Bug 219864

Summary:

security/tor-devel: Update to 0.3.1.3-alpha

Product:

Ports & Packages

Reporter:

nusenu <freebsd-vheg>

Component:

Individual Port(s)

Assignee:

Kurt Jaeger <pi>

Status:

Closed FIXED

Severity:

Affects Some People

CC:

ports-secteam, yuri

Priority:

Normal

Keywords:

security

Version:

Latest

Flags:

koobs: maintainer-feedback+
pi: merge-quarterly+

Hardware:

Any

OS:

Any

URL:

https://lists.torproject.org/pipermail/tor-talk/2017-June/043244.html

See Also:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219863

Attachments:

Description	Flags
patch	yuri: maintainer-approval+

Description nusenu 2017-06-08 15:44:07 UTC

0.3.1.3-alpha fixes two remote DoS vulnerabilities related to hidden services:

https://lists.torproject.org/pipermail/tor-talk/2017-June/043244.html

CVEs: 
CVE-2017-0375, CVE-2017-0376

Comment 1 Yuri Victorovich freebsd_committer

2017-06-09 00:39:19 UTC

Created attachment 183342 [details]
patch

I disabled the new compression options for now, since at least one of them has a bug, see here: https://trac.torproject.org/projects/tor/ticket/22550

Added USES=pkgconfig, pkg-config is used and the option was missing.

Comment 2 Yuri Victorovich freebsd_committer

2017-06-13 14:51:23 UTC

Builds in poudriere.

Comment 3 Kubilay Kocak freebsd_committer

2017-06-14 13:26:49 UTC

Jan has this in progress.

Commit, VuXML & MFH pending

Comment 4 Kubilay Kocak freebsd_committer

2017-06-14 13:28:34 UTC

Oops, I meant Kurt :)

Comment 5 commit-hook freebsd_committer

2017-06-14 19:04:29 UTC

A commit references this bug:

Author: pi
Date: Wed Jun 14 19:03:47 UTC 2017
New revision: 443598
URL: https://svnweb.freebsd.org/changeset/ports/443598

Log:
  security/tor-devel: update 0.3.0.7 -> 0.3.1.3-alpha

  - fixes two remote DoS vulnerabilities related to hidden services
    https://lists.torproject.org/pipermail/tor-talk/2017-June/043244.html
  - disabled the new compression options for now, since at least one of
    them has a bug, see here:
    https://trac.torproject.org/projects/tor/ticket/22550

  PR:		219864
  Submitted by:	Yuri Victorovich <yuri@rawbw.com> (maintainer)
  MFH:		2017Q2
  Relnotes:	https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.3.1.3-alpha
  Security:	CVE-2017-0375, CVE-2017-0376

Changes:
  head/security/tor-devel/Makefile
  head/security/tor-devel/distinfo

Comment 6 commit-hook freebsd_committer

2017-06-16 07:03:51 UTC

A commit references this bug:

Author: pi
Date: Fri Jun 16 07:03:09 UTC 2017
New revision: 443670
URL: https://svnweb.freebsd.org/changeset/ports/443670

Log:
  security/tor-devel: update 0.3.0.3-alpha -> 0.3.1.3-alpha

  - fixes two remote DoS vulnerabilities related to hidden services
    https://lists.torproject.org/pipermail/tor-talk/2017-June/043244.html
  - disabled the new compression options for now, since at least one of
    them has a bug, see here:
    https://trac.torproject.org/projects/tor/ticket/22550

  PR:		219248, 219864
  Submitted by:	Yuri Victorovich <yuri@rawbw.com> (maintainer)
  Approved by:	ports-secteam (miwi, feld)
  MFH:		2017Q2
  Relnotes:	https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.3.1.3-alpha
  Security:	TROVE-2017-002, CVE-2017-0375, CVE-2017-0376

Changes:
  branches/2017Q2/security/tor-devel/Makefile
  branches/2017Q2/security/tor-devel/distinfo
  branches/2017Q2/security/tor-devel/files/pkg-message.in
  branches/2017Q2/security/tor-devel/files/tor.in
  branches/2017Q2/security/tor-devel/pkg-descr
  branches/2017Q2/security/tor-devel/pkg-plist