Hello community, here is the log from the commit of package tor for openSUSE:Factory checked in at 2015-08-28 08:26:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tor (Old) and /work/SRC/openSUSE:Factory/.tor.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tor" Changes: -------- --- /work/SRC/openSUSE:Factory/tor/tor.changes 2015-07-14 17:45:45.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.tor.new/tor.changes 2015-08-28 08:27:13.000000000 +0200 @@ -1,0 +2,7 @@ +Wed Aug 26 20:02:21 UTC 2015 - [email protected] + +- Malformed hostnames in socks5 requests were written to the log + regardless of SafeLogging option (CWE-532) [boo#943362] + add tor-0.2.6.10-malformed-hostname-safe-logging.patch + +------------------------------------------------------------------- New: ---- tor-0.2.6.10-malformed-hostname-safe-logging.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tor.spec ++++++ --- /var/tmp/diff_new_pack.13jrKO/_old 2015-08-28 08:27:14.000000000 +0200 +++ /var/tmp/diff_new_pack.13jrKO/_new 2015-08-28 08:27:14.000000000 +0200 @@ -38,6 +38,7 @@ Source4: tor.tmpfiles Source5: tor.firewall Patch0: tor-0.2.5.x-logrotate.patch +Patch1: tor-0.2.6.10-malformed-hostname-safe-logging.patch BuildRequires: openssl-devel BuildRequires: pwdutils BuildRequires: python-base @@ -92,6 +93,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 %build %configure \ @@ -187,7 +189,7 @@ %files %defattr(-,root,root) %doc LICENSE README ChangeLog doc/HACKING doc/*.html -%doc %{_mandir}/man*/* +%{_mandir}/man*/* %{_bindir}/%{name} %{_bindir}/%{name}ctl %{_bindir}/%{name}ify ++++++ tor-0.2.6.10-malformed-hostname-safe-logging.patch ++++++ >From 19df037e53331ae528b876f225be08f198e0f8b6 Mon Sep 17 00:00:00 2001 From: Andreas Stieger <[email protected]> Date: Mon, 24 Aug 2015 01:04:44 +0200 Subject: Log malformed hostnames in socks5 request respecting SafeLogging diff --git a/changes/malformed-hostname-safe-logging b/changes/malformed-hostname-safe-logging new file mode 100644 index 0000000..9300726 --- /dev/null +++ b/changes/malformed-hostname-safe-logging @@ -0,0 +1,3 @@ + o Minor bugfixes: + - When logging malformed hostnames in socks5 requests, respect + SafeLogging configuration diff --git a/src/or/buffers.c b/src/or/buffers.c index 2d7dd93..85fcbc6 100644 --- a/src/or/buffers.c +++ b/src/or/buffers.c @@ -1842,7 +1842,7 @@ parse_socks(const char *data, size_t datalen, socks_request_t *req, log_warn(LD_PROTOCOL, "Your application (using socks5 to port %d) gave Tor " "a malformed hostname: %s. Rejecting the connection.", - req->port, escaped(req->address)); + req->port, escaped_safe_str_client(req->address)); return -1; } if (log_sockstype) -- cgit v0.10.2
