From nobody@FreeBSD.org  Wed May 14 08:10:23 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id BDAB4106567B
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 14 May 2008 08:10:23 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id AF1E78FC1B
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 14 May 2008 08:10:23 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m4E89Fdk002929
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 14 May 2008 08:09:15 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m4E89FhE002928;
	Wed, 14 May 2008 08:09:15 GMT
	(envelope-from nobody)
Message-Id: <200805140809.m4E89FhE002928@www.freebsd.org>
Date: Wed, 14 May 2008 08:09:15 GMT
From: bf <bf2006a@yahoo.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [PATCH]security/tor-devel: update to 0.2.0.26-rc
X-Send-Pr-Version: www-3.1
X-GNATS-Notify: peter.thoenen@yahoo.com

>Number:         123664
>Category:       ports
>Synopsis:       [PATCH]security/tor-devel: update to 0.2.0.26-rc
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    miwi
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 14 08:20:02 UTC 2008
>Closed-Date:    Thu May 22 00:35:39 UTC 2008
>Last-Modified:  Thu May 22 00:40:04 UTC 2008
>Originator:     bf
>Release:        7-STABLE i386
>Organization:
-
>Environment:
>Description:
This update fixes a serious security problem, and a vuxml entry should be added detailing the vulnerability.

The ChangeLog in the distfile describes the problem: basically, three major directory authorities used vulnerable SSL keys that have been compromised, and the update contains a means of working around this problem, and of dealing with similar problems in the future.

All users should upgrade as soon as possible.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ruN tor-devel.orig/Makefile tor-devel/Makefile
--- tor-devel.orig/Makefile	2008-05-14 02:52:37.934754876 -0400
+++ tor-devel/Makefile	2008-05-14 03:37:53.370283973 -0400
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	tor
-DISTVERSION=	0.2.0.25-rc
+DISTVERSION=	0.2.0.26-rc
 CATEGORIES=	security net
 MASTER_SITES=	http://www.torproject.org/dist/ \
 		http://mirror.onionland.org/dist/
diff -ruN tor-devel.orig/distinfo tor-devel/distinfo
--- tor-devel.orig/distinfo	2008-05-14 02:52:37.934754876 -0400
+++ tor-devel/distinfo	2008-05-14 03:37:53.370283973 -0400
@@ -1,3 +1,3 @@
-MD5 (tor-0.2.0.25-rc.tar.gz) = c9fa4f72a1f890f55a54d52f946688dd
-SHA256 (tor-0.2.0.25-rc.tar.gz) = 34533a925894b9bb33aeb6e93b6a4a00c4a025b23f3f90f6c691e7ba7e3d4e87
-SIZE (tor-0.2.0.25-rc.tar.gz) = 1544463
+MD5 (tor-0.2.0.26-rc.tar.gz) = aa1179fab4dc69a10278e70729681053
+SHA256 (tor-0.2.0.26-rc.tar.gz) = 11b1e091da329c2a447f1bda85d79f9493968dfc463f039401324de8237e7369
+SIZE (tor-0.2.0.26-rc.tar.gz) = 1558724


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Wed May 14 08:20:11 UTC 2008 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123664 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: peter.thoenen@yahoo.com
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/123664: [PATCH]security/tor-devel: update to 0.2.0.26-rc
Date: Wed, 14 May 2008 08:20:09 UT

 Maintainer of security/tor-devel,
 
 Please note that PR ports/123664 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/123664
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org

From: Peter Thoenen <peter.thoenen@yahoo.com>
To: bug-followup@FreeBSD.org
Cc: bf <bf2006a@yahoo.com>
Subject: Re: ports/123664: [PATCH]security/tor-devel: update to 0.2.0.26-rc
Date: Wed, 14 May 2008 10:00:31 -0400

 Approved and thanks again BF.
 
 BTW, when you did a # make did it work for you?  I got an error with 
 tor-tsocks.conf.sample but my port system was corrupted lately so might 
 have just been me
 
 -Peter
 

From: bf <bf2006a@yahoo.com>
To: Peter Thoenen <peter.thoenen@yahoo.com>, bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/123664: [PATCH]security/tor-devel: update to 0.2.0.26-rc
Date: Wed, 14 May 2008 09:22:30 -0700 (PDT)

 This file installed normally as before.  It's still in
 ${WRKSRC}/contrib -- there don't seem to be any
 changes. You may want to clean out ports, resync, and
 try again.  Let me know if you still have problems. 
 Also, you may want to try the TCMALLOC knob again,
 because devel/google-perftools has been recently
 updated.
 
 Regards, 
        b.
 
 --- Peter Thoenen <peter.thoenen@yahoo.com> wrote:
 
 > Approved and thanks again BF.
 > 
 > BTW, when you did a # make did it work for you?  I
 > got an error with 
 > tor-tsocks.conf.sample but my port system was
 > corrupted lately so might 
 > have just been me
 > 
 > -Peter
 > 
 > 
 
 
 
       
Responsible-Changed-From-To: freebsd-ports-bugs->miwi 
Responsible-Changed-By: miwi 
Responsible-Changed-When: Wed May 14 17:57:51 UTC 2008 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123664 

From: Peter Thoenen <peter.thoenen@yahoo.com>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/123664: [PATCH]security/tor-devel: update to 0.2.0.26-rc
Date: Mon, 19 May 2008 11:30:57 -0400

 Just FYI committer this is approved.
 
 BF: My tcmalloc issue is its only for i386 :( ... no biggie though, one 
 day :)
State-Changed-From-To: feedback->closed 
State-Changed-By: miwi 
State-Changed-When: Thu May 22 00:35:39 UTC 2008 
State-Changed-Why:  
Committed. Vuxml entry come later today. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123664 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/123664: commit references a PR
Date: Thu, 22 May 2008 00:35:10 +0000 (UTC)

 miwi        2008-05-22 00:35:04 UTC
 
   FreeBSD ports repository
 
   Modified files:
     security/tor-devel   Makefile distinfo 
   Log:
   - Update to 0.2.0.26-rc
   
   PR:             123664
   Submitted by:   bf <bf2006a@yahoo.com>
   Approved by:    maintainer
   
   Revision  Changes    Path
   1.61      +1 -1      ports/security/tor-devel/Makefile
   1.44      +3 -3      ports/security/tor-devel/distinfo
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
