tor-0.3.5.15-1.mga7
tor-0.3.5.15-1.mga8

uploaded by Jani.

CC: (none) => jani.valimaa
Assignee: jani.valimaa => qa-bugs

Installed and tested without issues.


Tested:
- protocols: HTTP(S), IMAP, POP, DNS over SOCKS5;
- clients: curl, waterfox, fetchmail, trojita;
- method: explicit SOCKS5 proxy configuration, torsocks;
- onion domains: waterfox, curl.


$ curl --silent https://check.torproject.org/  | egrep 'Congratulations|Sorry' | uniq
      Sorry. You are not using Tor.
$ curl --silent --proxy socks5h://127.0.0.1:9050 https://check.torproject.org/  | egrep 'Congratulations|Sorry' | uniq
      Congratulations. This browser is configured to use Tor.
$ torsocks curl --silent https://check.torproject.org/  | egrep 'Congratulations|Sorry' | uniq
      Congratulations. This browser is configured to use Tor.
$ curl --silent --proxy socks5h://127.0.0.1:9050 https://3g2upl4pq6kufc4m.onion/ | grep '<title>'
        <title>DuckDuckGo — Privacy, simplified.</title>



System: Mageia 7, x86_64, Intel CPU.



$ uname -a
Linux marte 5.10.43-desktop-1.mga7 #1 SMP Fri Jun 11 07:28:47 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q tor torsocks
tor-0.3.5.15-1.mga7
torsocks-2.3.0-1.mga7

CC: (none) => mageia
Whiteboard: MGA7TOO => MGA7TOO MGA7-64-OK

New releases includes also the fix for %preun scriptlet errors, bug 29158.
tor-0.3.5.15-1.1.mga7
tor-0.3.5.15-1.1.mga8

Debian has issued an advisory for this on June 18:
https://www.debian.org/security/2021/dsa-4932

Summary: tor new security issues fixed upstream in 0.3.5.15 (including CVE-2021-3454[89]) => tor new security issues fixed upstream in 0.3.5.15 (including CVE-2021-3454[89] and CVE-2021-34550)

Install without issues Tor with QA repo:

systemctl start tor
systemctl status tor
● tor.service - Anonymizing overlay network for TCP
     Loaded: loaded (/usr/lib/systemd/system/tor.service; disabled; vendor preset: disabled)
     Active: active (running) since Wed 2021-06-23 08:52:36 CEST; 2s ago
    Process: 9482 ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc --verify-config (co>
   Main PID: 9483 (tor)
      Tasks: 1 (limit: 4581)
     Memory: 45.3M
        CPU: 983ms
     CGroup: /system.slice/tor.service
             └─9483 /usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc

juin 23 08:52:35 localhost Tor[9483]: Bootstrapped 0%: Starting
juin 23 08:52:36 localhost Tor[9483]: Starting with guard context "default"
juin 23 08:52:36 localhost Tor[9483]: Signaled readiness to systemd
juin 23 08:52:36 localhost systemd[1]: Started Anonymizing overlay network for TCP.
juin 23 08:52:36 localhost Tor[9483]: Bootstrapped 10%: Finishing handshake with directory server
juin 23 08:52:36 localhost Tor[9483]: Bootstrapped 80%: Connecting to the Tor network
juin 23 08:52:36 localhost Tor[9483]: Bootstrapped 90%: Establishing a Tor circuit
juin 23 08:52:36 localhost Tor[9483]: Opening Control listener on /run/tor/control
juin 23 08:52:36 localhost Tor[9483]: Opened Control listener on /run/tor/control
juin 23 08:52:36 localhost Tor[9483]: Bootstrapped 100%: Done

It's seems to be ok

I have to learn how to use it with FF or other.

CC: (none) => guillaume.royer

(In reply to Guillaume Royer from comment #5)
> Install without issues Tor with QA repo:
> 
> systemctl start tor
> systemctl status tor
> ● tor.service - Anonymizing overlay network for TCP
>      Loaded: loaded (/usr/lib/systemd/system/tor.service; disabled; vendor
> preset: disabled)
>      Active: active (running) since Wed 2021-06-23 08:52:36 CEST; 2s ago
>     Process: 9482 ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc
> /usr/share/tor/defaults-torrc -f /etc/tor/torrc --verify-config (co>
>    Main PID: 9483 (tor)
>       Tasks: 1 (limit: 4581)
>      Memory: 45.3M
>         CPU: 983ms
>      CGroup: /system.slice/tor.service
>              └─9483 /usr/bin/tor --runasdaemon 0 --defaults-torrc
> /usr/share/tor/defaults-torrc -f /etc/tor/torrc
> 
> juin 23 08:52:35 localhost Tor[9483]: Bootstrapped 0%: Starting
> juin 23 08:52:36 localhost Tor[9483]: Starting with guard context "default"
> juin 23 08:52:36 localhost Tor[9483]: Signaled readiness to systemd
> juin 23 08:52:36 localhost systemd[1]: Started Anonymizing overlay network
> for TCP.
> juin 23 08:52:36 localhost Tor[9483]: Bootstrapped 10%: Finishing handshake
> with directory server
> juin 23 08:52:36 localhost Tor[9483]: Bootstrapped 80%: Connecting to the
> Tor network
> juin 23 08:52:36 localhost Tor[9483]: Bootstrapped 90%: Establishing a Tor
> circuit
> juin 23 08:52:36 localhost Tor[9483]: Opening Control listener on
> /run/tor/control
> juin 23 08:52:36 localhost Tor[9483]: Opened Control listener on
> /run/tor/control
> juin 23 08:52:36 localhost Tor[9483]: Bootstrapped 100%: Done
> 
> It's seems to be ok
> 
> I have to learn how to use it with FF or other.

sorry I forgot to mention that I tested it on MGA8 64 XFCE

MGA 7 64 VM LXQt:

Install Tor without issues with QA repo: 

tor.service - Anonymizing overlay network for TCP                                                                                   
   Loaded: loaded (/usr/lib/systemd/system/tor.service; disabled; vendor preset: disabled)                                            
   Active: active (running) since Wed 2021-06-23 14:27:17 CEST; 1s ago                                                                
  Process: 4002 ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc --verify-c>
 Main PID: 4003 (tor)                                                                                                                 
    Tasks: 1 (limit: 2364)                                                                                                            
   Memory: 17.0M                                                                                                                      
   CGroup: /system.slice/tor.service                                                                                                  
           └─4003 /usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc                       
                                                                                                                                      
juin 23 14:27:17 localhost Tor[4003]: Starting with guard context "default"                                                           
juin 23 14:27:17 localhost systemd[1]: Started Anonymizing overlay network for TCP.                                                   
juin 23 14:27:17 localhost Tor[4003]: Signaled readiness to systemd
juin 23 14:27:18 localhost Tor[4003]: Opening Control listener on /run/tor/control
juin 23 14:27:18 localhost Tor[4003]: Opened Control listener on /run/tor/control
juin 23 14:27:18 localhost Tor[4003]: Bootstrapped 5%: Connecting to directory server
juin 23 14:27:18 localhost Tor[4003]: Bootstrapped 10%: Finishing handshake with directory server
juin 23 14:27:18 localhost Tor[4003]: Bootstrapped 15%: Establishing an encrypted directory connection
juin 23 14:27:18 localhost Tor[4003]: Bootstrapped 20%: Asking for networkstatus consensus
juin 23 14:27:18 localhost Tor[4003]: Bootstrapped 25%: Loading networkstatus consensus

Fedora has issued an advisory for this today (June 23):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RST7YTNTKJURIR2QVIJMEBXWW2YHETRX/

MGA8-64 MATE on Lenovo B50
No installation issues
Ref bug 27606 Comment 6
# systemctl start tor

# systemctl -l status tor
● tor.service - Anonymizing overlay network for TCP
     Loaded: loaded (/usr/lib/systemd/system/tor.service; disabled; vendor preset: disabled)
     Active: active (running) since Sat 2021-06-26 14:46:52 CEST; 19s ago
    Process: 20654 ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc --verify-config (code=exited, status=0/SUCCESS)
   Main PID: 20655 (tor)
      Tasks: 1 (limit: 9402)
     Memory: 41.3M
        CPU: 1.329s
     CGroup: /system.slice/tor.service
             └─20655 /usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc

jun 26 14:46:55 mach5.hviaene.thuis Tor[20655]: Bootstrapped 50%: Loading relay descriptors for internal paths
jun 26 14:46:55 mach5.hviaene.thuis Tor[20655]: The current consensus contains exit nodes. Tor can build exit and internal paths.
jun 26 14:46:56 mach5.hviaene.thuis Tor[20655]: Bootstrapped 57%: Loading relay descriptors
jun 26 14:46:57 mach5.hviaene.thuis Tor[20655]: Bootstrapped 66%: Loading relay descriptors
jun 26 14:46:57 mach5.hviaene.thuis Tor[20655]: Bootstrapped 71%: Loading relay descriptors
jun 26 14:46:57 mach5.hviaene.thuis Tor[20655]: Bootstrapped 78%: Loading relay descriptors
jun 26 14:46:57 mach5.hviaene.thuis Tor[20655]: Bootstrapped 80%: Connecting to the Tor network
jun 26 14:46:58 mach5.hviaene.thuis Tor[20655]: Bootstrapped 85%: Finishing handshake with first hop
jun 26 14:46:58 mach5.hviaene.thuis Tor[20655]: Bootstrapped 90%: Establishing a Tor circuit
jun 26 14:46:58 mach5.hviaene.thuis Tor[20655]: Bootstrapped 100%: Done

In firefox open Preferences - General - Network Settings and enter localhost port 9050 for Manual proxy configuration set on - Socks host
Then navigate to https://check.torproject.org/ and get success.
Reset Preferences - General - Network Settings to Use sysyem proxy settings, adnd refresh the tor page and get "Sorry. You are not using Tor."

OK for me.

Whiteboard: MGA7TOO MGA7-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OK
CC: (none) => herman.viaene

Thank you, everyone. Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Advisory:
========================

Updated tor package fixes security vulnerabilities:

Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which
hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it (CVE-2021-34548).

hashtable-based CPU denial-of-service attack against relays (CVE-2021-34549). 

out-of-bounds memory access in v3 onion service descriptor parsing (CVE-2021-34550).

See also upstream release notes for included other bugfixes.

This package also fixes an error in tor package's un-install script (https://bugs.mageia.org/show_bug.cgi?id=29158).

References:
 - https://bugs.mageia.org/show_bug.cgi?id=29136
 - https://bugs.mageia.org/show_bug.cgi?id=29158
 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34548
 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34549
 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34550
 - https://blog.torproject.org/node/2041
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RST7YTNTKJURIR2QVIJMEBXWW2YHETRX/
========================

Updated packages in core/updates_testing:
========================
tor-0.3.5.15-1.1.mga7
tor-0.3.5.15-1.1.mga8

from SRPMS:
tor-0.3.5.15-1.1.mga7.src.rpm
tor-0.3.5.15-1.1.mga8.src.rpm

CC: (none) => ouaurelien
Keywords: (none) => advisory
CVE: (none) => CVE-2021-3454[89] and CVE-2021-34550
Depends on: 29158 => (none)
Blocks: (none) => 29158

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0293.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED