ports/129540: [PATCH]security/tor-devel: update to 0.2.1.8-alpha

bf bf2006a at yahoo.com
Wed Dec 10 00:50:02 UTC 2008 

>Number:         129540
>Category:       ports
>Synopsis:       [PATCH]security/tor-devel: update to 0.2.1.8-alpha
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Dec 10 00:50:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     bf
>Release:        7-STABLE i386
>Organization:
-
>Environment:
>Description:
Among the bugs fixed, note especially the entry guard and server DOS security
fixes:


"Changes in version 0.2.1.8-alpha - 2008-12-08
  o Major features:
    - New DirPortFrontPage option that takes an html file and publishes
      it as "/" on the DirPort. Now relay operators can provide a
      disclaimer without needing to set up a separate webserver. There's
      a sample disclaimer in contrib/tor-exit-notice.html.

  o Security fixes:
    - When the client is choosing entry guards, now it selects at most
      one guard from a given relay family. Otherwise we could end up with
      all of our entry points into the network run by the same operator.
      Suggested by Camilo Viecco. Fix on 0.1.1.11-alpha.

  o Major bugfixes:
    - Fix a DOS opportunity during the voting signature collection process
      at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x.
    - Fix a possible segfault when establishing an exit connection. Bugfix
      on 0.2.1.5-alpha.

  o Minor bugfixes:
    - Get file locking working on win32. Bugfix on 0.2.1.6-alpha. Fixes
      bug 859.
    - Made Tor a little less aggressive about deleting expired
      certificates. Partial fix for bug 854.
    - Stop doing unaligned memory access that generated bus errors on
      sparc64. Bugfix on 0.2.0.10-alpha. Fix for bug 862.
    - Fix a crash bug when changing EntryNodes from the controller. Bugfix
      on 0.2.1.6-alpha. Fix for bug 867. Patched by Sebastian.
    - Make USR2 log-level switch take effect immediately. Bugfix on
      0.1.2.8-beta.
    - If one win32 nameserver fails to get added, continue adding the
      rest, and don't automatically fail.
    - Use fcntl() for locking when flock() is not available. Should fix
      compilation on Solaris. Should fix Bug 873. Bugfix on 0.2.1.6-alpha.
    - Do not mark smartlist_bsearch_idx() function as ATTR_PURE. This bug
      could make gcc generate non-functional binary search code. Bugfix
      on 0.2.0.10-alpha.
    - Build correctly on platforms without socklen_t.
    - Avoid potential crash on internal error during signature collection.
      Fixes bug 864. Patch from rovv.
    - Do not use C's stdio library for writing to log files. This will
      improve logging performance by a minute amount, and will stop
      leaking fds when our disk is full. Fixes bug 861.
    - Stop erroneous use of O_APPEND in cases where we did not in fact
      want to re-seek to the end of a file before every last write().
    - Correct handling of possible malformed authority signing key
      certificates with internal signature types. Fixes bug 880. Bugfix
      on 0.2.0.3-alpha.
    - Fix a hard-to-trigger resource leak when logging credential status.
      CID 349.

  o Minor features:
    - Directory mirrors no longer fetch the v1 directory or
      running-routers files. They are obsolete, and nobody asks for them
      anymore. This is the first step to making v1 authorities obsolete.

  o Minor features (controller):
    - Return circuit purposes in response to GETINFO circuit-status. Fixes
      bug 858."



>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ruN tor-devel.orig/Makefile tor-devel/Makefile
--- tor-devel.orig/Makefile	2008-12-09 18:53:48.124835958 -0500
+++ tor-devel/Makefile	2008-12-09 19:06:40.333258257 -0500
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	tor
-DISTVERSION=	0.2.1.7-alpha
+DISTVERSION=	0.2.1.8-alpha
 CATEGORIES=	security net ipv6
 MASTER_SITES=	http://www.torproject.org/dist/ \
 		http://tor.cypherpunks.at/dist/ \
diff -ruN tor-devel.orig/distinfo tor-devel/distinfo
--- tor-devel.orig/distinfo	2008-12-09 18:53:48.125836364 -0500
+++ tor-devel/distinfo	2008-12-09 19:06:40.334256988 -0500
@@ -1,3 +1,3 @@
-MD5 (tor-0.2.1.7-alpha.tar.gz) = f4eeebb9d536317e4a5391cb03732947
-SHA256 (tor-0.2.1.7-alpha.tar.gz) = eefa9383f5bfc722458517c02f3b7446041f6f3a2cd82377484f4eb80a83cae5
-SIZE (tor-0.2.1.7-alpha.tar.gz) = 2302260
+MD5 (tor-0.2.1.8-alpha.tar.gz) = 43d2587e0f27d3766f75950227f74839
+SHA256 (tor-0.2.1.8-alpha.tar.gz) = 8c8dc7206c84b4b212533e23e8091cd30d2b347b782715750fd3b0e7b65d8b89
+SIZE (tor-0.2.1.8-alpha.tar.gz) = 2313301


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list