ELBA-2024-20374
- ULN >
- Oracle Linux Errata repository >
- ELBA-2024-20374
ELBA-2024-20374 - tor Bug Fix update
| Type: | BUG |
| Severity: | NA |
| Release Date: | 2024-04-20 |
Description
[0.4.8.11-1]
- update to latest upstream release https://forum.torproject.org/t/stable-release-0-4-8-11/12265
- bz#2211726
[0.4.8.10-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
[0.4.8.10-1]
- update to latest upstream release https://forum.torproject.org/t/security-release-0-4-8-10/10536
- security fixes for bz#2253846 & bz#2211726 & bz#2253847
[0.4.8.9-1]
- update to latest upstream release https://forum.torproject.org/t/security-release-0-4-8-9/10155
- security fixes for bz#2248562 & bz#2248563
- add --enable-gpl build options to enable PoW as DDoS protection bz#2247828
[0.4.8.7-1]
- update to latest upstream release https://forum.torproject.org/t/stable-release-0-4-8-7/9398
[0.4.8.5-1]
- update to latest upstream release https://forum.torproject.org/t/stable-release-0-4-8-5/8996
[0.4.8.4-1]
- update to latest upstream release https://forum.torproject.org/t/stable-release-0-4-8-4/8884
[0.4.7.14-1]
- update to latest upstream release
[0.4.7.13-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
[0.4.7.13-3]
- Rebuilt to address issue bz#2180871
[0.4.7.13-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
[0.4.7.13-1]
- update to latest upstream release
- 0.4.5.x will be EOL by February 15th 2023 -> move to 0.4.7.x
[0.4.5.14-1]
- update to latest upstream release
[0.4.5.13-1]
- update to latest upstream release
[0.4.5.11-1]
- update to latest upstream release
[0.4.5.10-1]
- update to latest upstream release
- fixes CVE-2021-38385
[0.4.5.9-1]
- update to latest upstream release
- fixes CVE-2021-34548, CVE-2021-34549, CVE-2021-34550
[0.4.5.8-1]
- update to latest upstream release
[0.4.5.7-1]
- update to latest upstream release (with security fixes!)
[0.4.5.6-1]
- update to latest upstream release (bz#1928885)
[0.4.4.7-1]
- update to latest upstream release
[0.4.4.6-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
[0.4.4.6-1]
- update to latest upstream release (bz#1913013)
[0.4.3.7-1]
- update to latest upstream release (bz#1913013)
[0.4.4.5-2]
- Rebuild for libevent soname change
[0.4.4.5-1]
- update to latest upstream release (bz#1879125)
[0.4.3.6-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
[0.4.3.6-1]
- update to latest upstream release (bz#1855385)
[0.4.3.5-1]
- update to latest upstream release (bz#1836206)
[0.4.2.7-1]
- update to latest upstream release (bz#1814803)
[0.4.2.6-1]
- update to latest upstream release
- Add MemoryDenyWriteExecute option to service unit
[0.4.2.5-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
[0.4.2.5-1]
- update to latest upstream release
[0.4.1.6-1]
- update to latest upstream release (bz#1743739)
[0.4.1.5-1]
- update to latest upstream release (bz#1743739)
[0.4.0.5-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
[0.4.0.5-1]
- update to latest upstream release (bz#1705702)
[0.3.5.8-1]
- update to latest upstream release (bz#1679732)
[0.3.5.7-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
[0.3.5.7-1]
- update to latest upstream release
[0.3.4.9-1]
- update to latest upstream release
[0.3.4.8-1]
- update to latest upstream stable release 0.3.4.8
- add more build deps to enable compression
[0.3.3.9-1]
- update to latest upstream stable release 0.3.3.9 (#1581512)
[0.3.3.8-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
[0.3.3.8-1]
- update to latest upstream stable release 0.3.3.8 (#1581512)
[0.3.3.7-1]
- update to latest upstream stable release 0.3.3.7 (#1581512)
[0.3.3.6-1]
- update to latest upstream stable release 0.3.3.6 (#1581512)
[0.3.2.10-1]
- Update to latest version. Security-Fixes TROVE-2018-001, TROVE-2018-002,
TROVE-2018-003 and TROVE-2018-004
[0.3.2.9-3]
- Rebuilt due to libevent SONAME change
[0.3.2.9-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
[0.3.2.9-1]
- update to latest upstream stable release 0.3.2.9 (#1532909)
[0.3.1.9-1]
- update to upstream release 0.3.1.9. Fixes:
- CVE-2017-8819: Replay-cache ineffective for v2 onion services
- CVE-2017-8820: Remote DoS attack against directory authorities
- CVE-2017-8821: An attacker can make Tor ask for a password
- CVE-2017-8822: Relays can pick themselves in a circuit path
- CVE-2017-8823: Use-after-free in onion service v2
[0.3.1.8-1]
- update to upstream release 0.3.1.8
[0.3.1.7-1]
- update to upstream release 0.3.1.7
[0.2.9.12-1]
- update to upstream release 0.2.9.12 (SECURITY) (#1494860)
- CVE-2017-0380 Stack disclosure in hidden services logs when
SafeLogging disabled (#1493512) (#1493513)
- Cleanup spec
[0.2.9.11-1]
- update to upstream release 0.2.9.11 (SECURITY)
- CVE-2017-0375 & CVE-2017-0376: denial of service (assertion
failure and daemon exit) (#1461276) (#1461275)
[0.2.9.10-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
[0.2.9.10-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
[0.2.9.10-1]
- update to upstream release 0.2.9.10
[0.2.8.12-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
[0.2.8.12-1]
- update to upstream release 0.2.8.12
[0.2.8.11-1]
- update to upstream release 0.2.8.11
[0.2.8.10-1]
- update to upstream release 0.2.8.10
[0.2.8.9-1]
- update to upstream release 0.2.8.9
[0.2.8.8-1]
- update to upstream release 0.2.8.8
[0.2.8.7-1]
- update to upstream release 0.2.8.7
[0.2.8.6-2]
- re-add patch0
[0.2.8.6-1]
- update to upstream release 0.2.8.6
- remove upstreamed patches
[0.2.7.6-6]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
[0.2.7.6-5]
- make ControlSocket writable by toranon group (#1296226)
[0.2.7.6-4]
- fix tmpfiles.d
[0.2.7.6-3]
- place ControlSocket and CookieAuthFile at top of torrc for visibility
[0.2.7.6-2]
- some minor patch fixes
[0.2.7.6-1]
- update to upstream release 0.2.7.6
- use version of patches that have been accepted upstream
- add ControlSocket and CookieAuthFile to /etc/tor/torrc
[0.2.7.5-6]
- use ReadOnlyDirectories=/var instead of ReadOnlyDirectories=/ (#1290444)
and other service file improvements
[0.2.7.5-5]
- improve systemd scriptlets
[0.2.7.5-4]
- add PermissionsStartOnly=yes and RestartSec=1 to service file
[0.2.7.5-3]
- amend README
[0.2.7.5-2]
- improve summary and description
- use tor-master.service to restart/reload all instances (#1286359)
- add /etc/tor/README
[0.2.7.5-1]
- update to upstream release 0.2.7.5
[0.2.6.10-6]
- amend patch so that the default of 0700 doesn't change (but instead allow
either 0700 or 0750)
[0.2.6.10-5]
- allow group read of DataDirectory and change owner to root (#1279222),
as otherwise CapabilityBoundingSet requires CAP_READ_SEARCH and SELinux
tor_t requires dac_read_search
[0.2.6.10-4]
- remove NoNewPrivileges as it prevents SELinux transition
- revert to DeviceAllow instead of PrivateDevices due to SELinux denials
[0.2.6.10-3]
- only build with libseccomp support on ix86, x86_64
[0.2.6.10-2]
- improve systemd integration
- add BR: libseccomp-devel
[0.2.6.10-1]
- update to upstream release 0.2.6.10
[0.2.6.9-5]
- also fix ExecStartPre in tor@.service
[0.2.6.9-4]
- rebuild
[0.2.6.9-3]
- add missing arguments to config checks executed in ExecStartPre
[0.2.6.9-2]
- remove leading '-' from ReadWriteDirectories
[0.2.6.9-1]
- update to upstream release 0.2.6.9
[0.2.6.8-1]
- update to upstream release 0.2.6.8
- improve/harden systemd service file
- add multi-instance systemd service file (#1210837)
[0.2.5.12-1]
- update to upstream release 0.2.5.12
[0.2.5.11-1]
- update to upstream release 0.2.5.11
[0.2.5.10-1]
- update to upstream release 0.2.5.10
[0.2.4.25-1]
- update to upstream release 0.2.4.25
[0.2.4.24-1]
- update to upstream release 0.2.4.24
[0.2.4.23-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
[0.2.4.23-1]
- update to upstream release 0.2.4.23
- CVE-2014-5117: potential for traffic-confirmation attacks
[0.2.4.22-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
[0.2.4.22-1]
- update to upstream release 0.2.4.22
[0.2.4.21-2]
- remove --quiet from default systemd service file
[0.2.4.21-1]
- update to upstream release 0.2.4.21
- remove crazy Release numbering
- remove Obsoletes/Provides that were introduced in F19
- remove tor-tsocks.conf which has been removed completely upstream
- include new file: _datadir/tor/geoip6
[0.2.3.25-1931]
- add fix for new unversioned docdir
[0.2.3.25-1930]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
[0.2.3.25-1929]
- add 'Log notice syslog' back to tor.defaults-torrc as recommended by
upstream: https://bugzilla.redhat.com/show_bug.cgi?id=532373#c19
- remove unused files in git (verinfo and lastver)
- change URL to HTTPS
- disallow group read for /var/log/tor
- remove TODO as it doesn't contain any useful information
[0.2.3.25-1928]
- increase LimitNOFILE in tor.service from 4096 to 32768, as advised by
upstream: https://trac.torproject.org/projects/tor/ticket/8368#comment:4
[0.2.3.25-1927]
- package should own the %{_datadir}/tor directory
[0.2.3.25-1926]
- remove unnecessary custom LDFLAGS
[0.2.3.25-1925]
- remove Obsoletes/Provides for tor-doc, which was introduced in Fedora 16
- add some useful comments about the Obsoletes/Provides/Requires
- add comments about tor.logrotate, tor.defaults-torrc and tor.systemd.service
[0.2.3.25-1924]
- whitespace changes and reorganization in the interests of readability
and clarity
[0.2.3.25-1923]
- mix of tabs and spaces, so remove all tabs
[0.2.3.25-1922]
- the /var/run/tor directory is not needed so remove it, which also fixes
bug #656707
- use %_localstatedir instead of %_var
[0.2.3.25-1921]
- take a more cautious approach in the %files section and specify filenames
more explicitly rather than using wildcards, which also makes it easier to
see the contents of the package
[0.2.3.25-1920]
- remove all modifications to the default tor configuration file so that we
can stick more closely to upstream defaults
- add /usr/share/tor/defaults-torrc file, which only contains two options:
DataDirectory /var/lib/tor
User toranon
- when starting the tor service, use the following options as recommended by
upstream: --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc
[0.2.3.25-1919]
- split username global variable into separate toruser and torgroup global
variables to improve spec flexibility and ease of comprehension, as well
as matching how upstream have written their spec
- use --with-tor-user=%toruser and --with-tor-group=%torgroup options when
running %configure, as recommended by upstream
[0.2.3.25-1918]
- after moving the tor-systemd and torify subpackages back into the main tor
package, the %with_noarch macro and the associated conditionals are no
longer used so remove them
[0.2.3.25-1917]
- add missing Provides for the obsoleted tor-doc subpackage
[0.2.3.25-1916]
- move the torify subpackage back into the main tor package to match upstream
expectations and user expectations (ie, yum install tor)
- remove the logic separating the documentation files for tor and torify,
which is now no longer needed
- use --docdir option when running %configure
[0.2.3.25-1915]
- move the tor-systemd subpackage back into the main tor package:
the main tor package has a hard requirement on tor-systemd, so there is no
purpose for keeping tor-systemd separate from the main package
- remove 'Requires: tor-systemd'
[0.2.3.25-1914]
- move the tor-core subpackage back into the main tor package to match upstream
expectations and user expectations (ie, yum install tor)
[0.2.3.25-1913]
- the tor-systemd subpackage is a hard requirement, so remove the conditional
that decides whether it is built
[0.2.3.25-1912]
- amend logrotate file to match closer with upstream defaults, and removing
references to several obsolete init systems
[0.2.3.25-1911]
- remove tor-upstart subpackage as upstart is no longer installable within
Fedora and renders the the subpackage obsolete
[0.2.3.25-1910]
- remove dependency on fedora-usermgmt as it has been queued for obsoletion
from Fedora
- add users and groups without forcing use of uid=19 as it is not necessarily
available, nor is it required or expected by upstream
- do not remove users/groups in %postun as the guidelines state:
https://fedoraproject.org/wiki/Packaging:UsersAndGroups
[0.2.3.25-1909]
- change permissions of the following files/directories to match upstream:
/var/log/tor should be owned by toranon:toranon with 0750 permissions;
/var/lib/tor should be owned by toranon:toranon with 0700 permissions;
/etc/tor/torrc should be owned by root:root with 0644 permissions;
[0.2.3.25-1908]
- remove unnecessary Requires on logrotate directory
[0.2.3.25-1907]
- remove unnecessary BuildRoot tag
- remove unnecessary rm -rf RPM_BUILD_ROOT
- remove unnecessary %clean
- remove unnecessary defattr's
[0.2.3.25-1906]
- remove unnecessary %_unitdir macro
- remove %systemd_reqs and %systemd_install macros, moving the parts to
the appropriate sections to improve readability and consistency with other
SPECS
[0.2.3.25-1905]
- remove %release_func macro to improve readability and consistency with
other SPECS
[0.2.3.25-1904]
- fixed torsocks requirement
- conditionalized systemd builds
[0.2.3.25-1903]
- reverted 'Package cleanup and various fixes'; too invasive and
non-auditable changes which are breaking things
[0.2.3.25-1902]
- torify subpackage should depend on torsocks not tsocks (#908569)
[0.2.3.25-1901]
- add additional %configure options for user and group
- add --defaults-torrc to systemd service to make sure sane defaults are set
unless explicitly overridden
- remove unnecessary BuildRoot tag
- remove unnecessary rm -rf RPM_BUILD_ROOT
- remove unnecessary %clean section
- remove unnecessary defattr's
- fix Requires for torify subpackage
- update scriptlets to latest systemd guidelines
- aesthetic changes to the SPEC for clarity and readability
[0.2.3.25-1900]
- updated to 0.2.3.25
[0.2.2.39-1900]
- updated to 0.2.2.29
- CVE-2012-4419: assertion failure when comparing an address with port
0 to an address policy
- CVE-2012-4422: assertion failure in tor_timegm()
- use %systemd macros
[0.2.2.38-1900]
- updated to 0.2.2.38
- conditionalized upstart and disabled it by default
[0.2.2.37-1801]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
[0.2.2.37-1800]
- updated to 0.2.2.37
[0.2.2.36-1800]
- updated to 0.2.2.36
[0.2.2.35-1800]
- build with -fPIE
* Tue Mar 06 2012 Enrico Scholz
- fixed urls (#800236)
[0.2.2.35-1702]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
[0.2.2.35-1701]
- added 'su' logrotate option (#751525)
- fixed systemd unit file; customization of TimeoutSec + LimitNOFILE is
not possible by environment variables. Hardcode some values which can
be overridden by the systemd .include method (#755167).
- added systemd rule in the postrotate script
[0.2.2.35-1700]
- updated to 0.2.2.35 (security)
- CVE-2011-2778: Tor heap-based buffer overflow
[0.2.2.34-1700]
- updated to 0.2.2.34; critical privacy/anonymity fixes
- CVE-2011-2768
- CVE-2011-2769
[0.2.2.33-1701]
- Rebuilt for glibc bug#747377
[0.2.2.33-1700]
- updated to 2.2.33
- removed -doc subpackage because shipped files are not available
anymore
- ship torify files only in torify subpackage; not in main one
- start systemd service after nss-lookup.target (#719476)
[0.2.1.30-1700]
- added and use systemd macros
[0.2.1.30-1601]
- made EnvironmentFile in systemd definition optional
- systemd: added Requires: for core package; made it noarch
[0.2.1.30-1600]
- updated to 0.2.1.30
- added 'torify' script (#669684)
[0.2.1.29-1501]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
[0.2.1.29-1500]
- updated to 0.2.1.29 (SECURITY)
- CVE-2011-0427: heap overflow bug, potential remote code execution
[0.2.1.28-1502]
- updated to 0.2.1.28 (SECURITY: fixes a remotely exploitable heap overflow bug)
[0.2.1.27-1501]
- replaced lsb and sysv init stuff with systemd init script
[0.2.1.27-1500]
- updated to 0.2.1.27
- added tmpfiles.d file to create %_var/run/%name directory in -lsb
- work around broken chkconfig by adding dummy Default-Start: in -lsb
[0.2.1.26-1500]
- fixed 'limit' statement in upstart script
[0.2.1.26-1400]
- updated to 0.2.1.26
- log to syslog as request by upstream (#532373#19)
- removed workaround to install lsb initscript because parts of the
underlying problem have been fixed in redhat-lsb and the remaining
ones were solved by previous commit
- removed dependency in -lsb initscript to workaround
buggy redhat-lsb; should imply it and has been moved to
Should-Start:
* Tue Jun 01 2010 Enrico Scholz
- created -doc subpackage and moved most (all) files from main into it
* Sun Mar 28 2010 Enrico Scholz
- added -sysv subpackage
[0.2.1.25-1400]
- updated to 0.2.1.25
[0.2.1.24-1402]
- removed /var/lib/tor-data dir (Chen Lei)
[0.2.1.24-1401]
- require tor-core, not tor in -upstart (thx to Dave Jones)
[0.2.1.24-1400]
- updated to 0.2.1.24
[0.2.1.23-1300]
- updated to 0.2.1.23
[0.2.1.22-1300]
- updated to 0.2.1.22
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory | Channel Label |
| Oracle Linux 8 (x86_64) | tor-0.4.8.11-1.el8.src.rpm | 571fcf6455b871844ec27237d6b45b07 | - | ol8_x86_64_developer_EPEL |
| tor-0.4.8.11-1.el8.x86_64.rpm | 89bd1e0bbe319146bb60d5fbae3a99bf | - | ol8_x86_64_developer_EPEL | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
