Re: outdated Tor version in Fedora (missing security fixes)

2011-06-13 Thread Daniel J Walsh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 06/10/2011 11:38 PM, Fennix wrote:
> On Sat, Jun 11, 2011 at 8:30 AM, Christoph A.  > wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 06/10/2011 06:28 PM, Fennix wrote:
> > As to the SELinux policy questions...I am not sure. I have always
> compiled
> > and the TOR package has always worked without any SELinux
> complaints so for
> > this question I have never looked into this.
> 
> the output of the following command would provide the answer to the
> tor_t question:
> ps auxZ|grep /tor
> (executed on the host running the self compiled Tor)
> 
> 
> The result I get is as follows:
> 
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 14189 0.0 
> 0.0 4432 760 pts/1 S+ 11:36   0:00 grep --color=auto /torH
> 
> /fennix
> 
Has the tor executable location changed or is the label missing.

# restorecon -v PATHTO-TOR

Should change the label to tor_exec_t for either

/usr/bin/tor
/usr/sbin/tor

If you are using a different path, you can change the label using

# chcon -t tor_exec_t PATHTO-TOR

Or make the change permanently with

# semanage fcontext -a -t tor_exec_t PATHTO-TOR
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk32AosACgkQrlYvE4MpobM88wCfUSk5K4UPwKtM0LQ7bDn0rtET
uSUAnRtgoWssqqTf+eTfyP/rHr/DVY85
=jxRo
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: outdated Tor version in Fedora (missing security fixes)

2011-06-10 Thread Fennix 
On Sat, Jun 11, 2011 at 8:30 AM, Christoph A.  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 06/10/2011 06:28 PM, Fennix wrote:
> > As to the SELinux policy questions...I am not sure. I have always
> compiled
> > and the TOR package has always worked without any SELinux complaints so
> for
> > this question I have never looked into this.
>
> the output of the following command would provide the answer to the
> tor_t question:
> ps auxZ|grep /tor
> (executed on the host running the self compiled Tor)
>

The result I get is as follows:

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 14189 0.0  0.0
4432 760 pts/1 S+ 11:36   0:00 grep --color=auto /torH

/fennix
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: outdated Tor version in Fedora (missing security fixes)

2011-06-10 Thread Christoph A. 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 06/10/2011 06:28 PM, Fennix wrote:
> As to the SELinux policy questions...I am not sure. I have always compiled
> and the TOR package has always worked without any SELinux complaints so for
> this question I have never looked into this.

the output of the following command would provide the answer to the
tor_t question:
ps auxZ|grep /tor
(executed on the host running the self compiled Tor)
-BEGIN PGP SIGNATURE-

iEYEAREKAAYFAk3yt0MACgkQrq+riTAIEg0kHgCff5nikRgyKz9cTEydUODgJhpw
9jEAnA0FhTEzFE5bFhJozWVR+1ChAgOs
=v1wr
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: outdated Tor version in Fedora (missing security fixes)

2011-06-10 Thread Fennix 
On Fri, Jun 10, 2011 at 2:19 AM, Christoph A.  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 06/07/2011 04:06 PM, Fennix wrote:
> > Umm, you could just download the source file and compile yourself...
>
> Yes, *I* could, but if Fedora ships a vulnerable package this affects a
> lot more people then just me.
>
> Compiling is always a possibility but the last one I would choose.
> F14 contains latest stable (0.2.1.30) now and in future I (and hopefully
> others) will give some karma to Enricos packages :)
>
> > I always compile the latest alpha/beta and the current is 0.2.2.27-beta
> > which is working perfectly well for me.
>
> Actually it is 0.2.2.28-beta
> https://lists.torproject.org/pipermail/tor-talk/2011-June/020596.html
>
> You don't have to compile, you can use unofficial repos if you want Tor
> 0.2.2.x.
> http://deb.torproject.org/torproject.org/rpm/fc14-experimental/
> (packages usually take some time after the a new Tor version was released)
> I don't use the unofficial packages because I don't know if they fit
> with the SELinux policy.
>
> Does your self compiled tor daemon run in tor_t?
>

As to the SELinux policy questions...I am not sure. I have always compiled
and the TOR package has always worked without any SELinux complaints so for
this question I have never looked into this.  The reason that I try to run
the latest alpha/beta is due to that I am living in China and I need this to
allow me to access some websites that for reasons unknown to me are
blocked.  I just use TOR for routing...have no concern to hide my usage...

/fennix
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: outdated Tor version in Fedora (missing security fixes)

2011-06-09 Thread Christoph A. 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 06/07/2011 04:06 PM, Fennix wrote:
> Umm, you could just download the source file and compile yourself...

Yes, *I* could, but if Fedora ships a vulnerable package this affects a
lot more people then just me.

Compiling is always a possibility but the last one I would choose.
F14 contains latest stable (0.2.1.30) now and in future I (and hopefully
others) will give some karma to Enricos packages :)

> I always compile the latest alpha/beta and the current is 0.2.2.27-beta
> which is working perfectly well for me.

Actually it is 0.2.2.28-beta
https://lists.torproject.org/pipermail/tor-talk/2011-June/020596.html

You don't have to compile, you can use unofficial repos if you want Tor
0.2.2.x.
http://deb.torproject.org/torproject.org/rpm/fc14-experimental/
(packages usually take some time after the a new Tor version was released)
I don't use the unofficial packages because I don't know if they fit
with the SELinux policy.

Does your self compiled tor daemon run in tor_t?
-BEGIN PGP SIGNATURE-

iEYEAREKAAYFAk3xDpYACgkQrq+riTAIEg1z8QCgr003z4iMy1wWhw9Nsy2br0Rq
3jgAoL51/5scy+ujPPGGwLRkorp32iaf
=iZvi
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: outdated Tor version in Fedora (missing security fixes)

2011-06-07 Thread Enrico Scholz 
"Christoph A."  writes:

>> for the other versions: there are simply no users who test the
>> updates.  E.g. 0.2.1.29 was pushed to testing at 2011-01-22 and
>> nobody tested it for f13.
>
> According to bodhi you can push it to stable even if it didn't get
> enough karma points.

What would be the sense behind this? I never ran the f13 binary (nor the
f14 one) so it might be that it segfaults immediately after startup.

When bodhi wants to encourage such a workflow, why does it not have a
"push this completely untested package to stable after XX days" option?
Have I to write manually a ~/.procmailrc rule which executes 'bodhi -R
stable' as soon as I get a

> This update has reached 7 days in testing and can be pushed to stable
> now if the maintainer wishes

mail?



Enrico
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: outdated Tor version in Fedora (missing security fixes)

2011-06-07 Thread Fennix 
On Tue, Jun 7, 2011 at 9:47 PM, Christoph A.  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 06/07/2011 02:43 PM, Christoph A. wrote:
> > On 06/07/2011 06:53 AM, Rahul Sundaram wrote:
> >> I don't.   Till the point it is EOL'ed,  security updates are the only
> >> sort of the updates I would still want to definitely see pushed.
> >
> > You are right.
> >
> > http://koji.fedoraproject.org/koji/buildinfo?buildID=234271
>
>
> Vincent Danen 2011-05-30 12:45:16 EDT
> "No need to fix this in F13 at this point."
>
>
> https://bugzilla.redhat.com/show_bug.cgi?id=705193
> -BEGIN PGP SIGNATURE-
>


Umm, you could just download the source file and compile yourself...

https://www.torproject.org/download/download.html.en

I always compile the latest alpha/beta and the current is 0.2.2.27-beta
which is working perfectly well for me.

/fennix

PS:  If you do want to try to do this then I can send you the steps how to
compile this for yourselfIt is not difficult.
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: outdated Tor version in Fedora (missing security fixes)

2011-06-07 Thread Christoph A. 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 06/07/2011 02:43 PM, Christoph A. wrote:
> On 06/07/2011 06:53 AM, Rahul Sundaram wrote:
>> I don't.   Till the point it is EOL'ed,  security updates are the only
>> sort of the updates I would still want to definitely see pushed.
> 
> You are right.
> 
> http://koji.fedoraproject.org/koji/buildinfo?buildID=234271


Vincent Danen 2011-05-30 12:45:16 EDT
"No need to fix this in F13 at this point."


https://bugzilla.redhat.com/show_bug.cgi?id=705193
-BEGIN PGP SIGNATURE-

iEYEAREKAAYFAk3uLA4ACgkQrq+riTAIEg0m4QCdEzRPRSPNS62RSO3FnHFIW7Rz
TfIAniqN09xNaIuLhEHH9Xb/UyIB8sNW
=QIrt
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: outdated Tor version in Fedora (missing security fixes)

2011-06-07 Thread Christoph A. 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 06/07/2011 06:53 AM, Rahul Sundaram wrote:
> I don't.   Till the point it is EOL'ed,  security updates are the only
> sort of the updates I would still want to definitely see pushed.

You are right.

http://koji.fedoraproject.org/koji/buildinfo?buildID=234271


-BEGIN PGP SIGNATURE-

iEYEAREKAAYFAk3uHQUACgkQrq+riTAIEg3UUQCfTiDqcHdgZjPOwnuMlUv8xdmf
xRUAnjOMH22HKPqMWh/RwWp7eskoNW0A
=+iBb
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: outdated Tor version in Fedora (missing security fixes)

2011-06-07 Thread Christoph A. 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 06/04/2011 11:20 AM, Enrico Scholz wrote:
> for the other versions: there are simply no users who test the updates.
> E.g. 0.2.1.29 was pushed to testing at 2011-01-22 and nobody tested it
> for f13.

According to bodhi you can push it to stable even if it didn't get
enough karma points.

F13:

bodhi - 2011-01-29 03:52:41
This update has reached 7 days in testing and can be pushed to stable
now if the maintainer wishes

https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13?_csrf_token=3865daac177ba3c8c416208224e40724bdf2fa6a
-BEGIN PGP SIGNATURE-

iEYEAREKAAYFAk3uHP0ACgkQrq+riTAIEg3R2gCfYkDo03zNwe7QozfeA0OV49SC
jyoAn0bgRsWk/MRWpowQ4HEo2/PR60nO
=wPeq
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: outdated Tor version in Fedora (missing security fixes)

2011-06-06 Thread Rahul Sundaram 
On 06/07/2011 03:06 AM, Christoph A. wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 06/05/2011 01:05 AM, Rahul Sundaram wrote:
>> Link to f13 update?
> I think it is ok if the package for f13 is not updated anymore because
> f13 will reach EOL soon.

I don't.   Till the point it is EOL'ed,  security updates are the only
sort of the updates I would still want to definitely see pushed. 

>
> Status:   pending
> Pushed: False
> seams to take a while...

Yep.  Auto karma already takes care of the push.  Rest is a matter of
time.  Now active

Rahul
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: outdated Tor version in Fedora (missing security fixes)

2011-06-06 Thread Christoph A. 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 06/05/2011 01:05 AM, Rahul Sundaram wrote:
> Link to f13 update?

I think it is ok if the package for f13 is not updated anymore because
f13 will reach EOL soon.

>> > Footnotes: 
>> > [1]  https://admin.fedoraproject.org/updates/tor-0.2.1.30-1400.fc14
> Tested and this is now pushed to stable repo. 


Status: pending
Pushed: False
seams to take a while...
-BEGIN PGP SIGNATURE-

iEYEAREKAAYFAk3tSHgACgkQrq+riTAIEg0Y7QCfWAF7JlC5QVwPZeLCK+LsTcoF
QBgAn2yo8AmDE98+94nzycwN6+qQZ75l
=QdbX
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: outdated Tor version in Fedora (missing security fixes)

2011-06-04 Thread Rahul Sundaram 
On 06/04/2011 02:50 PM, Enrico Scholz wrote:
> for the other versions: there are simply no users who test the updates.
> E.g. 0.2.1.29 was pushed to testing at 2011-01-22 and nobody tested it
> for f13.

Link to f13 update?

> Footnotes: 
> [1]  https://admin.fedoraproject.org/updates/tor-0.2.1.30-1400.fc14

Tested and this is now pushed to stable repo. 

Rahul

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: outdated Tor version in Fedora (missing security fixes)

2011-06-04 Thread Christoph A. 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 06/04/2011 11:20 AM, Enrico Scholz wrote:
> "Christoph A."  writes:
> 
>> I suppose you are the maintainer of the tor package in Fedora.
>> I'm wondering why Fedora (13,14,15) currently doesn't contain the latest
>> stable Tor version 0.2.1.30
> 
> f15 contains 0.2.1.30
> 
> for the other versions: there are simply no users who test the updates.
> E.g. 0.2.1.29 was pushed to testing at 2011-01-22 and nobody tested it
> for f13.

Thanks for the clarification.

> I just added an update[1] for fedora 14; it needs one positive karma to
> get pushed to stable.
> [1]  https://admin.fedoraproject.org/updates/tor-0.2.1.30-1400.fc14

Great, I'll test it as soon as I get it via the testing repo.

thanks,
Christoph
-BEGIN PGP SIGNATURE-

iEYEAREKAAYFAk3qGdMACgkQrq+riTAIEg0+OQCcC9srfFkfVMFkgbqjz7rVhHTl
fX0AoIEeIw7aDRN3OvGcxq4CQmgUKeTA
=UccM
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Re: outdated Tor version in Fedora (missing security fixes)

2011-06-04 Thread Enrico Scholz 
"Christoph A."  writes:

> I suppose you are the maintainer of the tor package in Fedora.
> I'm wondering why Fedora (13,14,15) currently doesn't contain the latest
> stable Tor version 0.2.1.30

f15 contains 0.2.1.30

for the other versions: there are simply no users who test the updates.
E.g. 0.2.1.29 was pushed to testing at 2011-01-22 and nobody tested it
for f13.

I just added an update[1] for fedora 14; it needs one positive karma to
get pushed to stable.



Enrico

Footnotes: 
[1]  https://admin.fedoraproject.org/updates/tor-0.2.1.30-1400.fc14

-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

outdated Tor version in Fedora (missing security fixes)

2011-06-03 Thread Christoph A. 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi Enrico,

I suppose you are the maintainer of the tor package in Fedora.
I'm wondering why Fedora (13,14,15) currently doesn't contain the latest
stable Tor version 0.2.1.30 which was released on 2011-02-23 and
contains various security fixes (since 0.2.1.28). [1]

The build was already done months ago:
http://koji.fedoraproject.org/koji/buildinfo?buildID=234269

Fedora currently contains 0.2.1.28 (from 2010-12-17).

Do you know the reason for this?

thanks,
Christoph

[1]
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0427
https://bugzilla.redhat.com/show_bug.cgi?id=705192
-BEGIN PGP SIGNATURE-

iEYEAREKAAYFAk3paeAACgkQrq+riTAIEg2SigCgnsf1wPc3iDLzT7IbNS5l7NLD
xKsAnRou+X2oAWDh5axcDjt6TWjW0m2L
=hxYq
-END PGP SIGNATURE-
-- 
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines