From d0f156a55e3b6699ef681ccc57bebf674cc37468 Mon Sep 17 00:00:00 2001 From: Rui Salvaterra Date: Wed, 23 Nov 2022 19:10:06 +0000 Subject: [PATCH 1/7] tor: bump to 0.4.7.11 stable Quoting the changelog: Changes in version 0.4.7.11 - 2022-11-10 This version contains several major fixes aimed at helping defend against network denial of service. It is also extending drastically the MetricsPort for relays to help us gather more internal data to investigate performance and attacks. We strongly recommend to upgrade to this version especially for Exit relays in order to help the network defend against this ongoing DDoS. o Directory authority changes (dizum, Faravahar): - Change dizum IP address. Closes ticket 40687. - Remove Faravahar until its operator, Sina, set it back up online outside of Team Cymru network. Closes ticket 40688. o Major bugfixes (geoip data): - IPFire informed us on August 12th that databases generated after (including) August 10th did not have proper ARIN network allocations. We are updating the database to use the one generated on August 9th, 2022. Fixes bug 40658; bugfix on 0.4.5.13. o Major bugfixes (onion service): - Set a much higher circuit build timeout for opened client rendezvous circuit. Before this, tor would time them out very quickly leading to unnecessary retries meaning more load on the network. Fixes bug 40694; bugfix on 0.3.5.1-alpha. o Major bugfixes (OSX): - Fix coarse-time computation on Apple platforms (like Mac M1) where the Mach absolute time ticks do not correspond directly to nanoseconds. Previously, we computed our shift value wrong, which led us to give incorrect timing results. Fixes bug 40684; bugfix on 0.3.3.1-alpha. o Major bugfixes (relay): - Improve security of our DNS cache by randomly clipping the TTL value. TROVE-2021-009. Fixes bug 40674; bugfix on 0.3.5.1-alpha. o Minor feature (Mac and iOS build): - Change how combine_libs works on Darwin like platforms to make sure we don't include any `__.SYMDEF` and `__.SYMDEF SORTED` symbols on the archive before we repack and run ${RANLIB} on the archive. This fixes a build issue with recent Xcode versions on Mac Silicon and iOS. Closes ticket 40683. o Minor feature (metrics): - Add various congestion control counters to the MetricsPort. Closes ticket 40708. o Minor feature (performance): - Bump the maximum amount of CPU that can be used from 16 to 128. Note that NumCPUs torrc option overrides this hardcoded maximum. Fixes bug 40703; bugfix on 0.3.5.1-alpha. o Minor feature (relay): - Make an hardcoded value for the maximum of per CPU tasks into a consensus parameter. - Two new consensus parameters are added to control the wait time in queue of the onionskins. One of them is the torrc MaxOnionQueueDelay options which supersedes the consensus parameter. Closes ticket 40704. o Minor feature (relay, DoS): - Apply circuit creation anti-DoS defenses if the outbound circuit max cell queue size is reached too many times. This introduces two new consensus parameters to control the queue size limit and number of times allowed to go over that limit. Closes ticket 40680. o Minor feature (relay, metrics): - Add DoS defenses counter to MetricsPort. - Add congestion control RTT reset counter to MetricsPort. - Add counters to the MetricsPort how many connections, per type, are currently opened and how many were created. - Add relay flags from the consensus to the MetricsPort. - Add total number of opened circuits to MetricsPort. - Add total number of streams seen by an Exit to the MetricsPort. - Add traffic stats as in number of read/written bytes in total. - Related to ticket 40194. o Minor features (fallbackdir): - Regenerate fallback directories generated on November 10, 2022. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2022/11/10. o Minor bugfixes (authorities, sandbox): - Allow to write file my-consensus- to disk when sandbox is activated. Fixes bug 40663; bugfix on 0.3.5.1-alpha. o Minor bugfixes (dirauth): - Directory authorities stop voting a consensus "Measured" weight for relays with the Authority flag. Now these relays will be considered unmeasured, which should reserve their bandwidth for their dir auth role and minimize distractions from other roles. In place of the "Measured" weight, they now include a "MeasuredButAuthority" weight (not used by anything) so the bandwidth authority's opinion on this relay can be recorded for posterity. Lastly, remove the AuthDirDontVoteOnDirAuthBandwidth torrc option which never worked right. Fixes bugs 40698 and 40700; bugfix on 0.4.7.2-alpha. o Minor bugfixes (onion service client): - A collapsing onion service circuit should be seen as an "unreachable" error so it can be retried. Fixes bug 40692; bugfix on 0.3.5.1-alpha. o Minor bugfixes (onion service): - Make the service retry a rendezvous if the circuit is being repurposed for measurements. Fixes bug 40696; bugfix on 0.3.5.1-alpha. o Minor bugfixes (relay overload statistics): - Count total create cells vs dropped create cells properly, when assessing if our fraction of dropped cells is too high. We only count non-client circuits in the denominator, but we would include client circuits in the numerator, leading to surprising log lines claiming that we had dropped more than 100% of incoming create cells. Fixes bug 40673; bugfix on 0.4.7.1-alpha. o Code simplification and refactoring (bridges): - Remove unused code related to ExtPort connection ID. Fixes bug 40648; bugfix on 0.3.5.1-alpha. Signed-off-by: Rui Salvaterra (cherry picked from commit 9136ff153249eac852b71e18107c68d78fd47215) --- net/tor/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/tor/Makefile b/net/tor/Makefile index 9dec356f9f..f61392877c 100644 --- a/net/tor/Makefile +++ b/net/tor/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tor -PKG_VERSION:=0.4.7.10 +PKG_VERSION:=0.4.7.11 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://dist.torproject.org/ \ https://archive.torproject.org/tor-package-archive -PKG_HASH:=647e56dfa59ea36dab052027fcfc7663905c826c03509363c456900ecd435a5b +PKG_HASH:=cf3cafbeedbdbc5fd1c0540e74d6d10a005eadff929098393815f867e32a136e PKG_MAINTAINER:=Hauke Mehrtens \ Peter Wagner PKG_LICENSE_FILES:=LICENSE From 90d25bc61c92508f0485633798a7f087fc42d5a3 Mon Sep 17 00:00:00 2001 From: Rui Salvaterra Date: Thu, 8 Dec 2022 18:40:05 +0000 Subject: [PATCH 2/7] tor: bump to 0.4.7.12 stable Quoting the changelog: Changes in version 0.4.7.12 - 2022-12-06 This version contains a major change that is a new key for moria1. Also, new metrics are exported on the MetricsPort for the congestion control subsystem. o Directory authority changes (moria1): - Rotate the relay identity key and v3 identity key for moria1. They have been online for more than a decade and refreshing keys periodically is good practice. Advertise new ports too, to avoid confusion. Closes ticket 40722. o Minor feature (Congestion control metrics): - Add additional metricsport relay metrics for congestion control. Closes ticket 40724. o Minor features (fallbackdir): - Regenerate fallback directories generated on December 06, 2022. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2022/12/06. o Minor bugfixes (cpuworker, relay): - Fix an off by one overload calculation on the number of CPUs being used by our thread pool. Fixes bug 40719; bugfix on 0.3.5.1-alpha. Signed-off-by: Rui Salvaterra (cherry picked from commit 3fd37a234c61146f6f6e921f7e3c7adfb19f4623) --- net/tor/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/tor/Makefile b/net/tor/Makefile index f61392877c..24145a7e18 100644 --- a/net/tor/Makefile +++ b/net/tor/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tor -PKG_VERSION:=0.4.7.11 +PKG_VERSION:=0.4.7.12 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://dist.torproject.org/ \ https://archive.torproject.org/tor-package-archive -PKG_HASH:=cf3cafbeedbdbc5fd1c0540e74d6d10a005eadff929098393815f867e32a136e +PKG_HASH:=3b5d969712c467851bd028f314343ef15a97ea457191e93ffa97310b05b9e395 PKG_MAINTAINER:=Hauke Mehrtens \ Peter Wagner PKG_LICENSE_FILES:=LICENSE From ba17b22a10c1a640eb6672abacf2b0415f48f611 Mon Sep 17 00:00:00 2001 From: Daniel Bermond Date: Sun, 19 Feb 2023 11:20:37 -0300 Subject: [PATCH 3/7] tor: update to version 0.4.7.13 Maintainers : @hauke (Hauke Mehrtens) and @tripolar (Peter Wagner) Build system : Arch Linux x86_64 Build tested : r7800 OpenWrt git master (r22104-01262c921c) Run tested : r7800 OpenWrt git master (r22104-01262c921c) Signed-off-by: Daniel Bermond (cherry picked from commit 5f0a9ec722266a15739786aed12e2c33e9da7acd) --- net/tor/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/tor/Makefile b/net/tor/Makefile index 24145a7e18..ad320ac3dc 100644 --- a/net/tor/Makefile +++ b/net/tor/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tor -PKG_VERSION:=0.4.7.12 +PKG_VERSION:=0.4.7.13 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://dist.torproject.org/ \ https://archive.torproject.org/tor-package-archive -PKG_HASH:=3b5d969712c467851bd028f314343ef15a97ea457191e93ffa97310b05b9e395 +PKG_HASH:=2079172cce034556f110048e26083ce9bea751f3154b0ad2809751815b11ea9d PKG_MAINTAINER:=Hauke Mehrtens \ Peter Wagner PKG_LICENSE_FILES:=LICENSE From d7b84bfc3294473d2ae8850ca854a75377d8184f Mon Sep 17 00:00:00 2001 From: Rui Salvaterra Date: Wed, 26 Jul 2023 23:32:34 +0100 Subject: [PATCH 4/7] tor: update to 0.4.8.4 stable First release of the 0.4.8.x series, see the changelog [1] for what's new. [1] https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.4/ChangeLog Signed-off-by: Rui Salvaterra (cherry picked from commit 1b2c1ddbb2a693aca87fae96beff3b1741951c90) --- net/tor/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/tor/Makefile b/net/tor/Makefile index ad320ac3dc..75f36e1c11 100644 --- a/net/tor/Makefile +++ b/net/tor/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tor -PKG_VERSION:=0.4.7.13 +PKG_VERSION:=0.4.8.4 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://dist.torproject.org/ \ https://archive.torproject.org/tor-package-archive -PKG_HASH:=2079172cce034556f110048e26083ce9bea751f3154b0ad2809751815b11ea9d +PKG_HASH:=09c1ce74a25fc3b48c81ff146cbd0dd538cbbb8fe4e2964fc2fb2b192f6a1d2b PKG_MAINTAINER:=Hauke Mehrtens \ Peter Wagner PKG_LICENSE_FILES:=LICENSE From f532413ba21cfa2ed2e09c1d3ee2efef6d59285b Mon Sep 17 00:00:00 2001 From: ValdikSS ValdikSS Date: Sun, 22 Oct 2023 19:30:04 +0300 Subject: [PATCH 5/7] tor: fix daemon reloading procd requires init script name, not the path to executable Signed-off-by: ValdikSS ValdikSS (cherry picked from commit af58942738c13c431f531e78f368d18a0d2dd84d) --- net/tor/Makefile | 2 +- net/tor/files/tor.init | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/net/tor/Makefile b/net/tor/Makefile index 75f36e1c11..96d9d99a9c 100644 --- a/net/tor/Makefile +++ b/net/tor/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tor PKG_VERSION:=0.4.8.4 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://dist.torproject.org/ \ diff --git a/net/tor/files/tor.init b/net/tor/files/tor.init index 142e2512de..cb1cb73c5c 100644 --- a/net/tor/files/tor.init +++ b/net/tor/files/tor.init @@ -32,7 +32,7 @@ generate_conf() { } reload_service() { - procd_send_signal /usr/sbin/tor + procd_send_signal tor } start_service() { From 55b7f6f501db1ef3ceee8cbea8304379d27fa4fe Mon Sep 17 00:00:00 2001 From: Rui Salvaterra Date: Sun, 3 Sep 2023 18:22:55 +0100 Subject: [PATCH 6/7] tor: update to 0.4.8.7 stable Bugfix release, see the changelog [1] for what's new. [1] https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.7/ChangeLog Signed-off-by: Rui Salvaterra (cherry picked from commit 5cb304e2b3484691b9f60a3a47a707dfcf5fa34b) --- net/tor/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/tor/Makefile b/net/tor/Makefile index 96d9d99a9c..973653b8a2 100644 --- a/net/tor/Makefile +++ b/net/tor/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tor -PKG_VERSION:=0.4.8.4 -PKG_RELEASE:=2 +PKG_VERSION:=0.4.8.7 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://dist.torproject.org/ \ https://archive.torproject.org/tor-package-archive -PKG_HASH:=09c1ce74a25fc3b48c81ff146cbd0dd538cbbb8fe4e2964fc2fb2b192f6a1d2b +PKG_HASH:=b20d2b9c74db28a00c07f090ee5b0241b2b684f3afdecccc6b8008931c557491 PKG_MAINTAINER:=Hauke Mehrtens \ Peter Wagner PKG_LICENSE_FILES:=LICENSE From 9ccca540891acda780aa42e5bc80bd1df08cedca Mon Sep 17 00:00:00 2001 From: Tianling Shen Date: Wed, 28 Feb 2024 00:39:15 +0800 Subject: [PATCH 7/7] rclone: add fuse3-utils as dependency rclone has switched to use fuse3 since v1.62.0. Reported-by: qiuzi Signed-off-by: Tianling Shen (cherry picked from commit df9d076d600a3d02da198af4a625980ed0633d2a) --- net/rclone/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/rclone/Makefile b/net/rclone/Makefile index bedc9e243f..3d2a2ab7d1 100644 --- a/net/rclone/Makefile +++ b/net/rclone/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=rclone PKG_VERSION:=1.65.2 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/rclone/rclone/tar.gz/v$(PKG_VERSION)? @@ -43,7 +43,7 @@ endef define Package/rclone $(call Package/rclone/Default) - DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle +fuse-utils + DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle +fuse3-utils USERID:=rclone:rclone endef