pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2020Q4] pkgsrc/net/tor



Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Thu Feb  4 15:35:11 UTC 2021

Modified Files:
        pkgsrc/net/tor [pkgsrc-2020Q4]: Makefile distinfo options.mk

Log Message:
Pullup ticket #6418 - requested by wiz
net/tor: security fix

Revisions pulled up:
- net/tor/Makefile                                              1.159
- net/tor/distinfo                                              1.111
- net/tor/options.mk                                            1.15

---
   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Wed Feb  3 19:55:28 UTC 2021

   Modified Files:
        pkgsrc/net/tor: Makefile distinfo options.mk

   Log Message:
   tor: update to 0.4.4.7.

   Changes in version 0.4.4.7 - 2021-02-03
     Tor 0.4.4.7 backports numerous bugfixes from later releases,
     including one that made v3 onion services more susceptible to
     denial-of-service attacks, and a feature that makes some kinds of
     DoS attacks harder to perform.

     o Major bugfixes (onion service v3, backport from 0.4.5.3-rc):
       - Stop requiring a live consensus for v3 clients and services, and
         allow a "reasonably live" consensus instead. This allows v3 onion
         services to work even if the authorities fail to generate a
         consensus for more than 2 hours in a row. Fixes bug 40237; bugfix
         on 0.3.5.1-alpha.

     o Major feature (exit, backport from 0.4.5.5-rc):
       - Re-entry into the network is now denied at the Exit level to all
         relays' ORPorts and authorities' ORPorts and DirPorts. This change
         should help mitgate a set of denial-of-service attacks. Closes
         ticket 2667.

     o Minor feature (build system, backport from 0.4.5.4-rc):
       - New "make lsp" command to generate the compile_commands.json file
         used by the ccls language server. The "bear" program is needed for
         this. Closes ticket 40227.

     o Minor features (compilation, backport from 0.4.5.2-rc):
       - Disable deprecation warnings when building with OpenSSL 3.0.0 or
         later. There are a number of APIs newly deprecated in OpenSSL
         3.0.0 that Tor still requires. (A later version of Tor will try to
         stop depending on these APIs.) Closes ticket 40165.

     o Minor features (crypto, backport from 0.4.5.3-rc):
       - Fix undefined behavior on our Keccak library. The bug only
         appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel)
         and would result in wrong digests. Fixes bug 40210; bugfix on
         0.2.8.1-alpha. Thanks to Bernhard ?belacker, Arnd Bergmann and
         weasel for diagnosing this.

     o Minor bugfixes (compatibility, backport from 0.4.5.1-rc):
       - Strip '\r' characters when reading text files on Unix platforms.
         This should resolve an issue where a relay operator migrates a
         relay from Windows to Unix, but does not change the line ending of
         Tor's various state files to match the platform, and the CRLF line
         endings from Windows end up leaking into other files such as the
         extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5.

     o Minor bugfixes (compilation, backport from 0.4.5.3-rc):
       - Fix a compilation warning about unreachable fallthrough
         annotations when building with "--enable-all-bugs-are-fatal" on
         some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha.

     o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc):
       - Handle partial SOCKS5 messages correctly. Previously, our code
         would send an incorrect error message if it got a SOCKS5 request
         that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha.

     o Minor bugfixes (testing, backport from 0.4.5.2-alpha):
       - Fix the `config/parse_tcp_proxy_line` test so that it works
         correctly on systems where the DNS provider hijacks invalid
         queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha.
       - Fix our Python reference-implementation for the v3 onion service
         handshake so that it works correctly with the version of hashlib
         provided by Python 3.9. Fixes part of bug 40179; bugfix
         on 0.3.1.6-rc.
       - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL
         3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha.


To generate a diff of this commit:
cvs rdiff -u -r1.158 -r1.158.2.1 pkgsrc/net/tor/Makefile
cvs rdiff -u -r1.110 -r1.110.2.1 pkgsrc/net/tor/distinfo
cvs rdiff -u -r1.14 -r1.14.2.1 pkgsrc/net/tor/options.mk

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/tor/Makefile
diff -u pkgsrc/net/tor/Makefile:1.158 pkgsrc/net/tor/Makefile:1.158.2.1
--- pkgsrc/net/tor/Makefile:1.158       Thu Nov 12 22:56:00 2020
+++ pkgsrc/net/tor/Makefile     Thu Feb  4 15:35:11 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.158 2020/11/12 22:56:00 wiz Exp $
+# $NetBSD: Makefile,v 1.158.2.1 2021/02/04 15:35:11 bsiegert Exp $
 
-DISTNAME=      tor-0.4.4.6
+DISTNAME=      tor-0.4.4.7
 CATEGORIES=    net security
 MASTER_SITES=  https://dist.torproject.org/
 

Index: pkgsrc/net/tor/distinfo
diff -u pkgsrc/net/tor/distinfo:1.110 pkgsrc/net/tor/distinfo:1.110.2.1
--- pkgsrc/net/tor/distinfo:1.110       Thu Nov 12 22:56:00 2020
+++ pkgsrc/net/tor/distinfo     Thu Feb  4 15:35:11 2021
@@ -1,30 +1,6 @@
-$NetBSD: distinfo,v 1.110 2020/11/12 22:56:00 wiz Exp $
+$NetBSD: distinfo,v 1.110.2.1 2021/02/04 15:35:11 bsiegert Exp $
 
-SHA1 (digest-0.7.2.crate) = 5b9c88bbbd10db277eb81489d4fd98222c81f654
-RMD160 (digest-0.7.2.crate) = e1754858a8cc3376e4b1faaa2ab950f5c5a9ff26
-SHA512 (digest-0.7.2.crate) = 8232be4fbc7a77d437933d18423ed6c113abbc84084ceb998fac26413b374266975fd3c00e90131985c800dd0b83ff006dd9e77629d2e6ee19638bd67295ff85
-Size (digest-0.7.2.crate) = 8386 bytes
-SHA1 (generic-array-0.9.0.crate) = 1cd2878b30397e19cd189367dd8a4ea71a14e2ec
-RMD160 (generic-array-0.9.0.crate) = 45975a0df06c24fe628f007f7cd77fc1c8ceb1d9
-SHA512 (generic-array-0.9.0.crate) = e2a00d8856a4231a5c29bae592b2a84b98c70737058104fd67570af1220259994d11cb4506f1a1412f3c8a04576fe2617ef015600f677ecfccc8ff7a07425400
-Size (generic-array-0.9.0.crate) = 10702 bytes
-SHA1 (libc-0.2.39.crate) = 426579d6ce98e82c0531ebff2464582d0aea0567
-RMD160 (libc-0.2.39.crate) = 19f01e69a28f2d606d09eb8a8661e8ddceed782f
-SHA512 (libc-0.2.39.crate) = 4b399306da2f4d85e84db5a0a2212bc784b6ab1fb0d4731b58256e47684b5a244dcad8a12088035985e933ca2880dca5ada7dc822443d1cf474f4e73bbe59aa1
-Size (libc-0.2.39.crate) = 325829 bytes
-SHA1 (rand-0.5.0-pre.2.crate) = e55aa9ab4bb44ac92d40da0d99a64efdb2e33464
-RMD160 (rand-0.5.0-pre.2.crate) = 74a094353fee28574d1ec86b9587ca30701685a0
-SHA512 (rand-0.5.0-pre.2.crate) = 7f7f9c77367c2f6c310ad8f15074b85af615c8c0777a1bcbdd2e56410ea057e932fe20263e747d78e1b940abe02d6ada9e4d66ec743b169eb78895b220f5aa7b
-Size (rand-0.5.0-pre.2.crate) = 132485 bytes
-SHA1 (rand_core-0.2.0-pre.0.crate) = 21ea25e01766a26dbbd71997c5c3f358f3454980
-RMD160 (rand_core-0.2.0-pre.0.crate) = cbd3dc9ad06727ca36c296f4d33ec695e25b7bb9
-SHA512 (rand_core-0.2.0-pre.0.crate) = b14f88e529fe99b7b9774fc8e1233b44192e253a8a27bfc4da1a7ae99104b6b697068bd19faab85df3427e557a5182892f81f481dd89e8eb6921ec390ca752e9
-Size (rand_core-0.2.0-pre.0.crate) = 19211 bytes
-SHA1 (tor-0.4.4.6.tar.gz) = e5bf072a0e3dbc34c346ff721f830c46e9c774b3
-RMD160 (tor-0.4.4.6.tar.gz) = 2806d9a607399fd8162f92d4cee4753c8ad36c3d
-SHA512 (tor-0.4.4.6.tar.gz) = 84f981bed6d8c89d3de437e35dd2ad2ca3ee5efd7ce6b78e3e00bf40f644f495b960a7a741be5dd7ba096d73d5f941974722a44e9d3ef4fbcd02b20274d565fb
-Size (tor-0.4.4.6.tar.gz) = 7806477 bytes
-SHA1 (typenum-1.9.0.crate) = 76b18bc10204c28798cd32d10fd0df349d4cb5e4
-RMD160 (typenum-1.9.0.crate) = 6468f8efe8e91edac71dfd4e28c46581a2f0d457
-SHA512 (typenum-1.9.0.crate) = 8b72af1e370cf9d9308287baf4fc7c6096c4923d1c52fe0313c23c84077d74196aa4d997ecf195842d8242c871b0fd0da111f7914664be1841c97315e3ba6abb
-Size (typenum-1.9.0.crate) = 57747 bytes
+SHA1 (tor-0.4.4.7.tar.gz) = 5e360c61792320e8306db3c5d12ff81780b03104
+RMD160 (tor-0.4.4.7.tar.gz) = 6a9fa849da4229a417c24e52dfe67ec0d8a96614
+SHA512 (tor-0.4.4.7.tar.gz) = 356e9569eb79d81bccba1360d10af7d78f3824d5a4827fc95272a952fc8e5bebdfa9ec99fa82992c025625d6da963c15803acbabd66cd59c587c1e042af16acc
+Size (tor-0.4.4.7.tar.gz) = 7812645 bytes

Index: pkgsrc/net/tor/options.mk
diff -u pkgsrc/net/tor/options.mk:1.14 pkgsrc/net/tor/options.mk:1.14.2.1
--- pkgsrc/net/tor/options.mk:1.14      Mon Nov 16 08:25:40 2020
+++ pkgsrc/net/tor/options.mk   Thu Feb  4 15:35:11 2021
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.14 2020/11/16 08:25:40 wiz Exp $
+# $NetBSD: options.mk,v 1.14.2.1 2021/02/04 15:35:11 bsiegert Exp $
 
 PKG_OPTIONS_VAR=       PKG_OPTIONS.tor
 PKG_SUPPORTED_OPTIONS= doc # rust
@@ -26,27 +26,27 @@ CONFIGURE_ARGS+=    --disable-asciidoc
 ### XXX:
 ### As of 0.4.4.6 I am not sure how this is supposed to work.
 ### https://gitlab.torproject.org/tpo/core/tor/-/issues/40191
-.if !empty(PKG_OPTIONS:Mrust)
-CONFIGURE_ENV+=                TOR_RUST_DEPENDENCIES=${WRKDIR}/vendor
-CONFIGURE_ARGS+=       --enable-rust
-CARGO_CRATE_DEPENDS+=  digest-0.7.2
-CARGO_CRATE_DEPENDS+=  generic-array-0.9.0
-CARGO_CRATE_DEPENDS+=  libc-0.2.39
-CARGO_CRATE_DEPENDS+=  rand-0.5.0-pre.2
-CARGO_CRATE_DEPENDS+=  rand_core-0.2.0-pre.0
-CARGO_CRATE_DEPENDS+=  typenum-1.9.0
-
-RUST_REQ=      1.34.0
-.include "../../lang/rust/cargo.mk"
-
-pre-configure:
-       cd ${WRKSRC} && ${MKDIR} -p src/rust/target/release
-
-.PHONY: show-tor-cargo-depends
-# \todo: Maybe we should add a path option to show-cargo-depends.
-show-tor-cargo-depends:
-       ${RUN}${AWK} '/^\"checksum/ { print "CARGO_CRATE_DEPENDS+=\t" $$2 "-" $$3""; next } ' ${WRKSRC}/src/rust/Cargo.lock
+#.if !empty(PKG_OPTIONS:Mrust)
+#CONFIGURE_ENV+=       TOR_RUST_DEPENDENCIES=${WRKDIR}/vendor
+#CONFIGURE_ARGS+=      --enable-rust
+#CARGO_CRATE_DEPENDS+= digest-0.7.2
+#CARGO_CRATE_DEPENDS+= generic-array-0.9.0
+#CARGO_CRATE_DEPENDS+= libc-0.2.39
+#CARGO_CRATE_DEPENDS+= rand-0.5.0-pre.2
+#CARGO_CRATE_DEPENDS+= rand_core-0.2.0-pre.0
+#CARGO_CRATE_DEPENDS+= typenum-1.9.0
+
+#RUST_REQ=     1.34.0
+#.include "../../lang/rust/cargo.mk"
+
+#pre-configure:
+#      cd ${WRKSRC} && ${MKDIR} -p src/rust/target/release
+
+#.PHONY: show-tor-cargo-depends
+## \todo: Maybe we should add a path option to show-cargo-depends.
+#show-tor-cargo-depends:
+#      ${RUN}${AWK} '/^\"checksum/ { print "CARGO_CRATE_DEPENDS+=\t" $$2 "-" $$3""; next } ' ${WRKSRC}/src/rust/Cargo.lock
 
-.else
+#.else
 CONFIGURE_ARGS+=       --disable-rust
-.endif
+#.endif



Home | Main Index | Thread Index | Old Index