rpms / tor

Clone
Source Code
GIT

Files

el5 el6 epel7 epel8 epel8-playground epel9 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 fc6 main master-alpha master-test rawhide
  1.   el6
  2.   tor.spec
Blob Blame History Raw 
%global _hardened_build 1

%global toruser     toranon
%global torgroup    toranon
%global homedir     %{_localstatedir}/lib/tor
%global logdir      %{_localstatedir}/log/tor
%global rundir      %{_localstatedir}/run/tor

Name:       tor
Version:    0.2.9.17
Release:    1%{?dist}
Group:      System Environment/Daemons
License:    BSD
Summary:    Anonymizing overlay network for TCP
URL:        https://www.torproject.org

Source0:    https://www.torproject.org/dist/tor-%{version}.tar.gz
Source1:    https://www.torproject.org/dist/tor-%{version}.tar.gz.asc
Source2:    tor.logrotate
Source3:    tor.defaults-torrc
Source10:   tor.service

Patch0:     tor-0.2.7.6-torrc-ControlSocket-and-CookieAuthFile.patch

Obsoletes:  tor-doc < 0.2.2
Provides:   tor-doc = %{version}-%{release}

BuildRequires:    asciidoc
BuildRequires:    libevent2-devel
BuildRequires:    openssl-devel >= 0.9.7

# /usr/bin/torify is now just a wrapper for torsocks and is only there for
# backwards compatibility.
Requires:         torsocks
Requires(pre):    shadow-utils
Requires(post):   chkconfig
Requires(preun):  chkconfig
Requires(preun):  initscripts
Requires(postun): initscripts


%description
The Tor network is a group of volunteer-operated servers that allows people to
improve their privacy and security on the Internet. Tor's users employ this
network by connecting through a series of virtual tunnels rather than making a
direct connection, thus allowing both organizations and individuals to share
information over public networks without compromising their privacy. Along the
same line, Tor is an effective censorship circumvention tool, allowing its
users to reach otherwise blocked destinations or content. Tor can also be used
as a building block for software developers to create new communication tools
with built-in privacy features.

This package contains the Tor software that can act as either a server on the
Tor network, or as a client to connect to the Tor network.


%prep
%setup -q
%patch0 -p1


%build
%configure --with-tor-user=%{toruser} --with-tor-group=%{torgroup} \
    --docdir=%{_docdir}/tor-%{version}
make %{?_smp_mflags}


%install
make install DESTDIR=%{buildroot}
mv %{buildroot}%{_sysconfdir}/tor/torrc.sample \
    %{buildroot}%{_sysconfdir}/tor/torrc

mkdir -p %{buildroot}%{logdir}
mkdir -p %{buildroot}%{homedir}
mkdir -p %{buildroot}%{rundir}

install -D -p -m 0755 %SOURCE10 %{buildroot}%{_initrddir}/tor
install -D -p -m 0644 %SOURCE2  %{buildroot}%{_sysconfdir}/logrotate.d/tor
install -D -p -m 0644 %SOURCE3  %{buildroot}%{_datadir}/tor/defaults-torrc
install -D -p -m 0755 contrib/dist/torctl %{buildroot}%{_bindir}/torctl


%pre
getent group %{torgroup} >/dev/null || groupadd -r %{torgroup}
getent passwd %{toruser} >/dev/null || \
    useradd -r -s /sbin/nologin -d %{homedir} -M \
    -c 'Tor anonymizing user' -g %{torgroup} %{toruser}
exit 0

%post
/sbin/chkconfig --add tor

%preun
if [ $1 -eq 0 ] ; then
    /sbin/service tor stop >/dev/null 2>&1
    /sbin/chkconfig --del tor
fi

%postun
if [ $1 -ge 1 ] ; then
    /sbin/service tor condrestart >/dev/null 2>&1 || :
fi


%files
%doc LICENSE README ChangeLog ReleaseNotes doc/HACKING doc/*.html
%{_bindir}/tor
%{_bindir}/tor-gencert
%{_bindir}/tor-resolve
%{_bindir}/torctl
%{_bindir}/torify
%{_mandir}/man1/tor.1*
%{_mandir}/man1/tor-gencert.1*
%{_mandir}/man1/tor-resolve.1*
%{_mandir}/man1/torify.1*
%dir %{_datadir}/tor
%{_datadir}/tor/defaults-torrc
%{_datadir}/tor/geoip
%{_datadir}/tor/geoip6
%{_initrddir}/tor

%dir %{_sysconfdir}/tor
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/tor/torrc
%config(noreplace) %{_sysconfdir}/logrotate.d/tor

%attr(0700,%{toruser},%{torgroup}) %dir %{homedir}
%attr(0700,%{toruser},%{torgroup}) %dir %{logdir}
%attr(0700,%{toruser},%{torgroup}) %dir %{rundir}


%changelog
* Sat Sep 22 2018 Marcel Härry <mh+fedora@scrit.ch> - 0.2.9.17-1
- Update to latest version

* Thu Mar 08 2018 Marcel Härry <mh+fedora@scrit.ch> - 0.2.9.15-1
- Update to latest version. Security-Fixes TROVE-2018-001, TROVE-2018-002,
  TROVE-2018-003 and TROVE-2018-004 (#1553356)

* Wed Dec 20 2017 Marcel Haerry <mh+fedora@scrit.ch> - 0.2.9.14-1
- update to upstream release 0.2.9.14. (#1520864)
- Fixes: CVE-2017-8819: Replay-cache ineffective for v2 onion services
- CVE-2017-8820: Remote DoS attack against directory authorities
- CVE-2017-8821: An attacker can make Tor ask for a password
- CVE-2017-8822: Relays can pick themselves in a circuit path
- CVE-2017-8823: Use-after-free in onion service v2

* Sun Sep 24 2017 Marcel Haerry <mh+fedora@scrit.ch> - 0.2.9.12-1
- update to upstream release 0.2.9.12 (SECURITY) (#1494860)
- CVE-2017-0380 Stack disclosure in hidden services logs when
  SafeLogging disabled (#1493512) (#1493513)

* Fri Mar 03 2017 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.9.10-1
- update to upstream release 0.2.9.10

* Tue Dec 20 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.8.12-1
- update to upstream release 0.2.8.12

* Wed Dec 07 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.8.10-1
- update to upstream release 0.2.8.10

* Wed Oct 19 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.8.9-1
- update to upstream release 0.2.8.9

* Sun Oct 02 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.8.8-1
- update to upstream release 0.2.8.8

* Thu Aug 25 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.8.7-1
- update to upstream release 0.2.8.7

* Sun Aug 21 2016 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.8.6-1
- update to upstream release 0.2.8.6
- remove upstreamed patches

* Fri Dec 11 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.6-1
- update to upstream release 0.2.7.6
- add ControlSocket and CookieAuthFile

* Sun Nov 29 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.7.5-1
- update to upstream release 0.2.7.5

* Mon Nov 09 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.10-2
- remove --hush option

* Mon Jul 13 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.10-1
- update to upstream release 0.2.6.10

* Fri Jun 12 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.9-1
- update to upstream release 0.2.6.9

* Thu May 21 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.6.8-1
- update to upstream release 0.2.6.8

* Tue Apr 07 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.5.12-1
- update to upstream release 0.2.5.12

* Mon Mar 23 2015 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.5.11-1
- update to upstream release 0.2.5.11

* Mon Oct 27 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.5.10-1
- update to upstream release 0.2.5.10

* Wed Oct 22 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.4.25-1
- update to upstream release 0.2.4.25

* Tue Sep 23 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.4.24-1
- update to upstream release 0.2.4.24

* Thu Jul 31 2014 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.4.23-1
- update to upstream release 0.2.4.23
- CVE-2014-5117: potential for traffic-confirmation attacks

* Tue Jun 10 2014 Sam Kottler <skottler@fedoraproject.org> - 0.2.4.22-1
- update to upstream version 0.2.4.22 (BZ#1103177)

* Mon Mar 04 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.3.25-6
- no need to change the default configuration file
- do not include doc/TODO which doesn't contain anything useful
- include doc/*.html
- change /var/log/tor and /var/run/tor permissions to 0700
- change /etc/tor/torrc permissions to 0644
- whitespace changes and reorganization to make the spec more similar to
  fedora master branch (to make maintenance more straightforward)
- do not mention torctl in the service file as it isn't used
- add "-f /etc/tor/torrc" to default arguments when starting tor

* Wed Feb 27 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.3.25-5
- add torsocks to Requires

* Mon Jan 28 2013 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.3.25-4
- add defaults-torrc
- amend %%pre scriptlet to add toranon user even when updating
- several fixes to initscript including:
    - do not use torctl
    - use configuration from defaults-torrc
    - send SIGINT to shutdown gracefully
    - use --verify-config before starting, restarting or reloading
    - remove unnecessary variables

* Sat Dec 08 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.3.25-3
- remove dependency on fedora-usermgmt

* Sat Dec 08 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.3.25-2
- remove dependency on fedora-usermgmt-devel

* Sun Nov 25 2012 Jamie Nguyen <jamielinux@fedoraproject.org> - 0.2.3.25-1
- rewrite package from scratch for simplicity and clarity
- stick closer with upstream defaults
- update to latest stable release

* Thu Mar 18 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.25-1200
- updated to 0.2.1.25

* Thu Mar 11 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.24-1201
- removed /var/lib/tor-data dir (Chen Lei)

* Tue Mar  2 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.24-1200
- updated to 0.2.1.24
- require tor-core, not tor in -upstart (thx to Dave Jones)

* Mon Feb 15 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.23-1200
- updated to 0.2.1.23

* Thu Jan 21 2010 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.22-1200
- updated to 0.2.1.22

* Thu Dec 31 2009 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.21-1200
- updated to 0.2.1.21

* Sat Nov 14 2009 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.20-1200
- updated URLs (#532373)
- removed (inactive) update mechanism for GeoIP data; this might
  reduce anonimity  (#532373)
- use the pidfile at various places in the LSB initscript to operate
  on the correct process (#532373)
- set a higher 'nofile' limit in the upstart initscript to allow fast
  relays; LSB users will have to add a 'ulimit -n' into /etc/sysconfig/tor
  to get a similar effect (#532373)
- let the LSB initscript wait until process exits within a certain
  time; this fixes shutdown/restart problems when working as a server
  (#532373)
- fixed initng related typo in logrotate script (#532373)
- removed <linux/netfilter_ipv4.h> hack; it is fixed upstream and/or
  in the kernel sources
- use %%postun, not %%post as a -upstart scriptlet and send INT, not
  TERM signal to stop/restart daemon

* Sun Oct 25 2009 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.20-1
- updated to 0.2.1.20

* Sat Sep 12 2009 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.19-2
- workaround bug in redhat-lsb (#522053)

* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 0.2.1.19-1
- rebuilt with new openssl

* Sun Aug  9 2009 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.1.19-0
- updated to 0.2.1.19
- rediffed patches

* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.0.35-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Fri Jun 26 2009 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.0.35-1
- updated to 0.2.0.35
- added '--quiet' to startup options (bug #495987)
- updated %%doc entries

* Wed May  6 2009 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.0.34-4
- made it easy to rebuild package in RHEL by adding a 'noarch'
  conditional to enable/disable noarch subpackages

* Sat Mar  7 2009 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.0.34-3
- added -upstart subpackage (-lsb still wins by default as there exists
  no end-user friendly solution for managing upstart initscripts)

* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2.0.34-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Tue Feb 10 2009 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.0.34-1
- updated to 0.2.0.34 (SECURITY: fixes DoS vulnerabilities)

* Thu Jan 22 2009 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.0.33-1
- updated to 0.2.0.33 (SECURITY: fixed heap-corruption bug)

* Sun Jan 18 2009 Tomas Mraz <tmraz@redhat.com> - 0.2.0.32-2
- rebuild with new openssl

* Sun Dec  7 2008 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.0.32-1
- updated to 0.2.0.32
- removed -setgroups patch; supplementary groups are now set upstream

* Sun Jul 20 2008 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.2.0.30-1
- updated to 0.2.0.30; rediffed patches
- (re)enabled transparent proxy support by workarounding broken
  <linux/netfilter_ipv4.h> header
- moved the 'geoip' database to /var/lib/tor-data where it can be
  updated periodically
- built with -Wl,--as-needed

* Thu Jul 10 2008 Nikolay Vladimirov <nikolay@vladimiroff.com> - 0.1.2.19-3
- rebuild for new libevent

* Wed Feb 13 2008 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.2.19-2
- added 'missingok' to logrotate script (#429402)

* Tue Feb 12 2008 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.2.19-1
- updated to 0.1.2.19
- use file based BR for latex
- improved 'status' method of initscript to return rc of 'pidofproc'
  instead of doing further manual tests.  Calling 'pidofproc' directly
  instead of within a subshell should workaround #432254 too.

* Sat Jan 26 2008 Alex Lancaster <alexlan[AT]fedoraproject org> - 0.1.2.18-4
- Update BuildRequires: tex(latex),
- BR: texlive-texmf-fonts seems also to be necessary

* Sat Jan 26 2008 Alex Lancaster <alexlan[AT]fedoraproject org> - 0.1.2.18-3
- Rebuild for new libevent.

* Thu Dec 06 2007 Release Engineering <rel-eng at fedoraproject dot org> - 0.1.2.18-2
- Rebuild for deps

* Tue Oct 30 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.2.18-1
- updated to 0.1.2.18

* Fri Aug 31 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.2.17-1
- updated to 0.1.2.17

* Sat Aug 25 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.2.16-2
- fixed open(2) issue

* Fri Aug  3 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.2.16-1
- updated to 0.1.2.16 (SECURITY)

* Sat Jul 28 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.2.15-1
- updated to 0.1.2.15

* Sat May 26 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.2.14-1
- updated to 0.1.2.14

* Wed Apr 25 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.2.13-1
- updated to 0.1.2.13
- minor cleanups; especially in the %%doc section

* Sun Apr  8 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.1.26-4
- rebuilt for (yet another) new libevent

* Mon Feb 26 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.1.26-3
- rebuilt for new libevent

* Wed Jan 24 2007 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.1.26-2
- updated -setgroups patch (#224090, thx to Sami Farin)

* Sun Dec 17 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.1.26-1
- updated to 0.1.1.26 (SECURITY)
- do not turn on logging by default; it's easier to say "we do not log
  anything" to the police instead of enumerating the logged event
  classes and trying to explain that they do not contain any valuable
  information

* Sun Nov 12 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.1.25-1
- updated to 0.1.1.25

* Thu Oct  5 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.1.24-1
- updated to 0.1.1.24

* Sat Sep 30 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.1.23-5
- updated to recent fedora-usermgmt
- minor cleanups
- require only 'lsb-core-noarch' instead of whole 'lsb'

* Tue Sep 26 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.1.23-4
- first FE release (review #175433)

* Mon Sep 25 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.1.23-3
- removed '.have-lsb' and related logic in logrotate script; check for
  existence of the corresponding initscript instead of
- fixed bare '%%' in changelog section

* Thu Sep 21 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.1.23-2
- simplified things yet more and removed tsocks/torify too
- build -lsb unconditionally

* Thu Sep 21 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.1.23-1
- simplified spec file and removed -initng and -minit stuff

* Sun Aug 13 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.1.23-0
- updated to 0.1.1.23

* Sat Jul  8 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.1.22-0
- updated to 0.1.1.22

* Tue Jun 13 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.1.21-0
- updated to 0.1.1.21

* Wed May 24 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.1.20-0
- updated to 0.1.1.20; adjusted %%doc file-list
- added (optional) -tsocks subpackage
- use the more modern %%bcond_with* for specifying optional features

* Sun Feb 19 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.0.17-0
- updated to 0.1.0.17

* Mon Jan 30 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.0.16-0.1
- renamed the current main-package into a '-core' subpackage and
  created a new main-package which requires both the 'tor-core'
  subpackage and this with the current default init-method. This
  allows 'yum install tor' to work better; because yum is not very
  smart, the old packaging might install unwanted packages else.

* Wed Jan  4 2006 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.0.16-0
- updated to 0.1.0.16

* Fri Dec 23 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.0.15-1.11
- reworked the 'setgroups' patch so that 'tor' survives a SIGHUP
- (re)added the 'reload' functionality to the lsb initscript and use
  it in logrotate

* Fri Dec 23 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.0.15-1.8
- added ChangeLog to %%doc
- made torrc not world-readable
- added logrotate script

* Thu Dec 22 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.0.15-1.4
- updated initng scripts to initng-0.4.8 syntax
- tweaked some Requires(...):
- added ghostscript BuildRequires:
- install initng scripts into the correct dir

* Thu Dec 15 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.0.15-1.2
- use relative UID of 19 instead of 18 due to conflicts with the
  'munin' package

* Wed Dec 14 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.0.15-1.1
- added -minit subpackage

* Sat Dec 10 2005 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> - 0.1.0.15-1
- initial build
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.