lp:ubuntu/trusty-proposed/tor

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

41. By Peter Palfrader on 2013-12-25

* New upstream version.
  - Avoid a crash bug when starting with a corrupted microdescriptor cache
    file. Fixes bug 10406; bugfix on 0.2.2.6-alpha (closes: #732105).
* init script: make /var/log/tor if it does not exist anymore
  (closes: #732572).

40. By Peter Palfrader on 2013-12-12

New upstream version.

39. By Peter Palfrader on 2012-11-20

* New upstream release. The 0.2.3.x tree goes stable.
* Dedicated to the memory of Len "rabbi" Sassaman (1980-2011). We miss
  you, Len.

38. By Peter Palfrader on 2012-10-26

* New upstream version:
  - Fix a group of remotely triggerable assertion failures related to
    incorrect link protocol negotiation. Found, diagnosed, and fixed
    by "some guy from France". Fix for CVE-2012-2250; bugfix on
    0.2.3.6-alpha.
  - Fix a denial of service attack by which any directory authority
    could crash all the others, or by which a single v2 directory
    authority could crash everybody downloading v2 directory
    information. Fixes bug 7191; bugfix on 0.2.0.10-alpha.
  - and more.

37. By Peter Palfrader on 2012-10-20

* New upstream version:
  o Major bugfixes (security/privacy):
    - Disable TLS session tickets. OpenSSL's implementation was giving
      our TLS session keys the lifetime of our TLS context objects, when
      perfect forward secrecy would want us to discard anything that
      could decrypt a link connection as soon as the link connection
      was closed. Fixes bug 7139; bugfix on all versions of Tor linked
      against OpenSSL 1.0.0 or later. Found by Florent Daignière.
    - Discard extraneous renegotiation attempts once the V3 link
      protocol has been initiated. Failure to do so left us open to
      a remotely triggerable assertion failure. Fixes CVE-2012-2249;
      bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
    - Fix a possible crash bug when checking for deactivated circuits
      in connection_or_flush_from_first_active_circuit(). Fixes bug 6341;
      bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously.
  For other fixes please see the upstream changelog.

36. By Peter Palfrader on 2012-09-11

[ Peter Palfrader ]
* New upstream version:
  - Fix an assertion failure in tor_timegm() that could be triggered
    by a badly formatted directory object. Bug found by fuzzing with
    Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.

[ Stefano Zacchiroli ]
* README.privoxy, README.polipo: explicitly set socks type to socks5.

35. By Peter Palfrader on 2012-09-07

* New upstream version, changes including:
  - Tear down the circuit if we get an unexpected SENDME cell. Clients
    could use this trick to make their circuits receive cells faster
    than our flow control would have allowed, or to gum up the network,
    or possibly to do targeted memory denial-of-service attacks on
    entry nodes.
  - Reject any attempt to extend to an internal address. Without
    this fix, a router could be used to probe addresses on an internal
    network to see whether they were accepting connections.
  - Do not crash when comparing an address with port value 0 to an
    address policy.
  For details please see the upstream changelog.

34. By Peter Palfrader on 2012-08-07

* New upstream version, including a couple security fixes:
  - Avoid read-from-freed-memory and double-free bugs that could occur
    when a DNS request fails while launching it. Fixes bug 6480.
  - Avoid an uninitialized memory read when reading a vote or consensus
    document that has an unrecognized flavor name. This read could
    lead to a remote crash bug. Fixes bug 6530.
  - Try to leak less information about what relays a client is
    choosing to a side-channel attacker.
* Suggest the tor-arm controller.
* Improve long descriptions with Roger's help.
* Use https:// instead of git:// for the Vcs-Git URL.

33. By Peter Palfrader on 2012-07-07

New upstream version.

32. By Peter Palfrader on 2012-06-29

* New upstream version.
* Remove debian/patches/15_longer_test_timeout - something similar has been
  incorporated upstream (Re: Tor#6227).
* Re-enable apparmor, if available: Instead of confining /usr/sbin/tor by
  default, we now only confine the daemon that is launched from the init
  script. We do this by calling aa-exec with the appropriate flags, if it
  is installed. Therefore also suggest apparmor-utils.