Update to new major release, Tor 0.2.3.25.

Tor 0.2.3.25, the first stable release in the 0.2.3 branch, features significantly reduced directory overhead (via microdescriptors), enormous crypto performance improvements for fast relays on new enough hardware, a new v3 TLS handshake protocol that can better resist fingerprinting, support for protocol obfuscation plugins (aka pluggable transports), better scalability for hidden services, IPv6 support for bridges, performance improvements like allowing clients to skip the first round-trip on the circuit ("optimistic data") and refilling token buckets more often, a new "stream isolation" design to isolate different applications on different circuits, and many stability, security, and privacy fixes. Also kill unneeded pthread patch. Tested by dhill & dcoppa@. ok dcoppa@
2012-11-22 18:37:32 +00:00 · 2012-11-22 18:37:32 +00:00 · 12a2d09d56
commit 12a2d09d56
parent ced18a5325
4 changed files with 19 additions and 38 deletions
--- a/net/tor/Makefile
+++ b/net/tor/Makefile
@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.60 2012/09/12 21:09:28 pascal Exp $
+# $OpenBSD: Makefile,v 1.61 2012/11/22 18:37:32 pascal Exp $

 COMMENT=	anonymity service using onion routing

-DISTNAME=	tor-0.2.2.39
+DISTNAME=	tor-0.2.3.25
 CATEGORIES=	net
 HOMEPAGE=	http://www.torproject.org/

@ -19,7 +19,10 @@ WANTLIB += c crypto event m pthread ssl z
 MASTER_SITES=	${HOMEPAGE}dist/

 CONFIGURE_STYLE=gnu
-CONFIGURE_ARGS=	--with-ssl-dir=/usr
+# PIE is already taken care of on a per-arch basis, and we have stack protection
+# anyway on FRAME_GROWS_DOWN archs.
+CONFIGURE_ARGS=	--with-ssl-dir=/usr \
+		--disable-gcc-hardening

 DB_DIR=		/var/tor
 SUBST_VARS+=	DB_DIR
--- a/net/tor/distinfo
+++ b/net/tor/distinfo
@ -1,2 +1,2 @@
-SHA256 (tor-0.2.2.39.tar.gz) = DQx3jUaX1cW9T3MsoXnCLo41nGNGF8qbZmXjPRhjYio=
-SIZE (tor-0.2.2.39.tar.gz) = 2929303
+SHA256 (tor-0.2.3.25.tar.gz) = uy1vETbzPhHTfm40GEFDvxkeWVAWE9rzOuPW948xdqA=
+SIZE (tor-0.2.3.25.tar.gz) = 3190011
--- a/net/tor/patches/patch-configure
+++ b/net/tor/patches/patch-configure
@ -1,25 +0,0 @@
-$OpenBSD: patch-configure,v 1.16 2012/05/26 11:08:44 pascal Exp $
--- configure.orig	Thu May 24 09:34:53 2012
-+++ configure	Sat May 26 12:20:11 2012
-@@ -5557,8 +5557,8 @@ for ac_lib in '' nsl; do
-   if test -z "$ac_lib"; then
-     ac_res="none required"
-   else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-+    ac_res=-$ac_lib
-+    LIBS="-$ac_lib  $ac_func_search_save_LIBS"
-   fi
-   if ac_fn_c_try_link "$LINENO"; then :
-   ac_cv_search_gethostbyname=$ac_res
-@@ -5613,8 +5613,8 @@ for ac_lib in '' dl; do
-   if test -z "$ac_lib"; then
-     ac_res="none required"
-   else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-+    ac_res=-$ac_lib
-+    LIBS="-$ac_lib  $ac_func_search_save_LIBS"
-   fi
-   if ac_fn_c_try_link "$LINENO"; then :
-   ac_cv_search_dlopen=$ac_res
--- a/net/tor/patches/patch-src_config_torrc_sample_in
+++ b/net/tor/patches/patch-src_config_torrc_sample_in
@ -1,7 +1,7 @@
-$OpenBSD: patch-src_config_torrc_sample_in,v 1.11 2011/09/07 07:55:41 jasper Exp $
--- src/config/torrc.sample.in.orig	Sat Aug 27 01:10:59 2011
-+++ src/config/torrc.sample.in	Wed Sep  7 09:52:35 2011
-@@ -37,18 +37,18 @@ SocksListenAddress 127.0.0.1 # accept connections only
+$OpenBSD: patch-src_config_torrc_sample_in,v 1.12 2012/11/22 18:37:32 pascal Exp $
+--- src/config/torrc.sample.in.orig	Mon Nov 19 22:24:38 2012
+++ src/config/torrc.sample.in	Tue Nov 20 12:58:58 2012
+@@ -38,18 +38,18 @@
 ## Send every possible message to @LOCALSTATEDIR@/log/tor/debug.log
 #Log debug file @LOCALSTATEDIR@/log/tor/debug.log
 ## Use the system log instead of Tor's logfiles
@ -23,9 +23,12 @@ $OpenBSD: patch-src_config_torrc_sample_in,v 1.11 2011/09/07 07:55:41 jasper Exp
 
 ## The port on which Tor will listen for local connections from Tor
 ## controller applications, as documented in control-spec.txt.
-@@ -168,3 +168,5 @@ SocksListenAddress 127.0.0.1 # accept connections only
- #BridgeRelay 1
- #ExitPolicy reject *:*
- 
+@@ -169,6 +169,8 @@
+ ## For security, by default Tor rejects connections to private (local)
+ ## networks, including to your public IP address. See the man page entry
+ ## for ExitPolicyRejectPrivate if you want to allow "exit enclaving".
 +## Revoke privileges
 +User _tor
+ ##
+ #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
+ #ExitPolicy accept *:119 # accept nntp as well as default exit policy