The patch enables the configure of the port to detect LibreSSL as a valid OpenSSL
Reported by: Philip Jocks <pj@netzkommune.de>
Reviewed by: brnrd, zeising (maintainer)
Approved by: zeising (maintainer)
Sponsored by: Netzkommune GmbH
Differential Revision: https://reviews.freebsd.org/D13421
This is an important update for relays running earlier versions of 0.3.2.x.
Changes in version 0.3.2.8-rc - 2017-12-21
Tor 0.3.2.8-rc fixes a pair of bugs in the KIST and KISTLite
schedulers that had led servers under heavy load to overload their
outgoing connections. All relay operators running earlier 0.3.2.x
versions should upgrade. This version also includes a mitigation for
over-full DESTROY queues leading to out-of-memory conditions: if it
works, we will soon backport it to earlier release series.
This is the second release candidate in the 0.3.2 series. If we find
no new bugs or regression here, then the first stable 0.3.2 release
will be nearly identical to this.
o Major bugfixes (KIST, scheduler):
- The KIST scheduler did not correctly account for data already
enqueued in each connection's send socket buffer, particularly in
cases when the TCP/IP congestion window was reduced between
scheduler calls. This situation lead to excessive per-connection
buffering in the kernel, and a potential memory DoS. Fixes bug
24665; bugfix on 0.3.2.1-alpha.
o Minor features (geoip):
- Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2
Country database.
o Minor bugfixes (hidden service v3):
- Bump hsdir_spread_store parameter from 3 to 4 in order to increase
the probability of reaching a service for a client missing
microdescriptors. Fixes bug 24425; bugfix on 0.3.2.1-alpha.
o Minor bugfixes (memory usage):
- When queuing DESTROY cells on a channel, only queue the circuit-id
and reason fields: not the entire 514-byte cell. This fix should
help mitigate any bugs or attacks that fill up these queues, and
free more RAM for other uses. Fixes bug 24666; bugfix
on 0.2.5.1-alpha.
o Minor bugfixes (scheduler, KIST):
- Use a sane write limit for KISTLite when writing onto a connection
buffer instead of using INT_MAX and shoving as much as it can.
Because the OOM handler cleans up circuit queues, we are better
off at keeping them in that queue instead of the connection's
buffer. Fixes bug 24671; bugfix on 0.3.2.1-alpha.
Reported by: nickm@torproject.org
Approved by: adamw (mentor)
Differential Revision: https://reviews.freebsd.org/D13576
There were some questions about the version. The source code has 1.2 in it,
but it hasn't been tagged on github. So I left it as g20171216.
PR: 224470
Submitted by: Dmitri Goutnik <dg@syrec.org>
Approved by: adamw (mentor)
Differential Revision: https://reviews.freebsd.org/D13563
Currently, only python shebangs (e.g. /bin/python, /usr/local/bin/python,
/usr/bin/env python etc.) are reported by stage Q/A and fixed by
USES=shebangfix. We need to do the same for python[23] as well.
Before the problem was not noticeable since many ports had e.g.
USES=python:2, which added a dependency on python2 metaport, however
that's going to switch to USES=python:2.7, and neither it, nor more
widely used USES=python adds a dependency on metaports, so there's
very high probability that python[23] links are not available.
Approved by: portmgr (mat)
Differential Revision: https://reviews.freebsd.org/D13571
- in general, if we think that the code is not architecture-specific,
and instead just enables x86 assembler by default, those should
use BROKEN rather than IGNORE. This will allow them to be attempted
with TRYBROKEN.
- spell i386 as x86.
- spell asm as assembler.
- pet portlint.
These changes should have no effect on tier-1 builds.
Approved by: portmgr (tier-2 blanket)
