diff options
author | Francesco Colista <fcolista@alpinelinux.org> | 2017-10-10 15:24:10 +0000 |
---|---|---|
committer | Francesco Colista <fcolista@alpinelinux.org> | 2017-10-10 15:24:10 +0000 |
commit | 93ed1f72fdd8a9a54799e43f3a85c534c2e7d3f1 (patch) | |
tree | 164bd39977f5c5c5e040f638cecb1b1feb2034d7 | |
parent | ee83a9f5e06113058344dc3cc3160c26a595df6c (diff) |
community/tor: security fix (CVE-2017-0380). Fixes #7989
-rw-r--r-- | community/tor/APKBUILD | 12 | ||||
-rw-r--r-- | community/tor/CVE-2017-0380.patch | 49 |
2 files changed, 58 insertions, 3 deletions
diff --git a/community/tor/APKBUILD b/community/tor/APKBUILD index 4cdd044d42e..0d53fc8d935 100644 --- a/community/tor/APKBUILD +++ b/community/tor/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Christine Dodrill <me@christine.website> pkgname=tor pkgver=0.3.0.8 -pkgrel=0 +pkgrel=1 pkgdesc="Anonymous network connectivity" url="https://www.torproject.org" arch="all" @@ -16,9 +16,14 @@ subpackages="$pkgname-doc" source="https://www.torproject.org/dist/$pkgname-$pkgver.tar.gz tor.initd tor.confd - torrc.sample.patch" + torrc.sample.patch + CVE-2017-0380.patch" builddir="$srcdir/$pkgname-$pkgver" +# secfixes: +# 0.3.0.8-r1: +# - CVE-2017-0380 + build() { cd "$builddir" ./configure \ @@ -52,4 +57,5 @@ package() { sha512sums="93267e51578266f6f6eea57e7fcd7ec5f8fbeb2e880675956724a0b1c1dfe1826945aaba4ca3075b577505d0ce70fd7def2f2a9e06af78f52190e15a7aad2ee1 tor-0.3.0.8.tar.gz 6de4ada16ba58264a247da70343eabd763e992d6b6683977fc1c67b7b4a9731748a7ec9751e869ad4b4ae9c72cf71b2e12dc289bb6e2aee499917f7663f4a735 tor.initd 2b0de119bfdf9eb57e13317b7392190b1b8272c8f96023c71d3fc29215d887e9a3d0ffcef37cdb50b18d34e4b2251f75a739e258e0bb72aabd3339418b22fd67 tor.confd -da386ff7e387312e647f04d360517a1f4cb1efbee36f4a3a6feb89a979bb12fa350fe6dfed49af0cb076ae30bb0c527b5d54127683eaa5aa45d6940dddd89dfb torrc.sample.patch" +da386ff7e387312e647f04d360517a1f4cb1efbee36f4a3a6feb89a979bb12fa350fe6dfed49af0cb076ae30bb0c527b5d54127683eaa5aa45d6940dddd89dfb torrc.sample.patch +c726b4d9b7ea594b688211cd85eaa2e73f288977f5a519b85db607686dd66a09191bf683095470e1c7e0dc6e747c718aa030e808a5d840eedb5afcc55057827b CVE-2017-0380.patch" diff --git a/community/tor/CVE-2017-0380.patch b/community/tor/CVE-2017-0380.patch new file mode 100644 index 00000000000..967771999ce --- /dev/null +++ b/community/tor/CVE-2017-0380.patch @@ -0,0 +1,49 @@ +From 09ea89764a4d3a907808ed7d4fe42abfe64bd486 Mon Sep 17 00:00:00 2001 +From: Nick Mathewson <nickm@torproject.org> +Date: Mon, 18 Sep 2017 09:25:21 -0400 +Subject: [PATCH] Fix log-uninitialized-stack bug in + rend_service_intro_established. + +Fixes bug 23490; bugfix on 0.2.7.2-alpha. + +TROVE-2017-008 +CVE-2017-0380 +--- + changes/trove-2017-008 | 5 +++++ + src/or/rendservice.c | 4 ++-- + 2 files changed, 7 insertions(+), 2 deletions(-) + create mode 100644 changes/trove-2017-008 + +diff --git a/changes/trove-2017-008 b/changes/trove-2017-008 +new file mode 100644 +index 0000000000..4b9c5b0a12 +--- /dev/null ++++ b/changes/trove-2017-008 +@@ -0,0 +1,5 @@ ++ o Major bugfixes (security, hidden services, loggging): ++ - Fix a bug where we could log uninitialized stack when a certain ++ hidden service error occurred while SafeLogging was disabled. ++ Fixes bug #23490; bugfix on 0.2.7.2-alpha. ++ This is also tracked as TROVE-2017-008 and CVE-2017-0380. +diff --git a/src/or/rendservice.c b/src/or/rendservice.c +index fb777ca154..8087e88499 100644 +--- a/src/or/rendservice.c ++++ b/src/or/rendservice.c +@@ -3372,6 +3372,8 @@ rend_service_intro_established(origin_circuit_t *circuit, + (unsigned)circuit->base_.n_circ_id); + goto err; + } ++ base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1, ++ rend_pk_digest, REND_SERVICE_ID_LEN); + /* We've just successfully established a intro circuit to one of our + * introduction point, account for it. */ + intro = find_intro_point(circuit); +@@ -3388,8 +3390,6 @@ rend_service_intro_established(origin_circuit_t *circuit, + service->desc_is_dirty = time(NULL); + circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_S_INTRO); + +- base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1, +- rend_pk_digest, REND_SERVICE_ID_LEN); + log_info(LD_REND, + "Received INTRO_ESTABLISHED cell on circuit %u for service %s", + (unsigned)circuit->base_.n_circ_id, serviceid); |