Bug#1058938: bookworm-pu: package onionprobe/1.0.0+ds-2.1+deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
Control: affects -1 + src:onionprobe
Dear release team,
[ Reason ]
On bullseye, this works without a warning:
$ tor --hash-password some-string
16:A871A161E60E3C3960934C88AA783AC6B693DF63CF7897CA5E87219E26
Whereas on bookworm, this throws a warning:
$ tor --hash-password some-string
Sep 28 20:48:10.111 [warn] Tor was compiled with zstd 1.5.2, but is running with zstd 1.5.4. For safety, we'll avoid using advanced zstd functionality.
16:E4DFE5BA0F5C257060D3D092B5666351C8A04DEF6C77E27DAE7B6015A8
Due to this, onionprobe fails to initialize Tor.
This was fixed, both upstream and in Debian unstable via 1.1.2+ds-1.
[ Impact ]
Severe, as onionprobe fails to work as expected. There are no
workarounds.
[ Tests ]
Tests were done both manually and on production systems for several
weeks.
[ Risks ]
There should be none.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Pull in upstream fix to silence Tor if generating hashed passwords.
Thanks for your work!
Cheers,
Georg
diff -Nru onionprobe-1.0.0+ds/debian/changelog onionprobe-1.0.0+ds/debian/changelog
--- onionprobe-1.0.0+ds/debian/changelog 2022-07-20 19:16:36.000000000 +0000
+++ onionprobe-1.0.0+ds/debian/changelog 2023-12-18 14:30:56.000000000 +0000
@@ -1,3 +1,11 @@
+onionprobe (1.0.0+ds-2.1+deb12u1) bookworm; urgency=medium
+
+ * debian/patches:
+ - Pull in upstream fix to silence Tor if generating hashed passwords.
+ (Closes: 1053204)
+
+ -- Georg Faerber <georg@debian.org> Mon, 18 Dec 2023 14:30:56 +0000
+
onionprobe (1.0.0+ds-2) unstable; urgency=medium
* Source-only upload to allow migration.
diff -Nru onionprobe-1.0.0+ds/debian/patches/0001-Fix-make-the-tor-process-quiet-when-generating-hashed-passwords.patch onionprobe-1.0.0+ds/debian/patches/0001-Fix-make-the-tor-process-quiet-when-generating-hashed-passwords.patch
--- onionprobe-1.0.0+ds/debian/patches/0001-Fix-make-the-tor-process-quiet-when-generating-hashed-passwords.patch 1970-01-01 00:00:00.000000000 +0000
+++ onionprobe-1.0.0+ds/debian/patches/0001-Fix-make-the-tor-process-quiet-when-generating-hashed-passwords.patch 2023-12-18 14:30:56.000000000 +0000
@@ -0,0 +1,21 @@
+Description: Fix: make the tor process quiet when generating hashed passwords
+Author: Silvio Rhatto <rhatto@torproject.org>
+Origin: upstream
+Applied-Upstream: 6bb2a64fa73e2f678279709f82823f90fd3dc672
+Reviewed-by: Georg Faerber <georg@debian.org>
+Last-Update: 2023-12-18
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: onionprobe/packages/onionprobe/tor.py
+===================================================================
+--- onionprobe.orig/packages/onionprobe/tor.py 2023-12-18 14:20:02.960327906 +0000
++++ onionprobe/packages/onionprobe/tor.py 2023-12-18 14:21:17.442024820 +0000
+@@ -166,7 +166,7 @@
+ import subprocess
+
+ tor = shutil.which('tor')
+- result = subprocess.check_output([tor, '--hash-password', password], text=True)
++ result = subprocess.check_output([tor, '--quiet', '--hash-password', password], text=True)
+
+ return result
+
diff -Nru onionprobe-1.0.0+ds/debian/patches/series onionprobe-1.0.0+ds/debian/patches/series
--- onionprobe-1.0.0+ds/debian/patches/series 1970-01-01 00:00:00.000000000 +0000
+++ onionprobe-1.0.0+ds/debian/patches/series 2023-12-18 14:30:56.000000000 +0000
@@ -0,0 +1 @@
+0001-Fix-make-the-tor-process-quiet-when-generating-hashed-passwords.patch
Reply to: