tordev: update to 0.4.4.3.
Changes in version 0.4.4.3-alpha - 2020-07-27 Tor 0.4.4.3-alpha fixes several annoyances in previous versions, including one affecting NSS users, and several affecting the Linux seccomp2 sandbox. o Major features (fallback directory list): - Replace the 148 fallback directories originally included in Tor 0.4.1.4-rc (of which around 105 are still functional) with a list of 144 fallbacks generated in July 2020. Closes ticket 40061. o Major bugfixes (NSS): - When running with NSS enabled, make sure that NSS knows to expect nonblocking sockets. Previously, we set our TCP sockets as nonblocking, but did not tell NSS, which in turn could lead to unexpected blocking behavior. Fixes bug 40035; bugfix on 0.3.5.1-alpha. o Minor bugfixes (linux seccomp2 sandbox): - Fix a regression on sandboxing rules for the openat() syscall. The fix for bug 25440 fixed the problem on systems with glibc >= 2.27 but broke with versions of glibc. We now choose a rule based on the glibc version. Patch from Daniel Pinto. Fixes bug 27315; bugfix on 0.3.5.11. - Makes the seccomp sandbox allow the correct syscall for opendir according to the running glibc version. This fixes crashes when reloading torrc with sandbox enabled when running on glibc 2.15 to 2.21 and 2.26. Patch from Daniel Pinto. Fixes bug 40020; bugfix on 0.3.5.11. o Minor bugfixes (relay, usability): - Adjust the rules for when to warn about having too many connections to other relays. Previously we'd tolerate up to 1.5 connections per relay on average. Now we tolerate more connections for directory authorities, and raise the number of total connections we need to see before we warn. Fixes bug 33880; bugfix on 0.3.1.1-alpha. o Documentation: - Replace most http:// URLs in our code and documentation with https:// URLs. (We have left unchanged the code in src/ext/, and the text in LICENSE.) Closes ticket 31812. Patch from Jeremy Rand. o Removed features: - Our "check-local" test target no longer tries to use the Coccinelle semantic patching tool parse all the C files. While it is a good idea to try to make sure Coccinelle works on our C before we run a Coccinelle patch, doing so on every test run has proven to be disruptive. You can still run this tool manually with "make check-cocci". Closes ticket 40030. Changes in version 0.4.4.2-alpha - 2020-07-09 This is the second alpha release in the 0.4.4.x series. It fixes a few bugs in the previous release, and solves a few usability, compatibility, and portability issues. This release also fixes TROVE-2020-001, a medium-severity denial of service vulnerability affecting all versions of Tor when compiled with the NSS encryption library. (This is not the default configuration.) Using this vulnerability, an attacker could cause an affected Tor instance to crash remotely. This issue is also tracked as CVE-2020- 15572. Anybody running a version of Tor built with the NSS library should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha or later. o Major bugfixes (NSS, security): - Fix a crash due to an out-of-bound memory access when Tor is compiled with NSS support. Fixes bug 33119; bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001 and CVE-2020-15572. o Minor features (bootstrap reporting): - Report more detailed reasons for bootstrap failure when the failure happens due to a TLS error. Previously we would just call these errors "MISC" when they happened during read, and "DONE" when they happened during any other TLS operation. Closes ticket 32622. o Minor features (directory authority): - Authorities now recommend the protocol versions that are supported by Tor 0.3.5 and later. (Earlier versions of Tor have been deprecated since January of this year.) This recommendation will cause older clients and relays to give a warning on startup, or when they download a consensus directory. Closes ticket 32696. o Minor features (entry guards): - Reinstate support for GUARD NEW/UP/DOWN control port events. Closes ticket 40001. o Minor features (linux seccomp2 sandbox, portability): - Allow Tor to build on platforms where it doesn't know how to report which syscall caused the linux seccomp2 sandbox to fail. This change should make the sandbox code more portable to less common Linux architectures. Closes ticket 34382. - Permit the unlinkat() syscall, which some Libc implementations use to implement unlink(). Closes ticket 33346. o Minor bugfix (CI, Windows): - Use the correct 64-bit printf format when compiling with MINGW on Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha. o Minor bugfix (onion service v3 client): - Remove a BUG() warning that could occur naturally. Fixes bug 34087; bugfix on 0.3.2.1-alpha. o Minor bugfix (SOCKS, onion service client): - Detect v3 onion service addresses of the wrong length when returning the F6 ExtendedErrors code. Fixes bug 33873; bugfix on 0.4.3.1-alpha. o Minor bugfixes (compiler warnings): - Fix a compiler warning on platforms with 32-bit time_t values. Fixes bug 40028; bugfix on 0.3.2.8-rc. o Minor bugfixes (control port, onion service): - Consistently use 'address' in "Invalid v3 address" response to ONION_CLIENT_AUTH commands. Previously, we would sometimes say 'addr'. Fixes bug 40005; bugfix on 0.4.3.1-alpha. o Minor bugfixes (logging): - Downgrade a noisy log message that could occur naturally when receiving an extrainfo document that we no longer want. Fixes bug 16016; bugfix on 0.2.6.3-alpha. o Minor bugfixes (onion services v3): - Avoid a non-fatal assertion failure in certain edge-cases when opening an intro circuit as a client. Fixes bug 34084; bugfix on 0.3.2.1-alpha. o Deprecated features (onion service v2): - Add a deprecation warning for version 2 onion services. Closes ticket 40003. o Removed features (IPv6, revert): - Revert the change in the default value of ClientPreferIPv6OrPort: it breaks the torsocks use case. The SOCKS resolve command has no mechanism to ask for a specific address family (v4 or v6), and so prioritizing IPv6 when an IPv4 address is requested on the SOCKS interface resulted in a failure. Tor Browser explicitly sets PreferIPv6, so this should not affect the majority of our users. Closes ticket 33796; bugfix on 0.4.4.1-alpha.
This commit is contained in:
parent
d8ce42e8ac
commit
97aa45e2ea
|
@ -1,6 +1,6 @@
|
|||
# $NetBSD$
|
||||
|
||||
DISTNAME= tor-0.4.4.1-alpha
|
||||
DISTNAME= tor-0.4.4.3-alpha
|
||||
PKGNAME= ${DISTNAME:S/tor/tordev/:S/-alpha//:S/-rc/rc0/}
|
||||
CATEGORIES= net security
|
||||
MASTER_SITES= https://dist.torproject.org/
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
$NetBSD$
|
||||
|
||||
SHA1 (tor-0.4.4.1-alpha.tar.gz) = 80a08865fafbf81eb78ea68981693113fbc14fa3
|
||||
RMD160 (tor-0.4.4.1-alpha.tar.gz) = 901555e0c30766b26c9256829add7eaa5b6b1c54
|
||||
SHA512 (tor-0.4.4.1-alpha.tar.gz) = 4156095d5770cedd801a50bb8cd4639c0bf0852b90623027f26868ae41c832055c06525262e39e03f653d4798e8b53f4cbcdfc271b5b4af567afa0900f24ae04
|
||||
Size (tor-0.4.4.1-alpha.tar.gz) = 7789510 bytes
|
||||
SHA1 (tor-0.4.4.3-alpha.tar.gz) = 4f391b4a3a391c4ae42b3546597945ecc2467b51
|
||||
RMD160 (tor-0.4.4.3-alpha.tar.gz) = b517894f605112ad8adf78845a4a6f39617ab936
|
||||
SHA512 (tor-0.4.4.3-alpha.tar.gz) = 54753191d17b25966f03f83d210b7a2e433b0810a53c6a6748bcbaa3a4f148f2c75aacdc8d4785d38e250e30559e9f1c490b7bfa1a6b283fa39b2b7fd857e8cc
|
||||
Size (tor-0.4.4.3-alpha.tar.gz) = 7795304 bytes
|
||||
SHA1 (patch-Makefile.in) = c190295f4702bd1e69531cab1ac61dbab451e48b
|
||||
SHA1 (patch-src_app_config_config.c) = bac106e382207cdf22c84a52b45c791de2bdf0f8
|
||||
|
|
Loading…
Reference in New Issue