lp:debian/lenny/tor
- Get this branch:
- bzr branch lp:debian/lenny/tor
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 11. By Peter Palfrader
-
New upstream version, fixing a heap overflow bug related to Tor's
SOCKS code (CVE-2011-2778). - 10. By Peter Palfrader
-
Build tor 0.2.1.29 for lenny security, rather than backport almost
all the patches from that version to the 0.2.1.26 currently in stable
(which in turn already has most of the patches in .27 and .28).
.
Tor 0.2.1.29 is a release with several security related fixes, including
one for CVE-2011-0427 (heap overflow bug, potential remote code
execution), a denial of service involving compression bombs, and
zeroing out of cryptographic keys after use to resist cold boot
attacks somewhat better. - 9. By Peter Palfrader
-
* Add debian/
patches/ 15_tlsext_ host_name: Work around change in libssl0.9.8
(0.9.8g-15+lenny9 and 0.9.8o-3), taken from 0.2.1.27 (closes: #604198):
.
Do not set the tlsext_host_name extension on server SSL objects; only on
client SSL objects. We set it to immitate a browser, not a vhosting
server. This resolves an incompatibility with openssl 0.9.8p and openssl
1.0.0b. Fixes bug 2204; bugfix on 0.2.1.1-alpha.
* Also from 0.2.1.27: Add maatuska as eighth v3 directory authority.
The directory authority servers are the trusted nodes that sign the
directory of all Tor servers. This adds an 8th authority to the
existing list, improving robustness.
* If we have a debian/micro-revision. i, replace the one in src/or
with our copy so that this will be the revision that ends up in
the binary. This is an informational only version string, but
it'd be kinda nice if it was (more) accurate nonetheless.
(Backported from 0.2.2.2-alpha-1 from September 2009.) - 8. By Peter Palfrader
-
* Two of the authority keys 0.2.0.35 ships with got rotated recently.
To make sure Tor keeps working, update the list of authorities to
the list shipped in 0.2.1.22 and 0.2.2.7-alpha.
* Fix race condition that can cause crashes at client or exit relay
(closes: #557654). (Backport from 0.2.1.x, original commit id:
a89f51c936f8bd3c2aef3e9472d5 310c83dc8fa7. ) - 7. By Peter Palfrader
-
* Upload to stable in coordination with SRM (luk).
* New upstream version:
o security fixes:
- Avoid crashing in the presence of certain malformed descriptors
(CVE-2009- 2425).
- Fix an edge case where a malicious exit relay could convince a
controller that the client's DNS question resolves to an internal IP
address (CVE-2009-2426).
- closes: #537148 (both issues above).
o bugfixes:
- Finally fix the bug where dynamic-IP relays disappear when their
IP address changes.
- Fix a DNS-related crash bug (apparently depending on everything
but the phase of the moon).
- Fix a memory leak when starting with a cache over a few days old
- Hidden service clients didn't use a cached service descriptor that
was older than 15 minutes, but wouldn't fetch a new one either.
[More details are in the upstream changelog.] - 6. By Peter Palfrader
-
* New upstream version:
- Avoid a potential crash on exit nodes when processing malformed
input. Remote DoS opportunity (closes: #514579).
- Fix a temporary DoS vulnerability that could be performed by
a directory mirror (closes: #514580). - 5. By Peter Palfrader
-
* New upstream version:
- Fixes a possible remote heap buffer overflow bug (closes: #512728)
(Secunia Advisory [SA33635]).
- better resist DNS poisoning.
- and more - see upstream changelog. - 4. By Peter Palfrader
-
* New upstream version.
- Properly drops privileges when being configured to do
so (closes: #505178).
* No longer set now obsolete Group setting in built-in debian config. - 3. By Peter Palfrader
-
* New upstream version.
* Tweak a few error messages in the init script to use the proper variables
(not that it should matter, the Right One has the same value, but still)
and to list more possible error reasons.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/squeeze/tor