aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Peter Korsgaard <peter@korsgaard.com>2020-03-28 08:20:49 +0100
committerGravatar Peter Korsgaard <peter@korsgaard.com>2020-03-28 08:20:49 +0100
commit346c4e6580b7e6dd603a3f84f7e84e737e78a0c5 (patch)
tree245e96885011dad096c99a1f32bbc7bc12b06b22
parent630283a7f79107d93a8502a8467571f61c99d24d (diff)
downloadbuildroot-346c4e6580b7e6dd603a3f84f7e84e737e78a0c5.tar.gz
buildroot-346c4e6580b7e6dd603a3f84f7e84e737e78a0c5.tar.bz2
package/tor: security bump to version 3.5.10
Fixes the following security issues: - Fix a denial-of-service bug that could be used by anyone to consume a bunch of CPU on any Tor relay or authority, or by directories to consume a bunch of CPU on clients or hidden services. Because of the potential for CPU consumption to introduce observable timing patterns, we are treating this as a high-severity security issue. Fixes bug 33119; bugfix on 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue as TROVE-2020-002 and CVE-2020-10592. - Correct how we use libseccomp. Particularly, stop assuming that rules are applied in a particular order or that more rules are processed after the first match. Neither is the case! In libseccomp <2.4.0 this lead to some rules having no effect. libseccomp 2.4.0 changed how rules are generated, leading to a different ordering, which in turn led to a fatal crash during startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by Peter Gerber. For more details, see the changelog: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.5.10 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/tor/tor.hash2
-rw-r--r--package/tor/tor.mk2
2 files changed, 2 insertions, 2 deletions
diff --git a/package/tor/tor.hash b/package/tor/tor.hash
index 5b07981d95..51aaf38e18 100644
--- a/package/tor/tor.hash
+++ b/package/tor/tor.hash
@@ -1,3 +1,3 @@
# Locally computed
-sha256 d5c56603942a8927670f50a4a469fb909e29d3571fdd013389d567e57abc0b47 tor-0.3.5.8.tar.gz
+sha256 0196be233826e19d1809f05ed01955ad5e8245d3267b9754410230222859f9c4 tor-0.3.5.10.tar.gz
sha256 b4248f32f009d4f5cccb704b351e31a16590e0dd5fda2856382cc854d81f6234 LICENSE
diff --git a/package/tor/tor.mk b/package/tor/tor.mk
index fe951fb266..0462d1106f 100644
--- a/package/tor/tor.mk
+++ b/package/tor/tor.mk
@@ -4,7 +4,7 @@
#
################################################################################
-TOR_VERSION = 0.3.5.8
+TOR_VERSION = 0.3.5.10
TOR_SITE = https://dist.torproject.org
TOR_LICENSE = BSD-3-Clause
TOR_LICENSE_FILES = LICENSE