Update tor to 0.2.6.8. From Christian Sturm in PR pkg/49917.

Changes in version 0.2.6.8 - 2015-05-21
  Tor 0.2.6.8 fixes a bit of dodgy code in parsing INTRODUCE2 cells, and
  fixes an authority-side bug in assigning the HSDir flag. All directory
  authorities should upgrade.

  o Major bugfixes (hidden services, backport from 0.2.7.1-alpha):
    - Revert commit that made directory authorities assign the HSDir
      flag to relay without a DirPort; this was bad because such relays
      can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix
      on tor-0.2.6.3-alpha.

  o Minor bugfixes (hidden service, backport from 0.2.7.1-alpha):
    - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
      a client authorized hidden service. Fixes bug 15823; bugfix
      on 0.2.1.6-alpha.

  o Minor features (geoip):
    - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
    - Update geoip6 to the April 8 2015 Maxmind GeoLite2
      Country database.


Changes in version 0.2.6.7 - 2015-04-06
  Tor 0.2.6.7 fixes two security issues that could be used by an
  attacker to crash hidden services, or crash clients visiting hidden
  services. Hidden services should upgrade as soon as possible; clients
  should upgrade whenever packages become available.

  This release also contains two simple improvements to make hidden
  services a bit less vulnerable to denial-of-service attacks.

  o Major bugfixes (security, hidden service):
    - Fix an issue that would allow a malicious client to trigger an
      assertion failure and halt a hidden service. Fixes bug 15600;
      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
    - Fix a bug that could cause a client to crash with an assertion
      failure when parsing a malformed hidden service descriptor. Fixes
      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".

  o Minor features (DoS-resistance, hidden service):
    - Introduction points no longer allow multiple INTRODUCE1 cells to
      arrive on the same circuit. This should make it more expensive for
      attackers to overwhelm hidden services with introductions.
      Resolves ticket 15515.
    - Decrease the amount of reattempts that a hidden service performs
      when its rendezvous circuits fail. This reduces the computational
      cost for running a hidden service under heavy load. Resolves
      ticket 11447.

3 files changed, 10 insertions, 34 deletions

diff --git a/net/tor/Makefile b/net/tor/Makefile
index 6046237eeab..44ec391692f 100644
--- a/net/tor/Makefile
+++ b/net/tor/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.102 2015/04/08 05:26:02 wiz Exp $
+# $NetBSD: Makefile,v 1.103 2015/05/23 08:53:11 bsiegert Exp $
 
-DISTNAME=		tor-0.2.5.12
+DISTNAME=		tor-0.2.6.8
 CATEGORIES=		net security
 MASTER_SITES=		http://www.torproject.org/dist/
 
@@ -22,8 +22,8 @@ TEST_TARGET=		check
 
 TOR_USER?=		tor
 TOR_GROUP?=		tor
-PKG_GECOS.${TOR_USER}?=	Torifier
-PKG_HOME.${TOR_USER}?=	${VARBASE}/chroot/tor
+PKG_GECOS.${TOR_USER}=	Torifier
+PKG_HOME.${TOR_USER}=	${VARBASE}/chroot/tor
 BUILD_DEFS+=		VARBASE
 PKG_SYSCONFSUBDIR=	tor
 
@@ -46,12 +46,6 @@ CONF_FILES+=		${PREFIX}/share/examples/tor/torrc.sample 	\
 FILES_SUBST+=		PKG_HOME=${PKG_HOME.${TOR_USER}}
 FILES_SUBST+=		TOR_USER=${TOR_USER} TOR_GROUP=${TOR_GROUP}
 
-SUBST_CLASSES+=			fix-paths
-SUBST_STAGE.fix-paths=		pre-configure
-SUBST_MESSAGE.fix-paths=	Fixing absolute paths.
-SUBST_FILES.fix-paths=		contrib/torify.in
-SUBST_SED.fix-paths=		-e 's,"/etc/tor,"${PKG_SYSCONFDIR},g'
-
 INSTALL_MAKE_FLAGS+=	sysconfdir=${PREFIX}/share/examples
 
 CHECK_PORTABILITY_SKIP+=contrib/*
diff --git a/net/tor/distinfo b/net/tor/distinfo
index 91826e7709e..cd1771c9512 100644
--- a/net/tor/distinfo
+++ b/net/tor/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.63 2015/04/08 05:26:02 wiz Exp $
+$NetBSD: distinfo,v 1.64 2015/05/23 08:53:11 bsiegert Exp $
 
-SHA1 (tor-0.2.5.12.tar.gz) = 256e6d77d71420a21a67bba270f43fcf356f8737
-RMD160 (tor-0.2.5.12.tar.gz) = 8e6ab8660c0c833849ff0aa8bbf44dcf2097e3eb
-Size (tor-0.2.5.12.tar.gz) = 3311423 bytes
+SHA1 (tor-0.2.6.8.tar.gz) = d087dac687d17199feda3a32bbc988333afeb4ef
+RMD160 (tor-0.2.6.8.tar.gz) = 6427bded6041965af16e67bcc133b273b223b5fd
+Size (tor-0.2.6.8.tar.gz) = 3580783 bytes
 SHA1 (patch-aa) = ac774cb976e03ff4d38415e78720f2f463c210c8
diff --git a/net/tor/options.mk b/net/tor/options.mk
index d8469f627c8..e12cb926f9b 100644
--- a/net/tor/options.mk
+++ b/net/tor/options.mk
@@ -1,13 +1,9 @@
-# $NetBSD: options.mk,v 1.6 2014/06/25 13:08:37 drochner Exp $
+# $NetBSD: options.mk,v 1.7 2015/05/23 08:53:11 bsiegert Exp $
 
 PKG_OPTIONS_VAR=	PKG_OPTIONS.tor
-PKG_SUPPORTED_OPTIONS=	threads doc
+PKG_SUPPORTED_OPTIONS=	doc
 PKG_SUGGESTED_OPTIONS+=	doc
 
-.if !empty(PTHREAD_TYPE:Mnative)
-PKG_SUGGESTED_OPTIONS+=	threads
-.endif
-
 .include "../../mk/bsd.options.mk"
 
 ###
@@ -21,17 +17,3 @@ CONFIGURE_ARGS+=	--enable-asciidoc
 .else
 CONFIGURE_ARGS+=	--disable-asciidoc
 .endif
-
-
-###
-### This enables new code for threaded operation on NetBSD, OpenBSD, etc.
-### I used {PTHREAD,RESOLV}_AUTO_VARS here for consistency's sake, as
-### I don't trust configure scripts to do this properly on all platforms.
-###
-.if !empty(PKG_OPTIONS:Mthreads)
-CONFIGURE_ARGS+=	--enable-threads
-PTHREAD_OPTS+=		require
-PTHREAD_AUTO_VARS=	yes
-.else
-CONFIGURE_ARGS+=	--disable-threads
-.endif