tor 0.2.4.27-1build0.14.04.1 source package in Ubuntu
Changelog
tor (0.2.4.27-1build0.14.04.1) trusty-security; urgency=medium
* Synced from Debian as a security update
tor (0.2.4.27-1) wheezy-security; urgency=medium
* New upstream version, fixing hidden service related Denial of
Service bugs:
- Fix two remotely triggerable assertion failures (upstream bugs
#15600 and #15601).
- Disallow multiple INTRODUCE1 cells on the same circuit at introduction
points, making overwhelming hidden services with introductions more
expensive (upstream bug #15515).
tor (0.2.4.26-1) wheezy-security; urgency=medium
* New upstream version.
+ Fixes the following security relevant issues (copied from upstream
changelog):
- Fix an assertion failure that could occur under high DNS load.
Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
diagnosed and fixed by "cypherpunks".
- Fix a bug that could lead to a relay crashing with an assertion
failure if a buffer of exactly the wrong layout was passed to
buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
0.2.0.10-alpha. Patch from 'cypherpunks'.
- Do not assert if the 'data' pointer on a buffer is advanced to the
very end of the buffer; log a BUG message instead. Only assert if
it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
- Disable support for SSLv3. All versions of OpenSSL in use with Tor
today support TLS 1.0 or later, so we can safely turn off support
for this old (and insecure) protocol. Fixes bug 13426.
+ Updates the list of directory authorities and the geoIP database.
tor (0.2.4.24-1) wheezy; urgency=low
* New upstream version, built for stable (re: #762587):
- Use correct byte order when sending the address of the chosen rendezvous
point to a hidden service. This bug meant that clients were leaking to
the hidden service whether they were on a little-endian (common) or
big-endian (rare) system.
- Change IP address for the gabelmoo v3 directory authority.
- Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
Country database.
tor (0.2.4.23-1~deb7u1) wheezy-security; urgency=high
* New upstream version, built for wheezy:
- Clients will no longer use CREATE_FAST cells for the first hop of their
circuit. This approach can improve security on connections where Tor's
circuit handshake is stronger than the available TLS connection security
levels.
- Prepare for lowering the number of used entry guards by honoring the
NumDirectoryGuards consensus parameter.
- Fix a bug in the bounds-checking in the 32-bit curve25519-donna
implementation.
- Warn and drop the circuit if we receive an inbound 'relay early' cell.
tor (0.2.4.22-1~deb7u1) wheezy; urgency=medium
* Build for stable (re: #751977).
* Revert upstream changes to the default torrc to match what 0.2.3.25-1
from stable has (two minor changes in comments).
tor (0.2.4.22-1) unstable; urgency=medium
* New upstream version.
tor (0.2.4.21-1) unstable; urgency=low
* New upstream version.
-- Marc Deslauriers <email address hidden> Wed, 29 Jul 2015 07:57:22 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Trusty
- Original maintainer:
- Peter Palfrader
- Architectures:
- any all
- Section:
- net
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| tor_0.2.4.27.orig.tar.gz | 3.0 MiB | ea1dddb4ae5fb11fecdf2639669dda6a4b960da4e3dc89ecb3d4250aee6e4871 |
| tor_0.2.4.27-1build0.14.04.1.diff.gz | 34.7 KiB | 87933a48534dc8e864c818a374bf0881d6eae26f98bc4bbc74301261e2610127 |
| tor_0.2.4.27-1build0.14.04.1.dsc | 2.0 KiB | 8f3e005ea40ed892f284afa961b531f037a5ceaccb05cbf3037b748984c3e158 |
Available diffs
Binary packages built by this source
- tor: anonymizing overlay network for TCP
Tor is a connection-based low-latency anonymous communication system.
.
Clients choose a source-routed path through a set of relays, and
negotiate a "virtual circuit" through the network, in which each relay
knows its predecessor and successor, but no others. Traffic flowing
down the circuit is decrypted at each relay, which reveals the
downstream relay.
.
Basically, Tor provides a distributed network of relays. Users bounce
their TCP streams (web traffic, ftp, ssh, etc) around the relays, and
recipients, observers, and even the relays themselves have difficulty
learning which users connected to which destinations.
.
This package enables only a Tor client by default, but it can also be
configured as a relay and/or a hidden service easily.
.
Client applications can use the Tor network by connecting to the local
socks proxy interface provided by your Tor instance. If the application
itself does not come with socks support, you can use a socks client
such as torsocks.
.
Note that Tor does no protocol cleaning on application traffic. There
is a danger that application protocols and associated programs can be
induced to reveal information about the user. Tor depends on Torbutton
and similar protocol cleaners to solve this problem. For best
protection when web surfing, the Tor Project recommends that you use
the Tor Browser Bundle, a standalone tarball that includes static
builds of Tor, Torbutton, and a modified Firefox that is patched to fix
a variety of privacy bugs.
- tor-dbg: debugging symbols for Tor
This package provides the debugging symbols for Tor, The Onion Router.
Those symbols allow your debugger to assign names to your backtraces, which
makes it somewhat easier to interpret core dumps.
- tor-dbgsym: debug symbols for package tor
Tor is a connection-based low-latency anonymous communication system.
.
Clients choose a source-routed path through a set of relays, and
negotiate a "virtual circuit" through the network, in which each relay
knows its predecessor and successor, but no others. Traffic flowing
down the circuit is decrypted at each relay, which reveals the
downstream relay.
.
Basically, Tor provides a distributed network of relays. Users bounce
their TCP streams (web traffic, ftp, ssh, etc) around the relays, and
recipients, observers, and even the relays themselves have difficulty
learning which users connected to which destinations.
.
This package enables only a Tor client by default, but it can also be
configured as a relay and/or a hidden service easily.
.
Client applications can use the Tor network by connecting to the local
socks proxy interface provided by your Tor instance. If the application
itself does not come with socks support, you can use a socks client
such as torsocks.
.
Note that Tor does no protocol cleaning on application traffic. There
is a danger that application protocols and associated programs can be
induced to reveal information about the user. Tor depends on Torbutton
and similar protocol cleaners to solve this problem. For best
protection when web surfing, the Tor Project recommends that you use
the Tor Browser Bundle, a standalone tarball that includes static
builds of Tor, Torbutton, and a modified Firefox that is patched to fix
a variety of privacy bugs.
- tor-geoipdb: GeoIP database for Tor
This package provides a GeoIP database for Tor, i.e. it maps IPv4 addresses
to countries.
.
Bridge relays (special Tor relays that aren't listed in the main Tor
directory) use this information to report which countries they see
connections from. These statistics enable the Tor network operators to
learn when certain countries start blocking access to bridges.
.
Clients can also use this to learn what country each relay is in, so
Tor controllers like arm or Vidalia can use it, or if they want to
configure path selection preferences.
