[Buildroot] [git commit branch/next] package/tor: security bump version to 0.4.6.7

Yann E. MORIN yann.morin.1998 at free.fr
Tue Aug 17 20:01:37 UTC 2021 

commit: https://git.buildroot.net/buildroot/commit/?id=8581151d515af5f9ddc0a96236431de1abeca3e2
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/next

Fixes CVE-2021-38385: https://blog.torproject.org/node/2062

Rebased patch 0001.

Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
---
 package/tor/0001-Fix-static-linking-with-OpenSSL.patch | 10 +++++-----
 package/tor/tor.hash                                   |  2 +-
 package/tor/tor.mk                                     |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/package/tor/0001-Fix-static-linking-with-OpenSSL.patch b/package/tor/0001-Fix-static-linking-with-OpenSSL.patch
index 8385c28972..26ed6fe819 100644
--- a/package/tor/0001-Fix-static-linking-with-OpenSSL.patch
+++ b/package/tor/0001-Fix-static-linking-with-OpenSSL.patch
@@ -9,7 +9,7 @@ and remove host paths when looking for openssl.
 [Vincent:
  - Adapt the patch to make it apply on the new version.]
 [Bernd: rebased for tor-0.2.7.6, 0.2.8.10, 0.2.9.9, 0.3.1.7, 0.3.2.10,
-        0.3.4.8, 0.3.5.7, 0.4.4.5 & 0.4.5.6]
+        0.3.4.8, 0.3.5.7, 0.4.4.5, 0.4.5.6 & 0.4.6.7]
 [Fabrice: fix detection of openssl functions in 0.3.5.8]
 Signed-off-by: Vicente Olivert Riera <Vincent.Riera at imgtec.com>
 Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
@@ -24,7 +24,7 @@ diff --git a/configure.ac b/configure.ac
 index 05e1392cf..580befa6b 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1056,7 +1056,7 @@ AC_ARG_WITH(ssl-dir,
+@@ -1074,7 +1074,7 @@ AC_ARG_WITH(ssl-dir,
    ])
  
  AC_MSG_NOTICE([Now, we'll look for OpenSSL >= 1.0.1])
@@ -33,7 +33,7 @@ index 05e1392cf..580befa6b 100644
      [#include <openssl/ssl.h>
       char *getenv(const char *);],
      [struct ssl_cipher_st;
-@@ -1086,7 +1086,7 @@ dnl Now check for particular openssl functions.
+@@ -1104,7 +1104,7 @@ dnl Now check for particular openssl functions.
  save_LIBS="$LIBS"
  save_LDFLAGS="$LDFLAGS"
  save_CPPFLAGS="$CPPFLAGS"
@@ -46,7 +46,7 @@ diff --git a/src/test/include.am b/src/test/include.am
 index ecb768957..39a622e88 100644
 --- a/src/test/include.am
 +++ b/src/test/include.am
-@@ -404,8 +404,8 @@ src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
+@@ -399,8 +399,8 @@ src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
  src_test_test_ntor_cl_LDADD = \
  	libtor.a \
  	$(rust_ldadd) \
@@ -57,7 +57,7 @@ index ecb768957..39a622e88 100644
  	@CURVE25519_LIBS@ @TOR_LZMA_LIBS@ @TOR_TRACE_LIBS@
  src_test_test_ntor_cl_AM_CPPFLAGS =	       \
  	$(AM_CPPFLAGS)
-@@ -414,8 +414,8 @@
+@@ -409,8 +409,8 @@
  src_test_test_hs_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB)
  src_test_test_hs_ntor_cl_LDADD = \
  	libtor.a \
diff --git a/package/tor/tor.hash b/package/tor/tor.hash
index 564e0e7ecb..72bdc4a2ee 100644
--- a/package/tor/tor.hash
+++ b/package/tor/tor.hash
@@ -1,3 +1,3 @@
 # Locally computed
-sha256  3423189ba455372021ed44e0be576d181f2908cbd9bdef202d9c11c950882e12  tor-0.4.6.6.tar.gz
+sha256  ff665ce121b2952110bd98b9c8741b5593bf6c01ac09033ad848ed92c2510f9a  tor-0.4.6.7.tar.gz
 sha256  47b54ed17e8fdcab3c44729a1789a09b208f9a63a845a7e50def9df729eebad0  LICENSE
diff --git a/package/tor/tor.mk b/package/tor/tor.mk
index 30ad34115f..54c8506f46 100644
--- a/package/tor/tor.mk
+++ b/package/tor/tor.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-TOR_VERSION = 0.4.6.6
+TOR_VERSION = 0.4.6.7
 TOR_SITE = https://dist.torproject.org
 TOR_LICENSE = BSD-3-Clause
 TOR_LICENSE_FILES = LICENSE

More information about the buildroot mailing list