ports/129540: [PATCH]security/tor-devel: update to 0.2.1.8-alpha
bf
bf2006a at yahoo.com
Wed Dec 10 00:50:02 UTC 2008
>Number: 129540
>Category: ports
>Synopsis: [PATCH]security/tor-devel: update to 0.2.1.8-alpha
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Dec 10 00:50:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: bf
>Release: 7-STABLE i386
>Organization:
-
>Environment:
>Description:
Among the bugs fixed, note especially the entry guard and server DOS security
fixes:
"Changes in version 0.2.1.8-alpha - 2008-12-08
o Major features:
- New DirPortFrontPage option that takes an html file and publishes
it as "/" on the DirPort. Now relay operators can provide a
disclaimer without needing to set up a separate webserver. There's
a sample disclaimer in contrib/tor-exit-notice.html.
o Security fixes:
- When the client is choosing entry guards, now it selects at most
one guard from a given relay family. Otherwise we could end up with
all of our entry points into the network run by the same operator.
Suggested by Camilo Viecco. Fix on 0.1.1.11-alpha.
o Major bugfixes:
- Fix a DOS opportunity during the voting signature collection process
at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x.
- Fix a possible segfault when establishing an exit connection. Bugfix
on 0.2.1.5-alpha.
o Minor bugfixes:
- Get file locking working on win32. Bugfix on 0.2.1.6-alpha. Fixes
bug 859.
- Made Tor a little less aggressive about deleting expired
certificates. Partial fix for bug 854.
- Stop doing unaligned memory access that generated bus errors on
sparc64. Bugfix on 0.2.0.10-alpha. Fix for bug 862.
- Fix a crash bug when changing EntryNodes from the controller. Bugfix
on 0.2.1.6-alpha. Fix for bug 867. Patched by Sebastian.
- Make USR2 log-level switch take effect immediately. Bugfix on
0.1.2.8-beta.
- If one win32 nameserver fails to get added, continue adding the
rest, and don't automatically fail.
- Use fcntl() for locking when flock() is not available. Should fix
compilation on Solaris. Should fix Bug 873. Bugfix on 0.2.1.6-alpha.
- Do not mark smartlist_bsearch_idx() function as ATTR_PURE. This bug
could make gcc generate non-functional binary search code. Bugfix
on 0.2.0.10-alpha.
- Build correctly on platforms without socklen_t.
- Avoid potential crash on internal error during signature collection.
Fixes bug 864. Patch from rovv.
- Do not use C's stdio library for writing to log files. This will
improve logging performance by a minute amount, and will stop
leaking fds when our disk is full. Fixes bug 861.
- Stop erroneous use of O_APPEND in cases where we did not in fact
want to re-seek to the end of a file before every last write().
- Correct handling of possible malformed authority signing key
certificates with internal signature types. Fixes bug 880. Bugfix
on 0.2.0.3-alpha.
- Fix a hard-to-trigger resource leak when logging credential status.
CID 349.
o Minor features:
- Directory mirrors no longer fetch the v1 directory or
running-routers files. They are obsolete, and nobody asks for them
anymore. This is the first step to making v1 authorities obsolete.
o Minor features (controller):
- Return circuit purposes in response to GETINFO circuit-status. Fixes
bug 858."
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -ruN tor-devel.orig/Makefile tor-devel/Makefile
--- tor-devel.orig/Makefile 2008-12-09 18:53:48.124835958 -0500
+++ tor-devel/Makefile 2008-12-09 19:06:40.333258257 -0500
@@ -6,7 +6,7 @@
#
PORTNAME= tor
-DISTVERSION= 0.2.1.7-alpha
+DISTVERSION= 0.2.1.8-alpha
CATEGORIES= security net ipv6
MASTER_SITES= http://www.torproject.org/dist/ \
http://tor.cypherpunks.at/dist/ \
diff -ruN tor-devel.orig/distinfo tor-devel/distinfo
--- tor-devel.orig/distinfo 2008-12-09 18:53:48.125836364 -0500
+++ tor-devel/distinfo 2008-12-09 19:06:40.334256988 -0500
@@ -1,3 +1,3 @@
-MD5 (tor-0.2.1.7-alpha.tar.gz) = f4eeebb9d536317e4a5391cb03732947
-SHA256 (tor-0.2.1.7-alpha.tar.gz) = eefa9383f5bfc722458517c02f3b7446041f6f3a2cd82377484f4eb80a83cae5
-SIZE (tor-0.2.1.7-alpha.tar.gz) = 2302260
+MD5 (tor-0.2.1.8-alpha.tar.gz) = 43d2587e0f27d3766f75950227f74839
+SHA256 (tor-0.2.1.8-alpha.tar.gz) = 8c8dc7206c84b4b212533e23e8091cd30d2b347b782715750fd3b0e7b65d8b89
+SIZE (tor-0.2.1.8-alpha.tar.gz) = 2313301
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list