outdated Tor version in Fedora (missing security fixes)

Fennix cn.stefan at gmail.com
Fri Jun 10 16:28:14 UTC 2011


On Fri, Jun 10, 2011 at 2:19 AM, Christoph A. <casmls at gmail.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 06/07/2011 04:06 PM, Fennix wrote:
> > Umm, you could just download the source file and compile yourself...
>
> Yes, *I* could, but if Fedora ships a vulnerable package this affects a
> lot more people then just me.
>
> Compiling is always a possibility but the last one I would choose.
> F14 contains latest stable (0.2.1.30) now and in future I (and hopefully
> others) will give some karma to Enricos packages :)
>
> > I always compile the latest alpha/beta and the current is 0.2.2.27-beta
> > which is working perfectly well for me.
>
> Actually it is 0.2.2.28-beta
> https://lists.torproject.org/pipermail/tor-talk/2011-June/020596.html
>
> You don't have to compile, you can use unofficial repos if you want Tor
> 0.2.2.x.
> http://deb.torproject.org/torproject.org/rpm/fc14-experimental/
> (packages usually take some time after the a new Tor version was released)
> I don't use the unofficial packages because I don't know if they fit
> with the SELinux policy.
>
> Does your self compiled tor daemon run in tor_t?
>

As to the SELinux policy questions...I am not sure. I have always compiled
and the TOR package has always worked without any SELinux complaints so for
this question I have never looked into this.  The reason that I try to run
the latest alpha/beta is due to that I am living in China and I need this to
allow me to access some websites that for reasons unknown to me are
blocked.  I just use TOR for routing...have no concern to hide my usage...

/fennix
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20110611/7623cf3d/attachment.html 


More information about the users mailing list