|
|
d388540 |
%global _hardened_build 1
|
|
|
d388540 |
|
|
|
d388540 |
%global toruser toranon
|
|
|
d388540 |
%global torgroup toranon
|
|
|
c5783ad |
%global homedir %{_localstatedir}/lib/tor
|
|
|
c5783ad |
%global logdir %{_localstatedir}/log/tor
|
|
|
c5783ad |
%global rundir /run/tor
|
|
|
d388540 |
|
|
|
486f339 |
%if 0%{?fedora} || 0%{?rhel} >= 8
|
|
|
486f339 |
%bcond_without libsystemd
|
|
|
486f339 |
%else
|
|
|
486f339 |
%bcond_with libsystemd
|
|
|
486f339 |
%endif
|
|
|
486f339 |
|
|
|
258f9f5 |
%ifarch %{ix86} x86_64
|
|
|
258f9f5 |
%bcond_without libseccomp
|
|
|
258f9f5 |
%else
|
|
|
258f9f5 |
%bcond_with libseccomp
|
|
|
258f9f5 |
%endif
|
|
|
258f9f5 |
|
|
|
d388540 |
Name: tor
|
|
|
d647742 |
Version: 0.2.7.6
|
|
|
4146ffb |
Release: 5%{?dist}
|
|
|
d388540 |
Group: System Environment/Daemons
|
|
|
d388540 |
License: BSD
|
|
|
754bd22 |
Summary: Anonymizing overlay network for TCP
|
|
Paul Wouters |
d6a1f8b |
URL: https://www.torproject.org
|
|
|
fa1290e |
|
|
|
c5783ad |
Source0: https://www.torproject.org/dist/tor-%{version}.tar.gz
|
|
|
c5783ad |
Source1: https://www.torproject.org/dist/tor-%{version}.tar.gz.asc
|
|
|
d388540 |
Source2: tor.logrotate
|
|
|
d388540 |
Source3: tor.defaults-torrc
|
|
|
c5783ad |
Source4: tor.tmpfiles.d
|
|
|
4f51bac |
Source10: tor.service
|
|
|
fd51c00 |
Source11: tor@.service
|
|
|
fd51c00 |
Source12: tor-master.service
|
|
|
fd51c00 |
Source20: README
|
|
|
d243e33 |
|
|
|
609d9b1 |
Patch0: tor-0.2.7.6-torrc-ControlSocket-and-CookieAuthFile.patch
|
|
|
609d9b1 |
|
|
|
70bf2c2 |
# These patches have been sent upstream and accepted:
|
|
|
3b9a7ce |
# https://trac.torproject.org/projects/tor/ticket/17562
|
|
|
609d9b1 |
Patch1: 0001-Permit-filesystem-group-to-be-root.patch
|
|
|
609d9b1 |
Patch2: 0002-Introduce-DataDirectoryGroupReadable-boolean.patch
|
|
|
609d9b1 |
Patch3: 0003-Defer-creation-of-Unix-socket-until-after-setuid.patch
|
|
|
609d9b1 |
Patch4: 0004-Simplify-cpd_opts-usage.patch
|
|
|
609d9b1 |
Patch5: 0005-Fix-wide-line-log-why-chmod-failed.patch
|
|
|
9043f9d |
|
|
|
fa1290e |
BuildRequires: asciidoc
|
|
|
fa1290e |
BuildRequires: libevent-devel
|
|
|
fa1290e |
BuildRequires: openssl-devel
|
|
Enrico Scholz |
dcca5c1 |
|
|
|
258f9f5 |
%if 0%{with libseccomp}
|
|
|
258f9f5 |
# Only available on certain architectures.
|
|
|
258f9f5 |
BuildRequires: libseccomp-devel
|
|
|
258f9f5 |
%endif
|
|
|
258f9f5 |
|
|
|
486f339 |
%if 0%{with libsystemd}
|
|
|
486f339 |
# Requires systemd >= 209. RHEL 7 has systemd 208.
|
|
|
486f339 |
BuildRequires: systemd-devel
|
|
|
486f339 |
%endif
|
|
|
486f339 |
|
|
|
5be7d86 |
# /usr/bin/torify is now just a wrapper for torsocks and is only there for
|
|
|
5be7d86 |
# backwards compatibility.
|
|
|
d388540 |
Requires: torsocks
|
|
|
d388540 |
Requires(pre): shadow-utils
|
|
|
d388540 |
Requires(post): systemd
|
|
|
d388540 |
Requires(preun): systemd
|
|
|
392b8f2 |
Requires(postun): systemd
|
|
|
d243e33 |
|
|
|
d243e33 |
|
|
|
d243e33 |
%description
|
|
|
754bd22 |
The Tor network is a group of volunteer-operated servers that allows people to
|
|
|
754bd22 |
improve their privacy and security on the Internet. Tor's users employ this
|
|
|
754bd22 |
network by connecting through a series of virtual tunnels rather than making a
|
|
|
754bd22 |
direct connection, thus allowing both organizations and individuals to share
|
|
|
754bd22 |
information over public networks without compromising their privacy. Along the
|
|
|
754bd22 |
same line, Tor is an effective censorship circumvention tool, allowing its
|
|
|
754bd22 |
users to reach otherwise blocked destinations or content. Tor can also be used
|
|
|
754bd22 |
as a building block for software developers to create new communication tools
|
|
|
754bd22 |
with built-in privacy features.
|
|
|
d243e33 |
|
|
|
754bd22 |
This package contains the Tor software that can act as either a server on the
|
|
|
754bd22 |
Tor network, or as a client to connect to the Tor network.
|
|
|
d243e33 |
|
|
|
d243e33 |
|
|
|
d243e33 |
%prep
|
|
|
d243e33 |
%setup -q
|
|
|
9043f9d |
%patch0 -p1
|
|
|
3addba3 |
%patch1 -p1
|
|
|
3addba3 |
%patch2 -p1
|
|
|
609d9b1 |
%patch3 -p1
|
|
|
609d9b1 |
%patch4 -p1
|
|
|
609d9b1 |
%patch5 -p1
|
|
|
d243e33 |
|
|
|
d243e33 |
|
|
|
d243e33 |
%build
|
|
|
11ff229 |
%configure --with-tor-user=%{toruser} --with-tor-group=%{torgroup}
|
|
|
d243e33 |
make %{?_smp_mflags}
|
|
|
d243e33 |
|
|
|
d243e33 |
|
|
|
d243e33 |
%install
|
|
|
c5783ad |
make install DESTDIR=%{buildroot}
|
|
|
c5783ad |
mv %{buildroot}%{_sysconfdir}/tor/torrc.sample \
|
|
|
c5783ad |
%{buildroot}%{_sysconfdir}/tor/torrc
|
|
|
f9ee9f1 |
|
|
|
c5783ad |
install -D -p -m 0644 %{SOURCE20} %{buildroot}%{_sysconfdir}/tor/README
|
|
|
d243e33 |
|
|
|
c5783ad |
mkdir -p %{buildroot}%{logdir}
|
|
|
c5783ad |
mkdir -p %{buildroot}%{homedir}
|
|
|
ef2689e |
mkdir -p %{buildroot}%{rundir}
|
|
|
d243e33 |
|
|
|
c5783ad |
install -D -p -m 0644 %{SOURCE10} %{buildroot}%_unitdir/tor.service
|
|
|
c5783ad |
install -D -p -m 0644 %{SOURCE11} %{buildroot}%_unitdir/tor@.service
|
|
|
c5783ad |
install -D -p -m 0644 %{SOURCE12} %{buildroot}%_unitdir/tor-master.service
|
|
|
c5783ad |
install -D -p -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/tor
|
|
|
c5783ad |
install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_datadir}/tor/defaults-torrc
|
|
|
c5783ad |
install -D -p -m 0644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/tor.conf
|
|
|
c5783ad |
|
|
|
486f339 |
%if 0%{without libsystemd}
|
|
|
486f339 |
# Some features are not available for systemd 208 on RHEL 7.
|
|
|
c5783ad |
sed -i %{buildroot}%_unitdir/tor.service \
|
|
|
c5783ad |
-i %{buildroot}%_unitdir/tor@.service \
|
|
|
486f339 |
-e 's/^Type=.*/Type=simple/g' \
|
|
|
486f339 |
-e '/^NotifyAccess=.*/d' \
|
|
|
486f339 |
-e '/^WatchdogSec=.*/d' \
|
|
|
c53f093 |
-e 's#^ProtectHome=.*#InaccessibleDirectories=/home\nInaccessibleDirectories=/root\nInaccessibleDirectories=/run/user#g' \
|
|
|
c53f093 |
-e 's#^ProtectSystem=.*#ReadOnlyDirectories=/boot\nReadOnlyDirectories=/etc\nReadOnlyDirectories=/usr#g'
|
|
|
486f339 |
%endif
|
|
|
486f339 |
|
|
|
11ff229 |
# Install docs manually.
|
|
|
11ff229 |
rm -rf %{buildroot}%{_datadir}/doc
|
|
|
d243e33 |
|
|
|
d243e33 |
|
|
|
9f7f859 |
%pre
|
|
|
fa1290e |
getent group %{torgroup} >/dev/null || groupadd -r %{torgroup}
|
|
|
fa1290e |
getent passwd %{toruser} >/dev/null || \
|
|
|
fa1290e |
useradd -r -s /sbin/nologin -d %{homedir} -M \
|
|
|
11ff229 |
-c 'Tor anonymizing user' -g %{torgroup} %{toruser}
|
|
|
2b7b900 |
exit 0
|
|
|
d243e33 |
|
|
|
60828eb |
%post
|
|
|
c5783ad |
%systemd_post tor.service
|
|
|
60828eb |
|
|
|
60828eb |
%preun
|
|
|
c5783ad |
%systemd_preun tor.service
|
|
|
c5783ad |
%systemd_preun tor-master.service
|
|
|
60828eb |
|
|
|
60828eb |
%postun
|
|
|
ca855c7 |
systemctl daemon-reload >/dev/null 2>&1 || :
|
|
|
ca855c7 |
if [ $1 -ge 1 ]; then
|
|
|
ca855c7 |
# Use restart instead of try-restart, as tor-master may be "inactive" even
|
|
|
7c8827d |
# when there are tor.service and tor@.service instances running.
|
|
|
c5783ad |
systemctl restart tor-master.service >/dev/null 2>&1 || :
|
|
|
ca855c7 |
fi
|
|
|
ca4ac65 |
|
|
|
ca4ac65 |
|
|
|
d243e33 |
%files
|
|
|
5be7d86 |
%doc LICENSE README ChangeLog ReleaseNotes doc/HACKING doc/*.html
|
|
|
fa1290e |
%{_bindir}/tor
|
|
|
fa1290e |
%{_bindir}/tor-gencert
|
|
|
fa1290e |
%{_bindir}/tor-resolve
|
|
|
fa1290e |
%{_bindir}/torify
|
|
|
fa1290e |
%{_mandir}/man1/tor.1*
|
|
|
fa1290e |
%{_mandir}/man1/tor-gencert.1*
|
|
|
fa1290e |
%{_mandir}/man1/tor-resolve.1*
|
|
|
fa1290e |
%{_mandir}/man1/torify.1*
|
|
|
b19b5d4 |
%dir %{_datadir}/tor
|
|
|
fa1290e |
%{_datadir}/tor/defaults-torrc
|
|
|
fa1290e |
%{_datadir}/tor/geoip
|
|
|
479b0ae |
%{_datadir}/tor/geoip6
|
|
|
c5783ad |
%{_tmpfilesdir}/tor.conf
|
|
|
c5783ad |
%{_unitdir}/tor.service
|
|
|
c5783ad |
%{_unitdir}/tor@.service
|
|
|
c5783ad |
%{_unitdir}/tor-master.service
|
|
|
fa1290e |
|
|
|
fa1290e |
%dir %{_sysconfdir}/tor
|
|
|
fd51c00 |
%{_sysconfdir}/tor/README
|
|
|
fa1290e |
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/tor/torrc
|
|
|
fa1290e |
%config(noreplace) %{_sysconfdir}/logrotate.d/tor
|
|
|
fa1290e |
|
|
|
9043f9d |
%attr(0750,%{toruser},root) %dir %{homedir}
|
|
|
9043f9d |
%attr(0750,%{toruser},%{torgroup}) %dir %{logdir}
|
|
|
4146ffb |
%attr(0750,%{toruser},%{torgroup}) %dir %{rundir}
|
|
Enrico Scholz |
dcca5c1 |
|
|
|
d243e33 |
|
|
|
d243e33 |
%changelog
|
|
|
4146ffb |
* Thu Jan 07 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.6-5
|
|
|
4146ffb |
- make ControlSocket writable by toranon group (#1296226)
|
|
|
4146ffb |
|
|
|
03f9ea8 |
* Wed Dec 16 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.6-4
|
|
|
03f9ea8 |
- fix tmpfiles.d
|
|
|
03f9ea8 |
|
|
|
609d9b1 |
* Fri Dec 11 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.6-3
|
|
|
609d9b1 |
- place ControlSocket and CookieAuthFile at top of torrc for visibility
|
|
|
609d9b1 |
|
|
|
70bf2c2 |
* Fri Dec 11 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.6-2
|
|
|
70bf2c2 |
- some minor patch fixes
|
|
|
70bf2c2 |
|
|
|
d647742 |
* Fri Dec 11 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.6-1
|
|
|
d647742 |
- update to upstream release 0.2.7.6
|
|
|
d647742 |
- use version of patches that have been accepted upstream
|
|
|
f9ee9f1 |
- add ControlSocket and CookieAuthFile to /etc/tor/torrc
|
|
|
d647742 |
|
|
|
ed4953a |
* Thu Dec 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.5-6
|
|
|
ed4953a |
- use ReadOnlyDirectories=/var instead of ReadOnlyDirectories=/ (#1290444)
|
|
|
ed4953a |
and other service file improvements
|
|
|
ed4953a |
|
|
|
1114b92 |
* Sun Dec 06 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.5-5
|
|
|
1114b92 |
- improve systemd scriptlets
|
|
|
1114b92 |
|
|
|
52626b9 |
* Sun Dec 06 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.5-4
|
|
|
52626b9 |
- add PermissionsStartOnly=yes and RestartSec=1 to service file
|
|
|
52626b9 |
|
|
|
c98fdc6 |
* Mon Nov 30 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.5-3
|
|
|
c98fdc6 |
- amend README
|
|
|
c98fdc6 |
|
|
|
754bd22 |
* Mon Nov 30 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.5-2
|
|
|
754bd22 |
- improve summary and description
|
|
|
fd51c00 |
- use tor-master.service to restart/reload all instances (#1286359)
|
|
|
fd51c00 |
- add /etc/tor/README
|
|
|
754bd22 |
|
|
|
4a96400 |
* Sun Nov 29 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.5-1
|
|
|
4a96400 |
- update to upstream release 0.2.7.5
|
|
|
4a96400 |
|
|
|
3b9a7ce |
* Mon Nov 09 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.10-6
|
|
|
3b9a7ce |
- amend patch so that the default of 0700 doesn't change (but instead allow
|
|
|
3b9a7ce |
either 0700 or 0750)
|
|
|
3b9a7ce |
|
|
|
9043f9d |
* Sun Nov 08 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.10-5
|
|
|
9043f9d |
- allow group read of DataDirectory and change owner to root (#1279222),
|
|
|
9043f9d |
as otherwise CapabilityBoundingSet requires CAP_READ_SEARCH and SELinux
|
|
|
9043f9d |
tor_t requires dac_read_search
|
|
|
9043f9d |
|
|
|
c25e259 |
* Sat Oct 03 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.10-4
|
|
|
c25e259 |
- remove NoNewPrivileges as it prevents SELinux transition
|
|
|
c25e259 |
- revert to DeviceAllow instead of PrivateDevices due to SELinux denials
|
|
|
c25e259 |
|
|
|
e36d88a |
* Tue Sep 29 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.10-3
|
|
|
e36d88a |
- only build with libseccomp support on ix86, x86_64
|
|
|
e36d88a |
|
|
|
0058464 |
* Tue Sep 29 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.10-2
|
|
|
0058464 |
- improve systemd integration
|
|
|
0058464 |
- add BR: libseccomp-devel
|
|
|
0058464 |
|
|
|
cf25f5c |
* Mon Jul 13 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.10-1
|
|
|
cf25f5c |
- update to upstream release 0.2.6.10
|
|
|
cf25f5c |
|
|
|
e603774 |
* Sun Jul 12 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.9-5
|
|
|
e603774 |
- also fix ExecStartPre in tor@.service
|
|
|
e603774 |
|
|
|
3f1a477 |
* Sun Jul 12 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.9-4
|
|
|
3f1a477 |
- rebuild
|
|
|
3f1a477 |
|
|
|
7d67e0c |
* Sun Jul 12 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.9-3
|
|
|
7d67e0c |
- add missing arguments to config checks executed in ExecStartPre
|
|
|
7d67e0c |
|
|
|
b059728 |
* Fri Jul 03 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.9-2
|
|
|
b059728 |
- remove leading '-' from ReadWriteDirectories
|
|
|
b059728 |
|
|
|
a8815cf |
* Fri Jun 12 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.9-1
|
|
|
a8815cf |
- update to upstream release 0.2.6.9
|
|
|
a8815cf |
|
|
|
4f51bac |
* Thu May 21 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.8-1
|
|
|
4f51bac |
- update to upstream release 0.2.6.8
|
|
|
4f51bac |
- improve/harden systemd service file
|
|
|
4f51bac |
- add multi-instance systemd service file (#1210837)
|
|
|
4f51bac |
|
|
|
886b68c |
* Tue Apr 07 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.5.12-1
|
|
|
886b68c |
- update to upstream release 0.2.5.12
|
|
|
886b68c |
|
|
|
79f88da |
* Mon Mar 23 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.5.11-1
|
|
|
79f88da |
- update to upstream release 0.2.5.11
|
|
|
79f88da |
|
|
|
4cdd3c1 |
* Mon Oct 27 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.5.10-1
|
|
|
4cdd3c1 |
- update to upstream release 0.2.5.10
|
|
|
4cdd3c1 |
|
|
|
a21b4c1 |
* Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.4.25-1
|
|
|
a21b4c1 |
- update to upstream release 0.2.4.25
|
|
|
a21b4c1 |
|
|
|
cf63d6d |
* Tue Sep 23 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.4.24-1
|
|
|
cf63d6d |
- update to upstream release 0.2.4.24
|
|
|
cf63d6d |
|
|
|
e0623cf |
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.4.23-2
|
|
|
e0623cf |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
e0623cf |
|
|
|
a8462a3 |
* Thu Jul 31 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.4.23-1
|
|
|
a8462a3 |
- update to upstream release 0.2.4.23
|
|
|
a8462a3 |
- CVE-2014-5117: potential for traffic-confirmation attacks
|
|
|
a8462a3 |
|
|
|
8d35cf0 |
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.4.22-2
|
|
|
8d35cf0 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
8d35cf0 |
|
|
|
9b7c155 |
* Mon May 19 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.4.22-1
|
|
|
9b7c155 |
- update to upstream release 0.2.4.22
|
|
|
9b7c155 |
|
|
|
682321b |
* Wed Mar 26 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.4.21-2
|
|
|
682321b |
- remove `--quiet` from default systemd service file
|
|
|
682321b |
|
|
|
479b0ae |
* Tue Mar 25 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.4.21-1
|
|
|
479b0ae |
- update to upstream release 0.2.4.21
|
|
|
479b0ae |
- remove crazy Release numbering
|
|
|
479b0ae |
- remove Obsoletes/Provides that were introduced in F19
|
|
|
479b0ae |
- remove tor-tsocks.conf which has been removed completely upstream
|
|
|
479b0ae |
- include new file: _datadir/tor/geoip6
|
|
|
479b0ae |
|
|
|
11ff229 |
* Sun Aug 04 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.3.25-1931
|
|
|
11ff229 |
- add fix for new unversioned docdir
|
|
|
11ff229 |
|
|
|
dbcbb57 |
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.3.25-1930
|
|
|
dbcbb57 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
|
dbcbb57 |
|
|
|
ee87220 |
* Sat Mar 02 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1929
|
|
|
ee87220 |
- add "Log notice syslog" back to tor.defaults-torrc as recommended by
|
|
|
ee87220 |
upstream: https://bugzilla.redhat.com/show_bug.cgi?id=532373#c19
|
|
|
5be7d86 |
- remove unused files in git (verinfo and lastver)
|
|
|
5be7d86 |
- change URL to HTTPS
|
|
|
d69d000 |
- disallow group read for /var/log/tor
|
|
|
5be7d86 |
- remove TODO as it doesn't contain any useful information
|
|
|
ee87220 |
|
|
|
595ad7a |
* Fri Mar 01 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1928
|
|
|
595ad7a |
- increase LimitNOFILE in tor.service from 4096 to 32768, as advised by
|
|
|
595ad7a |
upstream: https://trac.torproject.org/projects/tor/ticket/8368#comment:4
|
|
|
595ad7a |
|
|
|
b19b5d4 |
* Thu Feb 28 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1927
|
|
|
b19b5d4 |
- package should own the %%{_datadir}/tor directory
|
|
|
b19b5d4 |
|
|
|
9acd099 |
* Thu Feb 28 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1926
|
|
|
9acd099 |
- remove unnecessary custom LDFLAGS
|
|
|
9acd099 |
|
|
|
707ad72 |
* Thu Feb 28 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1925
|
|
|
707ad72 |
- remove Obsoletes/Provides for tor-doc, which was introduced in Fedora 16
|
|
|
707ad72 |
- add some useful comments about the Obsoletes/Provides/Requires
|
|
|
707ad72 |
- add comments about tor.logrotate, tor.defaults-torrc and tor.systemd.service
|
|
|
707ad72 |
|
|
|
fa1290e |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1924
|
|
|
fa1290e |
- whitespace changes and reorganization in the interests of readability
|
|
|
fa1290e |
and clarity
|
|
|
fa1290e |
|
|
|
d388540 |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1923
|
|
|
d388540 |
- mix of tabs and spaces, so remove all tabs
|
|
|
d388540 |
|
|
|
1685603 |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1922
|
|
|
1685603 |
- the /var/run/tor directory is not needed so remove it, which also fixes
|
|
|
1685603 |
bug #656707
|
|
|
1685603 |
- use %%_localstatedir instead of %%_var
|
|
|
1685603 |
|
|
|
4b0c77f |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1921
|
|
|
4b0c77f |
- take a more cautious approach in the %%files section and specify filenames
|
|
|
4b0c77f |
more explicitly rather than using wildcards, which also makes it easier to
|
|
|
4b0c77f |
see the contents of the package
|
|
|
4b0c77f |
|
|
|
14014d7 |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1920
|
|
|
14014d7 |
- remove all modifications to the default tor configuration file so that we
|
|
|
14014d7 |
can stick more closely to upstream defaults
|
|
|
14014d7 |
- add /usr/share/tor/defaults-torrc file, which only contains two options:
|
|
|
14014d7 |
DataDirectory /var/lib/tor
|
|
|
14014d7 |
User toranon
|
|
|
14014d7 |
- when starting the tor service, use the following options as recommended by
|
|
|
14014d7 |
upstream: --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc
|
|
|
14014d7 |
|
|
|
98a6cd2 |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1919
|
|
|
98a6cd2 |
- split username global variable into separate toruser and torgroup global
|
|
|
98a6cd2 |
variables to improve spec flexibility and ease of comprehension, as well
|
|
|
98a6cd2 |
as matching how upstream have written their spec
|
|
|
98a6cd2 |
- use --with-tor-user=%%toruser and --with-tor-group=%%torgroup options when
|
|
|
98a6cd2 |
running %%configure, as recommended by upstream
|
|
|
98a6cd2 |
|
|
|
12f4bc9 |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1918
|
|
|
12f4bc9 |
- after moving the tor-systemd and torify subpackages back into the main tor
|
|
|
12f4bc9 |
package, the %%with_noarch macro and the associated conditionals are no
|
|
|
12f4bc9 |
longer used so remove them
|
|
|
12f4bc9 |
|
|
|
18b6385 |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1917
|
|
|
18b6385 |
- add missing Provides for the obsoleted tor-doc subpackage
|
|
|
18b6385 |
|
|
|
f03ed6f |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1916
|
|
|
f03ed6f |
- move the torify subpackage back into the main tor package to match upstream
|
|
|
f03ed6f |
expectations and user expectations (ie, yum install tor)
|
|
|
f03ed6f |
- remove the logic separating the documentation files for tor and torify,
|
|
|
f03ed6f |
which is now no longer needed
|
|
|
f03ed6f |
- use --docdir option when running %%configure
|
|
|
f03ed6f |
|
|
|
392b8f2 |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1915
|
|
|
392b8f2 |
- move the tor-systemd subpackage back into the main tor package:
|
|
|
392b8f2 |
the main tor package has a hard requirement on tor-systemd, so there is no
|
|
|
392b8f2 |
purpose for keeping tor-systemd separate from the main package
|
|
|
392b8f2 |
- remove "Requires: tor-systemd"
|
|
|
392b8f2 |
|
|
|
9f7f859 |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1914
|
|
|
9f7f859 |
- move the tor-core subpackage back into the main tor package to match upstream
|
|
|
9f7f859 |
expectations and user expectations (ie, yum install tor)
|
|
|
9f7f859 |
|
|
|
99fc92d |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1913
|
|
|
99fc92d |
- the tor-systemd subpackage is a hard requirement, so remove the conditional
|
|
|
99fc92d |
that decides whether it is built
|
|
|
99fc92d |
|
|
|
6cb2504 |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1912
|
|
|
6cb2504 |
- amend logrotate file to match closer with upstream defaults, and removing
|
|
|
6cb2504 |
references to several obsolete init systems
|
|
|
6cb2504 |
|
|
|
dddb33c |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1911
|
|
|
dddb33c |
- remove tor-upstart subpackage as upstart is no longer installable within
|
|
|
dddb33c |
Fedora and renders the the subpackage obsolete
|
|
|
dddb33c |
|
|
|
2b7b900 |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1910
|
|
|
2b7b900 |
- remove dependency on fedora-usermgmt as it has been queued for obsoletion
|
|
|
2b7b900 |
from Fedora
|
|
|
2b7b900 |
- add users and groups without forcing use of uid=19 as it is not necessarily
|
|
|
2b7b900 |
available, nor is it required or expected by upstream
|
|
|
2b7b900 |
- do not remove users/groups in %%postun as the guidelines state:
|
|
|
2b7b900 |
https://fedoraproject.org/wiki/Packaging:UsersAndGroups
|
|
|
2b7b900 |
|
|
|
86ed4ef |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1909
|
|
|
86ed4ef |
- change permissions of the following files/directories to match upstream:
|
|
|
86ed4ef |
/var/log/tor should be owned by toranon:toranon with 0750 permissions;
|
|
|
86ed4ef |
/var/lib/tor should be owned by toranon:toranon with 0700 permissions;
|
|
|
86ed4ef |
/etc/tor/torrc should be owned by root:root with 0644 permissions;
|
|
|
86ed4ef |
|
|
|
1ddf8b0 |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1908
|
|
|
1ddf8b0 |
- remove unnecessary Requires on logrotate directory
|
|
|
1ddf8b0 |
|
|
|
37ad318 |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1907
|
|
|
37ad318 |
- remove unnecessary BuildRoot tag
|
|
|
37ad318 |
- remove unnecessary rm -rf RPM_BUILD_ROOT
|
|
|
37ad318 |
- remove unnecessary %%clean
|
|
|
37ad318 |
- remove unnecessary defattr's
|
|
|
37ad318 |
|
|
|
60828eb |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1906
|
|
|
60828eb |
- remove unnecessary %%_unitdir macro
|
|
|
60828eb |
- remove %%systemd_reqs and %%systemd_install macros, moving the parts to
|
|
|
60828eb |
the appropriate sections to improve readability and consistency with other
|
|
|
60828eb |
SPECS
|
|
|
60828eb |
|
|
|
16ac40a |
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1905
|
|
|
16ac40a |
- remove %%release_func macro to improve readability and consistency with
|
|
|
16ac40a |
other SPECS
|
|
|
16ac40a |
|
|
Enrico Scholz |
fd27ca8 |
* Wed Feb 13 2013 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.3.25-1904
|
|
Enrico Scholz |
fd27ca8 |
- fixed torsocks requirement
|
|
Enrico Scholz |
cd57e42 |
- conditionalized systemd builds
|
|
Enrico Scholz |
cd57e42 |
|
|
Enrico Scholz |
dcca5c1 |
* Sun Feb 10 2013 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.3.25-1903
|
|
Enrico Scholz |
dcca5c1 |
- reverted "Package cleanup and various fixes"; too invasive and
|
|
Enrico Scholz |
dcca5c1 |
non-auditable changes which are breaking things
|
|
Enrico Scholz |
dcca5c1 |
|
|
|
8a1f68a |
* Thu Feb 07 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.3.25-1902
|
|
|
8a1f68a |
- torify subpackage should depend on torsocks not tsocks (#908569)
|
|
|
8a1f68a |
|
|
|
397dff1 |
* Wed Feb 06 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.3.25-1901
|
|
|
397dff1 |
- add additional %%configure options for user and group
|
|
|
397dff1 |
- add --defaults-torrc to systemd service to make sure sane defaults are set
|
|
|
397dff1 |
unless explicitly overridden
|
|
|
397dff1 |
- remove unnecessary BuildRoot tag
|
|
|
397dff1 |
- remove unnecessary rm -rf RPM_BUILD_ROOT
|
|
|
397dff1 |
- remove unnecessary %%clean section
|
|
|
397dff1 |
- remove unnecessary defattr's
|
|
|
397dff1 |
- fix Requires for torify subpackage
|
|
|
397dff1 |
- update scriptlets to latest systemd guidelines
|
|
|
397dff1 |
- aesthetic changes to the SPEC for clarity and readability
|
|
|
397dff1 |
|
|
Enrico Scholz |
7dbdc05 |
* Sun Dec 9 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.3.25-1900
|
|
Enrico Scholz |
7dbdc05 |
- updated to 0.2.3.25
|
|
Enrico Scholz |
7dbdc05 |
|
|
Enrico Scholz |
ab51a94 |
* Sat Sep 22 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.39-1900
|
|
Enrico Scholz |
ab51a94 |
- updated to 0.2.2.29
|
|
Enrico Scholz |
ab51a94 |
- CVE-2012-4419: assertion failure when comparing an address with port
|
|
Enrico Scholz |
ab51a94 |
0 to an address policy
|
|
Enrico Scholz |
ab51a94 |
- CVE-2012-4422: assertion failure in tor_timegm()
|
|
Enrico Scholz |
ea1aa79 |
- use %%systemd macros
|
|
Enrico Scholz |
ab51a94 |
|
|
Enrico Scholz |
effda7f |
* Sun Aug 19 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.38-1900
|
|
Enrico Scholz |
effda7f |
- updated to 0.2.2.38
|
|
Enrico Scholz |
6a11229 |
- conditionalized upstart and disabled it by default
|
|
Enrico Scholz |
effda7f |
|
|
|
7680332 |
* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.2.37-1801
|
|
|
7680332 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
7680332 |
|
|
Enrico Scholz |
9a9ab66 |
* Tue Jun 12 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.37-1800
|
|
Enrico Scholz |
9a9ab66 |
- updated to 0.2.2.37
|
|
Enrico Scholz |
9a9ab66 |
|
|
Enrico Scholz |
af2f4e5 |
* Sat May 26 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.36-1800
|
|
Enrico Scholz |
af2f4e5 |
- updated to 0.2.2.36
|
|
Enrico Scholz |
af2f4e5 |
|
|
Enrico Scholz |
ef499c0 |
* Fri Apr 13 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.35-1800
|
|
Enrico Scholz |
ef499c0 |
- build with -fPIE
|
|
Enrico Scholz |
ef499c0 |
|
|
Enrico Scholz |
3904e56 |
* Tue Mar 6 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
|
|
Enrico Scholz |
3904e56 |
- fixed urls (#800236)
|
|
Enrico Scholz |
3904e56 |
|
|
|
05756b9 |
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.2.35-1702
|
|
|
05756b9 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
05756b9 |
|
|
Enrico Scholz |
7e0533c |
* Sat Dec 17 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.35-1701
|
|
Enrico Scholz |
a491a2d |
- added 'su' logrotate option (#751525)
|
|
Enrico Scholz |
632d78c |
- fixed systemd unit file; customization of TimeoutSec + LimitNOFILE is
|
|
Enrico Scholz |
632d78c |
not possible by environment variables. Hardcode some values which can
|
|
Enrico Scholz |
632d78c |
be overridden by the systemd .include method (#755167).
|
|
Enrico Scholz |
ba4e330 |
- added systemd rule in the postrotate script
|
|
Enrico Scholz |
7e0533c |
|
|
Enrico Scholz |
b84c8ae |
* Sat Dec 17 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.35-1700
|
|
Enrico Scholz |
b84c8ae |
- updated to 0.2.2.35 (security)
|
|
Enrico Scholz |
b84c8ae |
- CVE-2011-2778: Tor heap-based buffer overflow
|
|
Enrico Scholz |
b84c8ae |
|
|
Enrico Scholz |
f87a00a |
* Fri Oct 28 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.34-1700
|
|
Enrico Scholz |
f87a00a |
- updated to 0.2.2.34; critical privacy/anonymity fixes
|
|
Enrico Scholz |
58e3d78 |
- CVE-2011-2768
|
|
Enrico Scholz |
58e3d78 |
- CVE-2011-2769
|
|
Enrico Scholz |
f87a00a |
|
|
|
1961e7a |
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.2.33-1701
|
|
|
1961e7a |
- Rebuilt for glibc bug#747377
|
|
|
1961e7a |
|
|
Enrico Scholz |
5e18c18 |
* Sun Sep 18 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.33-1700
|
|
Enrico Scholz |
5e18c18 |
- updated to 2.2.33
|
|
Enrico Scholz |
5e18c18 |
- removed -doc subpackage because shipped files are not available
|
|
Enrico Scholz |
5e18c18 |
anymore
|
|
Enrico Scholz |
5f727d8 |
- ship torify files only in torify subpackage; not in main one
|
|
Enrico Scholz |
393af75 |
- start systemd service after nss-lookup.target (#719476)
|
|
Enrico Scholz |
5e18c18 |
|
|
Enrico Scholz |
ef9e562 |
* Thu Jul 28 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.30-1700
|
|
Enrico Scholz |
ef9e562 |
- added and use systemd macros
|
|
Enrico Scholz |
ef9e562 |
|
|
Enrico Scholz |
4ac537c |
* Thu Mar 17 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.30-1601
|
|
Enrico Scholz |
5966c83 |
- made EnvironmentFile in systemd definition optional
|
|
Enrico Scholz |
1606319 |
- systemd: added Requires: for core package; made it noarch
|
|
Enrico Scholz |
5966c83 |
|
|
Enrico Scholz |
daadcbf |
* Mon Feb 28 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.30-1600
|
|
Enrico Scholz |
daadcbf |
- updated to 0.2.1.30
|
|
Enrico Scholz |
558597e |
- added 'torify' script (#669684)
|
|
Enrico Scholz |
daadcbf |
|
|
|
97c0561 |
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.1.29-1501
|
|
|
97c0561 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
97c0561 |
|
|
Enrico Scholz |
be547a2 |
* Mon Jan 17 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.29-1500
|
|
Enrico Scholz |
be547a2 |
- updated to 0.2.1.29 (SECURITY)
|
|
Enrico Scholz |
be547a2 |
- CVE-2011-0427: heap overflow bug, potential remote code execution
|
|
Enrico Scholz |
be547a2 |
|
|
Luke Macken |
5fe7ea9 |
* Tue Dec 21 2010 Luke Macken <lmacken@redhat.com> - 0.2.1.28-1502
|
|
Luke Macken |
0697cae |
- updated to 0.2.1.28 (SECURITY: fixes a remotely exploitable heap overflow bug)
|
|
Luke Macken |
0697cae |
|
|
Enrico Scholz |
b9ae613 |
* Tue Dec 7 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.27-1501
|
|
Enrico Scholz |
b9ae613 |
- replaced lsb and sysv init stuff with systemd init script
|
|
Enrico Scholz |
b9ae613 |
|
|
Enrico Scholz |
02e6842 |
* Fri Nov 26 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.27-1500
|
|
Enrico Scholz |
02e6842 |
- updated to 0.2.1.27
|
|
Enrico Scholz |
594b82e |
- added tmpfiles.d file to create %%_var/run/%%name directory in -lsb
|
|
Enrico Scholz |
fe953a1 |
- work around broken chkconfig by adding dummy Default-Start: in -lsb
|
|
Enrico Scholz |
02e6842 |
|
|
Enrico Scholz |
571c1e1 |
* Fri Nov 26 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.26-1500
|
|
Enrico Scholz |
571c1e1 |
- fixed 'limit' statement in upstart script
|
|
Enrico Scholz |
571c1e1 |
|
|
|
a6e6e58 |
* Tue Jun 1 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.26-1400
|
|
|
a6e6e58 |
- updated to 0.2.1.26
|
|
|
a6e6e58 |
- log to syslog as request by upstream (#532373#19)
|
|
|
a6e6e58 |
- removed workaround to install lsb initscript because parts of the
|
|
|
a6e6e58 |
underlying problem have been fixed in redhat-lsb and the remaining
|
|
|
a6e6e58 |
ones were solved by previous commit
|
|
|
a6e6e58 |
- removed $local_fs dependency in -lsb initscript to workaround
|
|
|
a6e6e58 |
buggy redhat-lsb; $remote_fs should imply it and has been moved to
|
|
|
a6e6e58 |
Should-Start:
|
|
|
a6e6e58 |
|
|
|
ca4ac65 |
* Tue Jun 1 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
|
|
|
ca4ac65 |
- created -doc subpackage and moved most (all) files from main into it
|
|
|
ca4ac65 |
|
|
|
81fe605 |
* Sun Mar 28 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
|
|
|
81fe605 |
- added -sysv subpackage
|
|
|
81fe605 |
|
|
|
7a32f8a |
* Thu Mar 18 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.25-1400
|
|
|
7a32f8a |
- updated to 0.2.1.25
|
|
|
7a32f8a |
|
|
|
c985ebf |
* Wed Mar 3 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.24-1402
|
|
|
c985ebf |
- removed /var/lib/tor-data dir (Chen Lei)
|
|
|
c985ebf |
|
|
|
7589c34 |
* Tue Mar 2 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.24-1401
|
|
|
7589c34 |
- require tor-core, not tor in -upstart (thx to Dave Jones)
|
|
|
7589c34 |
|
|
|
77120ad |
* Sat Feb 27 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.24-1400
|
|
|
77120ad |
- updated to 0.2.1.24
|
|
|
77120ad |
|
|
|
decf0b3 |
* Mon Feb 15 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.23-1300
|
|
|
decf0b3 |
- updated to 0.2.1.23
|
|
|
decf0b3 |
|
|
|
904ac82 |
* Thu Jan 21 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.22-1300
|
|
|
904ac82 |
- updated to 0.2.1.22
|