[PATCH] Tor: Update to 0.4.7.8

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

* [PATCH] Tor: Update to 0.4.7.8
@ 2022-06-19  9:41 Peter Müller
  2022-06-19 10:41 ` Adolf Belka
  0 siblings, 1 reply; 2+ messages in thread
From: Peter Müller @ 2022-06-19  9:41 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 4262 bytes --]

Changes in version 0.4.7.8 - 2022-06-17
  This version fixes several bugfixes including a High severity security issue
  categorized as a Denial of Service. Everyone running an earlier version
  should upgrade to this version.

  o Major bugfixes (congestion control, TROVE-2022-001):
    - Fix a scenario where RTT estimation can become wedged, seriously
      degrading congestion control performance on all circuits. This
      impacts clients, onion services, and relays, and can be triggered
      remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes
      bug 40626; bugfix on 0.4.7.5-alpha.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on June 17, 2022.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2022/06/17.

  o Minor bugfixes (linux seccomp2 sandbox):
    - Allow the rseq system call in the sandbox. This solves a crash
      issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
      40601; bugfix on 0.3.5.11.

  o Minor bugfixes (logging):
    - Demote a harmless warn log message about finding a second hop to
      from warn level to info level, if we do not have enough
      descriptors yet. Leave it at notice level for other cases. Fixes
      bug 40603; bugfix on 0.4.7.1-alpha.
    - Demote a notice log message about "Unexpected path length" to info
      level. These cases seem to happen arbitrarily, and we likely will
      never find all of them before the switch to arti. Fixes bug 40612;
      bugfix on 0.4.7.5-alpha.

  o Minor bugfixes (relay, logging):
    - Demote a harmless XOFF log message to from notice level to info
      level. Fixes bug 40620; bugfix on 0.4.7.5-alpha.

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 lfs/tor                                            |  9 +++------
 ...Tor-Sandbox-permit-the-clone3-system-call.patch | 14 --------------
 2 files changed, 3 insertions(+), 20 deletions(-)
 delete mode 100644 src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch

diff --git a/lfs/tor b/lfs/tor
index e6751fb84..628ed63a2 100644
--- a/lfs/tor
+++ b/lfs/tor
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Anonymizing overlay network for TCP (The onion router)
 
-VER        = 0.4.7.7
+VER        = 0.4.7.8
 
 THISAPP    = tor-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = tor
-PAK_VER    = 69
+PAK_VER    = 70
 
 DEPS       = libseccomp
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 18acfbe017b2ad456184f6031881149717f6fecad0d3e6daf90241a5a8ef296c32a36ace266d38b703f34b66d71e282c803f03f2059502c6ff6f4fdfb6641a97
+$(DL_FILE)_BLAKE2 = 40f6eab453d95a09e4531ce7cdb59715a21b84e1d0b1045d107add6a443fb7563a5747734b23e0e1dfda6490a5a7659f912e38c11cdb5fa635535dcff6169eeb
 
 install : $(TARGET)
 
@@ -89,9 +89,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 			--with-tor-user=tor \
 			--with-tor-group=tor
 
-	# https://bugzilla.ipfire.org/show_bug.cgi?id=12807
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch
-
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
 
diff --git a/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch b/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch
deleted file mode 100644
index 7e819ce73..000000000
--- a/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -Naur tor-0.4.6.10.orig/src/lib/sandbox/sandbox.c tor-0.4.6.10/src/lib/sandbox/sandbox.c
---- tor-0.4.6.10.orig/src/lib/sandbox/sandbox.c	2022-04-09 07:58:00.281189564 +0000
-+++ tor-0.4.6.10/src/lib/sandbox/sandbox.c	2022-04-09 08:00:55.861698856 +0000
-@@ -151,6 +151,10 @@
-     SCMP_SYS(clock_gettime),
-     SCMP_SYS(close),
-     SCMP_SYS(clone),
-+#ifdef __NR_clone3
-+    SCMP_SYS(clone3),
-+#endif
-+    SCMP_SYS(rseq),
-     SCMP_SYS(dup),
-     SCMP_SYS(epoll_create),
-     SCMP_SYS(epoll_wait),
-- 
2.35.3

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] Tor: Update to 0.4.7.8
  2022-06-19  9:41 [PATCH] Tor: Update to 0.4.7.8 Peter Müller
@ 2022-06-19 10:41 ` Adolf Belka
  0 siblings, 0 replies; 2+ messages in thread
From: Adolf Belka @ 2022-06-19 10:41 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 4609 bytes --]

Reviewed-by: Adolf Belka <adolf.belka(a)ipfire.org>

On 19/06/2022 11:41, Peter Müller wrote:
> Changes in version 0.4.7.8 - 2022-06-17
>    This version fixes several bugfixes including a High severity security issue
>    categorized as a Denial of Service. Everyone running an earlier version
>    should upgrade to this version.
>
>    o Major bugfixes (congestion control, TROVE-2022-001):
>      - Fix a scenario where RTT estimation can become wedged, seriously
>        degrading congestion control performance on all circuits. This
>        impacts clients, onion services, and relays, and can be triggered
>        remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes
>        bug 40626; bugfix on 0.4.7.5-alpha.
>
>    o Minor features (fallbackdir):
>      - Regenerate fallback directories generated on June 17, 2022.
>
>    o Minor features (geoip data):
>      - Update the geoip files to match the IPFire Location Database, as
>        retrieved on 2022/06/17.
>
>    o Minor bugfixes (linux seccomp2 sandbox):
>      - Allow the rseq system call in the sandbox. This solves a crash
>        issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
>        40601; bugfix on 0.3.5.11.
>
>    o Minor bugfixes (logging):
>      - Demote a harmless warn log message about finding a second hop to
>        from warn level to info level, if we do not have enough
>        descriptors yet. Leave it at notice level for other cases. Fixes
>        bug 40603; bugfix on 0.4.7.1-alpha.
>      - Demote a notice log message about "Unexpected path length" to info
>        level. These cases seem to happen arbitrarily, and we likely will
>        never find all of them before the switch to arti. Fixes bug 40612;
>        bugfix on 0.4.7.5-alpha.
>
>    o Minor bugfixes (relay, logging):
>      - Demote a harmless XOFF log message to from notice level to info
>        level. Fixes bug 40620; bugfix on 0.4.7.5-alpha.
>
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
>   lfs/tor                                            |  9 +++------
>   ...Tor-Sandbox-permit-the-clone3-system-call.patch | 14 --------------
>   2 files changed, 3 insertions(+), 20 deletions(-)
>   delete mode 100644 src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch
>
> diff --git a/lfs/tor b/lfs/tor
> index e6751fb84..628ed63a2 100644
> --- a/lfs/tor
> +++ b/lfs/tor
> @@ -26,7 +26,7 @@ include Config
>   
>   SUMMARY    = Anonymizing overlay network for TCP (The onion router)
>   
> -VER        = 0.4.7.7
> +VER        = 0.4.7.8
>   
>   THISAPP    = tor-$(VER)
>   DL_FILE    = $(THISAPP).tar.gz
> @@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
>   DIR_APP    = $(DIR_SRC)/$(THISAPP)
>   TARGET     = $(DIR_INFO)/$(THISAPP)
>   PROG       = tor
> -PAK_VER    = 69
> +PAK_VER    = 70
>   
>   DEPS       = libseccomp
>   
> @@ -48,7 +48,7 @@ objects = $(DL_FILE)
>   
>   $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>   
> -$(DL_FILE)_BLAKE2 = 18acfbe017b2ad456184f6031881149717f6fecad0d3e6daf90241a5a8ef296c32a36ace266d38b703f34b66d71e282c803f03f2059502c6ff6f4fdfb6641a97
> +$(DL_FILE)_BLAKE2 = 40f6eab453d95a09e4531ce7cdb59715a21b84e1d0b1045d107add6a443fb7563a5747734b23e0e1dfda6490a5a7659f912e38c11cdb5fa635535dcff6169eeb
>   
>   install : $(TARGET)
>   
> @@ -89,9 +89,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>   			--with-tor-user=tor \
>   			--with-tor-group=tor
>   
> -	# https://bugzilla.ipfire.org/show_bug.cgi?id=12807
> -	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch
> -
>   	cd $(DIR_APP) && make $(MAKETUNING)
>   	cd $(DIR_APP) && make install
>   
> diff --git a/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch b/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch
> deleted file mode 100644
> index 7e819ce73..000000000
> --- a/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch
> +++ /dev/null
> @@ -1,14 +0,0 @@
> -diff -Naur tor-0.4.6.10.orig/src/lib/sandbox/sandbox.c tor-0.4.6.10/src/lib/sandbox/sandbox.c
> ---- tor-0.4.6.10.orig/src/lib/sandbox/sandbox.c	2022-04-09 07:58:00.281189564 +0000
> -+++ tor-0.4.6.10/src/lib/sandbox/sandbox.c	2022-04-09 08:00:55.861698856 +0000
> -@@ -151,6 +151,10 @@
> -     SCMP_SYS(clock_gettime),
> -     SCMP_SYS(close),
> -     SCMP_SYS(clone),
> -+#ifdef __NR_clone3
> -+    SCMP_SYS(clone3),
> -+#endif
> -+    SCMP_SYS(rseq),
> -     SCMP_SYS(dup),
> -     SCMP_SYS(epoll_create),
> -     SCMP_SYS(epoll_wait),

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2022-06-19 10:41 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-19  9:41 [PATCH] Tor: Update to 0.4.7.8 Peter Müller
2022-06-19 10:41 ` Adolf Belka

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox