From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] Tor: Update to 0.4.7.8
Date: Sun, 19 Jun 2022 12:41:30 +0200 [thread overview]
Message-ID: <913b4acf-e70c-11af-09cb-5b7e6dd9ec05@ipfire.org> (raw)
In-Reply-To: <7dbe8e5f-2edc-d79f-39c1-54acdb0d3945@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 4609 bytes --]
Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>
On 19/06/2022 11:41, Peter Müller wrote:
> Changes in version 0.4.7.8 - 2022-06-17
> This version fixes several bugfixes including a High severity security issue
> categorized as a Denial of Service. Everyone running an earlier version
> should upgrade to this version.
>
> o Major bugfixes (congestion control, TROVE-2022-001):
> - Fix a scenario where RTT estimation can become wedged, seriously
> degrading congestion control performance on all circuits. This
> impacts clients, onion services, and relays, and can be triggered
> remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes
> bug 40626; bugfix on 0.4.7.5-alpha.
>
> o Minor features (fallbackdir):
> - Regenerate fallback directories generated on June 17, 2022.
>
> o Minor features (geoip data):
> - Update the geoip files to match the IPFire Location Database, as
> retrieved on 2022/06/17.
>
> o Minor bugfixes (linux seccomp2 sandbox):
> - Allow the rseq system call in the sandbox. This solves a crash
> issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
> 40601; bugfix on 0.3.5.11.
>
> o Minor bugfixes (logging):
> - Demote a harmless warn log message about finding a second hop to
> from warn level to info level, if we do not have enough
> descriptors yet. Leave it at notice level for other cases. Fixes
> bug 40603; bugfix on 0.4.7.1-alpha.
> - Demote a notice log message about "Unexpected path length" to info
> level. These cases seem to happen arbitrarily, and we likely will
> never find all of them before the switch to arti. Fixes bug 40612;
> bugfix on 0.4.7.5-alpha.
>
> o Minor bugfixes (relay, logging):
> - Demote a harmless XOFF log message to from notice level to info
> level. Fixes bug 40620; bugfix on 0.4.7.5-alpha.
>
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> lfs/tor | 9 +++------
> ...Tor-Sandbox-permit-the-clone3-system-call.patch | 14 --------------
> 2 files changed, 3 insertions(+), 20 deletions(-)
> delete mode 100644 src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch
>
> diff --git a/lfs/tor b/lfs/tor
> index e6751fb84..628ed63a2 100644
> --- a/lfs/tor
> +++ b/lfs/tor
> @@ -26,7 +26,7 @@ include Config
>
> SUMMARY = Anonymizing overlay network for TCP (The onion router)
>
> -VER = 0.4.7.7
> +VER = 0.4.7.8
>
> THISAPP = tor-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
> DIR_APP = $(DIR_SRC)/$(THISAPP)
> TARGET = $(DIR_INFO)/$(THISAPP)
> PROG = tor
> -PAK_VER = 69
> +PAK_VER = 70
>
> DEPS = libseccomp
>
> @@ -48,7 +48,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 = 18acfbe017b2ad456184f6031881149717f6fecad0d3e6daf90241a5a8ef296c32a36ace266d38b703f34b66d71e282c803f03f2059502c6ff6f4fdfb6641a97
> +$(DL_FILE)_BLAKE2 = 40f6eab453d95a09e4531ce7cdb59715a21b84e1d0b1045d107add6a443fb7563a5747734b23e0e1dfda6490a5a7659f912e38c11cdb5fa635535dcff6169eeb
>
> install : $(TARGET)
>
> @@ -89,9 +89,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> --with-tor-user=tor \
> --with-tor-group=tor
>
> - # https://bugzilla.ipfire.org/show_bug.cgi?id=12807
> - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch
> -
> cd $(DIR_APP) && make $(MAKETUNING)
> cd $(DIR_APP) && make install
>
> diff --git a/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch b/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch
> deleted file mode 100644
> index 7e819ce73..000000000
> --- a/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch
> +++ /dev/null
> @@ -1,14 +0,0 @@
> -diff -Naur tor-0.4.6.10.orig/src/lib/sandbox/sandbox.c tor-0.4.6.10/src/lib/sandbox/sandbox.c
> ---- tor-0.4.6.10.orig/src/lib/sandbox/sandbox.c 2022-04-09 07:58:00.281189564 +0000
> -+++ tor-0.4.6.10/src/lib/sandbox/sandbox.c 2022-04-09 08:00:55.861698856 +0000
> -@@ -151,6 +151,10 @@
> - SCMP_SYS(clock_gettime),
> - SCMP_SYS(close),
> - SCMP_SYS(clone),
> -+#ifdef __NR_clone3
> -+ SCMP_SYS(clone3),
> -+#endif
> -+ SCMP_SYS(rseq),
> - SCMP_SYS(dup),
> - SCMP_SYS(epoll_create),
> - SCMP_SYS(epoll_wait),
prev parent reply other threads:[~2022-06-19 10:41 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-19 9:41 Peter Müller
2022-06-19 10:41 ` Adolf Belka [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=913b4acf-e70c-11af-09cb-5b7e6dd9ec05@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox