Hello,
TL;RD: if you are a bridge operator please update obfs4proxy to a version>=0.0.12.
There is a new version of obfs4proxy (>=0.0.12) which fixes a security issue[0]. Tor Browser has already updated to the new version, which reduces a bit the security problem, but introduces a partial incompatibility between versions[1]. Because of that updating to the latest version greatly will help bridge users.
If you use debian you can find the latest version bullseye-backports[2]. If you use docker there is a new version of the official docker image that you can upgrade to[3].
Thank you for running bridges, let me know if you need any help upgrading it.
[0] https://lists.torproject.org/pipermail/anti-censorship-team/2022-January/000... [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40804 [2] https://packages.debian.org/stable-backports/obfs4proxy [3] https://hub.docker.com/layers/thetorproject/obfs4-bridge/0.11/images/sha256-...
On 21 Mar 2022, 17:46 +0000, meskio meskio@torproject.org, wrote:
Hello,
TL;RD: if you are a bridge operator please update obfs4proxy to a version>=0.0.12.
Thanks, done.
Worth noting I had to adjust (on Debian) /etc/apparmor.d/abstractions/tor to contain:
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
To prevent the error:
apparmor="DENIED" operation="open" profile="system_tor" name="/sys/kernel/mm/transparent_hugepage/hpage_pmd_size
per [1].
And be sure to setcap the obfs4proxy binary again if running on a port<1024, as well as restart Tor after updating.
Cheers.
[1]: https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1839505....
On 3/21/22 18:45, meskio wrote:
Thank you for running bridges, let me know if you need any help upgrading it.
I'm not really familar with Debian and do wonder, what line I have to add to /etc/apt/apt.conf.d/50unattended-upgrades to get that automatically installed ? Maybe I need to add the repo too ?
Currently it looks like:
~# cat /etc/apt/apt.conf.d/50unattended-upgrades Unattended-Upgrade::Origins-Pattern { "origin=Debian,codename=${distro_codename},label=Debian"; "origin=Debian,codename=${distro_codename},label=Debian-Security";
"origin=Debian,codename=${distro_codename}-security,label=Debian-Security"; "origin=TorProject"; }; Unattended-Upgrade::Package-Blacklist { }; Unattended-Upgrade::Automatic-Reboot "true";
On Wednesday, March 23, 2022 6:08:10 PM CET Toralf Förster wrote:
On 3/21/22 18:45, meskio wrote:
Thank you for running bridges, let me know if you need any help upgrading it.
I'm not really familar with Debian and do wonder, what line I have to add to /etc/apt/apt.conf.d/50unattended-upgrades to get that automatically installed ? Maybe I need to add the repo too ?
Yes, first edit '/etc/apt/sources.list':
# bullseye-backports, previously on backports.debian.org deb http://deb.debian.org/debian/ bullseye-backports main #deb-src http://deb.debian.org/debian/ bullseye-backports main
Then install:
apt update apt install -t bullseye-backports obfs4proxy
https://backports.debian.org/Instructions/ You should always install individual packages from the backports archive. Don't use apt-pinning for the whole backport archive in '/etc/apt/preferences'.
tor-relays@lists.torproject.org
-
lists@for-privacy.net -
meskio -
Spydar007 -
Toralf Förster