Reviewed-by: Adolf Belka On 19/06/2022 11:41, Peter Müller wrote: > Changes in version 0.4.7.8 - 2022-06-17 > This version fixes several bugfixes including a High severity security issue > categorized as a Denial of Service. Everyone running an earlier version > should upgrade to this version. > > o Major bugfixes (congestion control, TROVE-2022-001): > - Fix a scenario where RTT estimation can become wedged, seriously > degrading congestion control performance on all circuits. This > impacts clients, onion services, and relays, and can be triggered > remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes > bug 40626; bugfix on 0.4.7.5-alpha. > > o Minor features (fallbackdir): > - Regenerate fallback directories generated on June 17, 2022. > > o Minor features (geoip data): > - Update the geoip files to match the IPFire Location Database, as > retrieved on 2022/06/17. > > o Minor bugfixes (linux seccomp2 sandbox): > - Allow the rseq system call in the sandbox. This solves a crash > issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug > 40601; bugfix on 0.3.5.11. > > o Minor bugfixes (logging): > - Demote a harmless warn log message about finding a second hop to > from warn level to info level, if we do not have enough > descriptors yet. Leave it at notice level for other cases. Fixes > bug 40603; bugfix on 0.4.7.1-alpha. > - Demote a notice log message about "Unexpected path length" to info > level. These cases seem to happen arbitrarily, and we likely will > never find all of them before the switch to arti. Fixes bug 40612; > bugfix on 0.4.7.5-alpha. > > o Minor bugfixes (relay, logging): > - Demote a harmless XOFF log message to from notice level to info > level. Fixes bug 40620; bugfix on 0.4.7.5-alpha. > > Signed-off-by: Peter Müller > --- > lfs/tor | 9 +++------ > ...Tor-Sandbox-permit-the-clone3-system-call.patch | 14 -------------- > 2 files changed, 3 insertions(+), 20 deletions(-) > delete mode 100644 src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch > > diff --git a/lfs/tor b/lfs/tor > index e6751fb84..628ed63a2 100644 > --- a/lfs/tor > +++ b/lfs/tor > @@ -26,7 +26,7 @@ include Config > > SUMMARY = Anonymizing overlay network for TCP (The onion router) > > -VER = 0.4.7.7 > +VER = 0.4.7.8 > > THISAPP = tor-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) > DIR_APP = $(DIR_SRC)/$(THISAPP) > TARGET = $(DIR_INFO)/$(THISAPP) > PROG = tor > -PAK_VER = 69 > +PAK_VER = 70 > > DEPS = libseccomp > > @@ -48,7 +48,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_BLAKE2 = 18acfbe017b2ad456184f6031881149717f6fecad0d3e6daf90241a5a8ef296c32a36ace266d38b703f34b66d71e282c803f03f2059502c6ff6f4fdfb6641a97 > +$(DL_FILE)_BLAKE2 = 40f6eab453d95a09e4531ce7cdb59715a21b84e1d0b1045d107add6a443fb7563a5747734b23e0e1dfda6490a5a7659f912e38c11cdb5fa635535dcff6169eeb > > install : $(TARGET) > > @@ -89,9 +89,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > --with-tor-user=tor \ > --with-tor-group=tor > > - # https://bugzilla.ipfire.org/show_bug.cgi?id=12807 > - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch > - > cd $(DIR_APP) && make $(MAKETUNING) > cd $(DIR_APP) && make install > > diff --git a/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch b/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch > deleted file mode 100644 > index 7e819ce73..000000000 > --- a/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch > +++ /dev/null > @@ -1,14 +0,0 @@ > -diff -Naur tor-0.4.6.10.orig/src/lib/sandbox/sandbox.c tor-0.4.6.10/src/lib/sandbox/sandbox.c > ---- tor-0.4.6.10.orig/src/lib/sandbox/sandbox.c 2022-04-09 07:58:00.281189564 +0000 > -+++ tor-0.4.6.10/src/lib/sandbox/sandbox.c 2022-04-09 08:00:55.861698856 +0000 > -@@ -151,6 +151,10 @@ > - SCMP_SYS(clock_gettime), > - SCMP_SYS(close), > - SCMP_SYS(clone), > -+#ifdef __NR_clone3 > -+ SCMP_SYS(clone3), > -+#endif > -+ SCMP_SYS(rseq), > - SCMP_SYS(dup), > - SCMP_SYS(epoll_create), > - SCMP_SYS(epoll_wait),