Bug 29377

openSUSE has issued an advisory for this on August 19:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PMWWIBVBPI5X7QIC5VO3NJURIXL33ROT/

tor-0.3.5.16-1.mga8 uploaded to updates_testing by Jani.

CC: (none) => jani.valimaa
Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8
Assignee: jani.valimaa => qa-bugs
Status comment: Fixed upstream in 0.3.5.16 => (none)

MGA8 64 XFCE.

Updates Tor with QA repo.

I've checked Tor as follow:

systemctl stop tor
systemctl start tor
systemctl status Tor => Ok

tor.service - Anonymizing overlay network for TCP
     Loaded: loaded (/usr/lib/systemd/system/tor.service; enabled; vendor preset: disabled)
     Active: active (running) since Mon 2021-08-23 20:36:55 CEST; 7min ago
    Process: 29716 ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc --verify>
   Main PID: 29717 (tor)
      Tasks: 1 (limit: 4581)
     Memory: 37.4M
        CPU: 1.662s
     CGroup: /system.slice/tor.service
             └─29717 /usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc

août 23 20:36:54 localhost Tor[29717]: Bootstrapped 0%: Starting
août 23 20:36:55 localhost Tor[29717]: Starting with guard context "default"
août 23 20:36:55 localhost Tor[29717]: Signaled readiness to systemd
août 23 20:36:55 localhost systemd[1]: Started Anonymizing overlay network for TCP.
août 23 20:36:55 localhost Tor[29717]: Bootstrapped 10%: Finishing handshake with directory server
août 23 20:36:55 localhost Tor[29717]: Bootstrapped 80%: Connecting to the Tor network
août 23 20:36:55 localhost Tor[29717]: Bootstrapped 90%: Establishing a Tor circuit
août 23 20:36:55 localhost Tor[29717]: Opening Control listener on /run/tor/control
août 23 20:36:55 localhost Tor[29717]: Opened Control listener on /run/tor/control
août 23 20:36:55 localhost Tor[29717]: Bootstrapped 100%: Done

Check Tor on: 

https://check.torproject.org/ => ok

CC: (none) => guillaume.royer

Debian has issued an advisory for this today (August 23):
https://www.debian.org/security/2021/dsa-4961

Mga 8 Gnome

Installed Tor with QA repos (tsocks and Tor)

systemctl start tor
systemctl status tor

tor.service - Anonymizing overlay network for TCP
     Loaded: loaded (/usr/lib/systemd/system/tor.service; disabled; vendor preset: disabled)
     Active: active (running) since Fri 2021-09-03 17:16:52 CEST; 6s ago
    Process: 3743 ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/to>
   Main PID: 3744 (tor)
      Tasks: 1 (limit: 2320)
     Memory: 46.6M
        CPU: 982ms
     CGroup: /system.slice/tor.service
             └─3744 /usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc

sept. 03 17:16:56 localhost Tor[3744]: I learned some more directory information, but not enough to build a circuit: >
sept. 03 17:16:56 localhost Tor[3744]: The current consensus contains exit nodes. Tor can build exit and internal pat>
sept. 03 17:16:56 localhost Tor[3744]: Bootstrapped 55%: Loading relay descriptors
sept. 03 17:16:56 localhost Tor[3744]: Bootstrapped 62%: Loading relay descriptors
sept. 03 17:16:56 localhost Tor[3744]: Bootstrapped 70%: Loading relay descriptors
sept. 03 17:16:56 localhost Tor[3744]: Bootstrapped 75%: Loading relay descriptors
sept. 03 17:16:56 localhost Tor[3744]: Bootstrapped 80%: Connecting to the Tor network
sept. 03 17:16:57 localhost Tor[3744]: Bootstrapped 85%: Finishing handshake with first hop
sept. 03 17:16:57 localhost Tor[3744]: Bootstrapped 90%: Establishing a Tor circuit
sept. 03 17:16:57 localhost Tor[3744]: Bootstrapped 100%: Done
~


tor --v
Sep 03 17:19:23.627 [notice] Tor 0.3.5.16 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1k, Zlib 1.2.11, Liblzma 5.2.5, and Libzstd 1.4.8.

Check Tor on: 

https://check.torproject.org/ => NOK

Sorry. You are not runing Tor.

CC: (none) => hdetavernier

Tor services is enabled at startup and running.

After reboot, I've got always this:

Sorry. You are not runing Tor.

(In reply to Hugues Detavernier from comment #6)
> Tor services is enabled at startup and running.
> After reboot, I've got always this:
> Sorry. You are not runing Tor.

After starting tor.service and tor-master.service, the browser needs to be
configured to use a socks5 proxy. In firefox, Edit/Settings, click on the
Settings button under Network Settings (very end of the settings), then
select "Manual proxy configuration" enter "127.0.0.1" for the SOCKS Host
and "9050" for the Port.

After that, in my test https://check.torproject.org/ shows ...
 Congratulations. This browser is configured to use Tor.

Your IP address appears to be: 185.220.100.253

CC: (none) => davidwhodgins

Thanks Dave.

It's all good.

(In reply to Hugues Detavernier from comment #8)
> Thanks Dave.
> 
> It's all good.

So this is OK for you, then? 

If you are satisfied with the results of your test, you should put the appropriate OK (MGA8-64-OK or MGA8-32-OK) in the Whiteboard field near the top of this page.

CC: (none) => andrewsfarm

I should have done so when I posted comment 7.
Ok added and update validated.

Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0426.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED