Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id 706677A111 for ; Wed, 14 Jun 2017 16:16:06 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 2277484DF4; Wed, 14 Jun 2017 16:16:06 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id A615284DCC for ; Wed, 14 Jun 2017 16:16:05 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id uPpCJNYia89t for ; Wed, 14 Jun 2017 16:16:05 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id C52AE84CDA for ; Wed, 14 Jun 2017 16:16:04 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id C343BFAB8; Wed, 14 Jun 2017 16:16:04 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_149745696460210" MIME-Version: 1.0 Date: Wed, 14 Jun 2017 16:16:04 +0000 From: "Thomas Klausner" Subject: CVS commit: pkgsrc/net/tor To: pkgsrc-changes@NetBSD.org Reply-To: wiz@netbsd.org X-Mailer: log_accum Message-Id: <20170614161604.C343BFAB8@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_149745696460210 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: wiz Date: Wed Jun 14 16:16:04 UTC 2017 Modified Files: pkgsrc/net/tor: Makefile distinfo Log Message: Updated tor to 0.3.0.8. Changes in version 0.3.0.8 - 2017-06-08 Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-004 and TROVE-2017-005. Tor 0.3.0.8 also includes fixes for several key management bugs that sometimes made relays unreliable, as well as several other bugfixes described below. o Major bugfixes (hidden service, relay, security, backport from 0.3.1.3-alpha): - Fix a remotely triggerable assertion failure when a hidden service handles a malformed BEGIN cell. Fixes bug 22493, tracked as TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha. - Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha): - When performing the v3 link handshake on a TLS connection, report that we have the x509 certificate that we actually used on that connection, even if we have changed certificates since that connection was first opened. Previously, we would claim to have used our most recent x509 link certificate, which would sometimes make the link handshake fail. Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha. o Major bugfixes (relays, key management, backport from 0.3.1.3-alpha): - Regenerate link and authentication certificates whenever the key that signs them changes; also, regenerate link certificates whenever the signed key changes. Previously, these processes were only weakly coupled, and we relays could (for minutes to hours) wind up with an inconsistent set of keys and certificates, which other relays would not accept. Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha. - When sending an Ed25519 signing->link certificate in a CERTS cell, send the certificate that matches the x509 certificate that we used on the TLS connection. Previously, there was a race condition if the TLS context rotated after we began the TLS handshake but before we sent the CERTS cell. Fixes a case of bug 22460; bugfix on 0.3.0.1-alpha. o Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha): - Stop rejecting v3 hidden service descriptors because their size did not match an old padding rule. Fixes bug 22447; bugfix on tor-0.3.0.1-alpha. o Minor features (fallback directory list, backport from 0.3.1.3-alpha): - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in December 2016 (of which ~126 were still functional) with a list of 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May 2017. Resolves ticket 21564. o Minor bugfixes (configuration, backport from 0.3.1.1-alpha): - Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes bug 22252; bugfix on 0.2.9.3-alpha. o Minor bugfixes (correctness, backport from 0.3.1.3-alpha): - Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. o Minor bugfixes (link handshake, backport from 0.3.1.3-alpha): - Lower the lifetime of the RSA->Ed25519 cross-certificate to six months, and regenerate it when it is within one month of expiring. Previously, we had generated this certificate at startup with a ten-year lifetime, but that could lead to weird behavior when Tor was started with a grossly inaccurate clock. Mitigates bug 22466; mitigation on 0.3.0.1-alpha. o Minor bugfixes (memory leak, directory authority, backport from 0.3.1.2-alpha): - When directory authorities reject a router descriptor due to keypinning, free the router descriptor rather than leaking the memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha. To generate a diff of this commit: cvs rdiff -u -r1.121 -r1.122 pkgsrc/net/tor/Makefile cvs rdiff -u -r1.81 -r1.82 pkgsrc/net/tor/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_149745696460210 Content-Disposition: inline Content-Length: 1521 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/net/tor/Makefile diff -u pkgsrc/net/tor/Makefile:1.121 pkgsrc/net/tor/Makefile:1.122 --- pkgsrc/net/tor/Makefile:1.121 Wed May 17 07:13:37 2017 +++ pkgsrc/net/tor/Makefile Wed Jun 14 16:16:04 2017 @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.121 2017/05/17 07:13:37 adam Exp $ +# $NetBSD: Makefile,v 1.122 2017/06/14 16:16:04 wiz Exp $ -DISTNAME= tor-0.3.0.7 +DISTNAME= tor-0.3.0.8 CATEGORIES= net security MASTER_SITES= http://www.torproject.org/dist/ Index: pkgsrc/net/tor/distinfo diff -u pkgsrc/net/tor/distinfo:1.81 pkgsrc/net/tor/distinfo:1.82 --- pkgsrc/net/tor/distinfo:1.81 Wed May 17 07:13:37 2017 +++ pkgsrc/net/tor/distinfo Wed Jun 14 16:16:04 2017 @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.81 2017/05/17 07:13:37 adam Exp $ +$NetBSD: distinfo,v 1.82 2017/06/14 16:16:04 wiz Exp $ -SHA1 (tor-0.3.0.7.tar.gz) = a8c52e943f05761a9687ee84aff1c3a9c9bf3c33 -RMD160 (tor-0.3.0.7.tar.gz) = 40e17ff81474e2eae6ea60cfb601c62763cb1e3c -SHA512 (tor-0.3.0.7.tar.gz) = f6538e6d8dd444d2eb01f0cce48ec51a0e9ab533027d8941f1577f31136782685a4e317ff62bf21dfb52666df8d04f5dc996c5a0ceadccb2ba4fd91653989ccd -Size (tor-0.3.0.7.tar.gz) = 5793734 bytes +SHA1 (tor-0.3.0.8.tar.gz) = c5e117ad3cc703cb870b7b8a147d6301ace235a7 +RMD160 (tor-0.3.0.8.tar.gz) = b71e3dc016eb43fa85d483a0893122e19df924a7 +SHA512 (tor-0.3.0.8.tar.gz) = 93267e51578266f6f6eea57e7fcd7ec5f8fbeb2e880675956724a0b1c1dfe1826945aaba4ca3075b577505d0ce70fd7def2f2a9e06af78f52190e15a7aad2ee1 +Size (tor-0.3.0.8.tar.gz) = 5796845 bytes --_----------=_149745696460210--