Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu Control: affects -1 + src:onionprobe
Dear release team, [ Reason ] On bullseye, this works without a warning: $ tor --hash-password some-string 16:A871A161E60E3C3960934C88AA783AC6B693DF63CF7897CA5E87219E26 Whereas on bookworm, this throws a warning: $ tor --hash-password some-string Sep 28 20:48:10.111 [warn] Tor was compiled with zstd 1.5.2, but is running with zstd 1.5.4. For safety, we'll avoid using advanced zstd functionality. 16:E4DFE5BA0F5C257060D3D092B5666351C8A04DEF6C77E27DAE7B6015A8 Due to this, onionprobe fails to initialize Tor. This was fixed, both upstream and in Debian unstable via 1.1.2+ds-1. [ Impact ] Severe, as onionprobe fails to work as expected. There are no workarounds. [ Tests ] Tests were done both manually and on production systems for several weeks. [ Risks ] There should be none. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in stable [x] the issue is verified as fixed in unstable [ Changes ] Pull in upstream fix to silence Tor if generating hashed passwords. Thanks for your work! Cheers, Georg
diff -Nru onionprobe-1.0.0+ds/debian/changelog onionprobe-1.0.0+ds/debian/changelog --- onionprobe-1.0.0+ds/debian/changelog 2022-07-20 19:16:36.000000000 +0000 +++ onionprobe-1.0.0+ds/debian/changelog 2023-12-18 14:30:56.000000000 +0000 @@ -1,3 +1,11 @@ +onionprobe (1.0.0+ds-2.1+deb12u1) bookworm; urgency=medium + + * debian/patches: + - Pull in upstream fix to silence Tor if generating hashed passwords. + (Closes: 1053204) + + -- Georg Faerber <ge...@debian.org> Mon, 18 Dec 2023 14:30:56 +0000 + onionprobe (1.0.0+ds-2) unstable; urgency=medium * Source-only upload to allow migration. diff -Nru onionprobe-1.0.0+ds/debian/patches/0001-Fix-make-the-tor-process-quiet-when-generating-hashed-passwords.patch onionprobe-1.0.0+ds/debian/patches/0001-Fix-make-the-tor-process-quiet-when-generating-hashed-passwords.patch --- onionprobe-1.0.0+ds/debian/patches/0001-Fix-make-the-tor-process-quiet-when-generating-hashed-passwords.patch 1970-01-01 00:00:00.000000000 +0000 +++ onionprobe-1.0.0+ds/debian/patches/0001-Fix-make-the-tor-process-quiet-when-generating-hashed-passwords.patch 2023-12-18 14:30:56.000000000 +0000 @@ -0,0 +1,21 @@ +Description: Fix: make the tor process quiet when generating hashed passwords +Author: Silvio Rhatto <rha...@torproject.org> +Origin: upstream +Applied-Upstream: 6bb2a64fa73e2f678279709f82823f90fd3dc672 +Reviewed-by: Georg Faerber <ge...@debian.org> +Last-Update: 2023-12-18 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: onionprobe/packages/onionprobe/tor.py +=================================================================== +--- onionprobe.orig/packages/onionprobe/tor.py 2023-12-18 14:20:02.960327906 +0000 ++++ onionprobe/packages/onionprobe/tor.py 2023-12-18 14:21:17.442024820 +0000 +@@ -166,7 +166,7 @@ + import subprocess + + tor = shutil.which('tor') +- result = subprocess.check_output([tor, '--hash-password', password], text=True) ++ result = subprocess.check_output([tor, '--quiet', '--hash-password', password], text=True) + + return result + diff -Nru onionprobe-1.0.0+ds/debian/patches/series onionprobe-1.0.0+ds/debian/patches/series --- onionprobe-1.0.0+ds/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ onionprobe-1.0.0+ds/debian/patches/series 2023-12-18 14:30:56.000000000 +0000 @@ -0,0 +1 @@ +0001-Fix-make-the-tor-process-quiet-when-generating-hashed-passwords.patch
