Mon Jan 17 14:06:54 2011 UTC ()

update to 0.2.1.29
changes:
-Fix a heap overflow (probably allows remote code execution)
 (CVE-2011-0427)
-Prevent a denial-of-service attack by disallowing any
 zlib-compressed data whose compression factor is implausibly
 high
-Zero out a few more keys in memory before freeing them
-bugfixes
-Update to the January 1 2011 Maxmind GeoLite Country db
-Introduce output size checks on all of our decryption functions


(drochner)

diff -r1.76 -r1.77 pkgsrc/net/tor/Makefile
diff -r1.46 -r1.47 pkgsrc/net/tor/distinfo

--- pkgsrc/net/tor/Makefile 2010/12/21 00:07:28 1.76
+++ pkgsrc/net/tor/Makefile 2011/01/17 14:06:53 1.77

 @@ -1,17 +1,17 @@
-# $NetBSD: Makefile,v 1.76 2010/12/21 00:07:28 gdt Exp $
+# $NetBSD: Makefile,v 1.77 2011/01/17 14:06:53 drochner Exp $
+#
-DISTNAME=		tor-0.2.1.28
+DISTNAME=		tor-0.2.1.29
 CATEGORIES=		net security
 MASTER_SITES=		http://www.torproject.org/dist/
 MAINTAINER=		athaba@inode.at
 HOMEPAGE=		http://www.torproject.org/
 COMMENT=		Anonymizing overlay network for TCP
 LICENSE=		modified-bsd
 PKG_DESTDIR_SUPPORT=	user-destdir
 .include "../../mk/bsd.prefs.mk"
 USE_LANGUAGES+=		c99

--- pkgsrc/net/tor/distinfo 2010/12/21 00:07:28 1.46
+++ pkgsrc/net/tor/distinfo 2011/01/17 14:06:53 1.47

 @@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.46 2010/12/21 00:07:28 gdt Exp $
+$NetBSD: distinfo,v 1.47 2011/01/17 14:06:53 drochner Exp $
-SHA1 (tor-0.2.1.28.tar.gz) = 31c6995314a7a205a5d685bffbe966a766c84d7b
+SHA1 (tor-0.2.1.29.tar.gz) = cd534b99c91070504f4e70008ab8940a816b5bc6
-RMD160 (tor-0.2.1.28.tar.gz) = 71cf9f3cfb0cf89de573869a694bf31059331811
+RMD160 (tor-0.2.1.29.tar.gz) = 2587fc9162852434a395ec796ebdcee1972d9aa9
-Size (tor-0.2.1.28.tar.gz) = 2471741 bytes
+Size (tor-0.2.1.29.tar.gz) = 2521399 bytes
 SHA1 (patch-aa) = 5ee3e4c23b23b1b1f203be9ed5fdd3104ecc1804