pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/net/tor
Module Name: pkgsrc
Committed By: wiz
Date: Tue Aug 17 08:13:44 UTC 2021
Modified Files:
pkgsrc/net/tor: Makefile distinfo
Log Message:
tor: update to 0.4.6.7.
Changes in version 0.4.6.7 - 2021-08-16
This version fixes several bugs from earlier versions of Tor,
including one that could lead to a denial-of-service attack. Everyone
running an earlier version, whether as a client, a relay, or an onion
service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
o Major bugfixes (cryptography, security):
- Resolve an assertion failure caused by a behavior mismatch between
our batch-signature verification code and our single-signature
verification code. This assertion failure could be triggered
remotely, leading to a denial of service attack. We fix this issue
by disabling batch verification. Fixes bug 40078; bugfix on
0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and
CVE-2021-38385. Found by Henry de Valence.
o Minor feature (fallbackdir):
- Regenerate fallback directories list. Close ticket 40447.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2021/08/12.
o Minor bugfix (crypto):
- Disable the unused batch verification feature of ed25519-donna.
Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry
de Valence.
o Minor bugfixes (onion service):
- Send back the extended SOCKS error 0xF6 (Onion Service Invalid
Address) for a v2 onion address. Fixes bug 40421; bugfix
on 0.4.6.2-alpha.
o Minor bugfixes (relay):
- Reduce the compression level for data streaming from HIGH to LOW
in order to reduce CPU load on the directory relays. Fixes bug
40301; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (timekeeping):
- Calculate the time of day correctly on systems where the time_t
type includes leap seconds. (This is not the case on most
operating systems, but on those where it occurs, our tor_timegm
function did not correctly invert the system's gmtime function,
which could result in assertion failures when calculating voting
schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
To generate a diff of this commit:
cvs rdiff -u -r1.171 -r1.172 pkgsrc/net/tor/Makefile
cvs rdiff -u -r1.117 -r1.118 pkgsrc/net/tor/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/net/tor/Makefile
diff -u pkgsrc/net/tor/Makefile:1.171 pkgsrc/net/tor/Makefile:1.172
--- pkgsrc/net/tor/Makefile:1.171 Thu Jul 1 07:42:38 2021
+++ pkgsrc/net/tor/Makefile Tue Aug 17 08:13:44 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.171 2021/07/01 07:42:38 wiz Exp $
+# $NetBSD: Makefile,v 1.172 2021/08/17 08:13:44 wiz Exp $
-DISTNAME= tor-0.4.6.6
+DISTNAME= tor-0.4.6.7
CATEGORIES= net security
MASTER_SITES= https://dist.torproject.org/
Index: pkgsrc/net/tor/distinfo
diff -u pkgsrc/net/tor/distinfo:1.117 pkgsrc/net/tor/distinfo:1.118
--- pkgsrc/net/tor/distinfo:1.117 Thu Jul 1 07:42:38 2021
+++ pkgsrc/net/tor/distinfo Tue Aug 17 08:13:44 2021
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.117 2021/07/01 07:42:38 wiz Exp $
+$NetBSD: distinfo,v 1.118 2021/08/17 08:13:44 wiz Exp $
-SHA1 (tor-0.4.6.6.tar.gz) = a74a6cee49002d2f48c78a0b5435046a07a7a14c
-RMD160 (tor-0.4.6.6.tar.gz) = 1309345b9f09e6521894b5151e376ec5b5ee6880
-SHA512 (tor-0.4.6.6.tar.gz) = 9705a3e43f399d214511968fbeca0ff03d7138ed39d87bb5059989f8259f0c72fb05d06caa813ba48fa227b2b02f394e84c6efa36ab3d79d2eeb42fbe6caff07
-Size (tor-0.4.6.6.tar.gz) = 7754194 bytes
+SHA1 (tor-0.4.6.7.tar.gz) = 2b1cc3796a3c9155c6b0b524bd6f77ed53bc138f
+RMD160 (tor-0.4.6.7.tar.gz) = 7d77c45413078b1463f5e710b8168b891e226623
+SHA512 (tor-0.4.6.7.tar.gz) = e5f9e235fc4b96f5e63e0bfa4ca412d0d11299a31cb77cae1c199b276d0dfbf3656657ddf910b22625dd49eb726d487666e80e8889db78c9edebbab0d80d9e03
+Size (tor-0.4.6.7.tar.gz) = 7790727 bytes
Home |
Main Index |
Thread Index |
Old Index