pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2017Q1]: pkgsrc/net/tor Pullup ticket #5452 - requested by sevan



details:   https://anonhg.NetBSD.org/pkgsrc/rev/57be1797b69b
branches:  pkgsrc-2017Q1
changeset: 360389:57be1797b69b
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Mon May 29 18:42:04 2017 +0000

description:
Pullup ticket #5452 - requested by sevan
net/tor: security fix

Revisions pulled up:
- net/tor/Makefile                                              1.121
- net/tor/distinfo                                              1.81

---
   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Wed May 17 07:13:37 UTC 2017

   Modified Files:
           pkgsrc/net/tor: Makefile distinfo

   Log Message:
   Changes in version 0.3.0.7 - 2017-05-15
     Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions
     of Tor 0.3.0.x, where an attacker could cause a Tor relay process to
     exit. Relays running earlier versions of Tor 0.3.0.x should upgrade;
     clients are not affected.

     o Major bugfixes (hidden service directory, security):
       - Fix an assertion failure in the hidden service directory code,
         which could be used by an attacker to remotely cause a Tor relay
         process to exit. Relays running earlier versions of Tor 0.3.0.x
         should upgrade. This security issue is tracked as TROVE-2017-002.
         Fixes bug 22246; bugfix on 0.3.0.1-alpha.

     o Minor features:
       - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
         Country database.

     o Minor features (future-proofing):
       - Tor no longer refuses to download microdescriptors or descriptors
         if they are listed as "published in the future". This change will
         eventually allow us to stop listing meaningful "published" dates
         in microdescriptor consensuses, and thereby allow us to reduce the
         resources required to download consensus diffs by over 50%.
         Implements part of ticket 21642; implements part of proposal 275.

     o Minor bugfixes (Linux seccomp2 sandbox):
       - The getpid() system call is now permitted under the Linux seccomp2
         sandbox, to avoid crashing with versions of OpenSSL (and other
         libraries) that attempt to learn the process's PID by using the
         syscall rather than the VDSO code. Fixes bug 21943; bugfix
         on 0.2.5.1-alpha.

diffstat:

 net/tor/Makefile |   7 +++++--
 net/tor/distinfo |  10 +++++-----
 2 files changed, 10 insertions(+), 7 deletions(-)

diffs (37 lines):

diff -r 8c3c996b646f -r 57be1797b69b net/tor/Makefile
--- a/net/tor/Makefile  Mon May 29 18:37:28 2017 +0000
+++ b/net/tor/Makefile  Mon May 29 18:42:04 2017 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.118.2.1 2017/05/06 15:11:39 bsiegert Exp $
+# $NetBSD: Makefile,v 1.118.2.2 2017/05/29 18:42:04 bsiegert Exp $
 
-DISTNAME=              tor-0.3.0.6
+DISTNAME=              tor-0.3.0.7
 CATEGORIES=            net security
 MASTER_SITES=          http://www.torproject.org/dist/
 
@@ -41,6 +41,9 @@
 CONF_FILES+=           ${PREFIX}/share/examples/tor/torrc.sample       \
                                ${PKG_SYSCONFDIR}/torrc
 
+PRINT_PLIST_AWK+=      /^man\/man/ { $$0 = "$${PLIST.doc}" $$0 }
+PRINT_PLIST_AWK+=      /^share\/doc/ { $$0 = "$${PLIST.doc}" $$0 }
+
 FILES_SUBST+=          PKG_HOME=${PKG_HOME.${TOR_USER}}
 FILES_SUBST+=          TOR_USER=${TOR_USER} TOR_GROUP=${TOR_GROUP}
 
diff -r 8c3c996b646f -r 57be1797b69b net/tor/distinfo
--- a/net/tor/distinfo  Mon May 29 18:37:28 2017 +0000
+++ b/net/tor/distinfo  Mon May 29 18:42:04 2017 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.79.2.1 2017/05/06 15:11:39 bsiegert Exp $
+$NetBSD: distinfo,v 1.79.2.2 2017/05/29 18:42:04 bsiegert Exp $
 
-SHA1 (tor-0.3.0.6.tar.gz) = f336546a9a8d561735d1e7fdb669cedb0839d6ba
-RMD160 (tor-0.3.0.6.tar.gz) = 2cf502b8be630e8e6dbf2cdebb6fe960ab95d663
-SHA512 (tor-0.3.0.6.tar.gz) = 33983f8c0a32fc32e5586cb1da9a99c93b0502eecfb9db289723b275543ea01168cf1dd335e4c1c42ccf7991dd1d584286e764c1881f7d6ece928bbd109781cc
-Size (tor-0.3.0.6.tar.gz) = 5779422 bytes
+SHA1 (tor-0.3.0.7.tar.gz) = a8c52e943f05761a9687ee84aff1c3a9c9bf3c33
+RMD160 (tor-0.3.0.7.tar.gz) = 40e17ff81474e2eae6ea60cfb601c62763cb1e3c
+SHA512 (tor-0.3.0.7.tar.gz) = f6538e6d8dd444d2eb01f0cce48ec51a0e9ab533027d8941f1577f31136782685a4e317ff62bf21dfb52666df8d04f5dc996c5a0ceadccb2ba4fd91653989ccd
+Size (tor-0.3.0.7.tar.gz) = 5793734 bytes



Home | Main Index | Thread Index | Old Index