Index | Thread | Search

From:
Stuart Henderson <stu@spacehopper.org>
Subject:
Re: net/tor-0.4.8.19: major bugfix for relays built with LibreSSL
To:
openbsd@systemfailure.net
Cc:
ports@openbsd.org, Pascal Stumpf <pascal@stumpf.co>
Date:
Wed, 8 Oct 2025 18:25:46 +0100

Download raw body.

Thread 
The workaround committed to tor-0.4.8.19 for this issue is for the
*client side* i.e. the machine running OpenSSL 3.5 which is unable
to connect to those relays running current libressl.

i.e. updating tor on the OpenBSD side in ports would not help.

It is too late to get into 7.8-release packages at this point anyway.

The actual *fix* (as opposed to workaround) will be in libressl on the
server side. There is an initial fix but it is not completely ready yet
so I believe that would most likely be post-release.




On 2025/10/08 16:08, openbsd@systemfailure.net wrote:
> Hello,
> 
> Here's a (very simple) patch for net/tor-0.4.8.19, which was released a few days ago.
> 
> This new version ships with an important bug fix for Tor relays built with LibreSSL. Basically, with the previous release, those relays were unreachable because of a TLS error.
> 
> I could reproduce this bug myself by launching a Tor bridge, and I can confirm this is fixed in 0.4.8.19 (using the latest Tor browser, which is not in ports yet, on different platforms).
> 
> Changelog: https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes
> 
> I know that ports are locked down right now, but IMHO this issue is important enough (basically you cannot run a relay on OpenBSD using the current package) to be worth an update anyway. But I'm not the one making the decision ;-)
> 
> Best regards.

> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/net/tor/Makefile,v
> diff -u -p -r1.173 Makefile
> --- Makefile	28 Sep 2025 10:04:47 -0000	1.173
> +++ Makefile	7 Oct 2025 05:34:16 -0000
> @@ -1,6 +1,6 @@
>  COMMENT=	anonymity service using onion routing
>  
> -DISTNAME=	tor-0.4.8.18
> +DISTNAME=	tor-0.4.8.19
>  CATEGORIES=	net
>  HOMEPAGE=	https://www.torproject.org/
>  
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/net/tor/distinfo,v
> diff -u -p -r1.138 distinfo
> --- distinfo	24 Sep 2025 18:24:58 -0000	1.138
> +++ distinfo	7 Oct 2025 05:34:16 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (tor-0.4.8.18.tar.gz) = SupsEJ1O/06iuvuQWn5rCpZdFP6FYhSwL82QRrTZOvg=
> -SIZE (tor-0.4.8.18.tar.gz) = 10139317
> +SHA256 (tor-0.4.8.19.tar.gz) = PLZJodM7pqZfEJ0iRTTpOq8KbehKWxy0sFS/oGu3T1o=
> +SIZE (tor-0.4.8.19.tar.gz) = 10160196