Bug 219863

Summary: security/tor: Update to 0.3.0.8 (Security fixes)
Product: Ports & Packages Reporter: nusenu <freebsd-vheg>
Component: Individual Port(s)Assignee: Kurt Jaeger <pi>
Status: Closed FIXED    
Severity: Affects Many People CC: felixstella, ports-secteam, yuri
Priority: Normal Keywords: security
Version: LatestFlags: koobs: maintainer-feedback+
pi: merge-quarterly+
Hardware: Any   
OS: Any   
URL: https://lists.torproject.org/pipermail/tor-talk/2017-June/043244.html
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219864
Attachments:
Description Flags
patch yuri: maintainer-approval+

Description nusenu 2017-06-08 15:42:55 UTC 
0.3.0.8 fixes two remote DoS vulnerabilities related to hidden services:

https://lists.torproject.org/pipermail/tor-talk/2017-June/043244.html

CVEs: 
CVE-2017-0375, CVE-2017-0376

https://dist.torproject.org/tor-0.3.0.8.tar.gz
Comment 1 Yuri Victorovich freebsd_committer freebsd_triage 2017-06-08 22:32:54 UTC 
Created attachment 183336 [details]
patch

Builds in poudriere.
Comment 2 FStl 2017-06-10 15:04:08 UTC 
Please also update the tor version in the 2017Q2 branch from 0.2.9.10 to 0.2.9.11 since that is affected by the same security issue.
Comment 3 Yuri Victorovich freebsd_committer freebsd_triage 2017-06-10 21:09:07 UTC 
+1
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2017-06-13 09:40:10 UTC 
@Yuri Please confirm QA pass in this and bug 219864
Comment 5 Kubilay Kocak freebsd_committer freebsd_triage 2017-06-13 09:59:35 UTC 
Has QA confirmation (comment 1)
Comment 6 Kubilay Kocak freebsd_committer freebsd_triage 2017-06-14 13:27:21 UTC 
Jan has this in progress.

Commit, VuXML & MFH pending
Comment 7 Kubilay Kocak freebsd_committer freebsd_triage 2017-06-14 13:28:58 UTC 
Oops, I meant Kurt :)
Comment 8 commit-hook freebsd_committer freebsd_triage 2017-06-14 19:01:23 UTC 
A commit references this bug:

Author: pi
Date: Wed Jun 14 19:00:27 UTC 2017
New revision: 443596
URL: https://svnweb.freebsd.org/changeset/ports/443596

Log:
  security/tor: update 0.3.0.7 -> 0.3.0.8

  PR:		219863
  Submitted by:	Yuri Victorovich <yuri@rawbw.com> (maintainer)
  MFH:		2017Q2
  Relnotes:	https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.3.0.8
  Security:	CVE-2017-0375, CVE-2017-0376

Changes:
  head/security/tor/Makefile
  head/security/tor/distinfo
Comment 9 commit-hook freebsd_committer freebsd_triage 2017-06-16 07:00:43 UTC 
A commit references this bug:

Author: pi
Date: Fri Jun 16 06:59:32 UTC 2017
New revision: 443669
URL: https://svnweb.freebsd.org/changeset/ports/443669

Log:
  security/tor: update 0.2.9.10 -> 0.3.0.8

  PR:		219246, 219863
  Submitted by:	Yuri Victorovich <yuri@rawbw.com> (maintainer)
  Approved by:	ports-secteam (miwi, feld)
  MFH:		2017Q2
  Relnotes:	https://gitweb.torproject.org/tor.git/tree/ChangeLog
  Security:	TROVE-2017-002, CVE-2017-0375, CVE-2017-0376

Changes:
  branches/2017Q2/security/tor/Makefile
  branches/2017Q2/security/tor/distinfo
  branches/2017Q2/security/tor/pkg-descr
  branches/2017Q2/security/tor/pkg-plist