Created attachment 182555 [details] patch
see also bug#219246
Created attachment 182729 [details] patch Added the security update to 0.3.0.7.
Manually applied patch to move to security/tor-devel-0.3.0.7 about 5mins ago and port built successfully with 'NODOCS' defined in make file. How soon can we expect patch for 'tor'? Thanks
Same patch for tor: bug#219246
A commit references this bug: Author: pi Date: Fri May 19 17:40:16 UTC 2017 New revision: 441255 URL: https://svnweb.freebsd.org/changeset/ports/441255 Log: security/tor-devel: 0.3.0.6 -> 0.3.0.7 - medium-severity security bug in earlier versions of 0.3.0.x, where an attacker could cause a Tor relay process to exit PR: 219248 Relnotes: https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.3.0.7 Security: TROVE-2017-002 Submitted by: Yuri Victorovich <yuri@rawbw.com> (maintainer) MFH: 2017Q2 Changes: head/security/tor-devel/Makefile head/security/tor-devel/distinfo head/security/tor-devel/pkg-descr
A commit references this bug: Author: pi Date: Fri Jun 16 07:03:09 UTC 2017 New revision: 443670 URL: https://svnweb.freebsd.org/changeset/ports/443670 Log: security/tor-devel: update 0.3.0.3-alpha -> 0.3.1.3-alpha - fixes two remote DoS vulnerabilities related to hidden services https://lists.torproject.org/pipermail/tor-talk/2017-June/043244.html - disabled the new compression options for now, since at least one of them has a bug, see here: https://trac.torproject.org/projects/tor/ticket/22550 PR: 219248, 219864 Submitted by: Yuri Victorovich <yuri@rawbw.com> (maintainer) Approved by: ports-secteam (miwi, feld) MFH: 2017Q2 Relnotes: https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.3.1.3-alpha Security: TROVE-2017-002, CVE-2017-0375, CVE-2017-0376 Changes: branches/2017Q2/security/tor-devel/Makefile branches/2017Q2/security/tor-devel/distinfo branches/2017Q2/security/tor-devel/files/pkg-message.in branches/2017Q2/security/tor-devel/files/tor.in branches/2017Q2/security/tor-devel/pkg-descr branches/2017Q2/security/tor-devel/pkg-plist