[pkgsrc/pkgsrc-2015Q1]: pkgsrc/net/tor Pullup ticket #4657 - requested by wiz

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/19b66249665a
branches:  pkgsrc-2015Q1
changeset: 649155:19b66249665a
user:      tron <tron%pkgsrc.org@localhost>
date:      Wed Apr 08 20:53:25 2015 +0000

description:
Pullup ticket #4657 - requested by wiz
net/tor: security update

Revisions pulled up:
- net/tor/Makefile                                              1.102
- net/tor/distinfo                                              1.63

---
   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Wed Apr  8 05:26:02 UTC 2015

   Modified Files:
        pkgsrc/net/tor: Makefile distinfo

   Log Message:
   Update to 0.2.5.12,  from Christian Sturm in PR 49823.

   Changes in version 0.2.5.12 - 2015-04-06
     Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that
     could be used by an attacker to crash hidden services, or crash clients
     visiting hidden services. Hidden services should upgrade as soon as
     possible; clients should upgrade whenever packages become available.

     This release also backports a simple improvement to make hidden
     services a bit less vulnerable to denial-of-service attacks.

     o Major bugfixes (security, hidden service):
       - Fix an issue that would allow a malicious client to trigger an
         assertion failure and halt a hidden service. Fixes bug 15600;
         bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
       - Fix a bug that could cause a client to crash with an assertion
         failure when parsing a malformed hidden service descriptor. Fixes
         bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".

     o Minor features (DoS-resistance, hidden service):
       - Introduction points no longer allow multiple INTRODUCE1 cells to
         arrive on the same circuit. This should make it more expensive for
         attackers to overwhelm hidden services with introductions.
         Resolves ticket 15515.

diffstat:

 net/tor/Makefile |  4 ++--
 net/tor/distinfo |  8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diffs (26 lines):

diff -r bc9daaeddc6d -r 19b66249665a net/tor/Makefile
--- a/net/tor/Makefile  Wed Apr 08 20:46:55 2015 +0000
+++ b/net/tor/Makefile  Wed Apr 08 20:53:25 2015 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.101 2015/03/27 12:41:17 wiz Exp $
+# $NetBSD: Makefile,v 1.101.2.1 2015/04/08 20:53:25 tron Exp $
 
-DISTNAME=              tor-0.2.5.11
+DISTNAME=              tor-0.2.5.12
 CATEGORIES=            net security
 MASTER_SITES=          http://www.torproject.org/dist/
 
diff -r bc9daaeddc6d -r 19b66249665a net/tor/distinfo
--- a/net/tor/distinfo  Wed Apr 08 20:46:55 2015 +0000
+++ b/net/tor/distinfo  Wed Apr 08 20:53:25 2015 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.62 2015/03/27 12:41:17 wiz Exp $
+$NetBSD: distinfo,v 1.62.2.1 2015/04/08 20:53:25 tron Exp $
 
-SHA1 (tor-0.2.5.11.tar.gz) = 31784ef1c7e443b0eaa785ea89197a8d32da7936
-RMD160 (tor-0.2.5.11.tar.gz) = 4f2dfb11312f6a59214d8c5a45c87c6d2d03f7b8
-Size (tor-0.2.5.11.tar.gz) = 3310350 bytes
+SHA1 (tor-0.2.5.12.tar.gz) = 256e6d77d71420a21a67bba270f43fcf356f8737
+RMD160 (tor-0.2.5.12.tar.gz) = 8e6ab8660c0c833849ff0aa8bbf44dcf2097e3eb
+Size (tor-0.2.5.12.tar.gz) = 3311423 bytes
 SHA1 (patch-aa) = ac774cb976e03ff4d38415e78720f2f463c210c8