[tor-relays] security update for obfs4proxy

[meskio]

Quoting tor-relays mailing list via Tor Project Forum (2022-10-29 23:35:39)
> I understand that the updated package 0.0.14 is available in Debian 11 
> "bullseye" backports. Thank you!
> 
> Unfortunately I am running Ubuntu 22.04 LTS "jammy" on my two VPS and the most recent version available is 0.0.13. My previous attempt to get 0.0.13 backported into Ubuntu 20.04 LTS "focal" was not successful [1], therefore I see little room to get 0.0.14 into jammy or jammy backports.
> 
> On Fedora 35, 36 & 37 obfs4-0.0.11 is available. I am happy to see that a bug is filed [2] "obfs4-0.0.14 is available" and worked on.
> 
> At the moment I have no possibility to update obfs4proxy, unless I switch to Debian 11. One of my two hosters is only offering Debian 10 "buster", so even this would not help.
> 
> I have read the discussion on [3] and would be very happy to see obfs4proxy for Ubuntu and Fedora (if the folks at Fedora agree or maybe can help?) in the Tor Project repository.
>
> In the meantime, until an update is available, please let me know whether I 
> should shut down my two bridges.

Yes, we are exploring if we can provide obfs4proxy in our own repo to solve this 
problem.

In the mean time I have built a backport of the package for jammy:
https://people.torproject.org/~meskio/jammy/obfs4proxy_0.0.14-1_amd64.deb
If you feel comfortable trusting my package please use it in your system.

Thank you.

-- 
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20221103/7f178fac/attachment.sig>