* [Buildroot] [PATCH 1/1] package/tor: security bump version to 0.4.6.7
@ 2021-08-17 16:37 Bernd Kuhls
2021-08-17 20:02 ` Yann E. MORIN
2021-09-05 20:04 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Bernd Kuhls @ 2021-08-17 16:37 UTC (permalink / raw)
To: buildroot
Fixes CVE-2021-38385: https://blog.torproject.org/node/2062
Rebased patch 0001.
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
package/tor/0001-Fix-static-linking-with-OpenSSL.patch | 10 +++++-----
package/tor/tor.hash | 2 +-
package/tor/tor.mk | 2 +-
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/package/tor/0001-Fix-static-linking-with-OpenSSL.patch b/package/tor/0001-Fix-static-linking-with-OpenSSL.patch
index 8385c28972..26ed6fe819 100644
--- a/package/tor/0001-Fix-static-linking-with-OpenSSL.patch
+++ b/package/tor/0001-Fix-static-linking-with-OpenSSL.patch
@@ -9,7 +9,7 @@ and remove host paths when looking for openssl.
[Vincent:
- Adapt the patch to make it apply on the new version.]
[Bernd: rebased for tor-0.2.7.6, 0.2.8.10, 0.2.9.9, 0.3.1.7, 0.3.2.10,
- 0.3.4.8, 0.3.5.7, 0.4.4.5 & 0.4.5.6]
+ 0.3.4.8, 0.3.5.7, 0.4.4.5, 0.4.5.6 & 0.4.6.7]
[Fabrice: fix detection of openssl functions in 0.3.5.8]
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
@@ -24,7 +24,7 @@ diff --git a/configure.ac b/configure.ac
index 05e1392cf..580befa6b 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -1056,7 +1056,7 @@ AC_ARG_WITH(ssl-dir,
+@@ -1074,7 +1074,7 @@ AC_ARG_WITH(ssl-dir,
])
AC_MSG_NOTICE([Now, we'll look for OpenSSL >= 1.0.1])
@@ -33,7 +33,7 @@ index 05e1392cf..580befa6b 100644
[#include <openssl/ssl.h>
char *getenv(const char *);],
[struct ssl_cipher_st;
-@@ -1086,7 +1086,7 @@ dnl Now check for particular openssl functions.
+@@ -1104,7 +1104,7 @@ dnl Now check for particular openssl functions.
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
save_CPPFLAGS="$CPPFLAGS"
@@ -46,7 +46,7 @@ diff --git a/src/test/include.am b/src/test/include.am
index ecb768957..39a622e88 100644
--- a/src/test/include.am
+++ b/src/test/include.am
-@@ -404,8 +404,8 @@ src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
+@@ -399,8 +399,8 @@ src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
src_test_test_ntor_cl_LDADD = \
libtor.a \
$(rust_ldadd) \
@@ -57,7 +57,7 @@ index ecb768957..39a622e88 100644
@CURVE25519_LIBS@ @TOR_LZMA_LIBS@ @TOR_TRACE_LIBS@
src_test_test_ntor_cl_AM_CPPFLAGS = \
$(AM_CPPFLAGS)
-@@ -414,8 +414,8 @@
+@@ -409,8 +409,8 @@
src_test_test_hs_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
src_test_test_hs_ntor_cl_LDADD = \
libtor.a \
diff --git a/package/tor/tor.hash b/package/tor/tor.hash
index 564e0e7ecb..72bdc4a2ee 100644
--- a/package/tor/tor.hash
+++ b/package/tor/tor.hash
@@ -1,3 +1,3 @@
# Locally computed
-sha256 3423189ba455372021ed44e0be576d181f2908cbd9bdef202d9c11c950882e12 tor-0.4.6.6.tar.gz
+sha256 ff665ce121b2952110bd98b9c8741b5593bf6c01ac09033ad848ed92c2510f9a tor-0.4.6.7.tar.gz
sha256 47b54ed17e8fdcab3c44729a1789a09b208f9a63a845a7e50def9df729eebad0 LICENSE
diff --git a/package/tor/tor.mk b/package/tor/tor.mk
index 30ad34115f..54c8506f46 100644
--- a/package/tor/tor.mk
+++ b/package/tor/tor.mk
@@ -4,7 +4,7 @@
#
################################################################################
-TOR_VERSION = 0.4.6.6
+TOR_VERSION = 0.4.6.7
TOR_SITE = https://dist.torproject.org
TOR_LICENSE = BSD-3-Clause
TOR_LICENSE_FILES = LICENSE
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/tor: security bump version to 0.4.6.7
2021-08-17 16:37 [Buildroot] [PATCH 1/1] package/tor: security bump version to 0.4.6.7 Bernd Kuhls
@ 2021-08-17 20:02 ` Yann E. MORIN
2021-09-05 20:04 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Yann E. MORIN @ 2021-08-17 20:02 UTC (permalink / raw)
To: Bernd Kuhls; +Cc: buildroot
Bernd, All,
On 2021-08-17 18:37 +0200, Bernd Kuhls spake thusly:
> Fixes CVE-2021-38385: https://blog.torproject.org/node/2062
>
> Rebased patch 0001.
>
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> package/tor/0001-Fix-static-linking-with-OpenSSL.patch | 10 +++++-----
> package/tor/tor.hash | 2 +-
> package/tor/tor.mk | 2 +-
> 3 files changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/package/tor/0001-Fix-static-linking-with-OpenSSL.patch b/package/tor/0001-Fix-static-linking-with-OpenSSL.patch
> index 8385c28972..26ed6fe819 100644
> --- a/package/tor/0001-Fix-static-linking-with-OpenSSL.patch
> +++ b/package/tor/0001-Fix-static-linking-with-OpenSSL.patch
> @@ -9,7 +9,7 @@ and remove host paths when looking for openssl.
> [Vincent:
> - Adapt the patch to make it apply on the new version.]
> [Bernd: rebased for tor-0.2.7.6, 0.2.8.10, 0.2.9.9, 0.3.1.7, 0.3.2.10,
> - 0.3.4.8, 0.3.5.7, 0.4.4.5 & 0.4.5.6]
> + 0.3.4.8, 0.3.5.7, 0.4.4.5, 0.4.5.6 & 0.4.6.7]
> [Fabrice: fix detection of openssl functions in 0.3.5.8]
> Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
> @@ -24,7 +24,7 @@ diff --git a/configure.ac b/configure.ac
> index 05e1392cf..580befa6b 100644
> --- a/configure.ac
> +++ b/configure.ac
> -@@ -1056,7 +1056,7 @@ AC_ARG_WITH(ssl-dir,
> +@@ -1074,7 +1074,7 @@ AC_ARG_WITH(ssl-dir,
> ])
>
> AC_MSG_NOTICE([Now, we'll look for OpenSSL >= 1.0.1])
> @@ -33,7 +33,7 @@ index 05e1392cf..580befa6b 100644
> [#include <openssl/ssl.h>
> char *getenv(const char *);],
> [struct ssl_cipher_st;
> -@@ -1086,7 +1086,7 @@ dnl Now check for particular openssl functions.
> +@@ -1104,7 +1104,7 @@ dnl Now check for particular openssl functions.
> save_LIBS="$LIBS"
> save_LDFLAGS="$LDFLAGS"
> save_CPPFLAGS="$CPPFLAGS"
> @@ -46,7 +46,7 @@ diff --git a/src/test/include.am b/src/test/include.am
> index ecb768957..39a622e88 100644
> --- a/src/test/include.am
> +++ b/src/test/include.am
> -@@ -404,8 +404,8 @@ src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
> +@@ -399,8 +399,8 @@ src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
> src_test_test_ntor_cl_LDADD = \
> libtor.a \
> $(rust_ldadd) \
> @@ -57,7 +57,7 @@ index ecb768957..39a622e88 100644
> @CURVE25519_LIBS@ @TOR_LZMA_LIBS@ @TOR_TRACE_LIBS@
> src_test_test_ntor_cl_AM_CPPFLAGS = \
> $(AM_CPPFLAGS)
> -@@ -414,8 +414,8 @@
> +@@ -409,8 +409,8 @@
> src_test_test_hs_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
> src_test_test_hs_ntor_cl_LDADD = \
> libtor.a \
> diff --git a/package/tor/tor.hash b/package/tor/tor.hash
> index 564e0e7ecb..72bdc4a2ee 100644
> --- a/package/tor/tor.hash
> +++ b/package/tor/tor.hash
> @@ -1,3 +1,3 @@
> # Locally computed
> -sha256 3423189ba455372021ed44e0be576d181f2908cbd9bdef202d9c11c950882e12 tor-0.4.6.6.tar.gz
> +sha256 ff665ce121b2952110bd98b9c8741b5593bf6c01ac09033ad848ed92c2510f9a tor-0.4.6.7.tar.gz
> sha256 47b54ed17e8fdcab3c44729a1789a09b208f9a63a845a7e50def9df729eebad0 LICENSE
> diff --git a/package/tor/tor.mk b/package/tor/tor.mk
> index 30ad34115f..54c8506f46 100644
> --- a/package/tor/tor.mk
> +++ b/package/tor/tor.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -TOR_VERSION = 0.4.6.6
> +TOR_VERSION = 0.4.6.7
> TOR_SITE = https://dist.torproject.org
> TOR_LICENSE = BSD-3-Clause
> TOR_LICENSE_FILES = LICENSE
> --
> 2.30.2
>
> _______________________________________________
> buildroot mailing list
> buildroot@busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/tor: security bump version to 0.4.6.7
2021-08-17 16:37 [Buildroot] [PATCH 1/1] package/tor: security bump version to 0.4.6.7 Bernd Kuhls
2021-08-17 20:02 ` Yann E. MORIN
@ 2021-09-05 20:04 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2021-09-05 20:04 UTC (permalink / raw)
To: Bernd Kuhls; +Cc: buildroot
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:
> Fixes CVE-2021-38385: https://blog.torproject.org/node/2062
> Rebased patch 0001.
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
For 2021.02.x / 2021.05.x, I have instead bumped to 0.4.5.10, which
contains the same security fix.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@lists.buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-09-05 20:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-17 16:37 [Buildroot] [PATCH 1/1] package/tor: security bump version to 0.4.6.7 Bernd Kuhls
2021-08-17 20:02 ` Yann E. MORIN
2021-09-05 20:04 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.