This diff updates tor to the first release of the 0.2.3 series. Please test, especially if you're running a relay.
Upstream now unconditionally enables -fPIE; I've disabled it in the port since we handle this on a per-arch basis, and it would break at least arm. Also, remove now unneeded pthread patch. Index: Makefile =================================================================== RCS file: /cvs/ports/net/tor/Makefile,v retrieving revision 1.60 diff -u -p -r1.60 Makefile --- Makefile 12 Sep 2012 21:09:28 -0000 1.60 +++ Makefile 20 Nov 2012 15:10:20 -0000 @@ -2,7 +2,7 @@ COMMENT= anonymity service using onion routing -DISTNAME= tor-0.2.2.39 +DISTNAME= tor-0.2.3.25 CATEGORIES= net HOMEPAGE= http://www.torproject.org/ @@ -19,7 +19,10 @@ WANTLIB += c crypto event m pthread ssl MASTER_SITES= ${HOMEPAGE}dist/ CONFIGURE_STYLE=gnu -CONFIGURE_ARGS= --with-ssl-dir=/usr +# PIE is already taken care of on a per-arch basis, and we have stack protection +# anyway on FRAME_GROWS_DOWN archs. +CONFIGURE_ARGS= --with-ssl-dir=/usr \ + --disable-gcc-hardening DB_DIR= /var/tor SUBST_VARS+= DB_DIR Index: distinfo =================================================================== RCS file: /cvs/ports/net/tor/distinfo,v retrieving revision 1.54 diff -u -p -r1.54 distinfo --- distinfo 12 Sep 2012 21:09:28 -0000 1.54 +++ distinfo 20 Nov 2012 15:10:20 -0000 @@ -1,2 +1,2 @@ -SHA256 (tor-0.2.2.39.tar.gz) = DQx3jUaX1cW9T3MsoXnCLo41nGNGF8qbZmXjPRhjYio= -SIZE (tor-0.2.2.39.tar.gz) = 2929303 +SHA256 (tor-0.2.3.25.tar.gz) = uy1vETbzPhHTfm40GEFDvxkeWVAWE9rzOuPW948xdqA= +SIZE (tor-0.2.3.25.tar.gz) = 3190011 Index: patches/patch-configure =================================================================== RCS file: patches/patch-configure diff -N patches/patch-configure --- patches/patch-configure 26 May 2012 11:08:44 -0000 1.16 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,25 +0,0 @@ -$OpenBSD: patch-configure,v 1.16 2012/05/26 11:08:44 pascal Exp $ ---- configure.orig Thu May 24 09:34:53 2012 -+++ configure Sat May 26 12:20:11 2012 -@@ -5557,8 +5557,8 @@ for ac_lib in '' nsl; do - if test -z "$ac_lib"; then - ac_res="none required" - else -- ac_res=-l$ac_lib -- LIBS="-l$ac_lib $ac_func_search_save_LIBS" -+ ac_res=-$ac_lib -+ LIBS="-$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_gethostbyname=$ac_res -@@ -5613,8 +5613,8 @@ for ac_lib in '' dl; do - if test -z "$ac_lib"; then - ac_res="none required" - else -- ac_res=-l$ac_lib -- LIBS="-l$ac_lib $ac_func_search_save_LIBS" -+ ac_res=-$ac_lib -+ LIBS="-$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO"; then : - ac_cv_search_dlopen=$ac_res Index: patches/patch-src_config_torrc_sample_in =================================================================== RCS file: /cvs/ports/net/tor/patches/patch-src_config_torrc_sample_in,v retrieving revision 1.11 diff -u -p -r1.11 patch-src_config_torrc_sample_in --- patches/patch-src_config_torrc_sample_in 7 Sep 2011 07:55:41 -0000 1.11 +++ patches/patch-src_config_torrc_sample_in 20 Nov 2012 15:10:20 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-src_config_torrc_sample_in,v 1.11 2011/09/07 07:55:41 jasper Exp $ ---- src/config/torrc.sample.in.orig Sat Aug 27 01:10:59 2011 -+++ src/config/torrc.sample.in Wed Sep 7 09:52:35 2011 -@@ -37,18 +37,18 @@ SocksListenAddress 127.0.0.1 # accept connections only +--- src/config/torrc.sample.in.orig Mon Nov 19 22:24:38 2012 ++++ src/config/torrc.sample.in Tue Nov 20 12:58:58 2012 +@@ -38,18 +38,18 @@ ## Send every possible message to @LOCALSTATEDIR@/log/tor/debug.log #Log debug file @LOCALSTATEDIR@/log/tor/debug.log ## Use the system log instead of Tor's logfiles @@ -23,9 +23,12 @@ $OpenBSD: patch-src_config_torrc_sample_ ## The port on which Tor will listen for local connections from Tor ## controller applications, as documented in control-spec.txt. -@@ -168,3 +168,5 @@ SocksListenAddress 127.0.0.1 # accept connections only - #BridgeRelay 1 - #ExitPolicy reject *:* - +@@ -169,6 +169,8 @@ + ## For security, by default Tor rejects connections to private (local) + ## networks, including to your public IP address. See the man page entry + ## for ExitPolicyRejectPrivate if you want to allow "exit enclaving". +## Revoke privileges +User _tor + ## + #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more + #ExitPolicy accept *:119 # accept nntp as well as default exit policy
