From 88fef813f5337340c7fa8072d5bfb9c9c56c67f7 Mon Sep 17 00:00:00 2001 From: Troy Dawson Date: Feb 01 2022 01:42:04 +0000 Subject: epel8-playground decommissioned : https://pagure.io/epel/issue/136 --- diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 84c3937..0000000 --- a/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -/tor-*.tar.gz -/tor-*.tar.gz.asc -/*.rpm diff --git a/README b/README deleted file mode 100644 index 41f5a34..0000000 --- a/README +++ /dev/null @@ -1,22 +0,0 @@ -The default configuration file for Tor is "/etc/tor/torrc" and is used when you -run this command: - - # systemctl start tor.service - -Multiple instances of Tor can be run simultaneously using different -configuration files. For example, tor@custom.service will use the configuration -file "/etc/tor/custom.torrc". - - # touch /etc/tor/custom.torrc - # echo "SOCKSPort 9051" >> /etc/tor/custom.torrc - # echo "DataDirectory /var/lib/tor/custom" >> /etc/tor/custom.torrc - # mkdir /var/lib/tor/custom - # chown toranon:root /var/lib/tor/custom - # systemctl start tor@custom.service - -To restart, reload, or stop all running instances of Tor (including tor.service -and any tor@.service), use tor-master.service. For example, to restart all -instances of Tor, run this command: - - # systemctl restart tor-master.service - diff --git a/dead.package b/dead.package new file mode 100644 index 0000000..a72aec0 --- /dev/null +++ b/dead.package @@ -0,0 +1 @@ +epel8-playground decommissioned : https://pagure.io/epel/issue/136 diff --git a/sources b/sources deleted file mode 100644 index 95bd7c8..0000000 --- a/sources +++ /dev/null @@ -1,2 +0,0 @@ -SHA512 (tor-0.4.1.6.tar.gz) = 9e4625216e25b9498d6054a9920e5a8932ca7b28c5131062eac637b69c80cdf05bc3fd008b833e5359d8849e256f1f405abd56b07f50fd91077b153ba60503da -SHA512 (tor-0.4.1.6.tar.gz.asc) = d56b790f6a483ee96e8194b49bc2a95561e32ad300cd52645a6c74af2eec75a6edbb086cab5d39f28218665a5fad5decea8ab9627a30033a6a1af723a57b2bcf diff --git a/tor-0.2.7.6-torrc-ControlSocket-and-CookieAuthFile.patch b/tor-0.2.7.6-torrc-ControlSocket-and-CookieAuthFile.patch deleted file mode 100644 index 86ac5c3..0000000 --- a/tor-0.2.7.6-torrc-ControlSocket-and-CookieAuthFile.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 836960177eb961d1009cdb5fb4632592abfb3376 Mon Sep 17 00:00:00 2001 -From: Jamie Nguyen -Date: Thu, 7 Jan 2016 11:01:32 +0000 -Subject: [PATCH] Add ControlSocket and CookieAuthFile to torrc - ---- - src/config/torrc.sample.in | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/config/torrc.sample.in b/src/config/torrc.sample.in -index 248cb5c..295cff4 100644 ---- a/src/config/torrc.sample.in -+++ b/src/config/torrc.sample.in -@@ -12,6 +12,12 @@ - ## Tor will look for this file in various places based on your platform: - ## https://www.torproject.org/docs/faq#torrc - -+ControlSocket /run/tor/control -+ControlSocketsGroupWritable 1 -+CookieAuthentication 1 -+CookieAuthFile /run/tor/control.authcookie -+CookieAuthFileGroupReadable 1 -+ - ## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't - ## configure one below. Set "SOCKSPort 0" if you plan to run Tor only - ## as a relay, and not make any local application connections yourself. --- -2.5.0 - diff --git a/tor-master.service b/tor-master.service deleted file mode 100644 index e6fce78..0000000 --- a/tor-master.service +++ /dev/null @@ -1,16 +0,0 @@ -# Use tor-master.service to restart/reload/stop the main tor.service and -# all instances of tor@.service that are running. -# -# systemd targets cannot be reloaded so this is a service instead. - -[Unit] -Description=Anonymizing overlay network for TCP (multi-instance master) - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/bin/true -ExecReload=/bin/true - -[Install] -WantedBy=multi-user.target diff --git a/tor.defaults-torrc b/tor.defaults-torrc deleted file mode 100644 index 83ebb3b..0000000 --- a/tor.defaults-torrc +++ /dev/null @@ -1,4 +0,0 @@ -DataDirectory /var/lib/tor -DataDirectoryGroupReadable 1 -User toranon -Log notice syslog diff --git a/tor.logrotate b/tor.logrotate deleted file mode 100644 index 0fd02b3..0000000 --- a/tor.logrotate +++ /dev/null @@ -1,13 +0,0 @@ -/var/log/tor/*.log { - daily - rotate 5 - compress - delaycompress - missingok - notifempty - create 0640 toranon toranon - sharedscripts - postrotate - /bin/systemctl reload tor-master.service >/dev/null 2>/dev/null || : - endscript -} diff --git a/tor.service b/tor.service deleted file mode 100644 index 84bc50c..0000000 --- a/tor.service +++ /dev/null @@ -1,35 +0,0 @@ -[Unit] -Description=Anonymizing overlay network for TCP -After=syslog.target network.target nss-lookup.target -PartOf=tor-master.service -ReloadPropagatedFrom=tor-master.service - -[Service] -Type=notify -NotifyAccess=all -ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc --verify-config -ExecStart=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc -ExecReload=/bin/kill -HUP ${MAINPID} -KillSignal=SIGINT -TimeoutSec=30 -Restart=on-failure -RestartSec=1 -WatchdogSec=1m -LimitNOFILE=32768 - -# Hardening -PrivateTmp=yes -DeviceAllow=/dev/null rw -DeviceAllow=/dev/urandom r -ProtectHome=yes -ProtectSystem=full -ReadOnlyDirectories=/run -ReadOnlyDirectories=/var -ReadWriteDirectories=/run/tor -ReadWriteDirectories=/var/lib/tor -ReadWriteDirectories=/var/log/tor -CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH -PermissionsStartOnly=yes - -[Install] -WantedBy = multi-user.target diff --git a/tor.spec b/tor.spec deleted file mode 100644 index 9498da9..0000000 --- a/tor.spec +++ /dev/null @@ -1,698 +0,0 @@ -%global _hardened_build 1 - -%global toruser toranon -%global torgroup toranon -%global homedir %{_localstatedir}/lib/tor -%global logdir %{_localstatedir}/log/tor -%global rundir /run/tor - -%if 0%{?fedora} || 0%{?rhel} >= 8 -%bcond_without libsystemd -%else -%bcond_with libsystemd -%endif - -%ifarch %{ix86} x86_64 -%bcond_without libseccomp -%else -%bcond_with libseccomp -%endif - -Name: tor -Version: 0.4.1.6 -Release: 1%{?dist} -License: BSD -Summary: Anonymizing overlay network for TCP -URL: https://www.torproject.org - -Source0: https://www.torproject.org/dist/tor-%{version}.tar.gz -Source1: https://www.torproject.org/dist/tor-%{version}.tar.gz.asc -Source2: tor.logrotate -Source3: tor.defaults-torrc -Source4: tor.tmpfiles.d -Source10: tor.service -Source11: tor@.service -Source12: tor-master.service -Source20: README - -Patch0: tor-0.2.7.6-torrc-ControlSocket-and-CookieAuthFile.patch - -BuildRequires: gcc -BuildRequires: asciidoc -BuildRequires: libevent-devel -BuildRequires: openssl-devel -BuildRequires: zlib-devel -BuildRequires: libzstd-devel -BuildRequires: xz-devel -BuildRequires: libcap-devel - -%if 0%{with libseccomp} -# Only available on certain architectures. -BuildRequires: libseccomp-devel -%endif - -%if 0%{with libsystemd} -# Requires systemd >= 209. RHEL 7 has systemd 208. -BuildRequires: systemd-devel -%endif - -# /usr/bin/torify is now just a wrapper for torsocks and is only there for -# backwards compatibility. -Requires: torsocks -Requires(pre): shadow-utils -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd - - -%description -The Tor network is a group of volunteer-operated servers that allows people to -improve their privacy and security on the Internet. Tor's users employ this -network by connecting through a series of virtual tunnels rather than making a -direct connection, thus allowing both organizations and individuals to share -information over public networks without compromising their privacy. Along the -same line, Tor is an effective censorship circumvention tool, allowing its -users to reach otherwise blocked destinations or content. Tor can also be used -as a building block for software developers to create new communication tools -with built-in privacy features. - -This package contains the Tor software that can act as either a server on the -Tor network, or as a client to connect to the Tor network. - - -%prep -%autosetup -p1 - - -%build -%configure --with-tor-user=%{toruser} --with-tor-group=%{torgroup} -%make_build - - -%install -%make_install -mv %{buildroot}%{_sysconfdir}/tor/torrc.sample \ - %{buildroot}%{_sysconfdir}/tor/torrc - -install -D -p -m 0644 %{SOURCE20} %{buildroot}%{_sysconfdir}/tor/README - -mkdir -p %{buildroot}%{logdir} -mkdir -p %{buildroot}%{homedir} -mkdir -p %{buildroot}%{rundir} - -install -D -p -m 0644 %{SOURCE10} %{buildroot}%_unitdir/tor.service -install -D -p -m 0644 %{SOURCE11} %{buildroot}%_unitdir/tor@.service -install -D -p -m 0644 %{SOURCE12} %{buildroot}%_unitdir/tor-master.service -install -D -p -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/tor -install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_datadir}/tor/defaults-torrc -install -D -p -m 0644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/tor.conf - -%if 0%{without libsystemd} -# Some features are not available for systemd 208 on RHEL 7. -sed -i %{buildroot}%_unitdir/tor.service \ - -i %{buildroot}%_unitdir/tor@.service \ - -e 's/^Type=.*/Type=simple/g' \ - -e '/^NotifyAccess=.*/d' \ - -e '/^WatchdogSec=.*/d' \ - -e 's#^ProtectHome=.*#InaccessibleDirectories=/home\nInaccessibleDirectories=/root\nInaccessibleDirectories=/run/user#g' \ - -e 's#^ProtectSystem=.*#ReadOnlyDirectories=/boot\nReadOnlyDirectories=/etc\nReadOnlyDirectories=/usr#g' -%endif - -# Install docs manually. -rm -rf %{buildroot}%{_datadir}/doc - - -%pre -getent group %{torgroup} >/dev/null || groupadd -r %{torgroup} -getent passwd %{toruser} >/dev/null || \ - useradd -r -s /sbin/nologin -d %{homedir} -M \ - -c 'Tor anonymizing user' -g %{torgroup} %{toruser} -exit 0 - -%post -%systemd_post tor.service - -%preun -%systemd_preun tor.service -%systemd_preun tor-master.service - -%postun -systemctl daemon-reload >/dev/null 2>&1 || : -if [ $1 -ge 1 ]; then - # Use restart instead of try-restart, as tor-master may be "inactive" even - # when there are tor.service and tor@.service instances running. - systemctl restart tor-master.service >/dev/null 2>&1 || : -fi - - -%files -%doc README ChangeLog ReleaseNotes doc/HACKING doc/*.html -%license LICENSE -%{_bindir}/tor -%{_bindir}/tor-gencert -%{_bindir}/tor-resolve -%{_bindir}/torify -%{_bindir}/tor-print-ed-signing-cert -%{_mandir}/man1/tor.1* -%{_mandir}/man1/tor-gencert.1* -%{_mandir}/man1/tor-resolve.1* -%{_mandir}/man1/torify.1* -%{_mandir}/man1/tor-print-ed-signing-cert.1* -%dir %{_datadir}/tor -%{_datadir}/tor/defaults-torrc -%{_datadir}/tor/geoip -%{_datadir}/tor/geoip6 -%{_tmpfilesdir}/tor.conf -%{_unitdir}/tor.service -%{_unitdir}/tor@.service -%{_unitdir}/tor-master.service - -%dir %{_sysconfdir}/tor -%{_sysconfdir}/tor/README -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/tor/torrc -%config(noreplace) %{_sysconfdir}/logrotate.d/tor - -%attr(0750,%{toruser},root) %dir %{homedir} -%attr(0750,%{toruser},%{torgroup}) %dir %{logdir} -%attr(0750,%{toruser},%{torgroup}) %dir %{rundir} - - -%changelog -* Thu Sep 19 2019 Marcel Härry - 0.4.1.6-1 -- update to latest upstream release (bz#1743739) - -* Wed Aug 21 2019 Marcel Härry - 0.4.1.5-1 -- update to latest upstream release (bz#1743739) - -* Sat Jul 27 2019 Fedora Release Engineering - 0.4.0.5-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - -* Fri May 03 2019 Marcel Härry - 0.4.0.5-1 -- update to latest upstream release (bz#1705702) - -* Thu Feb 21 2019 Marcel Härry - 0.3.5.8-1 -- update to latest upstream release (bz#1679732) - -* Sun Feb 03 2019 Fedora Release Engineering - 0.3.5.7-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - -* Mon Jan 07 2019 Marcel Härry - 0.3.5.7-1 -- update to latest upstream release - -* Fri Nov 02 2018 Marcel Härry - 0.3.4.9-1 -- update to latest upstream release - -* Sat Sep 22 2018 Marcel Härry - 0.3.4.8-1 -- update to latest upstream stable release 0.3.4.8 -- add more build deps to enable compression - -* Sat Jul 14 2018 Marcel Härry - 0.3.3.9-1 -- update to latest upstream stable release 0.3.3.9 (#1581512) - -* Sat Jul 14 2018 Fedora Release Engineering - 0.3.3.8-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - -* Tue Jul 10 2018 Marcel Härry - 0.3.3.8-1 -- update to latest upstream stable release 0.3.3.8 (#1581512) - -* Mon Jun 18 2018 Marcel Härry - 0.3.3.7-1 -- update to latest upstream stable release 0.3.3.7 (#1581512) - -* Wed May 23 2018 Marcel Härry - 0.3.3.6-1 -- update to latest upstream stable release 0.3.3.6 (#1581512) - -* Sat Mar 03 2018 Marcel Härry - 0.3.2.10-1 -- Update to latest version. Security-Fixes TROVE-2018-001, TROVE-2018-002, - TROVE-2018-003 and TROVE-2018-004 - -* Sun Feb 18 2018 Marcel Härry - 0.3.2.9-3 -- Rebuilt due to libevent SONAME change - -* Fri Feb 09 2018 Fedora Release Engineering - 0.3.2.9-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Wed Jan 10 2018 Marcel Härry - 0.3.2.9-1 -- update to latest upstream stable release 0.3.2.9 (#1532909) - -* Sun Dec 03 2017 Marcel Härry - 0.3.1.9-1 -- update to upstream release 0.3.1.9. Fixes: -- CVE-2017-8819: Replay-cache ineffective for v2 onion services -- CVE-2017-8820: Remote DoS attack against directory authorities -- CVE-2017-8821: An attacker can make Tor ask for a password -- CVE-2017-8822: Relays can pick themselves in a circuit path -- CVE-2017-8823: Use-after-free in onion service v2 - -* Wed Oct 25 2017 Marcel Härry - 0.3.1.8-1 -- update to upstream release 0.3.1.8 - -* Wed Oct 04 2017 Marcel Härry - 0.3.1.7-1 -- update to upstream release 0.3.1.7 - -* Sun Sep 24 2017 Marcel Haerry - 0.2.9.12-1 -- update to upstream release 0.2.9.12 (SECURITY) (#1494860) -- CVE-2017-0380 Stack disclosure in hidden services logs when - SafeLogging disabled (#1493512) (#1493513) -- Cleanup spec - -* Fri Aug 04 2017 Marcel Härry - 0.2.9.11-1 -- update to upstream release 0.2.9.11 (SECURITY) -- CVE-2017-0375 & CVE-2017-0376: denial of service (assertion - failure and daemon exit) (#1461276) (#1461275) - -* Thu Aug 03 2017 Fedora Release Engineering - 0.2.9.10-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Thu Jul 27 2017 Fedora Release Engineering - 0.2.9.10-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Fri Mar 03 2017 Jamie Nguyen - 0.2.9.10-1 -- update to upstream release 0.2.9.10 - -* Sat Feb 11 2017 Fedora Release Engineering - 0.2.8.12-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - -* Tue Dec 20 2016 Jamie Nguyen - 0.2.8.12-1 -- update to upstream release 0.2.8.12 - -* Thu Dec 08 2016 Jamie Nguyen - 0.2.8.11-1 -- update to upstream release 0.2.8.11 - -* Wed Dec 07 2016 Jamie Nguyen - 0.2.8.10-1 -- update to upstream release 0.2.8.10 - -* Wed Oct 19 2016 Jamie Nguyen - 0.2.8.9-1 -- update to upstream release 0.2.8.9 - -* Sun Oct 02 2016 Jamie Nguyen - 0.2.8.8-1 -- update to upstream release 0.2.8.8 - -* Thu Aug 25 2016 Jamie Nguyen - 0.2.8.7-1 -- update to upstream release 0.2.8.7 - -* Sun Aug 21 2016 Jamie Nguyen - 0.2.8.6-2 -- re-add patch0 - -* Sun Aug 21 2016 Jamie Nguyen - 0.2.8.6-1 -- update to upstream release 0.2.8.6 -- remove upstreamed patches - -* Fri Feb 05 2016 Fedora Release Engineering - 0.2.7.6-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Thu Jan 07 2016 Jamie Nguyen - 0.2.7.6-5 -- make ControlSocket writable by toranon group (#1296226) - -* Wed Dec 16 2015 Jamie Nguyen - 0.2.7.6-4 -- fix tmpfiles.d - -* Fri Dec 11 2015 Jamie Nguyen - 0.2.7.6-3 -- place ControlSocket and CookieAuthFile at top of torrc for visibility - -* Fri Dec 11 2015 Jamie Nguyen - 0.2.7.6-2 -- some minor patch fixes - -* Fri Dec 11 2015 Jamie Nguyen - 0.2.7.6-1 -- update to upstream release 0.2.7.6 -- use version of patches that have been accepted upstream -- add ControlSocket and CookieAuthFile to /etc/tor/torrc - -* Thu Dec 10 2015 Jamie Nguyen - 0.2.7.5-6 -- use ReadOnlyDirectories=/var instead of ReadOnlyDirectories=/ (#1290444) - and other service file improvements - -* Sun Dec 06 2015 Jamie Nguyen - 0.2.7.5-5 -- improve systemd scriptlets - -* Sun Dec 06 2015 Jamie Nguyen - 0.2.7.5-4 -- add PermissionsStartOnly=yes and RestartSec=1 to service file - -* Mon Nov 30 2015 Jamie Nguyen - 0.2.7.5-3 -- amend README - -* Mon Nov 30 2015 Jamie Nguyen - 0.2.7.5-2 -- improve summary and description -- use tor-master.service to restart/reload all instances (#1286359) -- add /etc/tor/README - -* Sun Nov 29 2015 Jamie Nguyen - 0.2.7.5-1 -- update to upstream release 0.2.7.5 - -* Mon Nov 09 2015 Jamie Nguyen - 0.2.6.10-6 -- amend patch so that the default of 0700 doesn't change (but instead allow - either 0700 or 0750) - -* Sun Nov 08 2015 Jamie Nguyen - 0.2.6.10-5 -- allow group read of DataDirectory and change owner to root (#1279222), - as otherwise CapabilityBoundingSet requires CAP_READ_SEARCH and SELinux - tor_t requires dac_read_search - -* Sat Oct 03 2015 Jamie Nguyen - 0.2.6.10-4 -- remove NoNewPrivileges as it prevents SELinux transition -- revert to DeviceAllow instead of PrivateDevices due to SELinux denials - -* Tue Sep 29 2015 Jamie Nguyen - 0.2.6.10-3 -- only build with libseccomp support on ix86, x86_64 - -* Tue Sep 29 2015 Jamie Nguyen - 0.2.6.10-2 -- improve systemd integration -- add BR: libseccomp-devel - -* Mon Jul 13 2015 Jamie Nguyen - 0.2.6.10-1 -- update to upstream release 0.2.6.10 - -* Sun Jul 12 2015 Jamie Nguyen - 0.2.6.9-5 -- also fix ExecStartPre in tor@.service - -* Sun Jul 12 2015 Jamie Nguyen - 0.2.6.9-4 -- rebuild - -* Sun Jul 12 2015 Jamie Nguyen - 0.2.6.9-3 -- add missing arguments to config checks executed in ExecStartPre - -* Fri Jul 03 2015 Jamie Nguyen - 0.2.6.9-2 -- remove leading '-' from ReadWriteDirectories - -* Fri Jun 12 2015 Jamie Nguyen - 0.2.6.9-1 -- update to upstream release 0.2.6.9 - -* Thu May 21 2015 Jamie Nguyen - 0.2.6.8-1 -- update to upstream release 0.2.6.8 -- improve/harden systemd service file -- add multi-instance systemd service file (#1210837) - -* Tue Apr 07 2015 Jamie Nguyen - 0.2.5.12-1 -- update to upstream release 0.2.5.12 - -* Mon Mar 23 2015 Jamie Nguyen - 0.2.5.11-1 -- update to upstream release 0.2.5.11 - -* Mon Oct 27 2014 Jamie Nguyen - 0.2.5.10-1 -- update to upstream release 0.2.5.10 - -* Wed Oct 22 2014 Jamie Nguyen - 0.2.4.25-1 -- update to upstream release 0.2.4.25 - -* Tue Sep 23 2014 Jamie Nguyen - 0.2.4.24-1 -- update to upstream release 0.2.4.24 - -* Mon Aug 18 2014 Fedora Release Engineering - 0.2.4.23-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Thu Jul 31 2014 Jamie Nguyen - 0.2.4.23-1 -- update to upstream release 0.2.4.23 -- CVE-2014-5117: potential for traffic-confirmation attacks - -* Sun Jun 08 2014 Fedora Release Engineering - 0.2.4.22-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Mon May 19 2014 Jamie Nguyen - 0.2.4.22-1 -- update to upstream release 0.2.4.22 - -* Wed Mar 26 2014 Jamie Nguyen - 0.2.4.21-2 -- remove `--quiet` from default systemd service file - -* Tue Mar 25 2014 Jamie Nguyen - 0.2.4.21-1 -- update to upstream release 0.2.4.21 -- remove crazy Release numbering -- remove Obsoletes/Provides that were introduced in F19 -- remove tor-tsocks.conf which has been removed completely upstream -- include new file: _datadir/tor/geoip6 - -* Sun Aug 04 2013 Jamie Nguyen - 0.2.3.25-1931 -- add fix for new unversioned docdir - -* Sun Aug 04 2013 Fedora Release Engineering - 0.2.3.25-1930 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Sat Mar 02 2013 Jamie Nguyen 0.2.3.25-1929 -- add "Log notice syslog" back to tor.defaults-torrc as recommended by - upstream: https://bugzilla.redhat.com/show_bug.cgi?id=532373#c19 -- remove unused files in git (verinfo and lastver) -- change URL to HTTPS -- disallow group read for /var/log/tor -- remove TODO as it doesn't contain any useful information - -* Fri Mar 01 2013 Jamie Nguyen 0.2.3.25-1928 -- increase LimitNOFILE in tor.service from 4096 to 32768, as advised by - upstream: https://trac.torproject.org/projects/tor/ticket/8368#comment:4 - -* Thu Feb 28 2013 Jamie Nguyen 0.2.3.25-1927 -- package should own the %%{_datadir}/tor directory - -* Thu Feb 28 2013 Jamie Nguyen 0.2.3.25-1926 -- remove unnecessary custom LDFLAGS - -* Thu Feb 28 2013 Jamie Nguyen 0.2.3.25-1925 -- remove Obsoletes/Provides for tor-doc, which was introduced in Fedora 16 -- add some useful comments about the Obsoletes/Provides/Requires -- add comments about tor.logrotate, tor.defaults-torrc and tor.systemd.service - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1924 -- whitespace changes and reorganization in the interests of readability - and clarity - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1923 -- mix of tabs and spaces, so remove all tabs - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1922 -- the /var/run/tor directory is not needed so remove it, which also fixes - bug #656707 -- use %%_localstatedir instead of %%_var - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1921 -- take a more cautious approach in the %%files section and specify filenames - more explicitly rather than using wildcards, which also makes it easier to - see the contents of the package - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1920 -- remove all modifications to the default tor configuration file so that we - can stick more closely to upstream defaults -- add /usr/share/tor/defaults-torrc file, which only contains two options: - DataDirectory /var/lib/tor - User toranon -- when starting the tor service, use the following options as recommended by - upstream: --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1919 -- split username global variable into separate toruser and torgroup global - variables to improve spec flexibility and ease of comprehension, as well - as matching how upstream have written their spec -- use --with-tor-user=%%toruser and --with-tor-group=%%torgroup options when - running %%configure, as recommended by upstream - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1918 -- after moving the tor-systemd and torify subpackages back into the main tor - package, the %%with_noarch macro and the associated conditionals are no - longer used so remove them - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1917 -- add missing Provides for the obsoleted tor-doc subpackage - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1916 -- move the torify subpackage back into the main tor package to match upstream - expectations and user expectations (ie, yum install tor) -- remove the logic separating the documentation files for tor and torify, - which is now no longer needed -- use --docdir option when running %%configure - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1915 -- move the tor-systemd subpackage back into the main tor package: - the main tor package has a hard requirement on tor-systemd, so there is no - purpose for keeping tor-systemd separate from the main package -- remove "Requires: tor-systemd" - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1914 -- move the tor-core subpackage back into the main tor package to match upstream - expectations and user expectations (ie, yum install tor) - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1913 -- the tor-systemd subpackage is a hard requirement, so remove the conditional - that decides whether it is built - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1912 -- amend logrotate file to match closer with upstream defaults, and removing - references to several obsolete init systems - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1911 -- remove tor-upstart subpackage as upstart is no longer installable within - Fedora and renders the the subpackage obsolete - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1910 -- remove dependency on fedora-usermgmt as it has been queued for obsoletion - from Fedora -- add users and groups without forcing use of uid=19 as it is not necessarily - available, nor is it required or expected by upstream -- do not remove users/groups in %%postun as the guidelines state: - https://fedoraproject.org/wiki/Packaging:UsersAndGroups - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1909 -- change permissions of the following files/directories to match upstream: - /var/log/tor should be owned by toranon:toranon with 0750 permissions; - /var/lib/tor should be owned by toranon:toranon with 0700 permissions; - /etc/tor/torrc should be owned by root:root with 0644 permissions; - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1908 -- remove unnecessary Requires on logrotate directory - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1907 -- remove unnecessary BuildRoot tag -- remove unnecessary rm -rf RPM_BUILD_ROOT -- remove unnecessary %%clean -- remove unnecessary defattr's - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1906 -- remove unnecessary %%_unitdir macro -- remove %%systemd_reqs and %%systemd_install macros, moving the parts to - the appropriate sections to improve readability and consistency with other - SPECS - -* Wed Feb 27 2013 Jamie Nguyen 0.2.3.25-1905 -- remove %%release_func macro to improve readability and consistency with - other SPECS - -* Wed Feb 13 2013 Enrico Scholz - 0.2.3.25-1904 -- fixed torsocks requirement -- conditionalized systemd builds - -* Sun Feb 10 2013 Enrico Scholz - 0.2.3.25-1903 -- reverted "Package cleanup and various fixes"; too invasive and - non-auditable changes which are breaking things - -* Thu Feb 07 2013 Jamie Nguyen - 0.2.3.25-1902 -- torify subpackage should depend on torsocks not tsocks (#908569) - -* Wed Feb 06 2013 Jamie Nguyen - 0.2.3.25-1901 -- add additional %%configure options for user and group -- add --defaults-torrc to systemd service to make sure sane defaults are set - unless explicitly overridden -- remove unnecessary BuildRoot tag -- remove unnecessary rm -rf RPM_BUILD_ROOT -- remove unnecessary %%clean section -- remove unnecessary defattr's -- fix Requires for torify subpackage -- update scriptlets to latest systemd guidelines -- aesthetic changes to the SPEC for clarity and readability - -* Sun Dec 9 2012 Enrico Scholz - 0.2.3.25-1900 -- updated to 0.2.3.25 - -* Sat Sep 22 2012 Enrico Scholz - 0.2.2.39-1900 -- updated to 0.2.2.29 -- CVE-2012-4419: assertion failure when comparing an address with port - 0 to an address policy -- CVE-2012-4422: assertion failure in tor_timegm() -- use %%systemd macros - -* Sun Aug 19 2012 Enrico Scholz - 0.2.2.38-1900 -- updated to 0.2.2.38 -- conditionalized upstart and disabled it by default - -* Fri Jul 27 2012 Fedora Release Engineering - 0.2.2.37-1801 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Tue Jun 12 2012 Enrico Scholz - 0.2.2.37-1800 -- updated to 0.2.2.37 - -* Sat May 26 2012 Enrico Scholz - 0.2.2.36-1800 -- updated to 0.2.2.36 - -* Fri Apr 13 2012 Enrico Scholz - 0.2.2.35-1800 -- build with -fPIE - -* Tue Mar 6 2012 Enrico Scholz -- fixed urls (#800236) - -* Sat Jan 14 2012 Fedora Release Engineering - 0.2.2.35-1702 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Sat Dec 17 2011 Enrico Scholz - 0.2.2.35-1701 -- added 'su' logrotate option (#751525) -- fixed systemd unit file; customization of TimeoutSec + LimitNOFILE is - not possible by environment variables. Hardcode some values which can - be overridden by the systemd .include method (#755167). -- added systemd rule in the postrotate script - -* Sat Dec 17 2011 Enrico Scholz - 0.2.2.35-1700 -- updated to 0.2.2.35 (security) -- CVE-2011-2778: Tor heap-based buffer overflow - -* Fri Oct 28 2011 Enrico Scholz - 0.2.2.34-1700 -- updated to 0.2.2.34; critical privacy/anonymity fixes -- CVE-2011-2768 -- CVE-2011-2769 - -* Wed Oct 26 2011 Fedora Release Engineering - 0.2.2.33-1701 -- Rebuilt for glibc bug#747377 - -* Sun Sep 18 2011 Enrico Scholz - 0.2.2.33-1700 -- updated to 2.2.33 -- removed -doc subpackage because shipped files are not available - anymore -- ship torify files only in torify subpackage; not in main one -- start systemd service after nss-lookup.target (#719476) - -* Thu Jul 28 2011 Enrico Scholz - 0.2.1.30-1700 -- added and use systemd macros - -* Thu Mar 17 2011 Enrico Scholz - 0.2.1.30-1601 -- made EnvironmentFile in systemd definition optional -- systemd: added Requires: for core package; made it noarch - -* Mon Feb 28 2011 Enrico Scholz - 0.2.1.30-1600 -- updated to 0.2.1.30 -- added 'torify' script (#669684) - -* Wed Feb 09 2011 Fedora Release Engineering - 0.2.1.29-1501 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Mon Jan 17 2011 Enrico Scholz - 0.2.1.29-1500 -- updated to 0.2.1.29 (SECURITY) -- CVE-2011-0427: heap overflow bug, potential remote code execution - -* Tue Dec 21 2010 Luke Macken - 0.2.1.28-1502 -- updated to 0.2.1.28 (SECURITY: fixes a remotely exploitable heap overflow bug) - -* Tue Dec 7 2010 Enrico Scholz - 0.2.1.27-1501 -- replaced lsb and sysv init stuff with systemd init script - -* Fri Nov 26 2010 Enrico Scholz - 0.2.1.27-1500 -- updated to 0.2.1.27 -- added tmpfiles.d file to create %%_var/run/%%name directory in -lsb -- work around broken chkconfig by adding dummy Default-Start: in -lsb - -* Fri Nov 26 2010 Enrico Scholz - 0.2.1.26-1500 -- fixed 'limit' statement in upstart script - -* Tue Jun 1 2010 Enrico Scholz - 0.2.1.26-1400 -- updated to 0.2.1.26 -- log to syslog as request by upstream (#532373#19) -- removed workaround to install lsb initscript because parts of the - underlying problem have been fixed in redhat-lsb and the remaining - ones were solved by previous commit -- removed $local_fs dependency in -lsb initscript to workaround - buggy redhat-lsb; $remote_fs should imply it and has been moved to - Should-Start: - -* Tue Jun 1 2010 Enrico Scholz -- created -doc subpackage and moved most (all) files from main into it - -* Sun Mar 28 2010 Enrico Scholz -- added -sysv subpackage - -* Thu Mar 18 2010 Enrico Scholz - 0.2.1.25-1400 -- updated to 0.2.1.25 - -* Wed Mar 3 2010 Enrico Scholz - 0.2.1.24-1402 -- removed /var/lib/tor-data dir (Chen Lei) - -* Tue Mar 2 2010 Enrico Scholz - 0.2.1.24-1401 -- require tor-core, not tor in -upstart (thx to Dave Jones) - -* Sat Feb 27 2010 Enrico Scholz - 0.2.1.24-1400 -- updated to 0.2.1.24 - -* Mon Feb 15 2010 Enrico Scholz - 0.2.1.23-1300 -- updated to 0.2.1.23 - -* Thu Jan 21 2010 Enrico Scholz - 0.2.1.22-1300 -- updated to 0.2.1.22 diff --git a/tor.tmpfiles.d b/tor.tmpfiles.d deleted file mode 100644 index 438d26d..0000000 --- a/tor.tmpfiles.d +++ /dev/null @@ -1 +0,0 @@ -d /run/tor 0750 toranon toranon diff --git a/tor@.service b/tor@.service deleted file mode 100644 index 0406abc..0000000 --- a/tor@.service +++ /dev/null @@ -1,35 +0,0 @@ -[Unit] -Description=Anonymizing overlay network for TCP (instance: %i) -After=syslog.target network.target nss-lookup.target -PartOf=tor-master.service -ReloadPropagatedFrom=tor-master.service - -[Service] -Type=notify -NotifyAccess=all -ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/%i.torrc --verify-config -ExecStart=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/%i.torrc -ExecReload=/bin/kill -HUP ${MAINPID} -KillSignal=SIGINT -TimeoutSec=30 -Restart=on-failure -RestartSec=1 -WatchdogSec=1m -LimitNOFILE=32768 - -# Hardening -PrivateTmp=yes -DeviceAllow=/dev/null rw -DeviceAllow=/dev/urandom r -ProtectHome=yes -ProtectSystem=full -ReadOnlyDirectories=/run -ReadOnlyDirectories=/var -ReadWriteDirectories=/run/tor -ReadWriteDirectories=/var/lib/tor -ReadWriteDirectories=/var/log/tor -CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH -PermissionsStartOnly=yes - -[Install] -WantedBy = multi-user.target