mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
1452738c2e
Changes in version 0.4.7.8 - 2022-06-17
This version fixes several bugfixes including a High severity security issue
categorized as a Denial of Service. Everyone running an earlier version
should upgrade to this version.
o Major bugfixes (congestion control, TROVE-2022-001):
- Fix a scenario where RTT estimation can become wedged, seriously
degrading congestion control performance on all circuits. This
impacts clients, onion services, and relays, and can be triggered
remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes
bug 40626; bugfix on 0.4.7.5-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on June 17, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/06/17.
o Minor bugfixes (linux seccomp2 sandbox):
- Allow the rseq system call in the sandbox. This solves a crash
issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
40601; bugfix on 0.3.5.11.
o Minor bugfixes (logging):
- Demote a harmless warn log message about finding a second hop to
from warn level to info level, if we do not have enough
descriptors yet. Leave it at notice level for other cases. Fixes
bug 40603; bugfix on 0.4.7.1-alpha.
- Demote a notice log message about "Unexpected path length" to info
level. These cases seem to happen arbitrarily, and we likely will
never find all of them before the switch to arti. Fixes bug 40612;
bugfix on 0.4.7.5-alpha.
o Minor bugfixes (relay, logging):
- Demote a harmless XOFF log message to from notice level to info
level. Fixes bug 40620; bugfix on 0.4.7.5-alpha.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
125 lines
4.3 KiB
Plaintext
125 lines
4.3 KiB
Plaintext
###############################################################################
|
|
# #
|
|
# IPFire.org - A linux based firewall #
|
|
# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
|
|
# #
|
|
# This program is free software: you can redistribute it and/or modify #
|
|
# it under the terms of the GNU General Public License as published by #
|
|
# the Free Software Foundation, either version 3 of the License, or #
|
|
# (at your option) any later version. #
|
|
# #
|
|
# This program is distributed in the hope that it will be useful, #
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
|
|
# GNU General Public License for more details. #
|
|
# #
|
|
# You should have received a copy of the GNU General Public License #
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
|
|
# #
|
|
###############################################################################
|
|
|
|
###############################################################################
|
|
# Definitions
|
|
###############################################################################
|
|
|
|
include Config
|
|
|
|
SUMMARY = Anonymizing overlay network for TCP (The onion router)
|
|
|
|
VER = 0.4.7.8
|
|
|
|
THISAPP = tor-$(VER)
|
|
DL_FILE = $(THISAPP).tar.gz
|
|
DL_FROM = $(URL_IPFIRE)
|
|
DIR_APP = $(DIR_SRC)/$(THISAPP)
|
|
TARGET = $(DIR_INFO)/$(THISAPP)
|
|
PROG = tor
|
|
PAK_VER = 70
|
|
|
|
DEPS = libseccomp
|
|
|
|
SERVICES = tor
|
|
|
|
###############################################################################
|
|
# Top-level Rules
|
|
###############################################################################
|
|
|
|
objects = $(DL_FILE)
|
|
|
|
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
|
|
|
|
$(DL_FILE)_BLAKE2 = 40f6eab453d95a09e4531ce7cdb59715a21b84e1d0b1045d107add6a443fb7563a5747734b23e0e1dfda6490a5a7659f912e38c11cdb5fa635535dcff6169eeb
|
|
|
|
install : $(TARGET)
|
|
|
|
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
|
|
|
|
download :$(patsubst %,$(DIR_DL)/%,$(objects))
|
|
|
|
b2 : $(subst %,%_BLAKE2,$(objects))
|
|
|
|
dist:
|
|
@$(PAK)
|
|
|
|
###############################################################################
|
|
# Downloading, checking, b2sum
|
|
###############################################################################
|
|
|
|
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
|
|
@$(CHECK)
|
|
|
|
$(patsubst %,$(DIR_DL)/%,$(objects)) :
|
|
@$(LOAD)
|
|
|
|
$(subst %,%_BLAKE2,$(objects)) :
|
|
@$(B2SUM)
|
|
|
|
###############################################################################
|
|
# Installation Details
|
|
###############################################################################
|
|
|
|
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
|
|
@$(PREBUILD)
|
|
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
|
|
cd $(DIR_APP) && \
|
|
./configure \
|
|
--prefix=/usr \
|
|
--sysconfdir=/etc \
|
|
--localstatedir=/var \
|
|
--with-tor-user=tor \
|
|
--with-tor-group=tor
|
|
|
|
cd $(DIR_APP) && make $(MAKETUNING)
|
|
cd $(DIR_APP) && make install
|
|
|
|
# Install configuration files.
|
|
mkdir -pv /var/ipfire/tor /var/lib/tor /var/log/tor
|
|
touch /var/ipfire/tor/settings
|
|
mv /etc/tor/torrc.sample /var/ipfire/tor/torrc
|
|
ln -svf /var/ipfire/tor/torrc /etc/tor/torrc
|
|
|
|
# Adjust ownerships.
|
|
chown -R nobody:nobody /var/lib/tor /var/ipfire/tor
|
|
|
|
# Logrotate
|
|
mkdir -pv /etc/logrotate.d
|
|
install -v -m 644 $(DIR_SRC)/config/tor/tor.logrotate \
|
|
/etc/logrotate.d/tor
|
|
|
|
# Defaults
|
|
mkdir -pv /usr/share/tor
|
|
install -v -m 644 $(DIR_SRC)/config/tor/defaults-torrc \
|
|
/usr/share/tor/defaults-torrc
|
|
|
|
# Install initscripts
|
|
$(call INSTALL_INITSCRIPTS,$(SERVICES))
|
|
|
|
# Install start links and backup include file.
|
|
ln -sf ../init.d/tor /etc/rc.d/rc3.d/S60tor
|
|
ln -sf ../init.d/tor /etc/rc.d/rc0.d/K40tor
|
|
ln -sf ../init.d/tor /etc/rc.d/rc6.d/K40tor
|
|
install -v -m 644 $(DIR_SRC)/config/backup/includes/tor \
|
|
/var/ipfire/backup/addons/includes/tor
|
|
@rm -rf $(DIR_APP)
|
|
@$(POSTBUILD)
|