Message ID | bae5333a-ba7c-c333-c580-c9a260db2712@ipfire.org |
---|---|
State | Accepted |
Commit | 4e24418705464a159d9618e474b37d44d251d467 |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4F7cdJ0hlCz3wp0 for <patchwork@web04.haj.ipfire.org>; Sun, 28 Mar 2021 13:54:12 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4F7cdG65swz1Sm; Sun, 28 Mar 2021 13:54:10 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4F7cdG2hdLz2xbv; Sun, 28 Mar 2021 13:54:10 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4F7cdF5Gyjz2xHV for <development@lists.ipfire.org>; Sun, 28 Mar 2021 13:54:09 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4F7cdD5RkWz1Nh for <development@lists.ipfire.org>; Sun, 28 Mar 2021 13:54:08 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1616939649; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HRIHEZVY1XVV8fLOu6LJrpsn1dJe7dE1xyKTrJm1iO0=; b=hnhc8Iog1cCi6azRSRCWvHM6qSFsJrN5h0pJ2U2qPJlGYXBkaDXHRrchhnPa6nAHUm1Ea8 IoeCC+vWbf51DrCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1616939649; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HRIHEZVY1XVV8fLOu6LJrpsn1dJe7dE1xyKTrJm1iO0=; b=UYwa86Qx/jgr7l1mgwJMjyfXGGI7qX1qhXfVn3x4q3czDov0tL5syRPzv0QeqyBuoiHsxX 1VG4OuSVlou+0dVEagneN7KyYUQMvzxYUc2T9gXl9mzpQ8467Xod8gr1geGJpOWI4OXoUe YciYO8QloOb6J8lmuWatQ2shCx0U0x9aCYowQEn0TnOPYQM3SdtQDvrKeLphb9XkRHLjG7 jER1OXROBkh3H/YH6/Ib938vDNlvX4xFFFtBfdh/jbWs4hcG+lKQZ8nyU0NkxN3g/fpN7L UcngydSD5q2vqBwj0gzIohFWRUlbcS0VVykeTAEI+ljmYS1hCHMel/eyD/iR+A== To: "IPFire: Development" <development@lists.ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org> Subject: [PATCH] Tor: update to 0.4.5.7 Message-ID: <bae5333a-ba7c-c333-c580-c9a260db2712@ipfire.org> Date: Sun, 28 Mar 2021 15:54:05 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Series |
Tor: update to 0.4.5.7
|
|
Commit Message
Peter Müller
March 28, 2021, 1:54 p.m. UTC
Full changelog as per https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.5.7:
Changes in version 0.4.5.7 - 2021-03-16
Tor 0.4.5.7 fixes two important denial-of-service bugs in earlier
versions of Tor.
One of these vulnerabilities (TROVE-2021-001) would allow an attacker
who can send directory data to a Tor instance to force that Tor
instance to consume huge amounts of CPU. This is easiest to exploit
against authorities, since anybody can upload to them, but directory
caches could also exploit this vulnerability against relays or clients
when they download. The other vulnerability (TROVE-2021-002) only
affects directory authorities, and would allow an attacker to remotely
crash the authority with an assertion failure. Patches have already
been provided to the authority operators, to help ensure
network stability.
We recommend that everybody upgrade to one of the releases that fixes
these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available
to you.
This release also updates our GeoIP data source, and fixes a few
smaller bugs in earlier releases.
o Major bugfixes (security, denial of service):
- Disable the dump_desc() function that we used to dump unparseable
information to disk. It was called incorrectly in several places,
in a way that could lead to excessive CPU usage. Fixes bug 40286;
bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021-
001 and CVE-2021-28089.
- Fix a bug in appending detached signatures to a pending consensus
document that could be used to crash a directory authority. Fixes
bug 40316; bugfix on 0.2.2.6-alpha. Tracked as TROVE-2021-002
and CVE-2021-28090.
o Minor features (geoip data):
- We have switched geoip data sources. Previously we shipped IP-to-
country mappings from Maxmind's GeoLite2, but in 2019 they changed
their licensing terms, so we were unable to update them after that
point. We now ship geoip files based on the IPFire Location
Database instead. (See https://location.ipfire.org/ for more
information). This release updates our geoip files to match the
IPFire Location Database as retrieved on 2021/03/12. Closes
ticket 40224.
o Minor bugfixes (directory authority):
- Now that exit relays don't allow exit connections to directory
authority DirPorts (to prevent network reentry), disable
authorities' reachability self test on the DirPort. Fixes bug
40287; bugfix on 0.4.5.5-rc.
o Minor bugfixes (documentation):
- Fix a formatting error in the documentation for
VirtualAddrNetworkIPv6. Fixes bug 40256; bugfix on 0.2.9.4-alpha.
o Minor bugfixes (Linux, relay):
- Fix a bug in determining total available system memory that would
have been triggered if the format of Linux's /proc/meminfo file
had ever changed to include "MemTotal:" in the middle of a line.
Fixes bug 40315; bugfix on 0.2.5.4-alpha.
o Minor bugfixes (metrics port):
- Fix a BUG() warning on the MetricsPort for an internal missing
handler. Fixes bug 40295; bugfix on 0.4.5.1-alpha.
o Minor bugfixes (onion service):
- Remove a harmless BUG() warning when reloading tor configured with
onion services. Fixes bug 40334; bugfix on 0.4.5.1-alpha.
o Minor bugfixes (portability):
- Fix a non-portable usage of "==" with "test" in the configure
script. Fixes bug 40298; bugfix on 0.4.5.1-alpha.
o Minor bugfixes (relay):
- Remove a spammy log notice falsely claiming that the IPv4/v6
address was missing. Fixes bug 40300; bugfix on 0.4.5.1-alpha.
- Do not query the address cache early in the boot process when
deciding if a relay needs to fetch early directory information
from an authority. This bug resulted in a relay falsely believing
it didn't have an address and thus triggering an authority fetch
at each boot. Related to our fix for 40300.
o Removed features (mallinfo deprecated):
- Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it.
Closes ticket 40309.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
lfs/tor | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/tor b/lfs/tor index 8ad5986b0..34e3b3ffb 100644 --- a/lfs/tor +++ b/lfs/tor @@ -24,7 +24,7 @@ include Config -VER = 0.4.5.6 +VER = 0.4.5.7 THISAPP = tor-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 58 +PAK_VER = 59 DEPS = libseccomp @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 22a04ef62c714b7d9d8928ebe238e4c4 +$(DL_FILE)_MD5 = 3a1800592293a8d4122823eab9233739 install : $(TARGET)