Sun Mar 5 14:55:16 2017 UTC ()
Updated tor to 0.2.9.10.
Changes in version 0.2.9.10 - 2017-03-01
Tor 0.2.9.10 backports a security fix for users who build Tor with
the --enable-expensive-hardening option. It also includes fixes for
some major issues affecting directory authorities, LibreSSL
compatibility, and IPv6 correctness.
The Tor 0.2.9.x release series is now marked as a long-term-support
series. We intend to backport security fixes to 0.2.9.x until at
least January of 2020.
o Major bugfixes (directory authority, 0.3.0.3-alpha):
- During voting, when marking a relay as a probable sybil, do not
clear its BadExit flag: sybils can still be bad in other ways
too. (We still clear the other flags.) Fixes bug 21108; bugfix
on 0.2.0.13-alpha.
o Major bugfixes (IPv6 Exits, backport from 0.3.0.3-alpha):
- Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
any IPv6 addresses. Instead, only reject a port over IPv6 if the
exit policy rejects that port on more than an IPv6 /16 of
addresses. This bug was made worse by 17027 in 0.2.8.1-alpha,
which rejected a relay's own IPv6 address by default. Fixes bug
21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
o Major bugfixes (parsing, also in 0.3.0.4-rc):
- Fix an integer underflow bug when comparing malformed Tor
versions. This bug could crash Tor when built with
--enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor
0.2.9.8, which were built with -ftrapv by default. In other cases
it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
on 0.0.8pre1. Found by OSS-Fuzz.
o Minor features (directory authorities, also in 0.3.0.4-rc):
- Directory authorities now reject descriptors that claim to be
malformed versions of Tor. Helps prevent exploitation of
bug 21278.
- Reject version numbers with components that exceed INT32_MAX.
Otherwise 32-bit and 64-bit platforms would behave inconsistently.
Fixes bug 21450; bugfix on 0.0.8pre1.
o Minor features (geoip):
- Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
Country database.
o Minor features (portability, compilation, backport from 0.3.0.3-alpha):
- Autoconf now checks to determine if OpenSSL structures are opaque,
instead of explicitly checking for OpenSSL version numbers. Part
of ticket 21359.
- Support building with recent LibreSSL code that uses opaque
structures. Closes ticket 21359.
o Minor bugfixes (code correctness, also in 0.3.0.4-rc):
- Repair a couple of (unreachable or harmless) cases of the risky
comparison-by-subtraction pattern that caused bug 21278.
o Minor bugfixes (tor-resolve, backport from 0.3.0.3-alpha):
- The tor-resolve command line tool now rejects hostnames over 255
characters in length. Previously, it would silently truncate them,
which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
Patch by "junglefowl".
(wiz)
diff -r1.117 -r1.118 pkgsrc/net/tor/Makefile
diff -r1.78 -r1.79 pkgsrc/net/tor/distinfo
--- pkgsrc/net/tor/Makefile 2017/01/24 08:59:07 1.117
+++ pkgsrc/net/tor/Makefile 2017/03/05 14:55:15 1.118
| @@ -1,16 +1,16 @@ | | | @@ -1,16 +1,16 @@ |
| 1 | # $NetBSD: Makefile,v 1.117 2017/01/24 08:59:07 wiz Exp $ | | 1 | # $NetBSD: Makefile,v 1.118 2017/03/05 14:55:15 wiz Exp $ |
| 2 | | | 2 | |
| 3 | DISTNAME= tor-0.2.9.9 | | 3 | DISTNAME= tor-0.2.9.10 |
| 4 | CATEGORIES= net security | | 4 | CATEGORIES= net security |
| 5 | MASTER_SITES= http://www.torproject.org/dist/ | | 5 | MASTER_SITES= http://www.torproject.org/dist/ |
| 6 | | | 6 | |
| 7 | MAINTAINER= reezer@reezer.org | | 7 | MAINTAINER= reezer@reezer.org |
| 8 | HOMEPAGE= http://www.torproject.org/ | | 8 | HOMEPAGE= http://www.torproject.org/ |
| 9 | COMMENT= Anonymizing overlay network for TCP | | 9 | COMMENT= Anonymizing overlay network for TCP |
| 10 | LICENSE= modified-bsd | | 10 | LICENSE= modified-bsd |
| 11 | | | 11 | |
| 12 | .include "../../mk/bsd.prefs.mk" | | 12 | .include "../../mk/bsd.prefs.mk" |
| 13 | | | 13 | |
| 14 | USE_LANGUAGES= c99 | | 14 | USE_LANGUAGES= c99 |
| 15 | USE_PKGLOCALEDIR= yes | | 15 | USE_PKGLOCALEDIR= yes |
| 16 | # https://trac.torproject.org/projects/tor/ticket/17818 | | 16 | # https://trac.torproject.org/projects/tor/ticket/17818 |
--- pkgsrc/net/tor/distinfo 2017/01/24 08:59:07 1.78
+++ pkgsrc/net/tor/distinfo 2017/03/05 14:55:15 1.79
| @@ -1,6 +1,6 @@ | | | @@ -1,6 +1,6 @@ |
| 1 | $NetBSD: distinfo,v 1.78 2017/01/24 08:59:07 wiz Exp $ | | 1 | $NetBSD: distinfo,v 1.79 2017/03/05 14:55:15 wiz Exp $ |
| 2 | | | 2 | |
| 3 | SHA1 (tor-0.2.9.9.tar.gz) = 031bc77666a761ae7bc88cdade8187a3e3758d69 | | 3 | SHA1 (tor-0.2.9.10.tar.gz) = c3dbf92bab07d0043e3d1959385c0eb110bd2443 |
| 4 | RMD160 (tor-0.2.9.9.tar.gz) = 2a94b5abb565dc5e508fb6e70a05ea60e53202f3 | | 4 | RMD160 (tor-0.2.9.10.tar.gz) = 90b4d7f4cee19f06a7fb63f4f249df52d004e4b8 |
| 5 | SHA512 (tor-0.2.9.9.tar.gz) = cbe7e1f3e503b945f150916b7147cf23d1c32c3660e15aecfe5e2f2baac3a241de665e6ce4e81b81229933eba7f02d4a86e8deeabf2378d40fa83a7036928c9b | | 5 | SHA512 (tor-0.2.9.10.tar.gz) = c18c4faf18406f04165136f0d70e6bc2896f3f02770beadaab5e7a99441d71b897ae3a14a046eaec99a1bd6d8ad7758b28f7d652588842b77621cdc95d4fb7e1 |
| 6 | Size (tor-0.2.9.9.tar.gz) = 5534005 bytes | | 6 | Size (tor-0.2.9.10.tar.gz) = 5557586 bytes |