CVS commit: pkgsrc/net/tor

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/net/tor
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Mon, 3 Jul 2017 22:20:37 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Mon Jul  3 22:20:37 UTC 2017

Modified Files:
        pkgsrc/net/tor: Makefile distinfo

Log Message:
Updated tor to 0.3.0.9.

Changes in version 0.3.0.9 - 2017-06-29
  Tor 0.3.0.9 fixes a path selection bug that would allow a client
  to use a guard that was in the same network family as a chosen exit
  relay. This is a security regression; all clients running earlier
  versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or
  0.3.1.4-alpha.

  This release also backports several other bugfixes from the 0.3.1.x
  series.

  o Major bugfixes (path selection, security, backport from 0.3.1.4-alpha):
    - When choosing which guard to use for a circuit, avoid the exit's
      family along with the exit itself. Previously, the new guard
      selection logic avoided the exit, but did not consider its family.
      Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2016-
      006 and CVE-2017-0377.

  o Major bugfixes (entry guards, backport from 0.3.1.1-alpha):
    - Don't block bootstrapping when a primary bridge is offline and we
      can't get its descriptor. Fixes bug 22325; fixes one case of bug
      21969; bugfix on 0.3.0.3-alpha.

  o Major bugfixes (entry guards, backport from 0.3.1.4-alpha):
    - When starting with an old consensus, do not add new entry guards
      unless the consensus is "reasonably live" (under 1 day old). Fixes
      one root cause of bug 22400; bugfix on 0.3.0.1-alpha.

  o Minor features (geoip):
    - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (voting consistency, backport from 0.3.1.1-alpha):
    - Reject version numbers with non-numeric prefixes (such as +, -, or
      whitespace). Disallowing whitespace prevents differential version
      parsing between POSIX-based and Windows platforms. Fixes bug 21507
      and part of 21508; bugfix on 0.0.8pre1.

  o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.4-alpha):
    - Permit the fchmod system call, to avoid crashing on startup when
      starting with the seccomp2 sandbox and an unexpected set of
      permissions on the data directory or its contents. Fixes bug
      22516; bugfix on 0.2.5.4-alpha.

  o Minor bugfixes (defensive programming, backport from 0.3.1.4-alpha):
    - Fix a memset() off the end of an array when packing cells. This
      bug should be harmless in practice, since the corrupted bytes are
      still in the same structure, and are always padding bytes,
      ignored, or immediately overwritten, depending on compiler
      behavior. Nevertheless, because the memset()'s purpose is to make
      sure that any other cell-handling bugs can't expose bytes to the
      network, we need to fix it. Fixes bug 22737; bugfix on
      0.2.4.11-alpha. Fixes CID 1401591.


To generate a diff of this commit:
cvs rdiff -u -r1.122 -r1.123 pkgsrc/net/tor/Makefile
cvs rdiff -u -r1.82 -r1.83 pkgsrc/net/tor/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/tor/Makefile
diff -u pkgsrc/net/tor/Makefile:1.122 pkgsrc/net/tor/Makefile:1.123
--- pkgsrc/net/tor/Makefile:1.122       Wed Jun 14 16:16:04 2017
+++ pkgsrc/net/tor/Makefile     Mon Jul  3 22:20:37 2017
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.122 2017/06/14 16:16:04 wiz Exp $
+# $NetBSD: Makefile,v 1.123 2017/07/03 22:20:37 wiz Exp $
 
-DISTNAME=              tor-0.3.0.8
+DISTNAME=              tor-0.3.0.9
 CATEGORIES=            net security
 MASTER_SITES=          http://www.torproject.org/dist/
 

Index: pkgsrc/net/tor/distinfo
diff -u pkgsrc/net/tor/distinfo:1.82 pkgsrc/net/tor/distinfo:1.83
--- pkgsrc/net/tor/distinfo:1.82        Wed Jun 14 16:16:04 2017
+++ pkgsrc/net/tor/distinfo     Mon Jul  3 22:20:37 2017
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.82 2017/06/14 16:16:04 wiz Exp $
+$NetBSD: distinfo,v 1.83 2017/07/03 22:20:37 wiz Exp $
 
-SHA1 (tor-0.3.0.8.tar.gz) = c5e117ad3cc703cb870b7b8a147d6301ace235a7
-RMD160 (tor-0.3.0.8.tar.gz) = b71e3dc016eb43fa85d483a0893122e19df924a7
-SHA512 (tor-0.3.0.8.tar.gz) = 93267e51578266f6f6eea57e7fcd7ec5f8fbeb2e880675956724a0b1c1dfe1826945aaba4ca3075b577505d0ce70fd7def2f2a9e06af78f52190e15a7aad2ee1
-Size (tor-0.3.0.8.tar.gz) = 5796845 bytes
+SHA1 (tor-0.3.0.9.tar.gz) = 48c6d037d030056256ba6dd8adcc1142613d05d0
+RMD160 (tor-0.3.0.9.tar.gz) = 3f1823f84caf4e738bbe9b6369d198c29a511e46
+SHA512 (tor-0.3.0.9.tar.gz) = 19b662840ee0c6aaba04c6db7f172def070d0773553f90bc3d1f210266bbcb572b3dd1f383359e36583103235a85a0a4052cf7299a534fde137bee41376ffa02
+Size (tor-0.3.0.9.tar.gz) = 5811303 bytes

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index