ubuntu/+source/tor:ubuntu/xenial-proposed

Last commit made on 2018-02-14
Get this branch:
git clone -b ubuntu/xenial-proposed https://git.launchpad.net/ubuntu/+source/tor
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/xenial-proposed
Repository:
lp:ubuntu/+source/tor

Recent commits

568e435... by Simon D├ęziel on 2018-01-14

Import patches-unapplied version 0.2.9.14-1ubuntu1~16.04.1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 7547237dc7f8b62990c0a73716526ebaa5513171

New changelog entries:
  [ Peter Palfrader ]
  * apparmor: use Pix instead of PUx for obfs4proxy, giving us
    better confinement of the child process while actually working
    with systemd's NoNewPrivileges. (closes: #867342)
  * Do not rely on aa-exec and aa-enabled being in /usr/sbin in the
    SysV init script. This change enables apparmor confinement
    on some system-V systems again. (closes: #869153)
  * Update apparmor profile: replace CAP_DAC_OVERRIDE with
    CAP_DAC_READ_SEARCH to match the systemd capability bounding set
    changed with 0.3.0.4-rc-1. This change will allow tor to start
    again under apparmor if hidden services are configured.
    Patch by intrigeri. (closes: #862993)
  * Replace CAP_DAC_OVERRIDE with CAP_DAC_READ_SEARCH in systemd's service
    capability bounding set. Read access is sufficient for Tor (as root on
    startup) to check its onion service directories (see #847598).
  * Change "AppArmorProfile=system_tor" to AppArmorProfile=-system_tor,
    causing all errors while switching to the new apparmor profile to
    be ignored. This is not ideal, but for now it's probably the
    best solution. Thanks to intrigeri; closes: #880490.
  [ Simon Deziel ]
  * Backport 0.2.9.14 to 16.04 (LP: #1731698)
  * debian/rules: stop overriding micro-revision.i
  * debian/control: drop build-conflicts
  * debian/control: Limit the seccomp build-dependency to [amd64 i386 x32 armel armhf]
  * Resync with Debian Stretch
  * New upstream version, including among others:
    - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
      making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
      0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
      identifying and finding a workaround to this bug and to Moritz,
      Arthur Edelstein, and Roger for helping to track it down and
      analyze it.
    - Fix a denial of service bug where an attacker could use a
      malformed directory object to cause a Tor instance to pause while
      OpenSSL would try to read a passphrase from the terminal. (Tor
      instances run without a terminal, which is the case for most Tor
      packages, are not impacted.) Fixes bug 24246; bugfix on every
      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
      Found by OSS-Fuzz as testcase 6360145429790720.
    - Fix a denial of service issue where an attacker could crash a
      directory authority using a malformed router descriptor. Fixes bug
      24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
      and CVE-2017-8820.
    - When checking for replays in the INTRODUCE1 cell data for a
      (legacy) onion service, correctly detect replays in the RSA-
      encrypted part of the cell. We were previously checking for
      replays on the entire cell, but those can be circumvented due to
      the malleability of Tor's legacy hybrid encryption. This fix helps
      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
      and CVE-2017-8819.
    - Fix a use-after-free error that could crash v2 Tor onion services
      when they failed to open circuits while expiring introduction
      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
      also tracked as TROVE-2017-013 and CVE-2017-8823.
    - When running as a relay, make sure that we never build a path
      through ourselves, even in the case where we have somehow lost the
      version of our descriptor appearing in the consensus. Fixes part
      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
      as TROVE-2017-012 and CVE-2017-8822.

7547237... by Peter Palfrader on 2017-11-20

Import patches-unapplied version 0.2.9.13-1 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 9797bd0806ef63033e3c5e4c6265b8614956bd0b

New changelog entries:
  * New upstream version:
    - update directory authority set
  * New upstream version:
    - CVE-2017-0380 (TROVE-2017-008): Stack disclosure in hidden services logs
      when SafeLogging disabled
    - other maintenance and security related fixes, see upstream changelog.

9797bd0... by Peter Palfrader on 2017-06-09

Import patches-unapplied version 0.2.9.11-1~deb9u1 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: bff8a1ffaf47b29dcb0489c735c0bcd5fab74b03

New changelog entries:
  * Get fix for CVE-2017-0376 into stretch via -security.

bff8a1f... by Peter Palfrader on 2017-06-08

Import patches-unapplied version 0.2.9.11-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5a81d26d7a9a41a4a7e6e883d929de895ba6e4ca

New changelog entries:
  * New upstream version.
    - Fix a remotely triggerable assertion failure caused by receiving a
      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
      on 0.2.2.1-alpha. (closes: #864424)

5a81d26... by Peter Palfrader on 2017-03-04

Import patches-unapplied version 0.2.9.10-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 3fb7cc9954bf5cdcb3579a4d9935bc53913d53e1

New changelog entries:
  * New upstream version.
    - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
      any IPv6 addresses.
    - Fix an integer underflow bug when comparing malformed Tor
      versions. Underlying issue of TROVE-2017-001, mitigated in the
      previous release.

3fb7cc9... by Peter Palfrader on 2017-01-23

Import patches-unapplied version 0.2.9.9-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4f47074d5456340f609f39fb8202b6c35fad02a7

New changelog entries:
  * New upstream version.
    + Downgrade the "-ftrapv" option from "always on" to "only on when
      --enable-expensive-hardening is provided." (re: TROVE-2017-001).

4f47074... by Peter Palfrader on 2016-12-19

Import patches-unapplied version 0.2.9.8-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 06d94e93ea83eea4ba6b599b72892655ee0b2d81

New changelog entries:
  * Actually target unstable.
  * New upstream version, upload 0.2.9.x tree to unstable.
  * Add a comment to tor@.service explaining why we cannot limit to
    /var/lib/tor-instances/<instance> but only to /var/lib/tor-instances --
    systemd does not do instance expansion in ReadWriteDirectories lines --
    cf. #781730.
  * Update README.Debian to mention a good location to put onion service
    UNIX sockets. Note that neither systemd nor apparmor limits access
    to them -- cf. #846275.
  * Use -Z (Apply SE-Linux labels) to install when creating instance datadirs
    in tor-instance-create.

06d94e9... by Peter Palfrader on 2016-12-12

Import patches-unapplied version 0.2.9.7-rc-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 71510ba8cb75d42b1d090324e0d25f7b8df76c79

New changelog entries:
  * New upstream version.
  * Remove CAP_CHOWN, CAP_FOWNER from the systemd service files'
    CapabilityBoundingSet. We may no longer need them. The upstream
    changelog says that Tor changed some logic with 0.2.8.1-alpha that made
    CAP_CHOWN CAP_FOWNER no longer needed.
    CAP_DAC_OVERRIDE is still needed: Tor checks properties of hidden service
    directories as root before changing its UID to debian-tor, and those trees
    are owned by debian-tor and go-rwx (see #847598).

71510ba... by Peter Palfrader on 2016-12-02

Import patches-unapplied version 0.2.9.6-rc-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 13bae02171bba7d5c6a88b8878b425b889dfb349

New changelog entries:
  * New upstream version.

13bae02... by Peter Palfrader on 2016-11-08

Import patches-unapplied version 0.2.9.5-alpha-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 95a4b9b23f6c7e3ed5851dd2077fb79adcb497e8

New changelog entries:
  * New upstream version.
  * Raise Standards-Version to 3.9.8 - no changes needed.
  * Use command -v $foo instead of [ -x /sbin/$foo ] in maintainer script.