- update tor to 0.2.1.21

ok rui@
2010-01-04 08:07:57 +00:00 · 2010-01-04 08:07:57 +00:00 · 574a30c096
commit 574a30c096
parent 7043ee66e9
5 changed files with 7 additions and 95 deletions
--- a/net/tor/Makefile
+++ b/net/tor/Makefile
@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.41 2009/11/14 10:09:05 benoit Exp $
+# $OpenBSD: Makefile,v 1.42 2010/01/04 08:07:57 benoit Exp $

 COMMENT=	anonymity service using onion routing

-DISTNAME=	tor-0.2.1.20
+DISTNAME=	tor-0.2.1.21
 CATEGORIES=	net
 HOMEPAGE=	http://www.torproject.org/

--- a/net/tor/distinfo
+++ b/net/tor/distinfo
@ -1,5 +1,5 @@
-MD5 (tor-0.2.1.20.tar.gz) = DWLuIzL92V3kPeusdDXfGQ==
-RMD160 (tor-0.2.1.20.tar.gz) = rkpKsi+p61wBHGUt3RMDNAf0jlo=
-SHA1 (tor-0.2.1.20.tar.gz) = v8bH6czuI6vE6XykupiqOtd4QmI=
-SHA256 (tor-0.2.1.20.tar.gz) = D6Jo73kE3U5EVlJShdSe09Osb9bfRobeINkHfAWuD2A=
-SIZE (tor-0.2.1.20.tar.gz) = 2412059
+MD5 (tor-0.2.1.21.tar.gz) = VPeoAdgkzZwTzmctSDkm1g==
+RMD160 (tor-0.2.1.21.tar.gz) = 2iQK00isr4jUsTpPRBUjKZ/uzXU=
+SHA1 (tor-0.2.1.21.tar.gz) = UcOgk9FLmS3WMweDs4sJ+GhKyJ4=
+SHA256 (tor-0.2.1.21.tar.gz) = fgXM67kcvx+iJqbnfSGQHTLdPA9Z657qWoflWZYqlA0=
+SIZE (tor-0.2.1.21.tar.gz) = 2408983
--- a/net/tor/patches/patch-src_common_tortls_c
+++ b/net/tor/patches/patch-src_common_tortls_c
@ -1,58 +0,0 @@
-$OpenBSD: patch-src_common_tortls_c,v 1.1 2009/11/14 10:09:09 benoit Exp $
--- src/common/tortls.c.orig	Wed Nov 11 11:17:04 2009
-+++ src/common/tortls.c	Wed Nov 11 11:20:05 2009
-@@ -154,6 +154,7 @@
-                                         const char *cname,
-                                         const char *cname_sign,
-                                         unsigned int lifetime);
-+static void tor_tls_unblock_renegotiation(tor_tls_t *tls);
- 
- /** Global tls context. We keep it here because nobody else needs to
-  * touch it. */
-@@ -904,6 +905,36 @@
- #endif
- }
- 
-+/** If this version of openssl requires it, turn on renegotiation on
-+ * <b>tls</b>.  (Our protocol never requires this for security, but it's nice
-+ * to use belt-and-suspenders here.)
-+ */
-+static void
-+tor_tls_unblock_renegotiation(tor_tls_t *tls)
-+{
-+#ifdef SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
-+  /* Yes, we know what we are doing here.  No, we do not treat a renegotiation
-+   * as authenticating any earlier-received data. */
-+  tls->ssl->s3->flags |= SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
-+#else
-+  (void)tls;
-+#endif
-+}
-+
-+/** If this version of openssl supports it, turn off renegotiation on
-+ * <b>tls</b>.  (Our protocol never requires this for security, but it's nice
-+ * to use belt-and-suspenders here.)
-+ */
-+void
-+tor_tls_block_renegotiation(tor_tls_t *tls)
-+{
-+#ifdef SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
-+  tls->ssl->s3->flags &= ~SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
-+#else
-+  (void)tls;
-+#endif
-+}
-+
- /** Return whether this tls initiated the connect (client) or
-  * received it (server). */
- int
-@@ -1026,6 +1057,9 @@
-   } else {
-     r = SSL_connect(tls->ssl);
-   }
-+  /* We need to call this here and not earlier, since OpenSSL has a penchant
-+   * for clearing its flags when you say accept or connect. */
-+  tor_tls_unblock_renegotiation(tls);
-   r = tor_tls_get_error(tls,r,0, "handshaking", LOG_INFO);
-   if (ERR_peek_error() != 0) {
-     tls_log_errors(tls, tls->isServer ? LOG_INFO : LOG_WARN,
--- a/net/tor/patches/patch-src_common_tortls_h
+++ b/net/tor/patches/patch-src_common_tortls_h
@ -1,11 +0,0 @@
-$OpenBSD: patch-src_common_tortls_h,v 1.1 2009/11/14 10:09:09 benoit Exp $
--- src/common/tortls.h.orig	Wed Nov 11 11:15:02 2009
-+++ src/common/tortls.h	Wed Nov 11 11:15:37 2009
-@@ -65,6 +65,7 @@
- int tor_tls_write(tor_tls_t *tls, const char *cp, size_t n);
- int tor_tls_handshake(tor_tls_t *tls);
- int tor_tls_renegotiate(tor_tls_t *tls);
-+void tor_tls_block_renegotiation(tor_tls_t *tls);
- int tor_tls_shutdown(tor_tls_t *tls);
- int tor_tls_get_pending_bytes(tor_tls_t *tls);
- size_t tor_tls_get_forced_write_size(tor_tls_t *tls);
--- a/net/tor/patches/patch-src_or_connection_or_c
+++ b/net/tor/patches/patch-src_or_connection_or_c
@ -1,19 +0,0 @@
-$OpenBSD: patch-src_or_connection_or_c,v 1.1 2009/11/14 10:09:09 benoit Exp $
--- src/or/connection_or.c.orig	Wed Nov 11 11:12:21 2009
-+++ src/or/connection_or.c	Wed Nov 11 11:13:10 2009
-@@ -844,6 +844,7 @@
- 
-   /* Don't invoke this again. */
-   tor_tls_set_renegotiate_callback(tls, NULL, NULL);
-+  tor_tls_block_renegotiation(tls);
- 
-   if (connection_tls_finish_handshake(conn) < 0) {
-     /* XXXX_TLS double-check that it's ok to do this from inside read. */
-@@ -1087,6 +1088,7 @@
-       connection_or_init_conn_from_address(conn, &conn->_base.addr,
-                                            conn->_base.port, digest_rcvd, 0);
-     }
-+    tor_tls_block_renegotiation(conn->tls);
-     return connection_or_set_state_open(conn);
-   } else {
-     conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING;