Bug 219863 - security/tor: Update to 0.3.0.8 (Security fixes)
Summary: security/tor: Update to 0.3.0.8 (Security fixes)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Kurt Jaeger
URL: https://lists.torproject.org/pipermai...
Keywords: security
Depends on:
Blocks:
 
Reported: 2017-06-08 15:42 UTC by nusenu
Modified: 2017-07-25 18:35 UTC (History)
3 users (show)

See Also:
koobs: maintainer-feedback+
pi: merge-quarterly+


Attachments
patch (836 bytes, patch)
2017-06-08 22:32 UTC, Yuri Victorovich
yuri: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description nusenu 2017-06-08 15:42:55 UTC
0.3.0.8 fixes two remote DoS vulnerabilities related to hidden services:

https://lists.torproject.org/pipermail/tor-talk/2017-June/043244.html

CVEs: 
CVE-2017-0375, CVE-2017-0376

https://dist.torproject.org/tor-0.3.0.8.tar.gz
Comment 1 Yuri Victorovich freebsd_committer 2017-06-08 22:32:54 UTC
Created attachment 183336 [details]
patch

Builds in poudriere.
Comment 2 FStl 2017-06-10 15:04:08 UTC
Please also update the tor version in the 2017Q2 branch from 0.2.9.10 to 0.2.9.11 since that is affected by the same security issue.
Comment 3 Yuri Victorovich freebsd_committer 2017-06-10 21:09:07 UTC
+1
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2017-06-13 09:40:10 UTC
@Yuri Please confirm QA pass in this and bug 219864
Comment 5 Kubilay Kocak freebsd_committer freebsd_triage 2017-06-13 09:59:35 UTC
Has QA confirmation (comment 1)
Comment 6 Kubilay Kocak freebsd_committer freebsd_triage 2017-06-14 13:27:21 UTC
Jan has this in progress.

Commit, VuXML & MFH pending
Comment 7 Kubilay Kocak freebsd_committer freebsd_triage 2017-06-14 13:28:58 UTC
Oops, I meant Kurt :)
Comment 8 commit-hook freebsd_committer 2017-06-14 19:01:23 UTC
A commit references this bug:

Author: pi
Date: Wed Jun 14 19:00:27 UTC 2017
New revision: 443596
URL: https://svnweb.freebsd.org/changeset/ports/443596

Log:
  security/tor: update 0.3.0.7 -> 0.3.0.8

  PR:		219863
  Submitted by:	Yuri Victorovich <yuri@rawbw.com> (maintainer)
  MFH:		2017Q2
  Relnotes:	https://gitweb.torproject.org/tor.git/plain/ReleaseNotes?id=tor-0.3.0.8
  Security:	CVE-2017-0375, CVE-2017-0376

Changes:
  head/security/tor/Makefile
  head/security/tor/distinfo
Comment 9 commit-hook freebsd_committer 2017-06-16 07:00:43 UTC
A commit references this bug:

Author: pi
Date: Fri Jun 16 06:59:32 UTC 2017
New revision: 443669
URL: https://svnweb.freebsd.org/changeset/ports/443669

Log:
  security/tor: update 0.2.9.10 -> 0.3.0.8

  PR:		219246, 219863
  Submitted by:	Yuri Victorovich <yuri@rawbw.com> (maintainer)
  Approved by:	ports-secteam (miwi, feld)
  MFH:		2017Q2
  Relnotes:	https://gitweb.torproject.org/tor.git/tree/ChangeLog
  Security:	TROVE-2017-002, CVE-2017-0375, CVE-2017-0376

Changes:
  branches/2017Q2/security/tor/Makefile
  branches/2017Q2/security/tor/distinfo
  branches/2017Q2/security/tor/pkg-descr
  branches/2017Q2/security/tor/pkg-plist