Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 14 May 2008 08:09:15 GMT
From:      bf <bf2006a@yahoo.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/123664: [PATCH]security/tor-devel: update to 0.2.0.26-rc
Message-ID:  <200805140809.m4E89FhE002928@www.freebsd.org>
Resent-Message-ID: <200805140820.m4E8K2nV046563@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         123664
>Category:       ports
>Synopsis:       [PATCH]security/tor-devel: update to 0.2.0.26-rc
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 14 08:20:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     bf
>Release:        7-STABLE i386
>Organization:
-
>Environment:
>Description:
This update fixes a serious security problem, and a vuxml entry should be added detailing the vulnerability.

The ChangeLog in the distfile describes the problem: basically, three major directory authorities used vulnerable SSL keys that have been compromised, and the update contains a means of working around this problem, and of dealing with similar problems in the future.

All users should upgrade as soon as possible.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ruN tor-devel.orig/Makefile tor-devel/Makefile
--- tor-devel.orig/Makefile	2008-05-14 02:52:37.934754876 -0400
+++ tor-devel/Makefile	2008-05-14 03:37:53.370283973 -0400
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	tor
-DISTVERSION=	0.2.0.25-rc
+DISTVERSION=	0.2.0.26-rc
 CATEGORIES=	security net
 MASTER_SITES=	http://www.torproject.org/dist/ \
 		http://mirror.onionland.org/dist/
diff -ruN tor-devel.orig/distinfo tor-devel/distinfo
--- tor-devel.orig/distinfo	2008-05-14 02:52:37.934754876 -0400
+++ tor-devel/distinfo	2008-05-14 03:37:53.370283973 -0400
@@ -1,3 +1,3 @@
-MD5 (tor-0.2.0.25-rc.tar.gz) = c9fa4f72a1f890f55a54d52f946688dd
-SHA256 (tor-0.2.0.25-rc.tar.gz) = 34533a925894b9bb33aeb6e93b6a4a00c4a025b23f3f90f6c691e7ba7e3d4e87
-SIZE (tor-0.2.0.25-rc.tar.gz) = 1544463
+MD5 (tor-0.2.0.26-rc.tar.gz) = aa1179fab4dc69a10278e70729681053
+SHA256 (tor-0.2.0.26-rc.tar.gz) = 11b1e091da329c2a447f1bda85d79f9493968dfc463f039401324de8237e7369
+SIZE (tor-0.2.0.26-rc.tar.gz) = 1558724


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200805140809.m4E89FhE002928>