Welcome to opensource.dyc.edu. This site is dedicated to the distribution of Open Source software developed by both the students and faculty in the Information Technology Department at D'Youville College. The development teams hosted here are dedicated to the production of high quality Open Source software which serve a variety of needs.

D'Youville College is a small Liberal Arts College located in Buffalo, NY, that offers baccalaureate and graduate degrees in a variety of disciplines. For more information about the College and our programs, please visit . For more information about the Information Technology and our degrees, visit our site at tweedledee.dyc.edu/it .

Tor-ramdisk 20151215 released

This release of tor-ramdisk switches from the tor-0.2.6 branch to the 0.2.7. This new branch depends on openssl’s elliptic curves code which is patented and can’t be distribute in tor-ramdisk. Luckily Gentoo has been working on porting over libressl as a drop in alternative to openssl, so I was able to switch easily.

Tor-ramdisk 20150714 released

This release of tor-ramdisk follows upstream's release of tor- This includes a couple of major bugfixes which addressed stability issues in hidden services clients. It also included a minor bugfix in the seccomp code which made it into Gentoo as bug #550302. Basically you would get a crash when using Sandbox. Have a look at upstream's ChangeLog for more details.

Tor-ramdisk 20150616 released

A couple of weeks ago, the Tor team released The bump from addressed one major client side fix that might affects tor-ramdisk which is usually run as a relay or exit node --- I say "might" because tor-ramdisk can be configured as a client on, say, a local network. The fix now separates out each SOCKSPort when doing stream isolation, thus improving privacy protection. Other fixes included: 1) the HSDir flag now requires the Stable flag on directory authorities making the sybil attack harder, 2) there were a few improvements to seccomp and systemd support.

Tor-ramdisk 20150531 released

This is a maintenance release following upstream's release of tor- a couple of weaks ago. We took the opportunity to upgrade most of the other packages like busybox, openssl, openssh etc to the latest versions upstream and tested the newly spun iso' for about one week in the wild. All seems good, so we pushed them out.

Tor-ramdisk 20150411 released

This release of tor-ramdisk follows upstream's release of tor and Both branches are now carrying stable releases, so I made the jump to the 0.2.6 branch to keep up with the new features uptream has been adding with each new branch. These releases come only a couple of months after the last releases and they address a couple of bugs. One is an assertion failure which a client can trigger in a hidden service.

Tor-ramdisk 20150322 released

This release of tor-ramdisk follows uptream's release of tor- on March 17 which addresses some major bugs regarding the stability of relay and exit nodes. Numerous other minor bugs were also addressed, but no new features were added. Take a look at their ChangeLog for more details.

Tor-ramdisk 20150114 released

This release of tor-ramdisk was triggered by some integer ovreflow bugs in libevent, CVE-2014-6272, which may be exploitable, but I took the opportunity to bump tor from the older 0.2.4 branch to in the latest stable branch. I also updated busybox, openssl and the kernel to keep up to date with upstream, tested for a few days and pushed the images out.

As always, let me know if there are any issues. Enjoy! And remember to keep it safe out there.

Tor-ramdisk 20141022 released

Following the latest and greatest exploing in openssl, CVE-2014-3566, aka POODLE, the tor team released tor version While the exploit was in openssl and is resolved by openssl-1.0.1j, the team decided to turn off the affected protocol, SSL v3 or TLS 1.0 or later. They also fixed tor so as to avoid a crash if built using openssl 0.9.8zc, 1.0.0o, or 1.0.1j, with the 'no-ssl3' configuration option. These important fixes to two major components of tor-ramdisk waranted a new release.

sthttpd 2.27.0 released

There isn't much activity going on with code as mature as sthttpd, but there is some. The latest release does take care of a couple of CVE's. I fixed the world readable log problem, CVE-2013-0348. And Vitezslav Cizek from suse fixed a possible DOS on specially crafted .htpasswd, CVE-2012-5640. Bob Tennent added some code to correct headers for .svgz content, and Jean-Philippe Ouellet did code cleanup.

sthttpd is now being distributed in Gentoo and OpenBSD.

Syndicate content