Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1478199738238720"
MIME-Version: 1.0
Date: Thu, 3 Nov 2016 19:02:18 +0000
From: "Benny Siegert" <bsiegert@netbsd.org>
Subject: CVS commit: [pkgsrc-2016Q3] pkgsrc/net/tor
To: pkgsrc-changes@NetBSD.org
Reply-To: bsiegert@netbsd.org
Message-Id: <20161103190218.1CFC6FBA6@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1478199738238720
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	bsiegert
Date:		Thu Nov  3 19:02:18 UTC 2016

Modified Files:
	pkgsrc/net/tor [pkgsrc-2016Q3]: Makefile distinfo

Log Message:
Pullup ticket #5145 - requested by wiz
net/tor: security fix

Revisions pulled up:
- net/tor/Makefile                                              1.112-1.113
- net/tor/distinfo                                              1.73-1.74

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Fri Sep 30 10:53:01 UTC 2016

   Modified Files:
   	pkgsrc/net/tor: Makefile distinfo

   Log Message:
   Updated tor to 0.2.8.8.

   Changes in version 0.2.8.8 - 2016-09-23
     Tor 0.2.8.8 fixes two crash bugs present in previous versions of the
     0.2.8.x series. Relays running 0.2.8.x should upgrade, as should users
     who select public relays as their bridges.

     o Major bugfixes (crash):
       - Fix a complicated crash bug that could affect Tor clients
         configured to use bridges when replacing a networkstatus consensus
         in which one of their bridges was mentioned. OpenBSD users saw
         more crashes here, but all platforms were potentially affected.
         Fixes bug 20103; bugfix on 0.2.8.2-alpha.

     o Major bugfixes (relay, OOM handler):
       - Fix a timing-dependent assertion failure that could occur when we
         tried to flush from a circuit after having freed its cells because
         of an out-of-memory condition. Fixes bug 20203; bugfix on
         0.2.8.1-alpha. Thanks to "cypherpunks" for help diagnosing
         this one.

     o Minor feature (fallback directories):
       - Remove broken fallbacks from the hard-coded fallback directory
         list. Closes ticket 20190; patch by teor.

     o Minor features (geoip):
       - Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2
         Country database.

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Oct 19 10:58:14 UTC 2016

   Modified Files:
   	pkgsrc/net/tor: Makefile distinfo

   Log Message:
   Updated tor to 0.2.8.9.

   Changes in version 0.2.8.9 - 2016-10-17
     Tor 0.2.8.9 backports a fix for a security hole in previous versions
     of Tor that would allow a remote attacker to crash a Tor client,
     hidden service, relay, or authority. All Tor users should upgrade to
     this version, or to 0.2.9.4-alpha. Patches will be released for older
     versions of Tor.

     o Major features (security fixes, also in 0.2.9.4-alpha):
       - Prevent a class of security bugs caused by treating the contents
         of a buffer chunk as if they were a NUL-terminated string. At
         least one such bug seems to be present in all currently used
         versions of Tor, and would allow an attacker to remotely crash
         most Tor instances, especially those compiled with extra compiler
         hardening. With this defense in place, such bugs can't crash Tor,
         though we should still fix them as they occur. Closes ticket
         20384 (TROVE-2016-10-001).

     o Minor features (geoip):
       - Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2
         Country database.


To generate a diff of this commit:
cvs rdiff -u -r1.111 -r1.111.2.1 pkgsrc/net/tor/Makefile
cvs rdiff -u -r1.72 -r1.72.2.1 pkgsrc/net/tor/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1478199738238720
Content-Disposition: inline
Content-Length: 1545
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/net/tor/Makefile
diff -u pkgsrc/net/tor/Makefile:1.111 pkgsrc/net/tor/Makefile:1.111.2.1
--- pkgsrc/net/tor/Makefile:1.111	Thu Aug 25 07:57:24 2016
+++ pkgsrc/net/tor/Makefile	Thu Nov  3 19:02:17 2016
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.111 2016/08/25 07:57:24 wiz Exp $
+# $NetBSD: Makefile,v 1.111.2.1 2016/11/03 19:02:17 bsiegert Exp $
 
-DISTNAME=		tor-0.2.8.7
+DISTNAME=		tor-0.2.8.9
 CATEGORIES=		net security
 MASTER_SITES=		http://www.torproject.org/dist/
 

Index: pkgsrc/net/tor/distinfo
diff -u pkgsrc/net/tor/distinfo:1.72 pkgsrc/net/tor/distinfo:1.72.2.1
--- pkgsrc/net/tor/distinfo:1.72	Thu Aug 25 07:57:24 2016
+++ pkgsrc/net/tor/distinfo	Thu Nov  3 19:02:17 2016
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.72 2016/08/25 07:57:24 wiz Exp $
+$NetBSD: distinfo,v 1.72.2.1 2016/11/03 19:02:17 bsiegert Exp $
 
-SHA1 (tor-0.2.8.7.tar.gz) = 3f74bf9f8dbc2778c143a54cbd93e29e0a86f113
-RMD160 (tor-0.2.8.7.tar.gz) = aad539ba5e634b0aa18145ed9423344fee43a703
-SHA512 (tor-0.2.8.7.tar.gz) = 79156110804497509564d53a806dc8237e97755556bbaaed83d0f6a3470942a480e53693a7192996bad2b33fe1f77f60eb45e8122af9bfdc4a8f12b943cbc660
-Size (tor-0.2.8.7.tar.gz) = 5179093 bytes
+SHA1 (tor-0.2.8.9.tar.gz) = fab0cb618bea15d19428dd820403ba3267b17b06
+RMD160 (tor-0.2.8.9.tar.gz) = b93b57e194d746a1fe8621a75946004f79b8c7c7
+SHA512 (tor-0.2.8.9.tar.gz) = 9a02e4f7901c2abb22f8250077bc078e9b6ae122ee54fbe7ecfb505d449e6e1766f6d9f95d7b794063471cbefe7410fece8524910f83579bff00d6da2a8ea6c1
+Size (tor-0.2.8.9.tar.gz) = 5306773 bytes


--_----------=_1478199738238720--