Pullup ticket #5919 - requested by leot

net/tor: security fix

Revisions pulled up:
- net/tor/Makefile                                              1.136-1.137
- net/tor/PLIST                                                 1.14
- net/tor/distinfo                                              1.96-1.97

---
   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Tue Jan  8 08:39:55 UTC 2019

   Modified Files:
           pkgsrc/net/tor: Makefile PLIST distinfo

   Log Message:
   tor: updated to 0.3.5.7

   Changes in version 0.3.5.7:

   Tor 0.3.5.7 is the first stable release in its series; it includes
   compilation and portability fixes, and a fix for a severe problem
   affecting directory caches.

   The Tor 0.3.5 series includes several new features and performance
   improvements, including client authorization for v3 onion services,
   cleanups to bootstrap reporting, support for improved bandwidth-
   measurement tools, experimental support for NSS in place of OpenSSL,
   and much more. It also begins a full reorganization of Tor's code
   layout, for improved modularity and maintainability in the future.
   Finally, there is the usual set of performance improvements and
   bugfixes that we try to do in every release series.

   There are a couple of changes in the 0.3.5 that may affect
   compatibility. First, the default version for newly created onion
   services is now v3. Use the HiddenServiceVersion option if you want to
   override this. Second, some log messages related to bootstrapping have
   changed; if you use stem, you may need to update to the latest version
   so it will recognize them.

   We have designated 0.3.5 as a "long-term support" (LTS) series: we
   will continue to patch major bugs in typical configurations of 0.3.5
   until at least 1 Feb 2022. (We do not plan to provide long-term
   support for embedding, Rust support, NSS support, running a directory
   authority, or unsupported platforms. For these, you will need to stick
   with the latest stable release.)

---
   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Fri Feb 22 08:47:51 UTC 2019

   Modified Files:
           pkgsrc/net/tor: Makefile distinfo

   Log Message:
   tor: updated to 0.3.5.8

   Changes in version 0.3.5.8:

   Tor 0.3.5.8 backports serveral fixes from later releases, including fixes
   for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x
   releases.

   It also includes a fix for a medium-severity security bug affecting Tor
   0.3.2.1-alpha and later. All Tor instances running an affected release
   should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.

   o Major bugfixes (cell scheduler, KIST, security):
     - Make KIST consider the outbuf length when computing what it can
       put in the outbuf. Previously, KIST acted as though the outbuf
       were empty, which could lead to the outbuf becoming too full. It
       is possible that an attacker could exploit this bug to cause a Tor
       client or relay to run out of memory and crash. Fixes bug 29168;
       bugfix on 0.3.2.1-alpha. This issue is also being tracked as
       TROVE-2019-001 and CVE-2019-8955.

   o Major bugfixes (networking, backport from 0.4.0.2-alpha):
     - Gracefully handle empty username/password fields in SOCKS5
       username/password auth messsage and allow SOCKS5 handshake to
       continue. Previously, we had rejected these handshakes, breaking
       certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.

   o Minor features (compilation, backport from 0.4.0.2-alpha):
     - Compile correctly when OpenSSL is built with engine support
       disabled, or with deprecated APIs disabled. Closes ticket 29026.
       Patches from "Mangix".

   o Minor features (geoip):
     - Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2
       Country database. Closes ticket 29478.

   o Minor features (testing, backport from 0.4.0.2-alpha):
     - Treat all unexpected ERR and BUG messages as test failures. Closes
       ticket 28668.

   o Minor bugfixes (onion service v3, client, backport from 0.4.0.1-alpha):
     - Stop logging a "BUG()" warning and stacktrace when we find a SOCKS
       connection waiting for a descriptor that we actually have in the
       cache. It turns out that this can actually happen, though it is
       rare. Now, tor will recover and retry the descriptor. Fixes bug
       28669; bugfix on 0.3.2.4-alpha.

   o Minor bugfixes (IPv6, backport from 0.4.0.1-alpha):
     - Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the
       IPv6 socket was bound using an address family of AF_INET instead
       of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from
       Kris Katterjohn.

   o Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha):
     - Update Cargo.lock file to match the version made by the latest
       version of Rust, so that "make distcheck" will pass again. Fixes
       bug 29244; bugfix on 0.3.3.4-alpha.

   o Minor bugfixes (client, clock skew, backport from 0.4.0.1-alpha):
     - Select guards even if the consensus has expired, as long as the
       consensus is still reasonably live. Fixes bug 24661; bugfix
       on 0.3.0.1-alpha.

   o Minor bugfixes (compilation, backport from 0.4.0.1-alpha):
     - Compile correctly on OpenBSD; previously, we were missing some
       headers required in order to detect it properly. Fixes bug 28938;
       bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.terjohn.

   o Minor bugfixes (documentation, backport from 0.4.0.2-alpha):
     - Describe the contents of the v3 onion service client authorization
       files correctly: They hold public keys, not private keys. Fixes
       bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".

   o Minor bugfixes (logging, backport from 0.4.0.1-alpha):
     - Rework rep_hist_log_link_protocol_counts() to iterate through all
       link protocol versions when logging incoming/outgoing connection
       counts. Tor no longer skips version 5, and we won't have to
       remember to update this function when new link protocol version is
       developed. Fixes bug 28920; bugfix on 0.2.6.10.

   o Minor bugfixes (logging, backport from 0.4.0.2-alpha):
     - Log more information at "warning" level when unable to read a
       private key; log more information at "info" level when unable to
       read a public key. We had warnings here before, but they were lost
       during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.

   o Minor bugfixes (misc, backport from 0.4.0.2-alpha):
     - The amount of total available physical memory is now determined
       using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM)
       when it is defined and a 64-bit variant is not available. Fixes
       bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.

   o Minor bugfixes (onion services, backport from 0.4.0.2-alpha):
     - Avoid crashing if ClientOnionAuthDir (incorrectly) contains more
       than one private key for a hidden service. Fixes bug 29040; bugfix
       on 0.3.5.1-alpha.
     - In hs_cache_store_as_client() log an HSDesc we failed to parse at
       "debug" level. Tor used to log it as a warning, which caused very
       long log lines to appear for some users. Fixes bug 29135; bugfix
       on 0.3.2.1-alpha.
     - Stop logging "Tried to establish rendezvous on non-OR circuit..."
       as a warning. Instead, log it as a protocol warning, because there
       is nothing that relay operators can do to fix it. Fixes bug 29029;
       bugfix on 0.2.5.7-rc.on 0.2.5.7-rc.

   o Minor bugfixes (tests, directory clients, backport from 0.4.0.1-alpha):
     - Mark outdated dirservers when Tor only has a reasonably live
       consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha.

   o Minor bugfixes (tests, backport from 0.4.0.2-alpha):
     - Detect and suppress "bug" warnings from the util/time test on
       Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha.
     - Do not log an error-level message if we fail to find an IPv6
       network interface from the unit tests. Fixes bug 29160; bugfix
       on 0.2.7.3-rc.

   o Minor bugfixes (usability, backport from 0.4.0.1-alpha):
     - Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate().
       Some users took this phrasing to mean that the mentioned guard was
       under their control or responsibility, which it is not. Fixes bug
       28895; bugfix on Tor 0.3.0.1-alpha.

3 files changed, 14 insertions, 11 deletions

diff --git a/net/tor/Makefile b/net/tor/Makefile
index c17a793fa7e..2c34283407c 100644
--- a/net/tor/Makefile
+++ b/net/tor/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.135 2018/11/06 19:32:30 adam Exp $
+# $NetBSD: Makefile,v 1.135.2.1 2019/03/04 17:11:05 bsiegert Exp $
 
-DISTNAME=	tor-0.3.4.9
+DISTNAME=	tor-0.3.5.8
 CATEGORIES=	net security
 MASTER_SITES=	https://dist.torproject.org/
 
@@ -11,6 +11,7 @@ LICENSE=	modified-bsd
 
 USE_LANGUAGES=		c99
 USE_PKGLOCALEDIR=	yes
+USE_TOOLS+=		perl:test
 GNU_CONFIGURE=		yes
 CONFIGURE_ARGS+=	--localstatedir=${VARBASE}
 CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFBASEDIR}
@@ -38,8 +39,8 @@ USER_GROUP=		${TOR_USER} ${TOR_GROUP}
 
 OWN_DIRS_PERMS+=	${PKG_HOME.${TOR_USER}} ${USER_GROUP} 0700
 
-CONF_FILES+=		${PREFIX}/share/examples/tor/torrc.sample 	\
-				${PKG_SYSCONFDIR}/torrc
+CONF_FILES+=		${PREFIX}/share/examples/tor/torrc.sample \
+			${PKG_SYSCONFDIR}/torrc
 
 PRINT_PLIST_AWK+=	/^man\/man/ { $$0 = "$${PLIST.doc}" $$0 }
 PRINT_PLIST_AWK+=	/^share\/doc/ { $$0 = "$${PLIST.doc}" $$0 }
@@ -65,7 +66,6 @@ BUILDLINK_API_DEPENDS.openssl+=	openssl>=1.0
 .include "../../mk/pthread.buildlink3.mk"
 
 ## We include this after other b3.mk files since we use PTHREAD_TYPE.
-##
 .include "options.mk"
 
 .include "../../mk/bsd.pkg.mk"
diff --git a/net/tor/PLIST b/net/tor/PLIST
index 8b9b1d9a24c..34f1f42ff78 100644
--- a/net/tor/PLIST
+++ b/net/tor/PLIST
@@ -1,13 +1,16 @@
-@comment $NetBSD: PLIST,v 1.13 2017/05/13 20:25:44 alnsn Exp $
+@comment $NetBSD: PLIST,v 1.13.16.1 2019/03/04 17:11:05 bsiegert Exp $
 bin/tor
 bin/tor-gencert
+bin/tor-print-ed-signing-cert
 bin/tor-resolve
 bin/torify
 ${PLIST.doc}man/man1/tor-gencert.1
+${PLIST.doc}man/man1/tor-print-ed-signing-cert.1
 ${PLIST.doc}man/man1/tor-resolve.1
 ${PLIST.doc}man/man1/tor.1
 ${PLIST.doc}man/man1/torify.1
 ${PLIST.doc}share/doc/tor/tor-gencert.html
+${PLIST.doc}share/doc/tor/tor-print-ed-signing-cert.html
 ${PLIST.doc}share/doc/tor/tor-resolve.html
 ${PLIST.doc}share/doc/tor/tor.html
 ${PLIST.doc}share/doc/tor/torify.html
diff --git a/net/tor/distinfo b/net/tor/distinfo
index dbc3f313103..6fde6a6e5b4 100644
--- a/net/tor/distinfo
+++ b/net/tor/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.95 2018/11/06 19:32:30 adam Exp $
+$NetBSD: distinfo,v 1.95.2.1 2019/03/04 17:11:05 bsiegert Exp $
 
-SHA1 (tor-0.3.4.9.tar.gz) = c6830f260c400795aaaaaa865f9f418016e16299
-RMD160 (tor-0.3.4.9.tar.gz) = a0b904105d534e790a3a380f5bbafe8c5e4d43a0
-SHA512 (tor-0.3.4.9.tar.gz) = cc254a2cc2f21b4511e9cb215ba5f05fefc4dceffcf46a402efa2d3540872a4ed8e0095245df0802ea12c1367451bc16ca60c0aea6a77e2139580f3c5ba8c02f
-Size (tor-0.3.4.9.tar.gz) = 6695931 bytes
+SHA1 (tor-0.3.5.8.tar.gz) = 43ce6638a54190b58b62537e1c0892f95552d407
+RMD160 (tor-0.3.5.8.tar.gz) = f94869f6f11277a7c786f8355c528912ab55733b
+SHA512 (tor-0.3.5.8.tar.gz) = 47a21cdd6d4563dd9bfb43c26f054f00747d069611dc9b16eb11b9653fab5c0133fb8bd30e162fa27d90d6bc4f88c0e2bf49eb4fe54529017d5eb87c3bb86132
+Size (tor-0.3.5.8.tar.gz) = 6994335 bytes