d38854
%global _hardened_build 1
d38854
d38854
%global toruser     toranon
d38854
%global torgroup    toranon
c5783a
%global homedir     %{_localstatedir}/lib/tor
c5783a
%global logdir      %{_localstatedir}/log/tor
c5783a
%global rundir      /run/tor
d38854
486f33
%if 0%{?fedora} || 0%{?rhel} >= 8
486f33
%bcond_without libsystemd
486f33
%else
486f33
%bcond_with libsystemd
486f33
%endif
486f33
258f9f
%ifarch %{ix86} x86_64
258f9f
%bcond_without libseccomp
258f9f
%else
258f9f
%bcond_with libseccomp
258f9f
%endif
258f9f
d38854
Name:       tor
mh c4ec1f
Version:    0.3.2.10
mh c4ec1f
Release:    1%{?dist}
d38854
Group:      System Environment/Daemons
d38854
License:    BSD
754bd2
Summary:    Anonymizing overlay network for TCP
Paul Wouters d6a1f8
URL:        https://www.torproject.org
fa1290
c5783a
Source0:    https://www.torproject.org/dist/tor-%{version}.tar.gz
c5783a
Source1:    https://www.torproject.org/dist/tor-%{version}.tar.gz.asc
d38854
Source2:    tor.logrotate
d38854
Source3:    tor.defaults-torrc
c5783a
Source4:    tor.tmpfiles.d
4f51ba
Source10:   tor.service
fd51c0
Source11:   tor@.service
fd51c0
Source12:   tor-master.service
fd51c0
Source20:   README
d243e3
609d9b
Patch0:     tor-0.2.7.6-torrc-ControlSocket-and-CookieAuthFile.patch
609d9b
fa1290
BuildRequires:    asciidoc
fa1290
BuildRequires:    libevent-devel
fa1290
BuildRequires:    openssl-devel
Enrico Scholz dcca5c
258f9f
%if 0%{with libseccomp}
258f9f
# Only available on certain architectures.
258f9f
BuildRequires:    libseccomp-devel
258f9f
%endif
258f9f
486f33
%if 0%{with libsystemd}
486f33
# Requires systemd >= 209. RHEL 7 has systemd 208.
486f33
BuildRequires:    systemd-devel
486f33
%endif
486f33
5be7d8
# /usr/bin/torify is now just a wrapper for torsocks and is only there for
5be7d8
# backwards compatibility.
d38854
Requires:         torsocks
d38854
Requires(pre):    shadow-utils
d38854
Requires(post):   systemd
d38854
Requires(preun):  systemd
392b8f
Requires(postun): systemd
d243e3
d243e3
d243e3
%description
754bd2
The Tor network is a group of volunteer-operated servers that allows people to
754bd2
improve their privacy and security on the Internet. Tor's users employ this
754bd2
network by connecting through a series of virtual tunnels rather than making a
754bd2
direct connection, thus allowing both organizations and individuals to share
754bd2
information over public networks without compromising their privacy. Along the
754bd2
same line, Tor is an effective censorship circumvention tool, allowing its
754bd2
users to reach otherwise blocked destinations or content. Tor can also be used
754bd2
as a building block for software developers to create new communication tools
754bd2
with built-in privacy features.
d243e3
754bd2
This package contains the Tor software that can act as either a server on the
754bd2
Tor network, or as a client to connect to the Tor network.
d243e3
d243e3
d243e3
%prep
6c59d4
%autosetup -p1
d243e3
d243e3
d243e3
%build
11ff22
%configure --with-tor-user=%{toruser} --with-tor-group=%{torgroup}
6c59d4
%make_build
d243e3
d243e3
d243e3
%install
6c59d4
%make_install
c5783a
mv %{buildroot}%{_sysconfdir}/tor/torrc.sample \
c5783a
    %{buildroot}%{_sysconfdir}/tor/torrc
f9ee9f
c5783a
install -D -p -m 0644 %{SOURCE20} %{buildroot}%{_sysconfdir}/tor/README
d243e3
c5783a
mkdir -p %{buildroot}%{logdir}
c5783a
mkdir -p %{buildroot}%{homedir}
ef2689
mkdir -p %{buildroot}%{rundir}
d243e3
c5783a
install -D -p -m 0644 %{SOURCE10} %{buildroot}%_unitdir/tor.service
c5783a
install -D -p -m 0644 %{SOURCE11} %{buildroot}%_unitdir/tor@.service
c5783a
install -D -p -m 0644 %{SOURCE12} %{buildroot}%_unitdir/tor-master.service
c5783a
install -D -p -m 0644 %{SOURCE2}  %{buildroot}%{_sysconfdir}/logrotate.d/tor
c5783a
install -D -p -m 0644 %{SOURCE3}  %{buildroot}%{_datadir}/tor/defaults-torrc
c5783a
install -D -p -m 0644 %{SOURCE4}  %{buildroot}%{_tmpfilesdir}/tor.conf
c5783a
486f33
%if 0%{without libsystemd}
486f33
# Some features are not available for systemd 208 on RHEL 7.
c5783a
sed -i %{buildroot}%_unitdir/tor.service \
c5783a
    -i %{buildroot}%_unitdir/tor@.service \
486f33
    -e 's/^Type=.*/Type=simple/g' \
486f33
    -e '/^NotifyAccess=.*/d' \
486f33
    -e '/^WatchdogSec=.*/d' \
c53f09
    -e 's#^ProtectHome=.*#InaccessibleDirectories=/home\nInaccessibleDirectories=/root\nInaccessibleDirectories=/run/user#g' \
c53f09
    -e 's#^ProtectSystem=.*#ReadOnlyDirectories=/boot\nReadOnlyDirectories=/etc\nReadOnlyDirectories=/usr#g'
486f33
%endif
486f33
11ff22
# Install docs manually.
11ff22
rm -rf %{buildroot}%{_datadir}/doc
d243e3
d243e3
9f7f85
%pre
fa1290
getent group %{torgroup} >/dev/null || groupadd -r %{torgroup}
fa1290
getent passwd %{toruser} >/dev/null || \
fa1290
    useradd -r -s /sbin/nologin -d %{homedir} -M \
11ff22
    -c 'Tor anonymizing user' -g %{torgroup} %{toruser}
2b7b90
exit 0
d243e3
60828e
%post
c5783a
%systemd_post tor.service
60828e
60828e
%preun
c5783a
%systemd_preun tor.service
c5783a
%systemd_preun tor-master.service
60828e
60828e
%postun
ca855c
systemctl daemon-reload >/dev/null 2>&1 || :
ca855c
if [ $1 -ge 1 ]; then
ca855c
    # Use restart instead of try-restart, as tor-master may be "inactive" even
7c8827
    # when there are tor.service and tor@.service instances running.
c5783a
    systemctl restart tor-master.service >/dev/null 2>&1 || :
ca855c
fi
ca4ac6
ca4ac6
d243e3
%files
6c59d4
%doc README ChangeLog ReleaseNotes doc/HACKING doc/*.html
6c59d4
%license LICENSE
fa1290
%{_bindir}/tor
fa1290
%{_bindir}/tor-gencert
fa1290
%{_bindir}/tor-resolve
fa1290
%{_bindir}/torify
fa1290
%{_mandir}/man1/tor.1*
fa1290
%{_mandir}/man1/tor-gencert.1*
fa1290
%{_mandir}/man1/tor-resolve.1*
fa1290
%{_mandir}/man1/torify.1*
b19b5d
%dir %{_datadir}/tor
fa1290
%{_datadir}/tor/defaults-torrc
fa1290
%{_datadir}/tor/geoip
479b0a
%{_datadir}/tor/geoip6
c5783a
%{_tmpfilesdir}/tor.conf
c5783a
%{_unitdir}/tor.service
c5783a
%{_unitdir}/tor@.service
c5783a
%{_unitdir}/tor-master.service
fa1290
fa1290
%dir %{_sysconfdir}/tor
fd51c0
%{_sysconfdir}/tor/README
fa1290
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/tor/torrc
fa1290
%config(noreplace) %{_sysconfdir}/logrotate.d/tor
fa1290
9043f9
%attr(0750,%{toruser},root) %dir %{homedir}
9043f9
%attr(0750,%{toruser},%{torgroup}) %dir %{logdir}
4146ff
%attr(0750,%{toruser},%{torgroup}) %dir %{rundir}
Enrico Scholz dcca5c
d243e3
d243e3
%changelog
mh c4ec1f
* Sat Mar 03 2018 Marcel Härry <mh+fedora@scrit.ch> - 0.3.2.10-1
mh c4ec1f
- Update to latest version. Security-Fixes TROVE-2018-001, TROVE-2018-002,
mh c4ec1f
  TROVE-2018-003 and TROVE-2018-004
mh c4ec1f
mh f57c9d
* Sun Feb 18 2018 Marcel Härry <mh+fedora@scrit.ch> - 0.3.2.9-3
mh f57c9d
- Rebuilt due to libevent SONAME change
mh f57c9d
feb9ad
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.2.9-2
feb9ad
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
feb9ad
mh 15b614
* Wed Jan 10 2018 Marcel Härry <mh+fedora@scrit.ch> - 0.3.2.9-1
mh 82c8b6
- update to latest upstream stable release 0.3.2.9 (#1532909)
mh 82c8b6
mh 76bf91
* Sun Dec 03 2017 Marcel Härry <mh+fedora@scrit.ch> - 0.3.1.9-1
mh 76bf91
- update to upstream release 0.3.1.9. Fixes:
mh 76bf91
- CVE-2017-8819: Replay-cache ineffective for v2 onion services
mh 76bf91
- CVE-2017-8820: Remote DoS attack against directory authorities
mh 76bf91
- CVE-2017-8821: An attacker can make Tor ask for a password
mh 76bf91
- CVE-2017-8822: Relays can pick themselves in a circuit path
mh 76bf91
- CVE-2017-8823: Use-after-free in onion service v2
mh 76bf91
mh 217610
* Wed Oct 25 2017 Marcel Härry <mh+fedora@scrit.ch> - 0.3.1.8-1
mh 217610
- update to upstream release 0.3.1.8
mh 217610
mh f6cf87
* Wed Oct 04 2017 Marcel Härry <mh+fedora@scrit.ch> - 0.3.1.7-1
mh f6cf87
- update to upstream release 0.3.1.7
mh f6cf87
mh 505ea1
* Sun Sep 24 2017 Marcel Haerry <mh+fedora@scrit.ch> - 0.2.9.12-1
mh 505ea1
- update to upstream release 0.2.9.12 (SECURITY) (#1494860)
mh 505ea1
- CVE-2017-0380 Stack disclosure in hidden services logs when
mh 505ea1
  SafeLogging disabled (#1493512) (#1493513)
6c59d4
- Cleanup spec
mh 505ea1
mh 58e0db
* Fri Aug 04 2017 Marcel Härry <maha+fedora@scrit.ch> - 0.2.9.11-1
mh 58e0db
- update to upstream release 0.2.9.11 (SECURITY)
mh 58e0db
- CVE-2017-0375 & CVE-2017-0376: denial of service (assertion
mh 58e0db
  failure and daemon exit) (#1461276) (#1461275)
mh 58e0db
3dd9e1
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.9.10-3
3dd9e1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
3dd9e1
b84105
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.9.10-2
b84105
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
b84105
5385fe
* Fri Mar 03 2017 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.9.10-1
5385fe
- update to upstream release 0.2.9.10
5385fe
0f8c6f
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.8.12-2
0f8c6f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
0f8c6f
c8c659
* Tue Dec 20 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.8.12-1
c8c659
- update to upstream release 0.2.8.12
c8c659
23603f
* Thu Dec 08 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.8.11-1
23603f
- update to upstream release 0.2.8.11
23603f
e1af4c
* Wed Dec 07 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.8.10-1
e1af4c
- update to upstream release 0.2.8.10
e1af4c
8a69ec
* Wed Oct 19 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.8.9-1
8a69ec
- update to upstream release 0.2.8.9
8a69ec
a910c5
* Sun Oct 02 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.8.8-1
a910c5
- update to upstream release 0.2.8.8
a910c5
c097c1
* Thu Aug 25 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.8.7-1
c097c1
- update to upstream release 0.2.8.7
c097c1
2fb961
* Sun Aug 21 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.8.6-2
2fb961
- re-add patch0
2fb961
7ea410
* Sun Aug 21 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.8.6-1
7ea410
- update to upstream release 0.2.8.6
7ea410
- remove upstreamed patches
7ea410
1c2af2
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.2.7.6-6
1c2af2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
1c2af2
4146ff
* Thu Jan 07 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.6-5
4146ff
- make ControlSocket writable by toranon group (#1296226)
4146ff
03f9ea
* Wed Dec 16 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.6-4
03f9ea
- fix tmpfiles.d
03f9ea
609d9b
* Fri Dec 11 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.6-3
609d9b
- place ControlSocket and CookieAuthFile at top of torrc for visibility
609d9b
70bf2c
* Fri Dec 11 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.6-2
70bf2c
- some minor patch fixes
70bf2c
d64774
* Fri Dec 11 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.6-1
d64774
- update to upstream release 0.2.7.6
d64774
- use version of patches that have been accepted upstream
f9ee9f
- add ControlSocket and CookieAuthFile to /etc/tor/torrc
d64774
ed4953
* Thu Dec 10 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.5-6
ed4953
- use ReadOnlyDirectories=/var instead of ReadOnlyDirectories=/ (#1290444)
ed4953
  and other service file improvements
ed4953
1114b9
* Sun Dec 06 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.5-5
1114b9
- improve systemd scriptlets
1114b9
52626b
* Sun Dec 06 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.5-4
52626b
- add PermissionsStartOnly=yes and RestartSec=1 to service file
52626b
c98fdc
* Mon Nov 30 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.5-3
c98fdc
- amend README
c98fdc
754bd2
* Mon Nov 30 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.5-2
754bd2
- improve summary and description
fd51c0
- use tor-master.service to restart/reload all instances (#1286359)
fd51c0
- add /etc/tor/README
754bd2
4a9640
* Sun Nov 29 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.5-1
4a9640
- update to upstream release 0.2.7.5
4a9640
3b9a7c
* Mon Nov 09 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.10-6
3b9a7c
- amend patch so that the default of 0700 doesn't change (but instead allow
3b9a7c
  either 0700 or 0750)
3b9a7c
9043f9
* Sun Nov 08 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.10-5
9043f9
- allow group read of DataDirectory and change owner to root (#1279222),
9043f9
  as otherwise CapabilityBoundingSet requires CAP_READ_SEARCH and SELinux
9043f9
  tor_t requires dac_read_search
9043f9
c25e25
* Sat Oct 03 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.10-4
c25e25
- remove NoNewPrivileges as it prevents SELinux transition
c25e25
- revert to DeviceAllow instead of PrivateDevices due to SELinux denials
c25e25
e36d88
* Tue Sep 29 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.10-3
e36d88
- only build with libseccomp support on ix86, x86_64
e36d88
005846
* Tue Sep 29 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.10-2
005846
- improve systemd integration
005846
- add BR: libseccomp-devel
005846
cf25f5
* Mon Jul 13 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.10-1
cf25f5
- update to upstream release 0.2.6.10
cf25f5
e60377
* Sun Jul 12 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.9-5
e60377
- also fix ExecStartPre in tor@.service
e60377
3f1a47
* Sun Jul 12 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.9-4
3f1a47
- rebuild
3f1a47
7d67e0
* Sun Jul 12 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.9-3
7d67e0
- add missing arguments to config checks executed in ExecStartPre
7d67e0
b05972
* Fri Jul 03 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.9-2
b05972
- remove leading '-' from ReadWriteDirectories
b05972
a8815c
* Fri Jun 12 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.9-1
a8815c
- update to upstream release 0.2.6.9
a8815c
4f51ba
* Thu May 21 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.8-1
4f51ba
- update to upstream release 0.2.6.8
4f51ba
- improve/harden systemd service file
4f51ba
- add multi-instance systemd service file (#1210837)
4f51ba
886b68
* Tue Apr 07 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.5.12-1
886b68
- update to upstream release 0.2.5.12
886b68
79f88d
* Mon Mar 23 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.5.11-1
79f88d
- update to upstream release 0.2.5.11
79f88d
4cdd3c
* Mon Oct 27 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.5.10-1
4cdd3c
- update to upstream release 0.2.5.10
4cdd3c
a21b4c
* Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.4.25-1
a21b4c
- update to upstream release 0.2.4.25
a21b4c
cf63d6
* Tue Sep 23 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.4.24-1
cf63d6
- update to upstream release 0.2.4.24
cf63d6
e0623c
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.4.23-2
e0623c
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
e0623c
a8462a
* Thu Jul 31 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.4.23-1
a8462a
- update to upstream release 0.2.4.23
a8462a
- CVE-2014-5117: potential for traffic-confirmation attacks
a8462a
8d35cf
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.4.22-2
8d35cf
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
8d35cf
9b7c15
* Mon May 19 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.4.22-1
9b7c15
- update to upstream release 0.2.4.22
9b7c15
682321
* Wed Mar 26 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.4.21-2
682321
- remove `--quiet` from default systemd service file
682321
479b0a
* Tue Mar 25 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.4.21-1
479b0a
- update to upstream release 0.2.4.21
479b0a
- remove crazy Release numbering
479b0a
- remove Obsoletes/Provides that were introduced in F19
479b0a
- remove tor-tsocks.conf which has been removed completely upstream
479b0a
- include new file: _datadir/tor/geoip6
479b0a
11ff22
* Sun Aug 04 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.3.25-1931
11ff22
- add fix for new unversioned docdir
11ff22
dbcbb5
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.3.25-1930
dbcbb5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
dbcbb5
ee8722
* Sat Mar 02 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1929
ee8722
- add "Log notice syslog" back to tor.defaults-torrc as recommended by
ee8722
  upstream: https://bugzilla.redhat.com/show_bug.cgi?id=532373#c19
5be7d8
- remove unused files in git (verinfo and lastver)
5be7d8
- change URL to HTTPS
d69d00
- disallow group read for /var/log/tor
5be7d8
- remove TODO as it doesn't contain any useful information
ee8722
595ad7
* Fri Mar 01 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1928
595ad7
- increase LimitNOFILE in tor.service from 4096 to 32768, as advised by
595ad7
  upstream: https://trac.torproject.org/projects/tor/ticket/8368#comment:4
595ad7
b19b5d
* Thu Feb 28 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1927
b19b5d
- package should own the %%{_datadir}/tor directory
b19b5d
9acd09
* Thu Feb 28 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1926
9acd09
- remove unnecessary custom LDFLAGS
9acd09
707ad7
* Thu Feb 28 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1925
707ad7
- remove Obsoletes/Provides for tor-doc, which was introduced in Fedora 16
707ad7
- add some useful comments about the Obsoletes/Provides/Requires
707ad7
- add comments about tor.logrotate, tor.defaults-torrc and tor.systemd.service
707ad7
fa1290
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1924
fa1290
- whitespace changes and reorganization in the interests of readability
fa1290
  and clarity
fa1290
d38854
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1923
d38854
- mix of tabs and spaces, so remove all tabs
d38854
168560
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1922
168560
- the /var/run/tor directory is not needed so remove it, which also fixes
168560
  bug #656707
168560
- use %%_localstatedir instead of %%_var
168560
4b0c77
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1921
4b0c77
- take a more cautious approach in the %%files section and specify filenames
4b0c77
  more explicitly rather than using wildcards, which also makes it easier to
4b0c77
  see the contents of the package
4b0c77
14014d
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1920
14014d
- remove all modifications to the default tor configuration file so that we
14014d
  can stick more closely to upstream defaults
14014d
- add /usr/share/tor/defaults-torrc file, which only contains two options:
14014d
    DataDirectory /var/lib/tor
14014d
    User toranon
14014d
- when starting the tor service, use the following options as recommended by
14014d
  upstream: --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc
14014d
98a6cd
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1919
98a6cd
- split username global variable into separate toruser and torgroup global
98a6cd
  variables to improve spec flexibility and ease of comprehension, as well
98a6cd
  as matching how upstream have written their spec
98a6cd
- use --with-tor-user=%%toruser and --with-tor-group=%%torgroup options when
98a6cd
  running %%configure, as recommended by upstream
98a6cd
12f4bc
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1918
12f4bc
- after moving the tor-systemd and torify subpackages back into the main tor
12f4bc
  package, the %%with_noarch macro and the associated conditionals are no
12f4bc
  longer used so remove them
12f4bc
18b638
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1917
18b638
- add missing Provides for the obsoleted tor-doc subpackage
18b638
f03ed6
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1916
f03ed6
- move the torify subpackage back into the main tor package to match upstream
f03ed6
  expectations and user expectations (ie, yum install tor)
f03ed6
- remove the logic separating the documentation files for tor and torify,
f03ed6
  which is now no longer needed
f03ed6
- use --docdir option when running %%configure
f03ed6
392b8f
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1915
392b8f
- move the tor-systemd subpackage back into the main tor package:
392b8f
  the main tor package has a hard requirement on tor-systemd, so there is no
392b8f
  purpose for keeping tor-systemd separate from the main package
392b8f
- remove "Requires: tor-systemd"
392b8f
9f7f85
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1914
9f7f85
- move the tor-core subpackage back into the main tor package to match upstream
9f7f85
  expectations and user expectations (ie, yum install tor)
9f7f85
99fc92
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1913
99fc92
- the tor-systemd subpackage is a hard requirement, so remove the conditional
99fc92
  that decides whether it is built
99fc92
6cb250
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1912
6cb250
- amend logrotate file to match closer with upstream defaults, and removing
6cb250
  references to several obsolete init systems
6cb250
dddb33
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1911
dddb33
- remove tor-upstart subpackage as upstart is no longer installable within
dddb33
  Fedora and renders the the subpackage obsolete
dddb33
2b7b90
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1910
2b7b90
- remove dependency on fedora-usermgmt as it has been queued for obsoletion
2b7b90
  from Fedora
2b7b90
- add users and groups without forcing use of uid=19 as it is not necessarily
2b7b90
  available, nor is it required or expected by upstream
2b7b90
- do not remove users/groups in %%postun as the guidelines state:
2b7b90
  https://fedoraproject.org/wiki/Packaging:UsersAndGroups
2b7b90
86ed4e
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1909
86ed4e
- change permissions of the following files/directories to match upstream:
86ed4e
  /var/log/tor should be owned by toranon:toranon with 0750 permissions;
86ed4e
  /var/lib/tor should be owned by toranon:toranon with 0700 permissions;
86ed4e
  /etc/tor/torrc should be owned by root:root with 0644 permissions;
86ed4e
1ddf8b
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1908
1ddf8b
- remove unnecessary Requires on logrotate directory
1ddf8b
37ad31
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1907
37ad31
- remove unnecessary BuildRoot tag
37ad31
- remove unnecessary rm -rf RPM_BUILD_ROOT
37ad31
- remove unnecessary %%clean
37ad31
- remove unnecessary defattr's
37ad31
60828e
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1906
60828e
- remove unnecessary %%_unitdir macro
60828e
- remove %%systemd_reqs and %%systemd_install macros, moving the parts to
60828e
  the appropriate sections to improve readability and consistency with other
60828e
  SPECS
60828e
16ac40
* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> 0.2.3.25-1905
16ac40
- remove %%release_func macro to improve readability and consistency with
16ac40
  other SPECS
16ac40
Enrico Scholz fd27ca
* Wed Feb 13 2013 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.3.25-1904
Enrico Scholz fd27ca
- fixed torsocks requirement
Enrico Scholz cd57e4
- conditionalized systemd builds
Enrico Scholz cd57e4
Enrico Scholz dcca5c
* Sun Feb 10 2013 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.3.25-1903
Enrico Scholz dcca5c
- reverted "Package cleanup and various fixes"; too invasive and
Enrico Scholz dcca5c
  non-auditable changes which are breaking things
Enrico Scholz dcca5c
8a1f68
* Thu Feb 07 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.3.25-1902
8a1f68
- torify subpackage should depend on torsocks not tsocks (#908569)
8a1f68
397dff
* Wed Feb 06 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.3.25-1901
397dff
- add additional %%configure options for user and group
397dff
- add --defaults-torrc to systemd service to make sure sane defaults are set
397dff
  unless explicitly overridden
397dff
- remove unnecessary BuildRoot tag
397dff
- remove unnecessary rm -rf RPM_BUILD_ROOT
397dff
- remove unnecessary %%clean section
397dff
- remove unnecessary defattr's
397dff
- fix Requires for torify subpackage
397dff
- update scriptlets to latest systemd guidelines
397dff
- aesthetic changes to the SPEC for clarity and readability
397dff
Enrico Scholz 7dbdc0
* Sun Dec  9 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.3.25-1900
Enrico Scholz 7dbdc0
- updated to 0.2.3.25
Enrico Scholz 7dbdc0
Enrico Scholz ab51a9
* Sat Sep 22 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.39-1900
Enrico Scholz ab51a9
- updated to 0.2.2.29
Enrico Scholz ab51a9
- CVE-2012-4419: assertion failure when comparing an address with port
Enrico Scholz ab51a9
  0 to an address policy
Enrico Scholz ab51a9
- CVE-2012-4422: assertion failure in tor_timegm()
Enrico Scholz ea1aa7
- use %%systemd macros
Enrico Scholz ab51a9
Enrico Scholz effda7
* Sun Aug 19 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.38-1900
Enrico Scholz effda7
- updated to 0.2.2.38
Enrico Scholz 6a1122
- conditionalized upstart and disabled it by default
Enrico Scholz effda7
768033
* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.2.37-1801
768033
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
768033
Enrico Scholz 9a9ab6
* Tue Jun 12 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.37-1800
Enrico Scholz 9a9ab6
- updated to 0.2.2.37
Enrico Scholz 9a9ab6
Enrico Scholz af2f4e
* Sat May 26 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.36-1800
Enrico Scholz af2f4e
- updated to 0.2.2.36
Enrico Scholz af2f4e
Enrico Scholz ef499c
* Fri Apr 13 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.35-1800
Enrico Scholz ef499c
- build with -fPIE
Enrico Scholz ef499c
Enrico Scholz 3904e5
* Tue Mar  6 2012 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
Enrico Scholz 3904e5
- fixed urls (#800236)
Enrico Scholz 3904e5
05756b
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.2.35-1702
05756b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
05756b
Enrico Scholz 7e0533
* Sat Dec 17 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.35-1701
Enrico Scholz a491a2
- added 'su' logrotate option (#751525)
Enrico Scholz 632d78
- fixed systemd unit file; customization of TimeoutSec + LimitNOFILE is
Enrico Scholz 632d78
  not possible by environment variables. Hardcode some values which can
Enrico Scholz 632d78
  be overridden by the systemd .include method (#755167).
Enrico Scholz ba4e33
- added systemd rule in the postrotate script
Enrico Scholz 7e0533
Enrico Scholz b84c8a
* Sat Dec 17 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.35-1700
Enrico Scholz b84c8a
- updated to 0.2.2.35 (security)
Enrico Scholz b84c8a
- CVE-2011-2778: Tor heap-based buffer overflow
Enrico Scholz b84c8a
Enrico Scholz f87a00
* Fri Oct 28 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.34-1700
Enrico Scholz f87a00
- updated to 0.2.2.34; critical privacy/anonymity fixes
Enrico Scholz 58e3d7
- CVE-2011-2768
Enrico Scholz 58e3d7
- CVE-2011-2769
Enrico Scholz f87a00
1961e7
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.2.33-1701
1961e7
- Rebuilt for glibc bug#747377
1961e7
Enrico Scholz 5e18c1
* Sun Sep 18 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.2.33-1700
Enrico Scholz 5e18c1
- updated to 2.2.33
Enrico Scholz 5e18c1
- removed -doc subpackage because shipped files are not available
Enrico Scholz 5e18c1
  anymore
Enrico Scholz 5f727d
- ship torify files only in torify subpackage; not in main one
Enrico Scholz 393af7
- start systemd service after nss-lookup.target (#719476)
Enrico Scholz 5e18c1
Enrico Scholz ef9e56
* Thu Jul 28 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.30-1700
Enrico Scholz ef9e56
- added and use systemd macros
Enrico Scholz ef9e56
Enrico Scholz 4ac537
* Thu Mar 17 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.30-1601
Enrico Scholz 5966c8
- made EnvironmentFile in systemd definition optional
Enrico Scholz 160631
- systemd: added Requires: for core package; made it noarch
Enrico Scholz 5966c8
Enrico Scholz daadcb
* Mon Feb 28 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.30-1600
Enrico Scholz daadcb
- updated to 0.2.1.30
Enrico Scholz 558597
- added 'torify' script (#669684)
Enrico Scholz daadcb
97c056
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.1.29-1501
97c056
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
97c056
Enrico Scholz be547a
* Mon Jan 17 2011 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.29-1500
Enrico Scholz be547a
- updated to 0.2.1.29 (SECURITY)
Enrico Scholz be547a
- CVE-2011-0427: heap overflow bug, potential remote code execution
Enrico Scholz be547a
Luke Macken 5fe7ea
* Tue Dec 21 2010 Luke Macken <lmacken@redhat.com> - 0.2.1.28-1502
Luke Macken 0697ca
- updated to 0.2.1.28 (SECURITY: fixes a remotely exploitable heap overflow bug)
Luke Macken 0697ca
Enrico Scholz b9ae61
* Tue Dec  7 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.27-1501
Enrico Scholz b9ae61
- replaced lsb and sysv init stuff with systemd init script
Enrico Scholz b9ae61
Enrico Scholz 02e684
* Fri Nov 26 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.27-1500
Enrico Scholz 02e684
- updated to 0.2.1.27
Enrico Scholz 594b82
- added tmpfiles.d file to create %%_var/run/%%name directory in -lsb
Enrico Scholz fe953a
- work around broken chkconfig by adding dummy Default-Start: in -lsb
Enrico Scholz 02e684
Enrico Scholz 571c1e
* Fri Nov 26 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.26-1500
Enrico Scholz 571c1e
- fixed 'limit' statement in upstart script
Enrico Scholz 571c1e
a6e6e5
* Tue Jun  1 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.26-1400
a6e6e5
- updated to 0.2.1.26
a6e6e5
- log to syslog as request by upstream (#532373#19)
a6e6e5
- removed workaround to install lsb initscript because parts of the
a6e6e5
  underlying problem have been fixed in redhat-lsb and the remaining
a6e6e5
  ones were solved by previous commit
a6e6e5
- removed $local_fs dependency in -lsb initscript to workaround
a6e6e5
  buggy redhat-lsb; $remote_fs should imply it and has been moved to
a6e6e5
  Should-Start:
a6e6e5
ca4ac6
* Tue Jun  1 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
ca4ac6
- created -doc subpackage and moved most (all) files from main into it
ca4ac6
81fe60
* Sun Mar 28 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
81fe60
- added -sysv subpackage
81fe60
7a32f8
* Thu Mar 18 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.25-1400
7a32f8
- updated to 0.2.1.25
7a32f8
c985eb
* Wed Mar  3 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.24-1402
c985eb
- removed /var/lib/tor-data dir (Chen Lei)
c985eb
7589c3
* Tue Mar  2 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.24-1401
7589c3
- require tor-core, not tor in -upstart (thx to Dave Jones)
7589c3
77120a
* Sat Feb 27 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.24-1400
77120a
- updated to 0.2.1.24
77120a
decf0b
* Mon Feb 15 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.23-1300
decf0b
- updated to 0.2.1.23
decf0b
904ac8
* Thu Jan 21 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.22-1300
904ac8
- updated to 0.2.1.22