* [Buildroot] [PATCH 1/1] package/tor: bump version to 0.4.3.6
@ 2020-07-11 18:06 Bernd Kuhls
2020-07-11 21:52 ` Thomas Petazzoni
0 siblings, 1 reply; 2+ messages in thread
From: Bernd Kuhls @ 2020-07-11 18:06 UTC (permalink / raw
To: buildroot
Release notes:
https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes
The fix for CVE-2020-15572 "Fix a crash due to an out-of-bound memory
access when Tor is compiled with NSS support" does not affect buildroot
because we do not support building tor with libnss.
Rebased patch 0001.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
.../tor/0001-Fix-static-linking-with-OpenSSL.patch | 12 ++++++------
package/tor/tor.hash | 2 +-
package/tor/tor.mk | 2 +-
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/package/tor/0001-Fix-static-linking-with-OpenSSL.patch b/package/tor/0001-Fix-static-linking-with-OpenSSL.patch
index e4cd24e138..942f913465 100644
--- a/package/tor/0001-Fix-static-linking-with-OpenSSL.patch
+++ b/package/tor/0001-Fix-static-linking-with-OpenSSL.patch
@@ -38,7 +38,7 @@ diff --git a/configure.ac b/configure.ac
index 05e1392cf..580befa6b 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -885,7 +885,7 @@ AC_ARG_WITH(ssl-dir,
+@@ -966,7 +966,7 @@ AC_ARG_WITH(ssl-dir,
])
AC_MSG_NOTICE([Now, we'll look for OpenSSL >= 1.0.1])
@@ -47,7 +47,7 @@ index 05e1392cf..580befa6b 100644
[#include <openssl/ssl.h>
char *getenv(const char *);],
[struct ssl_cipher_st;
-@@ -919,7 +919,7 @@ dnl Now check for particular openssl functions.
+@@ -998,7 +998,7 @@ dnl Now check for particular openssl functions.
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
save_CPPFLAGS="$CPPFLAGS"
@@ -60,7 +60,7 @@ diff --git a/src/test/include.am b/src/test/include.am
index ecb768957..39a622e88 100644
--- a/src/test/include.am
+++ b/src/test/include.am
-@@ -317,8 +317,8 @@ src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
+@@ -378,8 +378,8 @@ src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
src_test_test_ntor_cl_LDADD = \
$(TOR_INTERNAL_LIBS) \
$(rust_ldadd) \
@@ -71,7 +71,7 @@ index ecb768957..39a622e88 100644
@CURVE25519_LIBS@ @TOR_LZMA_LIBS@
src_test_test_ntor_cl_AM_CPPFLAGS = \
$(AM_CPPFLAGS)
-@@ -327,8 +327,8 @@ src_test_test_hs_ntor_cl_SOURCES = src/test/test_hs_ntor_cl.c
+@@ -388,8 +388,8 @@ src_test_test_hs_ntor_cl_SOURCES = src/test/test_hs_ntor_cl.c
src_test_test_hs_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
src_test_test_hs_ntor_cl_LDADD = \
$(TOR_INTERNAL_LIBS) \
@@ -86,7 +86,7 @@ diff --git a/src/tools/include.am b/src/tools/include.am
index f7aa7e0d1..4c4e8aa7a 100644
--- a/src/tools/include.am
+++ b/src/tools/include.am
-@@ -30,7 +30,7 @@ src_tools_tor_gencert_LDADD = \
+@@ -35,7 +35,7 @@ src_tools_tor_gencert_LDADD = \
$(TOR_CRYPTO_LIBS) \
$(TOR_UTIL_LIBS) \
$(rust_ldadd) \
@@ -95,7 +95,7 @@ index f7aa7e0d1..4c4e8aa7a 100644
@TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ @CURVE25519_LIBS@
endif
-@@ -40,7 +40,7 @@ src_tools_tor_print_ed_signing_cert_LDADD = \
+@@ -45,7 +45,7 @@ src_tools_tor_print_ed_signing_cert_LDADD = \
src/trunnel/libor-trunnel.a \
$(TOR_CRYPTO_LIBS) \
$(TOR_UTIL_LIBS) \
diff --git a/package/tor/tor.hash b/package/tor/tor.hash
index f5b5fb0e49..47c2dd49b4 100644
--- a/package/tor/tor.hash
+++ b/package/tor/tor.hash
@@ -1,3 +1,3 @@
# Locally computed
-sha256 616a0e4ae688d0e151d46e3e4258565da4d443d1ddbd316db0b90910e2d5d868 tor-0.4.3.5.tar.gz
+sha256 6a2d0637d4e514be2ec574723a05065245cce51da78a21cec1dc831be5ccac62 tor-0.4.3.6.tar.gz
sha256 ae2afe6cd3fd9d512afbaa1ef218757eb00aa6b6aa5e2dfc2774b6837e373fa1 LICENSE
diff --git a/package/tor/tor.mk b/package/tor/tor.mk
index 024fb1ad5d..050114ccac 100644
--- a/package/tor/tor.mk
+++ b/package/tor/tor.mk
@@ -4,7 +4,7 @@
#
################################################################################
-TOR_VERSION = 0.4.3.5
+TOR_VERSION = 0.4.3.6
TOR_SITE = https://dist.torproject.org
TOR_LICENSE = BSD-3-Clause
TOR_LICENSE_FILES = LICENSE
--
2.26.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [PATCH 1/1] package/tor: bump version to 0.4.3.6
2020-07-11 18:06 [Buildroot] [PATCH 1/1] package/tor: bump version to 0.4.3.6 Bernd Kuhls
@ 2020-07-11 21:52 ` Thomas Petazzoni
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni @ 2020-07-11 21:52 UTC (permalink / raw
To: buildroot
On Sat, 11 Jul 2020 20:06:16 +0200
Bernd Kuhls <bernd.kuhls@t-online.de> wrote:
> Release notes:
> https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes
>
> The fix for CVE-2020-15572 "Fix a crash due to an out-of-bound memory
> access when Tor is compiled with NSS support" does not affect buildroot
> because we do not support building tor with libnss.
>
> Rebased patch 0001.
>
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
> ---
> .../tor/0001-Fix-static-linking-with-OpenSSL.patch | 12 ++++++------
> package/tor/tor.hash | 2 +-
> package/tor/tor.mk | 2 +-
> 3 files changed, 8 insertions(+), 8 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-07-11 21:52 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-07-11 18:06 [Buildroot] [PATCH 1/1] package/tor: bump version to 0.4.3.6 Bernd Kuhls
2020-07-11 21:52 ` Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.