All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] tor: security bump to 0.2.8.12
@ 2016-12-20 13:02 Peter Korsgaard
  2016-12-20 20:25 ` Peter Korsgaard
  0 siblings, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2016-12-20 13:02 UTC (permalink / raw)
  To: buildroot

Fixes CVE-2016-1254 - One byte past an allocated buffer read while parsing
hidden service descriptors:

https://blog.torproject.org/blog/tor-02812-released

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/tor/tor.hash | 2 +-
 package/tor/tor.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/tor/tor.hash b/package/tor/tor.hash
index b13fc4a..4fdb82c 100644
--- a/package/tor/tor.hash
+++ b/package/tor/tor.hash
@@ -1,2 +1,2 @@
 # Locally computed
-sha256 c88b8c57b34ebf44b731df5d68f73eb6b6708bcf4e42cf7b4817fd4e304c9c4d  tor-0.2.8.10.tar.gz
+sha256 b35748f2839cf8ce9910b677ea873463495ac88689244c007ed038f6887f4aaf  tor-0.2.8.12.tar.gz
diff --git a/package/tor/tor.mk b/package/tor/tor.mk
index 4f33522..5606cc2 100644
--- a/package/tor/tor.mk
+++ b/package/tor/tor.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-TOR_VERSION = 0.2.8.10
+TOR_VERSION = 0.2.8.12
 TOR_SITE = https://dist.torproject.org
 TOR_LICENSE = BSD-3c
 TOR_LICENSE_FILES = LICENSE
-- 
2.10.2

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] tor: security bump to 0.2.8.12
  2016-12-20 13:02 [Buildroot] [PATCH] tor: security bump to 0.2.8.12 Peter Korsgaard
@ 2016-12-20 20:25 ` Peter Korsgaard
  2016-12-21  6:00   ` Baruch Siach
  0 siblings, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2016-12-20 20:25 UTC (permalink / raw)
  To: buildroot

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Fixes CVE-2016-1254 - One byte past an allocated buffer read while parsing
 > hidden service descriptors:

 > https://blog.torproject.org/blog/tor-02812-released

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] tor: security bump to 0.2.8.12
  2016-12-20 20:25 ` Peter Korsgaard
@ 2016-12-21  6:00   ` Baruch Siach
  2016-12-21  6:30     ` Peter Korsgaard
  0 siblings, 1 reply; 4+ messages in thread
From: Baruch Siach @ 2016-12-21  6:00 UTC (permalink / raw)
  To: buildroot

Hi Peter,

On Tue, Dec 20, 2016 at 09:25:02PM +0100, Peter Korsgaard wrote:
> >>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> 
>  > Fixes CVE-2016-1254 - One byte past an allocated buffer read while parsing
>  > hidden service descriptors:
> 
>  > https://blog.torproject.org/blog/tor-02812-released
> 
>  > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> 
> Committed, thanks.

This commit is not in master as of 325f79bb033 (busybox: adjust nommu 
swaponoff handling for busybox 1.26.0+).

baruch

-- 
     http://baruch.siach.name/blog/                  ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Buildroot] [PATCH] tor: security bump to 0.2.8.12
  2016-12-21  6:00   ` Baruch Siach
@ 2016-12-21  6:30     ` Peter Korsgaard
  0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2016-12-21  6:30 UTC (permalink / raw)
  To: buildroot

>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:

 > Hi Peter,
 > On Tue, Dec 20, 2016 at 09:25:02PM +0100, Peter Korsgaard wrote:
 >> >>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
 >> 
 >> > Fixes CVE-2016-1254 - One byte past an allocated buffer read while parsing
 >> > hidden service descriptors:
 >> 
 >> > https://blog.torproject.org/blog/tor-02812-released
 >> 
 >> > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 >> 
 >> Committed, thanks.

 > This commit is not in master as of 325f79bb033 (busybox: adjust nommu 
 > swaponoff handling for busybox 1.26.0+).

You are right - Thanks. I've added it now.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-12-21  6:30 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-12-20 13:02 [Buildroot] [PATCH] tor: security bump to 0.2.8.12 Peter Korsgaard
2016-12-20 20:25 ` Peter Korsgaard
2016-12-21  6:00   ` Baruch Siach
2016-12-21  6:30     ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.