security/tor: Update 0.4.4.7 -> 0.4.5.6

Changelog: https://lists.torproject.org/pipermail/tor-announce/2021-February/000214.html
- contains major and minor bugfixes and new features.

Port options LTTNG,USDT,LOG_DEBUG backported from security/tor-devel.
LIB_DEPENDS is fixes in STATIC_TOR option.

Reported by:	upstream notification
This commit is contained in:
Yuri Victorovich 2021-02-15 18:50:34 +00:00
parent 601f956e3b
commit 1387321eaa
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=565324
3 changed files with 26 additions and 73 deletions

View file

@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= tor
DISTVERSION= 0.4.4.7
DISTVERSION= 0.4.5.6
CATEGORIES= security net
MASTER_SITES= TOR
@ -23,13 +23,15 @@ CONFIGURE_ENV= TOR_CPPFLAGS_libevent="-I${LOCALBASE}/include" \
TOR_LIBEVENT_LIBS="${TOR_LIBEVENT_LIBS}"
OPTIONS_DEFINE= MANPAGES DOCS STATIC_TOR TCMALLOC
OPTIONS_GROUP= COMPRESSION
OPTIONS_GROUP= COMPRESSION TRACING
OPTIONS_GROUP_COMPRESSION= ZSTD LZMA
OPTIONS_GROUP_TRACING= LTTNG USDT LOG_DEBUG
OPTIONS_DEFAULT=MANPAGES ZSTD LZMA
OPTIONS_SUB= yes
STATIC_TOR_DESC= Build a static tor
TCMALLOC_DESC= Use the tcmalloc memory allocation library
COMPRESSION_DESC= Supported compression libraries
TRACING_DESC= Tracing
USE_RC_SUBR= tor
SUB_FILES= pkg-message
@ -44,10 +46,23 @@ CONFLICTS_INSTALL= tor-devel
STATIC_TOR_USES= ssl:build
STATIC_TOR_USES_OFF= ssl
# compression options
ZSTD_CONFIGURE_ENABLE= zstd
ZSTD_CONFIGURE_ENV=TOR_ZSTD_LIBS="${TOR_ZSTD_LIBS}"
LZMA_CONFIGURE_ENABLE= lzma
# tracing options
LTTNG_DESC= Build with LTTng-UST instrumentation
LTTNG_USES= localbase
LTTNG_CONFIGURE_ENABLE= tracing-instrumentation-lttng
LTTNG_LIB_DEPENDS= liblttng-ust.so:sysutils/lttng-ust
USDT_DESC= Build with tracing USDT instrumentation
USDT_CONFIGURE_ENABLE= tracing-instrumentation-usdt
USDT_LIB_DEPENDS= liblttng-ust.so:sysutils/lttng-ust
USDT_BROKEN= error: use of undeclared identifier 'tor_circuit': https://gitlab.torproject.org/tpo/core/tor/-/issues/40174#note_2714275
LOG_DEBUG_DESC= Build with tracing event to debug log
LOG_DEBUG_CONFIGURE_ENABLE= tracing-instrumentation-log-debug
.include <bsd.port.options.mk>
.if ${PORT_OPTIONS:MDOCS} || ${PORT_OPTIONS:MMANPAGES}
@ -71,6 +86,7 @@ TOR_LIBEVENT_LIBS= ${LOCALBASE}/lib/libevent.a
. if ${PORT_OPTIONS:MZSTD}
BUILD_DEPENDS+= ${LOCALBASE}/lib/libzstd.a:archivers/zstd
TOR_ZSTD_LIBS= ${LOCALBASE}/lib/libzstd.a
LDFLAGS+= -lelf # needed by libexecinfo.a
. endif
.else
CONFIGURE_ARGS+= --enable-linker-hardening
@ -85,7 +101,8 @@ TOR_ZSTD_LIBS= -lzstd
.if ${PORT_OPTIONS:MTCMALLOC}
CONFIGURE_ARGS+= --with-malloc=tcmalloc
.if ${PORT_OPTIONS:MSTATIC_TOR}
BUILD_DEPENDS+= ${LOCALBASE}/lib/libtcmalloc.a:devel/google-perftools
BUILD_DEPENDS+= ${LOCALBASE}/lib/libtcmalloc.a:devel/google-perftools # for static 'tor' executable
RUN_DEPENDS+= google-perftool>0:devel/google-perftools # for a still-dynamic 'tor-gencert' executable
LDFLAGS+= -lc++ -lm # required by libtcmalloc.a and isn't cocered by google-perftools' `pkg-config --libs libtcmalloc` output
.else
LIB_DEPENDS+= libtcmalloc.so:devel/google-perftools
@ -101,8 +118,8 @@ post-patch:
${WRKSRC}/configure
@${REINPLACE_CMD} -e 's|lib/tor|db/tor|' \
${WRKSRC}/src/config/torrc.*.in \
${WRKSRC}/doc/tor.1.* \
${WRKSRC}/doc/tor.html.in
${WRKSRC}/doc/man/tor.1.* \
${WRKSRC}/doc/man/tor.html.in
post-install:
@${MKDIR} ${STAGEDIR}/var/log/tor ${STAGEDIR}/var/run/tor ${STAGEDIR}/var/db/tor

View file

@ -1,3 +1,3 @@
TIMESTAMP = 1612376430
SHA256 (tor-0.4.4.7.tar.gz) = 326d2926177f0c7838cac213456d0056817d57f3f2e46714a2911c7d7a9b05ee
SIZE (tor-0.4.4.7.tar.gz) = 7812645
TIMESTAMP = 1613411993
SHA256 (tor-0.4.5.6.tar.gz) = 22cba3794fedd5fa87afc1e512c6ce2c21bc20b4e1c6f8079d832dc1e545e733
SIZE (tor-0.4.5.6.tar.gz) = 7926711

View file

@ -1,64 +0,0 @@
- submitted by brnrd@ in PR#253486
From b22568a54506e4b79b72530f89f21032e6435414 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Fri, 6 Nov 2020 10:29:28 -0500
Subject: [PATCH] Rename OpenSSL_version_num() as defined in Tor
This way, if we guess wrong about whether the library has it,
we don't conflict with the library's headers.
Fixes #40181; bug not in any released version.
---
src/lib/crypt_ops/compat_openssl.h | 3 ++-
src/lib/crypt_ops/crypto_openssl_mgt.c | 2 +-
src/lib/tls/tortls_openssl.c | 2 +-
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/lib/crypt_ops/compat_openssl.h b/src/lib/crypt_ops/compat_openssl.h
index c2e1459078..aa66e0c3fa 100644
--- src/lib/crypt_ops/compat_openssl.h.orig
+++ src/lib/crypt_ops/compat_openssl.h
@@ -34,7 +34,7 @@
#ifndef OPENSSL_1_1_API
#define OpenSSL_version(v) SSLeay_version(v)
-#define OpenSSL_version_num() SSLeay()
+#define tor_OpenSSL_version_num() SSLeay()
#define RAND_OpenSSL() RAND_SSLeay()
#define STATE_IS_SW_SERVER_HELLO(st) \
(((st) == SSL3_ST_SW_SRVR_HELLO_A) || \
@@ -42,6 +42,7 @@
#define OSSL_HANDSHAKE_STATE int
#define CONST_IF_OPENSSL_1_1_API
#else /* defined(OPENSSL_1_1_API) */
+#define tor_OpenSSL_version_num() OpenSSL_version_num()
#define STATE_IS_SW_SERVER_HELLO(st) \
((st) == TLS_ST_SW_SRVR_HELLO)
#define CONST_IF_OPENSSL_1_1_API const
diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.c b/src/lib/crypt_ops/crypto_openssl_mgt.c
index 065cbca1cc..e763491a11 100644
--- src/lib/crypt_ops/crypto_openssl_mgt.c.orig
+++ src/lib/crypt_ops/crypto_openssl_mgt.c
@@ -222,7 +222,7 @@ crypto_openssl_early_init(void)
setup_openssl_threading();
- unsigned long version_num = OpenSSL_version_num();
+ unsigned long version_num = tor_OpenSSL_version_num();
const char *version_str = crypto_openssl_get_version_str();
if (version_num == OPENSSL_VERSION_NUMBER &&
!strcmp(version_str, OPENSSL_VERSION_TEXT)) {
diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
index 2269714141..ad9b49ab4f 100644
--- src/lib/tls/tortls_openssl.c.orig
+++ src/lib/tls/tortls_openssl.c
@@ -342,7 +342,7 @@ tor_tls_init(void)
#if (SIZEOF_VOID_P >= 8 && \
OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
- long version = OpenSSL_version_num();
+ long version = tor_OpenSSL_version_num();
/* LCOV_EXCL_START : we can't test these lines on the same machine */
if (version >= OPENSSL_V_SERIES(1,0,1)) {