Subject: CVS commit: [pkgsrc-2015Q1] pkgsrc/net/tor
From: Matthias Scheler
Date: 2015-04-08 22:53:25
Message id: 20150408205325.7AA2E98@cvs.netbsd.org

Log Message:
Pullup ticket #4657 - requested by wiz
net/tor: security update

Revisions pulled up:
- net/tor/Makefile                                              1.102
- net/tor/distinfo                                              1.63

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Apr  8 05:26:02 UTC 2015

   Modified Files:
   	pkgsrc/net/tor: Makefile distinfo

   Log Message:
   Update to 0.2.5.12,  from Christian Sturm in PR 49823.

   Changes in version 0.2.5.12 - 2015-04-06
     Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that
     could be used by an attacker to crash hidden services, or crash clients
     visiting hidden services. Hidden services should upgrade as soon as
     possible; clients should upgrade whenever packages become available.

     This release also backports a simple improvement to make hidden
     services a bit less vulnerable to denial-of-service attacks.

     o Major bugfixes (security, hidden service):
       - Fix an issue that would allow a malicious client to trigger an
         assertion failure and halt a hidden service. Fixes bug 15600;
         bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
       - Fix a bug that could cause a client to crash with an assertion
         failure when parsing a malformed hidden service descriptor. Fixes
         bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".

     o Minor features (DoS-resistance, hidden service):
       - Introduction points no longer allow multiple INTRODUCE1 cells to
         arrive on the same circuit. This should make it more expensive for
         attackers to overwhelm hidden services with introductions.
         Resolves ticket 15515.

Files:
RevisionActionfile
1.101.2.1modifypkgsrc/net/tor/Makefile
1.62.2.1modifypkgsrc/net/tor/distinfo