From the changelog…
o Major bugfixes (congestion control, TROVE-2022-001):
- Fix a scenario where RTT estimation can become wedged, seriously
degrading congestion control performance on all circuits. This
impacts clients, onion services, and relays, and can be triggered
remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes
bug 40626; bugfix on 0.4.7.5-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on June 17, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/06/17.
o Minor bugfixes (linux seccomp2 sandbox):
- Allow the rseq system call in the sandbox. This solves a crash
issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
40601; bugfix on 0.3.5.11.
o Minor bugfixes (logging):
- Demote a harmless warn log message about finding a second hop to
from warn level to info level, if we do not have enough
descriptors yet. Leave it at notice level for other cases. Fixes
bug 40603; bugfix on 0.4.7.1-alpha.
- Demote a notice log message about "Unexpected path length" to info
level. These cases seem to happen arbitrarily, and we likely will
never find all of them before the switch to arti. Fixes bug 40612;
bugfix on 0.4.7.5-alpha.
o Minor bugfixes (relay, logging):
- Demote a harmless XOFF log message to from notice level to info
level. Fixes bug 40620; bugfix on 0.4.7.5-alpha.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
If relay/bridge support isn't required, this variant is about 300 kiB smaller
than the full tor daemon.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Note:
In some cases when tor daemon starts before
than the router is connected to the Internet.
Tor will exit and you have to run it manually.
This should fix this case.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* remove "torify" script
- "torify" script is just a wrapper around torsocks,
but torsocks is not currently present in packages.
* tor-geoip: fix "install" recipe:
- use $(INSTALL_DATA) instead of $(CP) as a proper way
of installing files
* drop deprecated configure option:
"--with-ssl-dir" is considered deprecated and obsolete,
while "--with-openssl-dir" is already present.
* build in parallel
* build with -ffunction-sections, -fdata-sections,
--gc-sections and -flto
* remove "--disable-largefile" in CONFIGURE_ARGS
* remove "-std=gnu99" in EXTRA_CFLAGS
* use $(FPIC) in EXTRA_CFLAGS
* remove trailing whitespace
Compile- and run-tested on ar71xx/generic,
TP-Link Archer C7 v2 (world-wide version).
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
