tordev: update to 0.4.4.3.

[Thomas Klausner <tk%giga.or.at@localhost>]

Module Name:	pkgsrc-wip
Committed By:	Thomas Klausner <tk%giga.or.at@localhost>
Pushed By:	wiz
Date:		Tue Jul 28 07:48:21 2020 +0200
Changeset:	97aa45e2eacb8180240d9d94ed91912d13d09ee8

Modified Files:
	tor-dev/Makefile
	tor-dev/distinfo

Log Message:
tordev: update to 0.4.4.3.

Changes in version 0.4.4.3-alpha - 2020-07-27
  Tor 0.4.4.3-alpha fixes several annoyances in previous versions,
  including one affecting NSS users, and several affecting the Linux
  seccomp2 sandbox.

  o Major features (fallback directory list):
    - Replace the 148 fallback directories originally included in Tor
      0.4.1.4-rc (of which around 105 are still functional) with a list
      of 144 fallbacks generated in July 2020. Closes ticket 40061.

  o Major bugfixes (NSS):
    - When running with NSS enabled, make sure that NSS knows to expect
      nonblocking sockets. Previously, we set our TCP sockets as
      nonblocking, but did not tell NSS, which in turn could lead to
      unexpected blocking behavior. Fixes bug 40035; bugfix
      on 0.3.5.1-alpha.

  o Minor bugfixes (linux seccomp2 sandbox):
    - Fix a regression on sandboxing rules for the openat() syscall. The
      fix for bug 25440 fixed the problem on systems with glibc >= 2.27
      but broke with versions of glibc. We now choose a rule based on
      the glibc version. Patch from Daniel Pinto. Fixes bug 27315;
      bugfix on 0.3.5.11.
    - Makes the seccomp sandbox allow the correct syscall for opendir
      according to the running glibc version. This fixes crashes when
      reloading torrc with sandbox enabled when running on glibc 2.15 to
      2.21 and 2.26. Patch from Daniel Pinto. Fixes bug 40020; bugfix
      on 0.3.5.11.

  o Minor bugfixes (relay, usability):
    - Adjust the rules for when to warn about having too many
      connections to other relays. Previously we'd tolerate up to 1.5
      connections per relay on average. Now we tolerate more connections
      for directory authorities, and raise the number of total
      connections we need to see before we warn. Fixes bug 33880; bugfix
      on 0.3.1.1-alpha.

  o Documentation:
    - Replace most http:// URLs in our code and documentation with
      https:// URLs. (We have left unchanged the code in src/ext/, and
      the text in LICENSE.) Closes ticket 31812. Patch from Jeremy Rand.

  o Removed features:
    - Our "check-local" test target no longer tries to use the
      Coccinelle semantic patching tool parse all the C files. While it
      is a good idea to try to make sure Coccinelle works on our C
      before we run a Coccinelle patch, doing so on every test run has
      proven to be disruptive. You can still run this tool manually with
      "make check-cocci". Closes ticket 40030.

Changes in version 0.4.4.2-alpha - 2020-07-09
  This is the second alpha release in the 0.4.4.x series. It fixes a few
  bugs in the previous release, and solves a few usability,
  compatibility, and portability issues.

  This release also fixes TROVE-2020-001, a medium-severity denial of
  service vulnerability affecting all versions of Tor when compiled with
  the NSS encryption library. (This is not the default configuration.)
  Using this vulnerability, an attacker could cause an affected Tor
  instance to crash remotely. This issue is also tracked as CVE-2020-
  15572. Anybody running a version of Tor built with the NSS library
  should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha
  or later.

  o Major bugfixes (NSS, security):
    - Fix a crash due to an out-of-bound memory access when Tor is
      compiled with NSS support. Fixes bug 33119; bugfix on
      0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001
      and CVE-2020-15572.

  o Minor features (bootstrap reporting):
    - Report more detailed reasons for bootstrap failure when the
      failure happens due to a TLS error. Previously we would just call
      these errors "MISC" when they happened during read, and "DONE"
      when they happened during any other TLS operation. Closes
      ticket 32622.

  o Minor features (directory authority):
    - Authorities now recommend the protocol versions that are supported
      by Tor 0.3.5 and later. (Earlier versions of Tor have been
      deprecated since January of this year.) This recommendation will
      cause older clients and relays to give a warning on startup, or
      when they download a consensus directory. Closes ticket 32696.

  o Minor features (entry guards):
    - Reinstate support for GUARD NEW/UP/DOWN control port events.
      Closes ticket 40001.

  o Minor features (linux seccomp2 sandbox, portability):
    - Allow Tor to build on platforms where it doesn't know how to
      report which syscall caused the linux seccomp2 sandbox to fail.
      This change should make the sandbox code more portable to less
      common Linux architectures. Closes ticket 34382.
    - Permit the unlinkat() syscall, which some Libc implementations use
      to implement unlink(). Closes ticket 33346.

  o Minor bugfix (CI, Windows):
    - Use the correct 64-bit printf format when compiling with MINGW on
      Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha.

  o Minor bugfix (onion service v3 client):
    - Remove a BUG() warning that could occur naturally. Fixes bug
      34087; bugfix on 0.3.2.1-alpha.

  o Minor bugfix (SOCKS, onion service client):
    - Detect v3 onion service addresses of the wrong length when
      returning the F6 ExtendedErrors code. Fixes bug 33873; bugfix
      on 0.4.3.1-alpha.

  o Minor bugfixes (compiler warnings):
    - Fix a compiler warning on platforms with 32-bit time_t values.
      Fixes bug 40028; bugfix on 0.3.2.8-rc.

  o Minor bugfixes (control port, onion service):
    - Consistently use 'address' in "Invalid v3 address" response to
      ONION_CLIENT_AUTH commands. Previously, we would sometimes say
      'addr'. Fixes bug 40005; bugfix on 0.4.3.1-alpha.

  o Minor bugfixes (logging):
    - Downgrade a noisy log message that could occur naturally when
      receiving an extrainfo document that we no longer want. Fixes bug
      16016; bugfix on 0.2.6.3-alpha.

  o Minor bugfixes (onion services v3):
    - Avoid a non-fatal assertion failure in certain edge-cases when
      opening an intro circuit as a client. Fixes bug 34084; bugfix
      on 0.3.2.1-alpha.

  o Deprecated features (onion service v2):
    - Add a deprecation warning for version 2 onion services. Closes
      ticket 40003.

  o Removed features (IPv6, revert):
    - Revert the change in the default value of ClientPreferIPv6OrPort:
      it breaks the torsocks use case. The SOCKS resolve command has no
      mechanism to ask for a specific address family (v4 or v6), and so
      prioritizing IPv6 when an IPv4 address is requested on the SOCKS
      interface resulted in a failure. Tor Browser explicitly sets
      PreferIPv6, so this should not affect the majority of our users.
      Closes ticket 33796; bugfix on 0.4.4.1-alpha.

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=97aa45e2eacb8180240d9d94ed91912d13d09ee8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 tor-dev/Makefile | 2 +-
 tor-dev/distinfo | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diffs:
diff --git a/tor-dev/Makefile b/tor-dev/Makefile
index b8ef949340..c5c254380b 100644
--- a/tor-dev/Makefile
+++ b/tor-dev/Makefile
@@ -1,6 +1,6 @@
 # $NetBSD$
 
-DISTNAME=	tor-0.4.4.1-alpha
+DISTNAME=	tor-0.4.4.3-alpha
 PKGNAME=	${DISTNAME:S/tor/tordev/:S/-alpha//:S/-rc/rc0/}
 CATEGORIES=	net security
 MASTER_SITES=	https://dist.torproject.org/
diff --git a/tor-dev/distinfo b/tor-dev/distinfo
index 3bb1ac12b5..0cacffd3ea 100644
--- a/tor-dev/distinfo
+++ b/tor-dev/distinfo
@@ -1,8 +1,8 @@
 $NetBSD$
 
-SHA1 (tor-0.4.4.1-alpha.tar.gz) = 80a08865fafbf81eb78ea68981693113fbc14fa3
-RMD160 (tor-0.4.4.1-alpha.tar.gz) = 901555e0c30766b26c9256829add7eaa5b6b1c54
-SHA512 (tor-0.4.4.1-alpha.tar.gz) = 4156095d5770cedd801a50bb8cd4639c0bf0852b90623027f26868ae41c832055c06525262e39e03f653d4798e8b53f4cbcdfc271b5b4af567afa0900f24ae04
-Size (tor-0.4.4.1-alpha.tar.gz) = 7789510 bytes
+SHA1 (tor-0.4.4.3-alpha.tar.gz) = 4f391b4a3a391c4ae42b3546597945ecc2467b51
+RMD160 (tor-0.4.4.3-alpha.tar.gz) = b517894f605112ad8adf78845a4a6f39617ab936
+SHA512 (tor-0.4.4.3-alpha.tar.gz) = 54753191d17b25966f03f83d210b7a2e433b0810a53c6a6748bcbaa3a4f148f2c75aacdc8d4785d38e250e30559e9f1c490b7bfa1a6b283fa39b2b7fd857e8cc
+Size (tor-0.4.4.3-alpha.tar.gz) = 7795304 bytes
 SHA1 (patch-Makefile.in) = c190295f4702bd1e69531cab1ac61dbab451e48b
 SHA1 (patch-src_app_config_config.c) = bac106e382207cdf22c84a52b45c791de2bdf0f8