[1/1] package/tor: security bump version to 0.4.8.8

Message ID	20231103203039.3042294-1-bernd@kuhls.net
State	Accepted
Headers	show Return-Path: <buildroot-bounces@buildroot.org> From: Bernd Kuhls <bernd@kuhls.net> To: buildroot@buildroot.org Date: Fri, 3 Nov 2023 21:30:39 +0100 Message-Id: <20231103203039.3042294-1-bernd@kuhls.net> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/1] package/tor: security bump version to 0.4.8.8 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" <buildroot-bounces@buildroot.org>
Series	[1/1] package/tor: security bump version to 0.4.8.8 \| expand [1/1] package/tor: security bump version to 0.4.8.8

Message ID

20231103203039.3042294-1-bernd@kuhls.net

State

Accepted

Headers

From: Bernd Kuhls <bernd@kuhls.net>
To: buildroot@buildroot.org
Date: Fri,  3 Nov 2023 21:30:39 +0100
Message-Id: <20231103203039.3042294-1-bernd@kuhls.net>
MIME-Version: 1.0
X-Mailman-Original-Authentication-Results: smtp3.osuosl.org;
 dkim=pass (2048-bit key) header.d=kuhls.net header.i=@kuhls.net
 header.a=rsa-sha256 header.s=kas202306131828 header.b=yA3p6Z7o
Subject: [Buildroot] [PATCH 1/1] package/tor: security bump version to
 0.4.8.8
X-BeenThere: buildroot@buildroot.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.buildroot.org>
List-Unsubscribe: <https://lists.buildroot.org/mailman/options/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=unsubscribe>
List-Archive: <http://lists.buildroot.org/pipermail/buildroot/>
List-Post: <mailto:buildroot@buildroot.org>
List-Help: <mailto:buildroot-request@buildroot.org?subject=help>
List-Subscribe: <https://lists.buildroot.org/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@buildroot.org
Sender: "buildroot" <buildroot-bounces@buildroot.org>

Series

[1/1] package/tor: security bump version to 0.4.8.8 | expand

Commit Message

Bernd Kuhls Nov. 3, 2023, 8:30 p.m. UTC

Release notes:
https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes
https://forum.torproject.org/t/security-release-0-4-7-16-and-0-4-8-8/10064

Fixes TROVE-2023-004.

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
 package/tor/tor.hash | 4 ++--
 package/tor/tor.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

Comments

Yann E. MORIN Nov. 3, 2023, 10:19 p.m. UTC | #1

Bernd, All,

On 2023-11-03 21:30 +0100, Bernd Kuhls spake thusly:
> Release notes:
> https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes
> https://forum.torproject.org/t/security-release-0-4-7-16-and-0-4-8-8/10064
> 
> Fixes TROVE-2023-004.
> 
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

Applied to master, thanks.

Regards,
Yann E. MORIN.

> ---
>  package/tor/tor.hash | 4 ++--
>  package/tor/tor.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/tor/tor.hash b/package/tor/tor.hash
> index 933208fce0..fc128e0fcf 100644
> --- a/package/tor/tor.hash
> +++ b/package/tor/tor.hash
> @@ -1,4 +1,4 @@
> -# From https://dist.torproject.org/tor-0.4.8.7.tar.gz.sha256sum
> -sha256  b20d2b9c74db28a00c07f090ee5b0241b2b684f3afdecccc6b8008931c557491  tor-0.4.8.7.tar.gz
> +# From https://dist.torproject.org/tor-0.4.8.8.tar.gz.sha256sum
> +sha256  21bbe908cafeabff04636d26293540aa9366eb1cf389bc65dc2476c93e688004  tor-0.4.8.8.tar.gz
>  # Locally computed
>  sha256  47b54ed17e8fdcab3c44729a1789a09b208f9a63a845a7e50def9df729eebad0  LICENSE
> diff --git a/package/tor/tor.mk b/package/tor/tor.mk
> index 1b29fd336e..b054bc55bb 100644
> --- a/package/tor/tor.mk
> +++ b/package/tor/tor.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -TOR_VERSION = 0.4.8.7
> +TOR_VERSION = 0.4.8.8
>  TOR_SITE = https://dist.torproject.org
>  TOR_LICENSE = BSD-3-Clause
>  TOR_LICENSE_FILES = LICENSE
> -- 
> 2.39.2
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

Peter Korsgaard Nov. 8, 2023, 8:23 p.m. UTC | #2

>>>>> "Bernd" == Bernd Kuhls <bernd@kuhls.net> writes:

 > Release notes:
 > https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes
 > https://forum.torproject.org/t/security-release-0-4-7-16-and-0-4-8-8/10064

 > Fixes TROVE-2023-004.

.. which is still not public :/

I have instead bumped 2023.02.x and 2023.08.x to 0.4.7.16, which
contains the same fix.

diff --git a/package/tor/tor.hash b/package/tor/tor.hash
index 933208fce0..fc128e0fcf 100644
--- a/package/tor/tor.hash
+++ b/package/tor/tor.hash
@@ -1,4 +1,4 @@ 
-# From https://dist.torproject.org/tor-0.4.8.7.tar.gz.sha256sum
-sha256  b20d2b9c74db28a00c07f090ee5b0241b2b684f3afdecccc6b8008931c557491  tor-0.4.8.7.tar.gz
+# From https://dist.torproject.org/tor-0.4.8.8.tar.gz.sha256sum
+sha256  21bbe908cafeabff04636d26293540aa9366eb1cf389bc65dc2476c93e688004  tor-0.4.8.8.tar.gz
 # Locally computed
 sha256  47b54ed17e8fdcab3c44729a1789a09b208f9a63a845a7e50def9df729eebad0  LICENSE
diff --git a/package/tor/tor.mk b/package/tor/tor.mk
index 1b29fd336e..b054bc55bb 100644
--- a/package/tor/tor.mk
+++ b/package/tor/tor.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-TOR_VERSION = 0.4.8.7
+TOR_VERSION = 0.4.8.8
 TOR_SITE = https://dist.torproject.org
 TOR_LICENSE = BSD-3-Clause
 TOR_LICENSE_FILES = LICENSE

[1/1] package/tor: security bump version to 0.4.8.8

Commit Message

Comments

Patch