mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-06 18:09:44 +03:00
fffc577bd6
Fixes the following securoty issues: - CVE-2017-8819: In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue. - CVE-2017-8820: In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010. - CVE-2017-8821: In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011. - CVE-2017-8822: In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012. - CVE-2017-8823: In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013. For more details, see the release notes: https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
44 lines
1.0 KiB
Makefile
44 lines
1.0 KiB
Makefile
################################################################################
|
|
#
|
|
# tor
|
|
#
|
|
################################################################################
|
|
|
|
TOR_VERSION = 0.2.9.14
|
|
TOR_SITE = https://dist.torproject.org
|
|
TOR_LICENSE = BSD-3c
|
|
TOR_LICENSE_FILES = LICENSE
|
|
TOR_DEPENDENCIES = libevent openssl zlib
|
|
TOR_AUTORECONF = YES
|
|
|
|
TOR_CONF_OPTS = \
|
|
--disable-gcc-hardening \
|
|
--disable-unittests \
|
|
--with-libevent-dir=$(STAGING_DIR)/usr \
|
|
--with-openssl-dir=$(STAGING_DIR)/usr \
|
|
--with-zlib-dir=$(STAGING_DIR)/usr
|
|
|
|
ifeq ($(BR2_STATIC_LIBS),y)
|
|
TOR_CONF_OPTS += \
|
|
--enable-static-libevent \
|
|
--enable-static-openssl \
|
|
--enable-static-tor \
|
|
--enable-static-zlib
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_LIBCAP),y)
|
|
TOR_DEPENDENCIES += libcap
|
|
endif
|
|
|
|
ifeq ($(BR2_arm)$(BR2_armeb)$(BR2_i386)$(BR2_x86_64)$(BR2_PACKAGE_LIBSECCOMP),yy)
|
|
TOR_CONF_OPTS += --enable-seccomp
|
|
TOR_DEPENDENCIES += libseccomp
|
|
else
|
|
TOR_CONF_OPTS += --disable-seccomp
|
|
endif
|
|
|
|
# uses gnu extensions
|
|
TOR_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99'
|
|
|
|
$(eval $(autotools-package))
|