pkgsrc-WIP-changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

tordev: update to

Module Name:	pkgsrc-wip
Committed By:	Thomas Klausner <>
Pushed By:	wiz
Date:		Mon Jun 14 20:10:35 2021 +0200
Changeset:	38148a88d6652ceb942ce12ae0b9f4666493975d

Modified Files:

Log Message:
tordev: update to

Changes in version - 2021-06-14
  Tor is the first stable release in its series. The 0.4.6.x
  series includes numerous features and bugfixes, including a significant
  improvement to our circuit timeout algorithm that should improve
  observed client performance, and a way for relays to report when they are

  This release also includes security fixes for several security issues,
  including a denial-of-service attack against onion service clients,
  and another denial-of-service attack against relays. Everybody should
  upgrade to one of,,, or

  Below are the changes since For a complete list of changes
  since, see the ReleaseNotes file.

  o Major bugfixes (security):
    - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
      half-closed streams. Previously, clients failed to validate which
      hop sent these cells: this would allow a relay on a circuit to end
      a stream that wasn't actually built with it. Fixes bug 40389;
      bugfix on This issue is also tracked as TROVE-2021-
      003 and CVE-2021-34548.

  o Major bugfixes (security, defense-in-depth):
    - Detect more failure conditions from the OpenSSL RNG code.
      Previously, we would detect errors from a missing RNG
      implementation, but not failures from the RNG code itself.
      Fortunately, it appears those failures do not happen in practice
      when Tor is using OpenSSL's default RNG implementation. Fixes bug
      40390; bugfix on This issue is also tracked as
      TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.

  o Major bugfixes (security, denial of service):
    - Resist a hashtable-based CPU denial-of-service attack against
      relays. Previously we used a naive unkeyed hash function to look
      up circuits in a circuitmux object. An attacker could exploit this
      to construct circuits with chosen circuit IDs, to create
      collisions and make the hash table inefficient. Now we use a
      SipHash construction here instead. Fixes bug 40391; bugfix on This issue is also tracked as TROVE-2021-005 and
      CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
    - Fix an out-of-bounds memory access in v3 onion service descriptor
      parsing. An attacker could exploit this bug by crafting an onion
      service descriptor that would crash any client that tried to visit
      it. Fixes bug 40392; bugfix on This issue is also
      tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
      Glazunov from Google's Project Zero.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2021/06/10.

  o Minor features (logging, diagnostic):
    - Log decompression failures at a higher severity level, since they
      can help provide missing context for other warning messages. We
      rate-limit these messages, to avoid flooding the logs if they
      begin to occur frequently. Closes ticket 40175.

To see a diff of this commit:;a=commitdiff;h=38148a88d6652ceb942ce12ae0b9f4666493975d

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

 tor-dev/Makefile | 2 +-
 tor-dev/distinfo | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/tor-dev/Makefile b/tor-dev/Makefile
index 4f2dfdef52..31777493cf 100644
--- a/tor-dev/Makefile
+++ b/tor-dev/Makefile
@@ -1,6 +1,6 @@
 # $NetBSD$
 PKGNAME=	${DISTNAME:S/tor/tordev/:S/-alpha//:S/-rc/rc0/}
 CATEGORIES=	net security
diff --git a/tor-dev/distinfo b/tor-dev/distinfo
index 20b48234f5..d35b1f288b 100644
--- a/tor-dev/distinfo
+++ b/tor-dev/distinfo
@@ -1,8 +1,8 @@
-SHA1 (tor- = 08575b1e479c2b234b6ac41936a52dd223428aa8
-RMD160 (tor- = 9f67ce6d2a8d308c879836a2284c9d0a4fcf3590
-SHA512 (tor- = 87deaa1f7b9cb2d1a5c75db18f95bfa85b3974f407188b436fe71f82467c2bc9e072e81da386be1ae9c2e07459684fb97705dd72089efaee853cf926c19082a3
-Size (tor- = 7735733 bytes
+SHA1 (tor- = 49bfc6faa704302e41cd2f577a9feedae1370db5
+RMD160 (tor- = e773423c05ea9557c109a85cdee15b731ce4340b
+SHA512 (tor- = 62bcd8d446199cdd397a688d454730a057ef20be4152e6d0632f64df27c993c70be0dbde0a2e7679a8a20850371a503b8daf777296d555760d8aae3286e48050
+Size (tor- = 7754823 bytes
 SHA1 ( = c190295f4702bd1e69531cab1ac61dbab451e48b
 SHA1 (patch-src_app_config_config.c) = bac106e382207cdf22c84a52b45c791de2bdf0f8

Home | Main Index | Thread Index | Old Index