pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2016Q3]: pkgsrc/net/tor Pullup ticket #5145 - requested by wiz
details: https://anonhg.NetBSD.org/pkgsrc/rev/144a0874c9ac
branches: pkgsrc-2016Q3
changeset: 408803:144a0874c9ac
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Thu Nov 03 19:02:17 2016 +0000
description:
Pullup ticket #5145 - requested by wiz
net/tor: security fix
Revisions pulled up:
- net/tor/Makefile 1.112-1.113
- net/tor/distinfo 1.73-1.74
---
Module Name: pkgsrc
Committed By: wiz
Date: Fri Sep 30 10:53:01 UTC 2016
Modified Files:
pkgsrc/net/tor: Makefile distinfo
Log Message:
Updated tor to 0.2.8.8.
Changes in version 0.2.8.8 - 2016-09-23
Tor 0.2.8.8 fixes two crash bugs present in previous versions of the
0.2.8.x series. Relays running 0.2.8.x should upgrade, as should users
who select public relays as their bridges.
o Major bugfixes (crash):
- Fix a complicated crash bug that could affect Tor clients
configured to use bridges when replacing a networkstatus consensus
in which one of their bridges was mentioned. OpenBSD users saw
more crashes here, but all platforms were potentially affected.
Fixes bug 20103; bugfix on 0.2.8.2-alpha.
o Major bugfixes (relay, OOM handler):
- Fix a timing-dependent assertion failure that could occur when we
tried to flush from a circuit after having freed its cells because
of an out-of-memory condition. Fixes bug 20203; bugfix on
0.2.8.1-alpha. Thanks to "cypherpunks" for help diagnosing
this one.
o Minor feature (fallback directories):
- Remove broken fallbacks from the hard-coded fallback directory
list. Closes ticket 20190; patch by teor.
o Minor features (geoip):
- Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2
Country database.
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Oct 19 10:58:14 UTC 2016
Modified Files:
pkgsrc/net/tor: Makefile distinfo
Log Message:
Updated tor to 0.2.8.9.
Changes in version 0.2.8.9 - 2016-10-17
Tor 0.2.8.9 backports a fix for a security hole in previous versions
of Tor that would allow a remote attacker to crash a Tor client,
hidden service, relay, or authority. All Tor users should upgrade to
this version, or to 0.2.9.4-alpha. Patches will be released for older
versions of Tor.
o Major features (security fixes, also in 0.2.9.4-alpha):
- Prevent a class of security bugs caused by treating the contents
of a buffer chunk as if they were a NUL-terminated string. At
least one such bug seems to be present in all currently used
versions of Tor, and would allow an attacker to remotely crash
most Tor instances, especially those compiled with extra compiler
hardening. With this defense in place, such bugs can't crash Tor,
though we should still fix them as they occur. Closes ticket
20384 (TROVE-2016-10-001).
o Minor features (geoip):
- Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2
Country database.
diffstat:
net/tor/Makefile | 4 ++--
net/tor/distinfo | 10 +++++-----
2 files changed, 7 insertions(+), 7 deletions(-)
diffs (27 lines):
diff -r 0d703400d845 -r 144a0874c9ac net/tor/Makefile
--- a/net/tor/Makefile Wed Nov 02 17:00:15 2016 +0000
+++ b/net/tor/Makefile Thu Nov 03 19:02:17 2016 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.111 2016/08/25 07:57:24 wiz Exp $
+# $NetBSD: Makefile,v 1.111.2.1 2016/11/03 19:02:17 bsiegert Exp $
-DISTNAME= tor-0.2.8.7
+DISTNAME= tor-0.2.8.9
CATEGORIES= net security
MASTER_SITES= http://www.torproject.org/dist/
diff -r 0d703400d845 -r 144a0874c9ac net/tor/distinfo
--- a/net/tor/distinfo Wed Nov 02 17:00:15 2016 +0000
+++ b/net/tor/distinfo Thu Nov 03 19:02:17 2016 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.72 2016/08/25 07:57:24 wiz Exp $
+$NetBSD: distinfo,v 1.72.2.1 2016/11/03 19:02:17 bsiegert Exp $
-SHA1 (tor-0.2.8.7.tar.gz) = 3f74bf9f8dbc2778c143a54cbd93e29e0a86f113
-RMD160 (tor-0.2.8.7.tar.gz) = aad539ba5e634b0aa18145ed9423344fee43a703
-SHA512 (tor-0.2.8.7.tar.gz) = 79156110804497509564d53a806dc8237e97755556bbaaed83d0f6a3470942a480e53693a7192996bad2b33fe1f77f60eb45e8122af9bfdc4a8f12b943cbc660
-Size (tor-0.2.8.7.tar.gz) = 5179093 bytes
+SHA1 (tor-0.2.8.9.tar.gz) = fab0cb618bea15d19428dd820403ba3267b17b06
+RMD160 (tor-0.2.8.9.tar.gz) = b93b57e194d746a1fe8621a75946004f79b8c7c7
+SHA512 (tor-0.2.8.9.tar.gz) = 9a02e4f7901c2abb22f8250077bc078e9b6ae122ee54fbe7ecfb505d449e6e1766f6d9f95d7b794063471cbefe7410fece8524910f83579bff00d6da2a8ea6c1
+Size (tor-0.2.8.9.tar.gz) = 5306773 bytes
Home |
Main Index |
Thread Index |
Old Index