lp://staging/ubuntu/trusty-security/tor

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

41. By Marc Deslauriers on 2015-07-29

Synced from Debian as a security update

40. By Peter Palfrader on 2013-12-25

* New upstream version.
  - Avoid a crash bug when starting with a corrupted microdescriptor cache
    file. Fixes bug 10406; bugfix on 0.2.2.6-alpha (closes: #732105).
* init script: make /var/log/tor if it does not exist anymore
  (closes: #732572).

39. By Peter Palfrader on 2013-12-12

New upstream version.

38. By Peter Palfrader on 2012-11-20

* New upstream release. The 0.2.3.x tree goes stable.
* Dedicated to the memory of Len "rabbi" Sassaman (1980-2011). We miss
  you, Len.

37. By Peter Palfrader on 2012-10-26

* New upstream version:
  - Fix a group of remotely triggerable assertion failures related to
    incorrect link protocol negotiation. Found, diagnosed, and fixed
    by "some guy from France". Fix for CVE-2012-2250; bugfix on
    0.2.3.6-alpha.
  - Fix a denial of service attack by which any directory authority
    could crash all the others, or by which a single v2 directory
    authority could crash everybody downloading v2 directory
    information. Fixes bug 7191; bugfix on 0.2.0.10-alpha.
  - and more.

36. By Peter Palfrader on 2012-09-11

[ Peter Palfrader ]
* New upstream version:
  - Fix an assertion failure in tor_timegm() that could be triggered
    by a badly formatted directory object. Bug found by fuzzing with
    Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.

[ Stefano Zacchiroli ]
* README.privoxy, README.polipo: explicitly set socks type to socks5.

35. By Peter Palfrader on 2012-08-07

* New upstream version, including a couple security fixes:
  - Avoid read-from-freed-memory and double-free bugs that could occur
    when a DNS request fails while launching it. Fixes bug 6480.
  - Avoid an uninitialized memory read when reading a vote or consensus
    document that has an unrecognized flavor name. This read could
    lead to a remote crash bug. Fixes bug 6530.
  - Try to leak less information about what relays a client is
    choosing to a side-channel attacker.
* Suggest the tor-arm controller.
* Improve long descriptions with Roger's help.
* Use https:// instead of git:// for the Vcs-Git URL.

34. By Peter Palfrader on 2012-07-07

New upstream version.

33. By Peter Palfrader on 2012-06-29

* New upstream version.
* Remove debian/patches/15_longer_test_timeout - something similar has been
  incorporated upstream (Re: Tor#6227).
* Re-enable apparmor, if available: Instead of confining /usr/sbin/tor by
  default, we now only confine the daemon that is launched from the init
  script. We do this by calling aa-exec with the appropriate flags, if it
  is installed. Therefore also suggest apparmor-utils.

32. By Peter Palfrader on 2012-06-24

* Apply the correct SE-Linux label to /var/run/tor when creating the
  directory in the init script (closes: #678362). Thanks to Russell Coker.
* Hack up the unit tests to wait longer for the thread test to finish.
  This is not a real fix, but it will probably make it more likely that
  we successfully build on our mips/octeon machines (Re: Tor#6227).