FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 06-07-2011, 04:28 PM
Enrico Scholz
 
Default outdated Tor version in Fedora (missing security fixes)

"Christoph A." <casmls@gmail.com> writes:

>> for the other versions: there are simply no users who test the
>> updates. E.g. 0.2.1.29 was pushed to testing at 2011-01-22 and
>> nobody tested it for f13.
>
> According to bodhi you can push it to stable even if it didn't get
> enough karma points.

What would be the sense behind this? I never ran the f13 binary (nor the
f14 one) so it might be that it segfaults immediately after startup.

When bodhi wants to encourage such a workflow, why does it not have a
"push this completely untested package to stable after XX days" option?
Have I to write manually a ~/.procmailrc rule which executes 'bodhi -R
stable' as soon as I get a

> This update has reached 7 days in testing and can be pushed to stable
> now if the maintainer wishes

mail?



Enrico
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-09-2011, 06:19 PM
"Christoph A."
 
Default outdated Tor version in Fedora (missing security fixes)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 06/07/2011 04:06 PM, Fennix wrote:
> Umm, you could just download the source file and compile yourself...

Yes, *I* could, but if Fedora ships a vulnerable package this affects a
lot more people then just me.

Compiling is always a possibility but the last one I would choose.
F14 contains latest stable (0.2.1.30) now and in future I (and hopefully
others) will give some karma to Enricos packages

> I always compile the latest alpha/beta and the current is 0.2.2.27-beta
> which is working perfectly well for me.

Actually it is 0.2.2.28-beta
https://lists.torproject.org/pipermail/tor-talk/2011-June/020596.html

You don't have to compile, you can use unofficial repos if you want Tor
0.2.2.x.
http://deb.torproject.org/torproject.org/rpm/fc14-experimental/
(packages usually take some time after the a new Tor version was released)
I don't use the unofficial packages because I don't know if they fit
with the SELinux policy.

Does your self compiled tor daemon run in tor_t?
-----BEGIN PGP SIGNATURE-----

iEYEAREKAAYFAk3xDpYACgkQrq+riTAIEg1z8QCgr003z4iMy1 wWhw9Nsy2br0Rq
3jgAoL51/5scy+ujPPGGwLRkorp32iaf
=iZvi
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-10-2011, 04:28 PM
Fennix
 
Default outdated Tor version in Fedora (missing security fixes)

On Fri, Jun 10, 2011 at 2:19 AM, Christoph A. <casmls@gmail.com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512



On 06/07/2011 04:06 PM, Fennix wrote:

> Umm, you could just download the source file and compile yourself...



Yes, *I* could, but if Fedora ships a vulnerable package this affects a

lot more people then just me.



Compiling is always a possibility but the last one I would choose.

F14 contains latest stable (0.2.1.30) now and in future I (and hopefully

others) will give some karma to Enricos packages



> I always compile the latest alpha/beta and the current is 0.2.2.27-beta

> which is working perfectly well for me.



Actually it is 0.2.2.28-beta

https://lists.torproject.org/pipermail/tor-talk/2011-June/020596.html



You don't have to compile, you can use unofficial repos if you want Tor

0.2.2.x.

http://deb.torproject.org/torproject.org/rpm/fc14-experimental/

(packages usually take some time after the a new Tor version was released)

I don't use the unofficial packages because I don't know if they fit

with the SELinux policy.



Does your self compiled tor daemon run in tor_t?

As to the SELinux policy questions...I am not sure. I have always compiled and the TOR package has always worked without any SELinux complaints so for this question I have never looked into this.* The reason that I try to run the latest alpha/beta is due to that I am living in China and I need this to allow me to access some websites that for reasons unknown to me are blocked.* I just use TOR for routing...have no concern to hide my usage...


/fennix

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-11-2011, 12:30 AM
"Christoph A."
 
Default outdated Tor version in Fedora (missing security fixes)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 06/10/2011 06:28 PM, Fennix wrote:
> As to the SELinux policy questions...I am not sure. I have always compiled
> and the TOR package has always worked without any SELinux complaints so for
> this question I have never looked into this.

the output of the following command would provide the answer to the
tor_t question:
ps auxZ|grep /tor
(executed on the host running the self compiled Tor)
-----BEGIN PGP SIGNATURE-----

iEYEAREKAAYFAk3yt0MACgkQrq+riTAIEg0kHgCff5nikRgyKz 9cTEydUODgJhpw
9jEAnA0FhTEzFE5bFhJozWVR+1ChAgOs
=v1wr
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-11-2011, 03:38 AM
Fennix
 
Default outdated Tor version in Fedora (missing security fixes)

On Sat, Jun 11, 2011 at 8:30 AM, Christoph A. <casmls@gmail.com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512



On 06/10/2011 06:28 PM, Fennix wrote:

> As to the SELinux policy questions...I am not sure. I have always compiled

> and the TOR package has always worked without any SELinux complaints so for

> this question I have never looked into this.



the output of the following command would provide the answer to the

tor_t question:

ps auxZ|grep /tor

(executed on the host running the self compiled Tor)

The result I get is as follows:

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 14189 0.0* 0.0 4432 760 pts/1 S+ 11:36** 0:00 grep --color=auto /torH


/fennix

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-13-2011, 12:28 PM
Daniel J Walsh
 
Default outdated Tor version in Fedora (missing security fixes)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/10/2011 11:38 PM, Fennix wrote:
> On Sat, Jun 11, 2011 at 8:30 AM, Christoph A. <casmls@gmail.com
> <mailto:casmls@gmail.com>> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 06/10/2011 06:28 PM, Fennix wrote:
> > As to the SELinux policy questions...I am not sure. I have always
> compiled
> > and the TOR package has always worked without any SELinux
> complaints so for
> > this question I have never looked into this.
>
> the output of the following command would provide the answer to the
> tor_t question:
> ps auxZ|grep /tor
> (executed on the host running the self compiled Tor)
>
>
> The result I get is as follows:
>
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 14189 0.0
> 0.0 4432 760 pts/1 S+ 11:36 0:00 grep --color=auto /torH
>
> /fennix
>
Has the tor executable location changed or is the label missing.

# restorecon -v PATHTO-TOR

Should change the label to tor_exec_t for either

/usr/bin/tor
/usr/sbin/tor

If you are using a different path, you can change the label using

# chcon -t tor_exec_t PATHTO-TOR

Or make the change permanently with

# semanage fcontext -a -t tor_exec_t PATHTO-TOR
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk32AosACgkQrlYvE4MpobM88wCfUSk5K4UPwK tM0LQ7bDn0rtET
uSUAnRtgoWssqqTf+eTfyP/rHr/DVY85
=jxRo
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 01:02 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org