lp:debian/lenny/tor

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

11. By Peter Palfrader on 2011-12-15

New upstream version, fixing a heap overflow bug related to Tor's
SOCKS code (CVE-2011-2778).

10. By Peter Palfrader on 2011-01-16

Build tor 0.2.1.29 for lenny security, rather than backport almost
all the patches from that version to the 0.2.1.26 currently in stable
(which in turn already has most of the patches in .27 and .28).
.
Tor 0.2.1.29 is a release with several security related fixes, including
one for CVE-2011-0427 (heap overflow bug, potential remote code
execution), a denial of service involving compression bombs, and
zeroing out of cryptographic keys after use to resist cold boot
attacks somewhat better.

9. By Peter Palfrader on 2010-11-21

* Add debian/patches/15_tlsext_host_name: Work around change in libssl0.9.8
  (0.9.8g-15+lenny9 and 0.9.8o-3), taken from 0.2.1.27 (closes: #604198):
  .
  Do not set the tlsext_host_name extension on server SSL objects; only on
  client SSL objects. We set it to immitate a browser, not a vhosting
  server. This resolves an incompatibility with openssl 0.9.8p and openssl
  1.0.0b. Fixes bug 2204; bugfix on 0.2.1.1-alpha.
* Also from 0.2.1.27: Add maatuska as eighth v3 directory authority.
  The directory authority servers are the trusted nodes that sign the
  directory of all Tor servers. This adds an 8th authority to the
  existing list, improving robustness.
* If we have a debian/micro-revision.i, replace the one in src/or
  with our copy so that this will be the revision that ends up in
  the binary. This is an informational only version string, but
  it'd be kinda nice if it was (more) accurate nonetheless.
  (Backported from 0.2.2.2-alpha-1 from September 2009.)

8. By Peter Palfrader on 2010-01-21

* Two of the authority keys 0.2.0.35 ships with got rotated recently.
  To make sure Tor keeps working, update the list of authorities to
  the list shipped in 0.2.1.22 and 0.2.2.7-alpha.
* Fix race condition that can cause crashes at client or exit relay
  (closes: #557654). (Backport from 0.2.1.x, original commit id:
  a89f51c936f8bd3c2aef3e9472d5310c83dc8fa7.)

7. By Peter Palfrader on 2009-07-16

* Upload to stable in coordination with SRM (luk).
* New upstream version:
  o security fixes:
    - Avoid crashing in the presence of certain malformed descriptors
      (CVE-2009-2425).
    - Fix an edge case where a malicious exit relay could convince a
      controller that the client's DNS question resolves to an internal IP
      address (CVE-2009-2426).
    - closes: #537148 (both issues above).
  o bugfixes:
    - Finally fix the bug where dynamic-IP relays disappear when their
      IP address changes.
    - Fix a DNS-related crash bug (apparently depending on everything
      but the phase of the moon).
    - Fix a memory leak when starting with a cache over a few days old
    - Hidden service clients didn't use a cached service descriptor that
      was older than 15 minutes, but wouldn't fetch a new one either.
  [More details are in the upstream changelog.]

6. By Peter Palfrader on 2009-02-09

* New upstream version:
   - Avoid a potential crash on exit nodes when processing malformed
     input. Remote DoS opportunity (closes: #514579).
   - Fix a temporary DoS vulnerability that could be performed by
     a directory mirror (closes: #514580).

5. By Peter Palfrader on 2009-01-23

* New upstream version:
  - Fixes a possible remote heap buffer overflow bug (closes: #512728)
    (Secunia Advisory [SA33635]).
  - better resist DNS poisoning.
  - and more - see upstream changelog.

4. By Peter Palfrader on 2008-11-21

* New upstream version.
  - Properly drops privileges when being configured to do
    so (closes: #505178).
* No longer set now obsolete Group setting in built-in debian config.

3. By Peter Palfrader on 2008-09-09

* New upstream version.
* Tweak a few error messages in the init script to use the proper variables
  (not that it should matter, the Right One has the same value, but still)
  and to list more possible error reasons.

2. By Peter Palfrader on 2004-06-07

New upstream version
closes: #249893: FTBFS on ia64