Bug 219248 - security/tor-devel: Update to 0.3.0.7 and the fix of MANPAGES/DOCS options regression
Summary: security/tor-devel: Update to 0.3.0.7 and the fix of MANPAGES/DOCS options re...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Kurt Jaeger
URL:
Keywords:
Depends on:
Blocks: 219241 219364
  Show dependency treegraph
 
Reported: 2017-05-13 00:41 UTC by Yuri Victorovich
Modified: 2017-07-25 18:29 UTC (History)
2 users (show)

See Also:


Attachments
patch (1.79 KB, patch)
2017-05-13 00:41 UTC, Yuri Victorovich
yuri: maintainer-approval+
Details | Diff
patch (2.48 KB, patch)
2017-05-19 06:26 UTC, Yuri Victorovich
yuri: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yuri Victorovich freebsd_committer freebsd_triage 2017-05-13 00:41:47 UTC
Created attachment 182555 [details]
patch
Comment 1 Yuri Victorovich freebsd_committer freebsd_triage 2017-05-13 00:42:20 UTC
see also bug#219246
Comment 2 Yuri Victorovich freebsd_committer freebsd_triage 2017-05-19 06:26:11 UTC
Created attachment 182729 [details]
patch

Added the security update to 0.3.0.7.
Comment 3 rhs 2017-05-19 11:56:49 UTC
Manually applied patch to move to security/tor-devel-0.3.0.7 about 5mins ago and port built successfully with 'NODOCS' defined in make file. How soon can we expect patch for 'tor'?
Thanks
Comment 4 Yuri Victorovich freebsd_committer freebsd_triage 2017-05-19 14:19:52 UTC
Same patch for tor: bug#219246
Comment 5 commit-hook freebsd_committer freebsd_triage 2017-05-19 17:40:30 UTC
A commit references this bug:

Author: pi
Date: Fri May 19 17:40:16 UTC 2017
New revision: 441255
URL: https://svnweb.freebsd.org/changeset/ports/441255

Log:
  security/tor-devel: 0.3.0.6 -> 0.3.0.7

  - medium-severity security bug in earlier versions of 0.3.0.x, where
    an attacker could cause a Tor relay process to exit

  PR:		219248
  Relnotes:	https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.3.0.7
  Security:	TROVE-2017-002
  Submitted by:	Yuri Victorovich <yuri@rawbw.com> (maintainer)
  MFH:		2017Q2

Changes:
  head/security/tor-devel/Makefile
  head/security/tor-devel/distinfo
  head/security/tor-devel/pkg-descr
Comment 6 commit-hook freebsd_committer freebsd_triage 2017-06-16 07:03:53 UTC
A commit references this bug:

Author: pi
Date: Fri Jun 16 07:03:09 UTC 2017
New revision: 443670
URL: https://svnweb.freebsd.org/changeset/ports/443670

Log:
  security/tor-devel: update 0.3.0.3-alpha -> 0.3.1.3-alpha

  - fixes two remote DoS vulnerabilities related to hidden services
    https://lists.torproject.org/pipermail/tor-talk/2017-June/043244.html
  - disabled the new compression options for now, since at least one of
    them has a bug, see here:
    https://trac.torproject.org/projects/tor/ticket/22550

  PR:		219248, 219864
  Submitted by:	Yuri Victorovich <yuri@rawbw.com> (maintainer)
  Approved by:	ports-secteam (miwi, feld)
  MFH:		2017Q2
  Relnotes:	https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.3.1.3-alpha
  Security:	TROVE-2017-002, CVE-2017-0375, CVE-2017-0376

Changes:
  branches/2017Q2/security/tor-devel/Makefile
  branches/2017Q2/security/tor-devel/distinfo
  branches/2017Q2/security/tor-devel/files/pkg-message.in
  branches/2017Q2/security/tor-devel/files/tor.in
  branches/2017Q2/security/tor-devel/pkg-descr
  branches/2017Q2/security/tor-devel/pkg-plist