From 80d55d87e8ab97edb3a93674eab2c5c6b8ef0875 Mon Sep 17 00:00:00 2001 From: pascal Date: Wed, 25 Nov 2015 21:04:07 +0000 Subject: [PATCH] Update to tor 0.2.7.5. Switch to libevent2 by default, as recommended by upstream. Based on diffs from Daniel Jakots. --- net/tor/Makefile | 12 ++--- net/tor/distinfo | 4 +- net/tor/patches/patch-Makefile_in | 29 ++++++++++++ net/tor/patches/patch-configure_ac | 44 +++++++++++++++++++ .../patches/patch-src_config_torrc_sample_in | 20 ++++----- 5 files changed, 92 insertions(+), 17 deletions(-) create mode 100644 net/tor/patches/patch-Makefile_in create mode 100644 net/tor/patches/patch-configure_ac diff --git a/net/tor/Makefile b/net/tor/Makefile index 10d8881f506..b5f8c2e4ba0 100644 --- a/net/tor/Makefile +++ b/net/tor/Makefile @@ -1,29 +1,31 @@ -# $OpenBSD: Makefile,v 1.86 2015/07/20 19:55:58 ajacoutot Exp $ +# $OpenBSD: Makefile,v 1.87 2015/11/25 21:04:07 pascal Exp $ COMMENT= anonymity service using onion routing -DISTNAME= tor-0.2.6.10 +DISTNAME= tor-0.2.7.5 CATEGORIES= net HOMEPAGE= https://www.torproject.org/ -REVISION= 1 MAINTAINER= Pascal Stumpf # BSD PERMIT_PACKAGE_CDROM= Yes -WANTLIB += c crypto event m pthread ssl z +WANTLIB += c crypto event_core event_extra m pthread ssl z MASTER_SITES= https://www.torproject.org/dist/ -CONFIGURE_STYLE=gnu +CONFIGURE_STYLE=autoconf AUTOCONF_VERSION = 2.69 # PIE is already taken care of on a per-arch basis, and we have stack protection # anyway on FRAME_GROWS_DOWN archs. CONFIGURE_ARGS= --with-ssl-dir=/usr \ + --with-libevent-dir="${LOCALBASE}" \ --disable-gcc-hardening CONFIGURE_ENV+=ac_cv_member_struct_ssl_method_st_get_cipher_by_char=no +LIB_DEPENDS= devel/libevent2 + DB_DIR= /var/tor SUBST_VARS+= DB_DIR diff --git a/net/tor/distinfo b/net/tor/distinfo index 9b77486b478..8ab47b92d67 100644 --- a/net/tor/distinfo +++ b/net/tor/distinfo @@ -1,2 +1,2 @@ -SHA256 (tor-0.2.6.10.tar.gz) = BULA7+Q7hmGTN4Yvp+sCx6dMsjp51YcJBiil8PEiS40= -SIZE (tor-0.2.6.10.tar.gz) = 3587211 +SHA256 (tor-0.2.7.5.tar.gz) = fSqeTbG9md64OVYJtZysIXsMHun/LusPCIuRpdj2ql8= +SIZE (tor-0.2.7.5.tar.gz) = 4838541 diff --git a/net/tor/patches/patch-Makefile_in b/net/tor/patches/patch-Makefile_in new file mode 100644 index 00000000000..99f6675dde0 --- /dev/null +++ b/net/tor/patches/patch-Makefile_in @@ -0,0 +1,29 @@ +$OpenBSD: patch-Makefile_in,v 1.1 2015/11/25 21:04:07 pascal Exp $ +--- Makefile.in.orig Fri Nov 20 19:46:55 2015 ++++ Makefile.in Fri Nov 20 19:47:27 2015 +@@ -6768,8 +6768,8 @@ uninstall-man: uninstall-man1 + src/common/log.o: micro-revision.i + + src/or/tor_main.o: micro-revision.i +-@COVERAGE_ENABLED_TRUE@export TESTING_TOR_BINARY=$(top_builddir)/src/or/tor-cov +-@COVERAGE_ENABLED_FALSE@export TESTING_TOR_BINARY=$(top_builddir)/src/or/tor ++@COVERAGE_ENABLED_TRUE@TESTING_TOR_BINARY=$(top_builddir)/src/or/tor-cov ++@COVERAGE_ENABLED_FALSE@TESTING_TOR_BINARY=$(top_builddir)/src/or/tor + + micro-revision.i: FORCE + $(AM_V_at)rm -f micro-revision.tmp; \ +@@ -6791,10 +6791,10 @@ micro-revision.i: FORCE + + FORCE: + +-export PYTHON=@PYTHON@ +-export SHELL=@SHELL@ +-export abs_top_srcdir=@abs_top_srcdir@ +-export builddir=@builddir@ ++PYTHON=@PYTHON@ ++SHELL=@SHELL@ ++abs_top_srcdir=@abs_top_srcdir@ ++builddir=@builddir@ + # fallback_consensus + + # If we don't have it, fake it. diff --git a/net/tor/patches/patch-configure_ac b/net/tor/patches/patch-configure_ac new file mode 100644 index 00000000000..3dbf4cf43fa --- /dev/null +++ b/net/tor/patches/patch-configure_ac @@ -0,0 +1,44 @@ +$OpenBSD: patch-configure_ac,v 1.1 2015/11/25 21:04:07 pascal Exp $ + +Make this work w/ libevent2 on OpenBSD +https://trac.torproject.org/projects/tor/attachment/ticket/16651/event2-b.patch + +--- configure.ac.orig Fri Nov 13 14:41:42 2015 ++++ configure.ac Mon Nov 23 18:38:05 2015 +@@ -505,10 +505,7 @@ AC_CHECK_MEMBERS([struct event.min_heap_idx], , , + AC_CHECK_HEADERS(event2/event.h event2/dns.h event2/bufferevent_ssl.h) + + LIBS="$save_LIBS" +-LDFLAGS="$save_LDFLAGS" +-CPPFLAGS="$save_CPPFLAGS" + +- + AM_CONDITIONAL(USE_EXTERNAL_EVDNS, test x$ac_cv_header_event2_dns_h = xyes) + + if test "$enable_static_libevent" = "yes"; then +@@ -518,8 +515,24 @@ if test "$enable_static_libevent" = "yes"; then + TOR_LIBEVENT_LIBS="$TOR_LIBDIR_libevent/libevent.a $STATIC_LIBEVENT_FLAGS" + fi + else +- TOR_LIBEVENT_LIBS="-levent" ++ if test x$ac_cv_header_event2_event_h = "xyes"; then ++ AC_SEARCH_LIBS(event_new, [event event_core]) ++ AC_SEARCH_LIBS(evdns_base_new, [event event_extra]) ++ ++ if test $ac_cv_search_event_new != "none required"; then ++ TOR_LIBEVENT_LIBS="$ac_cv_search_event_new" ++ fi ++ if test $ac_cv_search_evdns_base_new != "none required"; then ++ TOR_LIBEVENT_LIBS="$ac_cv_search_evdns_base_new $TOR_LIBEVENT_LIBS" ++ fi ++ else ++ TOR_LIBEVENT_LIBS="-levent" ++ fi + fi ++ ++LIBS="$save_LIBS" ++LDFLAGS="$save_LDFLAGS" ++CPPFLAGS="$save_CPPFLAGS" + + dnl This isn't the best test for Libevent 2.0.3-alpha. Once it's released, + dnl we can do much better. diff --git a/net/tor/patches/patch-src_config_torrc_sample_in b/net/tor/patches/patch-src_config_torrc_sample_in index 43875fc2760..bfee2c73f46 100644 --- a/net/tor/patches/patch-src_config_torrc_sample_in +++ b/net/tor/patches/patch-src_config_torrc_sample_in @@ -1,7 +1,7 @@ -$OpenBSD: patch-src_config_torrc_sample_in,v 1.14 2015/03/26 21:32:30 pascal Exp $ ---- src/config/torrc.sample.in.orig Tue Feb 24 16:33:30 2015 -+++ src/config/torrc.sample.in Wed Mar 25 11:33:26 2015 -@@ -38,18 +38,18 @@ +$OpenBSD: patch-src_config_torrc_sample_in,v 1.15 2015/11/25 21:04:07 pascal Exp $ +--- src/config/torrc.sample.in.orig Fri Nov 13 14:41:38 2015 ++++ src/config/torrc.sample.in Fri Nov 20 19:45:16 2015 +@@ -39,18 +39,18 @@ ## Send every possible message to @LOCALSTATEDIR@/log/tor/debug.log #Log debug file @LOCALSTATEDIR@/log/tor/debug.log ## Use the system log instead of Tor's logfiles @@ -23,12 +23,12 @@ $OpenBSD: patch-src_config_torrc_sample_in,v 1.14 2015/03/26 21:32:30 pascal Exp ## The port on which Tor will listen for local connections from Tor ## controller applications, as documented in control-spec.txt. -@@ -173,6 +173,8 @@ - ## For security, by default Tor rejects connections to private (local) - ## networks, including to your public IP address. See the man page entry - ## for ExitPolicyRejectPrivate if you want to allow "exit enclaving". +@@ -182,6 +182,8 @@ + ## and any public IPv4 and IPv6 addresses on any interface on the relay. + ## See the man page entry for ExitPolicyRejectPrivate if you want to allow + ## "exit enclaving". +## Revoke privileges +User _tor ## - #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more - #ExitPolicy accept *:119 # accept nntp as well as default exit policy + #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports on IPv4 and IPv6 but no more + #ExitPolicy accept *:119 # accept nntp ports on IPv4 and IPv6 as well as default exit policy