Update wip/tor-dev to version 0.4.0.2-alpha.

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: Update wip/tor-dev to version 0.4.0.2-alpha.
From: Alexander Nasonov <alnsn%yandex.ru@localhost>
Date: Fri, 22 Feb 2019 22:38:14 +0000
Module Name:	pkgsrc-wip
Committed By:	Alexander Nasonov <alnsn%yandex.ru@localhost>
Pushed By:	alnsn
Date:		Fri Feb 22 22:38:14 2019 +0000
Changeset:	39d47db02d2dbb29b7d27bcc37ba17f936cb1f9d

Modified Files:
	tor-dev/Makefile
	tor-dev/distinfo

Log Message:
Update wip/tor-dev to version 0.4.0.2-alpha.

Notable changes in version 0.4.0.2-alpha - 2019-02-21
  Tor 0.4.0.2-alpha is the second alpha in its series; it fixes several
  bugs from earlier versions, including several that had broken
  backward compatibility.

  It also includes a fix for a medium-severity security bug affecting Tor
  0.3.2.1-alpha and later. All Tor instances running an affected release
  should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.

  o Major bugfixes (cell scheduler, KIST, security):
    - Make KIST consider the outbuf length when computing what it can
      put in the outbuf. Previously, KIST acted as though the outbuf
      were empty, which could lead to the outbuf becoming too full. It
      is possible that an attacker could exploit this bug to cause a Tor
      client or relay to run out of memory and crash. Fixes bug 29168;
      bugfix on 0.3.2.1-alpha. This issue is also being tracked as
      TROVE-2019-001 and CVE-2019-8955.

  o Major bugfixes (networking):
    - Gracefully handle empty username/password fields in SOCKS5
      username/password auth messsage and allow SOCKS5 handshake to
      continue. Previously, we had rejected these handshakes, breaking
      certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.

  o Major bugfixes (windows, startup):
    - When reading a consensus file from disk, detect whether it was
      written in text mode, and re-read it in text mode if so. Always
      write consensus files in binary mode so that we can map them into
      memory later. Previously, we had written in text mode, which
      confused us when we tried to map the file on windows. Fixes bug
      28614; bugfix on 0.4.0.1-alpha.

  o Minor features (compilation):
    - Compile correctly when OpenSSL is built with engine support
      disabled, or with deprecated APIs disabled. Closes ticket 29026.
      Patches from "Mangix".

  o Minor features (directory authority):
    - When a directory authority is using a bandwidth file to obtain
      bandwidth values, include the digest of that file in the vote.
      Closes ticket 26698.

  o Minor features (geoip):
    - Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2
      Country database. Closes ticket 29478.

  o Minor bugfixes (compilation):
    - Fix compilation warnings in test_circuitpadding.c. Fixes bug
      29169; bugfix on 0.4.0.1-alpha.
    - Silence a compiler warning in test-memwipe.c on OpenBSD. Fixes bug
      29145; bugfix on 0.2.9.3-alpha. Patch from Kris Katterjohn.

  o Minor bugfixes (documentation):
    - Describe the contents of the v3 onion service client authorization
      files correctly: They hold public keys, not private keys. Fixes
      bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".

  o Minor bugfixes (linux seccomp sandbox):
    - Fix startup crash when experimental sandbox support is enabled.
      Fixes bug 29150; bugfix on 0.4.0.1-alpha. Patch by Peter Gerber.

  o Minor bugfixes (logging):
    - Avoid logging that we are relaxing a circuit timeout when that
      timeout is fixed. Fixes bug 28698; bugfix on 0.2.4.7-alpha.
    - Log more information at "warning" level when unable to read a
      private key; log more information at "info" level when unable to
      read a public key. We had warnings here before, but they were lost
      during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.

  o Minor bugfixes (misc):
    - The amount of total available physical memory is now determined
      using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM)
      when it is defined and a 64-bit variant is not available. Fixes
      bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.

  o Minor bugfixes (onion services):
    - Avoid crashing if ClientOnionAuthDir (incorrectly) contains more
      than one private key for a hidden service. Fixes bug 29040; bugfix
      on 0.3.5.1-alpha.
    - In hs_cache_store_as_client() log an HSDesc we failed to parse at
      "debug" level. Tor used to log it as a warning, which caused very
      long log lines to appear for some users. Fixes bug 29135; bugfix
      on 0.3.2.1-alpha.
    - Stop logging "Tried to establish rendezvous on non-OR circuit..."
      as a warning. Instead, log it as a protocol warning, because there
      is nothing that relay operators can do to fix it. Fixes bug 29029;
      bugfix on 0.2.5.7-rc.

  o Minor bugfixes (scheduler):
    - When re-adding channels to the pending list, check the correct
      channel's sched_heap_idx. This issue has had no effect in mainline
      Tor, but could have led to bugs down the road in improved versions
      of our circuit scheduling code. Fixes bug 29508; bugfix
      on 0.3.2.10.

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=39d47db02d2dbb29b7d27bcc37ba17f936cb1f9d

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 tor-dev/Makefile | 2 +-
 tor-dev/distinfo | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diffs:
diff --git a/tor-dev/Makefile b/tor-dev/Makefile
index 0b94d96930..379c07b0d5 100644
--- a/tor-dev/Makefile
+++ b/tor-dev/Makefile
@@ -1,6 +1,6 @@
 # $NetBSD$
 
-DISTNAME=	tor-0.4.0.1-alpha
+DISTNAME=	tor-0.4.0.2-alpha
 PKGNAME=	${DISTNAME:S/tor/tordev/:S/-alpha//:S/-rc/rc0/}
 CATEGORIES=	net security
 MASTER_SITES=	http://www.torproject.org/dist/
diff --git a/tor-dev/distinfo b/tor-dev/distinfo
index b522dafa8a..d4180b1d57 100644
--- a/tor-dev/distinfo
+++ b/tor-dev/distinfo
@@ -1,8 +1,8 @@
 $NetBSD$
 
-SHA1 (tor-0.4.0.1-alpha.tar.gz) = 8ef0a68a6dbdfc5d878ac52e2534cfd8a5dc2d18
-RMD160 (tor-0.4.0.1-alpha.tar.gz) = f680570e89c3dbe183754aea8255eccb474bd3de
-SHA512 (tor-0.4.0.1-alpha.tar.gz) = 4c09837316921d170a8866116bbbd31603fd312e0e2282abcf13e52a656141d22e3d0dd91185c0429cf9ae080d06bd100f747d18795b1b606aec7178c19f5bac
-Size (tor-0.4.0.1-alpha.tar.gz) = 7087989 bytes
+SHA1 (tor-0.4.0.2-alpha.tar.gz) = 3a80fce946e2b2da1dcfb0718f266218c1190313
+RMD160 (tor-0.4.0.2-alpha.tar.gz) = ee9222a5829aecf200b3bf8235034ba3889f0a40
+SHA512 (tor-0.4.0.2-alpha.tar.gz) = a69301e1f337c466e6fc064ff8d581d5328c84532fe902720252f3b055079b5dfb203489d1684b2e9055c737b17ad8ebdfaf96e4d0f7fdd83514ffbce22745f0
+Size (tor-0.4.0.2-alpha.tar.gz) = 7156129 bytes
 SHA1 (patch-Makefile.in) = c190295f4702bd1e69531cab1ac61dbab451e48b
 SHA1 (patch-src_app_config_config.c) = bac106e382207cdf22c84a52b45c791de2bdf0f8
Prev by Date: swi-prolog*: Improve wording
Next by Date: gnunet: remove gmake (git builds without gmake), fix libextractor bl3
Previous by Thread: swi-prolog*: Improve wording
Next by Thread: gnunet: remove gmake (git builds without gmake), fix libextractor bl3
Indexes:
Home | Main Index | Thread Index | Old Index