subsystem
Version: 0.4.7.11-bp153.2.21.1
* Thu Nov 10 2022 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.7.11:
  * Improve security of DNS cache by randomly clipping the TTL
    value (boo#1205307, TROVE-2021-009)
  * Improved defenses against network-wide DoS, multiple counters
    and metrics added to MetricsPorts
  * Apply circuit creation anti-DoS defenses if the outbound
    circuit max cell queue size is reached too many times. This
    introduces two new consensus parameters to control the queue
    size limit and number of times allowed to go over that limit.
  * Directory authority updates
  * IPFire database and geoip updates
  * Bump the maximum amount of CPU that can be used from 16 to 128.
    The NumCPUs torrc option overrides this hardcoded maximum.
  * onion service: set a higher circuit build timeout for opened
    client rendezvous circuit to avoid timeouts and retry load
  * Make the service retry a rendezvous if the circuit is being
    repurposed for measurements
Version: 0.4.7.10-bp153.2.18.1
* Fri Aug 12 2022 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.7.10
  * IPFire location database did not have proper ARIN network
    allocations - affected circuit path selection and relay metrics
* Thu Aug 11 2022 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.7.9 (boo#1202336)
  * major fixes aimed at reducing memory pressure on relays
  * prevent a possible side-channel
  * major bugfix related to congestion control
  * major bugfix related to Vanguard L2 layer node selection
Version: 0.4.6.8-bp152.2.18.1
* Sat Nov 13 2021 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.6.8:
  * Improving reporting of general overload state for DNS timeout
    errors by relays
  * Regenerate fallback directories for October 2021
  * Bug fixes for onion services
  * CVE-2021-22929: do not log v2 onion services access attempt
    warnings on disk excessively (TROVE-2021-008, boo#1192658)
* Tue Aug 24 2021 Jan Engelhardt <jengelh@inai.de>
- Reduce boilerplate generated by %service_*.
Version: 0.4.6.7-bp152.2.15.1
* Tue Aug 17 2021 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.6.7:
  * Fix a DoS via a remotely triggerable assertion failure
    (boo#1189489, TROVE-2021-007, CVE-2021-38385)
* Tue Jul 06 2021 Bernhard Wiedemann <bwiedemann@suse.com>
- Add missing service_add_pre tor-master.service
* Thu Jul 01 2021 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.6.6:
  * Fix a compilation error with gcc 7, drop tor-0.4.6.5-gcc7.patch
  * Enable the deterministic RNG for unit tests that covers the
    address set bloomfilter-based API's
* Wed Jun 16 2021 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.6.5
  * Add controller support for creating v3 onion services with
    client auth
  * When voting on a relay with a Sybil-like appearance, add the
    Sybil flag when clearing out the other flags. This lets a relay
    operator know why their relay hasn't been included in the
    consensus
  * Relays now report how overloaded they are
  * Add a new DoS subsystem to control the rate of client
    connections for relays
  * Relays now publish statistics about v3 onions services
  * Improve circuit timeout algorithm for client performance
- add tor-0.4.6.5-gcc7.patch to fix build with gcc7
Version: 0.4.5.9-bp152.2.12.1
* Mon Jun 14 2021 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.5.9
  * Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell (CVE-2021-34548, boo#1187322)
  * Detect more failure conditions from the OpenSSL RNG code (boo#1187323)
  * Resist a hashtable-based CPU denial-of-service attack against relays (CVE-2021-34549, boo#1187324)
  * Fix an out-of-bounds memory access in v3 onion service descriptor parsing (CVE-2021-34550, boo#1187325)
* Tue May 11 2021 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.5.8
  * https://lists.torproject.org/pipermail/tor-announce/2021-May/000219.html
  * allow Linux sandbox with Glibc 2.33
  * work with autoconf 2.70+
  * several other minor features and bugfixes (see announcement)
* Sat Apr 24 2021 Andreas Stieger <andreas.stieger@gmx.de>
- fix packaging warnings related to tor-master service
* Fri Apr 23 2021 Andreas Stieger <andreas.stieger@gmx.de>
- Fix logging issue due to systemd picking up stdout - boo#1181244
  Continue to log notices to syslog by default.
- actually build with lzma/zstd
- skip i586 tests (boo#1179331)
Version: 0.4.5.7-bp152.2.9.1
* Tue Mar 16 2021 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.5.7
  * https://lists.torproject.org/pipermail/tor-announce/2021-March/000216.html
  * Fix 2 denial of service security issues (boo#1183726)
    + Disable the dump_desc() function that we used to dump unparseable
    information to disk (CVE-2021-28089)
    + Fix a bug in appending detached signatures to a pending consensus
    document that could be used to crash a directory authority
    (CVE-2021-28090)
  * Ship geoip files based on the IPFire Location Database
Version: 0.4.5.6-bp152.2.6.1
* Tue Feb 16 2021 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.5.6
  * https://lists.torproject.org/pipermail/tor-announce/2021-February/000214.html
  * Introduce a new MetricsPort HTTP interface
  * Support IPv6 in the torrc Address option
  * Add event-tracing library support for USDT and LTTng-UST
  * Try to read N of N bytes on a TLS connection
- Drop upstream tor-practracker.patch
* Fri Feb 05 2021 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.4.7
  * https://blog.torproject.org/node/1990
  * Stop requiring a live consensus for v3 clients and services
  * Re-entry into the network is now denied at the Exit level
  * Fix undefined behavior on our Keccak library
  * Strip '\r' characters when reading text files on Unix platforms
  * Handle partial SOCKS5 messages correctly
- Add tor-practracker.patch to fix tests
* Wed Jan 27 2021 Bernhard Wiedemann <bwiedemann@suse.com>
- Restrict service permissions with systemd
Version: 0.4.4.6-bp152.2.3.1
* Thu Nov 12 2020 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.4.6
  * Check channels+circuits on relays more thoroughly
    (TROVE-2020-005, boo#1178741)
* Tue Sep 15 2020 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.4.5
  * Improve guard selection
  * IPv6 improvements
* Wed Aug 19 2020 Dominique Leuenberger <dimstar@opensuse.org>
- Use %{_tmpfilesdir} instead of abusing %{_libexecdir}/tmpfiles.d.
* Thu Jul 09 2020 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.3.6
  * Fix a crash due to an out-of-bound memory access (CVE-2020-15572)
  * Some minor fixes
* Mon Jun 29 2020 Bernhard Wiedemann <bwiedemann@suse.com>
- Fix logrotate to not fail when tor is stopped (boo#1164275)
* Fri May 15 2020 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.3.5:
  * first stable release in the 0.4.3.x series
  * implement functionality needed for OnionBalance with v3 onion
    services
  * significant refactoring of our configuration and controller
    functionality
  * Add support for banning a relay's ed25519 keys in the
    approved-routers file in support for migrating away from RSA
  * support OR connections through a HAProxy server
Version: 0.4.2.7-bp152.1.6
* Wed Mar 18 2020 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.2.7
  * CVE-2020-10592: CPU consumption DoS and timing patterns (boo#1167013)
  * CVE-2020-10593: circuit padding memory leak (boo#1167014)
  * Directory authorities now signal bandwidth pressure to clients
  * Avoid excess logging on bug when flushing a buffer to a TLS connection
* Fri Jan 31 2020 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.4.2.6
  * Correct how we use libseccomp
  * Fix crash when reloading logging configuration while the
    experimental sandbox is enabled
  * Avoid a possible crash when logging an assertion
    about mismatched magic numbers
* Tue Jan 07 2020 Bernhard Wiedemann <bwiedemann@suse.com>
- Update tor.service and add defaults-torrc
  to work without dropped torctl (boo#1072274)
- Add tor-master.service to allow handling multiple tor daemons
* Sat Dec 14 2019 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.2.5:
  * first stable release in the 0.4.2.x series
  * improves reliability and stability
  * several stability and correctness improvements for onion services
  * fixes many smaller bugs present in previous series
* Tue Dec 10 2019 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.1.7:
  * several bugfixes to improve stability and correctness
  * fixes for relays relying on AccountingMax
* Mon Oct 07 2019 Martin Pluskal <mpluskal@suse.com>
- Update dependnecnies:
  * python3 instead of python
  * add libpcap and seccomp
- Use more suitable macros for building and systemd dependencies
* Thu Sep 19 2019 Bernhard Wiedemann <bwiedemann@suse.com>
- update to 0.4.1.6
  * Tolerate systems (including some Linux installations) where
    madvise MADV_DONTFORK / MADV_DONTDUMP are available at build-time,
    but not at run time.
  * Do not include the deprecated <sys/sysctl.h> on Linux
  * Fix the MAPADDRESS controller command to accept one or more arguments
  * Always retry v2+v3 single onion service intro and rendezvous circuits
    with a 3-hop path
  * Use RFC 2397 data URL scheme to embed an image into tor-exit-notice.html
* Tue Aug 20 2019 Bernhard Wiedemann <bwiedemann@suse.com>
- update to 0.4.1.5
  * Onion service clients now add padding cells at the start of their
    INTRODUCE and RENDEZVOUS circuits to make it look like
    Exit traffic
  * Add a generic publish-subscribe message-passing subsystem
  * Controller commands are now parsed using a generalized parsing
    subsystem
  * Implement authenticated SENDMEs as detailed in proposal 289
  * Our node selection algorithm now excludes nodes in linear time
  * Construct a fast secure pseudorandom number generator for
    each thread, to use when performance is critical
  * Consider our directory information to have changed when our list
    of bridges changes
  * Do not count previously configured working bridges towards our
    total of working bridges
  * When considering upgrading circuits from "waiting for guard" to
    "open", always ignore circuits that are marked for close
  * Properly clean up the introduction point map when circuits change
    purpose
  * Fix an unreachable bug in which an introduction point could try to
    send an INTRODUCE_ACK
  * Clients can now handle unknown status codes from INTRODUCE_ACK
    cells
- Remove upstreamed tor-0.3.5.8-no-ssl-version-warning.patch
- Compile without -Werror to build with LTO (boo#1146548)
- Add fix-test.patch to workaround a LTO-induced test-failure
* Fri Jul 26 2019 matthias.gerstner@suse.com
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
  firewalld, see [1].
  [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
* Mon May 20 2019 Christophe Giboudeaux <christophe@krop.fr>
- Add the missing zlib requirement.
* Fri May 10 2019 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.4.0.5:
  * new stable branch, but not a long-term support branch
  * improvements for power management and bootstrap reporting
  * preliminary backend support for circuit padding to prevent some
    kinds of traffic analysis
  * refactoring for long-term maintainability
- drop upstreamed tor-0.3.5.8-nonetwork.patch
* Mon Apr 15 2019 Bernhard Wiedemann <bwiedemann@suse.com>
- Add tor-0.3.5.8-no-ssl-version-warning.patch (boo#1129411)
- Update tor.tmpfiles to use /run instead of /var/run
* Mon Feb 25 2019 bwiedemann@suse.com
- Add tor-0.3.5.8-nonetwork.patch to fix test failures
  without network
* Fri Feb 22 2019 bwiedemann@suse.com
- tor 0.3.5.8:
  * CVE-2019-8955 prevent attackers from making tor run
    out of memory and crash
  * Allow SOCKS5 with empty username+password
  * Update geoip and geoip6 to the February 5 2019 Maxmind
    GeoLite2 Country database
  * Select guards even if the consensus has expired, as long
    as the consensus is still reasonably live
* Mon Jan 07 2019 astieger@suse.com
- tor 0.3.5.7:
  * first stable release in 0.3.5.x LTS branch
  * support client authorization for v3 onion services
  * cleanups to bootstrap reporting
  * support for improved bandwidth measurement tools
  * the default version for newly created onion services is now v3
    (HiddenServiceVersion option can be used to override)
  * If stem is used, an update of stem mey be required
Version: 0.3.5.12-bp151.3.6.1
* Fri Nov 13 2020 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.3.5.12:
  * Check channels+circuits on relays more thoroughly
    (TROVE-2020-005, boo#1178741)
  * Update list of 144 fallback directories to 2020-07
  * Not affected by out-of-bound memory access (CVE-2020-15572, boo#1173979)
  * Fix DoS defenses on bridges with a pluggable transport
  * Warn if the ContactInfo field is not set
Version: 0.3.5.12-25.1
* Fri Nov 13 2020 bwiedemann@suse.com
- tor 0.3.5.12:
  * Check channels+circuits on relays more thoroughly
    (TROVE-2020-005, boo#1178741)
  * Update list of 144 fallback directories to 2020-07
  * Not affected by out-of-bound memory access (CVE-2020-15572, boo#1173979)
  * Fix DoS defenses on bridges with a pluggable transport
  * Warn if the ContactInfo field is not set
* Mon Mar 23 2020 bwiedemann@suse.com
- tor 0.3.5.10:
  * CVE-2020-10592: CPU consumption DoS and timing patterns (boo#1167013)
  * CVE-2020-10593: circuit padding memory leak (boo#1167014)
  * Add tor-print-ed-signing-cert binary
  * More added features
Version: 0.3.5.10-bp151.3.3.1
* Mon Mar 23 2020 Bernhard Wiedemann <bwiedemann@suse.com>
- tor 0.3.5.10:
  * CVE-2020-10592: CPU consumption DoS and timing patterns (boo#1167013)
  * CVE-2020-10593: circuit padding memory leak (boo#1167014)
  * Add tor-print-ed-signing-cert binary
  * More added features
Version: 0.3.4.8-17.1
* Mon Sep 10 2018 astieger@suse.com
- tor 0.3.4.8 (boo#1107847):
  * improvements for running in low-power and embedded environments
  * preliminary changes for new bandwidth measurement system
  * refine anti-denial-of-service code
* Mon Sep 10 2018 astieger@suse.com
- tor 0.3.3.10:
  * various build and compatibility fixes
  * The control port now exposes the list of HTTPTunnelPorts and
    ExtOrPorts via GETINFO net/listeners/httptunnel and
    net/listeners/extor respectively
  * Authorities no longer vote to make the subprotocol version
    "LinkAuth=1" a requirement: it is unsupportable with NSS, and
    hasn't been needed since Tor 0.3.0.1-alpha
  * When voting for recommended versions, make sure that all of the
    versions are well-formed and parsable
  * various minor bug fixes on onion services
* Sat Jul 14 2018 astieger@suse.com
- tor 0.3.3.9:
  * move to a new bridge authority
  * backport some bug fixes
- refresh upstream signing keyring
* Mon Jul 09 2018 astieger@suse.com
- tor 0.3.3.8:
  * directory authority memory leak fix
  * various minor bug fixes
* Tue Jun 12 2018 astieger@suse.com
- tor 0.3.3.7:
  * Add an IPv6 address for the "dannenberg" directory authority
  * Improve accuracy of the BUILDTIMEOUT_SET control port event's
    TIMEOUT_RATE and CLOSE_RATE fields
  * Only select relays when tor has descriptors that it prefers to
    use for them, avoiding nonfatal errors later
* Sun May 27 2018 astieger@suse.com
- tor 0.3.3.6:
  * new stable release series
  * controller support and other improvements for v3 onion services
  * official support for embedding Tor within other application
  * Improvements to IPv6 support
  * Relay option ReducedExitPolicy to configure a reasonable default
  * Revent DoS via malicious protocol version string (boo#1094283)
  * Many other other bug fixes and improvements
Version: 0.3.4.11-bp150.3.6.1
* Thu Feb 28 2019 Andreas Stieger <andreas.stieger@gmx.de>
- tor 0.3.4.11:
  * CVE-2019-8955 prevent attackers from making tor run
    out of memory and crash (boo#1126340)
Version: 0.3.4.11-20.1
* Thu Feb 28 2019 andreas.stieger@gmx.de
- tor 0.3.4.11:
  * CVE-2019-8955 prevent attackers from making tor run
    out of memory and crash (boo#1126340)
* Mon Jan 07 2019 astieger@suse.com
- tor 0.3.4.10:
  * OpenSSL compatibility fixes
  * Fixes for relay bugs
  * update fallback directory list
* Sat Nov 03 2018 astieger@suse.com
- tor 0.3.4.9:
  * Various bug fixes, including a bandwidth management bug that
    was causing memory exhaustion on relays
Version: 0.3.2.9-11.1
* Wed Jan 10 2018 astieger@suse.com
- tor 0.3.2.9:
  * new onion service design (v3), not default
  * new circuit scheduler algorithm for improved performance
  * directory authority updates
  * many other updates and improvements
Version: 0.3.2.10-14.1
* Sat Mar 03 2018 astieger@suse.com
- tor 0.3.2.10:
  * CVE-2018-0490: remote crash vulnerability against directory
    authorities (boo#1083845, TROVE-2018-001)
  * CVE-2018-0491: remote relay crash (boo#1083846, TROVE-2018-002)
  * New system for improved resistance to DoS attacks against relays
  * Various other bug fixes
Version: 0.3.1.9-8.1
* Fri Dec 01 2017 astieger@suse.com
- tor 0.3.1.9 with the following security fixes that prevent some
  traffic confirmation, DoS and other problems (bsc#1070849):
  * CVE-2017-8819: Replay-cache ineffective for v2 onion services
  * CVE-2017-8820: Remote DoS attack against directory authorities
  * CVE-2017-8821: An attacker can make Tor ask for a password
  * CVE-2017-8822: Relays can pick themselves in a circuit path
  * CVE-2017-8823: Use-after-free in onion service v2
Version: 0.3.1.8-5.1
* Wed Oct 25 2017 astieger@suse.com
- tor 0.3.1.8:
  * Add "Bastet" as a ninth directory authority to the default list
  * The directory authority "Longclaw" has changed its IP address
  * Fix a timing-based assertion failure that could occur when the
    circuit out-of-memory handler freed a connection's output buffer
  * Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
    Country database
- drop tor-0.3.1.7-fix-zstd-i586.patch, upstreamed
Version: 0.3.1.7-2.1
* Wed Sep 20 2017 astieger@suse.com
- tor 0.3.1.7:
  * Serve and download directory information in more compact
    formats
  * New padding padding system to resist netflow-based traffic
    analysis
  * Improve protection against identification of tor traffic by ISP
    via ConnectionPadding option
  * Reduce the number of long-term connections open between relays
- add tor-0.3.1.7-fix-zstd-i586.patch to fix 32 bit build with zstd
* Mon Sep 18 2017 astieger@suse.com
- tor 0.3.0.11:
  * CVE-2017-0380: hidden services with the SafeLogging option
    disabled could disclose the stack TROVE-2017-008, boo#1059194
  * Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
    Country database.
  * drop tor-0.3.0.7-gcc7-fallthrough.patch, now upstream
* Thu Aug 03 2017 jloehel@suse.com
- tor 0.3.0.10
  * Fix a typo that had prevented TPROXY-based transparent proxying
    from working under Linux.
  * Avoid an assertion failure bug affecting our implementation of
    inet_pton(AF_INET6) on certain OpenBSD systems.
* Fri Jun 30 2017 astieger@suse.com
- tor 0.3.0.9:
  * CVE-2017-0377: Fix path selection bug that would allow a client
    to use a guard that was in the same network family as a chosen
    exit relay (bsc#1046845)
  * Don't block bootstrapping when a primary bridge is offline and
    tor cannot get its descriptor
  * When starting with an old consensus, do not add new entry guards
    unless the consensus is "reasonably live" (under 1 day old).
  * Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
    Country database.
* Thu Jun 08 2017 astieger@suse.com
- tor 0.3.0.8 fixing a pair of bugs that would allow an attacker to
  remotely crash a hidden service with an assertion failure
  * CVE-2017-0375: remotely triggerable assertion failure when a
    hidden service handles a malformed BEGIN cell (bsc#1043455)
  * CVE-2017-0376: remotely triggerable assertion failure caused by
    receiving a BEGIN_DIR cell on a hidden service rendezvous
    circuit (bsc#1043456)
- further bug fixes:
  * link handshake fixes when changing x509 certificates
  * Regenerate link and authentication certificates whenever the key
    that signs them changes; also, regenerate link certificates
    whenever the signed key changes
  * When sending an Ed25519 signing->link certificate in a CERTS cell,
    send the certificate that matches the x509 certificate that was
    used on the TLS connection
  * Stop rejecting v3 hidden service descriptors because their size
    did not match an old padding rule
* Wed May 31 2017 astieger@suse.com
- fix build with GCC 7: warning-errors on implicit fallthrough
  add tor-0.3.0.7-gcc7-fallthrough.patch bsc#1041262
* Tue May 16 2017 astieger@suse.com
- tor 0.3.0.7:
  * Fix an assertion failure in the hidden service directory code,
    which could be used by an attacker to remotely cause a Tor
    relay process to exit. TROVE-2017-002 bsc#1039211
  * Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
    Country database.
  * Tor no longer refuses to download microdescriptors or
    descriptors if they are listed as "published in the future"
  * The getpid() system call is now permitted under the Linux
    seccomp2 sandbox, to avoid crashing with versions of OpenSSL
    (and other libraries) that attempt to learn the process's PID
    by using the syscall rather than the VDSO code
* Thu Apr 27 2017 astieger@suse.com
- tor 0.3.0.6:
  * clients and relays now use Ed25519 keys to authenticate their
    link connections to relays, rather than the old RSA1024 keys
    that they used before.
  * replace the guard selection and replacement algorithm to behave
    more robustly in the presence of unreliable networks, and to
    resist guard-capture attacks.
  * numerous other small features and bugfixes
  * groundwork for the upcoming hidden-services revamp
* Wed Mar 01 2017 astieger@suse.com
- tor 0.2.9.10:
  * directory authority: During voting, when marking a relay as a
    probable sybil, do not clear its BadExit flag: sybils can still
    be bad in other ways too.
  * IPv6 Exits: Stop rejecting all IPv6 traffic on Exits whose exit
    policy rejects any IPv6 addresses. Instead, only reject a port
    over IPv6 if the exit policy rejects that port on more than an
    IPv6 /16 of addresses.
  * parsing: Fix an integer underflow bug when comparing malformed
    Tor versions. This bug could crash Tor when built with
  - -enable-expensive-hardening, or on Tor 0.2.9.1-alpha through
    Tor 0.2.9.8, which were built with -ftrapv by default. In other
    cases it was harmless. Part of TROVE-2017-001 boo#1027539
  * Directory authorities now reject descriptors that claim to be
    malformed versions of Tor
  * Reject version numbers with components that exceed INT32_MAX.
  * Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
    Country database.
  * The tor-resolve command line tool now rejects hostnames over 255
    characters in length
* Tue Jan 24 2017 astieger@suse.com
- tor 0.2.9.9:
  * Downgrade the "-ftrapv" option from "always on" to "only on
    when --enable-expensive-hardening is provided." This hardening
    option, like others, can turn survivable bugs into crashes --
    and having it on by default made a (relatively harmless)
    integer overflow bug into a denial-of-service bug
  * Fix a client-side onion service reachability bug
  * Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2
    Country database.
* Sun Jan 01 2017 tchvatal@suse.com
- Remove conditionals for the sle11 as we won't build there due to
  openssl requirements. This reduces the logic in the spec file
  quite a bit
* Mon Dec 19 2016 astieger@suse.com
- tor 0.2.9.8, the first stable release in the 0.2.9.x series:
  * make mandatory a number of security features that were formerly
    optional
  * support a new shared-randomness protocol that will form the
    basis for next generation hidden services
  * single-hop hidden service mode for optimizing .onion services
    that don't actually want to be hidden,
  * try harder not to overload the directory authorities with
    excessive downloads
  * support a better protocol versioning scheme for improved
    compatibility with other implementations of the Tor protocol
  * deprecated options for security: CacheDNS, CacheIPv4DNS,
    CacheIPv6DNS, UseDNSCache, UseIPv4Cache, and UseIPv6Cache,
    AllowDotExit, AllowInvalidNodes, AllowSingleHopCircuits,
    AllowSingleHopExits, ClientDNSRejectInternalAddresses,
    CloseHSClientCircuitsImmediatelyOnTimeout,
    CloseHSServiceRendCircuitsImmediatelyOnTimeout,
    ExcludeSingleHopRelays, FastFirstHopPK, TLSECGroup,
    UseNTorHandshake, and WarnUnsafeSocks.
  * *ListenAddress options are now deprecated as unnecessary: the
    corresponding *Port options should be used instead. The
    affected options are:
    ControlListenAddress, DNSListenAddress, DirListenAddress,
    NATDListenAddress, ORListenAddress, SocksListenAddress,
    and TransListenAddress.
* Mon Dec 19 2016 astieger@suse.com
- tor 0.2.8.12:
  * CVE-2016-1254: A hostile hidden service could cause tor clients
    to crash (bsc#1016343)
  * update fallback directory list
  * Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2
    Country database.
* Tue Dec 13 2016 bwiedemann@suse.com
- recommend torsocks as it is needed by included torify
* Sun Dec 11 2016 astieger@suse.com
- tor 0.2.8.11:
  * Fix compilation with OpenSSL 1.1
* Fri Dec 02 2016 astieger@suse.com
- tor 0.2.8.10:
  * When Tor leaves standby because of a new application request,
    open circuits as needed to serve that request
  * Clients now respond to new application stream requests
    immediately when they arrive, rather than waiting up to one
    second before starting to handle them
  * small portability and memory handling issues
  * Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2
    Country database.
* Wed Oct 19 2016 astieger@suse.com
- tor 0.2.8.9:
  * security fix: prevent remote DoS TROVE-2016-10-001 boo#1005292
  * Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2
    Country database.
  * Update signing key
* Sat Sep 24 2016 astieger@suse.com
- tor 0.2.8.8:
  * fixes some crash bugs when using bridges
  * fixes a timing-dependent assertion
  * removes broken fallbacks from the hard-coded fallback directory
    list
  * Updates geoip and geoip6 to the September 6 2016 Maxmind
    GeoLite2 Country database
* Wed Aug 24 2016 astieger@suse.com
- tor 0.2.8.7:
  * The "Tonga" bridge authority has been retired; the new bridge
    authority is "Bifroest"
  * Only use the ReachableAddresses option to restrict the first
    hop in a path. In earlier versions of 0.2.8.x, it would apply
    to every hop in the path, with a possible degradation in
    anonymity for anyone using an uncommon ReachableAddress setting
* Sat Aug 13 2016 astieger@suse.com
- tor 0.2.8.6:
  * improve client bootstrapping performance
  * improved identity keys for relays (authority side)
  * numerous bug fixes and performance improvements