ubuntu/+source/tor:applied/ubuntu/artful-updates

Last commit made on 2018-03-01
Get this branch:
git clone -b applied/ubuntu/artful-updates https://git.launchpad.net/ubuntu/+source/tor
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/artful-updates
Repository:
lp:ubuntu/+source/tor

Recent commits

ece3914... by Seth Arnold on 2018-02-28

Import patches-applied version 0.3.0.13-0ubuntu1~17.10.2 to applied/ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 912b2988833e1d322bc9859ea842dce386dca545
Unapplied parent: 57c3dcbb33e36f41ce3260b7783861cda7bc17ef

New changelog entries:
  * No change rebuild for the security pocket.

57c3dcb... by Seth Arnold on 2018-02-28

Import patches-unapplied version 0.3.0.13-0ubuntu1~17.10.2 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: 5ce8468a110ebf331ebeb4809c87c9359daaebd9

New changelog entries:
  * No change rebuild for the security pocket.

912b298... by Simon Déziel on 2018-01-14

Import patches-applied version 0.3.0.13-0ubuntu1~17.10.1 to applied/ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: a9a781cf5af461c118ce95b91b9901c4c27f3f37
Unapplied parent: 5ce8468a110ebf331ebeb4809c87c9359daaebd9

New changelog entries:
  [ Peter Palfrader ]
  * Change "AppArmorProfile=system_tor" to AppArmorProfile=-system_tor,
    causing all errors while switching to the new apparmor profile to
    be ignored. This is not ideal, but for now it's probably the
    best solution. Thanks to intrigeri; closes: #880490.
  [ Simon Deziel ]
  * New upstream version: 0.3.0.13 (LP: #1731698)
    - Fix a denial of service bug where an attacker could use a
      malformed directory object to cause a Tor instance to pause while
      OpenSSL would try to read a passphrase from the terminal. (Tor
      instances run without a terminal, which is the case for most Tor
      packages, are not impacted.) Fixes bug 24246; bugfix on every
      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
      Found by OSS-Fuzz as testcase 6360145429790720.
    - Fix a denial of service issue where an attacker could crash a
      directory authority using a malformed router descriptor. Fixes bug
      24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
      and CVE-2017-8820.
    - When checking for replays in the INTRODUCE1 cell data for a
      (legacy) onion service, correctly detect replays in the RSA-
      encrypted part of the cell. We were previously checking for
      replays on the entire cell, but those can be circumvented due to
      the malleability of Tor's legacy hybrid encryption. This fix helps
      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
      and CVE-2017-8819.
    - Fix a use-after-free error that could crash v2 Tor onion services
      when they failed to open circuits while expiring introduction
      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
      also tracked as TROVE-2017-013 and CVE-2017-8823.
    - When running as a relay, make sure that we never build a path
      through ourselves, even in the case where we have somehow lost the
      version of our descriptor appearing in the consensus. Fixes part
      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
      as TROVE-2017-012 and CVE-2017-8822.
    - When running as a relay, make sure that we never choose ourselves
      as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
      issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  * New upstream version: 0.3.0.12
    - Directory authority changes
  * New upstream version: 0.3.0.11
    - Fix TROVE-2017-008: Stack disclosure in hidden services logs when
      SafeLogging disabled (CVE-2017-0380)
  * debian/rules: stop overriding micro-revision.i
  * apparmor: use Pix instead of PUx for obfs4proxy, giving us
    better confinement of the child process while actually working
    with systemd's NoNewPrivileges. (closes: #867342)
  * Drop versioned dependency on binutils. The version is already
    newer in all supported Debian and Ubuntu trees, and binutils
    is in the transitive dependency set of build-essential.
    Patch by Helmut Grohne. (closes: #873127)
  * Do not rely on aa-exec and aa-enabled being in /usr/sbin in the
    SysV init script. This change enables apparmor confinement
    on some system-V systems again. (closes: #869153)

5ce8468... by Simon Déziel on 2018-01-14

Import patches-unapplied version 0.3.0.13-0ubuntu1~17.10.1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 2c882b3dabfc15b3d3e942deb063095dfd470724

New changelog entries:
  [ Peter Palfrader ]
  * Change "AppArmorProfile=system_tor" to AppArmorProfile=-system_tor,
    causing all errors while switching to the new apparmor profile to
    be ignored. This is not ideal, but for now it's probably the
    best solution. Thanks to intrigeri; closes: #880490.
  [ Simon Deziel ]
  * New upstream version: 0.3.0.13 (LP: #1731698)
    - Fix a denial of service bug where an attacker could use a
      malformed directory object to cause a Tor instance to pause while
      OpenSSL would try to read a passphrase from the terminal. (Tor
      instances run without a terminal, which is the case for most Tor
      packages, are not impacted.) Fixes bug 24246; bugfix on every
      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
      Found by OSS-Fuzz as testcase 6360145429790720.
    - Fix a denial of service issue where an attacker could crash a
      directory authority using a malformed router descriptor. Fixes bug
      24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
      and CVE-2017-8820.
    - When checking for replays in the INTRODUCE1 cell data for a
      (legacy) onion service, correctly detect replays in the RSA-
      encrypted part of the cell. We were previously checking for
      replays on the entire cell, but those can be circumvented due to
      the malleability of Tor's legacy hybrid encryption. This fix helps
      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
      and CVE-2017-8819.
    - Fix a use-after-free error that could crash v2 Tor onion services
      when they failed to open circuits while expiring introduction
      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
      also tracked as TROVE-2017-013 and CVE-2017-8823.
    - When running as a relay, make sure that we never build a path
      through ourselves, even in the case where we have somehow lost the
      version of our descriptor appearing in the consensus. Fixes part
      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
      as TROVE-2017-012 and CVE-2017-8822.
    - When running as a relay, make sure that we never choose ourselves
      as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
      issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  * New upstream version: 0.3.0.12
    - Directory authority changes
  * New upstream version: 0.3.0.11
    - Fix TROVE-2017-008: Stack disclosure in hidden services logs when
      SafeLogging disabled (CVE-2017-0380)
  * debian/rules: stop overriding micro-revision.i
  * apparmor: use Pix instead of PUx for obfs4proxy, giving us
    better confinement of the child process while actually working
    with systemd's NoNewPrivileges. (closes: #867342)
  * Drop versioned dependency on binutils. The version is already
    newer in all supported Debian and Ubuntu trees, and binutils
    is in the transitive dependency set of build-essential.
    Patch by Helmut Grohne. (closes: #873127)
  * Do not rely on aa-exec and aa-enabled being in /usr/sbin in the
    SysV init script. This change enables apparmor confinement
    on some system-V systems again. (closes: #869153)

a9a781c... by Peter Palfrader on 2017-08-13

Import patches-applied version 0.3.0.10-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 70e8d9a80854ffbbe38464ef21adc38dc972cae4
Unapplied parent: 2c882b3dabfc15b3d3e942deb063095dfd470724

New changelog entries:
  * New upstream version.
  * Update apparmor profile: replace CAP_DAC_OVERRIDE with
    CAP_DAC_READ_SEARCH to match the systemd capability bounding set
    changed with 0.3.0.4-rc-1. This change will allow tor to start
    again under apparmor if hidden services are configured.
    Patch by intrigeri. (closes: #862993)
  * Remove tor-dbg binary package. Nowadays Debian's toolchain
    automatically builds packages containing debugging symbols. The new
    tor-dbgsym package will end up in the debian-debug archive.
    This tor-dbgsym package will Replace/Break tor-dbg versions
    prior to 0.3.1.5-alpha for now (to match the version in experimental
    with the same change), but as we keep providing backported builds for
    older suites, and since those keep the tor-dbg package for now,
    we'll likely keep increasing this version in future releases.
    (closes: #867547)
  * The dbgsym migration options require debhelper >= 9.20160114; update
    build dependency list accordingly.

2c882b3... by Peter Palfrader on 2017-08-13

Import patches-unapplied version 0.3.0.10-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6c674f42bbdbd327154dff36bc403e6ccf2faf8e

New changelog entries:
  * New upstream version.
  * Update apparmor profile: replace CAP_DAC_OVERRIDE with
    CAP_DAC_READ_SEARCH to match the systemd capability bounding set
    changed with 0.3.0.4-rc-1. This change will allow tor to start
    again under apparmor if hidden services are configured.
    Patch by intrigeri. (closes: #862993)
  * Remove tor-dbg binary package. Nowadays Debian's toolchain
    automatically builds packages containing debugging symbols. The new
    tor-dbgsym package will end up in the debian-debug archive.
    This tor-dbgsym package will Replace/Break tor-dbg versions
    prior to 0.3.1.5-alpha for now (to match the version in experimental
    with the same change), but as we keep providing backported builds for
    older suites, and since those keep the tor-dbg package for now,
    we'll likely keep increasing this version in future releases.
    (closes: #867547)
  * The dbgsym migration options require debhelper >= 9.20160114; update
    build dependency list accordingly.

70e8d9a... by Peter Palfrader on 2017-07-01

Import patches-applied version 0.3.0.9-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 8ed68acac4687149755e4bee6566bd18138997a9
Unapplied parent: 6c674f42bbdbd327154dff36bc403e6ccf2faf8e

New changelog entries:
  * New upstream version, upload 0.3.0.x tree to unstable.
    - Fixes TROVE-2017-006: Regression in guard family avoidance
      (closes: #866799; CVE-2017-0377).
  * Remove debian/README.{polipo,privoxy} as using them is not recommended.
    (Torbrowser is the better option for users browsing the web.)

6c674f4... by Peter Palfrader on 2017-07-01

Import patches-unapplied version 0.3.0.9-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9f16dd2e005e803601df6b3268e9fcbfed3c5f84

New changelog entries:
  * New upstream version, upload 0.3.0.x tree to unstable.
    - Fixes TROVE-2017-006: Regression in guard family avoidance
      (closes: #866799; CVE-2017-0377).
  * Remove debian/README.{polipo,privoxy} as using them is not recommended.
    (Torbrowser is the better option for users browsing the web.)

8ed68ac... by Peter Palfrader on 2017-06-08

Import patches-applied version 0.3.0.8-1 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 98b45dec566d4ecdd52f8bcdce651167c22e9aea
Unapplied parent: 9f16dd2e005e803601df6b3268e9fcbfed3c5f84

New changelog entries:
  * New upstream version.
    - Fix a remotely triggerable assertion failure when a hidden service
      handles a malformed BEGIN cell. Fixes bug 22493, tracked as
      TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
    - Fix a remotely triggerable assertion failure caused by receiving a
      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
      on 0.2.2.1-alpha. (closes: #864424)

9f16dd2... by Peter Palfrader on 2017-06-08

Import patches-unapplied version 0.3.0.8-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 888b6e6f9786df6e2d5592ab7175b88f1552d647

New changelog entries:
  * New upstream version.
    - Fix a remotely triggerable assertion failure when a hidden service
      handles a malformed BEGIN cell. Fixes bug 22493, tracked as
      TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
    - Fix a remotely triggerable assertion failure caused by receiving a
      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
      on 0.2.2.1-alpha. (closes: #864424)