[arch-commits] Commit in tor/trunk (PKGBUILD openssl-0.9.8l.patch tor.rc)
Andrea Scarpino
andrea at archlinux.org
Sun Jan 3 11:07:08 UTC 2010
Date: Sunday, January 3, 2010 @ 06:07:08
Author: andrea
Revision: 62137
upgpkg: tor 0.2.1.21-1
upstream release; edited tor.rc to use a graceful shutdown (FS#17291)
Modified:
tor/trunk/PKGBUILD
tor/trunk/tor.rc
Deleted:
tor/trunk/openssl-0.9.8l.patch
----------------------+
PKGBUILD | 14 ++----
openssl-0.9.8l.patch | 99 -------------------------------------------------
tor.rc | 2
3 files changed, 6 insertions(+), 109 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2010-01-03 10:39:56 UTC (rev 62136)
+++ PKGBUILD 2010-01-03 11:07:08 UTC (rev 62137)
@@ -3,8 +3,8 @@
# Contributor: simo <simo at archlinux.org>
pkgname=tor
-pkgver=0.2.1.20
-pkgrel=2
+pkgver=0.2.1.21
+pkgrel=1
pkgdesc="Anonymizing overlay network"
arch=('i686' 'x86_64')
url="http://www.torproject.org/"
@@ -14,18 +14,14 @@
install=tor.install
source=(http://www.torproject.org/dist/tor-${pkgver}.tar.gz
'tor.conf'
- 'tor.rc'
- 'openssl-0.9.8l.patch')
-md5sums=('0d62ee2332fdd95de43debac7435df19'
+ 'tor.rc')
+md5sums=('54f7a801d824cd9c13ce672d483926d6'
'56c75d4e8a66f34167d31e38c43793dd'
- '4e39d56f462fc9f59e91715ac1b994c0'
- 'b508b4d7ca39e19ba6f4f896d94464aa')
+ '23348b8e3b38c6ed2a45b4be42a7de8e')
build() {
cd ${srcdir}/${pkgname}-${pkgver}
- patch -Np1 -i ${srcdir}/openssl-0.9.8l.patch || return 1
-
./configure --prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var || return 1
Deleted: openssl-0.9.8l.patch
===================================================================
--- openssl-0.9.8l.patch 2010-01-03 10:39:56 UTC (rev 62136)
+++ openssl-0.9.8l.patch 2010-01-03 11:07:08 UTC (rev 62137)
@@ -1,99 +0,0 @@
-# This patch makes TOR work with openssl 0.9.8l, which
-# fixed a security issue.
-#
-# Patch taken from the upstream SVN:
-# http://archives.seul.org/or/cvs/Nov-2009/msg00029.html
-#
-diff --git a/src/common/tortls.c b/src/common/tortls.c
-index c6b11e9..bcc6780 100644
---- a/src/common/tortls.c
-+++ b/src/common/tortls.c
-@@ -154,6 +154,7 @@ static X509* tor_tls_create_certificate(crypto_pk_env_t *rsa,
- const char *cname,
- const char *cname_sign,
- unsigned int lifetime);
-+static void tor_tls_unblock_renegotiation(tor_tls_t *tls);
-
- /** Global tls context. We keep it here because nobody else needs to
- * touch it. */
-@@ -904,6 +905,36 @@ tor_tls_set_renegotiate_callback(tor_tls_t *tls,
- #endif
- }
-
-+/** If this version of openssl requires it, turn on renegotiation on
-+ * <b>tls</b>. (Our protocol never requires this for security, but it's nice
-+ * to use belt-and-suspenders here.)
-+ */
-+static void
-+tor_tls_unblock_renegotiation(tor_tls_t *tls)
-+{
-+#ifdef SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
-+ /* Yes, we know what we are doing here. No, we do not treat a renegotiation
-+ * as authenticating any earlier-received data. */
-+ tls->ssl->s3->flags |= SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
-+#else
-+ (void)tls;
-+#endif
-+}
-+
-+/** If this version of openssl supports it, turn off renegotiation on
-+ * <b>tls</b>. (Our protocol never requires this for security, but it's nice
-+ * to use belt-and-suspenders here.)
-+ */
-+void
-+tor_tls_block_renegotiation(tor_tls_t *tls)
-+{
-+#ifdef SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
-+ tls->ssl->s3->flags &= ~SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
-+#else
-+ (void)tls;
-+#endif
-+}
-+
- /** Return whether this tls initiated the connect (client) or
- * received it (server). */
- int
-@@ -1026,6 +1057,9 @@ tor_tls_handshake(tor_tls_t *tls)
- } else {
- r = SSL_connect(tls->ssl);
- }
-+ /* We need to call this here and not earlier, since OpenSSL has a penchant
-+ * for clearing its flags when you say accept or connect. */
-+ tor_tls_unblock_renegotiation(tls);
- r = tor_tls_get_error(tls,r,0, "handshaking", LOG_INFO);
- if (ERR_peek_error() != 0) {
- tls_log_errors(tls, tls->isServer ? LOG_INFO : LOG_WARN,
-diff --git a/src/common/tortls.h b/src/common/tortls.h
-index d006909..871fec3 100644
---- a/src/common/tortls.h
-+++ b/src/common/tortls.h
-@@ -65,6 +65,7 @@ int tor_tls_read(tor_tls_t *tls, char *cp, size_t len);
- int tor_tls_write(tor_tls_t *tls, const char *cp, size_t n);
- int tor_tls_handshake(tor_tls_t *tls);
- int tor_tls_renegotiate(tor_tls_t *tls);
-+void tor_tls_block_renegotiation(tor_tls_t *tls);
- int tor_tls_shutdown(tor_tls_t *tls);
- int tor_tls_get_pending_bytes(tor_tls_t *tls);
- size_t tor_tls_get_forced_write_size(tor_tls_t *tls);
-diff --git a/src/or/connection_or.c b/src/or/connection_or.c
-index b4e8092..2a52b3f 100644
---- a/src/or/connection_or.c
-+++ b/src/or/connection_or.c
-@@ -844,6 +844,7 @@ connection_or_tls_renegotiated_cb(tor_tls_t *tls, void *_conn)
-
- /* Don't invoke this again. */
- tor_tls_set_renegotiate_callback(tls, NULL, NULL);
-+ tor_tls_block_renegotiation(tls);
-
- if (connection_tls_finish_handshake(conn) < 0) {
- /* XXXX_TLS double-check that it's ok to do this from inside read. */
-@@ -1087,6 +1088,7 @@ connection_tls_finish_handshake(or_connection_t *conn)
- connection_or_init_conn_from_address(conn, &conn->_base.addr,
- conn->_base.port, digest_rcvd, 0);
- }
-+ tor_tls_block_renegotiation(conn->tls);
- return connection_or_set_state_open(conn);
- } else {
- conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING;
---
-1.5.6.5
Modified: tor.rc
===================================================================
--- tor.rc 2010-01-03 10:39:56 UTC (rev 62136)
+++ tor.rc 2010-01-03 11:07:08 UTC (rev 62137)
@@ -17,7 +17,7 @@
;;
stop)
stat_busy "Stopping Tor Daemon"
- [ ! -z "$PID" ] && kill $PID &> /dev/null
+ [ ! -z "$PID" ] && kill -INT $PID &> /dev/null
if [ $? -gt 0 ]; then
stat_fail
else
More information about the arch-commits
mailing list