Update to tor-browser 6.0.7, patching CVE-2016-9079 (Use-after-free in

SVG Animation). updates: - https-everywhere to 5.2.7 - noscript to 2.9.5.2 - tor-launcher to 0.2.9.4 - torbutton to 1.9.5.12 From MAINTAINER attila // stalphonsos // com.
2016-12-02 08:18:18 +00:00 · 2016-12-02 08:18:18 +00:00 · f267c30d62
commit f267c30d62
parent ec65210c53
14 changed files with 39 additions and 36 deletions
--- a/meta/tor-browser/Makefile
+++ b/meta/tor-browser/Makefile
@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.1.1.1 2016/11/13 21:18:48 landry Exp $
+# $OpenBSD: Makefile,v 1.2 2016/12/02 08:18:18 landry Exp $

 COMMENT=	Tor Browser meta package

 MAINTAINER=	Sean Levy <attila@stalphonsos.com>

-PKGNAME=	tor-browser-6.0.5
+PKGNAME=	tor-browser-6.0.7

 RUN_DEPENDS=	www/tor-browser/browser \
 		www/tor-browser/torbutton \
--- a/www/tor-browser/Makefile.inc
+++ b/www/tor-browser/Makefile.inc
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.1.1.1 2016/11/13 21:15:43 landry Exp $
+# $OpenBSD: Makefile.inc,v 1.2 2016/12/02 08:18:18 landry Exp $

 MAINTAINER ?=		Sean Levy <attila@stalphonsos.com>
 HOMEPAGE ?=		https://www.torproject.org
@ -6,7 +6,7 @@ GH_ACCOUNT ?=		torbsd
 PERMIT_PACKAGE_CDROM ?= Yes
 CATEGORIES =		www
 BROWSER_NAME =		tor-browser
-TB_VERSION =		6.0.5
+TB_VERSION =		6.0.7
 TB_PREFIX =		tb

 SUBST_VARS +=		BROWSER_NAME TB_VERSION
--- a/www/tor-browser/browser/Makefile
+++ b/www/tor-browser/browser/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.1.1.1 2016/11/13 21:15:43 landry Exp $
+# $OpenBSD: Makefile,v 1.2 2016/12/02 08:18:18 landry Exp $
 # Some of this comes from www/firefox-esr as apropos, since Tor
 # browser is a fork of ESR.  It is a good idea to look at that
 # Makefile when editing this one (ESR versions not always the same).
@ -15,7 +15,7 @@ DIST_SUBDIR = 		${BROWSER_NAME}
 WRKDIST = 		${WRKDIR}/${GH_PROJECT}-${GH_TAGNAME:C/^v//}

 GH_PROJECT =		torb
-GH_TAGNAME =		v${TB_VERSION}-esr45.4.0
+GH_TAGNAME =		v${TB_VERSION}-esr45.5.1

 PKGNAME =		${TB_PREFIX}-browser-${TB_VERSION}
 DISTNAME =		${GH_TAGNAME}
--- a/www/tor-browser/browser/distinfo
+++ b/www/tor-browser/browser/distinfo
@ -1,2 +1,2 @@
-SHA256 (tor-browser/v6.0.5-esr45.4.0.tar.gz) = zDpUGriIt9TbKiV8bG5aFIxdCZ3fw2E3j4PSDkxKms8=
-SIZE (tor-browser/v6.0.5-esr45.4.0.tar.gz) = 256581824
+SHA256 (tor-browser/v6.0.7-esr45.5.1.tar.gz) = mvkYQHtZPZyiUiT5RpAnl48QcF3/YOO3x5mC4JjLuzs=
+SIZE (tor-browser/v6.0.7-esr45.5.1.tar.gz) = 256632500
--- a/www/tor-browser/browser/files/extension-overrides.js
+++ b/www/tor-browser/browser/files/extension-overrides.js
@ -81,24 +81,27 @@ pref("extensions.torlauncher.default_bridge.fte.4", "fte 128.105.214.163:8080 A1

 pref("extensions.torlauncher.default_bridge.scramblesuit.1", "scramblesuit 83.212.101.3:443 A09D536DD1752D542E1FBB3C9CE4449D51298239 password=XTCXLG2JAMJKZW2POLBAOWOQETQSMASH");

-pref("extensions.torlauncher.default_bridge.obfs4.1", "obfs4 154.35.22.10:2934 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0");
+pref("extensions.torlauncher.default_bridge.obfs4.1", "obfs4 154.35.22.10:9332 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0");
 pref("extensions.torlauncher.default_bridge.obfs4.2", "obfs4 198.245.60.50:443 752CF7825B3B9EA6A98C83AC41F7099D67007EA5 cert=xpmQtKUqQ/6v5X7ijgYE/f03+l2/EuQ1dexjyUhh16wQlu/cpXUGalmhDIlhuiQPNEKmKw iat-mode=0");
 pref("extensions.torlauncher.default_bridge.obfs4.3", "obfs4 192.99.11.54:443 7B126FAB960E5AC6A629C729434FF84FB5074EC2 cert=VW5f8+IBUWpPFxF+rsiVy2wXkyTQG7vEd+rHeN2jV5LIDNu8wMNEOqZXPwHdwMVEBdqXEw iat-mode=0");
 pref("extensions.torlauncher.default_bridge.obfs4.4", "obfs4 109.105.109.165:10527 8DFCD8FB3285E855F5A55EDDA35696C743ABFC4E cert=Bvg/itxeL4TWKLP6N1MaQzSOC6tcRIBv6q57DYAZc3b2AzuM+/TfB7mqTFEfXILCjEwzVA iat-mode=0");
-pref("extensions.torlauncher.default_bridge.obfs4.5", "obfs4 83.212.101.3:50000 A09D536DD1752D542E1FBB3C9CE4449D51298239 cert=lPRQ/MXdD1t5SRZ9MquYQNT9m5DV757jtdXdlePmRCudUU9CFUOX1Tm7/meFSyPOsud7Cw iat-mode=0");
+pref("extensions.torlauncher.default_bridge.obfs4.5", "obfs4 83.212.101.3:50001 A09D536DD1752D542E1FBB3C9CE4449D51298239 cert=lPRQ/MXdD1t5SRZ9MquYQNT9m5DV757jtdXdlePmRCudUU9CFUOX1Tm7/meFSyPOsud7Cw iat-mode=0");
 pref("extensions.torlauncher.default_bridge.obfs4.6", "obfs4 109.105.109.147:13764 BBB28DF0F201E706BE564EFE690FE9577DD8386D cert=KfMQN/tNMFdda61hMgpiMI7pbwU1T+wxjTulYnfw+4sgvG0zSH7N7fwT10BI8MUdAD7iJA iat-mode=0");
-pref("extensions.torlauncher.default_bridge.obfs4.7", "obfs4 154.35.22.11:2413 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0");
+pref("extensions.torlauncher.default_bridge.obfs4.7", "obfs4 154.35.22.11:7920 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0");
 pref("extensions.torlauncher.default_bridge.obfs4.8", "obfs4 154.35.22.12:80 00DC6C4FA49A65BD1472993CF6730D54F11E0DBB cert=N86E9hKXXXVz6G7w2z8wFfhIDztDAzZ/3poxVePHEYjbKDWzjkRDccFMAnhK75fc65pYSg iat-mode=0");
 pref("extensions.torlauncher.default_bridge.obfs4.9", "obfs4 154.35.22.13:443 FE7840FE1E21FE0A0639ED176EDA00A3ECA1E34D cert=fKnzxr+m+jWXXQGCaXe4f2gGoPXMzbL+bTBbXMYXuK0tMotd+nXyS33y2mONZWU29l81CA iat-mode=0");
 pref("extensions.torlauncher.default_bridge.obfs4.10", "obfs4 154.35.22.10:80 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0");
 pref("extensions.torlauncher.default_bridge.obfs4.11", "obfs4 154.35.22.10:443 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0");
 pref("extensions.torlauncher.default_bridge.obfs4.12", "obfs4 154.35.22.11:443 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0");
 pref("extensions.torlauncher.default_bridge.obfs4.13", "obfs4 154.35.22.11:80 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0");
-pref("extensions.torlauncher.default_bridge.obfs4.14", "obfs4 154.35.22.9:5881 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0");
+pref("extensions.torlauncher.default_bridge.obfs4.14", "obfs4 154.35.22.9:7013 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0");
 pref("extensions.torlauncher.default_bridge.obfs4.15", "obfs4 154.35.22.9:80 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0");
 pref("extensions.torlauncher.default_bridge.obfs4.16", "obfs4 154.35.22.9:443 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0");
-pref("extensions.torlauncher.default_bridge.obfs4.17", "obfs4 154.35.22.12:1894 00DC6C4FA49A65BD1472993CF6730D54F11E0DBB cert=N86E9hKXXXVz6G7w2z8wFfhIDztDAzZ/3poxVePHEYjbKDWzjkRDccFMAnhK75fc65pYSg iat-mode=0");
-pref("extensions.torlauncher.default_bridge.obfs4.18", "obfs4 154.35.22.13:4319 FE7840FE1E21FE0A0639ED176EDA00A3ECA1E34D cert=fKnzxr+m+jWXXQGCaXe4f2gGoPXMzbL+bTBbXMYXuK0tMotd+nXyS33y2mONZWU29l81CA iat-mode=0");
+pref("extensions.torlauncher.default_bridge.obfs4.17", "obfs4 154.35.22.12:4148 00DC6C4FA49A65BD1472993CF6730D54F11E0DBB cert=N86E9hKXXXVz6G7w2z8wFfhIDztDAzZ/3poxVePHEYjbKDWzjkRDccFMAnhK75fc65pYSg iat-mode=0");
+pref("extensions.torlauncher.default_bridge.obfs4.18", "obfs4 154.35.22.13:6041 FE7840FE1E21FE0A0639ED176EDA00A3ECA1E34D cert=fKnzxr+m+jWXXQGCaXe4f2gGoPXMzbL+bTBbXMYXuK0tMotd+nXyS33y2mONZWU29l81CA iat-mode=0");
+pref("extensions.torlauncher.default_bridge.obfs4.19", "obfs4 192.95.36.142:443 CDF2E852BF539B82BD10E27E9115A31734E378C2 cert=qUVQ0srL1JI/vO6V6m/24anYXiJD3QP2HgzUKQtQ7GRqqUvs7P+tG43RtAqdhLOALP7DJQ iat-mode=0");
+// Not used yet
+// pref("extensions.torlauncher.default_bridge.obfs4.20", "obfs4 85.17.30.79:443 FC259A04A328A07FED1413E9FC6526530D9FD87A cert=RutxZlu8BtyP+y0NX7bAVD41+J/qXNhHUrKjFkRSdiBAhIHIQLhKQ2HxESAKZprn/lR3KA iat-mode=0");

 pref("extensions.torlauncher.default_bridge.meek-amazon.1", "meek 0.0.2.0:2 B9E7141C594AF25699E0079C1F0146F409495296 url=https://d2zfqthxsdq309.cloudfront.net/ front=a0.awsstatic.com");
 pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek 0.0.2.0:3 A2C13B7DFCAB1CBF3A884B6EB99A98067AB6EF44 url=https://az786092.vo.msecnd.net/ front=ajax.aspnetcdn.com");
--- a/www/tor-browser/https-everywhere/Makefile
+++ b/www/tor-browser/https-everywhere/Makefile
@ -1,7 +1,7 @@
-# $OpenBSD: Makefile,v 1.1.1.1 2016/11/13 21:15:43 landry Exp $
+# $OpenBSD: Makefile,v 1.2 2016/12/02 08:18:18 landry Exp $

 ADDON_NAME =		https-everywhere
-V =			5.2.4
+V =			5.2.7
 COMMENT =		Tor Browser add-on: force https where possible
 HOMEPAGE =		https://www.eff.org/https-everywhere
 MASTER_SITES =		https://www.eff.org/files/
--- a/www/tor-browser/https-everywhere/distinfo
+++ b/www/tor-browser/https-everywhere/distinfo
@ -1,2 +1,2 @@
-SHA256 (https-everywhere-5.2.4-eff.xpi) = PC9aQg03favSabMrynpCrXWDFMBBLIpQq8osQU0JZ+k=
-SIZE (https-everywhere-5.2.4-eff.xpi) = 2744991
+SHA256 (https-everywhere-5.2.7-eff.xpi) = QumXWasDvp4oZsG8fdCWuxrOtvzC4D26hINfRAEmav8=
+SIZE (https-everywhere-5.2.7-eff.xpi) = 2786379
--- a/www/tor-browser/noscript/Makefile
+++ b/www/tor-browser/noscript/Makefile
@ -1,7 +1,7 @@
-# $OpenBSD: Makefile,v 1.2 2016/11/13 21:24:29 landry Exp $
+# $OpenBSD: Makefile,v 1.3 2016/12/02 08:18:19 landry Exp $

 ADDON_NAME =		noscript
-V =			2.9.0.14
+V =			2.9.5.2
 COMMENT =		Tor Browser add-on: flexible JS blocker
 HOMEPAGE =		http://noscript.net
 MASTER_SITES =		https://secure.informaction.com/download/releases/
--- a/www/tor-browser/noscript/distinfo
+++ b/www/tor-browser/noscript/distinfo
@ -1,2 +1,2 @@
-SHA256 (noscript-2.9.0.14.xpi) = ObxxviDDGFeCOep5HANB2/zROzNVmvCAzqOG7uwIszc=
-SIZE (noscript-2.9.0.14.xpi) = 564604
+SHA256 (noscript-2.9.5.2.xpi) = 7XHKkieQ6BvF6Maoe7gfOUo4Z2rDfR+6UYpqQo0SjdU=
+SIZE (noscript-2.9.5.2.xpi) = 555628
--- a/www/tor-browser/tor-launcher/Makefile
+++ b/www/tor-browser/tor-launcher/Makefile
@ -1,7 +1,7 @@
-# $OpenBSD: Makefile,v 1.1.1.1 2016/11/13 21:15:43 landry Exp $
+# $OpenBSD: Makefile,v 1.2 2016/12/02 08:18:19 landry Exp $

 ADDON_NAME =		tor-launcher
-V =			0.2.9.3
+V =			0.2.9.4
 COMMENT =		Tor Browser add-on to manage tor instance
 GUID =			tor-launcher@torproject.org
 PKGNAME =		${TB_NAME}
--- a/www/tor-browser/tor-launcher/distinfo
+++ b/www/tor-browser/tor-launcher/distinfo
@ -1,2 +1,2 @@
-SHA256 (tor-launcher-0.2.9.3.tar.gz) = B10+MvV/Peb10Za2ifWEclT0L60JSZFrgXBjA5dx/FM=
-SIZE (tor-launcher-0.2.9.3.tar.gz) = 253592
+SHA256 (tor-launcher-0.2.9.4.tar.gz) = XhMm07QNwEvqBBgVHdxbQiy8kJc+kpS3jWFI5w+8ryE=
+SIZE (tor-launcher-0.2.9.4.tar.gz) = 253980
--- a/www/tor-browser/tor-launcher/patches/patch-src_components_tl-process_js
+++ b/www/tor-browser/tor-launcher/patches/patch-src_components_tl-process_js
@ -1,10 +1,10 @@
-$OpenBSD: patch-src_components_tl-process_js,v 1.1.1.1 2016/11/13 21:15:43 landry Exp $
+$OpenBSD: patch-src_components_tl-process_js,v 1.2 2016/12/02 08:18:19 landry Exp $

 Let geoip/geoip6 file paths be set by prefs like everything else.  Go
 back to old way of munging relative paths, their new way is
 effectively a no-op for us anyway.
--- src/components/tl-process.js.orig	Tue May 24 16:33:24 2016
-+++ src/components/tl-process.js	Thu Jun 23 09:54:49 2016
+--- src/components/tl-process.js.orig	Wed Nov  9 04:55:57 2016
+++ src/components/tl-process.js	Fri Nov 18 17:04:27 2016
@@ -309,6 +309,7 @@ TorProcessService.prototype =
   mIsQuitting: false,
   mObsSvc: null,
@ -42,7 +42,7 @@ effectively a no-op for us anyway.
       }
       args.push("-f");
       args.push(torrcFile.path);
-@@ -679,10 +676,10 @@ TorProcessService.prototype =
+@@ -684,10 +681,10 @@ TorProcessService.prototype =
       return null;
 
     let isRelativePath = true;
@ -55,7 +55,7 @@ effectively a no-op for us anyway.
     if (path)
     {
       let re = (TorLauncherUtil.isWindows) ?  /^[A-Za-z]:\\/ : /^\//;
-@@ -763,16 +760,13 @@ TorProcessService.prototype =
+@@ -768,16 +765,13 @@ TorProcessService.prototype =
       if (isRelativePath)
       {
         // Turn 'path' into an absolute path.
@ -77,7 +77,7 @@ effectively a no-op for us anyway.
         f.appendRelativePath(path);
       }
       else
-@@ -800,6 +794,8 @@ TorProcessService.prototype =
+@@ -805,6 +799,8 @@ TorProcessService.prototype =
       if (f.exists())
       {
         try { f.normalize(); } catch(e) {}
--- a/www/tor-browser/torbutton/Makefile
+++ b/www/tor-browser/torbutton/Makefile
@ -1,7 +1,7 @@
-# $OpenBSD: Makefile,v 1.1.1.1 2016/11/13 21:15:43 landry Exp $
+# $OpenBSD: Makefile,v 1.2 2016/12/02 08:18:19 landry Exp $

 ADDON_NAME =		torbutton
-V =			1.9.5.7
+V =			1.9.5.12
 COMMENT =		Tor Browser add-on for configuring Tor Browser settings
 GUID =			torbutton@torproject.org
 PKGNAME =		${TB_NAME}
--- a/www/tor-browser/torbutton/distinfo
+++ b/www/tor-browser/torbutton/distinfo
@ -1,2 +1,2 @@
-SHA256 (torbutton-1.9.5.7.tar.gz) = qTRD0QQAS2ApebcxsRyalsn0WhR/FRW9hAgj5Sr0fAs=
-SIZE (torbutton-1.9.5.7.tar.gz) = 867843
+SHA256 (torbutton-1.9.5.12.tar.gz) = EmLh5iuS7QXfZo8K6SpRtUhmnU7f+hOW5eZmyQnz1e8=
+SIZE (torbutton-1.9.5.12.tar.gz) = 893614