From patchwork Sat Nov 11 22:20:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Andr=C3=A9_Batista?= X-Patchwork-Id: 56344 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id A17C727BBEA; Sat, 11 Nov 2023 22:21:37 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id EA4ED27BBE9 for ; Sat, 11 Nov 2023 22:21:36 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r1wLz-0002il-UZ; Sat, 11 Nov 2023 17:21:23 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r1wLy-0002iY-96 for guix-patches@gnu.org; Sat, 11 Nov 2023 17:21:22 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1r1wLy-0004sY-0u for guix-patches@gnu.org; Sat, 11 Nov 2023 17:21:22 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1r1wMc-00013j-8w for guix-patches@gnu.org; Sat, 11 Nov 2023 17:22:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#67115] [PATCH] gnu: tor: Update to 0.4.8.9 [security fixes]. Resent-From: =?utf-8?b?QW5kcsOp?= Batista Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 11 Nov 2023 22:22:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 67115 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 67115@debbugs.gnu.org Cc: =?utf-8?b?QW5kcsOp?= Batista X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16997413154056 (code B ref -1); Sat, 11 Nov 2023 22:22:02 +0000 Received: (at submit) by debbugs.gnu.org; 11 Nov 2023 22:21:55 +0000 Received: from localhost ([127.0.0.1]:54527 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r1wMV-00013M-4g for submit@debbugs.gnu.org; Sat, 11 Nov 2023 17:21:55 -0500 Received: from lists.gnu.org ([2001:470:142::17]:34640) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r1wMS-000136-RL for submit@debbugs.gnu.org; Sat, 11 Nov 2023 17:21:54 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r1wLi-0002i6-TB for guix-patches@gnu.org; Sat, 11 Nov 2023 17:21:06 -0500 Received: from mx0.riseup.net ([198.252.153.6]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r1wLV-0004k9-Te for guix-patches@gnu.org; Sat, 11 Nov 2023 17:21:06 -0500 Received: from fews02-sea.riseup.net (fews02-sea-pn.riseup.net [10.0.1.112]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx0.riseup.net (Postfix) with ESMTPS id 4SSVWl29y5z9sCs for ; Sat, 11 Nov 2023 22:20:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1699741251; bh=VlidgrpidWd32IhgiFp2qpOe72eOUVENqRQElElwxpg=; h=From:To:Cc:Subject:Date:From; b=fi3AdbwG1WS3WZfZNzSk17YnwzebJ5L+UQANAXLfB8pZOJ6beokOdLqwYR59iP+XI 9MPSFTN0ZBXTE7dvjdST+anxGPZ5iQKQj38KD7fVcAGro9nnnzha9dv47zv8m4jLdO txwdpziY/Dsm52FhCX8GL44fTXn57o39N98o2PYY= X-Riseup-User-ID: 156CD22B99D4A7366573C14956F12991A96E5ACEA7F537DBD13CC1C5DEF3E4E9 Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews02-sea.riseup.net (Postfix) with ESMTPSA id 4SSVWk2MHvzFtVk; Sat, 11 Nov 2023 22:20:50 +0000 (UTC) From: =?utf-8?b?QW5kcsOp?= Batista Date: Sat, 11 Nov 2023 19:20:41 -0300 Message-ID: <20231111222041.5600-1-nandre@riseup.net> MIME-Version: 1.0 Received-SPF: pass client-ip=198.252.153.6; envelope-from=nandre@riseup.net; helo=mx0.riseup.net X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * gnu/packages/tor.scm (tor): Update to 0.4.8.9. This release fixes two high severity security vulnerabilities. The first one affects client connections to Guard relays and the other one affects Onion Services (TROVE-2023-006). See https://gitlab.torproject.org/tpo/core/tor/-/issues/40876 and https://gitlab.torproject.org/tpo/core/tor/-/issues/40883 --- gnu/packages/tor.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) base-commit: 3f83dc5587573f173b1f61864c9b510f05de84b1 diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm index 71f32b3f43..d4bf27a790 100644 --- a/gnu/packages/tor.scm +++ b/gnu/packages/tor.scm @@ -63,14 +63,14 @@ (define-module (gnu packages tor) (define-public tor (package (name "tor") - (version "0.4.8.8") + (version "0.4.8.9") (source (origin (method url-fetch) (uri (string-append "https://dist.torproject.org/tor-" version ".tar.gz")) (sha256 (base32 - "0140d0zcjxi4vijvr2gk3kmnd4xa80sjj9kdcc2gzazyr84fkfr1")))) + "0rfgn88izn74nh6gy42ggwmiicnylp73skrlwm61n4znj247vfsr")))) (build-system gnu-build-system) (arguments (list #:configure-flags