A new stable version of the net-misc/tor anonymizing software has been released. There have been some pretty major changes since the previous stable. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Version 0.1.0.11 is out: http://tor.eff.org/download.html
Tor 0.1.0.13 fixes a CRITICAL bug in the security of our crypto handshakes. All clients should upgrade IMMEDIATELY. (We mean it. Really. Also, note that with this release we are abandoning support for the old Tor 0.0.9.x tree. You should stop using it.) http://tor.eff.org/download.html o Bugfixes on 0.1.0.x: - Fix a critical bug in the security of our crypto handshakes. - Fix a size_t underflow in smartlist_join_strings2() that made it do bad things when you hand it an empty smartlist. - Fix Windows installer to ship Tor license (thanks to Aphex for pointing out this oversight) and put a link to the doc directory in the start menu. - Explicitly set no-unaligned-access for sparc: it turns out the new gcc's let you compile broken code, but that doesn't make it not-broken.
*** Bug 89787 has been marked as a duplicate of this bug. ***
Created attachment 65174 [details, diff] torrc.sample.patch-0.1.0.13 torrc.sample.patch-0.1.0.13
Created attachment 65175 [details] tor-0.1.0.13.ebuild tor-0.1.0.13.ebuild
Created attachment 65179 [details] corrected tor-0.1.0.13.ebuild ebuild based on latest 0.0.9.10 ebuild added dev-libs/libevent to DEPEND
Comment on attachment 65175 [details] tor-0.1.0.13.ebuild jep - sorry missed that
Works on amd64, however to use the default config I had to modify the init.d script to --chuid tor:tor (previously it did not set the group, and since it starts as non-root it can't change it on its own).
if you use the torcc.sample there is no problem - everything runs as tor:tor have a look in the torrc.sample.patch-0.1.0.13 <snip> +## Default username and group the server will run as +User tor +Group tor </snip>
I did take note of the user and group in torrc, and I am in fact using them. However, as distributed, tor aborts with: [err] switch_id(): Error setting GID: Operation not permitted This is because the init.d script starts tor up with uid tor, but not gid tor. Then, when tor starts it attempts to setgid to tor it fails since it is not running as root (since it was spawned as non-root initially). It looks like the issue is that tor was not in the tor group in /etc/passwd. My guess is that an older ebuild version was the source of this issue. Probably not a show-stopper, although it might not hurt to specify the gid in the init script.
Tor 0.1.0.14 fixes the second half of an important bug in the security of our crypto handshakes. This time for sure. :):) All clients should upgrade. http://tor.eff.org/download.html o Bugfixes on 0.1.0.x: - Fix the other half of the bug with crypto handshakes. - Fix an assert trigger if you send a 'signal term' via the controller when it's listening for 'event info' messages.
Created attachment 65490 [details, diff] torrc.sample.patch-0.1.0.14 Updated patch for 0.1.0.14.
Created attachment 65491 [details] tor-0.1.0.14.ebuild Version bump - revised to fix patch filename.
0.1.0.14 ebuilds work fine on mostly-stable amd64
It works fine for me (~x86) but there is no /etc/init.d/tor, I think it was there before.
Created attachment 65541 [details] /etc/init.d/tor it the old one from 0.0.9.x
Handling security issue on bug #102245. Next time please assign security bugs to security@gentoo.org
Tor 0.1.0.14 is in portage now.
As noted this is already fixed. Thanks for all the help.
