From unknown Sat Aug 16 14:31:01 2025
X-Loop: help-debbugs@gnu.org
Subject: [bug#67115] [PATCH] gnu: tor: Update to 0.4.8.9 [security fixes].
Resent-From: =?UTF-8?Q?Andr=C3=A9?= Batista <nandre@riseup.net>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Sat, 11 Nov 2023 22:22:02 +0000
Resent-Message-ID: <handler.67115.B.16997413154056@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 67115
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 67115@debbugs.gnu.org
Cc: =?UTF-8?Q?Andr=C3=A9?= Batista <nandre@riseup.net>
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.16997413154056
          (code B ref -1); Sat, 11 Nov 2023 22:22:02 +0000
Received: (at submit) by debbugs.gnu.org; 11 Nov 2023 22:21:55 +0000
Received: from localhost ([127.0.0.1]:54527 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1r1wMV-00013M-4g
	for submit@debbugs.gnu.org; Sat, 11 Nov 2023 17:21:55 -0500
Received: from lists.gnu.org ([2001:470:142::17]:34640)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <nandre@riseup.net>) id 1r1wMS-000136-RL
 for submit@debbugs.gnu.org; Sat, 11 Nov 2023 17:21:54 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <nandre@riseup.net>) id 1r1wLi-0002i6-TB
 for guix-patches@gnu.org; Sat, 11 Nov 2023 17:21:06 -0500
Received: from mx0.riseup.net ([198.252.153.6])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <nandre@riseup.net>) id 1r1wLV-0004k9-Te
 for guix-patches@gnu.org; Sat, 11 Nov 2023 17:21:06 -0500
Received: from fews02-sea.riseup.net (fews02-sea-pn.riseup.net [10.0.1.112])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by mx0.riseup.net (Postfix) with ESMTPS id 4SSVWl29y5z9sCs
 for <guix-patches@gnu.org>; Sat, 11 Nov 2023 22:20:51 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1699741251; bh=VlidgrpidWd32IhgiFp2qpOe72eOUVENqRQElElwxpg=;
 h=From:To:Cc:Subject:Date:From;
 b=fi3AdbwG1WS3WZfZNzSk17YnwzebJ5L+UQANAXLfB8pZOJ6beokOdLqwYR59iP+XI
 9MPSFTN0ZBXTE7dvjdST+anxGPZ5iQKQj38KD7fVcAGro9nnnzha9dv47zv8m4jLdO
 txwdpziY/Dsm52FhCX8GL44fTXn57o39N98o2PYY=
X-Riseup-User-ID: 156CD22B99D4A7366573C14956F12991A96E5ACEA7F537DBD13CC1C5DEF3E4E9
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by fews02-sea.riseup.net (Postfix) with ESMTPSA id 4SSVWk2MHvzFtVk;
 Sat, 11 Nov 2023 22:20:50 +0000 (UTC)
From: =?UTF-8?Q?Andr=C3=A9?= Batista <nandre@riseup.net>
Date: Sat, 11 Nov 2023 19:20:41 -0300
Message-ID: <20231111222041.5600-1-nandre@riseup.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=198.252.153.6; envelope-from=nandre@riseup.net;
 helo=mx0.riseup.net
X-Spam_score_int: -16
X-Spam_score: -1.7
X-Spam_bar: -
X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1,
 DKIM_SIGNED=0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* gnu/packages/tor.scm (tor): Update to 0.4.8.9.

This release fixes two high severity security vulnerabilities.
The first one affects client connections to Guard relays and the
other one affects Onion Services (TROVE-2023-006).

See https://gitlab.torproject.org/tpo/core/tor/-/issues/40876 and
https://gitlab.torproject.org/tpo/core/tor/-/issues/40883
---
 gnu/packages/tor.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 71f32b3f43..d4bf27a790 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -63,14 +63,14 @@ (define-module (gnu packages tor)
 (define-public tor
   (package
     (name "tor")
-    (version "0.4.8.8")
+    (version "0.4.8.9")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://dist.torproject.org/tor-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "0140d0zcjxi4vijvr2gk3kmnd4xa80sjj9kdcc2gzazyr84fkfr1"))))
+               "0rfgn88izn74nh6gy42ggwmiicnylp73skrlwm61n4znj247vfsr"))))
     (build-system gnu-build-system)
     (arguments
      (list #:configure-flags

base-commit: 3f83dc5587573f173b1f61864c9b510f05de84b1
-- 
2.41.0





From unknown Sat Aug 16 14:31:01 2025
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
X-Loop: help-debbugs@gnu.org
From: help-debbugs@gnu.org (GNU bug Tracking System)
To: =?UTF-8?Q?Andr=C3=A9?= Batista <nandre@riseup.net>
Subject: bug#67115: closed (Re: [bug#67115] [PATCH] gnu: tor: Update to
 0.4.8.9 [security fixes].)
Message-ID: <handler.67115.D67115.170006914526018.notifdone@debbugs.gnu.org>
References: <874jhn7wtt.fsf@gnu.org> <20231111222041.5600-1-nandre@riseup.net>
X-Gnu-PR-Message: they-closed 67115
X-Gnu-PR-Package: guix-patches
X-Gnu-PR-Keywords: patch
Reply-To: 67115@debbugs.gnu.org
Date: Wed, 15 Nov 2023 17:26:02 +0000
Content-Type: multipart/mixed; boundary="----------=_1700069162-26064-1"

This is a multi-part message in MIME format...

------------=_1700069162-26064-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Your bug report

#67115: [PATCH] gnu: tor: Update to 0.4.8.9 [security fixes].

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 67115@debbugs.gnu.org.

--=20
67115: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D67115
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

------------=_1700069162-26064-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 67115-done) by debbugs.gnu.org; 15 Nov 2023 17:25:45 +0000
Received: from localhost ([127.0.0.1]:53533 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1r3Je4-0006la-Ea
	for submit@debbugs.gnu.org; Wed, 15 Nov 2023 12:25:44 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:34242)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1r3Je1-0006lN-9D
 for 67115-done@debbugs.gnu.org; Wed, 15 Nov 2023 12:25:42 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1r3Jdw-0005W1-Nv; Wed, 15 Nov 2023 12:25:36 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=kNexGpgH0lQ7Ypgx3ezIgVwV58QnbXRZx6DDRJQkGz0=; b=XSjOk3IKr+wwZI5lmly6
 z+SiHbW79JvF65LGAPRCpDkeZmX7kU0aKp93K56jzMsARzL9O5xcy7gUYUPHg+AgFVFMOsY00/erJ
 tBbkOQbst5VFEcri0Imr1GbCh1lkT5qWBMZ6lG/rSxzF5+oCQriws+jDa/bQunvmBRSwl0yDUuZAa
 VgJ3PUI5qOXXiB8qRxKUB2sm9JgS8WTGMO4fGa55DrmoyBA+C+uGGHt4XrM18S/MVDgBOtULMLE8R
 wD0Fd8XEBmdMf16wcRN7c7b2izXVmONRy0BA9t6g4Id/aKLFqjwoKCCjo8BHUi1gumpu7LooKlg4i
 Puudo9k/xJZNJg==;
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: =?utf-8?Q?Andr=C3=A9?= Batista <nandre@riseup.net>
Subject: Re: [bug#67115] [PATCH] gnu: tor: Update to 0.4.8.9 [security fixes].
In-Reply-To: <20231111222041.5600-1-nandre@riseup.net> (=?utf-8?Q?=22Andr?=
 =?utf-8?Q?=C3=A9?= Batista"'s
 message of "Sat, 11 Nov 2023 19:20:41 -0300")
References: <20231111222041.5600-1-nandre@riseup.net>
Date: Wed, 15 Nov 2023 18:25:34 +0100
Message-ID: <874jhn7wtt.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 67115-done
Cc: 67115-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Andr=C3=A9 Batista <nandre@riseup.net> skribis:

> * gnu/packages/tor.scm (tor): Update to 0.4.8.9.
>
> This release fixes two high severity security vulnerabilities.
> The first one affects client connections to Guard relays and the
> other one affects Onion Services (TROVE-2023-006).
>
> See https://gitlab.torproject.org/tpo/core/tor/-/issues/40876 and
> https://gitlab.torproject.org/tpo/core/tor/-/issues/40883

Applied, thanks!


------------=_1700069162-26064-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by debbugs.gnu.org; 11 Nov 2023 22:21:55 +0000
Received: from localhost ([127.0.0.1]:54527 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1r1wMV-00013M-4g
	for submit@debbugs.gnu.org; Sat, 11 Nov 2023 17:21:55 -0500
Received: from lists.gnu.org ([2001:470:142::17]:34640)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <nandre@riseup.net>) id 1r1wMS-000136-RL
 for submit@debbugs.gnu.org; Sat, 11 Nov 2023 17:21:54 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <nandre@riseup.net>) id 1r1wLi-0002i6-TB
 for guix-patches@gnu.org; Sat, 11 Nov 2023 17:21:06 -0500
Received: from mx0.riseup.net ([198.252.153.6])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <nandre@riseup.net>) id 1r1wLV-0004k9-Te
 for guix-patches@gnu.org; Sat, 11 Nov 2023 17:21:06 -0500
Received: from fews02-sea.riseup.net (fews02-sea-pn.riseup.net [10.0.1.112])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by mx0.riseup.net (Postfix) with ESMTPS id 4SSVWl29y5z9sCs
 for <guix-patches@gnu.org>; Sat, 11 Nov 2023 22:20:51 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1699741251; bh=VlidgrpidWd32IhgiFp2qpOe72eOUVENqRQElElwxpg=;
 h=From:To:Cc:Subject:Date:From;
 b=fi3AdbwG1WS3WZfZNzSk17YnwzebJ5L+UQANAXLfB8pZOJ6beokOdLqwYR59iP+XI
 9MPSFTN0ZBXTE7dvjdST+anxGPZ5iQKQj38KD7fVcAGro9nnnzha9dv47zv8m4jLdO
 txwdpziY/Dsm52FhCX8GL44fTXn57o39N98o2PYY=
X-Riseup-User-ID: 156CD22B99D4A7366573C14956F12991A96E5ACEA7F537DBD13CC1C5DEF3E4E9
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by fews02-sea.riseup.net (Postfix) with ESMTPSA id 4SSVWk2MHvzFtVk;
 Sat, 11 Nov 2023 22:20:50 +0000 (UTC)
From: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
To: guix-patches@gnu.org
Subject: [PATCH] gnu: tor: Update to 0.4.8.9 [security fixes].
Date: Sat, 11 Nov 2023 19:20:41 -0300
Message-ID: <20231111222041.5600-1-nandre@riseup.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=198.252.153.6; envelope-from=nandre@riseup.net;
 helo=mx0.riseup.net
X-Spam_score_int: -16
X-Spam_score: -1.7
X-Spam_bar: -
X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1,
 DKIM_SIGNED=0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: submit
Cc: =?UTF-8?q?Andr=C3=A9=20Batista?= <nandre@riseup.net>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* gnu/packages/tor.scm (tor): Update to 0.4.8.9.

This release fixes two high severity security vulnerabilities.
The first one affects client connections to Guard relays and the
other one affects Onion Services (TROVE-2023-006).

See https://gitlab.torproject.org/tpo/core/tor/-/issues/40876 and
https://gitlab.torproject.org/tpo/core/tor/-/issues/40883
---
 gnu/packages/tor.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/tor.scm b/gnu/packages/tor.scm
index 71f32b3f43..d4bf27a790 100644
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@@ -63,14 +63,14 @@ (define-module (gnu packages tor)
 (define-public tor
   (package
     (name "tor")
-    (version "0.4.8.8")
+    (version "0.4.8.9")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://dist.torproject.org/tor-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "0140d0zcjxi4vijvr2gk3kmnd4xa80sjj9kdcc2gzazyr84fkfr1"))))
+               "0rfgn88izn74nh6gy42ggwmiicnylp73skrlwm61n4znj247vfsr"))))
     (build-system gnu-build-system)
     (arguments
      (list #:configure-flags

base-commit: 3f83dc5587573f173b1f61864c9b510f05de84b1
-- 
2.41.0




------------=_1700069162-26064-1--