Change logs for tor source package in Sid

tor (0.4.8.11-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Fri, 12 Apr 2024 09:22:56 +0200

tor (0.4.8.10-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sun, 10 Dec 2023 20:09:09 +0100

tor (0.4.8.9-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Fri, 10 Nov 2023 18:29:41 +0100

tor (0.4.8.8-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sun, 05 Nov 2023 18:58:59 +0100

tor (0.4.8.7-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Wed, 04 Oct 2023 19:58:14 +0200

tor (0.4.8.6-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Mon, 18 Sep 2023 20:07:19 +0200

tor (0.4.8.5-1) unstable; urgency=medium

  * New upstream version.
  * Retire postinst code that deals with broken keys from 2008
    and apparmor migrations from 2012.
  * tor.postinst: use command -v in place of which.

 -- Peter Palfrader <email address hidden>  Wed, 30 Aug 2023 20:19:26 +0200

tor (0.4.8.4-2) unstable; urgency=medium

  * Enable building with the Proof-of-Work feature by configuring with
    --enable-gpl.  Note that this causes the resulting binary to be covered
    by the GPL.

 -- Peter Palfrader <email address hidden>  Thu, 24 Aug 2023 08:02:38 +0200

tor (0.4.7.13-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Thu, 12 Jan 2023 18:31:32 +0100

tor (0.4.7.12-1) unstable; urgency=medium

  * New upstream version.
  * Put tor services after network-online.target instead of after
    network.target (re: tpo/core/tor#40679).

 -- Peter Palfrader <email address hidden>  Sat, 10 Dec 2022 17:15:53 +0100

tor (0.4.7.11-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sat, 12 Nov 2022 09:58:38 +0100

tor (0.4.7.10-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Wed, 17 Aug 2022 21:26:27 +0200

tor (0.4.7.9-1) unstable; urgency=medium

  [ Pier Angelo Vendrame ]
  * Update apparmor policy to allow running snowflake-client.

  [ Peter Palfrader ]
  * New upstream version.

 -- Peter Palfrader <email address hidden>  Thu, 11 Aug 2022 17:47:24 +0200

tor (0.4.7.8-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sun, 19 Jun 2022 14:19:53 +0200

tor (0.4.7.7-1) unstable; urgency=medium

  * Upload 0.4.7.x tree to unstable.
  * New upstream version.

 -- Peter Palfrader <email address hidden>  Wed, 27 Apr 2022 23:52:43 +0200

tor (0.4.6.10-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sun, 27 Feb 2022 13:58:14 +0100

tor (0.4.6.9-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sun, 19 Dec 2021 10:52:57 +0100

tor (0.4.6.8-1) unstable; urgency=medium

  * Upload 0.4.6.x tree to unstable.
  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sun, 31 Oct 2021 13:35:00 +0100

tor (0.4.5.10-1) unstable; urgency=medium

  * New upstream version.
    - Resolve an assertion failure caused by a behavior mismatch between our
      batch-signature verification code and our single-signature verification
      code. This assertion failure could be triggered remotely, leading to a
      denial of service attack. We fix this issue by disabling batch
      verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
      also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
      Valence.

 -- Peter Palfrader <email address hidden>  Tue, 17 Aug 2021 19:34:05 +0200

tor (0.4.5.9-1) unstable; urgency=medium

  * New upstream version, fixing several (security) issues (closes: #990000).
     For a full list see the upstream changelog.  It includes:
    - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
      half-closed streams. Previously, clients failed to validate which
      hop sent these cells: this would allow a relay on a circuit to end
      a stream that wasn't actually built with it.
      Bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
      003 and CVE-2021-34548.
    - Detect more failure conditions from the OpenSSL RNG code.
      Previously, we would detect errors from a missing RNG
      implementation, but not failures from the RNG code itself.
      Fortunately, it appears those failures do not happen in practice
      when Tor is using OpenSSL's default RNG implementation.
      Bugfix on 0.2.8.1-alpha. This issue is also tracked as
      TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
    - Resist a hashtable-based CPU denial-of-service attack against
      relays. Previously we used a naive unkeyed hash function to look
      up circuits in a circuitmux object. An attacker could exploit this
      to construct circuits with chosen circuit IDs, to create
      collisions and make the hash table inefficient. Now we use a
      SipHash construction here instead. Bugfix on
      0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
      CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
    - Fix an out-of-bounds memory access in v3 onion service descriptor
      parsing. An attacker could exploit this bug by crafting an onion
      service descriptor that would crash any client that tried to visit
      it. Bugfix on 0.3.0.1-alpha. This issue is also
      tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
      Glazunov from Google's Project Zero.

 -- Peter Palfrader <email address hidden>  Fri, 18 Jun 2021 11:06:56 +0200

tor (0.4.5.8-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Wed, 19 May 2021 08:51:43 +0200

tor (0.4.5.7-1) unstable; urgency=high

  * New upstream version, fixes two security issues:
    - Disable the dump_desc() function.
      (TROVE-2021-001 and CVE-2021-28089).
    - Fix a bug in appending detached signatures.
      (TROVE-2021-002 and CVE-2021-28090)

 -- Peter Palfrader <email address hidden>  Tue, 16 Mar 2021 15:01:09 +0100

tor (0.4.5.6-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Tue, 16 Feb 2021 08:43:47 +0100

tor (0.4.5.5-rc-1) unstable; urgency=medium

  * New upstream version.
  * Upload 0.4.5.x tree to unstable; this is the last RC of that tree.
    If all goes well, it will be the next stable, so try to get it some
    more testing.

 -- Peter Palfrader <email address hidden>  Tue, 02 Feb 2021 07:36:28 +0100

tor (0.4.4.6-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Thu, 12 Nov 2020 14:11:45 +0100

tor (0.4.4.5-1) unstable; urgency=medium

  * Upload 0.4.4.x tree to unstable.
  * New upstream version.

 -- Peter Palfrader <email address hidden>  Tue, 15 Sep 2020 15:39:59 +0200

tor (0.4.3.6-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Mon, 13 Jul 2020 11:56:30 +0200

tor (0.4.3.5-1) unstable; urgency=medium

  * Upload 0.4.3.x tree to unstable.
  * New upstream version.

 -- Peter Palfrader <email address hidden>  Fri, 15 May 2020 15:01:38 +0200

tor (0.4.2.7-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Wed, 18 Mar 2020 21:33:26 +0100

tor (0.4.2.6-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Fri, 31 Jan 2020 10:15:07 +0100

tor (0.4.2.5-1) unstable; urgency=medium

  * Upload 0.4.2.x tree to unstable.
  * New upstream version.

 -- Peter Palfrader <email address hidden>  Mon, 16 Dec 2019 10:24:22 +0100

tor (0.4.1.6-1) unstable; urgency=medium

  * New upstream version.
  * logrotate snippet: call invoke-rc.d instead of service for
    service status and reload since this seems to be more in line
    with Debian policy.

 -- Peter Palfrader <email address hidden>  Sun, 22 Sep 2019 22:27:48 +0200

tor (0.4.1.5-1) unstable; urgency=medium

  * New upstream version; upload 0.4.1.x to unstable.
  * Fix three typos in README.Debian.
  * Avoid setting DEB_HOST_ARCH_OS in debian/rules as that should be
    pre-initialized nowadays.
  * tor-geoipdb: change from priority extra to optional as the former is
    obsolete.
  * Set Standards-Version to 4.4.0.
  * The fix for #930113, runit support, added an /etc/tor/conf to
    set the ulimit -n when run under runit.  That directory is a bad place.
    It confuses users, nowhere is it apparent that only runit cares about that
    directory and that e.g. sysV or systemd don't.   Get rid of that
    directory and the MAX_FILEDESCRIPTORS file in it and set a reasonable
    default in the runit script if MAX_FILEDESCRIPTORS is not already set.

 -- Peter Palfrader <email address hidden>  Wed, 21 Aug 2019 09:59:54 +0200

tor (0.4.0.5-2) unstable; urgency=medium

  * Upload 0.4.0.x tree to unstable.

 -- Peter Palfrader <email address hidden>  Sat, 13 Jul 2019 16:00:05 +0200

tor (0.3.5.8-1) unstable; urgency=medium

  * Replace all references to /var/run with /run (closes: #918898).
  * New upstream version.
    - Includes a fix for a medium-severity security bug:
      Make KIST consider the outbuf length when computing what it can
      put in the outbuf. Previously, KIST acted as though the outbuf
      were empty, which could lead to the outbuf becoming too full. It
      is possible that an attacker could exploit this bug to cause a Tor
      client or relay to run out of memory and crash. Fixes bug 29168;
      bugfix on 0.3.2.1-alpha. This issue is also being tracked as
      TROVE-2019-001 and CVE-2019-8955.

 -- Peter Palfrader <email address hidden>  Thu, 21 Feb 2019 21:28:32 +0100

tor (0.3.5.7-1) unstable; urgency=medium

  * New upstream version, upload 0.3.5.x tree to unstable.

 -- Peter Palfrader <email address hidden>  Tue, 08 Jan 2019 09:22:13 +0100

tor (0.3.4.9-7) unstable; urgency=medium

  * setup-onion-service: mark as flaky

 -- Peter Palfrader <email address hidden>  Fri, 07 Dec 2018 18:21:40 +0100

tor (0.3.4.9-6) unstable; urgency=medium

  * tests/setup-onion-service: In our start-stop-daemon call,
    use pipetty as processname as that's the visible process name.
  * tests/setup-onion-service: retry starting onionshare a couple
    of times if it fauls to bootstrap.

 -- Peter Palfrader <email address hidden>  Fri, 07 Dec 2018 11:57:56 +0100

tor (0.3.4.9-5) unstable; urgency=medium

  * New autopkgtest: setup-onion-service.

 -- Peter Palfrader <email address hidden>  Tue, 06 Nov 2018 16:08:35 +0100

tor (0.3.4.9-4) unstable; urgency=medium

  * debian/tests/download-release-file:
    - Redirect torsocks (and thus curl) stderr output to stdout.

 -- Peter Palfrader <email address hidden>  Sun, 04 Nov 2018 21:02:06 +0100

tor (0.3.4.9-3) unstable; urgency=medium

  * debian/tests/download-release-file:
    - Depend on ca-certificates to check the https server certificates
    - Do not fail when curl fails but record its exit code to metion
      in the subsequent failure message.
    - Do not pass --silent to curl.
    - But do pass --stderr - so it does not print things to stderr.
      (We do check its exit code for error conditions.)

 -- Peter Palfrader <email address hidden>  Sun, 04 Nov 2018 17:23:24 +0100

tor (0.3.4.9-2) unstable; urgency=medium

  * First attempt at an autopkgtest:
    debian/tests/download-release-file launches a tor instance and tries
    to fetch a Release file over Tor from deb.debian.org.

 -- Peter Palfrader <email address hidden>  Sat, 03 Nov 2018 10:52:32 +0100

tor (0.3.4.9-1) unstable; urgency=medium

  [ Peter Palfrader ]
  * New upstream version.

  [ intrigeri ]
  * apparmor: allow reading the OpenSSL configuration (closes: #909364).

 -- Peter Palfrader <email address hidden>  Fri, 02 Nov 2018 19:08:12 +0100

tor (0.3.4.8-1) unstable; urgency=medium

  * New upstream version, upload 0.3.4.x tree to unstable.
  * Includes, among other changes:
    - Tell OpenSSL to maintain backward compatibility with previous
      RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these
      ciphers are disabled by default. Closes ticket 27344.
      closes: #907351

 -- Peter Palfrader <email address hidden>  Tue, 11 Sep 2018 14:23:51 +0200

tor (0.3.3.9-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Fri, 13 Jul 2018 22:24:19 +0200

tor (0.3.3.8-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Tue, 10 Jul 2018 10:50:11 +0200

tor (0.3.3.7-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Wed, 13 Jun 2018 09:31:15 +0200

tor (0.3.3.6-1) unstable; urgency=medium

  * New upstream version, upload 0.3.3.x tree to unstable.
  * Start using upstream's minimal torrc as our default /etc/tor/torrc.
  * Put longer torrc.sample into /usr/share/doc.

 -- Peter Palfrader <email address hidden>  Wed, 23 May 2018 00:08:43 +0200

tor (0.3.2.10-1) unstable; urgency=medium

  * New upstream version.
    - Includes an important security fix for a remote crash attack against
      directory authorities.
      [TROVE-2018-001 and CVE-2018-0490]
    - Additionally, backports a fix for Tor#24700, which was originally
      fixed in 0.3.3.2-alpha but had its severity upgraded now as it can be
      remotely triggered and can crash relays.
      [TROVE-2018-002 and CVE-2018-0491]

 -- Peter Palfrader <email address hidden>  Sat, 03 Mar 2018 14:37:34 +0100

tor (0.3.2.9-1) unstable; urgency=medium

  * New upstream version, upload 0.3.2.x tree to unstable.

 -- Peter Palfrader <email address hidden>  Tue, 16 Jan 2018 10:49:46 +0100

tor (0.3.1.9-1) unstable; urgency=high

  * New upstream version, including among others:
    - Fix a denial of service bug where an attacker could use a
      malformed directory object to cause a Tor instance to pause while
      OpenSSL would try to read a passphrase from the terminal. (Tor
      instances run without a terminal, which is the case for most Tor
      packages, are not impacted.) Fixes bug 24246; bugfix on every
      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
      Found by OSS-Fuzz as testcase 6360145429790720.
    - Fix a denial of service issue where an attacker could crash a
      directory authority using a malformed router descriptor. Fixes bug
      24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
      and CVE-2017-8820.
    - When checking for replays in the INTRODUCE1 cell data for a
      (legacy) onion service, correctly detect replays in the RSA-
      encrypted part of the cell. We were previously checking for
      replays on the entire cell, but those can be circumvented due to
      the malleability of Tor's legacy hybrid encryption. This fix helps
      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
      and CVE-2017-8819.
    - Fix a use-after-free error that could crash v2 Tor onion services
      when they failed to open circuits while expiring introduction
      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
      also tracked as TROVE-2017-013 and CVE-2017-8823.
    - When running as a relay, make sure that we never build a path
      through ourselves, even in the case where we have somehow lost the
      version of our descriptor appearing in the consensus. Fixes part
      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
      as TROVE-2017-012 and CVE-2017-8822.
    - When running as a relay, make sure that we never choose ourselves
      as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
      issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  * Build-depend on libcap-dev on linux-any so we can build tor with
    capabilities support to retain the capability to bind to low ports;
    closes: #882281, #700179.

 -- Peter Palfrader <email address hidden>  Fri, 01 Dec 2017 23:32:58 +0100

tor (0.3.1.8-2) unstable; urgency=medium

  * Recent linux packages in Debian have enabled the apparmor
    Linux-Security-Module by default.  Therefore, users are likely to have
    apparmor support not only built into their kernel but also actively
    enabled at runtime.  Unfortunately, without the apparmor package
    being installed, systemd's AppArmorProfile= service setting will
    cause the unit to fail to start.
    .
    Change "AppArmorProfile=system_tor" to AppArmorProfile=-system_tor,
    causing all errors while switching to the new apparmor profile to
    be ignored.  This is not ideal, but for now it's probably the
    best solution.
    .
    Thanks to intrigeri; closes: #880490.

 -- Peter Palfrader <email address hidden>  Thu, 02 Nov 2017 21:31:27 +0100

tor (0.3.1.8-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sun, 29 Oct 2017 19:58:03 +0100

tor (0.3.1.7-1) unstable; urgency=medium

  * New upstream version, upload 0.3.1.x tree to unstable.
  * Build depend on liblzma-dev and libzstd-dev.

 -- Peter Palfrader <email address hidden>  Mon, 18 Sep 2017 23:01:50 +0200

tor (0.3.0.10-1) unstable; urgency=medium

  * New upstream version.
  * Update apparmor profile: replace CAP_DAC_OVERRIDE with
    CAP_DAC_READ_SEARCH to match the systemd capability bounding set
    changed with 0.3.0.4-rc-1.  This change will allow tor to start
    again under apparmor if hidden services are configured.
    Patch by intrigeri.  (closes: #862993)
  * Remove tor-dbg binary package.  Nowadays Debian's toolchain
    automatically builds packages containing debugging symbols.  The new
    tor-dbgsym package will end up in the debian-debug archive.
    This tor-dbgsym package will Replace/Break tor-dbg versions
    prior to 0.3.1.5-alpha for now (to match the version in experimental
    with the same change), but as we keep providing backported builds for
    older suites, and since those keep the tor-dbg package for now,
    we'll likely keep increasing this version in future releases.
    (closes: #867547)
  * The dbgsym migration options require debhelper >= 9.20160114; update
    build dependency list accordingly.

 -- Peter Palfrader <email address hidden>  Sun, 13 Aug 2017 17:24:23 +0200

tor (0.3.0.9-1) unstable; urgency=medium

  * New upstream version, upload 0.3.0.x tree to unstable.
    - Fixes TROVE-2017-006: Regression in guard family avoidance
      (closes: #866799; CVE-2017-0377).
  * Remove debian/README.{polipo,privoxy} as using them is not recommended.
    (Torbrowser is the better option for users browsing the web.)

 -- Peter Palfrader <email address hidden>  Sun, 02 Jul 2017 00:53:02 +0200

tor (0.2.9.11-1) unstable; urgency=high

  * New upstream version.
    - Fix a remotely triggerable assertion failure caused by receiving a
      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
      on 0.2.2.1-alpha.  (closes: #864424)

 -- Peter Palfrader <email address hidden>  Thu, 08 Jun 2017 18:48:46 +0200

tor (0.2.9.10-1) unstable; urgency=medium

  * New upstream version.
    - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
      any IPv6 addresses.
    - Fix an integer underflow bug when comparing malformed Tor
      versions. Underlying issue of TROVE-2017-001, mitigated in the
      previous release.

 -- Peter Palfrader <email address hidden>  Sat, 04 Mar 2017 16:28:58 +0100

tor (0.2.9.9-1) unstable; urgency=medium

  * New upstream version.
    + Downgrade the "-ftrapv" option from "always on" to "only on when
      --enable-expensive-hardening is provided." (re: TROVE-2017-001).

 -- Peter Palfrader <email address hidden>  Mon, 23 Jan 2017 16:44:32 +0100

tor (0.2.9.8-2) unstable; urgency=medium

  * Actually target unstable.

 -- Peter Palfrader <email address hidden>  Mon, 19 Dec 2016 22:21:05 +0100

tor (0.2.8.11-2) unstable; urgency=medium

  * Re-add CAP_DAC_OVERRIDE to the CapabilityBoundingSet.  Tor checks
    properties of hidden service directories as root before changing its UID
    to debian-tor, and those trees are owned by debian-tor and go-rwx
    (closes: #847598).

 -- Peter Palfrader <email address hidden>  Fri, 09 Dec 2016 19:23:24 +0100

tor (0.2.8.11-1) unstable; urgency=medium

  * New upstream version.
    Fixes FTBFS with openssl 1.1 on !x86 archs (closes: #846781).
  * Remove CAP_DAC_OVERRIDE, CAP_CHOWN, CAP_FOWNER from the systemd service
    files' CapabilityBoundingSet.  We may no longer need them.  The upstream
    changelog says that Tor changed some logic with 0.2.8.1-alpha that made
    CAP_CHOWN CAP_FOWNER no longer needed.

 -- Peter Palfrader <email address hidden>  Thu, 08 Dec 2016 17:25:04 +0100

tor (0.2.8.10-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Fri, 02 Dec 2016 17:29:03 +0100

tor (0.2.8.9-1) unstable; urgency=high

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Mon, 17 Oct 2016 22:21:36 +0200

tor (0.2.8.8-1) unstable; urgency=medium

  [ Peter Palfrader ]
  * New upstream version.

  [ Iain R. Learmonth ]
  * Removes dependency on hardening-wrapper, and
    build-depend on version >= 9 of debhelper instead
    so we can enable harding via DEB_BUILD_MAINT_OPTIONS
    (closes: #836762).

 -- Peter Palfrader <email address hidden>  Fri, 23 Sep 2016 23:39:27 +0200

tor (0.2.8.7-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Thu, 25 Aug 2016 08:28:56 +0200

tor (0.2.8.6-3) unstable; urgency=medium

  * Raise TimeoutStartSec from 120 to 300 secs for slower systems.
  * tor-instance-create and tor-instance-create.8.txt: fix some typos.

 -- Peter Palfrader <email address hidden>  Wed, 17 Aug 2016 17:16:22 +0200

tor (0.2.8.6-2) unstable; urgency=medium

  * Update the system V init script to create /var/run/tor with mode 02755
    also.  This matches the systemd service file.
  * No longer create /var/run/tor in postinst -- it is created when services
    start.
  * apparmor policy: let tor read /var/lib/tor/** (without it being the
    owner of these files)

 -- Peter Palfrader <email address hidden>  Thu, 04 Aug 2016 20:27:55 +0200

tor (0.2.8.6-1) unstable; urgency=medium

  * New upstream version, upload 0.2.8.x tree to unstable.

 -- Peter Palfrader <email address hidden>  Tue, 02 Aug 2016 18:07:21 +0200

tor (0.2.7.6-1) unstable; urgency=high

  * New upstream version.
    - Actually look at the Guard flag when selecting a new directory
      guard.
  * Actually install tor-instance-create.8 manpage.
  * Change the apparmor profile tor allow Tor to access the systemd
    notification socket.  Thanks for regar42.  Closes Tor#17693.
  * tor-instance-create: Do systemctl daemon-reload *after* writing the
    new torrc.

 -- Peter Palfrader <email address hidden>  Thu, 10 Dec 2015 21:48:34 +0100

tor (0.2.7.5-1) unstable; urgency=medium

  * New upstream version, upload 0.2.7.x tree to unstable.

 -- Peter Palfrader <email address hidden>  Fri, 20 Nov 2015 16:37:29 +0100

tor (0.2.6.10-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Mon, 13 Jul 2015 18:05:34 +0200

tor (0.2.6.9-1) unstable; urgency=medium

  * New upstream version.
  * Drop do-not-require-systemd and fix-sandbox-use-with-systemd.-bug-16212
    patches as they are included upstream now.

 -- Peter Palfrader <email address hidden>  Fri, 12 Jun 2015 22:01:42 +0200

tor (0.2.6.8-5) unstable; urgency=medium

  * Sandboxing, when enabled, would prevent tor from working when
    started from systemd, as tor wasn't allowed to create a
    UNIX datagram socket.  Include that patch from upstream's git.

 -- Peter Palfrader <email address hidden>  Sat, 30 May 2015 16:44:27 +0200

tor (0.2.6.8-4) unstable; urgency=medium

  * Remove whitespace around = in the systemd service file.  Apparently
    the spaces confuse deb-systemd-helper, which then resulted in Tor
    not being automatically started on boot (see #786418).
  * Remove obsolete After=syslog.target from systemd service file.

 -- Peter Palfrader <email address hidden>  Mon, 25 May 2015 22:02:39 +0200

tor (0.2.6.8-3) unstable; urgency=low

  * debian/rules: Change order of --with commands to dh to ensure
    that we patch before calling autoreconf.

 -- Peter Palfrader <email address hidden>  Sun, 24 May 2015 08:58:18 +0200

tor (0.2.6.8-2) unstable; urgency=low

  * debian/control: Depend on dh-systemd, libsystemd-dev, and pkg-config
    only on linux-any.
  * debian/rules: Build with systemd only if DEB_HOST_ARCH_OS is linux.
  * patch upstream's configure.ac to check for the existance of
    libsystemd rather than systemd.

 -- Peter Palfrader <email address hidden>  Sat, 23 May 2015 16:28:30 +0200

tor (0.2.6.8-1) unstable; urgency=medium

  * New upstream version, upload 0.2.6.x tree to unstable.
  * Ship a systemd .service file (closes: #761403).
    Thanks to intrigeri and Arto Jantunen.
    - Build depend on dh-systemd, libsystemd-dev, pkg-config.
    - Build with --enable-systemd.
  * Autoreconf on build (closes: #783729).
    - Build depend on dh-autoreconf.

 -- Peter Palfrader <email address hidden>  Sat, 23 May 2015 09:57:44 +0200

tor (0.2.5.12-1) unstable; urgency=medium


  * New upstream version, fixing hidden service related Denial of
    Service bugs:
    - Fix two remotely triggerable assertion failures (upstream bugs
      #15600 and #15601).
    - Disallow multiple INTRODUCE1 cells on the same circuit at introduction
      points, making overwhelming hidden services with introductions more
      expensive (upstream bug #15515).

 -- Peter Palfrader <email address hidden>  Mon, 06 Apr 2015 17:20:40 +0200

tor (0.2.5.11-1) unstable; urgency=medium


  * New upstream version.
    - Directory authority changes.
    - Fix assertion errors that may trigger under high DNS load.
    - No longer break on HUP (happens daily on Debian) with seccomp2 enabled.
    - and more - please consult the upstream changelog.

 -- Peter Palfrader <email address hidden>  Thu, 19 Mar 2015 18:26:22 +0100

tor (0.2.5.10-1) unstable; urgency=medium


  * New upstream version.
  * Use "service tor reload", guarded by "service tor status" in logrotate
    instead as suggested by Dirk Griesbach (closes: #765407).

 -- Peter Palfrader <email address hidden>  Fri, 24 Oct 2014 16:05:28 +0200

tor (0.2.5.9-rc-1) unstable; urgency=medium


  * New upstream version.
    - Disabled SSLv3 unconditionally.  As a by-product, this means
      that we no longer die in SSLv3 cleanup code in what is likely
      an openssl bug introduced in 1.0.1j (closes: 765968).
  * logrotate script: call invoke-rc.d tor reload instead of
    /etc/init.d/tor reload.  This way, if tor is properly disabled, we will
    not try to reload tor. (closes: #765407).

 -- Peter Palfrader <email address hidden>  Mon, 20 Oct 2014 21:01:01 +0200

tor (0.2.5.8-rc-1) unstable; urgency=medium


  * New upstream version.  Upload to unstable.

 -- Peter Palfrader <email address hidden>  Tue, 23 Sep 2014 11:06:10 +0200

tor (0.2.4.23-1) unstable; urgency=medium


  * New upstream version.

 -- Peter Palfrader <email address hidden>  Mon, 28 Jul 2014 22:22:24 +0200

tor (0.2.4.22-1) unstable; urgency=medium


  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sat, 17 May 2014 09:59:02 +0200

tor (0.2.4.21-1) unstable; urgency=low


  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sat, 01 Mar 2014 19:35:30 +0100

tor (0.2.4.20-1) unstable; urgency=low


  * New upstream version.
    - Avoid a crash bug when starting with a corrupted microdescriptor cache
      file. Fixes bug 10406; bugfix on 0.2.2.6-alpha (closes: #732105).
  * init script: make /var/log/tor if it does not exist anymore
    (closes: #732572).

 -- Peter Palfrader <email address hidden>  Wed, 25 Dec 2013 12:07:50 +0100

tor (0.2.4.19-1) unstable; urgency=low


  * New upstream version.

 -- Peter Palfrader <email address hidden>  Thu, 12 Dec 2013 14:31:32 +0100

tor (0.2.3.25-1) unstable; urgency=low


  * New upstream release.  The 0.2.3.x tree goes stable.
  * Dedicated to the memory of Len "rabbi" Sassaman (1980-2011).  We miss
    you, Len.

 -- Peter Palfrader <email address hidden>  Tue, 20 Nov 2012 22:00:34 +0100

tor (0.2.3.24-rc-1) unstable; urgency=high


  * New upstream version:
    - Fix a group of remotely triggerable assertion failures related to
      incorrect link protocol negotiation. Found, diagnosed, and fixed
      by "some guy from France". Fix for CVE-2012-2250; bugfix on
      0.2.3.6-alpha.
    - Fix a denial of service attack by which any directory authority
      could crash all the others, or by which a single v2 directory
      authority could crash everybody downloading v2 directory
      information. Fixes bug 7191; bugfix on 0.2.0.10-alpha.
    - and more.

 -- Peter Palfrader <email address hidden>  Fri, 26 Oct 2012 09:15:09 +0200

tor (0.2.3.23-rc-1) unstable; urgency=low


  * New upstream version:
    o Major bugfixes (security/privacy):
      - Disable TLS session tickets. OpenSSL's implementation was giving
        our TLS session keys the lifetime of our TLS context objects, when
        perfect forward secrecy would want us to discard anything that
        could decrypt a link connection as soon as the link connection
        was closed. Fixes bug 7139; bugfix on all versions of Tor linked
        against OpenSSL 1.0.0 or later. Found by Florent Daignière.
      - Discard extraneous renegotiation attempts once the V3 link
        protocol has been initiated. Failure to do so left us open to
        a remotely triggerable assertion failure. Fixes CVE-2012-2249;
        bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
      - Fix a possible crash bug when checking for deactivated circuits
        in connection_or_flush_from_first_active_circuit(). Fixes bug 6341;
        bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously.
    For other fixes please see the upstream changelog.

 -- Peter Palfrader <email address hidden>  Sat, 20 Oct 2012 22:27:04 +0200

tor (0.2.3.22-rc-1) unstable; urgency=high


  [ Peter Palfrader ]
  * New upstream version:
    - Fix an assertion failure in tor_timegm() that could be triggered
      by a badly formatted directory object. Bug found by fuzzing with
      Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.

  [ Stefano Zacchiroli ]
  * README.privoxy, README.polipo: explicitly set socks type to socks5.

 -- Peter Palfrader <email address hidden>  Tue, 11 Sep 2012 22:41:41 +0200

tor (0.2.3.21-rc-1) unstable; urgency=low


  * New upstream version, changes including:
    - Tear down the circuit if we get an unexpected SENDME cell. Clients
      could use this trick to make their circuits receive cells faster
      than our flow control would have allowed, or to gum up the network,
      or possibly to do targeted memory denial-of-service attacks on
      entry nodes.
    - Reject any attempt to extend to an internal address. Without
      this fix, a router could be used to probe addresses on an internal
      network to see whether they were accepting connections.
    - Do not crash when comparing an address with port value 0 to an
      address policy.
    For details please see the upstream changelog.

 -- Peter Palfrader <email address hidden>  Fri, 07 Sep 2012 12:25:17 +0200

tor (0.2.3.20-rc-1) unstable; urgency=low


  * New upstream version, including a couple security fixes:
    - Avoid read-from-freed-memory and double-free bugs that could occur
      when a DNS request fails while launching it. Fixes bug 6480.
    - Avoid an uninitialized memory read when reading a vote or consensus
      document that has an unrecognized flavor name. This read could
      lead to a remote crash bug. Fixes bug 6530.
    - Try to leak less information about what relays a client is
      choosing to a side-channel attacker.
  * Suggest the tor-arm controller.
  * Improve long descriptions with Roger's help.
  * Use https:// instead of git:// for the Vcs-Git URL.

 -- Peter Palfrader <email address hidden>  Tue, 07 Aug 2012 23:13:18 +0200

tor (0.2.3.19-rc-1) unstable; urgency=low


  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sat, 07 Jul 2012 12:15:49 +0200

tor (0.2.3.18-rc-1) unstable; urgency=low


  * New upstream version.
  * Remove debian/patches/15_longer_test_timeout - something similar has been
    incorporated upstream (Re: Tor#6227).
  * Re-enable apparmor, if available:  Instead of confining /usr/sbin/tor by
    default, we now only confine the daemon that is launched from the init
    script.  We do this by calling aa-exec with the appropriate flags, if it
    is installed.  Therefore also suggest apparmor-utils.

 -- Peter Palfrader <email address hidden>  Fri, 29 Jun 2012 12:03:30 +0200

tor (0.2.3.17-beta-3) unstable; urgency=low


  * Apply the correct SE-Linux label to /var/run/tor when creating the
    directory in the init script (closes: #678362).  Thanks to Russell Coker.
  * Hack up the unit tests to wait longer for the thread test to finish.
    This is not a real fix, but it will probably make it more likely that
    we successfully build on our mips/octeon machines (Re: Tor#6227).

 -- Peter Palfrader <email address hidden>  Sun, 24 Jun 2012 16:13:35 +0200

tor (0.2.3.17-beta-2) unstable; urgency=low


  * Shipping and enabling the apparmor policy by default causes Tor to
    break for users who have apparmor enabled in enforcind mode and
    that, either in addition to or instead of running Tor as a system
    service (i.e. /etc/init.d/tor), also run Tor as their user or in
    some other means like launched from vidalia.  Therefore:
    .
    - No longer install apparmor policy by default.  It can be found in
      /usr/share/doc/tor if anybody is interested.
    - No longer build-depend on dh-apparmor, or suggest apparmor.
    - Also, clean up and remove old /etc/apparmor.d/usr.sbin.tor files
      on upgrade if they have not been changed by the user.
    .
    These changes relate to Debian Bug #670525 and fixes Tor ticket #6188.

 -- Peter Palfrader <email address hidden>  Mon, 18 Jun 2012 14:21:36 +0200

tor (0.2.3.17-beta-1) unstable; urgency=low


  * New upstream version.
  * apparmor policy:
    - allow access to /var/log/tor/* and not just /var/log/tor/log*,
  * No longer create /var/run/tor in postint if it does not exist -
    the init script should take care of that.
  * Change the output of the init script to use lsb* functions:
    - Depend on lsb-base.
    - Makes the output pretty (closes: #676843)
  * Also, in the init script we are now less verbose, unless VERBOSE is
    set to yes in /etc/default/rcS (see the rcS(5) manual page):
    - pass --hush to tor on startup, so only warnings and errors are
      displayed, hiding any notice level log output,
    - do not report raising ulimit -n.

 -- Peter Palfrader <email address hidden>  Fri, 15 Jun 2012 15:26:38 +0200

tor (0.2.2.37-1) unstable; urgency=medium


  * New upstream version, including:
    - Work around a bug in OpenSSL that broke renegotiation with TLS
      1.1 and TLS 1.2. Without this workaround, all attempts to speak
      the v2 Tor connection protocol when both sides were using OpenSSL
      1.0.1 would fail. Resolves ticket 6033.
    - When waiting for a client to renegotiate, don't allow it to add
      any bytes to the input buffer. This fixes a potential DoS issue.
      Fixes bugs 5934 and 6007; bugfix on 0.2.0.20-rc.
    - and more.  See upstream's changelog.

 -- Peter Palfrader <email address hidden>  Tue, 12 Jun 2012 14:22:48 +0200

tor (0.2.2.36-1) unstable; urgency=low


  * New upstream version, including updates to authority addresses, and
    a coulpe minor security issues, see upstream's changelog.

 -- Peter Palfrader <email address hidden>  Thu, 24 May 2012 11:08:24 +0200

tor (0.2.2.35-1) unstable; urgency=high


  * New upstream version, fixing a heap overflow bug related to Tor's
    SOCKS code (CVE-2011-2778).
  * There no longer is a document called INSTALL to copy to
    usr/share/docs/tor, so get rid of the lintian override.  Since that was
    the only one in the tor package get rid of installing overrides for the
    tor package entirely - there's still one override in tor-geoipdb
    (closes Tor #4576).

 -- Peter Palfrader <email address hidden>  Thu, 15 Dec 2011 21:04:51 +0100

tor (0.2.2.34-1) unstable; urgency=high


  * New upstream version, fixing a couple of security relevant bugs
    such as guard enumeration (CVE-2011-2768) and bridge enumeration
    (CVE-2011-2769) issues.  For details consult the upstream changelog.

 -- Peter Palfrader <email address hidden>  Thu, 27 Oct 2011 11:48:31 +0200

tor (0.2.2.33-1) unstable; urgency=low


  * New upstream version.
  * Make patches/06_add_compile_time_defaults build without compiler warnings:
    - Correctly declare functions as having no arguments instead of not
      telling the compiler which arguments it'll have.
  * Suggest tor-arm (closes: #640265).
  * Downgrade socat and polipo|privoxy to Suggests (closes: #640264).

 -- Peter Palfrader <email address hidden>  Wed, 14 Sep 2011 08:53:40 +0200

tor (0.2.2.32-1) unstable; urgency=low


  * New upstream version, upload to unstable.

 -- Peter Palfrader <email address hidden>  Mon, 29 Aug 2011 13:30:36 +0200

tor (0.2.1.30-1) unstable; urgency=low
  * New upstream version.  * The tor specification files are no longer shipped in the tarball,    so /usr/share/doc/tor/spec is no more.  They can be found online    at <URL:https://gitweb.torproject.org/torspec.git/tree>. -- Peter Palfrader <email address hidden>  Sat, 26 Feb 2011 10:57:43 +0100

tor (0.2.1.29-1) unstable; urgency=high
  * New upstream version, including several security related fixes.  See    upstream changelog for details.  Addresses CVE-2011-0427. -- Peter Palfrader <email address hidden>  Sun, 16 Jan 2011 18:51:03 +0100

tor (0.2.1.26-6) unstable; urgency=high
  * Fix a remotely exploitable bug that could be used to crash instances    of Tor remotely by overflowing on the heap. Remote-code execution    hasn't been confirmed, but can't be ruled out (CVE-2010-1676).  * Housekeeping: Update IP address and port of directory authority gabelmoo    with data shipped in 0.2.1.28. -- Peter Palfrader <email address hidden>  Sat, 18 Dec 2010 10:54:34 +0100

tor (0.2.1.26-5) unstable; urgency=low
  * Since the dawn of time (0.0.2pre19-1, January 2004, initial release    of the debian package), the postinst script has changed ownership and    permissions of various trees like /var/lib/tor, /var/run/tor, and    /var/log/tor, sometimes recursively.    .    It turns out this actually is a security issue, so try to be more    conservative when fixing up modes and only chown/chgrp    /var/{lib,log,run}/tor directly, never recursively.  * Remove /var/run/tor, recursively, on purge.  We already do this    for /var/lib/tor and /var/log/tor. -- Peter Palfrader <email address hidden>  Tue, 14 Dec 2010 20:08:32 +0100

tor (0.2.1.26-4) unstable; urgency=high


  * Add debian/patches/15_tlsext_host_name: Work around change in libssl0.9.8
    (0.9.8g-15+lenny9 and 0.9.8o-3), taken from 0.2.1.27 (closes: #604198):
    .
    Do not set the tlsext_host_name extension on server SSL objects; only on
    client SSL objects.  We set it to immitate a browser, not a vhosting
    server. This resolves an incompatibility with openssl 0.9.8p and openssl
    1.0.0b.  Fixes bug 2204; bugfix on 0.2.1.1-alpha.
  * Also from 0.2.1.27: Add maatuska as eighth v3 directory authority.
    The directory authority servers are the trusted nodes that sign the
    directory of all Tor servers.  This adds an 8th authority to the
    existing list, improving robustness.
  * Change section from comm to net.  This change was done in the
    0.2.2.x tree in experimental during 0.2.2.9 (April 2010) in response
    to bug #482801.
  * If we have a debian/micro-revision.i, replace the one in src/or
    with our copy so that this will be the revision that ends up in
    the binary.  This is an informational only version string, but
    it'd be kinda nice if it was (more) accurate nonetheless.
    (Backported from 0.2.2.2-alpha-1 from September 2009.)

 -- Peter Palfrader <email address hidden>  Sun, 21 Nov 2010 20:58:08 +0100

tor (0.2.1.26-3) unstable; urgency=low


  * Make sure the cronjob does not try to access a /var/lib/tor
    that has already been removed (due to for instance package removal).
    Thanks to Holger and piuparts for catching this.

 -- Peter Palfrader <email address hidden>  Sat, 20 Nov 2010 15:15:10 +0100

tor (0.2.1.26-2) unstable; urgency=medium


  * No longer set ulimit -c to unlimited:
    Up until now the init script (or actually /etc/default/tor) raised
    the ulimit for coredumps to unlimited, so that Tor would produce
    coredumps on assert errors or segfaults.  Coredumps however can
    leak sensitive information, like cryptographic session keys and
    clients' data should the core files get into the wrong hands.  As
    such it seems prudent to only enable coredumps if the user or
    operator explicitly asks for them, and knows what to do with them.
  * Also include a cron.weekly job that removes old coredumps from
    /var/lib/tor.  This action can be disabled in /etc/default/tor.

 -- Peter Palfrader <email address hidden>  Thu, 18 Nov 2010 12:11:33 +0100

tor (0.2.1.26-1) unstable; urgency=low


  * New upstream version.
  * Remove debian/patches/15_testuite-thread-fixes (merged upstream).
  * tor.postinst: Stop calling stat(1) with its full path.
  * Add ${misc:Depends} for all three binary packages because debhelper
    might want to add stuff.

 -- Peter Palfrader <email address hidden>  Mon, 03 May 2010 19:04:40 +0200

tor (0.2.1.25-2) unstable; urgency=low


  * In /etc/default/tor also source /etc/default/tor.vidalia if it exists
    and if vidalia is installed.  We do this so that the vidalia package
    can override some of our settings: People who have vidalia installed might
    not want to run Tor as a system service. The vidalia .deb can ask them
    that and then set run-daemon to no.

 -- Peter Palfrader <email address hidden>  Sat, 03 Apr 2010 13:29:17 +0200

tor (0.2.1.25-1) unstable; urgency=low


  * New upstream version.
    - Obsoletes patches/15_enable_renegotiation_on_098k.
  * Change order of recommends from privoxy | polipo to polipo | privoxy.
    [change done in experimental (0.2.2.x) long ago).

 -- Peter Palfrader <email address hidden>  Wed, 17 Mar 2010 23:20:32 +0100

tor (0.2.1.23-2) unstable; urgency=low


  * Enable ssl renegotiation also on 0.9.8k (closes: #570197).

 -- Peter Palfrader <email address hidden>  Wed, 17 Feb 2010 10:50:12 +0100

tor (0.2.1.23-1) unstable; urgency=low


  * New upstream version.
    - We no longer need to build-depend on a recent libssl-dev because
      Tor now detects whether we need to explicitly turn on
      autonegotiation at run-time rather than compile time.  Good.
      (This also means we no longer need to conflict with newer
       libssls when we built against an old one on backports.)

 -- Peter Palfrader <email address hidden>  Sun, 14 Feb 2010 09:50:41 +0100

tor (0.2.1.22-1) unstable; urgency=medium


  * New upstream version.
    - Rotate keys (both v3 identity and relay identity) for moria1
      and gabelmoo.
    [and more]

 -- Peter Palfrader <email address hidden>  Wed, 20 Jan 2010 18:58:12 +0100

tor (0.2.1.21-1) unstable; urgency=low


  * New upstream version.
  * Drop patches/ce0a89e2-work-with-reneg-ssl.dpatch (already in
    upstream).

 -- Peter Palfrader <email address hidden>  Tue, 29 Dec 2009 14:55:32 +0100

tor (0.2.1.20-2) unstable; urgency=low


  * Pick ce0a89e2624471272ffc4950c5069d9b81a7f0b9 from maint-0.2.1 git tree:
    - work with libssl that has renegotiation disabled by default.
    (debian/patches/ce0a89e2-work-with-reneg-ssl.dpatch)
  * Therefore build-depend on libssl-dev >= 0.9.8k-6.  If we build against
    earlier versions we will not work once libssl gets upgraded to a version
    that disabled renegotiations.

 -- Peter Palfrader <email address hidden>  Sat, 14 Nov 2009 15:18:32 +0100

tor (0.2.1.20-1) unstable; urgency=low


  * New upstream version.

 -- Peter Palfrader <email address hidden>  Fri, 13 Nov 2009 19:02:47 +0100

tor (0.2.1.19-1) unstable; urgency=low


  * New upstream version.
    - Make accessing hidden services on 0.2.1.x work right (closes: #538960).
    [More items are in the upstream changelog.]

 -- Peter Palfrader <email address hidden>  Wed, 29 Jul 2009 12:49:03 +0200

tor (0.2.1.18-1) unstable; urgency=low


  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sat, 25 Jul 2009 11:15:11 +0200

tor (0.2.0.35-1) unstable; urgency=low


  * New upstream version:
    o security fixes:
      - Avoid crashing in the presence of certain malformed descriptors.
      - Fix an edge case where a malicious exit relay could convince a
        controller that the client's DNS question resolves to an internal IP
        address.
    o bugfixes:
      - Finally fix the bug where dynamic-IP relays disappear when their
        IP address changes.
      - Fix a DNS-related crash bug (apparently depending on everything
        but the phase of the moon).
      - Fix a memory leak when starting with a cache over a few days old
      - Hidden service clients didn't use a cached service descriptor that
        was older than 15 minutes, but wouldn't fetch a new one either.
    [More details are in the upstream changelog.]

 -- Peter Palfrader <email address hidden>  Fri, 26 Jun 2009 01:56:14 +0200

tor (0.2.0.34-1) unstable; urgency=high


  * New upstream version:
     - Avoid a potential crash on exit nodes when processing malformed
       input.  Remote DoS opportunity (closes: #514579).
     - Fix a temporary DoS vulnerability that could be performed by
       a directory mirror (closes: #514580).

 -- Peter Palfrader <email address hidden>  Mon, 09 Feb 2009 09:53:48 +0100

tor (0.2.0.33-1) unstable; urgency=high


  * New upstream version:
    - Fixes a possible remote heap buffer overflow bug (closes: #512728)
      (Secunia Advisory [SA33635]).
    - better resist DNS poisoning.
    - and more - see upstream changelog.

 -- Peter Palfrader <email address hidden>  Fri, 23 Jan 2009 12:05:06 +0100

tor (0.2.0.32-1) unstable; urgency=high


  * New upstream version.
    - Properly drops privileges when being configured to do
      so (closes: #505178).
  * No longer set now obsolete Group setting in built-in debian config.

 -- Peter Palfrader <email address hidden>  Fri, 21 Nov 2008 23:33:15 +0100

tor (0.2.0.31-1) unstable; urgency=low


  * New upstream version.
  * Tweak a few error messages in the init script to use the proper variables
    (not that it should matter, the Right One has the same value, but still)
    and to list more possible error reasons.

 -- Peter Palfrader <email address hidden>  Tue, 09 Sep 2008 09:56:54 +0200