mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
Forward port debian 0.2.0.26-rc-1 to trunk
svn:r14933
This commit is contained in:
parent
00405468aa
commit
81429fdc34
23
debian/changelog
vendored
23
debian/changelog
vendored
@ -4,6 +4,29 @@ tor (0.2.1.0-unreleased-1) XXperimental; urgency=low
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Wed, 19 Mar 2008 20:09:25 +0100
|
||||
|
||||
tor (0.2.0.26-rc-1) experimental; urgency=critical
|
||||
|
||||
* New upstream version.
|
||||
* Conflict with old libssls.
|
||||
* On upgrading from versions prior to, including, 0.1.2.19-2, or
|
||||
from versions later than 0.2.0 and prior to 0.2.0.26-rc do the
|
||||
following, and if we are a server (we have a /var/lib/tor/keys
|
||||
directory)
|
||||
- move /var/lib/tor/keys/secret_onion_key out of the way.
|
||||
- move /var/lib/tor/keys/secret_onion_key.old out of the way.
|
||||
- move /var/lib/tor/keys/secret_id_key out of the way if it was
|
||||
created on or after 2006-09-17, which is the day the bad
|
||||
libssl was uploaded to Debian unstable.
|
||||
* Add a NEWS file explaining this change.
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Tue, 13 May 2008 16:11:21 +0200
|
||||
|
||||
tor (0.2.0.24-rc-1) experimental; urgency=low
|
||||
|
||||
* New upstream version.
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Wed, 23 Apr 2008 02:25:22 +0200
|
||||
|
||||
tor (0.2.0.23-rc-1) experimental; urgency=low
|
||||
|
||||
* New upstream version.
|
||||
|
1
debian/control
vendored
1
debian/control
vendored
@ -8,6 +8,7 @@ Standards-Version: 3.7.2
|
||||
Package: tor
|
||||
Architecture: any
|
||||
Depends: ${shlibs:Depends}, adduser, tsocks
|
||||
Conflicts: libssl0.9.8 (<< 0.9.8g-9)
|
||||
Recommends: privoxy | polipo (>= 1), socat, logrotate
|
||||
Suggests: mixmaster, mixminion, anon-proxy
|
||||
Description: anonymizing overlay network for TCP
|
||||
|
16
debian/tor.NEWS
vendored
Normal file
16
debian/tor.NEWS
vendored
Normal file
@ -0,0 +1,16 @@
|
||||
tor (0.2.0.26-rc-1) experimental; urgency=critical
|
||||
|
||||
* weak cryptographic keys
|
||||
|
||||
It has been discovered that the random number generator in Debian's
|
||||
openssl package is predictable. This is caused by an incorrect
|
||||
Debian-specific change to the openssl package (CVE-2008-0166). As a
|
||||
result, cryptographic key material may be guessable.
|
||||
|
||||
See Debian Security Advisory number 1571 (DSA-1571) for more information:
|
||||
http://lists.debian.org/debian-security-announce/2008/msg00152.html
|
||||
|
||||
If you run a Tor server using this package please see
|
||||
/var/lib/tor/keys/moved-away-by-tor-package/README.REALLY
|
||||
|
||||
-- Peter Palfrader <weasel@debian.org> Tue, 13 May 2008 12:49:05 +0200
|
65
debian/tor.postinst
vendored
65
debian/tor.postinst
vendored
@ -51,6 +51,71 @@ find /var/log/tor \( \( ! -user debian-tor \) -o \( ! -group adm \) \) -print0 |
|
||||
find /var/log/tor -type d -print0 | xargs -0 --no-run-if-empty chmod 02750
|
||||
find /var/log/tor -type f -print0 | xargs -0 --no-run-if-empty chmod 00640
|
||||
|
||||
|
||||
move_away_keys=0
|
||||
|
||||
if [ "$1" = "configure" ] &&
|
||||
[ -e /var/lib/tor/keys ] &&
|
||||
[ ! -z "$2" ]; then
|
||||
if dpkg --compare-versions "$2" lt 0.1.2.19-2; then
|
||||
move_away_keys=1
|
||||
elif dpkg --compare-versions "$2" gt 0.2.0 &&
|
||||
dpkg --compare-versions "$2" lt 0.2.0.26-rc; then
|
||||
move_away_keys=1
|
||||
fi
|
||||
fi
|
||||
if [ "$move_away_keys" = "1" ]; then
|
||||
echo "Retiring possibly compromised keys. See /usr/share/doc/tor/NEWS.Debian.gz"
|
||||
echo "and /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY for"
|
||||
echo "further information."
|
||||
if ! [ -d /var/lib/tor/keys/moved-away-by-tor-package ]; then
|
||||
mkdir /var/lib/tor/keys/moved-away-by-tor-package
|
||||
cat > /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY << EOF
|
||||
It has been discovered that the random number generator in Debian's
|
||||
openssl package is predictable. This is caused by an incorrect
|
||||
Debian-specific change to the openssl package (CVE-2008-0166). As a
|
||||
result, cryptographic key material may be guessable.
|
||||
|
||||
See Debian Security Advisory number 1571 (DSA-1571) for more information:
|
||||
http://lists.debian.org/debian-security-announce/2008/msg00152.html
|
||||
|
||||
The Debian package for Tor has moved away the onion keys upon package
|
||||
upgrade, and it will have moved away your identity key if it was created
|
||||
in the affected timeframe. There is no sure way to automatically tell
|
||||
if your key was created with an affected openssl library, so this move
|
||||
is done unconditionally.
|
||||
|
||||
If you have restarted Tor since this change (and the package probably
|
||||
did that for you already unless you configured your system differently)
|
||||
then the Tor daemon already created new keys for itself and in all
|
||||
likelyhood is already working just fine with new keys.
|
||||
|
||||
If you are absolutely certain that your identity key was created with
|
||||
a non-affected version of openssl and for some reason you have to retain
|
||||
the old identity, then you can move back the copy of secret_id_key to
|
||||
/var/lib/tor/keys. Do not move back the onion keys, they were created
|
||||
only recently since they are temporary keys with a lifetime of only a few
|
||||
days anyway.
|
||||
|
||||
Sincerely,
|
||||
Peter Palfrader, Tue, 13 May 2008 13:32:23 +0200
|
||||
EOF
|
||||
fi
|
||||
for f in secret_onion_key secret_onion_key.old; do
|
||||
if [ -e /var/lib/tor/keys/"$f" ]; then
|
||||
mv -v /var/lib/tor/keys/"$f" /var/lib/tor/keys/moved-away-by-tor-package/"$f"
|
||||
fi
|
||||
done
|
||||
if [ -e /var/lib/tor/keys/secret_id_key ]; then
|
||||
id_mtime=`/usr/bin/stat -c %Y /var/lib/tor/keys/secret_id_key`
|
||||
sept=`date -d '2006-09-10' +%s`
|
||||
if [ "$id_mtime" -gt "$sept" ] ; then
|
||||
mv -v /var/lib/tor/keys/secret_id_key /var/lib/tor/keys/moved-away-by-tor-package/secret_id_key
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
||||
|
Loading…
Reference in New Issue
Block a user