From owner-svn-ports-head@freebsd.org Sat Mar 3 16:00:49 2018 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 072DDF47457; Sat, 3 Mar 2018 16:00:49 +0000 (UTC) (envelope-from yuri@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A624F87884; Sat, 3 Mar 2018 16:00:48 +0000 (UTC) (envelope-from yuri@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8679A6E4; Sat, 3 Mar 2018 16:00:48 +0000 (UTC) (envelope-from yuri@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w23G0mmL091128; Sat, 3 Mar 2018 16:00:48 GMT (envelope-from yuri@FreeBSD.org) Received: (from yuri@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w23G0mqm091123; Sat, 3 Mar 2018 16:00:48 GMT (envelope-from yuri@FreeBSD.org) Message-Id: <201803031600.w23G0mqm091123@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: yuri set sender to yuri@FreeBSD.org using -f From: Yuri Victorovich Date: Sat, 3 Mar 2018 16:00:48 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r463489 - in head/security/tor: . files X-SVN-Group: ports-head X-SVN-Commit-Author: yuri X-SVN-Commit-Paths: in head/security/tor: . files X-SVN-Commit-Revision: 463489 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Mar 2018 16:00:49 -0000 Author: yuri Date: Sat Mar 3 16:00:48 2018 New Revision: 463489 URL: https://svnweb.freebsd.org/changeset/ports/463489 Log: security/tor: Update to 0.3.2.10 Backport of countermeasures to mitigate denial-of-service attacks against the Tor network. Changelog is in: https://gitweb.torproject.org/tor.git/tree/ChangeLog None of these fixes appear to be essential for clients, but relays should upgrade. Port changes: * Changed the implementation of 'tor_setuid': now it is done through the command line argument, instead of the torrc file. Reported by: Nick Mathewson (notification) Approved by: tcberner (mentor, implicit) Modified: head/security/tor/Makefile head/security/tor/distinfo head/security/tor/files/tor.in Modified: head/security/tor/Makefile ============================================================================== --- head/security/tor/Makefile Sat Mar 3 15:39:06 2018 (r463488) +++ head/security/tor/Makefile Sat Mar 3 16:00:48 2018 (r463489) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= tor -DISTVERSION= 0.3.2.9 +DISTVERSION= 0.3.2.10 CATEGORIES= security net ipv6 MASTER_SITES= TOR Modified: head/security/tor/distinfo ============================================================================== --- head/security/tor/distinfo Sat Mar 3 15:39:06 2018 (r463488) +++ head/security/tor/distinfo Sat Mar 3 16:00:48 2018 (r463489) @@ -1,3 +1,3 @@ -TIMESTAMP = 1515542628 -SHA256 (tor-0.3.2.9.tar.gz) = 435a7b91aa98d8b1a0ac1f60ca30c0ff3665b18a02e570bab5fe27935829160f -SIZE (tor-0.3.2.9.tar.gz) = 6250442 +TIMESTAMP = 1520087667 +SHA256 (tor-0.3.2.10.tar.gz) = 60df77c31dcf94fdd686c8ca8c34f3b70243b33a7344ecc0b719d5ca2617cbee +SIZE (tor-0.3.2.10.tar.gz) = 6421984 Modified: head/security/tor/files/tor.in ============================================================================== --- head/security/tor/files/tor.in Sat Mar 3 15:39:06 2018 (r463488) +++ head/security/tor/files/tor.in Sat Mar 3 16:00:48 2018 (r463489) @@ -114,16 +114,15 @@ command="%%PREFIX%%/bin/${name}" command_args="-f ${tor_conf} --PidFile ${tor_pidfile} --RunAsDaemon 1 --DataDirectory ${tor_datadir}" extra_commands="reload" +# clear user setting in conf file: it should be done through the command line +if grep -q "^User ${tor_user}$" ${tor_conf}; then + sed -i '' -e "s/^User ${tor_user}$//" ${tor_conf} +fi + if [ $tor_setuid = "YES" ]; then - if ! grep -q "^User ${tor_user}$" ${tor_conf}; then - echo "User ${tor_user}" >> ${tor_conf} - fi + command_args="${command_args} --User ${tor_user}" tor_user="root" tor_group="wheel" -else - if grep -q "^User ${tor_user}$" ${tor_conf}; then - sed -i '' -e "s/^User ${tor_user}$//" ${tor_conf} - fi fi if ! run_rc_command "$1"; then