Tor: update to 0.4.6.7

Message ID 193d372b-2973-780b-290c-f6619ceb7f40@ipfire.org
State Accepted
Commit 8885bc7672130e1b0307bb0221de3632e663d36c
Headers show
Series Tor: update to 0.4.6.7 | expand

Commit Message

Peter Müller Sept. 4, 2021, 1:53 p.m. UTC
Full changelog as per https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.6.7:

Changes in version 0.4.6.7 - 2021-08-16
  This version fixes several bugs from earlier versions of Tor,
  including one that could lead to a denial-of-service attack. Everyone
  running an earlier version, whether as a client, a relay, or an onion
  service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.

  o Major bugfixes (cryptography, security):
    - Resolve an assertion failure caused by a behavior mismatch between
      our batch-signature verification code and our single-signature
      verification code. This assertion failure could be triggered
      remotely, leading to a denial of service attack. We fix this issue
      by disabling batch verification. Fixes bug 40078; bugfix on
      0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and
      CVE-2021-38385. Found by Henry de Valence.

  o Minor feature (fallbackdir):
    - Regenerate fallback directories list. Close ticket 40447.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2021/08/12.

  o Minor bugfix (crypto):
    - Disable the unused batch verification feature of ed25519-donna.
      Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry
      de Valence.

  o Minor bugfixes (onion service):
    - Send back the extended SOCKS error 0xF6 (Onion Service Invalid
      Address) for a v2 onion address. Fixes bug 40421; bugfix
      on 0.4.6.2-alpha.

  o Minor bugfixes (relay):
    - Reduce the compression level for data streaming from HIGH to LOW
      in order to reduce CPU load on the directory relays. Fixes bug
      40301; bugfix on 0.3.5.1-alpha.

  o Minor bugfixes (timekeeping):
    - Calculate the time of day correctly on systems where the time_t
      type includes leap seconds. (This is not the case on most
      operating systems, but on those where it occurs, our tor_timegm
      function did not correctly invert the system's gmtime function,
      which could result in assertion failures when calculating voting
      schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 lfs/tor | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Patch

diff --git a/lfs/tor b/lfs/tor
index 97f2cf04e..56280b936 100644
--- a/lfs/tor
+++ b/lfs/tor
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 0.4.6.5
+VER        = 0.4.6.7
 
 THISAPP    = tor-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@  DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = tor
-PAK_VER    = 62
+PAK_VER    = 63
 
 DEPS       = libseccomp
 
@@ -44,7 +44,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 5a678a32c5a8b4bf97c9cb541df22b71
+$(DL_FILE)_MD5 = ff80309cfaa0719b197fdaf83f9d5443
 
 install : $(TARGET)