update to 0.2.3.25

from the announcement:
Tor 0.2.3.25, the first stable release in the 0.2.3 branch, features
significantly reduced directory overhead (via microdescriptors),
enormous crypto performance improvements for fast relays on new
enough hardware, a new v3 TLS handshake protocol that can better
resist fingerprinting, support for protocol obfuscation plugins (aka
pluggable transports), better scalability for hidden services, IPv6
support for bridges, performance improvements like allowing clients
to skip the first round-trip on the circuit ("optimistic data") and
refilling token buckets more often, a new "stream isolation" design
to isolate different applications on different circuits, and many
stability, security, and privacy fixes.

3 files changed, 16 insertions, 16 deletions

diff --git a/net/tor/Makefile b/net/tor/Makefile
index 2900354dbe4..43be4b76569 100644
--- a/net/tor/Makefile
+++ b/net/tor/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.90 2012/10/23 17:19:14 asau Exp $
+# $NetBSD: Makefile,v 1.91 2012/11/26 19:00:20 drochner Exp $
 #
 
-DISTNAME=		tor-0.2.2.39
+DISTNAME=		tor-0.2.3.25
 CATEGORIES=		net security
 MASTER_SITES=		http://www.torproject.org/dist/
 # MASTER_SITES redirects to https, and ftp(1) cannot handle that.
diff --git a/net/tor/distinfo b/net/tor/distinfo
index 352b3e06af8..7b4774dd1df 100644
--- a/net/tor/distinfo
+++ b/net/tor/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.56 2012/09/13 17:09:01 drochner Exp $
+$NetBSD: distinfo,v 1.57 2012/11/26 19:00:20 drochner Exp $
 
-SHA1 (tor-0.2.2.39.tar.gz) = cc5021a7656c0cd22de42da9f0ce7335026852bf
-RMD160 (tor-0.2.2.39.tar.gz) = 780949054474a99f4a035a7234f8341d3cfbb17f
-Size (tor-0.2.2.39.tar.gz) = 2929303 bytes
-SHA1 (patch-aa) = 5b89228dc37c459c48f24616933a5673a5a0a0d1
+SHA1 (tor-0.2.3.25.tar.gz) = ef02e5b0eb44ab1a5d6108c39bd4e28918de79dc
+RMD160 (tor-0.2.3.25.tar.gz) = d8c90343346bc447191616f86da2591a64100b51
+Size (tor-0.2.3.25.tar.gz) = 3190011 bytes
+SHA1 (patch-aa) = 9f65234c7f1c9ea4eba37aa7287f5496993d2dc1
diff --git a/net/tor/patches/patch-aa b/net/tor/patches/patch-aa
index bfa9c6fbd4f..24160b57e95 100644
--- a/net/tor/patches/patch-aa
+++ b/net/tor/patches/patch-aa
@@ -1,4 +1,4 @@
-$NetBSD: patch-aa,v 1.7 2011/09/06 19:34:01 drochner Exp $
+$NetBSD: patch-aa,v 1.8 2012/11/26 19:00:20 drochner Exp $
 
 From: Taylor R Campbell
 Subject: patch for Tor to workaround OpenSSL renegotiation lossage on 5.1
@@ -20,23 +20,23 @@ put into NetBSD 5.1 (and SSL_OP_ALLOW_UNSAFE_RENEGOTIATION defined in
 ssl.h) so that this patch would be unnecessary.
 [2. text/plain; nbsd51-reneg]
 
---- ./src/common/tortls.c.~1~	2010-05-02 22:02:50.000000000 +0000
-+++ ./src/common/tortls.c	2010-07-30 00:34:00.000000000 +0000
-@@ -356,6 +356,17 @@
+--- src/common/tortls.c.orig	2012-11-19 21:24:54.000000000 +0000
++++ src/common/tortls.c
+@@ -477,6 +477,17 @@ tor_tls_init(void)
       * program should be allowed to use renegotiation unless it first passed
       * a test of intelligence and determination.
       */
 +#ifdef __NetBSD__
 +    /* In NetBSD 5.1, OpenSSL 0.9.9-dev was imported and `fixed' to use
 +       the same scheme as 0.9.8l.  */
-+    if (version == 0x00909000L) {
++    if (version == OPENSSL_V_NOPATCH(0,9,9)) {
 +      log_notice(LD_GENERAL, "OpenSSL %s on NetBSD looks like version 0.9.8l; "
-+                 "I will try SSL3_FLAGS to enable renegotation.",
++                 "I will try SSL3_FLAGS and SSL_OP to enable renegotation.",
 +                 SSLeay_version(SSLEAY_VERSION));
 +      use_unsafe_renegotiation_flag = 1;
 +      use_unsafe_renegotiation_op = 1;
 +    } else
 +#endif
-     if (version >= 0x009080c0L && version < 0x009080d0L) {
-       log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l; "
-                  "I will try SSL3_FLAGS to enable renegotation.",
+     if (version > OPENSSL_V(0,9,8,'k') && version <= OPENSSL_V(0,9,8,'l')) {
+       log_notice(LD_GENERAL, "OpenSSL %s looks like version 0.9.8l, but "
+                  "some vendors have backported renegotiation code from "