ubuntu/+source/tor:applied/ubuntu/bionic-devel

Last commit made on 2018-03-05
Get this branch:
git clone -b applied/ubuntu/bionic-devel https://git.launchpad.net/ubuntu/+source/tor
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/bionic-devel
Repository:
lp:ubuntu/+source/tor

Recent commits

320bd64... by Peter Palfrader on 2018-03-03

Import patches-applied version 0.3.2.10-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 84d0a2ee09d3066f90ab8b0b3b2c3f1eb2c1463e
Unapplied parent: a03c2ef5ad3eae3a70ddd559ef925223be0b59a0

New changelog entries:
  * New upstream version.
    - Includes an important security fix for a remote crash attack against
      directory authorities.
      [TROVE-2018-001 and CVE-2018-0490]
    - Additionally, backports a fix for Tor#24700, which was originally
      fixed in 0.3.3.2-alpha but had its severity upgraded now as it can be
      remotely triggered and can crash relays.
      [TROVE-2018-002 and CVE-2018-0491]

a03c2ef... by Peter Palfrader on 2018-03-03

Import patches-unapplied version 0.3.2.10-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ef7749612d8310201de025ef5bd12807ebaef3ea

New changelog entries:
  * New upstream version.
    - Includes an important security fix for a remote crash attack against
      directory authorities.
      [TROVE-2018-001 and CVE-2018-0490]
    - Additionally, backports a fix for Tor#24700, which was originally
      fixed in 0.3.3.2-alpha but had its severity upgraded now as it can be
      remotely triggered and can crash relays.
      [TROVE-2018-002 and CVE-2018-0491]

84d0a2e... by Peter Palfrader on 2018-01-16

Import patches-applied version 0.3.2.9-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: a56c1006a382df6e137ef8282af372dd8736277e
Unapplied parent: ef7749612d8310201de025ef5bd12807ebaef3ea

New changelog entries:
  * New upstream version, upload 0.3.2.x tree to unstable.

ef77496... by Peter Palfrader on 2018-01-16

Import patches-unapplied version 0.3.2.9-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 853b7ff1b322ecfaa568dacb28048d6a5e690be9

New changelog entries:
  * New upstream version, upload 0.3.2.x tree to unstable.

a56c100... by Peter Palfrader on 2017-12-21

Import patches-applied version 0.3.2.8-rc-1 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 61bcc0911f5ebbddc321ab72a75be39a4473543d
Unapplied parent: 853b7ff1b322ecfaa568dacb28048d6a5e690be9

New changelog entries:
  * New upstream version.

853b7ff... by Peter Palfrader on 2017-12-21

Import patches-unapplied version 0.3.2.8-rc-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 902dfbb3bbe8c0fec3996eff7359e90840bef9df

New changelog entries:
  * New upstream version.

61bcc09... by Peter Palfrader on 2017-12-14

Import patches-applied version 0.3.2.7-rc-1 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: f136a2b166d94715fa480e2fe37d55ad889e0739
Unapplied parent: 902dfbb3bbe8c0fec3996eff7359e90840bef9df

New changelog entries:
  * New upstream version.
  * Stop suggesting obfsproxy -- long obsolete; closes: #884369.

902dfbb... by Peter Palfrader on 2017-12-14

Import patches-unapplied version 0.3.2.7-rc-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: ad4e3d5ced5c3f38b0bd22d56a54d1ff3257d443

New changelog entries:
  * New upstream version.
  * Stop suggesting obfsproxy -- long obsolete; closes: #884369.

f136a2b... by Peter Palfrader on 2017-12-01

Import patches-applied version 0.3.2.6-alpha-1 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 15d82f4ce552a4f15120cdc1118b15f10e9a7395
Unapplied parent: ad4e3d5ced5c3f38b0bd22d56a54d1ff3257d443

New changelog entries:
  * New upstream version, including among others:
    - Fix a denial of service bug where an attacker could use a
      malformed directory object to cause a Tor instance to pause while
      OpenSSL would try to read a passphrase from the terminal. (Tor
      instances run without a terminal, which is the case for most Tor
      packages, are not impacted.) Fixes bug 24246; bugfix on every
      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
      Found by OSS-Fuzz as testcase 6360145429790720.
    - Fix a denial of service issue where an attacker could crash a
      directory authority using a malformed router descriptor. Fixes bug
      24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
      and CVE-2017-8820.
    - When checking for replays in the INTRODUCE1 cell data for a
      (legacy) onion service, correctly detect replays in the RSA-
      encrypted part of the cell. We were previously checking for
      replays on the entire cell, but those can be circumvented due to
      the malleability of Tor's legacy hybrid encryption. This fix helps
      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
      and CVE-2017-8819.
    - Fix a use-after-free error that could crash v2 Tor onion services
      when they failed to open circuits while expiring introduction
      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
      also tracked as TROVE-2017-013 and CVE-2017-8823.
    - When running as a relay, make sure that we never build a path
      through ourselves, even in the case where we have somehow lost the
      version of our descriptor appearing in the consensus. Fixes part
      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
      as TROVE-2017-012 and CVE-2017-8822.
    - When running as a relay, make sure that we never choose ourselves
      as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
      issue is also tracked as TROVE-2017-012 and CVE-2017-8822.

ad4e3d5... by Peter Palfrader on 2017-12-01

Import patches-unapplied version 0.3.2.6-alpha-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: d29539702d5232bf8066ea48780032a0830e888b

New changelog entries:
  * New upstream version, including among others:
    - Fix a denial of service bug where an attacker could use a
      malformed directory object to cause a Tor instance to pause while
      OpenSSL would try to read a passphrase from the terminal. (Tor
      instances run without a terminal, which is the case for most Tor
      packages, are not impacted.) Fixes bug 24246; bugfix on every
      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
      Found by OSS-Fuzz as testcase 6360145429790720.
    - Fix a denial of service issue where an attacker could crash a
      directory authority using a malformed router descriptor. Fixes bug
      24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
      and CVE-2017-8820.
    - When checking for replays in the INTRODUCE1 cell data for a
      (legacy) onion service, correctly detect replays in the RSA-
      encrypted part of the cell. We were previously checking for
      replays on the entire cell, but those can be circumvented due to
      the malleability of Tor's legacy hybrid encryption. This fix helps
      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
      and CVE-2017-8819.
    - Fix a use-after-free error that could crash v2 Tor onion services
      when they failed to open circuits while expiring introduction
      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
      also tracked as TROVE-2017-013 and CVE-2017-8823.
    - When running as a relay, make sure that we never build a path
      through ourselves, even in the case where we have somehow lost the
      version of our descriptor appearing in the consensus. Fixes part
      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
      as TROVE-2017-012 and CVE-2017-8822.
    - When running as a relay, make sure that we never choose ourselves
      as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
      issue is also tracked as TROVE-2017-012 and CVE-2017-8822.