From patchwork Thu Feb 4 20:39:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 3869 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4DWr555Wp7z3wp0 for ; Thu, 4 Feb 2021 20:39:37 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4DWr546Dy5z4lJ; Thu, 4 Feb 2021 20:39:36 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4DWr544pvSz2xlL; Thu, 4 Feb 2021 20:39:36 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4DWr540jmyz2xYj for ; Thu, 4 Feb 2021 20:39:36 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4DWr522bZMz1f for ; Thu, 4 Feb 2021 20:39:34 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1612471175; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YiH6iNAefpNz5nMlym90vwavv51GrVNaNOKUFWlugYo=; b=bQajolNFXOpKlA6T1YY5oXbfe7ILCmZ00p7xLI4kDF4oYiTJJJ7Ux1rCMwgOsVkZJkU9IK Ejf/adh+zrzv9/Cg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1612471175; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YiH6iNAefpNz5nMlym90vwavv51GrVNaNOKUFWlugYo=; b=kcq4fUtRvwSfCI2Tm55b5Yq4bsGLo+Wo9Gks8Q+TEa9KXAg/8J4V9IfJgaerajlT5us2zu s2+Yym3BWXMVqlWzATGYmaFI8ym9sm59Rh2adCI7dOOYGYlQLrZe53UhIoVqAlFAjbBMOF r/qHjZ7pTU/HXdy/VDdCovutQ1daD0PHOFnXshuiejObLtzxNntC5zbWBmxHQMe7KZqpHY fqGcGsHD6ClOpQObpq6ODKHNOFY5+oGCjwwZVSyMkO+mQmlF+De+4quN3GM3/cQZaiEWw9 0SNGO1wlucZPNGdcrsiXN8X/CG2g3TWVlLWbmB5jOmDJAvEaICz0D94yGdqZEQ== To: "IPFire: Development" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH] Tor: update to 0.4.4.7 Message-ID: <0a64e261-d1d6-98d6-36da-ecaed7d8150c@ipfire.org> Date: Thu, 4 Feb 2021 21:39:32 +0100 MIME-Version: 1.0 Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Full changelog of this version as per https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.4.7: Changes in version 0.4.4.7 - 2021-02-03 Tor 0.4.4.7 backports numerous bugfixes from later releases, including one that made v3 onion services more susceptible to denial-of-service attacks, and a feature that makes some kinds of DoS attacks harder to perform. o Major bugfixes (onion service v3, backport from 0.4.5.3-rc): - Stop requiring a live consensus for v3 clients and services, and allow a "reasonably live" consensus instead. This allows v3 onion services to work even if the authorities fail to generate a consensus for more than 2 hours in a row. Fixes bug 40237; bugfix on 0.3.5.1-alpha. o Major feature (exit, backport from 0.4.5.5-rc): - Re-entry into the network is now denied at the Exit level to all relays' ORPorts and authorities' ORPorts and DirPorts. This change should help mitgate a set of denial-of-service attacks. Closes ticket 2667. o Minor feature (build system, backport from 0.4.5.4-rc): - New "make lsp" command to generate the compile_commands.json file used by the ccls language server. The "bear" program is needed for this. Closes ticket 40227. o Minor features (compilation, backport from 0.4.5.2-rc): - Disable deprecation warnings when building with OpenSSL 3.0.0 or later. There are a number of APIs newly deprecated in OpenSSL 3.0.0 that Tor still requires. (A later version of Tor will try to stop depending on these APIs.) Closes ticket 40165. o Minor features (crypto, backport from 0.4.5.3-rc): - Fix undefined behavior on our Keccak library. The bug only appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) and would result in wrong digests. Fixes bug 40210; bugfix on 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and weasel for diagnosing this. o Minor bugfixes (compatibility, backport from 0.4.5.1-rc): - Strip '\r' characters when reading text files on Unix platforms. This should resolve an issue where a relay operator migrates a relay from Windows to Unix, but does not change the line ending of Tor's various state files to match the platform, and the CRLF line endings from Windows end up leaking into other files such as the extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. o Minor bugfixes (compilation, backport from 0.4.5.3-rc): - Fix a compilation warning about unreachable fallthrough annotations when building with "--enable-all-bugs-are-fatal" on some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc): - Handle partial SOCKS5 messages correctly. Previously, our code would send an incorrect error message if it got a SOCKS5 request that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. o Minor bugfixes (testing, backport from 0.4.5.2-alpha): - Fix the `config/parse_tcp_proxy_line` test so that it works correctly on systems where the DNS provider hijacks invalid queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. - Fix our Python reference-implementation for the v3 onion service handshake so that it works correctly with the version of hashlib provided by Python 3.9. Fixes part of bug 40179; bugfix on 0.3.1.6-rc. - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. Signed-off-by: Peter Müller --- lfs/tor | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lfs/tor b/lfs/tor index 6d758dcb0..e36d5c6cf 100644 --- a/lfs/tor +++ b/lfs/tor @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team # +# Copyright (C) 2007-2021 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 0.4.4.6 +VER = 0.4.4.7 THISAPP = tor-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 56 +PAK_VER = 57 DEPS = libseccomp @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 3635b2f7b6645910bf702ce8eaeffd0d +$(DL_FILE)_MD5 = 6ea60eb939ab3633a682a81fb46dd37f install : $(TARGET)