svn commit: r456942 - in head/security/tor-devel: . files

Yuri Victorovich yuri at FreeBSD.org
Thu Dec 21 20:09:00 UTC 2017 

Author: yuri
Date: Thu Dec 21 20:08:58 2017
New Revision: 456942
URL: https://svnweb.freebsd.org/changeset/ports/456942

Log:
  security/tor-devel: Update to 0.3.2.8-rc
  
  This is an important update for relays running earlier versions of 0.3.2.x.
  
  Changes in version 0.3.2.8-rc - 2017-12-21
    Tor 0.3.2.8-rc fixes a pair of bugs in the KIST and KISTLite
    schedulers that had led servers under heavy load to overload their
    outgoing connections. All relay operators running earlier 0.3.2.x
    versions should upgrade. This version also includes a mitigation for
    over-full DESTROY queues leading to out-of-memory conditions: if it
    works, we will soon backport it to earlier release series.
  
    This is the second release candidate in the 0.3.2 series. If we find
    no new bugs or regression here, then the first stable 0.3.2 release
    will be nearly identical to this.
  
    o Major bugfixes (KIST, scheduler):
      - The KIST scheduler did not correctly account for data already
        enqueued in each connection's send socket buffer, particularly in
        cases when the TCP/IP congestion window was reduced between
        scheduler calls. This situation lead to excessive per-connection
        buffering in the kernel, and a potential memory DoS. Fixes bug
        24665; bugfix on 0.3.2.1-alpha.
  
    o Minor features (geoip):
      - Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2
        Country database.
  
    o Minor bugfixes (hidden service v3):
      - Bump hsdir_spread_store parameter from 3 to 4 in order to increase
        the probability of reaching a service for a client missing
        microdescriptors. Fixes bug 24425; bugfix on 0.3.2.1-alpha.
  
    o Minor bugfixes (memory usage):
      - When queuing DESTROY cells on a channel, only queue the circuit-id
        and reason fields: not the entire 514-byte cell. This fix should
        help mitigate any bugs or attacks that fill up these queues, and
        free more RAM for other uses. Fixes bug 24666; bugfix
        on 0.2.5.1-alpha.
  
    o Minor bugfixes (scheduler, KIST):
      - Use a sane write limit for KISTLite when writing onto a connection
        buffer instead of using INT_MAX and shoving as much as it can.
        Because the OOM handler cleans up circuit queues, we are better
        off at keeping them in that queue instead of the connection's
        buffer. Fixes bug 24671; bugfix on 0.3.2.1-alpha.
  
  Reported by:	nickm at torproject.org
  Approved by:	adamw (mentor)
  Differential Revision:	https://reviews.freebsd.org/D13576

Modified:
  head/security/tor-devel/Makefile
  head/security/tor-devel/distinfo
  head/security/tor-devel/files/patch-orconfig.h.in

Modified: head/security/tor-devel/Makefile
==============================================================================
--- head/security/tor-devel/Makefile	Thu Dec 21 19:10:41 2017	(r456941)
+++ head/security/tor-devel/Makefile	Thu Dec 21 20:08:58 2017	(r456942)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	tor
-DISTVERSION=	0.3.2.7-rc
+DISTVERSION=	0.3.2.8-rc
 CATEGORIES=	security net ipv6
 MASTER_SITES=	TOR
 PKGNAMESUFFIX=	-devel

Modified: head/security/tor-devel/distinfo
==============================================================================
--- head/security/tor-devel/distinfo	Thu Dec 21 19:10:41 2017	(r456941)
+++ head/security/tor-devel/distinfo	Thu Dec 21 20:08:58 2017	(r456942)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1513300048
-SHA256 (tor-0.3.2.7-rc.tar.gz) = 4be673a5084790977d692e11afe5ca575adb08f06809dbac52d8b005435131fb
-SIZE (tor-0.3.2.7-rc.tar.gz) = 6313975
+TIMESTAMP = 1513885146
+SHA256 (tor-0.3.2.8-rc.tar.gz) = 09ee4578f6189f9ec8444bdfd77da65249787537c5661ce746e52aa6b08a0df7
+SIZE (tor-0.3.2.8-rc.tar.gz) = 6345141

Modified: head/security/tor-devel/files/patch-orconfig.h.in
==============================================================================
--- head/security/tor-devel/files/patch-orconfig.h.in	Thu Dec 21 19:10:41 2017	(r456941)
+++ head/security/tor-devel/files/patch-orconfig.h.in	Thu Dec 21 20:08:58 2017	(r456942)
@@ -1,9 +1,10 @@
 --- orconfig.h.in.orig	2017-12-13 17:18:09 UTC
 +++ orconfig.h.in
-@@ -535,7 +535,9 @@
+@@ -535,7 +535,10 @@
  #undef HAVE_TIME_H
  
  /* Define to 1 if you have the `timingsafe_memcmp' function. */
++#include <osreldate.h>
 +#if __FreeBSD_version >= 1200000 // disabled: timingsafe_memcmp(3) has been added only in 12.0, and isn't yet available on older systems
  #undef HAVE_TIMINGSAFE_MEMCMP
 +#endif

More information about the svn-ports-all mailing list