update to 0.2.3.25

from the announcement: Tor 0.2.3.25, the first stable release in the 0.2.3 branch, features significantly reduced directory overhead (via microdescriptors), enormous crypto performance improvements for fast relays on new enough hardware, a new v3 TLS handshake protocol that can better resist fingerprinting, support for protocol obfuscation plugins (aka pluggable transports), better scalability for hidden services, IPv6 support for bridges, performance improvements like allowing clients to skip the first round-trip on the circuit ("optimistic data") and refilling token buckets more often, a new "stream isolation" design to isolate different applications on different circuits, and many stability, security, and privacy fixes.
2012-11-26 19:00:20 +00:00 · 2012-11-26 19:00:20 +00:00 · bb44d406ef
commit bb44d406ef
parent 549e2d45e3
3 changed files with 16 additions and 16 deletions
--- a/net/tor/Makefile
+++ b/net/tor/Makefile
@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.90 2012/10/23 17:19:14 asau Exp $
+# $NetBSD: Makefile,v 1.91 2012/11/26 19:00:20 drochner Exp $
 #

-DISTNAME=		tor-0.2.2.39
+DISTNAME=		tor-0.2.3.25
 CATEGORIES=		net security
 MASTER_SITES=		http://www.torproject.org/dist/
 # MASTER_SITES redirects to https, and ftp(1) cannot handle that.
--- a/net/tor/distinfo
+++ b/net/tor/distinfo
@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.56 2012/09/13 17:09:01 drochner Exp $
+$NetBSD: distinfo,v 1.57 2012/11/26 19:00:20 drochner Exp $

-SHA1 (tor-0.2.2.39.tar.gz) = cc5021a7656c0cd22de42da9f0ce7335026852bf
-RMD160 (tor-0.2.2.39.tar.gz) = 780949054474a99f4a035a7234f8341d3cfbb17f
-Size (tor-0.2.2.39.tar.gz) = 2929303 bytes
-SHA1 (patch-aa) = 5b89228dc37c459c48f24616933a5673a5a0a0d1
+SHA1 (tor-0.2.3.25.tar.gz) = ef02e5b0eb44ab1a5d6108c39bd4e28918de79dc
+RMD160 (tor-0.2.3.25.tar.gz) = d8c90343346bc447191616f86da2591a64100b51
+Size (tor-0.2.3.25.tar.gz) = 3190011 bytes
+SHA1 (patch-aa) = 9f65234c7f1c9ea4eba37aa7287f5496993d2dc1
--- a/net/tor/patches/patch-aa
+++ b/net/tor/patches/patch-aa
@ -1,4 +1,4 @@
-$NetBSD: patch-aa,v 1.7 2011/09/06 19:34:01 drochner Exp $
+$NetBSD: patch-aa,v 1.8 2012/11/26 19:00:20 drochner Exp $

 From: Taylor R Campbell
 Subject: patch for Tor to workaround OpenSSL renegotiation lossage on 5.1
@ -20,23 +20,23 @@ put into NetBSD 5.1 (and SSL_OP_ALLOW_UNSAFE_RENEGOTIATION defined in
 ssl.h) so that this patch would be unnecessary.
 [2. text/plain; nbsd51-reneg]

--- ./src/common/tortls.c.~1~	2010-05-02 22:02:50.000000000 +0000
-+++ ./src/common/tortls.c	2010-07-30 00:34:00.000000000 +0000
-@@ -356,6 +356,17 @@
+--- src/common/tortls.c.orig	2012-11-19 21:24:54.000000000 +0000
+++ src/common/tortls.c
+@@ -477,6 +477,17 @@ tor_tls_init(void)
      * program should be allowed to use renegotiation unless it first passed
      * a test of intelligence and determination.
      */
 +#ifdef __NetBSD__
 +    /* In NetBSD 5.1, OpenSSL 0.9.9-dev was imported and `fixed' to use
 +       the same scheme as 0.9.8l.  */
-+    if (version == 0x00909000L) {
+    if (version == OPENSSL_V_NOPATCH(0,9,9)) {
 +      log_notice(LD_GENERAL, "OpenSSL %s on NetBSD looks like version 0.9.8l; "
-+                 "I will try SSL3_FLAGS to enable renegotation.",
+                 "I will try SSL3_FLAGS and SSL_OP to enable renegotation.",
 +                 SSLeay_version(SSLEAY_VERSION));
 +      use_unsafe_renegotiation_flag = 1;
 +      use_unsafe_renegotiation_op = 1;
 +    } else
 +#endif
-     if (version >= 0x009080c0L && version < 0x009080d0L) {
-       log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; "
-                  "I will try SSL3_FLAGS to enable renegotation.",
+     if (version > OPENSSL_V(0,9,8,'k') && version <= OPENSSL_V(0,9,8,'l')) {
+       log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l, but "
+                  "some vendors have backported renegotiation code from "