FreeBSD Bugzilla – Attachment 163337 Details for
Bug 203014
security/tor and security/tor-devel: Update and fix a few problems
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
[PATCH] security/tor-devel: r400391
PATCH_tor-devel (text/plain), 10.16 KB, created by
VinÃcius Zavam
on 2015-11-19 16:40:14 UTC
(
hide
)
Description:
[PATCH] security/tor-devel: r400391
Filename:
MIME Type:
Creator:
VinÃcius Zavam
Created:
2015-11-19 16:40:14 UTC
Size:
10.16 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 400391) >+++ Makefile (working copy) >@@ -2,7 +2,7 @@ > # $FreeBSD$ > > PORTNAME= tor >-DISTVERSION= 0.2.6.7 >+DISTVERSION= 0.2.7.4-rc > CATEGORIES= security net ipv6 > MASTER_SITES= TOR > PKGNAMESUFFIX= -devel >@@ -15,19 +15,26 @@ > > USES= cpe gmake > CPE_VENDOR= torproject >-#CPE_VERSION= ${DISTVERSION:C/-.*//} >-#CPE_UPDATE= ${DISTVERSION:C/.*-//} > GNU_CONFIGURE= yes >-CONFIGURE_ARGS= --with-openssl-dir="${OPENSSLBASE}" --disable-asciidoc >-CONFIGURE_ENV= TOR_CPPFLAGS_libevent="-I${LOCALBASE}/include" \ >- TOR_LDFLAGS_libevent="-L${LOCALBASE}/lib/" \ >- TOR_LIBEVENT_LIBS="${TOR_LIBEVENT_LIBS}" >+CONFIGURE_ARGS= --with-openssl-dir=${OPENSSLBASE} --disable-asciidoc > > OPTIONS_DEFINE= BUFFEREVENTS INSTR_DOWNLOADS \ > STATIC_TOR TCMALLOC TOR2WEB TRANSPARENT > >+OPTIONS_DEFAULT= THREADS TRANSPARENT >+ >+OPTIONS_GROUP= TRANSPORT >+OPTIONS_GROUP_TRANSPORT= OBFSPROXY >+ >+BUFFEREVENTS_CONFIGURE_ENABLE= bufferevents >+INSTR_DOWNLOADS_CONFIGURE_ENABLE= instrument-downloads >+OBFSPROXY_BUILD_DEPENDS= ${LOCALBASE}/bin/obfsproxy:security/obfsproxy >+TOR2WEB_CONFIGURE_ENABLE= tor2web-mode >+TRANSPARENT_CONFIGURE_ENABLE= transparent >+ > BUFFEREVENTS_DESC= Use libevent's buffered IO > INSTR_DOWNLOADS_DESC= Instrument downloads for analysis >+OBFSPROXY_DESC= Pluggable transport proxy written in Python > STATIC_TOR_DESC= Build a static tor > TCMALLOC_DESC= Use the tcmalloc memory allocation library > TOR2WEB_DESC= Faster but non-anonymous hidden services >@@ -35,6 +42,9 @@ > > OPTIONS_DEFAULT= THREADS TRANSPARENT > >+OPTIONS_GROUP= TRANSPORT >+OPTIONS_GROUP_TRANSPORT= OBFSPROXY >+ > USE_OPENSSL= yes > > USE_RC_SUBR= tor >@@ -47,6 +57,10 @@ > > .include <bsd.port.options.mk> > >+.if (${OSVERSION} < 1000015) >+WITH_OPENSSL_PORT= yes >+.endif >+ > .if !defined(USE_GCC) && empty(CC:T:M*gcc4*) && \ > empty(PORT_OPTIONS:MSTATIC_TOR) && empty(ARCH:Mia64) > CONFIGURE_ARGS+= --enable-gcc-hardening >@@ -54,29 +68,22 @@ > CONFIGURE_ARGS+= --disable-gcc-hardening > .endif > >-.if ${PORT_OPTIONS:MBUFFEREVENTS} >-CONFIGURE_ARGS+= --enable-bufferevents >-.else >-CONFIGURE_ARGS+= --disable-bufferevents >+.if ${PORT_OPTIONS:MOBFSPROXY} >+BUILD_DEPENDS += ${LOCALBASE}/bin/obfsproxy:security/obfsproxy > .endif > >-.if ${PORT_OPTIONS:MINSTR_DOWNLOADS} >-CONFIGURE_ARGS+= --enable-instrument-downloads >-.else >-CONFIGURE_ARGS+= --disable-instrument-downloads >-.endif >- > .if ${PORT_OPTIONS:MSTATIC_TOR} >-BUILD_DEPENDS += ${LOCALBASE}/lib/libevent.a:${PORTSDIR}/devel/libevent2 >+BUILD_DEPENDS += ${LOCALBASE}/lib/libevent.a:devel/libevent2 > CONFIGURE_ARGS+= --enable-static-tor \ >- --with-zlib-dir=/usr/lib --disable-linker-hardening >-TOR_LIBEVENT_LIBS= ${LOCALBASE}/lib/libevent.a >+ --disable-linker-hardening \ >+ --with-libevent-dir=${LOCALBASE}/lib \ >+ --with-zlib-dir=/usr/lib > .if ${PORT_OPTIONS:MBUFFEREVENTS} > TOR_LIBEVENT_LIBS:= ${LOCALBASE}/lib/libevent_openssl.a ${TOR_LIBEVENT_LIBS} > .endif > .else > CONFIGURE_ARGS+= --enable-linker-hardening >-LIB_DEPENDS+= libevent.so:${PORTSDIR}/devel/libevent2 >+LIB_DEPENDS+= libevent.so:devel/libevent2 > TOR_LIBEVENT_LIBS= -levent > .if ${PORT_OPTIONS:MBUFFEREVENTS} > TOR_LIBEVENT_LIBS:= -levent_openssl ${TOR_LIBEVENT_LIBS} >@@ -85,36 +92,22 @@ > > .if ${PORT_OPTIONS:MTCMALLOC} > CONFIGURE_ARGS+= --with-tcmalloc >+LDFLAGS+= "-L${LOCALBASE}/lib" > .if ${PORT_OPTIONS:MSTATIC_TOR} >-BUILD_DEPENDS += ${LOCALBASE}/lib/libtcmalloc.so:${PORTSDIR}/devel/google-perftools >-.else >-LIB_DEPENDS+= libtcmalloc.so:${PORTSDIR}/devel/google-perftools >+BUILD_DEPENDS += ${LOCALBASE}/lib/libtcmalloc.a:devel/google-perftools > .endif >+BUILD_DEPENDS += ${LOCALBASE}/lib/libtcmalloc.so:devel/google-perftools >+LIB_DEPENDS+= libtcmalloc.so:devel/google-perftools > .endif > >-.if ${PORT_OPTIONS:MTOR2WEB} >-CONFIGURE_ARGS+= --enable-tor2web-mode >+.if ! ${PORT_OPTIONS:MTOR2WEB} >+check regression-test test: build >+ @cd ${BUILD_WRKSRC} ; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} \ >+ ${MAKE_ARGS} check > .endif > >-.if ${PORT_OPTIONS:MTRANSPARENT} >-CONFIGURE_ARGS+= --enable-transparent >-.else >-CONFIGURE_ARGS+= --disable-transparent >-.endif >- >-post-patch: >- @${REINPLACE_CMD} -E -e "s@-ltcmalloc@${LOCALBASE}/lib/libtcmalloc.so@" \ >- -e "s@(-z) (relro|now)@-Wl,\1,\2@g" \ >- ${WRKSRC}/configure >- > post-configure: > @${REINPLACE_CMD} -e '\|^nodist_man1_MANS =|s|$$|$$(install_mans:=.1)|' \ > ${WRKSRC}/Makefile > >-.if ! ${PORT_OPTIONS:MTOR2WEB} >-check regression-test test: build >- @cd ${BUILD_WRKSRC} ; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} \ >- ${MAKE_ARGS} check >- >-.endif > .include <bsd.port.mk> >Index: distinfo >=================================================================== >--- distinfo (revision 400391) >+++ distinfo (working copy) >@@ -1,2 +1,2 @@ >-SHA256 (tor-0.2.6.7.tar.gz) = 8c2be88a542ed1b22a8d3d595ec0acd0e28191de273dbcaefc64fdce92b89e6c >-SIZE (tor-0.2.6.7.tar.gz) = 3595669 >+SHA256 (tor-0.2.7.4-rc.tar.gz) = 6741c3e6abfedb76be781b767b77f794ee1a0f554cc4ccf083e44d4d9dc8af67 >+SIZE (tor-0.2.7.4-rc.tar.gz) = 4830972 >Index: files/patch-configure >=================================================================== >--- files/patch-configure (revision 400391) >+++ files/patch-configure (nonexistent) >@@ -1,49 +0,0 @@ >---- configure.orig 2012-06-15 03:10:31.000000000 -0400 >-+++ configure 2012-06-17 08:46:34.000000000 -0400 >-@@ -6319,6 +6319,7 @@ >- fi >- >- >-+if false ; then >- trylibeventdir="" >- >- # Check whether --with-libevent-dir was given. >-@@ -6645,6 +6646,7 @@ >- LIBS="$tor_saved_LIBS" >- LDFLAGS="$tor_saved_LDFLAGS" >- CPPFLAGS="$tor_saved_CPPFLAGS" >-+fi >- >- >- >-@@ -6707,6 +6709,7 @@ >- fi >- >- >-+if false ; then >- if test "$enable_static_libevent" = "yes"; then >- if test "$tor_cv_library_libevent_dir" = "(system)"; then >- as_fn_error $? "\"You must specify an explicit --with-libevent-dir=x option when using --enable-static-libevent\"" "$LINENO" 5 >-@@ -6716,6 +6719,7 @@ >- else >- TOR_LIBEVENT_LIBS="-levent" >- fi >-+fi >- >- if test "$enable_bufferevents" = "yes" ; then >- if test "$ac_cv_header_event2_bufferevent_ssl_h" != "yes" ; then >-@@ -6794,12 +6798,14 @@ >- >- $as_echo "#define USE_BUFFEREVENTS 1" >>confdefs.h >- >-+if false ; then >- if test "$enable_static_libevent" = "yes"; then >- TOR_LIBEVENT_LIBS="$TOR_LIBDIR_libevent/libevent_openssl.a $TOR_LIBEVENT_LIBS" >- else >- TOR_LIBEVENT_LIBS="-levent_openssl $TOR_LIBEVENT_LIBS" >- fi >- fi >-+fi >- >- >- > >Property changes on: files/patch-configure >___________________________________________________________________ >Deleted: fbsd:nokeywords >## -1 +0,0 ## >-yes >\ No newline at end of property >Deleted: svn:eol-style >## -1 +0,0 ## >-native >\ No newline at end of property >Deleted: svn:mime-type >## -1 +0,0 ## >-text/plain >\ No newline at end of property >Index: files/pkg-message.in >=================================================================== >--- files/pkg-message.in (revision 400391) >+++ files/pkg-message.in (working copy) >@@ -3,19 +3,12 @@ > and edit %%PREFIX%%/etc/tor/torrc as desired. (However, note that the > %%PREFIX%%/etc/rc.d/tor rc.subr script can override some torrc > options: see that script for details.) To use the torify script, install >-the net/torsocks port. After installing tor for the first time, or after >-a major update of tor, you should: >+the net/torsocks port. > >-rm -r /var/db/tor /var/run/tor >-mkdir -p /var/db/tor/data /var/run/tor >-touch /var/log/tor >-chown -R _tor:_tor /var/db/tor /var/log/tor /var/run/tor >-chmod -R 700 /var/db/tor >+Before starting the tor server. Tor users are strongly advised to prevent traffic >+analysis that exploits sequential IP ID by setting: > >-before starting the tor server. Tor users are strongly advised to prevent traffic >-analysis that exploits sequential IP IDs by setting: >+ # sysctl net.inet.ip.random_id=1 > >-sysctl net.inet.ip.random_id=1 >- >-(see sysctl.conf(5)). >+Please read sysctl.conf(5) for more information and details. > ================================================================================ >Index: files/tor.in >=================================================================== >--- files/tor.in (revision 400391) >+++ files/tor.in (working copy) >@@ -13,10 +13,11 @@ > # tor_enable (bool): Set it to "YES" to enable tor. Default: NO > # tor_conf (str): Points to your torrc file. > # Default: %%PREFIX%%/etc/tor/torrc >-# tor_user (str): Tor daemon user. Default: _tor >-# tor_datadir (str): Tor datadir. Default: /var/db/tor >-# tor_logfile (str): Tor log file. Default: /var/log/tor >-# tor_loglevel (str): Tor log severity level. Default: notice >+# tor_user (str): Tor daemon user. Default: _tor >+# tor_group (str): Tor daemon group. Default: _tor >+# tor_datadir (str): Tor data directory. Default: /var/db/tor >+# tor_logdir (str): Tor log directory. Default: /var/log/tor >+# tor_loglevel (str): Tor log severity level. Default: notice > # > > . /etc/rc.subr >@@ -29,22 +30,42 @@ > : ${tor_enable="NO"} > : ${tor_conf="%%PREFIX%%/etc/tor/torrc"} > : ${tor_user="_tor"} >-: ${tor_pidfile="/var/run/tor/tor.pid"} >-: ${tor_logfile="/var/log/tor"} >+: ${tor_group="_tor"} >+: ${tor_datadir="/var/db/tor"} >+: ${tor_logdir="/var/log/tor"} >+: ${tor_logfile="${tor_logdir}/tor.log"} > : ${tor_loglevel="notice"} >-: ${tor_datadir="/var/db/tor"} >+: ${tor_piddir="/var/run/tor"} >+: ${tor_pidfile="${tor_piddir}/tor.pid"} > > required_files=${tor_conf} >-required_dirs=${tor_datadir} >+# required_dirs="${tor_datadir} ${tor_logdir} ${tor_piddir}" > pidfile=${tor_pidfile} >+ > command="%%PREFIX%%/bin/${name}" >-command_args="-f ${tor_conf} --PidFile ${tor_pidfile} --RunAsDaemon 1 --DataDirectory ${tor_datadir} --+Log ${tor_loglevel}\ file\ ${tor_logfile}" >+command_args="-f ${tor_conf} --PidFile ${tor_pidfile} --RunAsDaemon 1 --DataDirectory ${tor_datadir} --Log ${tor_loglevel}\ file\ ${tor_logfile}" > extra_commands="log reload" > log_cmd="${name}_log" >+start_precmd="${name}_prestart" > > tor_log() { > cat ${tor_logfile} > } > >+tor_prestart() { >+ if [ ! -d "${tor_datadir}" ]; then >+ echo ${tor_datadir} not found. Creating it... >+ install -d -m 0700 -o ${tor_user} -g ${tor_group} ${tor_datadir} >+ fi >+ if [ ! -d "${tor_logdir}" ]; then >+ echo ${tor_logdir} not found. Creating it... >+ install -d -m 0700 -o ${tor_user} -g ${tor_group} ${tor_logdir} >+ fi >+ if [ ! -d "${tor_piddir}" ]; then >+ echo ${tor_piddir} not found. Creating it... >+ install -d -m 0700 -o ${tor_user} -g ${tor_group} ${tor_piddir} >+ fi >+} >+ > run_rc_command "$1" >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=163337">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 203014
:
162605
|
162606
|
162608
|
162609
|
162610
|
162611
|
162613
|
162616
|
162630
|
162631
|
162632
|
162633
|
163253
|
163254
|
163337
|
163338
|
163340
|
163341
|
163342
|
163355
|
163356
|
163538
|
164153
|
176119
|
176798
|
176829
|
176832
|
176857
|
176858
|
176873
|
176874
|
176875
|
177615
|
177618