Welcome!

Welcome to opensource.dyc.edu. This site is dedicated to the distribution of Open Source software developed by both the students and faculty in the Information Technology Department at D'Youville College. The development teams hosted here are dedicated to the production of high quality Open Source software which serve a variety of needs.

D'Youville College is a small Liberal Arts College located in Buffalo, NY, that offers baccalaureate and graduate degrees in a variety of disciplines. For more information about the College and our programs, please visit www.dyc.edu . For more information about the Information Technology and our degrees, visit our site at tweedledee.dyc.edu/it .

Tor-ramdisk 20141022 released

Following the latest and greatest exploing in openssl, CVE-2014-3566, aka POODLE, the tor team released tor version 0.2.4.25. While the exploit was in openssl and is resolved by openssl-1.0.1j, the team decided to turn off the affected protocol, SSL v3 or TLS 1.0 or later. They also fixed tor so as to avoid a crash if built using openssl 0.9.8zc, 1.0.0o, or 1.0.1j, with the 'no-ssl3' configuration option. These important fixes to two major components of tor-ramdisk waranted a new release.

sthttpd 2.27.0 released

There isn't much activity going on with code as mature as sthttpd, but there is some. The latest release does take care of a couple of CVE's. I fixed the world readable log problem, CVE-2013-0348. And Vitezslav Cizek from suse fixed a possible DOS on specially crafted .htpasswd, CVE-2012-5640. Bob Tennent added some code to correct headers for .svgz content, and Jean-Philippe Ouellet did code cleanup.

sthttpd is now being distributed in Gentoo and OpenBSD.

Tor-ramdisk 20140925 released

Upstream tor release 0.2.4.24 with one majore bug fix according to their ChangeLog. Clients were apparently sending the wrong address for their chosen rendezvous points for hidden services, which sounds like it shouldn't work, but it did because they also sent the identity digest. This should improve surfing of hidden services. The other minor changes involved updating geoip information and the address of a v3 directory authority, gabelmoo.

Tor-ramdisk 20140801 released

A new bug hit the tor world this week, CVE-2014-5117, which lead the tor tream to push out tor-0.2.4.23 a few days ago. Roger Dingledine made an announcement explaining that on July 4, they found a group of relays trying to de-anonymize users accessing hidden tor sites. This group joined the tor network on January 30 and were removed on July 4. So, if you accessed any hidden sites in that time, you may have been affected.

Tor-ramdisk 20140520 released

It has been a over a month since the "heartbleed" bug (CVE-2014-0160) hit the security world, but its affacts are still being felt. tor-0.2.4.22 released last week backported the blacklisting of authority signing keys that were used on authorities vulnerable to CVE-2014-0160. They tested the block out on 0.2.5.4-alpha and then pulled it into the stable branch. While upgrading to openssl-1.0.1g was sufficient to close the exploit, the fact remains that private could have been leaked.

Tor-ramdisk 20140409 released

This is a rapid release to address CVE-2014-0160 in openssl which we bumped to the latest secure version, 1.0.1g. The so-called heartbleed bug allows the leaking of the encryption keys themselves, making this a serious bug. We also took the opportunity to bump the kernel to Hardened Gentoo's latest, 3.13.8, but left everything else the same.

Tor-ramdisk 20140309 released

There was a recent bump to the stable tor branch to 0.2.4.21. There was one major bugfix (reguarding circuit failure), one major security enhencement (to make sure that at least one relay uses the more secure NTor), and numerous other minor features and fixes. You can read about it in their ChangeLog.

Lilblue: release 20140218

I just pushed out a new release of Lilblue Linux 20140218 [1] which you can download from any Gentoo mirror [2]. For those of you who don't know, Lilblue Linux is a security-enhanced fully featured XFCE4 desktop system for amd64. It is built with Gentoo's hardened toolchain [3] and uses Gentoo's hardened-sources for the kernel which include the Grsec/PaX patches [4] for added security.

Tor-ramdisk 20131230 released

Its a bit of repetition of history. When the tor team bumped form the 2.2 to the 2.3 branch there was a shower of new releases all in rapid succession as bugs where fixed. The same seems to be happening now with the 2.4 branch. Three major bugfixes were pushed out in 0.2.4.20 which was released on Dec 22, 2013. One of them improves how random seeding is done for openssl. The other two have to do with dealing with IPv6 addresses and avoiding spurious circuits.

Syndicate content