Format: 1.8 Date: Sun, 14 Jan 2018 14:17:46 -0500 Source: tor Binary: tor tor-dbg tor-geoipdb Architecture: i386 Version: 0.2.9.14-1ubuntu1~16.04.1 Distribution: xenial-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Simon Deziel Description: tor - anonymizing overlay network for TCP tor-dbg - debugging symbols for Tor tor-geoipdb - GeoIP database for Tor Closes: 862993 867342 869153 880490 Launchpad-Bugs-Fixed: 1731698 Changes: tor (0.2.9.14-1ubuntu1~16.04.1) xenial; urgency=medium . [ Peter Palfrader ] * apparmor: use Pix instead of PUx for obfs4proxy, giving us better confinement of the child process while actually working with systemd's NoNewPrivileges. (closes: #867342) * Do not rely on aa-exec and aa-enabled being in /usr/sbin in the SysV init script. This change enables apparmor confinement on some system-V systems again. (closes: #869153) * Update apparmor profile: replace CAP_DAC_OVERRIDE with CAP_DAC_READ_SEARCH to match the systemd capability bounding set changed with 0.3.0.4-rc-1. This change will allow tor to start again under apparmor if hidden services are configured. Patch by intrigeri. (closes: #862993) * Replace CAP_DAC_OVERRIDE with CAP_DAC_READ_SEARCH in systemd's service capability bounding set. Read access is sufficient for Tor (as root on startup) to check its onion service directories (see #847598). * Change "AppArmorProfile=system_tor" to AppArmorProfile=-system_tor, causing all errors while switching to the new apparmor profile to be ignored. This is not ideal, but for now it's probably the best solution. Thanks to intrigeri; closes: #880490. . [ Simon Deziel ] * Backport 0.2.9.14 to 16.04 (LP: #1731698) * debian/rules: stop overriding micro-revision.i * debian/control: drop build-conflicts * debian/control: Limit the seccomp build-dependency to [amd64 i386 x32 armel armhf] * Resync with Debian Stretch Checksums-Sha1: dbfa5967744f2a7c8ca15409e9571d8ec8fc443a 2428818 tor-dbg_0.2.9.14-1ubuntu1~16.04.1_i386.deb 3b2a06a140f67e3d1a82bde171b94f9e11f45ea6 1570 tor-dbgsym_0.2.9.14-1ubuntu1~16.04.1_i386.ddeb a8981af6a90b17c95ce1af9ce058d80fd42d2a1b 1162788 tor_0.2.9.14-1ubuntu1~16.04.1_i386.deb Checksums-Sha256: 7f864ce063d4ef445e54a206f48e9eaf5942e7763879c95cece1a200af227bfe 2428818 tor-dbg_0.2.9.14-1ubuntu1~16.04.1_i386.deb c8dda89cffbee7b9f2bc65f0146698a5b0079b0e45b3178fb58c6fbe7cf0c0fa 1570 tor-dbgsym_0.2.9.14-1ubuntu1~16.04.1_i386.ddeb 710b185609379d5d4ac6d990a4b674d82169ec9ec21c3c29458ac574fbd052f7 1162788 tor_0.2.9.14-1ubuntu1~16.04.1_i386.deb Files: d359671cca65a617be3ffc3f8cba2df2 2428818 debug extra tor-dbg_0.2.9.14-1ubuntu1~16.04.1_i386.deb badce3d7380062cc201fe2c02756bbf4 1570 net extra tor-dbgsym_0.2.9.14-1ubuntu1~16.04.1_i386.ddeb 39b639e281ac4f1a7377206baa1b8832 1162788 net optional tor_0.2.9.14-1ubuntu1~16.04.1_i386.deb Original-Maintainer: Peter Palfrader