CVS commit: [pkgsrc-2009Q2] pkgsrc/net/tor

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2009Q2] pkgsrc/net/tor
From: Matthias Scheler <tron%netbsd.org@localhost>
Date: Thu, 16 Jul 2009 09:23:44 +0000

Module Name:    pkgsrc
Committed By:   tron
Date:           Thu Jul 16 09:23:44 UTC 2009

Modified Files:
        pkgsrc/net/tor [pkgsrc-2009Q2]: Makefile distinfo

Log Message:
Pullup ticket #2813 - requested by obache
tor: security update

Revisions pulled up:
- net/tor/Makefile              1.64
- net/tor/distinfo              1.35
---
Module Name:    pkgsrc
Committed By:   obache
Date:           Thu Jul  9 11:52:31 UTC 2009

Modified Files:
        pkgsrc/net/tor: Makefile distinfo

Log Message:
Update tor to 0.2.0.35.
maintainer update request via PR 41688.

Changes in version 0.2.0.35 - 2009-06-24
  o Security fix:
    - Avoid crashing in the presence of certain malformed descriptors.
      Found by lark, and by automated fuzzing.
    - Fix an edge case where a malicious exit relay could convince a
      controller that the client's DNS question resolves to an internal IP
      address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.

  o Major bugfixes:
    - Finally fix the bug where dynamic-IP relays disappear when their
      IP address changes: directory mirrors were mistakenly telling
      them their old address if they asked via begin_dir, so they
      never got an accurate answer about their new address, so they
      just vanished after a day. For belt-and-suspenders, relays that
      don't set Address in their config now avoid using begin_dir for
      all direct connections. Should fix bugs 827, 883, and 900.
    - Fix a timing-dependent, allocator-dependent, DNS-related crash bug
      that would occur on some exit nodes when DNS failures and timeouts
      occurred in certain patterns. Fix for bug 957.

  o Minor bugfixes:
    - When starting with a cache over a few days old, do not leak
      memory for the obsolete router descriptors in it. Bugfix on
      0.2.0.33; fixes bug 672.
    - Hidden service clients didn't use a cached service descriptor that
      was older than 15 minutes, but wouldn't fetch a new one either,
      because there was already one in the cache. Now, fetch a v2
      descriptor unless the same descriptor was added to the cache within
      the last 15 minutes. Fixes bug 997; reported by Marcus Griep.


To generate a diff of this commit:
cvs rdiff -u -r1.63 -r1.63.4.1 pkgsrc/net/tor/Makefile
cvs rdiff -u -r1.34 -r1.34.4.1 pkgsrc/net/tor/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: [pkgsrc-2009Q2] pkgsrc/devel/ruby-mocha
Next by Date: CVS commit: [pkgsrc-2009Q2] pkgsrc/doc
Previous by Thread: CVS commit: [pkgsrc-2009Q2] pkgsrc/devel/ruby-mocha
Next by Thread: CVS commit: [pkgsrc-2009Q2] pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index