Wed Apr 8 05:26:02 2015 UTC ()
Update to 0.2.5.12,  from Christian Sturm in PR 49823.

Changes in version 0.2.5.12 - 2015-04-06
  Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that
  could be used by an attacker to crash hidden services, or crash clients
  visiting hidden services. Hidden services should upgrade as soon as
  possible; clients should upgrade whenever packages become available.

  This release also backports a simple improvement to make hidden
  services a bit less vulnerable to denial-of-service attacks.

  o Major bugfixes (security, hidden service):
    - Fix an issue that would allow a malicious client to trigger an
      assertion failure and halt a hidden service. Fixes bug 15600;
      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
    - Fix a bug that could cause a client to crash with an assertion
      failure when parsing a malformed hidden service descriptor. Fixes
      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".

  o Minor features (DoS-resistance, hidden service):
    - Introduction points no longer allow multiple INTRODUCE1 cells to
      arrive on the same circuit. This should make it more expensive for
      attackers to overwhelm hidden services with introductions.
      Resolves ticket 15515.


(wiz)
diff -r1.101 -r1.102 pkgsrc/net/tor/Makefile
diff -r1.62 -r1.63 pkgsrc/net/tor/distinfo
cvs diff -r1.101 -r1.102 pkgsrc/net/tor/Makefile (expand / switch to unified diff)

--- pkgsrc/net/tor/Makefile 2015/03/27 12:41:17 1.101
+++ pkgsrc/net/tor/Makefile 2015/04/08 05:26:02 1.102
@@ -1,16 +1,16 @@ @@ -1,16 +1,16 @@
1# $NetBSD: Makefile,v 1.101 2015/03/27 12:41:17 wiz Exp $ 1# $NetBSD: Makefile,v 1.102 2015/04/08 05:26:02 wiz Exp $
2 2
3DISTNAME= tor-0.2.5.11 3DISTNAME= tor-0.2.5.12
4CATEGORIES= net security 4CATEGORIES= net security
5MASTER_SITES= http://www.torproject.org/dist/ 5MASTER_SITES= http://www.torproject.org/dist/
6 6
7MAINTAINER= athaba@users.sourceforge.net 7MAINTAINER= athaba@users.sourceforge.net
8HOMEPAGE= http://www.torproject.org/ 8HOMEPAGE= http://www.torproject.org/
9COMMENT= Anonymizing overlay network for TCP 9COMMENT= Anonymizing overlay network for TCP
10LICENSE= modified-bsd 10LICENSE= modified-bsd
11 11
12.include "../../mk/bsd.prefs.mk" 12.include "../../mk/bsd.prefs.mk"
13 13
14USE_LANGUAGES= c99 14USE_LANGUAGES= c99
15USE_PKGLOCALEDIR= yes 15USE_PKGLOCALEDIR= yes
16GNU_CONFIGURE= yes 16GNU_CONFIGURE= yes
cvs diff -r1.62 -r1.63 pkgsrc/net/tor/distinfo (expand / switch to unified diff)

--- pkgsrc/net/tor/distinfo 2015/03/27 12:41:17 1.62
+++ pkgsrc/net/tor/distinfo 2015/04/08 05:26:02 1.63
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
1$NetBSD: distinfo,v 1.62 2015/03/27 12:41:17 wiz Exp $ 1$NetBSD: distinfo,v 1.63 2015/04/08 05:26:02 wiz Exp $
2 2
3SHA1 (tor-0.2.5.11.tar.gz) = 31784ef1c7e443b0eaa785ea89197a8d32da7936 3SHA1 (tor-0.2.5.12.tar.gz) = 256e6d77d71420a21a67bba270f43fcf356f8737
4RMD160 (tor-0.2.5.11.tar.gz) = 4f2dfb11312f6a59214d8c5a45c87c6d2d03f7b8 4RMD160 (tor-0.2.5.12.tar.gz) = 8e6ab8660c0c833849ff0aa8bbf44dcf2097e3eb
5Size (tor-0.2.5.11.tar.gz) = 3310350 bytes 5Size (tor-0.2.5.12.tar.gz) = 3311423 bytes
6SHA1 (patch-aa) = ac774cb976e03ff4d38415e78720f2f463c210c8 6SHA1 (patch-aa) = ac774cb976e03ff4d38415e78720f2f463c210c8