pkg/49823: Maintainer update: net/tor to 0.2.5.12 (security fix)

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/49823: Maintainer update: net/tor to 0.2.5.12 (security fix)
From: reezer%reezer.org@localhost
Date: Tue, 7 Apr 2015 18:25:00 +0000 (UTC)

>Number:         49823
>Category:       pkg
>Synopsis:       Maintainer update: net/tor to 0.2.5.12 (security fix)
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue Apr 07 18:25:00 +0000 2015
>Originator:     Christian Sturm
>Release:        
>Organization:
>Environment:
>Description:
This patch updates net/tor to 0.2.5.11 to 0.2.5.12. It fixes a security vulnerability so it should be pulled up into the pkgsrc stable branch once committed to the tree.

Changes in version 0.2.5.12 - 2015-04-06
  Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that
  could be used by an attacker to crash hidden services, or crash clients
  visiting hidden services. Hidden services should upgrade as soon as
  possible; clients should upgrade whenever packages become available.

  This release also backports a simple improvement to make hidden
  services a bit less vulnerable to denial-of-service attacks.

  o Major bugfixes (security, hidden service):
    - Fix an issue that would allow a malicious client to trigger an
      assertion failure and halt a hidden service. Fixes bug 15600;
      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
    - Fix a bug that could cause a client to crash with an assertion
      failure when parsing a malformed hidden service descriptor. Fixes
      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".

  o Minor features (DoS-resistance, hidden service):
    - Introduction points no longer allow multiple INTRODUCE1 cells to
      arrive on the same circuit. This should make it more expensive for
      attackers to overwhelm hidden services with introductions.
      Resolves ticket 15515.
>How-To-Repeat:

>Fix:
begin 644 tor-0.2.5.12.patch.gz
M'XL("!<@)%4``W1O<BTP+C(N-2XQ,BYP871C:`"]D<M*Q#`40-?V*[)4L&UN
M;EX51Q!'<!;CPO$'\KI#45IIRZ#S]79\,..C*\%`""'DY!RR:&)Z/F-+]Y"H
M?DS9[.\CN[M:L1WLC)5ATW=M.Y1/#^N^"V63AG)HN_+SN=--UJ6AJ].F;M:L
M&Y>^;AL&!7#(8DW$\NYMLQ?$@-DYFR]6][>7R^O9T='(RWDA"E4`9'F>9Q<3
MIR);O,?&NA_JAMI_BOU\;C)6BWVK%GL]/%5AG&/NZN82V/%A:3&XKEAO3]B,
M(1@K$T$P24KT/#EGK$K.5E`99R.*Z$R%>N3<+>>@^21)DHCD`1`$::<J`3+:
MH)Q4P9J@HX@<R7B[,ZJW:=H(@:/BS+\,J?_XDQ\)XN""4#KI:$PT(`5W`IPV
MWCMA.$FD0*@T68-FY/R2<$BR23MOM>:!!XMH947$G;/>DY0QD."529C\SNA[
1@OB:,*K@1\(KW'VNR28#````
`
end

Prev by Date: Re: PR/49689 CVS commit: pkgsrc/multimedia/gmplayer
Next by Date: Re: PR/49689 CVS commit: pkgsrc/multimedia/gmplayer
Previous by Thread: pkg/49820: Update mail/msmtp to 1.6.1
Next by Thread: PR/49770 CVS commit: pkgsrc/archivers/gsharutils
Indexes:

Home | Main Index | Thread Index | Old Index