tor 0.2.4.27-1build0.14.04.1 source package in Ubuntu

Changelog

tor (0.2.4.27-1build0.14.04.1) trusty-security; urgency=medium

  * Synced from Debian as a security update

tor (0.2.4.27-1) wheezy-security; urgency=medium

  * New upstream version, fixing hidden service related Denial of
    Service bugs:
    - Fix two remotely triggerable assertion failures (upstream bugs
      #15600 and #15601).
    - Disallow multiple INTRODUCE1 cells on the same circuit at introduction
      points, making overwhelming hidden services with introductions more
      expensive (upstream bug #15515).

tor (0.2.4.26-1) wheezy-security; urgency=medium

  * New upstream version.
    + Fixes the following security relevant issues (copied from upstream
      changelog):
      - Fix an assertion failure that could occur under high DNS load.
        Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
        diagnosed and fixed by "cypherpunks".
      - Fix a bug that could lead to a relay crashing with an assertion
        failure if a buffer of exactly the wrong layout was passed to
        buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
        0.2.0.10-alpha. Patch from 'cypherpunks'.
      - Do not assert if the 'data' pointer on a buffer is advanced to the
        very end of the buffer; log a BUG message instead. Only assert if
        it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
      - Disable support for SSLv3. All versions of OpenSSL in use with Tor
        today support TLS 1.0 or later, so we can safely turn off support
        for this old (and insecure) protocol. Fixes bug 13426.
    + Updates the list of directory authorities and the geoIP database.

tor (0.2.4.24-1) wheezy; urgency=low

  * New upstream version, built for stable (re: #762587):
    - Use correct byte order when sending the address of the chosen rendezvous
      point to a hidden service.  This bug meant that clients were leaking to
      the hidden service whether they were on a little-endian (common) or
      big-endian (rare) system.
    - Change IP address for the gabelmoo v3 directory authority.
    - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
      Country database.

tor (0.2.4.23-1~deb7u1) wheezy-security; urgency=high

  * New upstream version, built for wheezy:
    - Clients will no longer use CREATE_FAST cells for the first hop of their
      circuit.  This approach can improve security on connections where Tor's
      circuit handshake is stronger than the available TLS connection security
      levels.
    - Prepare for lowering the number of used entry guards by honoring the
      NumDirectoryGuards consensus parameter.
    - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
      implementation.
    - Warn and drop the circuit if we receive an inbound 'relay early' cell.

tor (0.2.4.22-1~deb7u1) wheezy; urgency=medium

  * Build for stable (re: #751977).
  * Revert upstream changes to the default torrc to match what 0.2.3.25-1
    from stable has (two minor changes in comments).

tor (0.2.4.22-1) unstable; urgency=medium

  * New upstream version.

tor (0.2.4.21-1) unstable; urgency=low

  * New upstream version.

 -- Marc Deslauriers <email address hidden>  Wed, 29 Jul 2015 07:57:22 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2015-07-29
Uploaded to:
Trusty
Original maintainer:
Peter Palfrader
Architectures:
any all
Section:
net
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
tor_0.2.4.27.orig.tar.gz 3.0 MiB ea1dddb4ae5fb11fecdf2639669dda6a4b960da4e3dc89ecb3d4250aee6e4871
tor_0.2.4.27-1build0.14.04.1.diff.gz 34.7 KiB 87933a48534dc8e864c818a374bf0881d6eae26f98bc4bbc74301261e2610127
tor_0.2.4.27-1build0.14.04.1.dsc 2.0 KiB 8f3e005ea40ed892f284afa961b531f037a5ceaccb05cbf3037b748984c3e158

View changes file

Binary packages built by this source

tor: anonymizing overlay network for TCP

 Tor is a connection-based low-latency anonymous communication system.
 .
 Clients choose a source-routed path through a set of relays, and
 negotiate a "virtual circuit" through the network, in which each relay
 knows its predecessor and successor, but no others. Traffic flowing
 down the circuit is decrypted at each relay, which reveals the
 downstream relay.
 .
 Basically, Tor provides a distributed network of relays. Users bounce
 their TCP streams (web traffic, ftp, ssh, etc) around the relays, and
 recipients, observers, and even the relays themselves have difficulty
 learning which users connected to which destinations.
 .
 This package enables only a Tor client by default, but it can also be
 configured as a relay and/or a hidden service easily.
 .
 Client applications can use the Tor network by connecting to the local
 socks proxy interface provided by your Tor instance. If the application
 itself does not come with socks support, you can use a socks client
 such as torsocks.
 .
 Note that Tor does no protocol cleaning on application traffic. There
 is a danger that application protocols and associated programs can be
 induced to reveal information about the user. Tor depends on Torbutton
 and similar protocol cleaners to solve this problem. For best
 protection when web surfing, the Tor Project recommends that you use
 the Tor Browser Bundle, a standalone tarball that includes static
 builds of Tor, Torbutton, and a modified Firefox that is patched to fix
 a variety of privacy bugs.

tor-dbg: debugging symbols for Tor

 This package provides the debugging symbols for Tor, The Onion Router.
 Those symbols allow your debugger to assign names to your backtraces, which
 makes it somewhat easier to interpret core dumps.

tor-dbgsym: debug symbols for package tor

 Tor is a connection-based low-latency anonymous communication system.
 .
 Clients choose a source-routed path through a set of relays, and
 negotiate a "virtual circuit" through the network, in which each relay
 knows its predecessor and successor, but no others. Traffic flowing
 down the circuit is decrypted at each relay, which reveals the
 downstream relay.
 .
 Basically, Tor provides a distributed network of relays. Users bounce
 their TCP streams (web traffic, ftp, ssh, etc) around the relays, and
 recipients, observers, and even the relays themselves have difficulty
 learning which users connected to which destinations.
 .
 This package enables only a Tor client by default, but it can also be
 configured as a relay and/or a hidden service easily.
 .
 Client applications can use the Tor network by connecting to the local
 socks proxy interface provided by your Tor instance. If the application
 itself does not come with socks support, you can use a socks client
 such as torsocks.
 .
 Note that Tor does no protocol cleaning on application traffic. There
 is a danger that application protocols and associated programs can be
 induced to reveal information about the user. Tor depends on Torbutton
 and similar protocol cleaners to solve this problem. For best
 protection when web surfing, the Tor Project recommends that you use
 the Tor Browser Bundle, a standalone tarball that includes static
 builds of Tor, Torbutton, and a modified Firefox that is patched to fix
 a variety of privacy bugs.

tor-geoipdb: GeoIP database for Tor

 This package provides a GeoIP database for Tor, i.e. it maps IPv4 addresses
 to countries.
 .
 Bridge relays (special Tor relays that aren't listed in the main Tor
 directory) use this information to report which countries they see
 connections from. These statistics enable the Tor network operators to
 learn when certain countries start blocking access to bridges.
 .
 Clients can also use this to learn what country each relay is in, so
 Tor controllers like arm or Vidalia can use it, or if they want to
 configure path selection preferences.