Bug 31414

Updated packages uploaded by Stig-Ørjan for Cauldron and Jani for Mageia 8.

tor-0.4.5.16-1.mga8

from tor-0.4.5.16-1.mga8.src.rpm

Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8
Status comment: Fixed upstream in 0.4.5.16 and 0.4.7.13 => (none)
CC: (none) => jani.valimaa
Source RPM: tor-0.4.7.12-1.mga9.src.rpm => tor-0.4.5.12-1.mga8.src.rpm
Assignee: jani.valimaa => qa-bugs

Debian has issued an advisory for this on January 16:
https://www.debian.org/security/2023/dsa-5320

Summary: tor new security issue TROVE-2022-002 => tor new security issue TROVE-2022-002 (CVE-2023-23589)

MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Used via bug 30005 the wiki page https://wiki.mageia.org/en/The_Onion_Router, and my previous test from bug 29136.
It's a pity the Wiki does not show up from the wiki link in http://madb.mageia.org/tools/updates/
Anyway:
# systemctl start tor
]# systemctl -l status tor
● tor.service - Anonymizing overlay network for TCP
     Loaded: loaded (/usr/lib/systemd/system/tor.service; disabled; vendor preset: disabled)
     Active: active (running) since Thu 2023-01-19 10:33:40 CET; 19s ago
    Process: 9086 ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/t>
   Main PID: 9087 (tor)
      Tasks: 1 (limit: 4364)
     Memory: 43.1M
        CPU: 8.015s
     CGroup: /system.slice/tor.service
             └─9087 /usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc

Jan 19 10:33:38 mach7.hviaene.thuis tor[9086]: Jan 19 10:33:38.026 [notice] Read configuration file "/usr/share/tor/>
Jan 19 10:33:38 mach7.hviaene.thuis tor[9086]: Jan 19 10:33:38.027 [notice] Read configuration file "/etc/tor/torrc".
Jan 19 10:33:38 mach7.hviaene.thuis tor[9086]: Configuration was valid
Jan 19 10:33:38 mach7.hviaene.thuis tor[9087]: Jan 19 10:33:38.153 [notice] Tor 0.4.5.16 running on Linux with Libev>
Jan 19 10:33:38 mach7.hviaene.thuis tor[9087]: Jan 19 10:33:38.153 [notice] Tor can't help you if you use it wrong! >
Jan 19 10:33:38 mach7.hviaene.thuis tor[9087]: Jan 19 10:33:38.153 [notice] Read configuration file "/usr/share/tor/>
Jan 19 10:33:38 mach7.hviaene.thuis tor[9087]: Jan 19 10:33:38.153 [notice] Read configuration file "/etc/tor/torrc".
Jan 19 10:33:38 mach7.hviaene.thuis tor[9087]: Jan 19 10:33:38.168 [notice] Opening Socks listener on 127.0.0.1:9050
Jan 19 10:33:38 mach7.hviaene.thuis tor[9087]: Jan 19 10:33:38.168 [notice] Opened Socks listener connection (ready)>
Jan 19 10:33:40 mach7.hviaene.thuis systemd[1]: Started Anonymizing overlay network for TCP.

In firefox open Settings - General - Network Settings and enter localhost port 9050 for Manual proxy configuration set on - Socks host
Then navigate to https://check.torproject.org/ and get success.
Reset Settings - General - Network Settings to Use sysyem proxy settings, adnd refresh the tor page and get "Sorry. You are not using Tor."
OK for me.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Good point Herman.

I now renamed the page (and French one), adding "Tor" to the title.
(and updated links to them.)

The page is now listed from the wiki link in 
 http://madb.mageia.org/tools/updates/
after pressing "Content pages" on the search page.

CC: (none) => fri

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0017.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED