Update to tor 0.2.5.10.

2014-10-24 20:14:48 +00:00 · 2014-10-24 20:14:48 +00:00 · 352231fc60
commit 352231fc60
parent f37d7b7d2b
4 changed files with 9 additions and 75 deletions
--- a/net/tor/Makefile
+++ b/net/tor/Makefile
@ -1,9 +1,8 @@
-# $OpenBSD: Makefile,v 1.74 2014/10/05 19:29:20 pascal Exp $
+# $OpenBSD: Makefile,v 1.75 2014/10/24 20:14:48 pascal Exp $

 COMMENT=	anonymity service using onion routing

-DISTNAME=	tor-0.2.4.24
-REVISION=	0
+DISTNAME=	tor-0.2.5.10
 CATEGORIES=	net
 HOMEPAGE=	https://www.torproject.org/

@ -22,6 +21,7 @@ AUTOCONF_VERSION = 2.69
 # anyway on FRAME_GROWS_DOWN archs.
 CONFIGURE_ARGS=	--with-ssl-dir=/usr \
 		--disable-gcc-hardening
+CONFIGURE_ENV+=ac_cv_member_struct_ssl_method_st_get_cipher_by_char=no

 DB_DIR=		/var/tor
 SUBST_VARS+=	DB_DIR
--- a/net/tor/distinfo
+++ b/net/tor/distinfo
@ -1,2 +1,2 @@
-SHA256 (tor-0.2.4.24.tar.gz) = mbFcaFjATpOjHTrpDdafUCH6oiN9qTok+9JG9PFnCtE=
-SIZE (tor-0.2.4.24.tar.gz) = 3002418
+SHA256 (tor-0.2.5.10.tar.gz) = s90CpdzS/+FNmjeVb5J3nUQn7feQXAu6mx45AbnFqDs=
+SIZE (tor-0.2.5.10.tar.gz) = 3166480
--- a/net/tor/patches/patch-src_common_tortls_c
+++ b/net/tor/patches/patch-src_common_tortls_c
@ -1,66 +0,0 @@
-$OpenBSD: patch-src_common_tortls_c,v 1.4 2014/10/05 19:29:20 pascal Exp $
--- src/common/tortls.c.orig	Tue Sep 23 10:41:52 2014
-+++ src/common/tortls.c	Mon Oct  6 03:18:38 2014
-@@ -1345,10 +1345,12 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned in
-     SSL_CTX_set_options(result->ctx,
-                         SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
-   }
-+#ifndef OPENSSL_NO_COMP
-   /* Don't actually allow compression; it uses ram and time, but the data
-    * we transmit is all encrypted anyway. */
-   if (result->ctx->comp_methods)
-     result->ctx->comp_methods = NULL;
-+#endif
- #ifdef SSL_MODE_RELEASE_BUFFERS
-   SSL_CTX_set_mode(result->ctx, SSL_MODE_RELEASE_BUFFERS);
- #endif
-@@ -1484,27 +1486,35 @@ static int v2_cipher_list_pruned = 0;
- static void
- prune_v2_cipher_list(void)
- {
-+  STACK_OF(SSL_CIPHER) *ciphers;
-   uint16_t *inp, *outp;
-  const SSL_METHOD *m = SSLv23_method();
-+  SSL_CTX *ctx;
-+  SSL *ssl;
-+  int i;
- 
-+  ctx = SSL_CTX_new(SSLv23_method());
-+  tor_assert(ctx);
-+  ssl = SSL_new(ctx);
-+  tor_assert(ssl);
-+  ciphers = SSL_get_ciphers(ssl);
-+
-   inp = outp = v2_cipher_list;
-   while (*inp) {
-    unsigned char cipherid[3];
-    const SSL_CIPHER *cipher;
-    /* Is there no better way to do this? */
-    set_uint16(cipherid, htons(*inp));
-    cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
-                      * with a two-byte 'cipherid', it may look for a v2
-                      * cipher with the appropriate 3 bytes. */
-    cipher = m->get_cipher_by_char(cipherid);
-    if (cipher) {
-      tor_assert((cipher->id & 0xffff) == *inp);
-      *outp++ = *inp++;
-    } else {
-      inp++;
-+    for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
-+      const SSL_CIPHER *cipher;
-+
-+      cipher = sk_SSL_CIPHER_value(ciphers, i);
-+      if (SSL_CIPHER_get_id(cipher) == (SSL3_VERSION_MAJOR << 24 | *inp)) {
-+        *outp++ = *inp;
-+        break;
-+      }
-     }
-+    *inp++;
-   }
-   *outp = 0;
-+
-+  SSL_CTX_free(ctx);
-+  SSL_free(ssl);
- 
-   v2_cipher_list_pruned = 1;
- }
--- a/net/tor/patches/patch-src_config_torrc_sample_in
+++ b/net/tor/patches/patch-src_config_torrc_sample_in
@ -1,6 +1,6 @@
-$OpenBSD: patch-src_config_torrc_sample_in,v 1.12 2012/11/22 18:37:32 pascal Exp $
--- src/config/torrc.sample.in.orig	Mon Nov 19 22:24:38 2012
-+++ src/config/torrc.sample.in	Tue Nov 20 12:58:58 2012
+$OpenBSD: patch-src_config_torrc_sample_in,v 1.13 2014/10/24 20:14:48 pascal Exp $
+--- src/config/torrc.sample.in.orig	Fri Oct 10 15:06:24 2014
+++ src/config/torrc.sample.in	Fri Oct 24 16:54:52 2014
@@ -38,18 +38,18 @@
 ## Send every possible message to @LOCALSTATEDIR@/log/tor/debug.log
 #Log debug file @LOCALSTATEDIR@/log/tor/debug.log
@ -23,7 +23,7 @@ $OpenBSD: patch-src_config_torrc_sample_in,v 1.12 2012/11/22 18:37:32 pascal Exp
 
 ## The port on which Tor will listen for local connections from Tor
 ## controller applications, as documented in control-spec.txt.
-@@ -169,6 +169,8 @@
+@@ -172,6 +172,8 @@
 ## For security, by default Tor rejects connections to private (local)
 ## networks, including to your public IP address. See the man page entry
 ## for ExitPolicyRejectPrivate if you want to allow "exit enclaving".