[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
PR/41688 CVS commit: [pkgsrc-2009Q2] pkgsrc/net/tor
The following reply was made to PR pkg/41688; it has been noted by GNATS.
From: Matthias Scheler <tron%netbsd.org@localhost>
Subject: PR/41688 CVS commit: [pkgsrc-2009Q2] pkgsrc/net/tor
Date: Thu, 16 Jul 2009 09:23:44 +0000
Module Name: pkgsrc
Committed By: tron
Date: Thu Jul 16 09:23:44 UTC 2009
pkgsrc/net/tor [pkgsrc-2009Q2]: Makefile distinfo
Pullup ticket #2813 - requested by obache
tor: security update
Revisions pulled up:
- net/tor/Makefile 1.64
- net/tor/distinfo 1.35
Module Name: pkgsrc
Committed By: obache
Date: Thu Jul 9 11:52:31 UTC 2009
pkgsrc/net/tor: Makefile distinfo
Update tor to 0.2.0.35.
maintainer update request via PR 41688.
Changes in version 0.2.0.35 - 2009-06-24
o Security fix:
- Avoid crashing in the presence of certain malformed descriptors.
Found by lark, and by automated fuzzing.
- Fix an edge case where a malicious exit relay could convince a
controller that the client's DNS question resolves to an internal IP
address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
o Major bugfixes:
- Finally fix the bug where dynamic-IP relays disappear when their
IP address changes: directory mirrors were mistakenly telling
them their old address if they asked via begin_dir, so they
never got an accurate answer about their new address, so they
just vanished after a day. For belt-and-suspenders, relays that
don't set Address in their config now avoid using begin_dir for
all direct connections. Should fix bugs 827, 883, and 900.
- Fix a timing-dependent, allocator-dependent, DNS-related crash bug
that would occur on some exit nodes when DNS failures and timeouts
occurred in certain patterns. Fix for bug 957.
o Minor bugfixes:
- When starting with a cache over a few days old, do not leak
memory for the obsolete router descriptors in it. Bugfix on
0.2.0.33; fixes bug 672.
- Hidden service clients didn't use a cached service descriptor that
was older than 15 minutes, but wouldn't fetch a new one either,
because there was already one in the cache. Now, fetch a v2
descriptor unless the same descriptor was added to the cache within
the last 15 minutes. Fixes bug 997; reported by Marcus Griep.
To generate a diff of this commit:
cvs rdiff -u -r1.63 -r18.104.22.168 pkgsrc/net/tor/Makefile
cvs rdiff -u -r1.34 -r22.214.171.124 pkgsrc/net/tor/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Main Index |
Thread Index |