CVS commit: pkgsrc/net/tor

["Thomas Klausner" <wiz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   wiz
Date:           Thu May  7 06:16:44 UTC 2026

Modified Files:
        pkgsrc/net/tor: Makefile distinfo

Log Message:
tor: update to 0.4.8.24.

Changes in version 0.4.8.24 - 2026-05-06
  This is a security release fixing several major bugfixes that were reported
  in the past weeks. Huge thanks to everyone that reported these issues! We
  strongly recommend upgrading as soon as possible.

  o Major bugfixes (cell handling):
    - Fix out-of-bounds read (OOB) when END, TRUNCATE and TRUNCATED cell
      have no reason in their payload. TROVE-2026-011. Found by Brian
      Carpenter (geeknik). Fixes bug 41254; bugfix on 0.1.1.1-alpha.

  o Major bugfixes (conflux):
    - Do not attempt or accept BEGIN_DIR via conflux legs. TROVE-2026-
      008. Credit to Anas Cherni from Calif.io in collaboration with
      Claude and Anthropic Research. Fixes bug 41243; bugfix
      on 0.4.8.1-alpha.

  o Major bugfixes (conflux, relay):
    - Adjust conflux out-of-order queue accounting when clearing a
      queue. TROVE-2026-010. Found by aptupdate. Fixes bug 41251; bugfix
      on 0.4.8.1-alpha.

  o Major bugfixes (pathbias):
    - Fix a client-side crash caused by double-close of a circuit while
      under circuit queue memory pressure. TROVE-2026-009. Found by
      cypherpunks. Fixes bug 41237; bugfix on 0.3.3.6-rc.

  o Major bugfixes (relay):
    - Fix null pointer dereference when receiving a CERT cell out of
      order. TROVE-2026-006. Found by Fwame. Fixes bug 41240; bugfix
      on 0.2.4.4-alpha.

  o Major bugfixes (relay, onion service):
    - Fix off-by-one out-of-bounds read if a malformed BEGIN cell is
      received. TROVE-2026-007. Found by Flanagan. Fixes bug 41245;
      bugfix on 0.2.4.7-alpha.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on May 06, 2026.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2026/05/06.


To generate a diff of this commit:
cvs rdiff -u -r1.196 -r1.197 pkgsrc/net/tor/Makefile
cvs rdiff -u -r1.140 -r1.141 pkgsrc/net/tor/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/tor/Makefile
diff -u pkgsrc/net/tor/Makefile:1.196 pkgsrc/net/tor/Makefile:1.197
--- pkgsrc/net/tor/Makefile:1.196       Thu Apr 16 13:12:33 2026
+++ pkgsrc/net/tor/Makefile     Thu May  7 06:16:44 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.196 2026/04/16 13:12:33 adam Exp $
+# $NetBSD: Makefile,v 1.197 2026/05/07 06:16:44 wiz Exp $
 
-DISTNAME=      tor-0.4.8.23
+DISTNAME=      tor-0.4.8.24
 CATEGORIES=    net security
 MASTER_SITES=  https://dist.torproject.org/
 

Index: pkgsrc/net/tor/distinfo
diff -u pkgsrc/net/tor/distinfo:1.140 pkgsrc/net/tor/distinfo:1.141
--- pkgsrc/net/tor/distinfo:1.140       Thu Apr 16 13:12:33 2026
+++ pkgsrc/net/tor/distinfo     Thu May  7 06:16:44 2026
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.140 2026/04/16 13:12:33 adam Exp $
+$NetBSD: distinfo,v 1.141 2026/05/07 06:16:44 wiz Exp $
 
-BLAKE2s (tor-0.4.8.23.tar.gz) = f00ed9ce44acd42d0af6df42c426ef87b4997e78b76269687c4e2925130baafe
-SHA512 (tor-0.4.8.23.tar.gz) = bd6efac5c331485fb9cdb0c8947dee6f60b5fe9dac641ef96bfdb336558fd588c9f03c6d3b0a29a484aba3df28b726ccc7f2892d6f8ae1707cd99001c34a4eb5
-Size (tor-0.4.8.23.tar.gz) = 10688085 bytes
+BLAKE2s (tor-0.4.8.24.tar.gz) = dfcff2f078a0058164aa8a4799be409a2d687cef58eb2ea9ec5fadb94b446cb4
+SHA512 (tor-0.4.8.24.tar.gz) = 296c27ba4600462ef97a0317cf1832c67fbcf7384a74fbeee1569e3862549b81c918e82c78d2eac3be0a9aee4abc166a03d5abed03f746ed22a0c372516c26e9
+Size (tor-0.4.8.24.tar.gz) = 10852018 bytes