Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tor for openSUSE:Factory checked in at 2026-04-19 18:17:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tor (Old) and /work/SRC/openSUSE:Factory/.tor.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tor" Sun Apr 19 18:17:03 2026 rev:132 rq:1348032 version:0.4.9.6 Changes: -------- --- /work/SRC/openSUSE:Factory/tor/tor.changes 2026-01-05 14:57:46.693798056 +0100 +++ /work/SRC/openSUSE:Factory/.tor.new.11940/tor.changes 2026-04-19 18:17:04.742303663 +0200 @@ -1,0 +2,33 @@ +Sun Apr 19 13:22:04 UTC 2026 - Andreas Stieger <[email protected]> + +- upate to 0.4.9.5: + * first stable release in the 0.4.9 series + * introduces a new circuit-level encryption design for better + client security + * introduce a more scalable way for large relay operators to + annotate which relays they run so clients can avoid using too + many of them in a single circuit + +------------------------------------------------------------------- +Sun Apr 19 11:43:05 UTC 2026 - Andreas Stieger <[email protected]> + +- update to 0.4.8.23: + * Fix a memory compare using the wrong length. This could lead to + a remote crash when using the conflux subsystem + (TROVE-2026-004, boo#1262302) + * Fix a series of defense in depth security issues found across + the codebase + * Regenerate fallback directories generated on March 25, 2026. + * Update the geoip files to match the IPFire Location Database, + as retrieved on 2026/03/25. +- includes changes from 0.4.8.22: + * Avoid an out-of-bounds read error that could occur with + V1-formatted EXTEND cells + (TROVE-2025-016, boo#1262301) + * Allow old clients to fetch the consensus even if they use + version 0 of the SENDME protocol + * Do not check for compression bombs for buffers smaller than + 5MB (increased from 64 KB) + * Improvements to directory server statistics + +------------------------------------------------------------------- Old: ---- tor-0.4.8.21.tar.gz tor-0.4.8.21.tar.gz.sha256sum tor-0.4.8.21.tar.gz.sha256sum.asc New: ---- tor-0.4.9.6.tar.gz tor-0.4.9.6.tar.gz.sha256sum tor-0.4.9.6.tar.gz.sha256sum.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tor.spec ++++++ --- /var/tmp/diff_new_pack.H3nu7G/_old 2026-04-19 18:17:05.718343435 +0200 +++ /var/tmp/diff_new_pack.H3nu7G/_new 2026-04-19 18:17:05.722343598 +0200 @@ -2,7 +2,7 @@ # spec file for package tor # # Copyright (c) 2026 SUSE LLC and contributors -# Copyright (c) 2025 Andreas Stieger <[email protected]> +# Copyright (c) 2026 Andreas Stieger <[email protected]> # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ %define torgroup %{name} %define home_dir %{_localstatedir}/lib/empty Name: tor -Version: 0.4.8.21 +Version: 0.4.9.6 Release: 0 Summary: Anonymizing overlay network for TCP (The onion router) License: BSD-3-Clause @@ -37,6 +37,7 @@ Source101: https://www.torproject.org/dist/%{name}-%{version}.tar.gz.sha256sum.asc Patch0: tor-0.2.5.x-logrotate.patch Patch1: fix-test.patch +BuildRequires: libscrypt-devel BuildRequires: openssl-devel >= 1.0.1 BuildRequires: pkgconfig >= 0.9.0 BuildRequires: pwdutils @@ -55,7 +56,6 @@ Provides: group(%{torgroup}) Provides: user(%{toruser}) %systemd_ordering -BuildRequires: libscrypt-devel %description Tor is a connection-based low-latency anonymous communication system. ++++++ tor-0.4.8.21.tar.gz -> tor-0.4.9.6.tar.gz ++++++ /work/SRC/openSUSE:Factory/tor/tor-0.4.8.21.tar.gz /work/SRC/openSUSE:Factory/.tor.new.11940/tor-0.4.9.6.tar.gz differ: char 12, line 1 ++++++ tor-0.4.8.21.tar.gz.sha256sum -> tor-0.4.9.6.tar.gz.sha256sum ++++++ --- /work/SRC/openSUSE:Factory/tor/tor-0.4.8.21.tar.gz.sha256sum 2026-01-05 14:57:46.617794898 +0100 +++ /work/SRC/openSUSE:Factory/.tor.new.11940/tor-0.4.9.6.tar.gz.sha256sum 2026-04-19 18:17:04.726303012 +0200 @@ -1 +1 @@ -eaf6f5b73091b95576945eade98816ddff7cd005befe4d94718a6f766b840903 tor-0.4.8.21.tar.gz +a89aba97052e9963a654b40df2d46be07e8a6b6e24e5437917fd81acd90a7017 tor-0.4.9.6.tar.gz
