[pkgsrc/trunk]: pkgsrc/net/tor Updated tor to 0.2.9.10.

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/net/tor Updated tor to 0.2.9.10.
From: wiz <wiz%pkgsrc.org@localhost>
Date: Wed, 15 Jan 2020 06:48:09 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/972c4cd0a1fc
branches:  trunk
changeset: 359295:972c4cd0a1fc
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Sun Mar 05 14:55:15 2017 +0000

description:
Updated tor to 0.2.9.10.

Changes in version 0.2.9.10 - 2017-03-01
  Tor 0.2.9.10 backports a security fix for users who build Tor with
  the --enable-expensive-hardening option. It also includes fixes for
  some major issues affecting directory authorities, LibreSSL
  compatibility, and IPv6 correctness.

  The Tor 0.2.9.x release series is now marked as a long-term-support
  series.  We intend to backport security fixes to 0.2.9.x until at
  least January of 2020.

  o Major bugfixes (directory authority, 0.3.0.3-alpha):
    - During voting, when marking a relay as a probable sybil, do not
      clear its BadExit flag: sybils can still be bad in other ways
      too. (We still clear the other flags.) Fixes bug 21108; bugfix
      on 0.2.0.13-alpha.

  o Major bugfixes (IPv6 Exits, backport from 0.3.0.3-alpha):
    - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
      any IPv6 addresses. Instead, only reject a port over IPv6 if the
      exit policy rejects that port on more than an IPv6 /16 of
      addresses. This bug was made worse by 17027 in 0.2.8.1-alpha,
      which rejected a relay's own IPv6 address by default. Fixes bug
      21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.

  o Major bugfixes (parsing, also in 0.3.0.4-rc):
    - Fix an integer underflow bug when comparing malformed Tor
      versions. This bug could crash Tor when built with
      --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor
      0.2.9.8, which were built with -ftrapv by default. In other cases
      it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
      on 0.0.8pre1. Found by OSS-Fuzz.

  o Minor features (directory authorities, also in 0.3.0.4-rc):
    - Directory authorities now reject descriptors that claim to be
      malformed versions of Tor. Helps prevent exploitation of
      bug 21278.
    - Reject version numbers with components that exceed INT32_MAX.
      Otherwise 32-bit and 64-bit platforms would behave inconsistently.
      Fixes bug 21450; bugfix on 0.0.8pre1.

  o Minor features (geoip):
    - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
      Country database.

  o Minor features (portability, compilation, backport from 0.3.0.3-alpha):
    - Autoconf now checks to determine if OpenSSL structures are opaque,
      instead of explicitly checking for OpenSSL version numbers. Part
      of ticket 21359.
    - Support building with recent LibreSSL code that uses opaque
      structures. Closes ticket 21359.

  o Minor bugfixes (code correctness, also in 0.3.0.4-rc):
    - Repair a couple of (unreachable or harmless) cases of the risky
      comparison-by-subtraction pattern that caused bug 21278.

  o Minor bugfixes (tor-resolve, backport from 0.3.0.3-alpha):
    - The tor-resolve command line tool now rejects hostnames over 255
      characters in length. Previously, it would silently truncate them,
      which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
      Patch by "junglefowl".

diffstat:

 net/tor/Makefile |   4 ++--
 net/tor/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (27 lines):

diff -r 0939fca563cd -r 972c4cd0a1fc net/tor/Makefile
--- a/net/tor/Makefile  Sun Mar 05 14:43:20 2017 +0000
+++ b/net/tor/Makefile  Sun Mar 05 14:55:15 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.117 2017/01/24 08:59:07 wiz Exp $
+# $NetBSD: Makefile,v 1.118 2017/03/05 14:55:15 wiz Exp $
 
-DISTNAME=              tor-0.2.9.9
+DISTNAME=              tor-0.2.9.10
 CATEGORIES=            net security
 MASTER_SITES=          http://www.torproject.org/dist/
 
diff -r 0939fca563cd -r 972c4cd0a1fc net/tor/distinfo
--- a/net/tor/distinfo  Sun Mar 05 14:43:20 2017 +0000
+++ b/net/tor/distinfo  Sun Mar 05 14:55:15 2017 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.78 2017/01/24 08:59:07 wiz Exp $
+$NetBSD: distinfo,v 1.79 2017/03/05 14:55:15 wiz Exp $
 
-SHA1 (tor-0.2.9.9.tar.gz) = 031bc77666a761ae7bc88cdade8187a3e3758d69
-RMD160 (tor-0.2.9.9.tar.gz) = 2a94b5abb565dc5e508fb6e70a05ea60e53202f3
-SHA512 (tor-0.2.9.9.tar.gz) = cbe7e1f3e503b945f150916b7147cf23d1c32c3660e15aecfe5e2f2baac3a241de665e6ce4e81b81229933eba7f02d4a86e8deeabf2378d40fa83a7036928c9b
-Size (tor-0.2.9.9.tar.gz) = 5534005 bytes
+SHA1 (tor-0.2.9.10.tar.gz) = c3dbf92bab07d0043e3d1959385c0eb110bd2443
+RMD160 (tor-0.2.9.10.tar.gz) = 90b4d7f4cee19f06a7fb63f4f249df52d004e4b8
+SHA512 (tor-0.2.9.10.tar.gz) = c18c4faf18406f04165136f0d70e6bc2896f3f02770beadaab5e7a99441d71b897ae3a14a046eaec99a1bd6d8ad7758b28f7d652588842b77621cdc95d4fb7e1
+Size (tor-0.2.9.10.tar.gz) = 5557586 bytes

Prev by Date: [pkgsrc/trunk]: pkgsrc/doc Updated net/tor to 0.2.9.10
Next by Date: [pkgsrc/trunk]: pkgsrc/doc Updated graphics/p5-PerlMagick to 7.0.5.1
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated net/tor to 0.2.9.10
Next by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated graphics/p5-PerlMagick to 7.0.5.1
Indexes:

Home | Main Index | Thread Index | Old Index