Updated tor to 0.2.9.9.

Changes in version 0.2.9.9 - 2017-01-23
  Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could
  cause relays and clients to crash, even if they were not built with
  the --enable-expensive-hardening option. This bug affects all 0.2.9.x
  versions, and also affects 0.3.0.1-alpha: all relays running an affected
  version should upgrade.

  This release also resolves a client-side onion service reachability
  bug, and resolves a pair of small portability issues.

  o Major bugfixes (security):
    - Downgrade the "-ftrapv" option from "always on" to "only on when
      --enable-expensive-hardening is provided." This hardening option,
      like others, can turn survivable bugs into crashes -- and having
      it on by default made a (relatively harmless) integer overflow bug
      into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001);
      bugfix on 0.2.9.1-alpha.

  o Major bugfixes (client, onion service):
    - Fix a client-side onion service reachability bug, where multiple
      socks requests to an onion service (or a single slow request)
      could cause us to mistakenly mark some of the service's
      introduction points as failed, and we cache that failure so
      eventually we run out and can't reach the service. Also resolves a
      mysterious "Remote server sent bogus reason code 65021" log
      warning. The bug was introduced in ticket 17218, where we tried to
      remember the circuit end reason as a uint16_t, which mangled
      negative values. Partially fixes bug 21056 and fixes bug 20307;
      bugfix on 0.2.8.1-alpha.

  o Minor features (geoip):
    - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (portability):
    - Avoid crashing when Tor is built using headers that contain
      CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel
      without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix
      on 0.2.9.1-alpha.
    - Fix Libevent detection on platforms without Libevent 1 headers
      installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha.
This commit is contained in:
wiz 2017-01-24 08:59:07 +00:00
parent 3b8fbc2c8e
commit ff3e3ab447
2 changed files with 7 additions and 7 deletions

View file

@ -1,6 +1,6 @@
# $NetBSD: Makefile,v 1.116 2017/01/08 12:50:41 maya Exp $
# $NetBSD: Makefile,v 1.117 2017/01/24 08:59:07 wiz Exp $
DISTNAME= tor-0.2.9.8
DISTNAME= tor-0.2.9.9
CATEGORIES= net security
MASTER_SITES= http://www.torproject.org/dist/

View file

@ -1,6 +1,6 @@
$NetBSD: distinfo,v 1.77 2017/01/08 12:50:41 maya Exp $
$NetBSD: distinfo,v 1.78 2017/01/24 08:59:07 wiz Exp $
SHA1 (tor-0.2.9.8.tar.gz) = 02364a45486ea70e3cdfdf2a195ae7501f0a5f26
RMD160 (tor-0.2.9.8.tar.gz) = 41a08ec5d1a0222ff2277beb54984f8dd21dc2e6
SHA512 (tor-0.2.9.8.tar.gz) = 6a43a56ebed7b24ccdd2474406f25347819d4efec4916bdb2e725177b34e233632cc17e68c823efa3d0aad4a5bd13e00a5077cdfeb8830a612253a03ab91b622
Size (tor-0.2.9.8.tar.gz) = 5522235 bytes
SHA1 (tor-0.2.9.9.tar.gz) = 031bc77666a761ae7bc88cdade8187a3e3758d69
RMD160 (tor-0.2.9.9.tar.gz) = 2a94b5abb565dc5e508fb6e70a05ea60e53202f3
SHA512 (tor-0.2.9.9.tar.gz) = cbe7e1f3e503b945f150916b7147cf23d1c32c3660e15aecfe5e2f2baac3a241de665e6ce4e81b81229933eba7f02d4a86e8deeabf2378d40fa83a7036928c9b
Size (tor-0.2.9.9.tar.gz) = 5534005 bytes