Welcome!

Welcome to opensource.dyc.edu. This site is dedicated to the distribution of Open Source software developed by both the students and faculty in the Information Technology Department at D'Youville College. The development teams hosted here are dedicated to the production of high quality Open Source software which serve a variety of needs.

D'Youville College is a small Liberal Arts College located in Buffalo, NY, that offers baccalaureate and graduate degrees in a variety of disciplines. For more information about the College and our programs, please visit www.dyc.edu . For more information about the Information Technology and our degrees, visit our site at tweedledee.dyc.edu/it .

Tor-ramdisk 20150411 released

This release of tor-ramdisk follows upstream's release of tor 0.2.5.12 and 0.2.6.7. Both branches are now carrying stable releases, so I made the jump to the 0.2.6 branch to keep up with the new features uptream has been adding with each new branch. These releases come only a couple of months after the last releases and they address a couple of bugs. One is an assertion failure which a client can trigger in a hidden service.

Tor-ramdisk 20150322 released

This release of tor-ramdisk follows uptream's release of tor-0.2.5.11 on March 17 which addresses some major bugs regarding the stability of relay and exit nodes. Numerous other minor bugs were also addressed, but no new features were added. Take a look at their ChangeLog for more details.

Tor-ramdisk 20150114 released

This release of tor-ramdisk was triggered by some integer ovreflow bugs in libevent, CVE-2014-6272, which may be exploitable, but I took the opportunity to bump tor from the older 0.2.4 branch to 0.2.5.10 in the latest stable branch. I also updated busybox, openssl and the kernel to keep up to date with upstream, tested for a few days and pushed the images out.

As always, let me know if there are any issues. Enjoy! And remember to keep it safe out there.

Tor-ramdisk 20141022 released

Following the latest and greatest exploing in openssl, CVE-2014-3566, aka POODLE, the tor team released tor version 0.2.4.25. While the exploit was in openssl and is resolved by openssl-1.0.1j, the team decided to turn off the affected protocol, SSL v3 or TLS 1.0 or later. They also fixed tor so as to avoid a crash if built using openssl 0.9.8zc, 1.0.0o, or 1.0.1j, with the 'no-ssl3' configuration option. These important fixes to two major components of tor-ramdisk waranted a new release.

sthttpd 2.27.0 released

There isn't much activity going on with code as mature as sthttpd, but there is some. The latest release does take care of a couple of CVE's. I fixed the world readable log problem, CVE-2013-0348. And Vitezslav Cizek from suse fixed a possible DOS on specially crafted .htpasswd, CVE-2012-5640. Bob Tennent added some code to correct headers for .svgz content, and Jean-Philippe Ouellet did code cleanup.

sthttpd is now being distributed in Gentoo and OpenBSD.

Tor-ramdisk 20140925 released

Upstream tor release 0.2.4.24 with one majore bug fix according to their ChangeLog. Clients were apparently sending the wrong address for their chosen rendezvous points for hidden services, which sounds like it shouldn't work, but it did because they also sent the identity digest. This should improve surfing of hidden services. The other minor changes involved updating geoip information and the address of a v3 directory authority, gabelmoo.

Tor-ramdisk 20140801 released

A new bug hit the tor world this week, CVE-2014-5117, which lead the tor tream to push out tor-0.2.4.23 a few days ago. Roger Dingledine made an announcement explaining that on July 4, they found a group of relays trying to de-anonymize users accessing hidden tor sites. This group joined the tor network on January 30 and were removed on July 4. So, if you accessed any hidden sites in that time, you may have been affected.

Tor-ramdisk 20140520 released

It has been a over a month since the "heartbleed" bug (CVE-2014-0160) hit the security world, but its affacts are still being felt. tor-0.2.4.22 released last week backported the blacklisting of authority signing keys that were used on authorities vulnerable to CVE-2014-0160. They tested the block out on 0.2.5.4-alpha and then pulled it into the stable branch. While upgrading to openssl-1.0.1g was sufficient to close the exploit, the fact remains that private could have been leaked.

Tor-ramdisk 20140409 released

This is a rapid release to address CVE-2014-0160 in openssl which we bumped to the latest secure version, 1.0.1g. The so-called heartbleed bug allows the leaking of the encryption keys themselves, making this a serious bug. We also took the opportunity to bump the kernel to Hardened Gentoo's latest, 3.13.8, but left everything else the same.

Syndicate content