[Tor-BSD] Fwd: FreeBSD port: security/tor

Vinícius Zavam egypcio at googlemail.com
Mon Oct 24 17:12:53 EDT 2016


2016-09-08 12:03 GMT-03:00, George Rosamond <george at ceetonetechnology.com>:
> On 09/07/16 14:12, N.J. Thomas wrote:
>> FYI...
>
> looks like it's in...
>
> 	===>>> New version available: tor-devel-0.2.9.2.a_1
>
> g
>
>>
>> ----- Forwarded message from Thomas Nybergh <thomas at nybergh.net> -----
>>
>> Date: Wed, 7 Sep 2016 12:38:07 +0300
>> From: Thomas Nybergh <thomas at nybergh.net>
>> To: ports at freebsd.org
>> Cc: Yuri <yuri at rawbw.com>
>> Subject: Fwd: FreeBSD port: security/tor
>> List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
>>
>> Hi all!
>>
>> The maintainer of the security/tor port, yuri at rawbw.com, asked me to ping
>> this list about committing a patch to bump Tor to version 0.2.8.7, a
>> critical update.
>>
>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212124
>>
>> Further details in the link below, but suffice to say that this new
>> version
>> of Tor is super important for maintaining the health of the Tor 'bridge'
>> relay infrastructure.
>>
>> 'Bridges' are the secret(ish) entry relays that Tor's most vulnerable
>> users
>> rely on, in despotic countries etc. These special relays can help users
>> sneak into the anonymisation network, if otherwise blocked and/or
>> monitored.
>>
>> https://blog.torproject.org/blog/new-bridge-authority
>>
>> Thanks for all your great work!
>>
>>
>> Short time user, first time caller,
>> --
>> Thomas Nybergh
>> Helsinki, Finland
>>
>>
>>
>> ---------- Forwarded message ----------
>> From: Yuri <yuri at rawbw.com>
>> Date: Wed, Sep 7, 2016 at 2:43 AM
>> Subject: Re: FreeBSD port: security/tor
>> To: Thomas Nybergh <thomas at nybergh.net>
>>
>>
>> On 09/06/2016 15:58, Thomas Nybergh wrote:
>>
>>> I'm a random user of the security/tor port (now at version 0.2.8.6),
>>> of which you're marked as the maintainer in the FreeBSD ports tree.
>>>
>>> I'm contacting you with a reminder about an important update, Tor
>>> 0.2.8.7, which was released a couple of weeks ago. This update is
>>> critical, since it replaces one of the hardcoded values Tor depends
>>> on, the bridge authority.
>>>
>>> https://blog.torproject.org/blog/new-bridge-authority
>>>
>>
>>
>> Hi,
>>
>>
>> Thanks for your concern.
>>
>>
>> Somebody has made a patch updating tor to 0.2.8.7 even before I started
>> on
>> it. I approved it, but it hasn't been committed yet:
>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212124
>>
>>
>> You can write to ports at FreeBSD.org (mailing list) and ask them to commit
>> it.
>>
>>
>> Thanks,
>>
>> Yuri

bump.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203014 tries to
update security/tor-devel. as always, suggestions are pretty welcome.

new idea to handle openssl from base system (default), or compile it
using the one from ports tree. even with openssl{,-devel} installed
from ports, the default should point to base's; this can be changed in
config + modifying make.conf (as warning message recommends).

PS: ugly and *not working* patch available! needs attention.


-- 
Vinícius Zavam
keybase.io/egypcio/key.asc



More information about the Tor-BSD mailing list