Ubuntu
tor package

Change log for tor package in Ubuntu

175 of 144 results FirstPreviousLast
Published in oracular-proposed 
tor (0.4.8.11-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Fri, 12 Apr 2024 09:22:56 +0200
Published in oracular-release
Published in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
tor (0.4.8.10-1build2) noble; urgency=medium

  * No-change rebuild for libevent t64.

 -- Matthias Klose <email address hidden>  Mon, 01 Apr 2024 10:14:55 +0200
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
tor (0.4.8.10-1build1) noble; urgency=medium

  * No-change rebuild against libssl3t64

 -- Steve Langasek <email address hidden>  Tue, 05 Mar 2024 02:06:21 +0000
Deleted in noble-updates (Reason: superseded by release)
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
tor (0.4.8.10-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sun, 10 Dec 2023 20:09:09 +0100

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
tor (0.4.8.9-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Fri, 10 Nov 2023 18:29:41 +0100

Available diffs

Superseded in noble-proposed 
tor (0.4.8.8-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sun, 05 Nov 2023 18:58:59 +0100

Available diffs

Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble) 
tor (0.4.8.7-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Wed, 04 Oct 2023 19:58:14 +0200

Available diffs

Superseded in noble-release
Published in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic) 
tor (0.4.8.4-2) unstable; urgency=medium

  * Enable building with the Proof-of-Work feature by configuring with
    --enable-gpl.  Note that this causes the resulting binary to be covered
    by the GPL.

 -- Peter Palfrader <email address hidden>  Thu, 24 Aug 2023 08:02:38 +0200

Available diffs

Superseded in mantic-release
Published in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
tor (0.4.7.13-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Thu, 12 Jan 2023 18:31:32 +0100

Available diffs

Superseded in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
tor (0.4.7.12-1) unstable; urgency=medium

  * New upstream version.
  * Put tor services after network-online.target instead of after
    network.target (re: tpo/core/tor#40679).

 -- Peter Palfrader <email address hidden>  Sat, 10 Dec 2022 17:15:53 +0100

Available diffs

Superseded in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
tor (0.4.7.11-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sat, 12 Nov 2022 09:58:38 +0100
Superseded in lunar-release
Obsolete in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
tor (0.4.7.10-1build1) kinetic; urgency=medium

  * No-change rebuild against libevent-2.1-7a (LP: #1990941)

 -- Benjamin Drung <email address hidden>  Fri, 07 Oct 2022 19:58:46 +0200
Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
tor (0.4.7.10-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Wed, 17 Aug 2022 21:26:27 +0200

Available diffs

Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
tor (0.4.7.9-1) unstable; urgency=medium

  [ Pier Angelo Vendrame ]
  * Update apparmor policy to allow running snowflake-client.

  [ Peter Palfrader ]
  * New upstream version.

 -- Peter Palfrader <email address hidden>  Thu, 11 Aug 2022 17:47:24 +0200

Available diffs

Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
tor (0.4.7.8-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sun, 19 Jun 2022 14:19:53 +0200

Available diffs

Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
tor (0.4.7.7-1) unstable; urgency=medium

  * Upload 0.4.7.x tree to unstable.
  * New upstream version.

 -- Peter Palfrader <email address hidden>  Wed, 27 Apr 2022 23:52:43 +0200

Available diffs

Superseded in kinetic-release
Published in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
tor (0.4.6.10-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sun, 27 Feb 2022 13:58:14 +0100

Available diffs

Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
tor (0.4.6.9-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sun, 19 Dec 2021 10:52:57 +0100
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
tor (0.4.6.8-1build1) jammy; urgency=medium

  * No-change rebuild against openssl3

 -- Simon Chopin <email address hidden>  Mon, 29 Nov 2021 16:22:57 +0100
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
tor (0.4.6.8-1) unstable; urgency=medium

  * Upload 0.4.6.x tree to unstable.
  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sun, 31 Oct 2021 13:35:00 +0100
Superseded in jammy-proposed 
tor (0.4.5.10-1) unstable; urgency=medium

  * New upstream version.
    - Resolve an assertion failure caused by a behavior mismatch between our
      batch-signature verification code and our single-signature verification
      code. This assertion failure could be triggered remotely, leading to a
      denial of service attack. We fix this issue by disabling batch
      verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
      also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
      Valence.

 -- Peter Palfrader <email address hidden>  Tue, 17 Aug 2021 19:34:05 +0200
Superseded in jammy-release
Obsolete in impish-release
Deleted in impish-proposed (Reason: Moved to impish) 
tor (0.4.5.9-1) unstable; urgency=medium

  * New upstream version, fixing several (security) issues (closes: #990000).
     For a full list see the upstream changelog.  It includes:
    - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on
      half-closed streams. Previously, clients failed to validate which
      hop sent these cells: this would allow a relay on a circuit to end
      a stream that wasn't actually built with it.
      Bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021-
      003 and CVE-2021-34548.
    - Detect more failure conditions from the OpenSSL RNG code.
      Previously, we would detect errors from a missing RNG
      implementation, but not failures from the RNG code itself.
      Fortunately, it appears those failures do not happen in practice
      when Tor is using OpenSSL's default RNG implementation.
      Bugfix on 0.2.8.1-alpha. This issue is also tracked as
      TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.
    - Resist a hashtable-based CPU denial-of-service attack against
      relays. Previously we used a naive unkeyed hash function to look
      up circuits in a circuitmux object. An attacker could exploit this
      to construct circuits with chosen circuit IDs, to create
      collisions and make the hash table inefficient. Now we use a
      SipHash construction here instead. Bugfix on
      0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and
      CVE-2021-34549. Reported by Jann Horn from Google's Project Zero.
    - Fix an out-of-bounds memory access in v3 onion service descriptor
      parsing. An attacker could exploit this bug by crafting an onion
      service descriptor that would crash any client that tried to visit
      it. Bugfix on 0.3.0.1-alpha. This issue is also
      tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei
      Glazunov from Google's Project Zero.

 -- Peter Palfrader <email address hidden>  Fri, 18 Jun 2021 11:06:56 +0200

Available diffs

Superseded in impish-release
Deleted in impish-proposed (Reason: Moved to impish) 
tor (0.4.5.8-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Wed, 19 May 2021 08:51:43 +0200

Available diffs

Superseded in impish-release
Deleted in impish-proposed (Reason: Moved to impish) 
tor (0.4.5.7-1) unstable; urgency=high

  * New upstream version, fixes two security issues:
    - Disable the dump_desc() function.
      (TROVE-2021-001 and CVE-2021-28089).
    - Fix a bug in appending detached signatures.
      (TROVE-2021-002 and CVE-2021-28090)

 -- Peter Palfrader <email address hidden>  Tue, 16 Mar 2021 15:01:09 +0100

Available diffs

Superseded in impish-release
Obsolete in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
tor (0.4.5.6-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Tue, 16 Feb 2021 08:43:47 +0100

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
tor (0.4.5.5-rc-1) unstable; urgency=medium

  * New upstream version.
  * Upload 0.4.5.x tree to unstable; this is the last RC of that tree.
    If all goes well, it will be the next stable, so try to get it some
    more testing.

 -- Peter Palfrader <email address hidden>  Tue, 02 Feb 2021 07:36:28 +0100

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release) 
tor (0.4.4.6-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Thu, 12 Nov 2020 14:11:45 +0100

Available diffs

Superseded in hirsute-release
Obsolete in groovy-release
Deleted in groovy-proposed (Reason: moved to Release) 
tor (0.4.4.5-1) unstable; urgency=medium

  * Upload 0.4.4.x tree to unstable.
  * New upstream version.

 -- Peter Palfrader <email address hidden>  Tue, 15 Sep 2020 15:39:59 +0200

Available diffs

Superseded in groovy-release
Deleted in groovy-proposed (Reason: moved to Release) 
tor (0.4.3.6-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Mon, 13 Jul 2020 11:56:30 +0200

Available diffs

Superseded in groovy-release
Deleted in groovy-proposed (Reason: moved to Release) 
tor (0.4.3.5-1) unstable; urgency=medium

  * Upload 0.4.3.x tree to unstable.
  * New upstream version.

 -- Peter Palfrader <email address hidden>  Fri, 15 May 2020 15:01:38 +0200

Available diffs

Superseded in groovy-release
Published in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
tor (0.4.2.7-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Wed, 18 Mar 2020 21:33:26 +0100

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
tor (0.4.2.6-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Fri, 31 Jan 2020 10:15:07 +0100

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
tor (0.4.2.5-1) unstable; urgency=medium

  * Upload 0.4.2.x tree to unstable.
  * New upstream version.

 -- Peter Palfrader <email address hidden>  Mon, 16 Dec 2019 10:24:22 +0100

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
tor (0.4.1.5-1build1) focal; urgency=medium

  * No-change rebuild for libevent soname changes.

 -- Matthias Klose <email address hidden>  Sat, 19 Oct 2019 19:58:46 +0000
Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release) 
tor (0.4.1.6-1) unstable; urgency=medium

  * New upstream version.
  * logrotate snippet: call invoke-rc.d instead of service for
    service status and reload since this seems to be more in line
    with Debian policy.

 -- Peter Palfrader <email address hidden>  Sun, 22 Sep 2019 22:27:48 +0200
Superseded in focal-release
Obsolete in eoan-release
Deleted in eoan-proposed (Reason: moved to release) 
tor (0.4.1.5-1) unstable; urgency=medium

  * New upstream version; upload 0.4.1.x to unstable.
  * Fix three typos in README.Debian.
  * Avoid setting DEB_HOST_ARCH_OS in debian/rules as that should be
    pre-initialized nowadays.
  * tor-geoipdb: change from priority extra to optional as the former is
    obsolete.
  * Set Standards-Version to 4.4.0.
  * The fix for #930113, runit support, added an /etc/tor/conf to
    set the ulimit -n when run under runit.  That directory is a bad place.
    It confuses users, nowhere is it apparent that only runit cares about that
    directory and that e.g. sysV or systemd don't.   Get rid of that
    directory and the MAX_FILEDESCRIPTORS file in it and set a reasonable
    default in the runit script if MAX_FILEDESCRIPTORS is not already set.

 -- Peter Palfrader <email address hidden>  Wed, 21 Aug 2019 09:59:54 +0200

Available diffs

Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release) 
tor (0.4.0.5-2) unstable; urgency=medium

  * Upload 0.4.0.x tree to unstable.

 -- Peter Palfrader <email address hidden>  Sat, 13 Jul 2019 16:00:05 +0200

Available diffs

Superseded in eoan-release
Obsolete in disco-release
Deleted in disco-proposed (Reason: moved to release) 
tor (0.3.5.8-1) unstable; urgency=medium

  * Replace all references to /var/run with /run (closes: #918898).
  * New upstream version.
    - Includes a fix for a medium-severity security bug:
      Make KIST consider the outbuf length when computing what it can
      put in the outbuf. Previously, KIST acted as though the outbuf
      were empty, which could lead to the outbuf becoming too full. It
      is possible that an attacker could exploit this bug to cause a Tor
      client or relay to run out of memory and crash. Fixes bug 29168;
      bugfix on 0.3.2.1-alpha. This issue is also being tracked as
      TROVE-2019-001 and CVE-2019-8955.

 -- Peter Palfrader <email address hidden>  Thu, 21 Feb 2019 21:28:32 +0100

Available diffs

Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release) 
tor (0.3.5.7-1) unstable; urgency=medium

  * New upstream version, upload 0.3.5.x tree to unstable.

 -- Peter Palfrader <email address hidden>  Tue, 08 Jan 2019 09:22:13 +0100

Available diffs

Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release) 
tor (0.3.4.9-7) unstable; urgency=medium

  * setup-onion-service: mark as flaky

 -- Peter Palfrader <email address hidden>  Fri, 07 Dec 2018 18:21:40 +0100

Available diffs

Published in trusty-updates
Published in trusty-security 
tor (0.2.4.27-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS (client crash) via a crafted hidden service
    descriptor.
    - debian/patches/CVE-2016-1254.patch: Fix parsing bug with unrecognized
      token at EOS.
    - CVE-2016-1254
  * SECURITY UPDATE: DoS (crash) via crafted data.
    - debian/patches/CVE-2016-8860.patch: Protect against NUL-terminated
      inputs.
    - CVE-2016-8860
  * SECURITY UPDATE: DoS (assertion failure and daemon exit) via a BEGIN_DIR
    rendezvous circuit.
    - debian/patches/CVE-2017-0376.patch: Fix assertion failure.
    - CVE-2017-0376
  * SECURITY UPDATE: Replay-cache protection mechanism is ineffective for v2
    onion services.
    - debian/patches/CVE-2017-8819.patch: Fix length of replaycache-checked
      data.
    - CVE-2017-8819
  * SECURITY UPDATE: DoS (application hang) via a crafted PEM input.
    - debian/patches/CVE-2017-8821.patch: Avoid asking for passphrase on
      junky PEM input.
    - CVE-2017-8821
  * SECURITY UPDATE: Relays, that have incompletely downloaded
    descriptors, can pick themselves in a circuit path, leading to a
    degradation of anonymity
    - debian/patches/CVE-2017-8822.patch: Use local descriptor object to
      exclude self in path selection.
    - CVE-2017-8822

 -- Eduardo Barretto <email address hidden>  Fri, 23 Nov 2018 14:25:06 -0200
Published in xenial-updates
Published in xenial-security 
tor (0.2.9.14-1ubuntu1~16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Remote crash attack against directory authorities.
    - debian/patches/CVE-2018-0490.patch: Correctly handle NULL returns
      from parse_protocol_list when voting.
    - CVE-2018-0490

 -- Eduardo Barretto <email address hidden>  Thu, 22 Nov 2018 13:37:42 -0200
Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release) 
tor (0.3.4.9-5) unstable; urgency=medium

  * New autopkgtest: setup-onion-service.

 -- Peter Palfrader <email address hidden>  Tue, 06 Nov 2018 16:08:35 +0100

Available diffs

Superseded in disco-release
Obsolete in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release) 
tor (0.3.3.9-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Fri, 13 Jul 2018 22:24:19 +0200

Available diffs

Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release) 
tor (0.3.3.8-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Tue, 10 Jul 2018 10:50:11 +0200

Available diffs

Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release) 
tor (0.3.3.7-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Wed, 13 Jun 2018 09:31:15 +0200

Available diffs

Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release) 
tor (0.3.3.6-1) unstable; urgency=medium

  * New upstream version, upload 0.3.3.x tree to unstable.
  * Start using upstream's minimal torrc as our default /etc/tor/torrc.
  * Put longer torrc.sample into /usr/share/doc.

 -- Peter Palfrader <email address hidden>  Wed, 23 May 2018 00:08:43 +0200

Available diffs

Superseded in cosmic-release
Published in bionic-release
Deleted in bionic-proposed (Reason: moved to release) 
tor (0.3.2.10-1) unstable; urgency=medium

  * New upstream version.
    - Includes an important security fix for a remote crash attack against
      directory authorities.
      [TROVE-2018-001 and CVE-2018-0490]
    - Additionally, backports a fix for Tor#24700, which was originally
      fixed in 0.3.3.2-alpha but had its severity upgraded now as it can be
      remotely triggered and can crash relays.
      [TROVE-2018-002 and CVE-2018-0491]

 -- Peter Palfrader <email address hidden>  Sat, 03 Mar 2018 14:37:34 +0100
Obsolete in artful-updates
Obsolete in artful-security 
tor (0.3.0.13-0ubuntu1~17.10.2) artful-security; urgency=medium

  * No change rebuild for the security pocket.

 -- Seth Arnold <email address hidden>  Wed, 28 Feb 2018 14:53:07 -0800
Superseded in xenial-updates
Superseded in xenial-security 
tor (0.2.9.14-1ubuntu1~16.04.2) xenial-security; urgency=medium

  * No-change rebuild for the security pocket.

 -- Seth Arnold <email address hidden>  Wed, 28 Feb 2018 14:47:47 -0800
Superseded in artful-updates
Deleted in artful-proposed (Reason: moved to -updates) 
tor (0.3.0.13-0ubuntu1~17.10.1) artful; urgency=medium

  [ Peter Palfrader ]
  * Change "AppArmorProfile=system_tor" to AppArmorProfile=-system_tor,
    causing all errors while switching to the new apparmor profile to
    be ignored.  This is not ideal, but for now it's probably the
    best solution. Thanks to intrigeri; closes: #880490.

  [ Simon Deziel ]
  * New upstream version: 0.3.0.13 (LP: #1731698)
    - Fix a denial of service bug where an attacker could use a
      malformed directory object to cause a Tor instance to pause while
      OpenSSL would try to read a passphrase from the terminal. (Tor
      instances run without a terminal, which is the case for most Tor
      packages, are not impacted.) Fixes bug 24246; bugfix on every
      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
      Found by OSS-Fuzz as testcase 6360145429790720.
    - Fix a denial of service issue where an attacker could crash a
      directory authority using a malformed router descriptor. Fixes bug
      24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
      and CVE-2017-8820.
    - When checking for replays in the INTRODUCE1 cell data for a
      (legacy) onion service, correctly detect replays in the RSA-
      encrypted part of the cell. We were previously checking for
      replays on the entire cell, but those can be circumvented due to
      the malleability of Tor's legacy hybrid encryption. This fix helps
      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
      and CVE-2017-8819.
    - Fix a use-after-free error that could crash v2 Tor onion services
      when they failed to open circuits while expiring introduction
      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
      also tracked as TROVE-2017-013 and CVE-2017-8823.
    - When running as a relay, make sure that we never build a path
      through ourselves, even in the case where we have somehow lost the
      version of our descriptor appearing in the consensus. Fixes part
      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
      as TROVE-2017-012 and CVE-2017-8822.
    - When running as a relay, make sure that we never choose ourselves
      as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
      issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  * New upstream version: 0.3.0.12
    - Directory authority changes
  * New upstream version: 0.3.0.11
    - Fix TROVE-2017-008: Stack disclosure in hidden services logs when
      SafeLogging disabled (CVE-2017-0380)
  * debian/rules: stop overriding micro-revision.i
Superseded in xenial-updates
Deleted in xenial-proposed (Reason: moved to -updates) 
tor (0.2.9.14-1ubuntu1~16.04.1) xenial; urgency=medium

  [ Peter Palfrader ]
  * apparmor: use Pix instead of PUx for obfs4proxy, giving us
    better confinement of the child process while actually working
    with systemd's NoNewPrivileges.  (closes: #867342)
  * Do not rely on aa-exec and aa-enabled being in /usr/sbin in the
    SysV init script.  This change enables apparmor confinement
    on some system-V systems again.  (closes: #869153)
  * Update apparmor profile: replace CAP_DAC_OVERRIDE with
    CAP_DAC_READ_SEARCH to match the systemd capability bounding set
    changed with 0.3.0.4-rc-1.  This change will allow tor to start
    again under apparmor if hidden services are configured.
    Patch by intrigeri.  (closes: #862993)
  * Replace CAP_DAC_OVERRIDE with CAP_DAC_READ_SEARCH in systemd's service
    capability bounding set.  Read access is sufficient for Tor (as root on
    startup) to check its onion service directories (see #847598).
  * Change "AppArmorProfile=system_tor" to AppArmorProfile=-system_tor,
    causing all errors while switching to the new apparmor profile to
    be ignored.  This is not ideal, but for now it's probably the
    best solution. Thanks to intrigeri; closes: #880490.

  [ Simon Deziel ]
  * Backport 0.2.9.14 to 16.04 (LP: #1731698)
  * debian/rules: stop overriding micro-revision.i
  * debian/control: drop build-conflicts
  * debian/control: Limit the seccomp build-dependency to [amd64 i386 x32 armel armhf]
  * Resync with Debian Stretch
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release) 
tor (0.3.2.9-1build1) bionic; urgency=high

  * No change rebuild against openssl1.1.

 -- Dimitri John Ledkov <email address hidden>  Mon, 05 Feb 2018 23:29:18 +0000
Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release) 
tor (0.3.2.9-1) unstable; urgency=medium

  * New upstream version, upload 0.3.2.x tree to unstable.

 -- Peter Palfrader <email address hidden>  Tue, 16 Jan 2018 10:49:46 +0100

Available diffs

Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release) 
tor (0.3.1.9-1) unstable; urgency=high

  * New upstream version, including among others:
    - Fix a denial of service bug where an attacker could use a
      malformed directory object to cause a Tor instance to pause while
      OpenSSL would try to read a passphrase from the terminal. (Tor
      instances run without a terminal, which is the case for most Tor
      packages, are not impacted.) Fixes bug 24246; bugfix on every
      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
      Found by OSS-Fuzz as testcase 6360145429790720.
    - Fix a denial of service issue where an attacker could crash a
      directory authority using a malformed router descriptor. Fixes bug
      24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
      and CVE-2017-8820.
    - When checking for replays in the INTRODUCE1 cell data for a
      (legacy) onion service, correctly detect replays in the RSA-
      encrypted part of the cell. We were previously checking for
      replays on the entire cell, but those can be circumvented due to
      the malleability of Tor's legacy hybrid encryption. This fix helps
      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
      and CVE-2017-8819.
    - Fix a use-after-free error that could crash v2 Tor onion services
      when they failed to open circuits while expiring introduction
      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
      also tracked as TROVE-2017-013 and CVE-2017-8823.
    - When running as a relay, make sure that we never build a path
      through ourselves, even in the case where we have somehow lost the
      version of our descriptor appearing in the consensus. Fixes part
      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
      as TROVE-2017-012 and CVE-2017-8822.
    - When running as a relay, make sure that we never choose ourselves
      as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
      issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  * Build-depend on libcap-dev on linux-any so we can build tor with
    capabilities support to retain the capability to bind to low ports;
    closes: #882281, #700179.

 -- Peter Palfrader <email address hidden>  Fri, 01 Dec 2017 23:32:58 +0100

Available diffs

Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release) 
tor (0.3.1.8-2) unstable; urgency=medium

  * Recent linux packages in Debian have enabled the apparmor
    Linux-Security-Module by default.  Therefore, users are likely to have
    apparmor support not only built into their kernel but also actively
    enabled at runtime.  Unfortunately, without the apparmor package
    being installed, systemd's AppArmorProfile= service setting will
    cause the unit to fail to start.
    .
    Change "AppArmorProfile=system_tor" to AppArmorProfile=-system_tor,
    causing all errors while switching to the new apparmor profile to
    be ignored.  This is not ideal, but for now it's probably the
    best solution.
    .
    Thanks to intrigeri; closes: #880490.

 -- Peter Palfrader <email address hidden>  Thu, 02 Nov 2017 21:31:27 +0100
Superseded in bionic-proposed 
tor (0.3.1.8-1) unstable; urgency=medium

  * New upstream version.

 -- Peter Palfrader <email address hidden>  Sun, 29 Oct 2017 19:58:03 +0100
Superseded in xenial-updates
Deleted in xenial-proposed (Reason: moved to -updates) 
tor (0.2.9.11-1ubuntu1~16.04.1) xenial; urgency=medium

  * Backport from Debian Stretch to Xenial. Ubuntu Delta: (LP: #1710753)
    - Limit the seccomp build-dependency to [amd64 i386 armhf].
    - Drop build-conflicts.
    - Update debian/micro-revision.i to match 0.2.9.11 commit ID.
    - Use DAC_READ_SEARCH instead of DAC_OVERRIDE for Apparmor and
      systemd units. Cherry picked from 0.3.0.10-1 and 0.3.0.4-rc-1.
    - Limit the seccomp build-dependency to [amd64 i386 x32 armel armhf].

 -- Simon Deziel <email address hidden>  Tue, 15 Aug 2017 02:57:56 +0000
Obsolete in zesty-updates
Deleted in zesty-proposed (Reason: moved to -updates) 
tor (0.2.9.11-1ubuntu1) zesty; urgency=medium

  * Backport from Debian Stretch to Zesty. Ubuntu Delta: (LP: #1710753)
    - Limit the seccomp build-dependency to [amd64 i386 armhf].
    - Drop build-conflicts.
    - Update debian/micro-revision.i to match 0.2.9.11 commit ID.
    - Use DAC_READ_SEARCH instead of DAC_OVERRIDE for Apparmor and
      systemd units. Cherry picked from 0.3.0.10-1 and 0.3.0.4-rc-1.

 -- Simon Deziel <email address hidden>  Tue, 15 Aug 2017 02:57:56 +0000
Superseded in bionic-release
Obsolete in artful-release
Deleted in artful-proposed (Reason: moved to release) 
tor (0.3.0.10-1) unstable; urgency=medium

  * New upstream version.
  * Update apparmor profile: replace CAP_DAC_OVERRIDE with
    CAP_DAC_READ_SEARCH to match the systemd capability bounding set
    changed with 0.3.0.4-rc-1.  This change will allow tor to start
    again under apparmor if hidden services are configured.
    Patch by intrigeri.  (closes: #862993)
  * Remove tor-dbg binary package.  Nowadays Debian's toolchain
    automatically builds packages containing debugging symbols.  The new
    tor-dbgsym package will end up in the debian-debug archive.
    This tor-dbgsym package will Replace/Break tor-dbg versions
    prior to 0.3.1.5-alpha for now (to match the version in experimental
    with the same change), but as we keep providing backported builds for
    older suites, and since those keep the tor-dbg package for now,
    we'll likely keep increasing this version in future releases.
    (closes: #867547)
  * The dbgsym migration options require debhelper >= 9.20160114; update
    build dependency list accordingly.

 -- Peter Palfrader <email address hidden>  Sun, 13 Aug 2017 17:24:23 +0200
Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release) 
tor (0.3.0.9-1build1) artful; urgency=medium

  * No-change rebuild against libevent-2.1-6

 -- Steve Langasek <email address hidden>  Mon, 31 Jul 2017 02:54:09 +0000
Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release) 
tor (0.3.0.9-1) unstable; urgency=medium

  * New upstream version, upload 0.3.0.x tree to unstable.
    - Fixes TROVE-2017-006: Regression in guard family avoidance
      (closes: #866799; CVE-2017-0377).
  * Remove debian/README.{polipo,privoxy} as using them is not recommended.
    (Torbrowser is the better option for users browsing the web.)

 -- Peter Palfrader <email address hidden>  Sun, 02 Jul 2017 00:53:02 +0200

Available diffs

Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release) 
tor (0.2.9.11-1) unstable; urgency=high

  * New upstream version.
    - Fix a remotely triggerable assertion failure caused by receiving a
      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
      on 0.2.2.1-alpha.  (closes: #864424)

 -- Peter Palfrader <email address hidden>  Thu, 08 Jun 2017 18:48:46 +0200
Superseded in artful-release
Obsolete in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
tor (0.2.9.10-1ubuntu1) zesty; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Limit the seccomp build-dependency to [amd64 i386 armhf].

 -- Gianfranco Costamagna <email address hidden>  Wed, 08 Mar 2017 08:25:29 +0100
Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
tor (0.2.9.9-1ubuntu1) zesty; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Limit the seccomp build-dependency to [amd64 i386 armhf].

 -- Gianfranco Costamagna <email address hidden>  Wed, 01 Feb 2017 15:00:23 +0100
Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
tor (0.2.9.8-2ubuntu1) zesty; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Limit the seccomp build-dependency to [amd64 i386 armhf].

 -- Gianfranco Costamagna <email address hidden>  Wed, 21 Dec 2016 10:56:27 +0100
Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
tor (0.2.8.11-2ubuntu1) zesty; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Limit the seccomp build-dependency to [amd64 i386 armhf].

 -- Gianfranco Costamagna <email address hidden>  Sat, 10 Dec 2016 09:07:07 +0100
Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
tor (0.2.8.11-1ubuntu1) zesty; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Limit the seccomp build-dependency to [amd64 i386 armhf].

 -- Gianfranco Costamagna <email address hidden>  Fri, 09 Dec 2016 23:41:39 +0100
Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
tor (0.2.8.10-1ubuntu1) zesty; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Limit the seccomp build-dependency to [amd64 i386 armhf].

 -- Gianfranco Costamagna <email address hidden>  Mon, 05 Dec 2016 22:28:13 +0100
Superseded in zesty-release
Deleted in zesty-proposed (Reason: moved to release) 
tor (0.2.8.9-1ubuntu1) zesty; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Limit the seccomp build-dependency to [amd64 i386 armhf].

 -- Gianfranco Costamagna <email address hidden>  Wed, 19 Oct 2016 11:39:41 +0200
Superseded in zesty-release
Obsolete in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
tor (0.2.8.8-1ubuntu1) yakkety; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Limit the seccomp build-dependency to [amd64 i386 armhf].

 -- Gianfranco Costamagna <email address hidden>  Mon, 26 Sep 2016 09:02:25 +0200
Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
tor (0.2.8.7-1ubuntu1) yakkety; urgency=medium

  * Merge from Debian unstable.  Remaining changes:
    - Limit the seccomp build-dependency to [amd64 i386 armhf].

 -- Gianfranco Costamagna <email address hidden>  Thu, 25 Aug 2016 13:21:06 +0200
Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
tor (0.2.8.6-3ubuntu1) yakkety; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Limit the seccomp build-dependency to [amd64 i386 armhf].

 -- Gianfranco Costamagna <email address hidden>  Tue, 23 Aug 2016 16:37:59 +0200
Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
tor (0.2.8.6-2ubuntu1) yakkety; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Limit the seccomp build-dependency to [amd64 i386 armhf].

 -- Gianfranco Costamagna <email address hidden>  Sat, 13 Aug 2016 12:59:47 +0200
Superseded in yakkety-release
Deleted in yakkety-proposed (Reason: moved to release) 
tor (0.2.8.6-1ubuntu1) yakkety; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Limit the seccomp build-dependency to [amd64 i386 armhf].

 -- Gianfranco Costamagna <email address hidden>  Thu, 04 Aug 2016 16:19:09 +0200
175 of 144 results FirstPreviousLast