update to 0.2.3.25

from the announcement:
Tor 0.2.3.25, the first stable release in the 0.2.3 branch, features
significantly reduced directory overhead (via microdescriptors),
enormous crypto performance improvements for fast relays on new
enough hardware, a new v3 TLS handshake protocol that can better
resist fingerprinting, support for protocol obfuscation plugins (aka
pluggable transports), better scalability for hidden services, IPv6
support for bridges, performance improvements like allowing clients
to skip the first round-trip on the circuit ("optimistic data") and
refilling token buckets more often, a new "stream isolation" design
to isolate different applications on different circuits, and many
stability, security, and privacy fixes.
This commit is contained in:
drochner 2012-11-26 19:00:20 +00:00
parent 549e2d45e3
commit bb44d406ef
3 changed files with 16 additions and 16 deletions

View file

@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.90 2012/10/23 17:19:14 asau Exp $
# $NetBSD: Makefile,v 1.91 2012/11/26 19:00:20 drochner Exp $
#
DISTNAME= tor-0.2.2.39
DISTNAME= tor-0.2.3.25
CATEGORIES= net security
MASTER_SITES= http://www.torproject.org/dist/
# MASTER_SITES redirects to https, and ftp(1) cannot handle that.

View file

@ -1,6 +1,6 @@
$NetBSD: distinfo,v 1.56 2012/09/13 17:09:01 drochner Exp $
$NetBSD: distinfo,v 1.57 2012/11/26 19:00:20 drochner Exp $
SHA1 (tor-0.2.2.39.tar.gz) = cc5021a7656c0cd22de42da9f0ce7335026852bf
RMD160 (tor-0.2.2.39.tar.gz) = 780949054474a99f4a035a7234f8341d3cfbb17f
Size (tor-0.2.2.39.tar.gz) = 2929303 bytes
SHA1 (patch-aa) = 5b89228dc37c459c48f24616933a5673a5a0a0d1
SHA1 (tor-0.2.3.25.tar.gz) = ef02e5b0eb44ab1a5d6108c39bd4e28918de79dc
RMD160 (tor-0.2.3.25.tar.gz) = d8c90343346bc447191616f86da2591a64100b51
Size (tor-0.2.3.25.tar.gz) = 3190011 bytes
SHA1 (patch-aa) = 9f65234c7f1c9ea4eba37aa7287f5496993d2dc1

View file

@ -1,4 +1,4 @@
$NetBSD: patch-aa,v 1.7 2011/09/06 19:34:01 drochner Exp $
$NetBSD: patch-aa,v 1.8 2012/11/26 19:00:20 drochner Exp $
From: Taylor R Campbell
Subject: patch for Tor to workaround OpenSSL renegotiation lossage on 5.1
@ -20,23 +20,23 @@ put into NetBSD 5.1 (and SSL_OP_ALLOW_UNSAFE_RENEGOTIATION defined in
ssl.h) so that this patch would be unnecessary.
[2. text/plain; nbsd51-reneg]
--- ./src/common/tortls.c.~1~ 2010-05-02 22:02:50.000000000 +0000
+++ ./src/common/tortls.c 2010-07-30 00:34:00.000000000 +0000
@@ -356,6 +356,17 @@
--- src/common/tortls.c.orig 2012-11-19 21:24:54.000000000 +0000
+++ src/common/tortls.c
@@ -477,6 +477,17 @@ tor_tls_init(void)
* program should be allowed to use renegotiation unless it first passed
* a test of intelligence and determination.
*/
+#ifdef __NetBSD__
+ /* In NetBSD 5.1, OpenSSL 0.9.9-dev was imported and `fixed' to use
+ the same scheme as 0.9.8l. */
+ if (version == 0x00909000L) {
+ if (version == OPENSSL_V_NOPATCH(0,9,9)) {
+ log_notice(LD_GENERAL, "OpenSSL %s on NetBSD looks like version 0.9.8l; "
+ "I will try SSL3_FLAGS to enable renegotation.",
+ "I will try SSL3_FLAGS and SSL_OP to enable renegotation.",
+ SSLeay_version(SSLEAY_VERSION));
+ use_unsafe_renegotiation_flag = 1;
+ use_unsafe_renegotiation_op = 1;
+ } else
+#endif
if (version >= 0x009080c0L && version < 0x009080d0L) {
log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; "
"I will try SSL3_FLAGS to enable renegotation.",
if (version > OPENSSL_V(0,9,8,'k') && version <= OPENSSL_V(0,9,8,'l')) {
log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l, but "
"some vendors have backported renegotiation code from "