From d1e4ccce8cf6cb287908de717f3fe49c62cb4be5 Mon Sep 17 00:00:00 2001 From: Brendan Fabeny Date: Thu, 11 Dec 2014 13:57:31 +0000 Subject: [PATCH] Warn about a vulnerability in the default configuration PR: 195828 --- security/tor-devel/Makefile | 1 + security/tor-devel/files/pkg-message.in | 5 ++++- security/tor/Makefile | 1 + security/tor/files/pkg-message.in | 5 ++++- 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/security/tor-devel/Makefile b/security/tor-devel/Makefile index cc77c19b03d0..a813f7ef3d25 100644 --- a/security/tor-devel/Makefile +++ b/security/tor-devel/Makefile @@ -3,6 +3,7 @@ PORTNAME= tor DISTVERSION= 0.2.6.1-alpha +PORTREVISION= 1 CATEGORIES= security net ipv6 MASTER_SITES= TOR PKGNAMESUFFIX= -devel diff --git a/security/tor-devel/files/pkg-message.in b/security/tor-devel/files/pkg-message.in index b2bf82fa9739..e15abac87d5e 100644 --- a/security/tor-devel/files/pkg-message.in +++ b/security/tor-devel/files/pkg-message.in @@ -12,5 +12,8 @@ touch /var/log/tor chown -R _tor:_tor /var/db/tor /var/log/tor /var/run/tor chmod -R 700 /var/db/tor -before starting the tor server. +before starting the tor server. Tor users are strongly advised to prevent traffic +analysis that exploits sequential IP IDs by setting: + +sysctl net.inet.ip.random_id=1 ================================================================================ diff --git a/security/tor/Makefile b/security/tor/Makefile index 7a982dc0eb90..dd77adeca2de 100644 --- a/security/tor/Makefile +++ b/security/tor/Makefile @@ -3,6 +3,7 @@ PORTNAME= tor DISTVERSION= 0.2.5.10 +PORTREVISION= 1 CATEGORIES= security net ipv6 MASTER_SITES= TOR diff --git a/security/tor/files/pkg-message.in b/security/tor/files/pkg-message.in index b2bf82fa9739..e15abac87d5e 100644 --- a/security/tor/files/pkg-message.in +++ b/security/tor/files/pkg-message.in @@ -12,5 +12,8 @@ touch /var/log/tor chown -R _tor:_tor /var/db/tor /var/log/tor /var/run/tor chmod -R 700 /var/db/tor -before starting the tor server. +before starting the tor server. Tor users are strongly advised to prevent traffic +analysis that exploits sequential IP IDs by setting: + +sysctl net.inet.ip.random_id=1 ================================================================================