lp:ubuntu/trusty-proposed/tor
- Get this branch:
- bzr branch lp:ubuntu/trusty-proposed/tor
Branch merges
Branch information
Recent revisions
- 41. By Peter Palfrader
-
* New upstream version.
- Avoid a crash bug when starting with a corrupted microdescriptor cache
file. Fixes bug 10406; bugfix on 0.2.2.6-alpha (closes: #732105).
* init script: make /var/log/tor if it does not exist anymore
(closes: #732572). - 39. By Peter Palfrader
-
* New upstream release. The 0.2.3.x tree goes stable.
* Dedicated to the memory of Len "rabbi" Sassaman (1980-2011). We miss
you, Len. - 38. By Peter Palfrader
-
* New upstream version:
- Fix a group of remotely triggerable assertion failures related to
incorrect link protocol negotiation. Found, diagnosed, and fixed
by "some guy from France". Fix for CVE-2012-2250; bugfix on
0.2.3.6-alpha.
- Fix a denial of service attack by which any directory authority
could crash all the others, or by which a single v2 directory
authority could crash everybody downloading v2 directory
information. Fixes bug 7191; bugfix on 0.2.0.10-alpha.
- and more. - 37. By Peter Palfrader
-
* New upstream version:
o Major bugfixes (security/privacy):
- Disable TLS session tickets. OpenSSL's implementation was giving
our TLS session keys the lifetime of our TLS context objects, when
perfect forward secrecy would want us to discard anything that
could decrypt a link connection as soon as the link connection
was closed. Fixes bug 7139; bugfix on all versions of Tor linked
against OpenSSL 1.0.0 or later. Found by Florent Daignière.
- Discard extraneous renegotiation attempts once the V3 link
protocol has been initiated. Failure to do so left us open to
a remotely triggerable assertion failure. Fixes CVE-2012-2249;
bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
- Fix a possible crash bug when checking for deactivated circuits
in connection_or_flush_ from_first_ active_ circuit( ). Fixes bug 6341;
bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously.
For other fixes please see the upstream changelog. - 36. By Peter Palfrader
-
[ Peter Palfrader ]
* New upstream version:
- Fix an assertion failure in tor_timegm() that could be triggered
by a badly formatted directory object. Bug found by fuzzing with
Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.[ Stefano Zacchiroli ]
* README.privoxy, README.polipo: explicitly set socks type to socks5. - 35. By Peter Palfrader
-
* New upstream version, changes including:
- Tear down the circuit if we get an unexpected SENDME cell. Clients
could use this trick to make their circuits receive cells faster
than our flow control would have allowed, or to gum up the network,
or possibly to do targeted memory denial-of-service attacks on
entry nodes.
- Reject any attempt to extend to an internal address. Without
this fix, a router could be used to probe addresses on an internal
network to see whether they were accepting connections.
- Do not crash when comparing an address with port value 0 to an
address policy.
For details please see the upstream changelog. - 34. By Peter Palfrader
-
* New upstream version, including a couple security fixes:
- Avoid read-from-freed-memory and double-free bugs that could occur
when a DNS request fails while launching it. Fixes bug 6480.
- Avoid an uninitialized memory read when reading a vote or consensus
document that has an unrecognized flavor name. This read could
lead to a remote crash bug. Fixes bug 6530.
- Try to leak less information about what relays a client is
choosing to a side-channel attacker.
* Suggest the tor-arm controller.
* Improve long descriptions with Roger's help.
* Use https:// instead of git:// for the Vcs-Git URL. - 32. By Peter Palfrader
-
* New upstream version.
* Remove debian/patches/ 15_longer_ test_timeout - something similar has been
incorporated upstream (Re: Tor#6227).
* Re-enable apparmor, if available: Instead of confining /usr/sbin/tor by
default, we now only confine the daemon that is launched from the init
script. We do this by calling aa-exec with the appropriate flags, if it
is installed. Therefore also suggest apparmor-utils.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/trusty/tor