pkg/46609: [UPDATE by Maintainer] net/tor 0.2.2.36 -> 0.2.2.37

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/46609: [UPDATE by Maintainer] net/tor 0.2.2.36 -> 0.2.2.37
From: reezer%reezer.org@localhost
Date: Sun, 17 Jun 2012 07:50:00 +0000 (UTC)

>Number:         46609
>Category:       pkg
>Synopsis:       [UPDATE by Maintainer] net/tor 0.2.2.36 -> 0.2.2.37
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sun Jun 17 07:50:00 +0000 2012
>Originator:     Christian Sturm
>Release:        
>Organization:
>Environment:
>Description:
The attached, gz-compressed, uuencoded patch updates net/tor to 0.2.2.37. As 
you can see in the changelog, as well as in the version number it's a bug 
fixing release, which like previous bug fix releases is highly unlikely to 
break anything. It therefore can (and probably should) be included, even though 
pkgsrc is frozen.


Changes in version 0.2.2.37 - 2012-06-06
  Tor 0.2.2.37 introduces a workaround for a critical renegotiation
  bug in OpenSSL 1.0.1 (where 20% of the Tor network can't talk to itself
  currently).

  o Major bugfixes:
    - Work around a bug in OpenSSL that broke renegotiation with TLS
      1.1 and TLS 1.2. Without this workaround, all attempts to speak
      the v2 Tor connection protocol when both sides were using OpenSSL
      1.0.1 would fail. Resolves ticket 6033.
    - When waiting for a client to renegotiate, don't allow it to add
      any bytes to the input buffer. This fixes a potential DoS issue.
      Fixes bugs 5934 and 6007; bugfix on 0.2.0.20-rc.
    - Fix an edge case where if we fetch or publish a hidden service
      descriptor, we might build a 4-hop circuit and then use that circuit
      for exiting afterwards -- even if the new last hop doesn't obey our
      ExitNodes config option. Fixes bug 5283; bugfix on 0.2.0.10-alpha.

  o Minor bugfixes:
    - Fix a build warning with Clang 3.1 related to our use of vasprintf.
      Fixes bug 5969. Bugfix on 0.2.2.11-alpha.

  o Minor features:
    - Tell GCC and Clang to check for any errors in format strings passed
      to the tor_v*(print|scan)f functions.
>How-To-Repeat:

>Fix:
begin 644 tor-0.2.2.37.patch.gz
M'XL("%VAW4\``W1O<BTP+C(N,BXS-RYP871C:`"]D<M*`S$4AM?.4V2IT.GD
MY'*2*58I5M!%7;2^0*YEJ,Q(9JB7IS<%2[7:E6!".(&0[_Q?<DU>NK0I[EL?
M7B=D838A-D^AF/Y]%,N;%=G!)J1RVSYUW5`];]9]<E4;AFKH4K5O-]H6*0RI
M"=NF79.42]]T+8&QQL(W,9(R[?:'>,*)XI+,[U>/#[/%[?3L+--*.F9Y<BS*
MLBRN3IRJO:IO^J%I8_=/JOMV)U4E/ZA*?HC'1]+EE757=S,@YU]-QX-)X_7[
M!9D2`V"<=A84Y9YRM)H+IAQ$'HT%E$HX8%[4F;-<S`'I29(61H.FQ@9&*0@7
ML)98ARBHXJ`ET\$+5MNX2]2\AY,<5C,)'(E]&T+_^2<_%-27"]PX+GG0D).C
M8<IH-,[Y8!0:#-&#I=F`BLSY1>$;20E44E!JC39*4-00G=7@N?.(GBON,.9'
4V24Z5E!'"K+6GPH?HP'GT"L#````
`
end

Prev by Date: PR/46605 CVS commit: pkgsrc/multimedia/gmplayer
Next by Date: pkg/46610: vim-license, so editors/vim shouldn't carry a LICENSE variable?
Previous by Thread: PR/46605 CVS commit: pkgsrc/multimedia/gmplayer
Next by Thread: pkg/46610: vim-license, so editors/vim shouldn't carry a LICENSE variable?
Indexes:

Home | Main Index | Thread Index | Old Index