Tor: update to

Message ID
State Accepted
Commit 8885bc7672130e1b0307bb0221de3632e663d36c
Headers show
Series Tor: update to | expand

Commit Message

Peter Müller Sept. 4, 2021, 1:53 p.m. UTC
Full changelog as per

Changes in version - 2021-08-16
  This version fixes several bugs from earlier versions of Tor,
  including one that could lead to a denial-of-service attack. Everyone
  running an earlier version, whether as a client, a relay, or an onion
  service, should upgrade to Tor,, or

  o Major bugfixes (cryptography, security):
    - Resolve an assertion failure caused by a behavior mismatch between
      our batch-signature verification code and our single-signature
      verification code. This assertion failure could be triggered
      remotely, leading to a denial of service attack. We fix this issue
      by disabling batch verification. Fixes bug 40078; bugfix on This issue is also tracked as TROVE-2021-007 and
      CVE-2021-38385. Found by Henry de Valence.

  o Minor feature (fallbackdir):
    - Regenerate fallback directories list. Close ticket 40447.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2021/08/12.

  o Minor bugfix (crypto):
    - Disable the unused batch verification feature of ed25519-donna.
      Fixes bug 40078; bugfix on Found by Henry
      de Valence.

  o Minor bugfixes (onion service):
    - Send back the extended SOCKS error 0xF6 (Onion Service Invalid
      Address) for a v2 onion address. Fixes bug 40421; bugfix

  o Minor bugfixes (relay):
    - Reduce the compression level for data streaming from HIGH to LOW
      in order to reduce CPU load on the directory relays. Fixes bug
      40301; bugfix on

  o Minor bugfixes (timekeeping):
    - Calculate the time of day correctly on systems where the time_t
      type includes leap seconds. (This is not the case on most
      operating systems, but on those where it occurs, our tor_timegm
      function did not correctly invert the system's gmtime function,
      which could result in assertion failures when calculating voting
      schedules.) Fixes bug 40383; bugfix on

Signed-off-by: Peter Müller <>
 lfs/tor | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)


diff --git a/lfs/tor b/lfs/tor
index 97f2cf04e..56280b936 100644
--- a/lfs/tor
+++ b/lfs/tor
@@ -24,7 +24,7 @@ 
 include Config
-VER        =
+VER        =
 THISAPP    = tor-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@  DL_FROM    = $(URL_IPFIRE)
 PROG       = tor
-PAK_VER    = 62
+PAK_VER    = 63
 DEPS       = libseccomp
@@ -44,7 +44,7 @@  objects = $(DL_FILE)
-$(DL_FILE)_MD5 = 5a678a32c5a8b4bf97c9cb541df22b71
+$(DL_FILE)_MD5 = ff80309cfaa0719b197fdaf83f9d5443
 install : $(TARGET)