* [PATCH] Tor: update to 0.4.6.7
@ 2021-09-04 13:53 Peter Müller
0 siblings, 0 replies; only message in thread
From: Peter Müller @ 2021-09-04 13:53 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 3039 bytes --]
Full changelog as per https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.6.7:
Changes in version 0.4.6.7 - 2021-08-16
This version fixes several bugs from earlier versions of Tor,
including one that could lead to a denial-of-service attack. Everyone
running an earlier version, whether as a client, a relay, or an onion
service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
o Major bugfixes (cryptography, security):
- Resolve an assertion failure caused by a behavior mismatch between
our batch-signature verification code and our single-signature
verification code. This assertion failure could be triggered
remotely, leading to a denial of service attack. We fix this issue
by disabling batch verification. Fixes bug 40078; bugfix on
0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and
CVE-2021-38385. Found by Henry de Valence.
o Minor feature (fallbackdir):
- Regenerate fallback directories list. Close ticket 40447.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2021/08/12.
o Minor bugfix (crypto):
- Disable the unused batch verification feature of ed25519-donna.
Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry
de Valence.
o Minor bugfixes (onion service):
- Send back the extended SOCKS error 0xF6 (Onion Service Invalid
Address) for a v2 onion address. Fixes bug 40421; bugfix
on 0.4.6.2-alpha.
o Minor bugfixes (relay):
- Reduce the compression level for data streaming from HIGH to LOW
in order to reduce CPU load on the directory relays. Fixes bug
40301; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (timekeeping):
- Calculate the time of day correctly on systems where the time_t
type includes leap seconds. (This is not the case on most
operating systems, but on those where it occurs, our tor_timegm
function did not correctly invert the system's gmtime function,
which could result in assertion failures when calculating voting
schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
lfs/tor | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/tor b/lfs/tor
index 97f2cf04e..56280b936 100644
--- a/lfs/tor
+++ b/lfs/tor
@@ -24,7 +24,7 @@
include Config
-VER = 0.4.6.5
+VER = 0.4.6.7
THISAPP = tor-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tor
-PAK_VER = 62
+PAK_VER = 63
DEPS = libseccomp
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 5a678a32c5a8b4bf97c9cb541df22b71
+$(DL_FILE)_MD5 = ff80309cfaa0719b197fdaf83f9d5443
install : $(TARGET)
--
2.26.2
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-09-04 13:53 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-04 13:53 [PATCH] Tor: update to 0.4.6.7 Peter Müller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox