From patchwork Sun Jun 19 09:41:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 5691 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4LQnpf3BMNz3wcT for ; Sun, 19 Jun 2022 09:41:14 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4LQnpc1L4RzyC; Sun, 19 Jun 2022 09:41:12 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4LQnpc0YRTz2yd6; Sun, 19 Jun 2022 09:41:12 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4LQnpZ3lR6z2ybF for ; Sun, 19 Jun 2022 09:41:10 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4LQnpY2V5TzlX for ; Sun, 19 Jun 2022 09:41:09 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1655631670; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gRHdtMnlS4/6GHC4Ozv1/0/khkMtz0jj+qb2GdQnbVo=; b=9NxKq16bR8lPfsQjDCX7teJvZLp5UNt2reqW43WFxZioTMF1amnfQjtX9tqulYyHt8udce 3X9HROtYS3xWjqBg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1655631670; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gRHdtMnlS4/6GHC4Ozv1/0/khkMtz0jj+qb2GdQnbVo=; b=L2/TjWb0A+Ohwty/V1lkGevaM3IbDXTpLvdMbmtBiWOM4UTvjCpYsCxmx2oaPkDwqbzSi/ hwJ3aHTW1fMkcYCJEJfJy7tNGEmBlufA2JM09jXt1lr4rC90VOtpXt9bPegeZgs7xf+1Cv zqv1wKw34754xutgG3SGwxPiU5bgLboU9pdqq9x6ca1XB0sLpeuYED6wochXwG/DC2oqCv qYRdBOMOdkvHagh68wZ7LxOoq/3+f0wBpYVOL26YRdAqn2r79dGqSkd+2npc/gjND1ehrN rGIJA4nya2bmWvysMhL6RlNEymIBnEpCuZj/ppfYwzeX/Llf+Us5aVKxpIv42A== Message-ID: <7dbe8e5f-2edc-d79f-39c1-54acdb0d3945@ipfire.org> Date: Sun, 19 Jun 2022 09:41:05 +0000 MIME-Version: 1.0 Content-Language: en-US To: "IPFire: Development" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH] Tor: Update to 0.4.7.8 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Changes in version 0.4.7.8 - 2022-06-17 This version fixes several bugfixes including a High severity security issue categorized as a Denial of Service. Everyone running an earlier version should upgrade to this version. o Major bugfixes (congestion control, TROVE-2022-001): - Fix a scenario where RTT estimation can become wedged, seriously degrading congestion control performance on all circuits. This impacts clients, onion services, and relays, and can be triggered remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes bug 40626; bugfix on 0.4.7.5-alpha. o Minor features (fallbackdir): - Regenerate fallback directories generated on June 17, 2022. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2022/06/17. o Minor bugfixes (linux seccomp2 sandbox): - Allow the rseq system call in the sandbox. This solves a crash issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug 40601; bugfix on 0.3.5.11. o Minor bugfixes (logging): - Demote a harmless warn log message about finding a second hop to from warn level to info level, if we do not have enough descriptors yet. Leave it at notice level for other cases. Fixes bug 40603; bugfix on 0.4.7.1-alpha. - Demote a notice log message about "Unexpected path length" to info level. These cases seem to happen arbitrarily, and we likely will never find all of them before the switch to arti. Fixes bug 40612; bugfix on 0.4.7.5-alpha. o Minor bugfixes (relay, logging): - Demote a harmless XOFF log message to from notice level to info level. Fixes bug 40620; bugfix on 0.4.7.5-alpha. Signed-off-by: Peter Müller Reviewed-by: Adolf Belka --- lfs/tor | 9 +++------ ...Tor-Sandbox-permit-the-clone3-system-call.patch | 14 -------------- 2 files changed, 3 insertions(+), 20 deletions(-) delete mode 100644 src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch diff --git a/lfs/tor b/lfs/tor index e6751fb84..628ed63a2 100644 --- a/lfs/tor +++ b/lfs/tor @@ -26,7 +26,7 @@ include Config SUMMARY = Anonymizing overlay network for TCP (The onion router) -VER = 0.4.7.7 +VER = 0.4.7.8 THISAPP = tor-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 69 +PAK_VER = 70 DEPS = libseccomp @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 18acfbe017b2ad456184f6031881149717f6fecad0d3e6daf90241a5a8ef296c32a36ace266d38b703f34b66d71e282c803f03f2059502c6ff6f4fdfb6641a97 +$(DL_FILE)_BLAKE2 = 40f6eab453d95a09e4531ce7cdb59715a21b84e1d0b1045d107add6a443fb7563a5747734b23e0e1dfda6490a5a7659f912e38c11cdb5fa635535dcff6169eeb install : $(TARGET) @@ -89,9 +89,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --with-tor-user=tor \ --with-tor-group=tor - # https://bugzilla.ipfire.org/show_bug.cgi?id=12807 - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch - cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch b/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch deleted file mode 100644 index 7e819ce73..000000000 --- a/src/patches/Tor-Sandbox-permit-the-clone3-system-call.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -Naur tor-0.4.6.10.orig/src/lib/sandbox/sandbox.c tor-0.4.6.10/src/lib/sandbox/sandbox.c ---- tor-0.4.6.10.orig/src/lib/sandbox/sandbox.c 2022-04-09 07:58:00.281189564 +0000 -+++ tor-0.4.6.10/src/lib/sandbox/sandbox.c 2022-04-09 08:00:55.861698856 +0000 -@@ -151,6 +151,10 @@ - SCMP_SYS(clock_gettime), - SCMP_SYS(close), - SCMP_SYS(clone), -+#ifdef __NR_clone3 -+ SCMP_SYS(clone3), -+#endif -+ SCMP_SYS(rseq), - SCMP_SYS(dup), - SCMP_SYS(epoll_create), - SCMP_SYS(epoll_wait),