Hi,
Just one week after 0.4.8.20 (which was committed very quickly, thanks Pascal),
the Tor project released tor-0.4.8.21. This new version "addresses another
medium-severity remote crash and memory DoS vulnerabilities affecting the
Conflux subsystem". [1]
IMHO, it would be worth updating the port on -stable also, since the two latest
releases contain important fixes for relay operators.
That's why I attached patches for both -current and -stable. The patches
themselves are very straightforward, the port is building fine with them and
all tests are passing. I tested this new release only lightly for now, could
not test it extensively yet, but everything seems alright.
Best regards.
--
[1] https://forum.torproject.org/t/stable-release-0-4-8-21/20817
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/tor/Makefile,v
diff -u -p -r1.173 Makefile
--- Makefile 28 Sep 2025 10:04:47 -0000 1.173
+++ Makefile 19 Nov 2025 14:50:37 -0000
@@ -1,6 +1,6 @@
COMMENT= anonymity service using onion routing
-DISTNAME= tor-0.4.8.18
+DISTNAME= tor-0.4.8.21
CATEGORIES= net
HOMEPAGE= https://www.torproject.org/
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/tor/distinfo,v
diff -u -p -r1.138 distinfo
--- distinfo 24 Sep 2025 18:24:58 -0000 1.138
+++ distinfo 19 Nov 2025 14:50:37 -0000
@@ -1,2 +1,2 @@
-SHA256 (tor-0.4.8.18.tar.gz) = SupsEJ1O/06iuvuQWn5rCpZdFP6FYhSwL82QRrTZOvg=
-SIZE (tor-0.4.8.18.tar.gz) = 10139317
+SHA256 (tor-0.4.8.21.tar.gz) = 6vb1tzCRuVV2lF6t6YgW3f980AW+/k2UcYpvdmuECQM=
+SIZE (tor-0.4.8.21.tar.gz) = 10663112
Index: patches/patch-configure_ac
===================================================================
RCS file: /cvs/ports/net/tor/patches/patch-configure_ac,v
diff -u -p -r1.21 patch-configure_ac
--- patches/patch-configure_ac 3 Sep 2025 19:01:39 -0000 1.21
+++ patches/patch-configure_ac 19 Nov 2025 14:50:37 -0000
@@ -13,6 +13,6 @@ Index: configure.ac
-dnl code will work.
-TOR_CHECK_CFLAGS(-fasynchronous-unwind-tables)
-
- dnl ============================================================
- dnl Check for libseccomp
-
+ # From https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html:
+ #
+ # Enable code instrumentation to increase program security by checking that
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/tor/Makefile,v
diff -u -p -r1.174 Makefile
--- Makefile 11 Nov 2025 19:24:37 -0000 1.174
+++ Makefile 19 Nov 2025 14:59:20 -0000
@@ -1,6 +1,6 @@
COMMENT= anonymity service using onion routing
-DISTNAME= tor-0.4.8.20
+DISTNAME= tor-0.4.8.21
CATEGORIES= net
HOMEPAGE= https://www.torproject.org/
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/tor/distinfo,v
diff -u -p -r1.139 distinfo
--- distinfo 11 Nov 2025 19:24:37 -0000 1.139
+++ distinfo 19 Nov 2025 14:59:20 -0000
@@ -1,2 +1,2 @@
-SHA256 (tor-0.4.8.20.tar.gz) = G7IjKM3R7pSGR7/O1XHvp4wS/FBkGHtB1SVAhbUoL6c=
-SIZE (tor-0.4.8.20.tar.gz) = 10662081
+SHA256 (tor-0.4.8.21.tar.gz) = 6vb1tzCRuVV2lF6t6YgW3f980AW+/k2UcYpvdmuECQM=
+SIZE (tor-0.4.8.21.tar.gz) = 10663112
