From 1756190eab3c6490610d2da18a243d17a7d97ea6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Peter=20M=C3=BCller?= Date: Fri, 27 Jan 2023 00:21:13 +0000 Subject: [PATCH] Tor: Update to 0.4.7.13 MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Changes in version 0.4.7.13 - 2023-01-12 This version contains three major bugfixes, two for relays and one for client being a security fix, TROVE-2022-002. We have added, for Linux, the support for IP_BIND_ADDRESS_NO_PORT for relays using OutboundBindAddress. We strongly recommend to upgrade to this version considering the important congestion control fix detailed below. o Major bugfixes (congestion control): - Avoid incrementing the congestion window when the window is not fully in use. Thia prevents overshoot in cases where long periods of low activity would allow our congestion window to grow, and then get followed by a burst, which would cause queue overload. Also improve the increment checks for RFC3742. Fixes bug 40732; bugfix on 0.4.7.5-alpha. o Major bugfixes (relay): - When opening a channel because of a circuit request that did not include an Ed25519 identity, record the Ed25519 identity that we actually received, so that we can use the channel for other circuit requests that _do_ list an Ed25519 identity. (Previously we had code to record this identity, but a logic bug caused it to be disabled.) Fixes bug 40563; bugfix on 0.3.0.1-alpha. Patch from "cypherpunks". o Major bugfixes (TROVE-2022-002, client): - The SafeSocks option had its logic inverted for SOCKS4 and SOCKS4a. It would let the unsafe SOCKS4 pass but not the safe SOCKS4a one. This is TROVE-2022-002 which was reported on Hackerone by "cojabo". Fixes bug 40730; bugfix on 0.3.5.1-alpha. o Minor feature (authority): - Reject 0.4.6.x series at the authority level. Closes ticket 40664. o Minor features (fallbackdir): - Regenerate fallback directories generated on January 12, 2023. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2023/01/12. o Minor features (relays): - Set the Linux-specific IP_BIND_ADDRESS_NO_PORT option on outgoing sockets, allowing relays using OutboundBindAddress to make more outgoing connections than ephemeral ports, as long as they are to separate destinations. Related to issue 40597; patch by Alex Xu (Hello71). o Minor bugfixes (relay, metrics): - Fix typo in a congestion control label on the MetricsPort. Fixes bug 40727; bugfix on 0.4.7.12. o Minor bugfixes (sandbox, authority): - With the sandbox enabled, allow to write "my-consensus- {ns|microdesc}" and to rename them as well. Fixes bug 40729; bugfix on 0.3.5.1-alpha. o Code simplifications and refactoring: - Rely on actual error returned by the kernel when choosing what resource exhaustion to log. Fixes issue 40613; Fix on tor-0.4.6.1-alpha. Signed-off-by: Peter Müller --- lfs/tor | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lfs/tor b/lfs/tor index 0bbfd35416..32a88568e7 100644 --- a/lfs/tor +++ b/lfs/tor @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2022 IPFire Team # +# Copyright (C) 2007-2023 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config SUMMARY = Anonymizing overlay network for TCP (The onion router) -VER = 0.4.7.12 +VER = 0.4.7.13 THISAPP = tor-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 74 +PAK_VER = 75 DEPS = libseccomp @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 13e9a796d9e5b024aa01b9aaab389b580df41641013721e4c2821cfee4edc6fb562d997be70ecc3908ac5e43187978b1be63f78ac72c73e8ea3617d6b5cf1ea9 +$(DL_FILE)_BLAKE2 = 338a0a541423f27f594a091307b5edeafc9826bb651c2bd050f3282c9355d9d43d1ef4791f3c98a37dc4c0f64bc40925ea1c1e32cbdff78b1a7308df501f279a install : $(TARGET) -- 2.39.2