pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/net/tor
Module Name: pkgsrc
Committed By: wiz
Date: Tue Jan 24 08:59:07 UTC 2017
Modified Files:
pkgsrc/net/tor: Makefile distinfo
Log Message:
Updated tor to 0.2.9.9.
Changes in version 0.2.9.9 - 2017-01-23
Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could
cause relays and clients to crash, even if they were not built with
the --enable-expensive-hardening option. This bug affects all 0.2.9.x
versions, and also affects 0.3.0.1-alpha: all relays running an affected
version should upgrade.
This release also resolves a client-side onion service reachability
bug, and resolves a pair of small portability issues.
o Major bugfixes (security):
- Downgrade the "-ftrapv" option from "always on" to "only on when
--enable-expensive-hardening is provided." This hardening option,
like others, can turn survivable bugs into crashes -- and having
it on by default made a (relatively harmless) integer overflow bug
into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001);
bugfix on 0.2.9.1-alpha.
o Major bugfixes (client, onion service):
- Fix a client-side onion service reachability bug, where multiple
socks requests to an onion service (or a single slow request)
could cause us to mistakenly mark some of the service's
introduction points as failed, and we cache that failure so
eventually we run out and can't reach the service. Also resolves a
mysterious "Remote server sent bogus reason code 65021" log
warning. The bug was introduced in ticket 17218, where we tried to
remember the circuit end reason as a uint16_t, which mangled
negative values. Partially fixes bug 21056 and fixes bug 20307;
bugfix on 0.2.8.1-alpha.
o Minor features (geoip):
- Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2
Country database.
o Minor bugfixes (portability):
- Avoid crashing when Tor is built using headers that contain
CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel
without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix
on 0.2.9.1-alpha.
- Fix Libevent detection on platforms without Libevent 1 headers
installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha.
To generate a diff of this commit:
cvs rdiff -u -r1.116 -r1.117 pkgsrc/net/tor/Makefile
cvs rdiff -u -r1.77 -r1.78 pkgsrc/net/tor/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/net/tor/Makefile
diff -u pkgsrc/net/tor/Makefile:1.116 pkgsrc/net/tor/Makefile:1.117
--- pkgsrc/net/tor/Makefile:1.116 Sun Jan 8 12:50:41 2017
+++ pkgsrc/net/tor/Makefile Tue Jan 24 08:59:07 2017
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.116 2017/01/08 12:50:41 maya Exp $
+# $NetBSD: Makefile,v 1.117 2017/01/24 08:59:07 wiz Exp $
-DISTNAME= tor-0.2.9.8
+DISTNAME= tor-0.2.9.9
CATEGORIES= net security
MASTER_SITES= http://www.torproject.org/dist/
Index: pkgsrc/net/tor/distinfo
diff -u pkgsrc/net/tor/distinfo:1.77 pkgsrc/net/tor/distinfo:1.78
--- pkgsrc/net/tor/distinfo:1.77 Sun Jan 8 12:50:41 2017
+++ pkgsrc/net/tor/distinfo Tue Jan 24 08:59:07 2017
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.77 2017/01/08 12:50:41 maya Exp $
+$NetBSD: distinfo,v 1.78 2017/01/24 08:59:07 wiz Exp $
-SHA1 (tor-0.2.9.8.tar.gz) = 02364a45486ea70e3cdfdf2a195ae7501f0a5f26
-RMD160 (tor-0.2.9.8.tar.gz) = 41a08ec5d1a0222ff2277beb54984f8dd21dc2e6
-SHA512 (tor-0.2.9.8.tar.gz) = 6a43a56ebed7b24ccdd2474406f25347819d4efec4916bdb2e725177b34e233632cc17e68c823efa3d0aad4a5bd13e00a5077cdfeb8830a612253a03ab91b622
-Size (tor-0.2.9.8.tar.gz) = 5522235 bytes
+SHA1 (tor-0.2.9.9.tar.gz) = 031bc77666a761ae7bc88cdade8187a3e3758d69
+RMD160 (tor-0.2.9.9.tar.gz) = 2a94b5abb565dc5e508fb6e70a05ea60e53202f3
+SHA512 (tor-0.2.9.9.tar.gz) = cbe7e1f3e503b945f150916b7147cf23d1c32c3660e15aecfe5e2f2baac3a241de665e6ce4e81b81229933eba7f02d4a86e8deeabf2378d40fa83a7036928c9b
+Size (tor-0.2.9.9.tar.gz) = 5534005 bytes
Home |
Main Index |
Thread Index |
Old Index