Tor 0.4.5.12 and 0.4.6.10 have been released on February 4. I haven't found a release announcement, but there's a pre-release announcement: https://forum.torproject.net/t/tor-project-network-team-upcoming-0-4-5-12-and-0-4-6-10-february-2022/1993 So it sounds like no security fixes, but 0.3.5.x is EOL, so Cauldron should be updated. I don't know if either of the two current branches are LTS like that one was. The last 0.3.5.x release, 0.3.5.18, we missed but was just a bugfix release. Mageia 8 may be fine for now.
Priority: Normal => release_blockerTarget Milestone: --- => Mageia 9
https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/CoreTorReleases#calendar 0.4.5 is LTS and supported until at least Feb 15, 2023. Lets go with it.
Pushed tor-0.4.5.12-1.mga9 to cauldron.
Trying to help our friends in other countries, I now installed tor on mga8. Log output: Mar 05 13:56:43.000 [warn] Please upgrade! This version of Tor (0.3.5.16) is obsolete, according to the directory authorities.
Whiteboard: (none) => MGA8TOOCC: (none) => fri
Comment from a Tor newbie: In order for our packaged nyx (a monitoring interface for tor) to work, I had to chmod 750 /run/tor (I dont know if that is the correct medicine, but it works) (original is 700) - or else nyx said: Issue: Authentication failed: '/run/tor/control.authcookie' doesn't exist And that after i had added my Mageia user to group toruser, and added/enabled following lines in /etc/tor/torrc, and restarted. ControlPort 9051 ControlSocket /run/tor/control CookieAuthentication 1 CookieAuthFile /run/tor/control.authcookie CookieAuthFileGroupReadable 1 DataDirectoryGroupReadable 1 Did I miss something, or could one of the packages be improved? CC David H; I see from last Tor update bug you seem to know Tor.
CC: (none) => davidwhodgins
Now I see Tor log: 20:17:54 [WARN] Permissions on directory /run/tor are too permissive. So that was wrong medicine. Have not figured out the correct one.
The chmod should not have survived a reboot as /run is a tmpfs. I suspect it was just not being a member of the group toruser that was missing. Note that after adding the user to the group toruser, you have to logout/in or reboot for the change to take effect. The browser does not access /run/tor, that's used by the systemd services, tor and tor-master which must be enabled/started. Tested using firefox using the procedure at https://bugs.mageia.org/show_bug.cgi?id=29377#c7 to set up the use of the socks5 proxy, I get ... Congratulations. This browser is configured to use Tor. Your IP address appears to be: 185.220.101.172 You don't need to restart firefox when changing it to use or not use the socks5 proxy. $ host 185.220.101.172 172.101.220.185.in-addr.arpa domain name pointer tor-exit-172.relayon.org.
Whiteboard: MGA8TOO => MGA8TOO, MGA8-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Oops. Just realized I was testing the old version as the update isn't in m8 yet. I'll test in m9 shortly.
Version: Cauldron => 8Whiteboard: MGA8TOO, MGA8-64-OK => MGA8TOOKeywords: validated_update => (none)
Same procedure used in an up-to-date cauldron install with $ rpm -q tor tor-0.4.5.12-1.mga9 Congratulations. This browser is configured to use Tor. Your IP address appears to be: 23.128.248.48 $ host 23.128.248.48 48.248.128.23.in-addr.arpa domain name pointer tor-exit39.stormycloud.org.
Current mga version is 5 weeks past EOL and will soon be cut off from network (at least as a relay) and have known bugs. I let Dave's test be OK for cauldron, and I will test in mga8 as soon it is available in testing. I today received this message: ------------- Hi, You are running a Tor relay, which is great: https://metrics.torproject.org/rs.html#details/[hidden] However, that relay's Tor version is obsolete, and because of old bugs, we will soon cut relays running those versions out of the network. Please consider upgrading! You can find Tor packages and instructions for your distro / OS here: https://community.torproject.org/relay/setup/guard/ Ideally, you will switch to keeping up with our stable releases, but if you need a stable version that is especially stable, the Tor 0.4.5 branch will be maintained until Feb 15, 2023: https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/CoreTorReleases#current and you can see the lifetime of other Tor versions on that table too. Let us know if we can do anything to make the process easier. Thanks!
Whiteboard: MGA8TOO => (none)Target Milestone: Mageia 9 => ---Severity: normal => majorPriority: release_blocker => High
To the general piggy bank... tor-0.4.6.7 for Mageia7/8: https://cloud.mail.ru/public/k5kK/yS5CHVU1s
CC: (none) => alex_q_2000
Tank you Alex for that upgrade. Running it now. Extra plus: With this, the problem with nyx I described in Comment 4 do not exist - nyx can be started as regular user.
...but tor log say "14:41:03 [WARN] Permissions on directory /run/tor are too permissive." drwxr-x--- 2 toruser toruser 60 mar 9 14:36 tor/
Created https://wiki.mageia.org/en/The_Onion_Router
@Morgan Leijström Great Wiki. I didn't know about 'nyx' before. It turns out he also draws graphs and outputs the log. Thanks.
Jani seem absent. As update for mga8 is urgent, I reassign to all packagers.
Assignee: jani.valimaa => pkg-bugs
Stig and Nicolas, I see you have packaged this before. Cauldron version seem to be OK, please package the same for mga8. Urgent: this is an anonymisation service and mga8 only have old deprecated version.
Source RPM: tor-0.3.5.17-1.mga9.src.rpm => tor-0.4.5.12-1.mga9.src.rpmCC: (none) => mageia, smelror
Source RPM: tor-0.4.5.12-1.mga9.src.rpm => tor-0.3.5.17-1.mga8.src.rpm
Pushed tor-0.4.5.12-1.mga8 to mga8 core/updates_testing.
Assignee: pkg-bugs => qa-bugsSource RPM: tor-0.3.5.17-1.mga8.src.rpm => tor-0.3.5.16-1.mga8.src.rpmCC: (none) => jani.valimaa
Thank you Jani. Too late for me to test it now as I am on a tor diet waiting for a stupid hypersensitive blocklist to reset...
Got the congratulations msg from https://check.torproject.org/ Ok on Mageia 8 x86_64. Validating the update.
Whiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2022-0038.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED