Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
Control: affects -1 + src:onionprobe

Dear release team,

[ Reason ]
On bullseye, this works without a warning:
$ tor --hash-password some-string
16:A871A161E60E3C3960934C88AA783AC6B693DF63CF7897CA5E87219E26

Whereas on bookworm, this throws a warning:
$ tor --hash-password some-string
Sep 28 20:48:10.111 [warn] Tor was compiled with zstd 1.5.2, but is running 
with zstd 1.5.4. For safety, we'll avoid using advanced zstd functionality.
16:E4DFE5BA0F5C257060D3D092B5666351C8A04DEF6C77E27DAE7B6015A8

Due to this, onionprobe fails to initialize Tor.

This was fixed, both upstream and in Debian unstable via 1.1.2+ds-1.

[ Impact ]
Severe, as onionprobe fails to work as expected. There are no
workarounds.

[ Tests ]
Tests were done both manually and on production systems for several
weeks.

[ Risks ]
There should be none.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Pull in upstream fix to silence Tor if generating hashed passwords.

Thanks for your work!

Cheers,
Georg
diff -Nru onionprobe-1.0.0+ds/debian/changelog onionprobe-1.0.0+ds/debian/changelog
--- onionprobe-1.0.0+ds/debian/changelog	2022-07-20 19:16:36.000000000 +0000
+++ onionprobe-1.0.0+ds/debian/changelog	2023-12-18 14:30:56.000000000 +0000
@@ -1,3 +1,11 @@
+onionprobe (1.0.0+ds-2.1+deb12u1) bookworm; urgency=medium
+
+  * debian/patches:
+    - Pull in upstream fix to silence Tor if generating hashed passwords.
+      (Closes: 1053204)
+
+ -- Georg Faerber <ge...@debian.org>  Mon, 18 Dec 2023 14:30:56 +0000
+
 onionprobe (1.0.0+ds-2) unstable; urgency=medium
 
   * Source-only upload to allow migration. 
diff -Nru onionprobe-1.0.0+ds/debian/patches/0001-Fix-make-the-tor-process-quiet-when-generating-hashed-passwords.patch onionprobe-1.0.0+ds/debian/patches/0001-Fix-make-the-tor-process-quiet-when-generating-hashed-passwords.patch
--- onionprobe-1.0.0+ds/debian/patches/0001-Fix-make-the-tor-process-quiet-when-generating-hashed-passwords.patch	1970-01-01 00:00:00.000000000 +0000
+++ onionprobe-1.0.0+ds/debian/patches/0001-Fix-make-the-tor-process-quiet-when-generating-hashed-passwords.patch	2023-12-18 14:30:56.000000000 +0000
@@ -0,0 +1,21 @@
+Description: Fix: make the tor process quiet when generating hashed passwords
+Author: Silvio Rhatto <rha...@torproject.org>
+Origin: upstream
+Applied-Upstream: 6bb2a64fa73e2f678279709f82823f90fd3dc672
+Reviewed-by: Georg Faerber <ge...@debian.org>
+Last-Update: 2023-12-18
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: onionprobe/packages/onionprobe/tor.py
+===================================================================
+--- onionprobe.orig/packages/onionprobe/tor.py	2023-12-18 14:20:02.960327906 +0000
++++ onionprobe/packages/onionprobe/tor.py	2023-12-18 14:21:17.442024820 +0000
+@@ -166,7 +166,7 @@
+         import subprocess
+ 
+         tor    = shutil.which('tor')
+-        result = subprocess.check_output([tor, '--hash-password', password], text=True)
++        result = subprocess.check_output([tor, '--quiet', '--hash-password', password], text=True)
+ 
+         return result
+ 
diff -Nru onionprobe-1.0.0+ds/debian/patches/series onionprobe-1.0.0+ds/debian/patches/series
--- onionprobe-1.0.0+ds/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ onionprobe-1.0.0+ds/debian/patches/series	2023-12-18 14:30:56.000000000 +0000
@@ -0,0 +1 @@
+0001-Fix-make-the-tor-process-quiet-when-generating-hashed-passwords.patch

Reply via email to