From owner-svn-ports-head@freebsd.org Thu Dec 21 20:09:00 2017 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0017DE87378; Thu, 21 Dec 2017 20:08:59 +0000 (UTC) (envelope-from yuri@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CADC575F19; Thu, 21 Dec 2017 20:08:59 +0000 (UTC) (envelope-from yuri@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id vBLK8woi016950; Thu, 21 Dec 2017 20:08:58 GMT (envelope-from yuri@FreeBSD.org) Received: (from yuri@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id vBLK8weC016947; Thu, 21 Dec 2017 20:08:58 GMT (envelope-from yuri@FreeBSD.org) Message-Id: <201712212008.vBLK8weC016947@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: yuri set sender to yuri@FreeBSD.org using -f From: Yuri Victorovich Date: Thu, 21 Dec 2017 20:08:58 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r456942 - in head/security/tor-devel: . files X-SVN-Group: ports-head X-SVN-Commit-Author: yuri X-SVN-Commit-Paths: in head/security/tor-devel: . files X-SVN-Commit-Revision: 456942 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Dec 2017 20:09:00 -0000 Author: yuri Date: Thu Dec 21 20:08:58 2017 New Revision: 456942 URL: https://svnweb.freebsd.org/changeset/ports/456942 Log: security/tor-devel: Update to 0.3.2.8-rc This is an important update for relays running earlier versions of 0.3.2.x. Changes in version 0.3.2.8-rc - 2017-12-21 Tor 0.3.2.8-rc fixes a pair of bugs in the KIST and KISTLite schedulers that had led servers under heavy load to overload their outgoing connections. All relay operators running earlier 0.3.2.x versions should upgrade. This version also includes a mitigation for over-full DESTROY queues leading to out-of-memory conditions: if it works, we will soon backport it to earlier release series. This is the second release candidate in the 0.3.2 series. If we find no new bugs or regression here, then the first stable 0.3.2 release will be nearly identical to this. o Major bugfixes (KIST, scheduler): - The KIST scheduler did not correctly account for data already enqueued in each connection's send socket buffer, particularly in cases when the TCP/IP congestion window was reduced between scheduler calls. This situation lead to excessive per-connection buffering in the kernel, and a potential memory DoS. Fixes bug 24665; bugfix on 0.3.2.1-alpha. o Minor features (geoip): - Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2 Country database. o Minor bugfixes (hidden service v3): - Bump hsdir_spread_store parameter from 3 to 4 in order to increase the probability of reaching a service for a client missing microdescriptors. Fixes bug 24425; bugfix on 0.3.2.1-alpha. o Minor bugfixes (memory usage): - When queuing DESTROY cells on a channel, only queue the circuit-id and reason fields: not the entire 514-byte cell. This fix should help mitigate any bugs or attacks that fill up these queues, and free more RAM for other uses. Fixes bug 24666; bugfix on 0.2.5.1-alpha. o Minor bugfixes (scheduler, KIST): - Use a sane write limit for KISTLite when writing onto a connection buffer instead of using INT_MAX and shoving as much as it can. Because the OOM handler cleans up circuit queues, we are better off at keeping them in that queue instead of the connection's buffer. Fixes bug 24671; bugfix on 0.3.2.1-alpha. Reported by: nickm@torproject.org Approved by: adamw (mentor) Differential Revision: https://reviews.freebsd.org/D13576 Modified: head/security/tor-devel/Makefile head/security/tor-devel/distinfo head/security/tor-devel/files/patch-orconfig.h.in Modified: head/security/tor-devel/Makefile ============================================================================== --- head/security/tor-devel/Makefile Thu Dec 21 19:10:41 2017 (r456941) +++ head/security/tor-devel/Makefile Thu Dec 21 20:08:58 2017 (r456942) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= tor -DISTVERSION= 0.3.2.7-rc +DISTVERSION= 0.3.2.8-rc CATEGORIES= security net ipv6 MASTER_SITES= TOR PKGNAMESUFFIX= -devel Modified: head/security/tor-devel/distinfo ============================================================================== --- head/security/tor-devel/distinfo Thu Dec 21 19:10:41 2017 (r456941) +++ head/security/tor-devel/distinfo Thu Dec 21 20:08:58 2017 (r456942) @@ -1,3 +1,3 @@ -TIMESTAMP = 1513300048 -SHA256 (tor-0.3.2.7-rc.tar.gz) = 4be673a5084790977d692e11afe5ca575adb08f06809dbac52d8b005435131fb -SIZE (tor-0.3.2.7-rc.tar.gz) = 6313975 +TIMESTAMP = 1513885146 +SHA256 (tor-0.3.2.8-rc.tar.gz) = 09ee4578f6189f9ec8444bdfd77da65249787537c5661ce746e52aa6b08a0df7 +SIZE (tor-0.3.2.8-rc.tar.gz) = 6345141 Modified: head/security/tor-devel/files/patch-orconfig.h.in ============================================================================== --- head/security/tor-devel/files/patch-orconfig.h.in Thu Dec 21 19:10:41 2017 (r456941) +++ head/security/tor-devel/files/patch-orconfig.h.in Thu Dec 21 20:08:58 2017 (r456942) @@ -1,9 +1,10 @@ --- orconfig.h.in.orig 2017-12-13 17:18:09 UTC +++ orconfig.h.in -@@ -535,7 +535,9 @@ +@@ -535,7 +535,10 @@ #undef HAVE_TIME_H /* Define to 1 if you have the `timingsafe_memcmp' function. */ ++#include +#if __FreeBSD_version >= 1200000 // disabled: timingsafe_memcmp(3) has been added only in 12.0, and isn't yet available on older systems #undef HAVE_TIMINGSAFE_MEMCMP +#endif