Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tor for openSUSE:Factory checked in at 2026-05-08 16:48:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tor (Old) and /work/SRC/openSUSE:Factory/.tor.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tor" Fri May 8 16:48:13 2026 rev:133 rq:1352013 version:0.4.9.8 Changes: -------- --- /work/SRC/openSUSE:Factory/tor/tor.changes 2026-04-19 18:17:04.742303663 +0200 +++ /work/SRC/openSUSE:Factory/.tor.new.1966/tor.changes 2026-05-08 16:48:33.441111533 +0200 @@ -1,0 +2,17 @@ +Fri May 8 08:47:41 UTC 2026 - Bernhard Wiedemann <[email protected]> + +- Update to 0.4.9.8 + * Fix out-of-bounds read (boo#1264341, CVE-2026-44597, TROVE-2026-011) + * Do not attempt or accept BEGIN_DIR via conflux legs + (boo#1264342, CVE-2026-44599,TROVE-2026-008) + * Adjust conflux out-of-order queue accounting when clearing a queue + (boo#1264343, CVE-2026-44600, TROVE-2026-010) + * Fix a client-side crash caused by double-close of a circuit while + under circuit queue memory pressure + (boo#1264344, CVE-2026-44601, TROVE-2026-009) + * Fix null pointer dereference when receiving a CERT cell out of + order (boo#1264345, CVE-2026-44602, TROVE-2026-006) + * Fix off-by-one out-of-bounds read if a malformed BEGIN cell is + received (boo#1264346, CVE-2026-44603, TROVE-2026-007) + +------------------------------------------------------------------- Old: ---- tor-0.4.9.6.tar.gz tor-0.4.9.6.tar.gz.sha256sum tor-0.4.9.6.tar.gz.sha256sum.asc New: ---- tor-0.4.9.8.tar.gz tor-0.4.9.8.tar.gz.sha256sum tor-0.4.9.8.tar.gz.sha256sum.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tor.spec ++++++ --- /var/tmp/diff_new_pack.Lx2ZeF/_old 2026-05-08 16:48:34.229144189 +0200 +++ /var/tmp/diff_new_pack.Lx2ZeF/_new 2026-05-08 16:48:34.229144189 +0200 @@ -21,7 +21,7 @@ %define torgroup %{name} %define home_dir %{_localstatedir}/lib/empty Name: tor -Version: 0.4.9.6 +Version: 0.4.9.8 Release: 0 Summary: Anonymizing overlay network for TCP (The onion router) License: BSD-3-Clause ++++++ tor-0.4.9.6.tar.gz -> tor-0.4.9.8.tar.gz ++++++ /work/SRC/openSUSE:Factory/tor/tor-0.4.9.6.tar.gz /work/SRC/openSUSE:Factory/.tor.new.1966/tor-0.4.9.8.tar.gz differ: char 13, line 1 ++++++ tor-0.4.9.6.tar.gz.sha256sum -> tor-0.4.9.8.tar.gz.sha256sum ++++++ --- /work/SRC/openSUSE:Factory/tor/tor-0.4.9.6.tar.gz.sha256sum 2026-04-19 18:17:04.726303012 +0200 +++ /work/SRC/openSUSE:Factory/.tor.new.1966/tor-0.4.9.8.tar.gz.sha256sum 2026-05-08 16:48:33.425110869 +0200 @@ -1 +1 @@ -a89aba97052e9963a654b40df2d46be07e8a6b6e24e5437917fd81acd90a7017 tor-0.4.9.6.tar.gz +ac1f394e2dd2ab0877d27d928fd0d9e86662fe3ca6afdffb9fd9b6f0f96d05de tor-0.4.9.8.tar.gz
