[Buildroot] [PATCH 1/1] package/tor: security bump version to 0.4.6.7

Yann E. MORIN yann.morin.1998 at free.fr
Tue Aug 17 20:02:10 UTC 2021 

Bernd, All,

On 2021-08-17 18:37 +0200, Bernd Kuhls spake thusly:
> Fixes CVE-2021-38385: https://blog.torproject.org/node/2062
> 
> Rebased patch 0001.
> 
> Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>

Applied to master, thanks.

Regards,
Yann E. MORIN.

> ---
>  package/tor/0001-Fix-static-linking-with-OpenSSL.patch | 10 +++++-----
>  package/tor/tor.hash                                   |  2 +-
>  package/tor/tor.mk                                     |  2 +-
>  3 files changed, 7 insertions(+), 7 deletions(-)
> 
> diff --git a/package/tor/0001-Fix-static-linking-with-OpenSSL.patch b/package/tor/0001-Fix-static-linking-with-OpenSSL.patch
> index 8385c28972..26ed6fe819 100644
> --- a/package/tor/0001-Fix-static-linking-with-OpenSSL.patch
> +++ b/package/tor/0001-Fix-static-linking-with-OpenSSL.patch
> @@ -9,7 +9,7 @@ and remove host paths when looking for openssl.
>  [Vincent:
>   - Adapt the patch to make it apply on the new version.]
>  [Bernd: rebased for tor-0.2.7.6, 0.2.8.10, 0.2.9.9, 0.3.1.7, 0.3.2.10,
> -        0.3.4.8, 0.3.5.7, 0.4.4.5 & 0.4.5.6]
> +        0.3.4.8, 0.3.5.7, 0.4.4.5, 0.4.5.6 & 0.4.6.7]
>  [Fabrice: fix detection of openssl functions in 0.3.5.8]
>  Signed-off-by: Vicente Olivert Riera <Vincent.Riera at imgtec.com>
>  Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
> @@ -24,7 +24,7 @@ diff --git a/configure.ac b/configure.ac
>  index 05e1392cf..580befa6b 100644
>  --- a/configure.ac
>  +++ b/configure.ac
> -@@ -1056,7 +1056,7 @@ AC_ARG_WITH(ssl-dir,
> +@@ -1074,7 +1074,7 @@ AC_ARG_WITH(ssl-dir,
>     ])
>   
>   AC_MSG_NOTICE([Now, we'll look for OpenSSL >= 1.0.1])
> @@ -33,7 +33,7 @@ index 05e1392cf..580befa6b 100644
>       [#include <openssl/ssl.h>
>        char *getenv(const char *);],
>       [struct ssl_cipher_st;
> -@@ -1086,7 +1086,7 @@ dnl Now check for particular openssl functions.
> +@@ -1104,7 +1104,7 @@ dnl Now check for particular openssl functions.
>   save_LIBS="$LIBS"
>   save_LDFLAGS="$LDFLAGS"
>   save_CPPFLAGS="$CPPFLAGS"
> @@ -46,7 +46,7 @@ diff --git a/src/test/include.am b/src/test/include.am
>  index ecb768957..39a622e88 100644
>  --- a/src/test/include.am
>  +++ b/src/test/include.am
> -@@ -404,8 +404,8 @@ src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
> +@@ -399,8 +399,8 @@ src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
>   src_test_test_ntor_cl_LDADD = \
>   	libtor.a \
>   	$(rust_ldadd) \
> @@ -57,7 +57,7 @@ index ecb768957..39a622e88 100644
>   	@CURVE25519_LIBS@ @TOR_LZMA_LIBS@ @TOR_TRACE_LIBS@
>   src_test_test_ntor_cl_AM_CPPFLAGS =	       \
>   	$(AM_CPPFLAGS)
> -@@ -414,8 +414,8 @@
> +@@ -409,8 +409,8 @@
>   src_test_test_hs_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
>   src_test_test_hs_ntor_cl_LDADD = \
>   	libtor.a \
> diff --git a/package/tor/tor.hash b/package/tor/tor.hash
> index 564e0e7ecb..72bdc4a2ee 100644
> --- a/package/tor/tor.hash
> +++ b/package/tor/tor.hash
> @@ -1,3 +1,3 @@
>  # Locally computed
> -sha256  3423189ba455372021ed44e0be576d181f2908cbd9bdef202d9c11c950882e12  tor-0.4.6.6.tar.gz
> +sha256  ff665ce121b2952110bd98b9c8741b5593bf6c01ac09033ad848ed92c2510f9a  tor-0.4.6.7.tar.gz
>  sha256  47b54ed17e8fdcab3c44729a1789a09b208f9a63a845a7e50def9df729eebad0  LICENSE
> diff --git a/package/tor/tor.mk b/package/tor/tor.mk
> index 30ad34115f..54c8506f46 100644
> --- a/package/tor/tor.mk
> +++ b/package/tor/tor.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -TOR_VERSION = 0.4.6.6
> +TOR_VERSION = 0.4.6.7
>  TOR_SITE = https://dist.torproject.org
>  TOR_LICENSE = BSD-3-Clause
>  TOR_LICENSE_FILES = LICENSE
> -- 
> 2.30.2
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

More information about the buildroot mailing list