From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Dec 21 01:50:10 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E1F61106566B for ; Tue, 21 Dec 2010 01:50:08 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C245A8FC16 for ; Tue, 21 Dec 2010 01:50:07 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oBL1o72E074416 for ; Tue, 21 Dec 2010 01:50:07 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oBL1o7te074415; Tue, 21 Dec 2010 01:50:07 GMT (envelope-from gnats) Resent-Date: Tue, 21 Dec 2010 01:50:07 GMT Resent-Message-Id: <201012210150.oBL1o7te074415@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Janne Snabb Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ADC22106566C; Tue, 21 Dec 2010 01:48:00 +0000 (UTC) (envelope-from snabb@tiktik.epipe.com) Received: from tiktik.epipe.com (tiktik.epipe.com [IPv6:2001:1828:0:3::2]) by mx1.freebsd.org (Postfix) with ESMTP id 6B3DA8FC12; Tue, 21 Dec 2010 01:48:00 +0000 (UTC) Received: from tiktik.epipe.com (localhost [127.0.0.1]) by tiktik.epipe.com (8.14.4/8.14.4) with ESMTP id oBL1luaD033003 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 21 Dec 2010 01:47:59 GMT (envelope-from snabb@tiktik.epipe.com) Received: (from root@localhost) by tiktik.epipe.com (8.14.4/8.14.4/Submit) id oBL1lupx032497; Tue, 21 Dec 2010 01:47:56 GMT (envelope-from snabb) Message-Id: <201012210147.oBL1lupx032497@tiktik.epipe.com> Date: Tue, 21 Dec 2010 01:47:56 GMT From: Janne Snabb To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: miwi@FreeBSD.org Subject: ports/153326: [PATCH] security/tor: update to 0.2.1.28 (includes security fixes) X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Dec 2010 01:50:11 -0000 >Number: 153326 >Category: ports >Synopsis: [PATCH] security/tor: update to 0.2.1.28 (includes security fixes) >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Dec 21 01:50:07 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Janne Snabb >Release: FreeBSD 8.1-RELEASE i386 >Organization: EPIPE Communications >Environment: System: FreeBSD tiktik.epipe.com 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Sat Jul 24 09:20:35 UTC 2010 >Description: Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely exploitable bugs. The Common Vulnerabilities and Exposures project has assigned CVE-2010-1676 to this issue. All Tor users should upgrade. Changes in version 0.2.1.28 - 2010-12-17 o Major bugfixes: - Fix a remotely exploitable bug that could be used to crash instances of Tor remotely by overflowing on the heap. Remote-code execution hasn't been confirmed, but can't be ruled out. Everyone should upgrade. Bugfix on the 0.1.1 series and later. o Directory authority changes: - Change IP address and ports for gabelmoo (v3 directory authority). o Minor features: - Update to the December 1 2010 Maxmind GeoLite Country database. Changes in version 0.2.1.27 - 2010-11-23 o Major bugfixes: - Resolve an incompatibility with OpenSSL 0.9.8p and OpenSSL 1.0.0b: No longer set the tlsext_host_name extension on server SSL objects; but continue to set it on client SSL objects. Our goal in setting it was to imitate a browser, not a vhosting server. Fixes bug 2204; bugfix on 0.2.1.1-alpha. - Do not log messages to the controller while shrinking buffer freelists. Doing so would sometimes make the controller connection try to allocate a buffer chunk, which would mess up the internals of the freelist and cause an assertion failure. Fixes bug 1125; fixed by Robert Ransom. Bugfix on 0.2.0.16-alpha. - Learn our external IP address when we're a relay or bridge, even if we set PublishServerDescriptor to 0. Bugfix on 0.2.0.3-alpha, where we introduced bridge relays that don't need to publish to be useful. Fixes bug 2050. - Do even more to reject (and not just ignore) annotations on router descriptors received anywhere but from the cache. Previously we would ignore such annotations at first, but cache them to disk anyway. Bugfix on 0.2.0.8-alpha. Found by piebeer. - When you're using bridges and your network goes away and your bridges get marked as down, recover when you attempt a new socks connection (if the network is back), rather than waiting up to an hour to try fetching new descriptors for your bridges. Bugfix on 0.2.0.3-alpha; fixes bug 1981. o Major features: - Move to the November 2010 Maxmind GeoLite country db (rather than the June 2009 ip-to-country GeoIP db) for our statistics that count how many users relays are seeing from each country. Now we'll have more accurate data, especially for many African countries. o New directory authorities: - Set up maatuska (run by Linus Nordberg) as the eighth v3 directory authority. o Minor bugfixes: - Fix an assertion failure that could occur in directory caches or bridge users when using a very short voting interval on a testing network. Diagnosed by Robert Hogan. Fixes bug 1141; bugfix on 0.2.0.8-alpha. - Enforce multiplicity rules when parsing annotations. Bugfix on 0.2.0.8-alpha. Found by piebeer. - Allow handshaking OR connections to take a full KeepalivePeriod seconds to handshake. Previously, we would close them after IDLE_OR_CONN_TIMEOUT (180) seconds, the same timeout as if they were open. Bugfix on 0.2.1.26; fixes bug 1840. Thanks to mingw-san for analysis help. - When building with --enable-gcc-warnings on OpenBSD, disable warnings in system headers. This makes --enable-gcc-warnings pass on OpenBSD 4.8. o Minor features: - Exit nodes didn't recognize EHOSTUNREACH as a plausible error code, and so sent back END_STREAM_REASON_MISC. Clients now recognize a new stream ending reason for this case: END_STREAM_REASON_NOROUTE. Servers can start sending this code when enough clients recognize it. Bugfix on 0.1.0.1-rc; fixes part of bug 1793. - Build correctly on mingw with more recent versions of OpenSSL 0.9.8. Patch from mingw-san. o Removed files: - Remove the old debian/ directory from the main Tor distribution. The official Tor-for-debian git repository lives at the URL https://git.torproject.org/debian/tor.git - Stop shipping the old doc/website/ directory in the tarball. We changed the website format in late 2010, and what we shipped in 0.2.1.26 really wasn't that useful anyway. Port maintainer (miwi@FreeBSD.org) is cc'd. Generated with FreeBSD Port Tools 0.99 >How-To-Repeat: >Fix: --- tor-0.2.1.28.patch begins here --- diff -ruN --exclude=CVS /usr/ports/security/tor/Makefile /tmp/tor/Makefile --- /usr/ports/security/tor/Makefile 2010-09-04 04:07:14.000000000 +0000 +++ /tmp/tor/Makefile 2010-12-21 01:33:40.000000000 +0000 @@ -6,8 +6,7 @@ # PORTNAME= tor -DISTVERSION= 0.2.1.26 -PORTREVISION= 2 +DISTVERSION= 0.2.1.28 CATEGORIES= security net ipv6 MASTER_SITES= http://www.torproject.org/dist/ \ http://tor.cypherpunks.at/dist/ \ diff -ruN --exclude=CVS /usr/ports/security/tor/distinfo /tmp/tor/distinfo --- /usr/ports/security/tor/distinfo 2010-05-27 05:07:04.000000000 +0000 +++ /tmp/tor/distinfo 2010-12-21 01:22:42.000000000 +0000 @@ -1,3 +1,2 @@ -MD5 (tor-0.2.1.26.tar.gz) = f7b30a144e1da41aa43f496bd47ffba7 -SHA256 (tor-0.2.1.26.tar.gz) = 6cdc60ed0b2e3eb790cbf37741a3c86a004f4f7c6678e25b9b936d6a340c7fa2 -SIZE (tor-0.2.1.26.tar.gz) = 2405749 +SHA256 (tor-0.2.1.28.tar.gz) = fe9756bee3228bf01334f743b7c74dd1edc83e5489f032737ce24eb6bdb19cbf +SIZE (tor-0.2.1.28.tar.gz) = 2471741 --- tor-0.2.1.28.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: