Bug 219864 - security/tor-devel: Update to 0.3.1.3-alpha
Summary: security/tor-devel: Update to 0.3.1.3-alpha
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Some People
Assignee: Kurt Jaeger
URL: https://lists.torproject.org/pipermai...
Keywords: security
Depends on:
Blocks:
 
Reported: 2017-06-08 15:44 UTC by nusenu
Modified: 2017-07-25 18:32 UTC (History)
2 users (show)

See Also:
koobs: maintainer-feedback+
pi: merge-quarterly+

Attachments
patch (1.44 KB, patch)
2017-06-09 00:39 UTC, Yuri Victorovich 		yuri: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description nusenu 2017-06-08 15:44:07 UTC 
0.3.1.3-alpha fixes two remote DoS vulnerabilities related to hidden services:

https://lists.torproject.org/pipermail/tor-talk/2017-June/043244.html

CVEs: 
CVE-2017-0375, CVE-2017-0376
Comment 1 Yuri Victorovich freebsd_committer freebsd_triage 2017-06-09 00:39:19 UTC 
Created attachment 183342 [details]
patch

I disabled the new compression options for now, since at least one of them has a bug, see here: https://trac.torproject.org/projects/tor/ticket/22550

Added USES=pkgconfig, pkg-config is used and the option was missing.
Comment 2 Yuri Victorovich freebsd_committer freebsd_triage 2017-06-13 14:51:23 UTC 
Builds in poudriere.
Comment 3 Kubilay Kocak freebsd_committer freebsd_triage 2017-06-14 13:26:49 UTC 
Jan has this in progress.

Commit, VuXML & MFH pending
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2017-06-14 13:28:34 UTC 
Oops, I meant Kurt :)
Comment 5 commit-hook freebsd_committer freebsd_triage 2017-06-14 19:04:29 UTC 
A commit references this bug:

Author: pi
Date: Wed Jun 14 19:03:47 UTC 2017
New revision: 443598
URL: https://svnweb.freebsd.org/changeset/ports/443598

Log:
  security/tor-devel: update 0.3.0.7 -> 0.3.1.3-alpha

  - fixes two remote DoS vulnerabilities related to hidden services
    https://lists.torproject.org/pipermail/tor-talk/2017-June/043244.html
  - disabled the new compression options for now, since at least one of
    them has a bug, see here:
    https://trac.torproject.org/projects/tor/ticket/22550

  PR:		219864
  Submitted by:	Yuri Victorovich <yuri@rawbw.com> (maintainer)
  MFH:		2017Q2
  Relnotes:	https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.3.1.3-alpha
  Security:	CVE-2017-0375, CVE-2017-0376

Changes:
  head/security/tor-devel/Makefile
  head/security/tor-devel/distinfo
Comment 6 commit-hook freebsd_committer freebsd_triage 2017-06-16 07:03:51 UTC 
A commit references this bug:

Author: pi
Date: Fri Jun 16 07:03:09 UTC 2017
New revision: 443670
URL: https://svnweb.freebsd.org/changeset/ports/443670

Log:
  security/tor-devel: update 0.3.0.3-alpha -> 0.3.1.3-alpha

  - fixes two remote DoS vulnerabilities related to hidden services
    https://lists.torproject.org/pipermail/tor-talk/2017-June/043244.html
  - disabled the new compression options for now, since at least one of
    them has a bug, see here:
    https://trac.torproject.org/projects/tor/ticket/22550

  PR:		219248, 219864
  Submitted by:	Yuri Victorovich <yuri@rawbw.com> (maintainer)
  Approved by:	ports-secteam (miwi, feld)
  MFH:		2017Q2
  Relnotes:	https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.3.1.3-alpha
  Security:	TROVE-2017-002, CVE-2017-0375, CVE-2017-0376

Changes:
  branches/2017Q2/security/tor-devel/Makefile
  branches/2017Q2/security/tor-devel/distinfo
  branches/2017Q2/security/tor-devel/files/pkg-message.in
  branches/2017Q2/security/tor-devel/files/tor.in
  branches/2017Q2/security/tor-devel/pkg-descr
  branches/2017Q2/security/tor-devel/pkg-plist