[pkgsrc/trunk]: pkgsrc/net/tor tor: update to 0.4.6.7.

[wiz <wiz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/a6f69220b75d
branches:  trunk
changeset: 457106:a6f69220b75d
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Tue Aug 17 08:13:44 2021 +0000

description:
tor: update to 0.4.6.7.

Changes in version 0.4.6.7 - 2021-08-16
  This version fixes several bugs from earlier versions of Tor,
  including one that could lead to a denial-of-service attack. Everyone
  running an earlier version, whether as a client, a relay, or an onion
  service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.

  o Major bugfixes (cryptography, security):
    - Resolve an assertion failure caused by a behavior mismatch between
      our batch-signature verification code and our single-signature
      verification code. This assertion failure could be triggered
      remotely, leading to a denial of service attack. We fix this issue
      by disabling batch verification. Fixes bug 40078; bugfix on
      0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and
      CVE-2021-38385. Found by Henry de Valence.

  o Minor feature (fallbackdir):
    - Regenerate fallback directories list. Close ticket 40447.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2021/08/12.

  o Minor bugfix (crypto):
    - Disable the unused batch verification feature of ed25519-donna.
      Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry
      de Valence.

  o Minor bugfixes (onion service):
    - Send back the extended SOCKS error 0xF6 (Onion Service Invalid
      Address) for a v2 onion address. Fixes bug 40421; bugfix
      on 0.4.6.2-alpha.

  o Minor bugfixes (relay):
    - Reduce the compression level for data streaming from HIGH to LOW
      in order to reduce CPU load on the directory relays. Fixes bug
      40301; bugfix on 0.3.5.1-alpha.

  o Minor bugfixes (timekeeping):
    - Calculate the time of day correctly on systems where the time_t
      type includes leap seconds. (This is not the case on most
      operating systems, but on those where it occurs, our tor_timegm
      function did not correctly invert the system's gmtime function,
      which could result in assertion failures when calculating voting
      schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.

diffstat:

 net/tor/Makefile |   4 ++--
 net/tor/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (27 lines):

diff -r 2865ac95a271 -r a6f69220b75d net/tor/Makefile
--- a/net/tor/Makefile  Tue Aug 17 08:02:50 2021 +0000
+++ b/net/tor/Makefile  Tue Aug 17 08:13:44 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.171 2021/07/01 07:42:38 wiz Exp $
+# $NetBSD: Makefile,v 1.172 2021/08/17 08:13:44 wiz Exp $
 
-DISTNAME=      tor-0.4.6.6
+DISTNAME=      tor-0.4.6.7
 CATEGORIES=    net security
 MASTER_SITES=  https://dist.torproject.org/
 
diff -r 2865ac95a271 -r a6f69220b75d net/tor/distinfo
--- a/net/tor/distinfo  Tue Aug 17 08:02:50 2021 +0000
+++ b/net/tor/distinfo  Tue Aug 17 08:13:44 2021 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.117 2021/07/01 07:42:38 wiz Exp $
+$NetBSD: distinfo,v 1.118 2021/08/17 08:13:44 wiz Exp $
 
-SHA1 (tor-0.4.6.6.tar.gz) = a74a6cee49002d2f48c78a0b5435046a07a7a14c
-RMD160 (tor-0.4.6.6.tar.gz) = 1309345b9f09e6521894b5151e376ec5b5ee6880
-SHA512 (tor-0.4.6.6.tar.gz) = 9705a3e43f399d214511968fbeca0ff03d7138ed39d87bb5059989f8259f0c72fb05d06caa813ba48fa227b2b02f394e84c6efa36ab3d79d2eeb42fbe6caff07
-Size (tor-0.4.6.6.tar.gz) = 7754194 bytes
+SHA1 (tor-0.4.6.7.tar.gz) = 2b1cc3796a3c9155c6b0b524bd6f77ed53bc138f
+RMD160 (tor-0.4.6.7.tar.gz) = 7d77c45413078b1463f5e710b8168b891e226623
+SHA512 (tor-0.4.6.7.tar.gz) = e5f9e235fc4b96f5e63e0bfa4ca412d0d11299a31cb77cae1c199b276d0dfbf3656657ddf910b22625dd49eb726d487666e80e8889db78c9edebbab0d80d9e03
+Size (tor-0.4.6.7.tar.gz) = 7790727 bytes