Message ID | 4bf8cb9f-ff0e-4b61-90e3-ede6d06b874d@ipfire.org |
---|---|
State | Staged |
Commit | 9446956679a1875597a4d437bbb024afc3010970 |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Sb4Fl0vMNz3wvt for <patchwork@web04.haj.ipfire.org>; Wed, 22 Nov 2023 15:01:31 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Sb4Fd5hJcz2mq; Wed, 22 Nov 2023 15:01:25 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Sb4Fd3RgHz33l1; Wed, 22 Nov 2023 15:01:25 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Sb4Dy13Lzz33l9 for <development@lists.ipfire.org>; Wed, 22 Nov 2023 15:00:50 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Sb4Dj73L0z8X for <development@lists.ipfire.org>; Wed, 22 Nov 2023 15:00:37 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1700665238; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JNnDUdtLO1+lqaUVPMgPpTKinp/CvC7cECFvWS1jOSA=; b=RsYnx9Rf/FJXvKYQaRbCv3h7u1NevCWO8rAEgMdxHg6FmPw8C2yPY9oCiloTN+RupSJB1D G+KS0LRwBhZWL0CQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1700665238; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=JNnDUdtLO1+lqaUVPMgPpTKinp/CvC7cECFvWS1jOSA=; b=dgeOZL1RIkOSUYVxFAJcmwHbD9GD/eMhTdZMPl/FGVFAG3PufxYiseT0rTP0dzJa1/XoZG pLIqTX2hLLz4IkPj6ae56wArjwdNjWGXI7UIbw9El8NfTHkEnG5biTkbOh2KarAaSlQWbg x1cHXObwc6vrUWR0lR29Y9PtLvNZb2rvnsV08dWYIADxF8AO2vtOfL94fTD4R8KCIo9c4D S8qHbdufE3iLe11J7/rXEzFtEgKXfgTPajW/dl6Z+/qz5ela2Qy7VV1YtizlDOWkg99Bk0 eXhr14ANFGRq5ZnEg2jFFG3SmotcSQltIObU8aRII/PztuOulnFI+kZ7D2tm+A== Message-ID: <4bf8cb9f-ff0e-4b61-90e3-ede6d06b874d@ipfire.org> Date: Wed, 22 Nov 2023 15:00:00 +0000 MIME-Version: 1.0 To: "IPFire: Development" <development@lists.ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org> Subject: [PATCH] Tor: Update to 0.4.8.9 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-ID-Hash: OH7ZEJ5HYFOETOASSCDL3CMKPGK5ZZBA X-Message-ID-Hash: OH7ZEJ5HYFOETOASSCDL3CMKPGK5ZZBA X-MailFrom: peter.mueller@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> Archived-At: <> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Owner: <mailto:development-owner@lists.ipfire.org> List-Post: <mailto:development@lists.ipfire.org> List-Subscribe: <mailto:development-join@lists.ipfire.org> List-Unsubscribe: <mailto:development-leave@lists.ipfire.org> |
Series |
Tor: Update to 0.4.8.9
|
|
Commit Message
Peter Müller
Nov. 22, 2023, 3 p.m. UTC
Changes in version 0.4.8.9 - 2023-11-09
This is another security release fixing a high severity bug affecting onion
services which is tracked by TROVE-2023-006. We are also releasing a guard
major bugfix as well. If you are an onion service operator, we strongly
recommend to update as soon as possible.
o Major bugfixes (guard usage):
- When Tor excluded a guard due to temporary circuit restrictions,
it considered *additional* primary guards for potential usage by
that circuit. This could result in more than the specified number
of guards (currently 2) being used, long-term, by the tor client.
This could happen when a Guard was also selected as an Exit node,
but it was exacerbated by the Conflux guard restrictions. Both
instances have been fixed. Fixes bug 40876; bugfix
on 0.3.0.1-alpha.
o Major bugfixes (onion service, TROVE-2023-006):
- Fix a possible hard assert on a NULL pointer when recording a
failed rendezvous circuit on the service side for the MetricsPort.
Fixes bug 40883; bugfix on 0.4.8.1-alpha
o Minor features (fallbackdir):
- Regenerate fallback directories generated on November 09, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/11/09.
Changes in version 0.4.8.8 - 2023-11-03
We are releasing today a fix for a high security issue, TROVE-2023-004, that
is affecting relays. Also a few minor bugfixes detailed below. Please upgrade
as soon as posssible.
o Major bugfixes (TROVE-2023-004, relay):
- Mitigate an issue when Tor compiled with OpenSSL can crash during
handshake with a remote relay. Fixes bug 40874; bugfix
on 0.2.7.2-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on November 03, 2023.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/11/03.
o Minor bugfixes (directory authority):
- Look at the network parameter "maxunmeasuredbw" with the correct
spelling. Fixes bug 40869; bugfix on 0.4.6.1-alpha.
o Minor bugfixes (vanguards addon support):
- Count the conflux linked cell as valid when it is successfully
processed. This will quiet a spurious warn in the vanguards addon.
Fixes bug 40878; bugfix on 0.4.8.1-alpha.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
lfs/tor | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Comments
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org> > On 22 Nov 2023, at 15:00, Peter Müller <peter.mueller@ipfire.org> wrote: > > Changes in version 0.4.8.9 - 2023-11-09 > This is another security release fixing a high severity bug affecting onion > services which is tracked by TROVE-2023-006. We are also releasing a guard > major bugfix as well. If you are an onion service operator, we strongly > recommend to update as soon as possible. > > o Major bugfixes (guard usage): > - When Tor excluded a guard due to temporary circuit restrictions, > it considered *additional* primary guards for potential usage by > that circuit. This could result in more than the specified number > of guards (currently 2) being used, long-term, by the tor client. > This could happen when a Guard was also selected as an Exit node, > but it was exacerbated by the Conflux guard restrictions. Both > instances have been fixed. Fixes bug 40876; bugfix > on 0.3.0.1-alpha. > > o Major bugfixes (onion service, TROVE-2023-006): > - Fix a possible hard assert on a NULL pointer when recording a > failed rendezvous circuit on the service side for the MetricsPort. > Fixes bug 40883; bugfix on 0.4.8.1-alpha > > o Minor features (fallbackdir): > - Regenerate fallback directories generated on November 09, 2023. > > o Minor features (geoip data): > - Update the geoip files to match the IPFire Location Database, as > retrieved on 2023/11/09. > > Changes in version 0.4.8.8 - 2023-11-03 > We are releasing today a fix for a high security issue, TROVE-2023-004, that > is affecting relays. Also a few minor bugfixes detailed below. Please upgrade > as soon as posssible. > > o Major bugfixes (TROVE-2023-004, relay): > - Mitigate an issue when Tor compiled with OpenSSL can crash during > handshake with a remote relay. Fixes bug 40874; bugfix > on 0.2.7.2-alpha. > > o Minor features (fallbackdir): > - Regenerate fallback directories generated on November 03, 2023. > > o Minor features (geoip data): > - Update the geoip files to match the IPFire Location Database, as > retrieved on 2023/11/03. > > o Minor bugfixes (directory authority): > - Look at the network parameter "maxunmeasuredbw" with the correct > spelling. Fixes bug 40869; bugfix on 0.4.6.1-alpha. > > o Minor bugfixes (vanguards addon support): > - Count the conflux linked cell as valid when it is successfully > processed. This will quiet a spurious warn in the vanguards addon. > Fixes bug 40878; bugfix on 0.4.8.1-alpha. > > Signed-off-by: Peter Müller <peter.mueller@ipfire.org> > --- > lfs/tor | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/lfs/tor b/lfs/tor > index 7a9ca4128..cf0ccaf9e 100644 > --- a/lfs/tor > +++ b/lfs/tor > @@ -26,7 +26,7 @@ include Config > > SUMMARY = Anonymizing overlay network for TCP (The onion router) > > -VER = 0.4.8.7 > +VER = 0.4.8.9 > > THISAPP = tor-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) > DIR_APP = $(DIR_SRC)/$(THISAPP) > TARGET = $(DIR_INFO)/$(THISAPP) > PROG = tor > -PAK_VER = 81 > +PAK_VER = 82 > > DEPS = libseccomp > > @@ -48,7 +48,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_BLAKE2 = 4d0cde752a729c64e380663e4438398fe768a8657e9aa3246bdf0ec9a4b4e01e277cb594ae0cb44cc66ea8c6080f2e58c6daf1bf01dc51b678d228e8e38fc971 > +$(DL_FILE)_BLAKE2 = a2d8cc8e60f162930d64d191af1893cb4060a8d98c16560c9ba30e0a9a0fd9cce2132573ca4db7b8b6e002f127f06b53fc5aea5fb6e8795c10f73671d14d9190 > > install : $(TARGET) > > -- > 2.35.3
diff --git a/lfs/tor b/lfs/tor index 7a9ca4128..cf0ccaf9e 100644 --- a/lfs/tor +++ b/lfs/tor @@ -26,7 +26,7 @@ include Config SUMMARY = Anonymizing overlay network for TCP (The onion router) -VER = 0.4.8.7 +VER = 0.4.8.9 THISAPP = tor-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 81 +PAK_VER = 82 DEPS = libseccomp @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 4d0cde752a729c64e380663e4438398fe768a8657e9aa3246bdf0ec9a4b4e01e277cb594ae0cb44cc66ea8c6080f2e58c6daf1bf01dc51b678d228e8e38fc971 +$(DL_FILE)_BLAKE2 = a2d8cc8e60f162930d64d191af1893cb4060a8d98c16560c9ba30e0a9a0fd9cce2132573ca4db7b8b6e002f127f06b53fc5aea5fb6e8795c10f73671d14d9190 install : $(TARGET)