outdated Tor version in Fedora (missing security fixes)
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Enrico,

I suppose you are the maintainer of the tor package in Fedora.
I'm wondering why Fedora (13,14,15) currently doesn't contain the latest
stable Tor version 0.2.1.30 which was released on 2011-02-23 and
contains various security fixes (since 0.2.1.28). [1]

The build was already done months ago:
http://koji.fedoraproject.org/koji/buildinfo?buildID=234269

Fedora currently contains 0.2.1.28 (from 2010-12-17).

Do you know the reason for this?

thanks,
Christoph

[1]
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0427
https://bugzilla.redhat.com/show_bug.cgi?id=705192
-----BEGIN PGP SIGNATURE-----

iEYEAREKAAYFAk3paeAACgkQrq+riTAIEg2SigCgnsf1wPc3iD LzT7IbNS5l7NLD
xKsAnRou+X2oAWDh5axcDjt6TWjW0m2L
=hxYq
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

outdated Tor version in Fedora (missing security fixes)
 

"Christoph A." <casmls@gmail.com> writes:

> I suppose you are the maintainer of the tor package in Fedora.
> I'm wondering why Fedora (13,14,15) currently doesn't contain the latest
> stable Tor version 0.2.1.30

f15 contains 0.2.1.30

for the other versions: there are simply no users who test the updates.
E.g. 0.2.1.29 was pushed to testing at 2011-01-22 and nobody tested it
for f13.

I just added an update[1] for fedora 14; it needs one positive karma to
get pushed to stable.



Enrico

Footnotes:
[1] https://admin.fedoraproject.org/updates/tor-0.2.1.30-1400.fc14

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

outdated Tor version in Fedora (missing security fixes)
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 06/04/2011 11:20 AM, Enrico Scholz wrote:
> "Christoph A." <casmls@gmail.com> writes:
>
>> I suppose you are the maintainer of the tor package in Fedora.
>> I'm wondering why Fedora (13,14,15) currently doesn't contain the latest
>> stable Tor version 0.2.1.30
>
> f15 contains 0.2.1.30
>
> for the other versions: there are simply no users who test the updates.
> E.g. 0.2.1.29 was pushed to testing at 2011-01-22 and nobody tested it
> for f13.

Thanks for the clarification.

> I just added an update[1] for fedora 14; it needs one positive karma to
> get pushed to stable.
> [1] https://admin.fedoraproject.org/updates/tor-0.2.1.30-1400.fc14

Great, I'll test it as soon as I get it via the testing repo.

thanks,
Christoph
-----BEGIN PGP SIGNATURE-----

iEYEAREKAAYFAk3qGdMACgkQrq+riTAIEg0+OQCcC9srfFkfVM Fkgbqjz7rVhHTl
fX0AoIEeIw7aDRN3OvGcxq4CQmgUKeTA
=UccM
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

outdated Tor version in Fedora (missing security fixes)
 

On 06/04/2011 02:50 PM, Enrico Scholz wrote:
> for the other versions: there are simply no users who test the updates.
> E.g. 0.2.1.29 was pushed to testing at 2011-01-22 and nobody tested it
> for f13.

Link to f13 update?

> Footnotes:
> [1] https://admin.fedoraproject.org/updates/tor-0.2.1.30-1400.fc14

Tested and this is now pushed to stable repo.

Rahul

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

outdated Tor version in Fedora (missing security fixes)
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 06/05/2011 01:05 AM, Rahul Sundaram wrote:
> Link to f13 update?

I think it is ok if the package for f13 is not updated anymore because
f13 will reach EOL soon.

>> > Footnotes:
>> > [1] https://admin.fedoraproject.org/updates/tor-0.2.1.30-1400.fc14
> Tested and this is now pushed to stable repo.


Status: pending
Pushed: False
seams to take a while...
-----BEGIN PGP SIGNATURE-----

iEYEAREKAAYFAk3tSHgACgkQrq+riTAIEg0Y7QCfWAF7JlC5QV wPZeLCK+LsTcoF
QBgAn2yo8AmDE98+94nzycwN6+qQZ75l
=QdbX
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

outdated Tor version in Fedora (missing security fixes)
 

On 06/07/2011 03:06 AM, Christoph A. wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 06/05/2011 01:05 AM, Rahul Sundaram wrote:
>> Link to f13 update?
> I think it is ok if the package for f13 is not updated anymore because
> f13 will reach EOL soon.

I don't. Till the point it is EOL'ed, security updates are the only
sort of the updates I would still want to definitely see pushed.

>
> Status: pending
> Pushed: False
> seams to take a while...

Yep. Auto karma already takes care of the push. Rest is a matter of
time. Now active

Rahul
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

outdated Tor version in Fedora (missing security fixes)
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 06/04/2011 11:20 AM, Enrico Scholz wrote:
> for the other versions: there are simply no users who test the updates.
> E.g. 0.2.1.29 was pushed to testing at 2011-01-22 and nobody tested it
> for f13.

According to bodhi you can push it to stable even if it didn't get
enough karma points.

F13:

bodhi - 2011-01-29 03:52:41
This update has reached 7 days in testing and can be pushed to stable
now if the maintainer wishes

https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13?_csrf_token=3865daac177ba3c8c416208224e4 0724bdf2fa6a
-----BEGIN PGP SIGNATURE-----

iEYEAREKAAYFAk3uHP0ACgkQrq+riTAIEg3R2gCfYkDo03zNwe 7QozfeA0OV49SC
jyoAn0bgRsWk/MRWpowQ4HEo2/PR60nO
=wPeq
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

outdated Tor version in Fedora (missing security fixes)
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 06/07/2011 06:53 AM, Rahul Sundaram wrote:
> I don't. Till the point it is EOL'ed, security updates are the only
> sort of the updates I would still want to definitely see pushed.

You are right.

http://koji.fedoraproject.org/koji/buildinfo?buildID=234271


-----BEGIN PGP SIGNATURE-----

iEYEAREKAAYFAk3uHQUACgkQrq+riTAIEg3UUQCfTiDqcHdgZj POwnuMlUv8xdmf
xRUAnjOMH22HKPqMWh/RwWp7eskoNW0A
=+iBb
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

outdated Tor version in Fedora (missing security fixes)
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 06/07/2011 02:43 PM, Christoph A. wrote:
> On 06/07/2011 06:53 AM, Rahul Sundaram wrote:
>> I don't. Till the point it is EOL'ed, security updates are the only
>> sort of the updates I would still want to definitely see pushed.
>
> You are right.
>
> http://koji.fedoraproject.org/koji/buildinfo?buildID=234271


Vincent Danen 2011-05-30 12:45:16 EDT
"No need to fix this in F13 at this point."


https://bugzilla.redhat.com/show_bug.cgi?id=705193
-----BEGIN PGP SIGNATURE-----

iEYEAREKAAYFAk3uLA4ACgkQrq+riTAIEg0m4QCdEzRPRSPNS6 2RSO3FnHFIW7Rz
TfIAniqN09xNaIuLhEHH9Xb/UyIB8sNW
=QIrt
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

outdated Tor version in Fedora (missing security fixes)
 

On Tue, Jun 7, 2011 at 9:47 PM, Christoph A. <casmls@gmail.com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512



On 06/07/2011 02:43 PM, Christoph A. wrote:

> On 06/07/2011 06:53 AM, Rahul Sundaram wrote:

>> I don't. * Till the point it is EOL'ed, *security updates are the only

>> sort of the updates I would still want to definitely see pushed.

>

> You are right.

>

> http://koji.fedoraproject.org/koji/buildinfo?buildID=234271





Vincent Danen 2011-05-30 12:45:16 EDT

"No need to fix this in F13 at this point."





https://bugzilla.redhat.com/show_bug.cgi?id=705193

-----BEGIN PGP SIGNATURE-----


Umm, you could just download the source file and compile yourself...

https://www.torproject.org/download/download.html.en


I always compile the latest alpha/beta and the current is 0.2.2.27-beta which is working perfectly well for me.

/fennix

PS:* If you do want to try to do this then I can send you the steps how to compile this for yourself....It is not difficult.



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines