DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 13th November 2020
Prevet Prevet is offline
Package Pilot
 
Join Date: Oct 2017
Posts: 163
Default Does tor-browser get security fixes on OpenBSD stable?

I see they have a security advisory for Firefox which affects tor-browser:
https://www.mozilla.org/en-US/securi...s/mfsa2020-49/

Should we stop using OpenBSD tor-browser until it is updated?

Also should we only use tor-browser if we are running OpenBSD current? I know Chrome and Firefox browser get security updates on OpenBSD stable, but I am not sure if tor-browser does.
Reply With Quote
  #2   (View Single Post)  
Old 14th November 2020
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,193
Default

The OpenBSD Project's CVS repositories have a web server which can answer these questions, at http://cvsweb.openbsd.org/. (You don't need to bookmark it, as a link is available from the Sidebar on the Project's main web page.) This server differs from the OpenBSD Github mirrors, as it tracks CVS tagging history.

Examine the CVS tagging history for ports/www/tor-browser/Makefile.inc here. All -stable tags are of the form OPENBSD_x_y, and all -release tags are of the form OPENBSD_x_y_BASE.

The -stable ports tree is identical to the -release ports tree when there are no -stable patches, so you will see both types of tags for every -release patch. As an example, revision 1.29 on August 26, 2020 was the -release patch, and is tagged both for OPENBSD_6_8 (-stable) and OPENBSD_6_8_BASE (-release).

Look for patches with -stable tags only. These are -stable patches. I can see one for OpenBSD 6.5-stable committed on June 27, 2019, and one for OpenBSD 6.3-stable committed on May 5, 2018.

The most recent patch I can see was committed today, to -current (tagged HEAD, which means no tag at all), to update to tor-browser 10.0.4. If this patch gets applied to the -stable branch, you will see a new patch committed with a tag of OPENBSD_6_8.

---

Normally, I just look at a port Makefile for patching history. But tor-browser is a complex port that includes a detailed Makefile.inc secondary Makefile.
Reply With Quote
  #3   (View Single Post)  
Old 15th November 2020
Prevet Prevet is offline
Package Pilot
 
Join Date: Oct 2017
Posts: 163
Default

Thanks jggimi.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
packages security fixes Martillo OpenBSD Packages and Ports 11 9th July 2015 04:29 PM
OpenBSD Sponsors Work For Better Browser Security e1-531g News 0 2nd March 2015 04:16 PM
Browser Security Certificates shep News 0 10th July 2014 01:36 PM
Browser Security shep OpenBSD Security 4 4th January 2010 02:48 PM
How to Fix Security Issue In OpenBSD 4.1 Stable ? openbsdspirit OpenBSD General 4 21st June 2008 11:33 AM


All times are GMT. The time now is 07:02 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick