tor-debuginfo-0.4.8.9-bp155.2.6.1 4>$  ApeN+I%z  >„ygYglqzOWFMi~BEXd>rc~$%;-I&BnO~-c|?fNON,6e߄b@g?76ӛekL]SMW 5m[V/K+g $ݐ#2ۣ"Il[CفAA9侊N!Јa9N2}["l0d$9)qل^_r||)c@~H6В&+916c|j6iavZ> *78xw{nl,1]z|TA0lw,rKMuKC3( OĢոXGka0,˂W&/\1i.)բQɩƂΦ%lzIr|99'N쭛x5w=38fc17ddf1646352e8276e730dd0c266fee15a97d408283d89a19e72c74d99259248bfe6d2c4b11b130b0a877e1b4eafe2e5b2c33)H4eN+I%z /2µlĩF[E;|sf07t."8:tYM;J}t''cw?"P ~G/YdyW*L4 OxK+O3'[Q]63<=Y)MJ83&T?p8PTчJEy$z{v)cjVhwv1([#tMdVsc<*]$]'_#2k j+O9XxelQx<ۯ-v͎*8x}&BkDS 83FljO_WpAd?Td $ F&3 L^z  0   dK(g8pe9 e:}eF^GtHIX4YL\]l^ bc0defluvDw x`yzPCtor-debuginfo0.4.8.9bp155.2.6.1Debug information for package torThis package provides debug information for package tor. Debug information is useful when developing applications that use this package or when debugging this package.eNi02-ch1aSUSE Linux Enterprise 15openSUSEBSD-3-Clausehttp://bugs.opensuse.orgDevelopment/Debughttps://www.torproject.org/linuxx86_640_"Q"QI׿O pŰAAAAAA큤AA큤eNeNeNeNeNeNeNeNeNeNeNeNeNeNeNeNeNeNeNeNeNc9729c8e5ac5543f98ae183689a602dd561e7cb7522190d8ac52579ef03ce4cddfbb6747daa3a91beeb15e9340f14d07e4ad686ce10b9fd9fb7fbc217c1fccd35234e3e67bfd6d9bfc1a74e7ed9b3791aa4f51666196dbae0dab8bccfd09163f40807b2459d643d282914c039a4893e97c9bbcbb2c585fe6605235ea00f851774605c3f8aaf73968da2deaa629a51777d6a4c14e5078df78adeee80aca22c280../../../../../usr/bin/tor-print-ed-signing-cert../../../../../usr/lib/debug/usr/bin/tor-print-ed-signing-cert-0.4.8.9-bp155.2.6.1.x86_64.debug../../../../../usr/bin/tor-gencert../../../../../usr/lib/debug/usr/bin/tor-gencert-0.4.8.9-bp155.2.6.1.x86_64.debug../../../../../usr/bin/tor-resolve../../../../../usr/lib/debug/usr/bin/tor-resolve-0.4.8.9-bp155.2.6.1.x86_64.debug../../../../../usr/bin/tor../../../../../usr/lib/debug/usr/bin/tor-0.4.8.9-bp155.2.6.1.x86_64.debugrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootroottor-0.4.8.9-bp155.2.6.1.src.rpmdebuginfo(build-id)debuginfo(build-id)debuginfo(build-id)debuginfo(build-id)tor-debuginfotor-debuginfo(x86-64)    rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3eLeDev@e @d/@d:dPd cGc.clb@b@b@bi0@a@a{aa$@a`E`ݮ@``D`q`@``P`+`3@`U_#_`_=@_^^@^r @^4^r]]](]m][]:@\\g\r@\s\o@\3?@\3?@[ݍ[\[\[I[CN@[[ Z@ZV@Z!D@Y|YX@Y@Y@YV=@Y9<@Y.@YY@XXAXh@XWXWXOXM?XAb@X`@WjW@W V@VjVjVjVTQ@VCUݪ@UVUyx@U`kU"u@U@U@U @T7TJ?@THBernhard Wiedemann Andreas Stieger Andreas Stieger Andreas Stieger Andreas Stieger Andreas Stieger Andreas Stieger Martin Pluskal Bernhard Wiedemann Andreas Stieger Andreas Stieger Andreas Stieger Andreas Stieger Bernhard Wiedemann Andreas Stieger Bernhard Wiedemann Andreas Stieger Andreas Stieger Jan Engelhardt Bernhard Wiedemann Bernhard Wiedemann Andreas Stieger Andreas Stieger Bernhard Wiedemann Bernhard Wiedemann Andreas Stieger Andreas Stieger Bernhard Wiedemann Bernhard Wiedemann Bernhard Wiedemann Bernhard Wiedemann Bernhard Wiedemann Bernhard Wiedemann Dominique Leuenberger Bernhard Wiedemann Bernhard Wiedemann Andreas Stieger Bernhard Wiedemann Bernhard Wiedemann Bernhard Wiedemann Andreas Stieger Andreas Stieger Martin Pluskal Bernhard Wiedemann Bernhard Wiedemann matthias.gerstner@suse.comChristophe Giboudeaux Andreas Stieger Bernhard Wiedemann bwiedemann@suse.combwiedemann@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comjloehel@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comtchvatal@suse.comastieger@suse.comastieger@suse.combwiedemann@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.commpluskal@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comastieger@suse.comandreas.stieger@gmx.deandreas.stieger@gmx.deandreas.stieger@gmx.de- tor 0.4.8.9: * (onion service, TROVE-2023-006): - Fix a possible hard assert on a NULL pointer * (guard usage): - When Tor excluded a guard due to temporary circuit restrictions, it considered *additional* primary guards for potential usage by that circuit.- tor 0.4.8.8: * Mitigate an issue when Tor compiled with OpenSSL can crash during handshake with a remote relay. (TROVE-2023-004, boo#1216873) * Regenerate fallback directories generated on November 03, 2023. * Update the geoip files to match the IPFire Location Database, as retrieved on 2023/11/03 * directory authority: Look at the network parameter "maxunmeasuredbw" with the correct spelling * vanguards addon support: Count the conflux linked cell as valid when it is successfully processed. This will quiet a spurious warn in the vanguards addon- tor 0.4.8.7: * Fix an issue that prevented us from pre-building more conflux sets after existing sets had been used- tor 0.4.8.6: * onion service: Fix a reliability issue where services were expiring their introduction points every consensus update. This caused connectivity issues for clients caching the old descriptor and intro points * Log the input and output buffer sizes when we detect a potential compression bomb * Disable multiple BUG warnings of a missing relay identity key when starting an instance of Tor compiled without relay support * When reporting a pseudo-networkstatus as a bridge authority, or answering "ns/purpose/*" controller requests, include accurate published-on dates from our list of router descriptors * Use less frightening language and lower the log-level of our run-time ABI compatibility check message in our Zstd compression subsystem- tor 0.4.8.5: * bugfixes creating log BUG stacktrace- tor 0.4.8.4: * Extend DoS protection to partially opened channels and known relays * Dynamic Proof-Of-Work protocol to thwart flooding DoS attacks against hidden services. Disabled by default, enable via "HiddenServicePoW" in torrc * Implement conflux traffic splitting * Directory authorities and relays now interact properly with directory authorities if they change addresses- tor 0.4.7.14: * bugfix affecting vanguards (onion service), and minor fixes- Enable support for scrypt()- tor 0.4.7.13: * fix SafeSocks option to avoid DNS leaks (boo#1207110, TROVE-2022-002) * improve congestion control * fix relay channel handling- tor 0.4.7.12: * new key for moria1 * new metrics are exported on the MetricsPort for the congestion control subsystem- tor 0.4.7.11: * Improve security of DNS cache by randomly clipping the TTL value (boo#1205307, TROVE-2021-009) * Improved defenses against network-wide DoS, multiple counters and metrics added to MetricsPorts * Apply circuit creation anti-DoS defenses if the outbound circuit max cell queue size is reached too many times. This introduces two new consensus parameters to control the queue size limit and number of times allowed to go over that limit. * Directory authority updates * IPFire database and geoip updates * Bump the maximum amount of CPU that can be used from 16 to 128. The NumCPUs torrc option overrides this hardcoded maximum. * onion service: set a higher circuit build timeout for opened client rendezvous circuit to avoid timeouts and retry load * Make the service retry a rendezvous if the circuit is being repurposed for measurements- tor 0.4.7.10 * IPFire location database did not have proper ARIN network allocations - affected circuit path selection and relay metrics- tor 0.4.7.9 (boo#1202336) * major fixes aimed at reducing memory pressure on relays * prevent a possible side-channel * major bugfix related to congestion control * major bugfix related to Vanguard L2 layer node selection- tor 0.4.7.8 * Fix a scenario where RTT estimation can become wedged, seriously degrading congestion control performance on all circuits. This impacts clients, onion services, and relays, and can be triggered remotely by a malicious endpoint. (TROVE-2022-001, CVE-2022-33903, boo#1200672) * Regenerate fallback directories generated on June 17, 2022. * Update the geoip files to match the IPFire Location Database, as retrieved on 2022/06/17. * Allow the rseq system call in the sandbox * logging bug fixes- tor 0.4.7.7 * New feature: Congestion control to improve traffic speed and stability on the network once a majority of Exit nodes upgrade boo#1198949 * Directory authorities: improved handling of "MiddleOnly" relays * Improved mitigation against guard discovery attacks on clients and short-lived services * Improve observed performance under DNS load * Improve handling of overload state * end-of-life relays running version 0.4.2.x, 0.4.3.x, 0.4.4.x and 0.4.5 alphas/rc, 0.3.5.x are now rejected * Onion service v2 addresses are no longer recognized- tor 0.4.6.10 * minor bugfixes and features * https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.6/ReleaseNotes- tor 0.4.6.9: * remove the DNS timeout metric from the overload general signal * regenerate fallback directories generated on December 15, 2021 * Update the geoip files to match the IPFire Location Database, as retrieved on 2021/12/15 * Reject IPv6-only DirPort- tor 0.4.6.8: * Improving reporting of general overload state for DNS timeout errors by relays * Regenerate fallback directories for October 2021 * Bug fixes for onion services * CVE-2021-22929: do not log v2 onion services access attempt warnings on disk excessively (TROVE-2021-008, boo#1192658)- Reduce boilerplate generated by %service_*.- tor 0.4.6.7: * Fix a DoS via a remotely triggerable assertion failure (boo#1189489, TROVE-2021-007, CVE-2021-38385)- Add missing service_add_pre tor-master.service- tor 0.4.6.6: * Fix a compilation error with gcc 7, drop tor-0.4.6.5-gcc7.patch * Enable the deterministic RNG for unit tests that covers the address set bloomfilter-based API's- tor 0.4.6.5 * Add controller support for creating v3 onion services with client auth * When voting on a relay with a Sybil-like appearance, add the Sybil flag when clearing out the other flags. This lets a relay operator know why their relay hasn't been included in the consensus * Relays now report how overloaded they are * Add a new DoS subsystem to control the rate of client connections for relays * Relays now publish statistics about v3 onions services * Improve circuit timeout algorithm for client performance - add tor-0.4.6.5-gcc7.patch to fix build with gcc7- tor 0.4.5.9 * Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell (CVE-2021-34548, boo#1187322) * Detect more failure conditions from the OpenSSL RNG code (boo#1187323) * Resist a hashtable-based CPU denial-of-service attack against relays (CVE-2021-34549, boo#1187324) * Fix an out-of-bounds memory access in v3 onion service descriptor parsing (CVE-2021-34550, boo#1187325)- tor 0.4.5.8 * https://lists.torproject.org/pipermail/tor-announce/2021-May/000219.html * allow Linux sandbox with Glibc 2.33 * work with autoconf 2.70+ * several other minor features and bugfixes (see announcement)- fix packaging warnings related to tor-master service- Fix logging issue due to systemd picking up stdout - boo#1181244 Continue to log notices to syslog by default. - actually build with lzma/zstd - skip i586 tests (boo#1179331)- tor 0.4.5.7 * https://lists.torproject.org/pipermail/tor-announce/2021-March/000216.html * Fix 2 denial of service security issues (boo#1183726) + Disable the dump_desc() function that we used to dump unparseable information to disk (CVE-2021-28089) + Fix a bug in appending detached signatures to a pending consensus document that could be used to crash a directory authority (CVE-2021-28090) * Ship geoip files based on the IPFire Location Database- tor 0.4.5.6 * https://lists.torproject.org/pipermail/tor-announce/2021-February/000214.html * Introduce a new MetricsPort HTTP interface * Support IPv6 in the torrc Address option * Add event-tracing library support for USDT and LTTng-UST * Try to read N of N bytes on a TLS connection - Drop upstream tor-practracker.patch- tor 0.4.4.7 * https://blog.torproject.org/node/1990 * Stop requiring a live consensus for v3 clients and services * Re-entry into the network is now denied at the Exit level * Fix undefined behavior on our Keccak library * Strip '\r' characters when reading text files on Unix platforms * Handle partial SOCKS5 messages correctly - Add tor-practracker.patch to fix tests- Restrict service permissions with systemd- tor 0.4.4.6 * Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741)- tor 0.4.4.5 * Improve guard selection * IPv6 improvements- Use %{_tmpfilesdir} instead of abusing %{_libexecdir}/tmpfiles.d.- tor 0.4.3.6 * Fix a crash due to an out-of-bound memory access (CVE-2020-15572) * Some minor fixes- Fix logrotate to not fail when tor is stopped (boo#1164275)- tor 0.4.3.5: * first stable release in the 0.4.3.x series * implement functionality needed for OnionBalance with v3 onion services * significant refactoring of our configuration and controller functionality * Add support for banning a relay's ed25519 keys in the approved-routers file in support for migrating away from RSA * support OR connections through a HAProxy server- tor 0.4.2.7 * CVE-2020-10592: CPU consumption DoS and timing patterns (boo#1167013) * CVE-2020-10593: circuit padding memory leak (boo#1167014) * Directory authorities now signal bandwidth pressure to clients * Avoid excess logging on bug when flushing a buffer to a TLS connection- tor 0.4.2.6 * Correct how we use libseccomp * Fix crash when reloading logging configuration while the experimental sandbox is enabled * Avoid a possible crash when logging an assertion about mismatched magic numbers- Update tor.service and add defaults-torrc to work without dropped torctl (boo#1072274) - Add tor-master.service to allow handling multiple tor daemons- tor 0.4.2.5: * first stable release in the 0.4.2.x series * improves reliability and stability * several stability and correctness improvements for onion services * fixes many smaller bugs present in previous series- tor 0.4.1.7: * several bugfixes to improve stability and correctness * fixes for relays relying on AccountingMax- Update dependnecnies: * python3 instead of python * add libpcap and seccomp - Use more suitable macros for building and systemd dependencies- update to 0.4.1.6 * Tolerate systems (including some Linux installations) where madvise MADV_DONTFORK / MADV_DONTDUMP are available at build-time, but not at run time. * Do not include the deprecated on Linux * Fix the MAPADDRESS controller command to accept one or more arguments * Always retry v2+v3 single onion service intro and rendezvous circuits with a 3-hop path * Use RFC 2397 data URL scheme to embed an image into tor-exit-notice.html- update to 0.4.1.5 * Onion service clients now add padding cells at the start of their INTRODUCE and RENDEZVOUS circuits to make it look like Exit traffic * Add a generic publish-subscribe message-passing subsystem * Controller commands are now parsed using a generalized parsing subsystem * Implement authenticated SENDMEs as detailed in proposal 289 * Our node selection algorithm now excludes nodes in linear time * Construct a fast secure pseudorandom number generator for each thread, to use when performance is critical * Consider our directory information to have changed when our list of bridges changes * Do not count previously configured working bridges towards our total of working bridges * When considering upgrading circuits from "waiting for guard" to "open", always ignore circuits that are marked for close * Properly clean up the introduction point map when circuits change purpose * Fix an unreachable bug in which an introduction point could try to send an INTRODUCE_ACK * Clients can now handle unknown status codes from INTRODUCE_ACK cells - Remove upstreamed tor-0.3.5.8-no-ssl-version-warning.patch - Compile without -Werror to build with LTO (boo#1146548) - Add fix-test.patch to workaround a LTO-induced test-failure- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html- Add the missing zlib requirement.- tor 0.4.0.5: * new stable branch, but not a long-term support branch * improvements for power management and bootstrap reporting * preliminary backend support for circuit padding to prevent some kinds of traffic analysis * refactoring for long-term maintainability - drop upstreamed tor-0.3.5.8-nonetwork.patch- Add tor-0.3.5.8-no-ssl-version-warning.patch (boo#1129411) - Update tor.tmpfiles to use /run instead of /var/run- Add tor-0.3.5.8-nonetwork.patch to fix test failures without network- tor 0.3.5.8: * CVE-2019-8955 prevent attackers from making tor run out of memory and crash * Allow SOCKS5 with empty username+password * Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2 Country database * Select guards even if the consensus has expired, as long as the consensus is still reasonably live- tor 0.3.5.7: * first stable release in 0.3.5.x LTS branch * support client authorization for v3 onion services * cleanups to bootstrap reporting * support for improved bandwidth measurement tools * the default version for newly created onion services is now v3 (HiddenServiceVersion option can be used to override) * If stem is used, an update of stem mey be required- tor 0.3.4.10: * OpenSSL compatibility fixes * Fixes for relay bugs * update fallback directory list- tor 0.3.4.9: * Various bug fixes, including a bandwidth management bug that was causing memory exhaustion on relays- tor 0.3.4.8 (boo#1107847): * improvements for running in low-power and embedded environments * preliminary changes for new bandwidth measurement system * refine anti-denial-of-service code- tor 0.3.3.10: * various build and compatibility fixes * The control port now exposes the list of HTTPTunnelPorts and ExtOrPorts via GETINFO net/listeners/httptunnel and net/listeners/extor respectively * Authorities no longer vote to make the subprotocol version "LinkAuth=1" a requirement: it is unsupportable with NSS, and hasn't been needed since Tor 0.3.0.1-alpha * When voting for recommended versions, make sure that all of the versions are well-formed and parsable * various minor bug fixes on onion services- tor 0.3.3.9: * move to a new bridge authority * backport some bug fixes - refresh upstream signing keyring- tor 0.3.3.8: * directory authority memory leak fix * various minor bug fixes- tor 0.3.3.7: * Add an IPv6 address for the "dannenberg" directory authority * Improve accuracy of the BUILDTIMEOUT_SET control port event's TIMEOUT_RATE and CLOSE_RATE fields * Only select relays when tor has descriptors that it prefers to use for them, avoiding nonfatal errors later- tor 0.3.3.6: * new stable release series * controller support and other improvements for v3 onion services * official support for embedding Tor within other application * Improvements to IPv6 support * Relay option ReducedExitPolicy to configure a reasonable default * Revent DoS via malicious protocol version string (boo#1094283) * Many other other bug fixes and improvements- tor 0.3.2.10: * CVE-2018-0490: remote crash vulnerability against directory authorities (boo#1083845, TROVE-2018-001) * CVE-2018-0491: remote relay crash (boo#1083846, TROVE-2018-002) * New system for improved resistance to DoS attacks against relays * Various other bug fixes- tor 0.3.2.9: * new onion service design (v3), not default * new circuit scheduler algorithm for improved performance * directory authority updates * many other updates and improvements- tor 0.3.1.9 with the following security fixes that prevent some traffic confirmation, DoS and other problems (bsc#1070849): * CVE-2017-8819: Replay-cache ineffective for v2 onion services * CVE-2017-8820: Remote DoS attack against directory authorities * CVE-2017-8821: An attacker can make Tor ask for a password * CVE-2017-8822: Relays can pick themselves in a circuit path * CVE-2017-8823: Use-after-free in onion service v2- tor 0.3.1.8: * Add "Bastet" as a ninth directory authority to the default list * The directory authority "Longclaw" has changed its IP address * Fix a timing-based assertion failure that could occur when the circuit out-of-memory handler freed a connection's output buffer * Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 Country database - drop tor-0.3.1.7-fix-zstd-i586.patch, upstreamed- tor 0.3.1.7: * Serve and download directory information in more compact formats * New padding padding system to resist netflow-based traffic analysis * Improve protection against identification of tor traffic by ISP via ConnectionPadding option * Reduce the number of long-term connections open between relays - add tor-0.3.1.7-fix-zstd-i586.patch to fix 32 bit build with zstd- tor 0.3.0.11: * CVE-2017-0380: hidden services with the SafeLogging option disabled could disclose the stack TROVE-2017-008, boo#1059194 * Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2 Country database. * drop tor-0.3.0.7-gcc7-fallthrough.patch, now upstream- tor 0.3.0.10 * Fix a typo that had prevented TPROXY-based transparent proxying from working under Linux. * Avoid an assertion failure bug affecting our implementation of inet_pton(AF_INET6) on certain OpenBSD systems.- tor 0.3.0.9: * CVE-2017-0377: Fix path selection bug that would allow a client to use a guard that was in the same network family as a chosen exit relay (bsc#1046845) * Don't block bootstrapping when a primary bridge is offline and tor cannot get its descriptor * When starting with an old consensus, do not add new entry guards unless the consensus is "reasonably live" (under 1 day old). * Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2 Country database.- tor 0.3.0.8 fixing a pair of bugs that would allow an attacker to remotely crash a hidden service with an assertion failure * CVE-2017-0375: remotely triggerable assertion failure when a hidden service handles a malformed BEGIN cell (bsc#1043455) * CVE-2017-0376: remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit (bsc#1043456) - further bug fixes: * link handshake fixes when changing x509 certificates * Regenerate link and authentication certificates whenever the key that signs them changes; also, regenerate link certificates whenever the signed key changes * When sending an Ed25519 signing->link certificate in a CERTS cell, send the certificate that matches the x509 certificate that was used on the TLS connection * Stop rejecting v3 hidden service descriptors because their size did not match an old padding rule- fix build with GCC 7: warning-errors on implicit fallthrough add tor-0.3.0.7-gcc7-fallthrough.patch bsc#1041262- tor 0.3.0.7: * Fix an assertion failure in the hidden service directory code, which could be used by an attacker to remotely cause a Tor relay process to exit. TROVE-2017-002 bsc#1039211 * Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database. * Tor no longer refuses to download microdescriptors or descriptors if they are listed as "published in the future" * The getpid() system call is now permitted under the Linux seccomp2 sandbox, to avoid crashing with versions of OpenSSL (and other libraries) that attempt to learn the process's PID by using the syscall rather than the VDSO code- tor 0.3.0.6: * clients and relays now use Ed25519 keys to authenticate their link connections to relays, rather than the old RSA1024 keys that they used before. * replace the guard selection and replacement algorithm to behave more robustly in the presence of unreliable networks, and to resist guard-capture attacks. * numerous other small features and bugfixes * groundwork for the upcoming hidden-services revamp- tor 0.2.9.10: * directory authority: During voting, when marking a relay as a probable sybil, do not clear its BadExit flag: sybils can still be bad in other ways too. * IPv6 Exits: Stop rejecting all IPv6 traffic on Exits whose exit policy rejects any IPv6 addresses. Instead, only reject a port over IPv6 if the exit policy rejects that port on more than an IPv6 /16 of addresses. * parsing: Fix an integer underflow bug when comparing malformed Tor versions. This bug could crash Tor when built with - -enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with -ftrapv by default. In other cases it was harmless. Part of TROVE-2017-001 boo#1027539 * Directory authorities now reject descriptors that claim to be malformed versions of Tor * Reject version numbers with components that exceed INT32_MAX. * Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 Country database. * The tor-resolve command line tool now rejects hostnames over 255 characters in length- tor 0.2.9.9: * Downgrade the "-ftrapv" option from "always on" to "only on when --enable-expensive-hardening is provided." This hardening option, like others, can turn survivable bugs into crashes -- and having it on by default made a (relatively harmless) integer overflow bug into a denial-of-service bug * Fix a client-side onion service reachability bug * Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2 Country database.- Remove conditionals for the sle11 as we won't build there due to openssl requirements. This reduces the logic in the spec file quite a bit- tor 0.2.9.8, the first stable release in the 0.2.9.x series: * make mandatory a number of security features that were formerly optional * support a new shared-randomness protocol that will form the basis for next generation hidden services * single-hop hidden service mode for optimizing .onion services that don't actually want to be hidden, * try harder not to overload the directory authorities with excessive downloads * support a better protocol versioning scheme for improved compatibility with other implementations of the Tor protocol * deprecated options for security: CacheDNS, CacheIPv4DNS, CacheIPv6DNS, UseDNSCache, UseIPv4Cache, and UseIPv6Cache, AllowDotExit, AllowInvalidNodes, AllowSingleHopCircuits, AllowSingleHopExits, ClientDNSRejectInternalAddresses, CloseHSClientCircuitsImmediatelyOnTimeout, CloseHSServiceRendCircuitsImmediatelyOnTimeout, ExcludeSingleHopRelays, FastFirstHopPK, TLSECGroup, UseNTorHandshake, and WarnUnsafeSocks. * *ListenAddress options are now deprecated as unnecessary: the corresponding *Port options should be used instead. The affected options are: ControlListenAddress, DNSListenAddress, DirListenAddress, NATDListenAddress, ORListenAddress, SocksListenAddress, and TransListenAddress.- tor 0.2.8.12: * CVE-2016-1254: A hostile hidden service could cause tor clients to crash (bsc#1016343) * update fallback directory list * Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 Country database.- recommend torsocks as it is needed by included torify- tor 0.2.8.11: * Fix compilation with OpenSSL 1.1- tor 0.2.8.10: * When Tor leaves standby because of a new application request, open circuits as needed to serve that request * Clients now respond to new application stream requests immediately when they arrive, rather than waiting up to one second before starting to handle them * small portability and memory handling issues * Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2 Country database.- tor 0.2.8.9: * security fix: prevent remote DoS TROVE-2016-10-001 boo#1005292 * Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2 Country database. * Update signing key- tor 0.2.8.8: * fixes some crash bugs when using bridges * fixes a timing-dependent assertion * removes broken fallbacks from the hard-coded fallback directory list * Updates geoip and geoip6 to the September 6 2016 Maxmind GeoLite2 Country database- tor 0.2.8.7: * The "Tonga" bridge authority has been retired; the new bridge authority is "Bifroest" * Only use the ReachableAddresses option to restrict the first hop in a path. In earlier versions of 0.2.8.x, it would apply to every hop in the path, with a possible degradation in anonymity for anyone using an uncommon ReachableAddress setting- tor 0.2.8.6: * improve client bootstrapping performance * improved identity keys for relays (authority side) * numerous bug fixes and performance improvements- adjust nologin shell for tor user boo#971872- Make building more verbose - Remove useless conditon for libevent, there is dependency for it anyway- skip tests on ports- tor 0.2.7.6 fixes a major bug in entry guard selection, as well as a minor bug in hidden service reliability. [boo#958729]- 0.2.7.5: * More secure identity key type for relays * Improve cryptography performance * Resolve several longstanding hidden-service performance issues * Improve controller support for hidden services - Features removed: * tor-fw-helper is no longer part of thie packaged, it was re-implemented as a separate project - Packaging changes: * drop upstreamed patch tor-0.2.6.10-malformed-hostname-safe-logging.patch- fix Factory build (ignore missing systemd-tmpfiles)- Malformed hostnames in socks5 requests were written to the log regardless of SafeLogging option (CWE-532) [boo#943362] add tor-0.2.6.10-malformed-hostname-safe-logging.patch- tor 0.2.6.10: Significant stability and hidden service client fixes. * Stop refusing to store updated hidden service descriptors on a client. * Stop crashing with an assertion failure when parsing certain kinds of malformed or truncated microdescriptors. * Stop random client-side assertion failures that could occur when connecting to a busy hidden service, or connecting to a hidden service while a NEWNYM is in progress.- tor 0.2.6.9: Clients using circuit isolation should upgrade; all directory authorities should upgrade. * fixes a regression in the circuit isolation code * increases the requirements for receiving an HSDir flag * addresses some small bugs in the systemd and sandbox code.- tor 0.2.6.8: This release fixes a bit of dodgy code in parsing INTRODUCE2 cells, and fixes an authority-side bug in assigning the HSDir flag. All directory authorities should upgrade. - Revert commit that made directory authorities assign the HSDir flag to relay without a DirPort; this was bad because such relays can't handle BEGIN_DIR cells. - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on a client authorized hidden service. - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database. - Update geoip6 to the April 8 2015 Maxmind GeoLite2 Country database.- tor 0.2.6.7 This releases fixes two security issues that could be used by an attacker to crash hidden services, or crash clients visiting hidden services. Hidden services should upgrade as soon as possible. [boo#926097] This release also contains two simple improvements to make hidden services a bit less vulnerable to denial-of-service attacks. - Fix an issue that would allow a malicious client to trigger an assertion failure and halt a hidden service. CVE-2015-2928 - Fix a bug that could cause a client to crash with an assertion failure when parsing a malformed hidden service descriptor. CVE-2015-2929 - Introduction points no longer allow multiple INTRODUCE1 cells to arrive on the same circuit. This should make it more expensive for attackers to overwhelm hidden services with introductions. - Decrease the amount of reattempts that a hidden service performs when its rendezvous circuits fail. This reduces the computational cost for running a hidden service under heavy load.- tor 0.2.6.6, the first stable release in the 0.2.6 series: * safety/security improvements * correctness improvements * performance improvements * Client programs can be configured to use more kinds of sockets * AutomapHosts works better * multithreading backend is improved * cell transmission is refactored * test coverage is much higher * more denial-of-service attacks are handled * guard selection is improved to handle long-term guards better * pluggable transports should work a bit better * some annoying hidden service performance bugs addressed - new minimal configuration file installed as active configuration allows daemon to be run right after package installation - build with systemd notifications where supported- add CVE IDs for 0.2.5.11 release- tor 0.2.5.11 [boo#923284]: Contains several medium-level security fixes for relays and exit nodes and also updates the list of directory authorities. * Directory authority updates * relay crashes trough assertion (CVE-2015-2688) * exit node crash through assertion under high DNS load (CVE-2015-2689) * do not crash when receiving SIGHUP with the seccomp2 sandbox on * do not crash sh during attempts to call wait4 * new "GETINFO bw-event-cache" for controllers * update geoip/geoip6 to the March 3 2015 * Avoid crashing on malformed VirtualAddrNetworkIPv[4|6] config * Fix a memory leak when using AutomapHostsOnResolve * Allow directory authorities to fetch more data from one another- fix build for SLE 12, libminiupnpc-devel not available- tor 0.2.5.10, the first stable release in the 0.2.5 series. * improved denial-of-service resistance for relays * new compiler hardening options * system-call sandbox for hardened installations on Linux (requires seccomp2) * controller protocol has several new features * improvements in resolving IPv6 addresses * relays more CPU-efficient - adjust tor-0.2.4.x-logrotate.patch to tor-0.2.5.x-logrotate.patch - run unit tests- tor 0.2.4.25 [boo#902476] Disables SSL3 in response to the recent "POODLE" attack (even though POODLE does not affect Tor). It also works around a crash bug caused by some operating systems' response to the "POODLE" attack (which does affect Tor). - Disable support for SSLv3. - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or 1.0.1j, built with the 'no-ssl3' configuration option.i02-ch1a 1699617049 0649ae0fb4b02049bac6a6b0093ffa7e163164226b45b760a1a7c4ac41f4f2270fc5a3459cbc870dd61c11dbe2ba0d85efdb7445fbe43f4f3f4c7809d6daab572926aae84c3e03d5a8c470114773e1670.4.8.9-bp155.2.6.10.4.8.9-bp155.2.6.1debug.build-id0649ae0fb4b02049bac6a6b0093ffa7e1631642249ae0fb4b02049bac6a6b0093ffa7e16316422.debug6b45b760a1a7c4ac41f4f2270fc5a3459cbc870d45b760a1a7c4ac41f4f2270fc5a3459cbc870d.debugd61c11dbe2ba0d85efdb7445fbe43f4f3f4c78091c11dbe2ba0d85efdb7445fbe43f4f3f4c7809.debugdaab572926aae84c3e03d5a8c470114773e167daab572926aae84c3e03d5a8c470114773e167.debug.dwztor-0.4.8.9-bp155.2.6.1.x86_64usrbintor-0.4.8.9-bp155.2.6.1.x86_64.debugtor-gencert-0.4.8.9-bp155.2.6.1.x86_64.debugtor-print-ed-signing-cert-0.4.8.9-bp155.2.6.1.x86_64.debugtor-resolve-0.4.8.9-bp155.2.6.1.x86_64.debug/usr/lib//usr/lib/debug//usr/lib/debug/.build-id//usr/lib/debug/.build-id/06//usr/lib/debug/.build-id/6b//usr/lib/debug/.build-id/d6//usr/lib/debug/.dwz//usr/lib/debug/usr//usr/lib/debug/usr/bin/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:18181/openSUSE_Backports_SLE-15-SP5_Update/76cd7646ddbd974c1b5eba577881820d-tor.openSUSE_Backports_SLE-15-SP5_Updatecpioxz5x86_64-suse-linuxdirectoryELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), BuildID[sha1]=04f2db324dfc784931f10ace6a9b50cb42e3a291, with debug_info, not strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter *empty*, BuildID[sha1]=d6daab572926aae84c3e03d5a8c470114773e167, for GNU/Linux 3.2.0, with debug_info, not strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter *empty*, BuildID[sha1]=6b45b760a1a7c4ac41f4f2270fc5a3459cbc870d, for GNU/Linux 3.2.0, with debug_info, not strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter *empty*, BuildID[sha1]=0649ae0fb4b02049bac6a6b0093ffa7e16316422, for GNU/Linux 3.2.0, with debug_info, not strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter *empty*, BuildID[sha1]=d61c11dbe2ba0d85efdb7445fbe43f4f3f4c7809, for GNU/Linux 3.2.0, with debug_info, not strippedPPPP zitor-debugsource(x86-64)0.4.8.9-bp155.2.6.1utf-8549404dc9b51ed875a34c2d39aae21c0060c120c92deadb920ee40ead1659fe8?7zXZ !t/P] crt:bLL ( v^b@rX|CfΑ=%Zay6K9F+:EX8D+lJ<>}+$]¿8Ѥ)hln#^*-d߾ epEF;Z3Gcjn>]qNga4c-"EFcKߔ6eNG>Yp*u).* hݢE^jMb5WoK+aMw-8-3P=K6nJ(Hi:v߫k7FкFh~TZ~H 2n?P)Ij j5m],p#Vn )oqM`Y yN nRcӴ!9JمbkETXvNS@ng(J~Ћu#(8/HBZ.~L~y#E5ϗXSmu٨U_; BI7HvcBBl+W ۮހa"[@VNԐ2.P?1~OS/$<ԴKK`{RZKaR kճEL#_L0$K BuwƽSgÓW"= er/:SxV!Z!HbSZ!=áZU 3w|WnFmf:@y0ؔ4[vK[j*-~uQ}j,H¸  ucX<8`׶I>衬BC^`? kD\@F?jG3͂3ex\Ԟ>Zl`)QwKjaa'- Gِ׷PFqeџ.aN=sfG\ oڶp %XF-]Q݌?#j컦gQ866ώM-ֺ&Ç˃h>RK\b;bH-Fx!Lݗړ[: #;h5ؽ-\ͭ YH#3.'D),p!&r|ېDLߴ#l>-r z2~KDa;Z&GA_9O=Sv 6ԡkNȉ[-+fhۏRKCk6f5C.h,J 0yy\3maSmʃG^u=aUR,ijgU *BPR xAK&ҳ<ױ8㱛 i 3չ}M>3qv #7P=͸X岩P4APm{+&<|„Q?0;XRОa$ ~C?lܛ~אk&[l#y߆oOّyXC(1"J'a(LyvrE9)߄]J|i0K"H0E0II9"MރHx0$ANRIZ3UH>6A#*&qރR9llq[.V+R]?Iw tt4F@ZВ/ LIVnjMt||s?Q8'ě42XG<|8Ji. N̻p5\TiX+dQz^)VL>7݅7Hlg|ojh8yÝ%pa RUJ |UaYy<3dZ^ʪT#F+f-4L:i/=Q[QJ=0,bFdv2yn"P.|>SQnͮ NPb6G 13`ڃHG80i>8{縀KM)Xְ0Cs^#syy@)̜tOd7OOn2*T{v2@Vp? D=I[f?2|LZVeSF0w3gAx<vFڐDչp!EZp;;d~c;_4Zqח֔kV!y yp:Ee^C:Pœ//]r<8#V} \6bBDJ4Vq$3YҢjz rIVo9wLwtx4 Uĸk,ytO(sPAtX0[x$iF݋gQT bOkK-k{_-5^tWi?PǨ> zb0k00[_q|$MD.`Ϣyw +%d{Ҧ†tê3! ,Lģ3ch{4(CE th1K2^U[ҿ[_$HCrW߁Q ZUè/(^J!apւxXMaCiI}YuvJi{5˵_ l ؟ @[HU?`M%IlcD U p %~;zIy77ACkdc,|_KS,zu}^ˢtL\W dzvf.*y|F~R. JoلBJӘpP (їIY"c;LLfדss*=>Q-28SӄsF@kr2N_X  L'e5"d"M貌"OY~x~2Ԇ1ݽWYhSK8Ug?1zҼM]%PZ?kX`2";NxmYu7`;Xmk_+Ҏ^]drAvC{96pKDp? `VU#M/8$oOը}ʹЯX20#RŞHc" }y_s6gK\r=<3YOh:kmC*jwo9ԀI|Wݘ@?{˚c^D)"Dr)+zYPGEPU(& z!z~ \w[QQʬ ]wFm#,Pik Q T&箑.x|F/fPJ95=F'V! YhD!J$: ݑ3zG5.|H:oC4MjqLio-XnӞJyu|@ssfU6#2^amr[enM}z!u߃#Y pA,8ݗFZz ΞG5;K%T8_FgZ?72V&8P{qq^UR;FMh,QigH(΂'IAuGL.{'"lw"AFC{,H}LTZcV&9Ip7T.~@|ݞߔwS|:OoJ*%X4۞eQ("(5  F^24p䓴P${z1R~ TY $5!]`d(diLZǣQj亵~]%LNέ]9\neznof(DW%fMXPKut( X6\1 X$ql[d ddK-+v+G5s/vOatuhU:u}mKY?`'Ui s]?pam})ۦ T&,V+)P;a2k(xT+&Үdnr?ޒ/P?mgeT9Rz,P5n&+Tu>w38]/`` :ݨ XW_L߲o ԓg-|6Ƙc㜾([.z }Ю;$ vC+5~R2Tc꡾7)jlaa&Xc@ӽ-p+KQJ3~Fd?kȍk4yL:ѓIhh΄v,ZwÝuY5 RI8s׀n7(ʋAi)4Z_[k߷m-70 zwV8&"r"'{>o\p!YXk"fi82? Y7wJphmNT]CNK$Z,ܥ:hB{f/>b]=>0MqZPGhW3~) |\XF Q8hȱm' \fhCsj9 esC<)ĊWNrBCDb@9D(3Ck{_TֿnD=p9?/ysZ?}ʣ:-V|ً%|tL1~f6fiV,w,}yFr_$!K>ՠhܿ2dPsxkBxC~癉+1_UW͘2~BVكf:We^RZ z>DU%&rn¸|/>;?3]!@.Nxۘ(TQx95:}9#.!>lf5d]KijqM)ҋ~J^$ ߥY W.EDw߅otqslY Lq@L;;cbAwM?,MGWaw}M{ίkB=|>ĪQ&)0)8)M\ZKgP0]A#v:qXv ߗ%g@cW7@&>Xr102v3=:9-t,DV5CZjPë;JI+\SFC?͙X߯8bֿjl3 ZѬ/-<0B'Al2Fz?˒n_q֝c'd!U^r,CLlJjd{s^5WzgiD=;xvD$njvF>;))g~ ij}R;5w] HJjL87G_Q!%C$Io.E@ :o_ıĮD5k){ώЊ81x'rN#.(݇v—- 3i\~Q,f9{Ճd6-"&<73z7 I$A3gk5}%=N)m~b/2wP>_)m"4$!T6%&9ZDx >|ړHF{AsTPx+Q7$UwUPnmjHZZqʧnq@agbs;r 9Oga&\q:b{SM^1<窕|+ #ͪ} GNۏż'QT̈ hlW-/D7!A}GC VNrB)05M>%`{I2T}ძ9فmtEH&!y*Ygʯ4Adpwh?JbҸ RɄ `Yׁr<0s;wF> ofaƜXwX#.O<$>IU?./˓Ƀ_1D~%ZL\ }bwW-<AT)qGT{j- Ŗa Nm҈Ԡ5)g<\I2t2g v6M#T!Ӱmx3T#\ yO?wfT:aLx !./9ՋzC#&LdG61r{ɪOR -]![sS$BP¨lT#Yj/k@;N3z4|-u[Ziwokď=(&aSrQ6.6Rs,1I ?7 #[z}o_T J%Rގ@3UD=kFUm;1Qܼ((p u0/*uKf(_ޏ 1!а.W%<+"X~ ȺSh3u^5Kb'5TA>7!h;`QDe. vSy ePqU ' z^AtiFIΞݿh)d?K2(%'` B#)xs3%><|`Xr, oH"T.%s{ǥK z=o(? nY?@-]߆DQiEw͘;n"!Xi+XZ 'N_ 1NJEdVkx] v6Z/[pQ4zXTDF zx ;{F%nqC~m2yH>H_'-f: \or$Oh IP poR|̤W^ɐd'D=C в]qXaę'kLZ5jJLMb~'-p *4!W V5R?v#9XhRs\^Mo 9`-BaFHؕ:AE\Ws4:!ͳx "kI@ 8i U2teO Af^/)KvCP۝eptEX'DB4r6AҊ!yj4A8^/u"e娟f\mqZe80NYآ_7.vRWvv2ml-sPG#x1Sw龆Z>y:R- (u׼zִw8_${\?ҹ^rSj@7,cvh $\C/kQ <\ j,dZ cK@<@:iKptk` m mD&t2b:( S^P x%sT]՟dR l _%L:6ow$ZZwn4ǘwXH;xł3Il Ǭ{=)6@Z=[lץPܱ`/nȳ,w"n/R@@~)iqܑGI4$Z, tj 82ji׈T_sƀM”wzRPTJoUXHGE0Z v:N>!:lyvsV=j1_Fn3SdQ&$2)"%mi$>i2x<̓f_ս4>=a@%ϫ⟆.8!!-A⎖De+.uG'WX~,čQ¶jW&FAsBw8k4GWk̶b03jdZ=F.}栒EJbt\~Gewxbb0XڮK › >Cz}T.VǮNx'},.R!mɱB>1}չ+ {*V)$@sc?)qwOfPHam0:} 4)97 BKTgӅ Bd Gj~Ս D3mCpkZ N9:6T$t#ҁ@{)R뇊n/[br]>E!-b'l%͹,GIxtm[5xMRΥl#>  G$BjZ[@]3%a .,iMر;FS$Bu2tU7AKftd.qAx#x2 YV _Bj=%!B$V!܋q6%u JygAFZvYw^IU> +sn HnՒXT-SϞUJ 1 /}'Hn|nL& (X_`+oQ|`u:"M4x!l1EĔ7%op/kO.ȸM̩n!{_+'y,MD?πT^ɍrBLq,!hi 6hQwi4c5T#Γ>i1}G';+$vQBj%ʔ FDxrxc< -uv+Frd(*6ESQJ9\Y6s"Ul ־\e>Nb = vr3'n{=q5V< Ktx&%+&h7QÅr4Ab$ܲnE?Pi%M%+R^@uh?2NjV9T):Oh)^sT3Y;C˯"j|~X^}o5GM ٙ"]I(zXF'/iaҀ8GI;)Ռ{jZ>uqu|r2ɯ_`) A %1Aee;ԗI¹]"G|* aVDES}RBiRhXoQLXzUOO$Z*QoYP(:R4}ʑړPn t{9 j%7K WL&gXtʌB$;\oNtY FSӃ-NG@/ݪ`oc\K{DECCv1Q̥ 2 ۏ;4,ȋ67-%4S!'HtvepftL(Q\rtUHpWk_ߝ&U wط˫13N򬼍}>r0J eT{>pqE!V1K_ ;r?j`h?(yraǮQꖰ@ּ=Hpd1$Dx?`j=RE5uKd%3i6Eap_c7 iϳʥP˱bOflo䘩dɱܻҋFW"yTb="^BFB~ww)IqJAVѱdaC[&~&KۺP7FnQZ4_+cWkR]{2_mi%"CZOôP1U+af)Պ =ߥXlypЃW &=vlÈj0s%sh)Hp d>^a%?Fgh&c3q炢Coc!5&3N@Dŕl%GFpLIdp~ǟى9>7QZSnF8腛ݙ I k ȦI<~.cjK;eYS(@ݦ8SDy= kAJFrTr[f`%dqL+B1%Rg27Bqi'