--- tor-0.2.2.35.orig/debian/tor.default +++ tor-0.2.2.35/debian/tor.default @@ -0,0 +1,62 @@ +# Defaults for tor initscript +# sourced by /etc/init.d/tor +# installed at /etc/default/tor by the maintainer scripts + +# +# This is a bash shell fragment +# +RUN_DAEMON="yes" + +# +# Servers sometimes may need more than the default 1024 file descriptors +# if they are very busy and have many clients connected to them. The top +# servers as of early 2008 regularly have more than 10000 connected +# clients. +# (ulimit -n) +# +# (the default varies as it depends on the number of available system-wide file +# descriptors. See the init script in /etc/init.d/tor for details.) +# +# MAX_FILEDESCRIPTORS= + +# +# If tor is seriously hogging your CPU, taking away too much cycles from +# other system resources, then you can renice tor. See nice(1) for a +# bit more information. Another way to limit the CPU usage of an Onion +# Router is to set a lower BandwidthRate, as CPU usage is mostly a function +# of the amount of traffic flowing through your node. Consult the torrc(5) +# manual page for more information on setting BandwidthRate. +# +# NICE="--nicelevel 5" + +# Additional arguments to pass on tor's command line. +# +# ARGS="" + +# +# Uncomment the ulimit call below if you want tor to produce coredumps on +# segfaults and assert errors. +# +# Keeping coredumps around is some sort of security issue since they +# may leak session keys, sensitive client data and more, should such +# files fall into the wrong hands. Therefore coredumps are not enabled +# by default. +# +# ulimit -c unlimited + +# +# Config option for the weekly cron file: Whether or not to remove old +# coredumps in /var/lib/tor. Coredumps can hold sensitive data, as such +# they probably should not be kept lying around if nobody will ever look +# at them. This option makes /etc/cron.weekly/tor clean out files older +# then three weeks. +# +CLEANUP_OLD_COREFILES=y + + +# Let the vidalia package override some of our settings. +# People who have vidalia installed might not want to run Tor as a system +# service. The vidalia .deb can ask them that and then set run-daemon to no. +if [ -e /etc/default/tor.vidalia ] && [ -x /usr/bin/vidalia ]; then + . /etc/default/tor.vidalia +fi --- tor-0.2.2.35.orig/debian/control +++ tor-0.2.2.35/debian/control @@ -0,0 +1,76 @@ +Source: tor +Section: net +Priority: optional +Maintainer: Peter Palfrader +Build-Depends: debhelper (>= 5), libssl-dev, dpatch, zlib1g-dev, libevent-dev (>= 1.1), binutils (>= 2.14.90.0.7), hardening-includes, asciidoc (>= 8.2), docbook-xml, docbook-xsl, xmlto +Standards-Version: 3.8.1 +Homepage: https://www.torproject.org/ +Vcs-Git: git://git.torproject.org/debian/tor.git +Vcs-Browser: https://gitweb.torproject.org/debian/tor.git + +Package: tor +Architecture: any +Depends: ${shlibs:Depends}, adduser, ${misc:Depends} +Conflicts: libssl0.9.8 (<< 0.9.8g-9) +Recommends: logrotate, tor-geoipdb, torsocks | tsocks +Suggests: mixmaster, xul-ext-torbutton, socat, tor-arm, polipo (>= 1) | privoxy +Description: anonymizing overlay network for TCP + Tor is a connection-based low-latency anonymous communication system which + addresses many flaws in the original onion routing design. + . + In brief, Onion Routing is a connection-oriented anonymizing communication + service. Users choose a source-routed path through a set of nodes, and + negotiate a "virtual circuit" through the network, in which each node + knows its predecessor and successor, but no others. Traffic flowing down + the circuit is unwrapped by a symmetric key at each node, which reveals + the downstream node. + . + Basically Tor provides a distributed network of servers ("onion + routers"). Users bounce their tcp streams (web traffic, ftp, ssh, etc) + around the routers, and recipients, observers, and even the routers + themselves have difficulty tracking the source of the stream. + . + Note that Tor does no protocol cleaning. That means there is a danger that + application protocols and associated programs can be induced to reveal + information about the initiator. Tor depends on Privoxy and similar protocol + cleaners to solve this problem. + . + Client applications can use the Tor network by connecting to the local + onion proxy. If the application itself does not come with socks support + you can use a socks client such as tsocks. Some web browsers like mozilla + and web proxies like privoxy come with socks support, so you don't need an + extra socks client if you want to use Tor with them. + . + This package enables only the onion proxy by default, but it can be configured + as a relay (server) node. + . + Remember that this is development code -- don't rely on the current Tor + network if you really need strong anonymity. + . + The latest information can be found at https://www.torproject.org/, or on the + mailing lists, archived at https://lists.torproject.org/pipermail/tor-talk/ or + https://lists.torproject.org/pipermail/tor-announce/. + +Package: tor-dbg +Architecture: any +Depends: tor (= ${binary:Version}), ${misc:Depends} +Suggests: gdb +Priority: extra +Section: debug +Description: debugging symbols for Tor + This package provides the debugging symbols for Tor, The Onion Router. + Those symbols allow your debugger to assign names to your backtraces, which + makes it somewhat easier to interpret core dumps. + +Package: tor-geoipdb +Architecture: all +Priority: extra +Depends: tor (>= ${source:Version}), ${misc:Depends} +Description: geoIP database for Tor + This package provides a geoIP database for Tor, i.e. it maps IPv4 addresses + to countries. + . + Bridges (special Tor relays that aren't listed in the main Tor directory) use + this information to report which countries they get access from. This allows + the Tor network operators to learn if certain countries started blocking + access to bridges. --- tor-0.2.2.35.orig/debian/tor.dirs +++ tor-0.2.2.35/debian/tor.dirs @@ -0,0 +1,5 @@ +etc/tor +var/lib/tor +var/log/tor +usr/bin +usr/sbin --- tor-0.2.2.35.orig/debian/tor.logrotate +++ tor-0.2.2.35/debian/tor.logrotate @@ -0,0 +1,13 @@ +/var/log/tor/*log { + daily + rotate 5 + compress + delaycompress + missingok + notifempty + create 0640 debian-tor adm + sharedscripts + postrotate + /etc/init.d/tor reload > /dev/null + endscript +} --- tor-0.2.2.35.orig/debian/tor.cron.weekly +++ tor-0.2.2.35/debian/tor.cron.weekly @@ -0,0 +1,16 @@ +#!/bin/sh + +set -e +set -u + +DEFAULTSFILE=/etc/default/tor + +if [ -f $DEFAULTSFILE ] ; then + . $DEFAULTSFILE +fi + +if [ "${CLEANUP_OLD_COREFILES:-}" = "y" ] ; then + if [ -d /var/lib/tor ] ; then + find /var/lib/tor -mindepth 1 -maxdepth 1 -type f -mtime +21 -user debian-tor -regex '.*/core\(\.[0-9]+\)?' -exec rm '{}' + + fi +fi --- tor-0.2.2.35.orig/debian/tor-geoipdb.lintian-override +++ tor-0.2.2.35/debian/tor-geoipdb.lintian-override @@ -0,0 +1 @@ +tor-geoipdb: debian-changelog-file-is-a-symlink --- tor-0.2.2.35.orig/debian/watch +++ tor-0.2.2.35/debian/watch @@ -0,0 +1,2 @@ +version=2 +http://tor.eff.org/dist/tor-(.*)\.tar\.gz --- tor-0.2.2.35.orig/debian/tor.NEWS +++ tor-0.2.2.35/debian/tor.NEWS @@ -0,0 +1,16 @@ +tor (0.2.0.26-rc-1) experimental; urgency=critical + + * weak cryptographic keys + + It has been discovered that the random number generator in Debian's + openssl package is predictable. This is caused by an incorrect + Debian-specific change to the openssl package (CVE-2008-0166). As a + result, cryptographic key material may be guessable. + + See Debian Security Advisory number 1571 (DSA-1571) for more information: + http://lists.debian.org/debian-security-announce/2008/msg00152.html + + If you run a Tor server using this package please see + /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY + + -- Peter Palfrader Tue, 13 May 2008 12:49:05 +0200 --- tor-0.2.2.35.orig/debian/tor.postinst +++ tor-0.2.2.35/debian/tor.postinst @@ -0,0 +1,121 @@ +#!/bin/sh -e + +# checking debian-tor account + +uid=`getent passwd debian-tor | cut -d ":" -f 3` +home=`getent passwd debian-tor | cut -d ":" -f 6` + +# if there is the uid the account is there and we can do +# the sanit(ar)y checks otherwise we can safely create it. + +if [ "$uid" ]; then + if [ "$home" = "/var/lib/tor" ]; then + : + #echo "debian-tor homedir check: ok" + else + echo "ERROR: debian-tor account has an unexpected home directory!" + echo "It should be '/var/lib/tor', but it is '$home'." + echo "Removing the debian-tor user might fix this, but the question" + echo "remains how you got into this mess to begin with." + exit 1 + fi +else + adduser --quiet \ + --system \ + --disabled-password \ + --home /var/lib/tor \ + --no-create-home \ + --shell /bin/bash \ + --group \ + debian-tor +fi + + +for i in lib run log; do + if ! [ -d "/var/$i/tor" ]; then + echo "Something or somebody made /var/$i/tor disappear." + echo "Creating one for you again." + mkdir "/var/$i/tor" + fi +done + +chown debian-tor:debian-tor /var/lib/tor +chmod 02700 /var/lib/tor + +if [ -e /var/run/tor ]; then + chown debian-tor:debian-tor /var/run/tor + chmod 02750 /var/run/tor +fi + +chown debian-tor:adm /var/log/tor +chmod 02750 /var/log/tor + + + +move_away_keys=0 + +if [ "$1" = "configure" ] && + [ -e /var/lib/tor/keys ] && + [ ! -z "$2" ]; then + if dpkg --compare-versions "$2" lt 0.1.2.19-2; then + move_away_keys=1 + elif dpkg --compare-versions "$2" gt 0.2.0 && + dpkg --compare-versions "$2" lt 0.2.0.26-rc; then + move_away_keys=1 + fi +fi +if [ "$move_away_keys" = "1" ]; then + echo "Retiring possibly compromised keys. See /usr/share/doc/tor/NEWS.Debian.gz" + echo "and /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY for" + echo "further information." + if ! [ -d /var/lib/tor/keys/moved-away-by-tor-package ]; then + mkdir /var/lib/tor/keys/moved-away-by-tor-package + cat > /var/lib/tor/keys/moved-away-by-tor-package/README.REALLY << EOF +It has been discovered that the random number generator in Debian's +openssl package is predictable. This is caused by an incorrect +Debian-specific change to the openssl package (CVE-2008-0166). As a +result, cryptographic key material may be guessable. + +See Debian Security Advisory number 1571 (DSA-1571) for more information: +http://lists.debian.org/debian-security-announce/2008/msg00152.html + +The Debian package for Tor has moved away the onion keys upon package +upgrade, and it will have moved away your identity key if it was created +in the affected timeframe. There is no sure way to automatically tell +if your key was created with an affected openssl library, so this move +is done unconditionally. + +If you have restarted Tor since this change (and the package probably +did that for you already unless you configured your system differently) +then the Tor daemon already created new keys for itself and in all +likelyhood is already working just fine with new keys. + +If you are absolutely certain that your identity key was created with +a non-affected version of openssl and for some reason you have to retain +the old identity, then you can move back the copy of secret_id_key to +/var/lib/tor/keys. Do not move back the onion keys, they were created +only recently since they are temporary keys with a lifetime of only a few +days anyway. + +Sincerely, +Peter Palfrader, Tue, 13 May 2008 13:32:23 +0200 +EOF + fi + for f in secret_onion_key secret_onion_key.old; do + if [ -e /var/lib/tor/keys/"$f" ]; then + mv -v /var/lib/tor/keys/"$f" /var/lib/tor/keys/moved-away-by-tor-package/"$f" + fi + done + if [ -e /var/lib/tor/keys/secret_id_key ]; then + id_mtime=`stat -c %Y /var/lib/tor/keys/secret_id_key` + sept=`date -d '2006-09-10' +%s` + if [ "$id_mtime" -gt "$sept" ] ; then + mv -v /var/lib/tor/keys/secret_id_key /var/lib/tor/keys/moved-away-by-tor-package/secret_id_key + fi + fi +fi + + +#DEBHELPER# + +exit 0 --- tor-0.2.2.35.orig/debian/tor.postrm +++ tor-0.2.2.35/debian/tor.postrm @@ -0,0 +1,12 @@ +#!/bin/sh -e + +if [ "$1" = "purge" ]; then + # logs have to be removed according to policy. + rm -rf /var/log/tor/ + rm -rf /var/lib/tor/ + rm -rf /var/run/tor/ +fi + +#DEBHELPER# + +exit 0 --- tor-0.2.2.35.orig/debian/README.privoxy +++ tor-0.2.2.35/debian/README.privoxy @@ -0,0 +1,18 @@ +Tor only provides TCP layer anonymity. It does not do any protocol +cleaning, so if you are going to browse the web you still give away a +lot of information to servers. + +The privoxy package provides a privacy enhancing HTTP proxy, which +is good at filtering headers, cookies, and much more. To view the +description of the Debian privoxy package just run "apt-cache show +privoxy". Please refer to the privoxy documentation for more details. + +In order to use privoxy over tor, add the following line to your +privoxy configuration file: + forward-socks4a / localhost:9050 . +(the dot is important) + +Then configure your browser to use privoxy as its HTTP proxy. + +-- +Peter Palfrader , Tue, 17 Feb 2004 02:15:36 +0100 --- tor-0.2.2.35.orig/debian/tor.init +++ tor-0.2.2.35/debian/tor.init @@ -0,0 +1,209 @@ +#! /bin/bash + +### BEGIN INIT INFO +# Provides: tor +# Required-Start: $local_fs $remote_fs $network $named $time +# Required-Stop: $local_fs $remote_fs $network $named $time +# Should-Start: $syslog +# Should-Stop: $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Starts The Onion Router daemon processes +# Description: Start The Onion Router, a TCP overlay +# network client that provides anonymous +# transport. +### END INIT INFO + +set -e + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/tor +NAME=tor +DESC="tor daemon" +TORPIDDIR=/var/run/tor +TORPID=$TORPIDDIR/tor.pid +DEFAULTSFILE=/etc/default/$NAME +WAITFORDAEMON=60 +ARGS="" +# Let's try to figure our some sane defaults: +if [ -r /proc/sys/fs/file-max ]; then + system_max=`cat /proc/sys/fs/file-max` + if [ "$system_max" -gt "80000" ] ; then + MAX_FILEDESCRIPTORS=32768 + elif [ "$system_max" -gt "40000" ] ; then + MAX_FILEDESCRIPTORS=16384 + elif [ "$system_max" -gt "10000" ] ; then + MAX_FILEDESCRIPTORS=8192 + else + MAX_FILEDESCRIPTORS=1024 + cat << EOF + +Warning: Your system has very few filedescriptors available in total. + +Maybe you should try raising that by adding 'fs.file-max=100000' to your +/etc/sysctl.conf file. Feel free to pick any number that you deem appropriate. +Then run 'sysctl -p'. See /proc/sys/fs/file-max for the current value, and +file-nr in the same directory for how many of those are used at the moment. + +EOF + fi +else + MAX_FILEDESCRIPTORS=8192 +fi + +NICE="" + +test -x $DAEMON || exit 0 + +# Include tor defaults if available +if [ -f $DEFAULTSFILE ] ; then + . $DEFAULTSFILE +fi + +wait_for_deaddaemon () { + pid=$1 + sleep 1 + if test -n "$pid" + then + if kill -0 $pid 2>/dev/null + then + echo -n "." + cnt=0 + while kill -0 $pid 2>/dev/null + do + cnt=`expr $cnt + 1` + if [ $cnt -gt $WAITFORDAEMON ] + then + echo " FAILED." + return 1 + fi + sleep 1 + echo -n "." + done + fi + fi + return 0 +} + + +check_torpiddir () { + if test ! -d $TORPIDDIR; then + #echo "There is no $TORPIDDIR directory. Creating one for you." + mkdir -m 02750 "$TORPIDDIR" + chown debian-tor:debian-tor "$TORPIDDIR" + fi + + if test ! -x $TORPIDDIR; then + echo "Cannot access $TORPIDDIR directory, are you root?" >&2 + exit 1 + fi +} + +check_config () { + if ! $DAEMON --verify-config > /dev/null; then + echo "ABORTED: Tor configuration invalid:" >&2 + $DAEMON --verify-config >&2 + exit 1 + fi +} + + +case "$1" in + start) + if [ "$RUN_DAEMON" != "yes" ]; then + echo "Not starting $DESC (Disabled in $DEFAULTSFILE)." + exit 0 + fi + + if [ -n "$MAX_FILEDESCRIPTORS" ]; then + echo -n "Raising maximum number of filedescriptors (ulimit -n) to $MAX_FILEDESCRIPTORS" + if ulimit -n "$MAX_FILEDESCRIPTORS" ; then + echo "." + else + echo ": FAILED." + fi + fi + + check_torpiddir + + echo "Starting $DESC: $NAME..." + check_config + + start-stop-daemon --start --quiet --oknodo \ + --pidfile $TORPID \ + $NICE \ + --exec $DAEMON -- $ARGS + echo "done." + ;; + stop) + echo -n "Stopping $DESC: " + pid=`cat $TORPID 2>/dev/null` || true + + if test ! -f $TORPID -o -z "$pid"; then + echo "not running (there is no $TORPID)." + exit 0 + fi + + if start-stop-daemon --stop --signal INT --quiet --pidfile $TORPID --exec $DAEMON; then + wait_for_deaddaemon $pid + echo "$NAME." + elif kill -0 $pid 2>/dev/null + then + echo "FAILED (Is $pid not $NAME? Is $DAEMON a different binary now?)." + else + echo "FAILED ($DAEMON died: process $pid not running; or permission denied)." + fi + ;; + reload|force-reload) + echo -n "Reloading $DESC configuration: " + pid=`cat $TORPID 2>/dev/null` || true + + if test ! -f $TORPID -o -z "$pid"; then + echo "not running (there is no $TORPID)." + exit 0 + fi + + check_config + + if start-stop-daemon --stop --signal 1 --quiet --pidfile $TORPID --exec $DAEMON + then + echo "$NAME." + elif kill -0 $pid 2>/dev/null + then + echo "FAILED (Is $pid not $NAME? Is $DAEMON a different binary now?)." + else + echo "FAILED ($DAEMON died: process $pid not running; or permission denied)." + fi + ;; + restart) + check_config + + $0 stop + sleep 1 + $0 start + ;; + status) + if test ! -r $(dirname $TORPID); then + echo "cannot read tor PID file" + exit 4 + fi + pid=`cat $TORPID 2>/dev/null` || true + if test ! -f $TORPID -o -z "$pid"; then + echo "tor is not running" + exit 3 + fi + if ps "$pid" >/dev/null 2>&1; then + echo "tor is running" + exit 0 + else + echo "tor is not running" + exit 1 + fi + ;; + *) + echo "Usage: $0 {start|stop|restart|reload|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 --- tor-0.2.2.35.orig/debian/rules +++ tor-0.2.2.35/debian/rules @@ -0,0 +1,203 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +export PACKAGE=tor +include /usr/share/dpatch/dpatch.make + +# enable hardning options +include /usr/share/hardening-includes/hardening.make +CFLAGS += $(HARDENING_CFLAGS) +LDFLAGS += $(HARDENING_LDFLAGS) + +# These are used for cross-compiling and for saving the configure script +# from having to guess our platform (since we know it already) +# +# See /usr/share/doc/autotools-dev/README.Debian.gz which suggests +# this way of passing --build and --host. Also see the thread on +# debian-devel './configure in debian/rules' from February/March 2006, +# starting with <43FF212C.5020800@xs4all.nl> by Pjotr Kourzanov. +export DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE)) + confflags += --build $(DEB_HOST_GNU_TYPE) +else + confflags += --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE) +endif + +CFLAGS ?= -Wall -g + +# Do not optimize the build with "noopt" +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +# Do not strip the binary with "nostrip" +#ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) +# INSTALL_PROGRAM += -s +#endif + +# Prevent the unit tests from being run with "nocheck" +ifneq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS))) + RUN_TEST = no +endif +ifneq (,$(findstring notest,$(DEB_BUILD_OPTIONS))) + RUN_TEST = no +endif + +# Support passing of parallel= in build options +ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) + MAKEFLAGS += -j$(NUMJOBS) +endif + +# allow building against libdmalloc4 - it better be installed +ifneq (,$(findstring with-dmalloc,$(DEB_BUILD_OPTIONS))) + confflags += --with-dmalloc +endif +# allow building with --enable-openbsd-malloc +ifneq (,$(findstring enable-openbsd-malloc,$(DEB_BUILD_OPTIONS))) + confflags += --enable-openbsd-malloc +endif + +export LDFLAGS +export CFLAGS + +MANPAGE_INS=doc/tor.1.in doc/torify.1.in doc/tor-gencert.1.in doc/tor-resolve.1.in + +configure: patch-stamp +config.status: configure + dh_testdir + ./configure \ + $(confflags) \ + --prefix=/usr \ + --mandir=\$${prefix}/share/man \ + --infodir=\$${prefix}/share/info \ + --localstatedir=/var \ + --sysconfdir=/etc + + +build: build-stamp + + +# create the manpages here because the build-system shipped in the tarball is +# incomplete. moving foo.8 to foo.1.in is intended. +doc/%.1.in: doc/%.1.txt patch-stamp + target="$@"; base="$${target%%.1.in}"; \ + a2x -f manpage "$$base".1.txt && \ + if [ -e "$$base".1 ]; then mv "$$base".1 "$$base".1.in; \ + elif [ -e "$$base".8 ]; then mv "$$base".8 "$$base".1.in; \ + else echo >&2 "No output produced by a2px?" && exit 1; fi + +build-stamp: config.status $(MANPAGE_INS) + dh_testdir + ! [ -e debian/micro-revision.i ] || cp debian/micro-revision.i src/or/micro-revision.i + + # Also touch all the .html files or else the build system will + # try to re-create them and fail badly + for file in $(MANPAGE_INS); do touch $${file%%.1.in}.html.in || exit 1; done + $(MAKE) + @echo + @echo + # Running unit tests + @if [ "$(RUN_TEST)" != "no" ]; then \ + make check; \ + else \ + echo; echo; echo "Skipping unittests"; echo; \ + fi + @echo + touch build-stamp + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp + rm -f src/common/common_sha1.i src/or/or_sha1.i + rm -f src/or/micro-revision.i + + [ ! -f Makefile ] || $(MAKE) distclean + ! [ -e debian/micro-revision.i ] || rm -f src/or/micro-revision.i + + # Normally the .deb wouldn't ship with a ../.git + if [ -d .git ] && which git >/dev/null; then \ + echo "\"`git rev-parse --short=16 HEAD`\"" > "debian/micro-revision.i" ; \ + fi + + # these get autobuilt from the .txt files, some of which we also patch + rm -f $(MANPAGE_INS) + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) install DESTDIR=$(CURDIR)/debian/tor + # move tor to where it belongs + mv $(CURDIR)/debian/tor/etc/tor/torrc.sample $(CURDIR)/debian/tor/etc/tor/torrc + mv $(CURDIR)/debian/tor/usr/bin/tor $(CURDIR)/debian/tor/usr/sbin/tor + install -d $(CURDIR)/debian/tor/usr/share/man/man8 + mv $(CURDIR)/debian/tor/usr/share/man/man1/tor.1 $(CURDIR)/debian/tor/usr/share/man/man8/tor.8 + + install -m 755 contrib/torify $(CURDIR)/debian/tor/usr/bin + install -m 644 contrib/tor-tsocks.conf $(CURDIR)/debian/tor/etc/tor + + dh_link usr/share/man/man8/tor.8 usr/share/man/man5/torrc.5 + + rm -f $(CURDIR)/debian/tor/usr/bin/tor-control.py + + # tor-dbg doc dir + install -d -m 755 $(CURDIR)/debian/tor-dbg/usr/share/doc + ln -s tor $(CURDIR)/debian/tor-dbg/usr/share/doc/tor-dbg + + # tor-geoip + mv $(CURDIR)/debian/tor/usr/share/tor/geoip $(CURDIR)/debian/tor-geoipdb/usr/share/tor + rmdir $(CURDIR)/debian/tor/usr/share/tor || true + + install -d -m 755 $(CURDIR)/debian/tor-geoipdb/usr/share/doc/tor-geoipdb + ln -s ../tor/changelog.gz $(CURDIR)/debian/tor-geoipdb/usr/share/doc/tor-geoipdb + ln -s ../tor/changelog.Debian.gz $(CURDIR)/debian/tor-geoipdb/usr/share/doc/tor-geoipdb + + install -m 644 debian/tor-geoipdb.lintian-override $(CURDIR)/debian/tor-geoipdb/usr/share/lintian/overrides/tor-geoipdb + +# Must not depend on anything. This is to be called by +# binary-arch/binary-indep +# in another 'make' thread. +binary-common: + dh_testdir + dh_testroot + dh_installchangelogs --package=tor ChangeLog + dh_installdocs + dh_installexamples + dh_installlogrotate + dh_installinit + dh_installcron + dh_installman + dh_link + dh_strip --dbg-package=tor-dbg + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture independant packages using the common target. +binary-indep: install + $(MAKE) -f debian/rules DH_OPTIONS=-i binary-common + +# Build architecture dependant packages using the common target. +binary-arch: install + $(MAKE) -f debian/rules DH_OPTIONS=-s binary-common + +binary: binary-indep binary-arch +.PHONY: build clean binary-common binary-indep binary-arch binary install --- tor-0.2.2.35.orig/debian/tor.docs +++ tor-0.2.2.35/debian/tor.docs @@ -0,0 +1,4 @@ +debian/README.Debian +debian/README.polipo +debian/README.privoxy +contrib/tor-exit-notice.html --- tor-0.2.2.35.orig/debian/README.polipo +++ tor-0.2.2.35/debian/README.polipo @@ -0,0 +1,9 @@ +Polipo is a http proxy that makes it easer to use Tor with a browser. + +In order to make polipo use Tor, add the following to /etc/polipo/config: + socksParentProxy = localhost:9050 +You should then point your browser at localhost:8123 . + +If you are concerned about cached data remaining on your disk, you +should also add + diskCacheRoot= --- tor-0.2.2.35.orig/debian/tor-geoipdb.copyright +++ tor-0.2.2.35/debian/tor-geoipdb.copyright @@ -0,0 +1,35 @@ +This geo-ip database was downloaded as part of the Tor distribution +from . + + +It is the IP-to-Country Database provided by WebHosting.Info +(http://www.webhosting.info), available from +http://ip-to-country.webhosting.info. + + +Copyright (c) 2003 Direct Information Pvt. Ltd. All Rights Reserved. + +All usage, reproduction, modification and derivative works created from, and +distribution and publication of the IP-to-Country Database and your derivative +works thereof must keep intact all copyright notices and give credit by +displaying the following acknowledgment by replacing 'work' with one of the +following: script, product, page, service or application: + +"This 'work' uses the IP-to-Country Database + provided by WebHosting.Info (http://www.webhosting.info), + available from http://ip-to-country.webhosting.info." + +BECAUSE THE DATABASE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE +DATABASE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE +STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE +DATABASE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND +FITNESS FOR A PARTICULAR PURPOSE OR ANY WARRANTIES REGARDING THE CONTENTS OR +ACCURACY OF THE WORK. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY +COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE +DATABASE AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR +INABILITY TO USE THE DATABASE, EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN +ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. --- tor-0.2.2.35.orig/debian/TODO +++ tor-0.2.2.35/debian/TODO @@ -0,0 +1,10 @@ +Legend: + - Not done + * Top priority + . Partially done + o Done + D Deferred + X Abandoned + +- don't enable coredumps by default +- fix shipped html docs to refer to local stylesheet --- tor-0.2.2.35.orig/debian/micro-revision.i +++ tor-0.2.2.35/debian/micro-revision.i @@ -0,0 +1 @@ +"73ff13ab3cc9570d" --- tor-0.2.2.35.orig/debian/compat +++ tor-0.2.2.35/debian/compat @@ -0,0 +1 @@ +5 --- tor-0.2.2.35.orig/debian/README.Debian +++ tor-0.2.2.35/debian/README.Debian @@ -0,0 +1,21 @@ +This is the Debian package for Tor, The Onion Router. + +Some changes have been made to the Tor source to integrate it better into +Debian. If Tor is started as root or the 'debian-tor' user, then: + +- RunAsDaemon is enabled, +- PidFile is set to /var/run/tor/tor.pid (No default upstream), +- default logging goes to /var/log/tor/log (instead of stdout), +- DataDirectory is set to /var/lib/tor (uses $HOME/.tor upstream), +- User is set to "debian-tor". +- ControlSocket is enabled at /var/run/tor/control, is made + group writable (ControlSocketsGroupWritable). Additionally + CookieAuthentication is enabled, the cookie file written to + /var/run/tor/control.authcookie (CookieAuthFile) and made + group readable (CookieAuthFileGroupReadable). + +If Tor is started as any other user it behaves just like upstream's. + +-- +Peter Palfrader, Mon, 24 Jul 2006 05:20:30 +0200 + Sat, 23 Feb 2008 13:44:40 +0100 --- tor-0.2.2.35.orig/debian/changelog +++ tor-0.2.2.35/debian/changelog @@ -0,0 +1,1718 @@ +tor (0.2.2.35-1~ppa1~maverick1) maverick; urgency=low + + * Backport to Maverick. + + -- Nicola Ferralis Mon, 09 Jan 2012 22:29:20 -0500 + +tor (0.2.2.35-1) unstable; urgency=high + + * New upstream version, fixing a heap overflow bug related to Tor's + SOCKS code (CVE-2011-2778). + * There no longer is a document called INSTALL to copy to + usr/share/docs/tor, so get rid of the lintian override. Since that was + the only one in the tor package get rid of installing overrides for the + tor package entirely - there's still one override in tor-geoipdb + (closes Tor #4576). + + -- Peter Palfrader Thu, 15 Dec 2011 21:04:51 +0100 + +tor (0.2.2.34-1) unstable; urgency=high + + * New upstream version, fixing a couple of security relevant bugs + such as guard enumeration (CVE-2011-2768) and bridge enumeration + (CVE-2011-2769) issues. For details consult the upstream changelog. + + -- Peter Palfrader Thu, 27 Oct 2011 11:48:31 +0200 + +tor (0.2.2.33-1) unstable; urgency=low + + * New upstream version. + * Make patches/06_add_compile_time_defaults build without compiler warnings: + - Correctly declare functions as having no arguments instead of not + telling the compiler which arguments it'll have. + * Suggest tor-arm (closes: #640265). + * Downgrade socat and polipo|privoxy to Suggests (closes: #640264). + + -- Peter Palfrader Wed, 14 Sep 2011 08:53:40 +0200 + +tor (0.2.2.32-1) unstable; urgency=low + + * New upstream version, upload to unstable. + + -- Peter Palfrader Mon, 29 Aug 2011 13:30:36 +0200 + +tor (0.2.2.31-rc-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Sat, 20 Aug 2011 10:34:09 +0200 + +tor (0.2.2.30-rc-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Wed, 13 Jul 2011 11:57:30 +0200 + +tor (0.2.2.29-beta-1) experimental; urgency=low + + * New upstream version. + * Enable Control Socket by default. It lives in /var/run/tor/ + (closes: #552556). + * The postinst script changes /var/run/tor to mode 02750 if it exists, + but the tor init script creates it with mode 02700 if it doesn't. + Change the init script to also create the directory with a group + writeable mode, the same as the postinst maintainer script, i.e. 02750. + . + This will allow users in the debian-tor group to access the control + socket (re: #552556). + + -- Peter Palfrader Thu, 23 Jun 2011 11:26:49 +0200 + +tor (0.2.2.28-beta-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Sun, 05 Jun 2011 19:21:48 +0200 + +tor (0.2.2.27-beta-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Wed, 18 May 2011 23:46:57 +0200 + +tor (0.2.2.26-beta-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Wed, 18 May 2011 16:31:11 +0200 + +tor (0.2.2.25-alpha-1) experimental; urgency=low + + * New upstream version. + * Add Vcs-* control fields. Patch by intrigeri@boum.org + (closes: #623316). + * Update mailinglist archive URLs in package description. + Patch by intrigeri@boum.org (closes: #623318). + + -- Peter Palfrader Sun, 01 May 2011 19:48:24 +0200 + +tor (0.2.2.24-alpha-1) experimental; urgency=low + + * New upstream version. + * Forward port missing changes from the 0.2.1.x tree: + - Add ${misc:Depends} for all three binary packages because debhelper + might want to add stuff [tor 0.2.1.26-1]. + - tor.postinst: Stop calling stat(1) with its full path [tor 0.2.1.26-1]. + - No longer set ulimit -c to unlimited: + Up until now the init script (or actually /etc/default/tor) raised + the ulimit for coredumps to unlimited, so that Tor would produce + coredumps on assert errors or segfaults. Coredumps however can + leak sensitive information, like cryptographic session keys and + clients' data should the core files get into the wrong hands. As + such it seems prudent to only enable coredumps if the user or + operator explicitly asks for them, and knows what to do with them. + [tor 0.2.1.26-2] + - Also include a cron.weekly job that removes old coredumps from + /var/lib/tor. This action can be disabled in /etc/default/tor. + [tor 0.2.1.26-2] + - Make sure the cronjob does not try to access a /var/lib/tor + that has already been removed (due to for instance package removal). + Thanks to Holger and piuparts for catching this. + [tor 0.2.1.26-3] + + -- Peter Palfrader Sun, 10 Apr 2011 19:08:27 +0200 + +tor (0.2.2.23-alpha-1) experimental; urgency=low + + * New upstream version. + * The tor specification files are no longer shipped in the tarball, + so /usr/share/doc/tor/spec is no more. They can be found online + at . + + -- Peter Palfrader Wed, 09 Mar 2011 14:40:16 +0100 + +tor (0.2.2.22-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Wed, 26 Jan 2011 19:20:21 +0100 + +tor (0.2.2.21-alpha-1) experimental; urgency=high + + * New upstream version, including several security related fixes. See + upstream changelog for details. Addresses CVE-2011-0427. + * Forward port patches/03_tor_manpage_in_section_8. + + -- Peter Palfrader Sun, 16 Jan 2011 18:40:27 +0100 + +tor (0.2.2.20-alpha-1) experimental; urgency=high + + * New upstream version. + - Fix a remotely exploitable bug that could be used to crash instances + of Tor remotely by overflowing on the heap. Remote-code execution + hasn't been confirmed, but can't be ruled out (CVE-2010-1676). + * Since the dawn of time (0.0.2pre19-1, January 2004, initial release + of the debian package), the postinst script has changed ownership and + permissions of various trees like /var/lib/tor, /var/run/tor, and + /var/log/tor, sometimes recursively. + . + It turns out this actually is a security issue, so try to be more + conservative when fixing up modes and only chown/chgrp + /var/{lib,log,run}/tor directly, never recursively. + * Remove /var/run/tor, recursively, on purge. We already do this + for /var/lib/tor and /var/log/tor. + + -- Peter Palfrader Sat, 18 Dec 2010 13:35:26 +0100 + +tor (0.2.2.19-alpha-1) experimental; urgency=low + + * New upstream version. + - remove debian/patches/15_tlsext_host_name (already included in new + upstream version). + + -- Peter Palfrader Mon, 29 Nov 2010 13:46:10 +0100 + +tor (0.2.2.18-alpha-2) experimental; urgency=low + + * If we overwrite src/or/micro-revision.i in during build, + clean it out in the clean target. + * Add debian/patches/15_tlsext_host_name: Work around change in libssl0.9.8 + (0.9.8g-15+lenny9 and 0.9.8o-3), taken from 0.2.1.27 (closes: #604198): + . + Do not set the tlsext_host_name extension on server SSL objects; only on + client SSL objects. We set it to immitate a browser, not a vhosting + server. This resolves an incompatibility with openssl 0.9.8p and openssl + 1.0.0b. Fixes bug 2204; bugfix on 0.2.1.1-alpha. + + -- Peter Palfrader Sun, 21 Nov 2010 23:39:32 +0100 + +tor (0.2.2.18-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Tue, 16 Nov 2010 20:01:23 +0100 + +tor (0.2.2.17-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Fri, 01 Oct 2010 12:33:28 +0200 + +tor (0.2.2.16-alpha-1) experimental; urgency=low + + * New upstream version. + * Downgrade torsocks/tsocks dependency to a recommends. That tool + is not needed if you only run a relay, or if you access Tor only + using polipo or privoxy. The torify(1) wrapper that makes use + of torsocks or tsocks already handles their absense and emmits a + proper message telling the user what they are missing (closes: #595898). + * Remove suggests of mixminion which is no longer in the archive + (closes: #594207), and also of anon-proxy which appears to not + have been updated in at least two years. + * Add xul-ext-torbutton to suggests. + + -- Peter Palfrader Sat, 18 Sep 2010 19:49:23 +0200 + +tor (0.2.2.15-alpha-1) experimental; urgency=low + + * New upstream version. + * Forward port 06_add_compile_time_defaults. + + -- Peter Palfrader Sat, 21 Aug 2010 10:39:41 +0200 + +tor (0.2.2.14-alpha-1) experimental; urgency=low + + * New upstream version. + Among many other things: + - New config option "WarnUnsafeSocks 0" disables the warning that + occurs whenever Tor receives only an IP address instead of a + hostname. Setups that do DNS locally over Tor are fine, and we + shouldn't spam the logs in that case. (Closes: #497466) + + -- Peter Palfrader Thu, 15 Jul 2010 14:41:10 +0200 + +tor (0.2.2.13-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Sat, 24 Apr 2010 12:12:11 +0200 + +tor (0.2.2.12-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Tue, 20 Apr 2010 12:23:00 +0200 + +tor (0.2.2.11-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Sat, 17 Apr 2010 21:49:19 +0200 + +tor (0.2.2.10-alpha-2) experimental; urgency=low + + * In /etc/default/tor also source /etc/default/tor.vidalia if it exists + and if vidalia is installed. We do this so that the vidalia package + can override some of our settings: People who have vidalia installed might + not want to run Tor as a system service. The vidalia .deb can ask them + that and then set run-daemon to no. + + -- Peter Palfrader Sat, 03 Apr 2010 15:24:11 +0200 + +tor (0.2.2.10-alpha-1) experimental; urgency=low + + * New upstream version. + * debian/rules: + - make manpage building properly depend on patch-stamp, + - Fix building in the absence of a debian/micro-revision.i file. + + -- Peter Palfrader Tue, 09 Mar 2010 14:06:48 +0100 + +tor (0.2.2.9-alpha-1) experimental; urgency=low + + * New upstream version. + - We no longer need to build-depend on a recent libssl-dev because + Tor now detects whether we need to explicitly turn on + autonegotiation at run-time rather than compile time. Good. + (This also means we no longer need to conflict with newer + libssls when we built against an old one on backports.) + - The manpages are now built with asciidoc. While the upstream + tarball already ships with the output of asciidoc, we instead + build the manpages during package build time so we can patch them. + + Therefore build-depend on asciidoc (>= 8.2), docbook-xml, + docbook-xsl, and xmlto. + + update 03_tor_manpage_in_section_8 to patch the .txt files now. + + Remove tor.1.in torify.1.in tor-gencert.1.in tor-resolve.1.in in + the doc directory during clean. + + And try to work around missing (and if it wasn't, broken) + build-system for the manpages. + + The torify.1 manpage gets installed by upstream, no longer need + to do it manually in debian/rules. + - The original design paper is no longer shipped with Tor. + + Remove debian/hexdump-*.pdf (which we used to work around + fig2dev bugs). + + No longer build the paper in debian/rules, and remove it from + debian/tor.docs. + + No longer build-depend on texlive-base-bin, texlive-latex-base, + texlive-fonts-recommended, transfig and ghostscript. + - Upstream tarballs no longer ship an AUTHORS file, or the website, + Removed these from debian/tor.docs. No longer shipping parts of + the website also closes: #443560. + - Also no longer distribute doc/TODO and doc/HACKING in the debian + package. + * Move from comm to section net, where it might fit slightly better + (closes: #482801). + * Ship contrib/tor-exit-notice.html in the tor package (put it into + usr/share/doc/tor; closes: #568934). + * Add stark README.polipo with the instructions from Juliusz Chroboczek. + (closes: #413730) + * 0.2.2.4-alpha failed to ship test.h so we had included it in the + debian diff. The upstream bug has long since been fixed so we should + probably stop shipping our own copy of test.h. + * Finally apply Peter Eisentraut's patch for tor's init script to support + status as an argument (closes: #526371). + + -- Peter Palfrader Sun, 28 Feb 2010 10:58:10 +0100 + +tor (0.2.2.8-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Fri, 29 Jan 2010 23:22:35 +0100 + +tor (0.2.2.7-alpha-2) experimental; urgency=low + + * debian/rules: Minor cleanup (use a single variable for making up our + configure flags, not two). + * debian/rules: Remove logic that ignores the result of unit tests if + localhost does not resolve (or not to 127.0.0.1). This should no + longer be necessary as our build chroots have gotten a lot better. + * Depend on and enable hardening-includes for building. + + -- Peter Palfrader Sun, 24 Jan 2010 13:22:26 +0100 + +tor (0.2.2.7-alpha-1) experimental; urgency=medium + + * New upstream version. + - Rotate keys (both v3 identity and relay identity) for moria1 + and gabelmoo. + [and more] + + -- Peter Palfrader Wed, 20 Jan 2010 19:29:08 +0100 + +tor (0.2.2.6-alpha-1) experimental; urgency=low + + * New upstream version. + - Drop debian/patches/0a58567c-work-with-reneg-ssl.dpatch + (part of upstream). + + -- Peter Palfrader Mon, 23 Nov 2009 18:52:04 +0100 + +tor (0.2.2.5-alpha-1) experimental; urgency=low + + * New upstream version. + * Pick 0a58567ce3418f410cf1dd0143dd3e56b4a4bd1f from master git tree: + - work with libssl that has renegotiation disabled by default. + (debian/patches/0a58567c-work-with-reneg-ssl.dpatch) + * Therefore build-depend on libssl-dev >= 0.9.8k-6. If we build against + earlier versions we will not work once libssl gets upgraded to a version + that disabled renegotiations. + * Change order of recommends from privoxy | polipo to polipo | privoxy. + * Allegedly echo -e is a bashism. Remove it from debian/rules, we don't + need it anyways (closes: #478631). + * Change the dependency on tsocks to torsocks | tsocks (see: #554717). + + -- Peter Palfrader Sun, 15 Nov 2009 11:04:02 +0100 + +tor (0.2.2.4-alpha-1) experimental; urgency=low + + * New upstream version. + * The testsuite moved from src/or/test to src/test/test, + but let's call it using "make check" now. + * Upstream failed to ship src/test/test.h. Ship it in debian/ and + manually copy it in place during configure and clean up in clean. + Let's not use the patch system as this will most likely be rectified + by next release. + + -- Peter Palfrader Sun, 11 Oct 2009 10:38:55 +0200 + +tor (0.2.2.3-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Wed, 23 Sep 2009 10:27:40 +0200 + +tor (0.2.2.2-alpha-1) experimental; urgency=low + + * New upstream version. + * The files src/common/common_sha1.i src/or/or_sha1.i get changed + during the build - they contain the checksums of the individual + files that end up in the binary. Of couse changes only end up + in the debian diff.gz after building a second time in the same + directory. So, remove those files in clean to get both a cleaner + diff.gz and idempotent builds. + * If we have a debian/micro-revision.i, replace the one in src/or + with our copy so that this will be the revision that ends up in + the binary. This is an informational only version string, but + it'd be kinda nice if it was (more) accurate nonetheless. + . + Of course this won't help if people manually patch around but + it's still preferable to claiming we are exactly upstream's source. + . + If we are building directly out of a git tree, update + debian/micro-revision.i in the clean target. + + -- Peter Palfrader Mon, 21 Sep 2009 14:51:20 +0200 + +tor (0.2.2.1-alpha-1) experimental; urgency=low + + * New upstream version. + * Forward port patches/03_tor_manpage_in_section_8.dpatch. + * Forward port patches/06_add_compile_time_defaults.dpatch. + + -- Peter Palfrader Thu, 03 Sep 2009 15:10:26 +0200 + +tor (0.2.1.19-1) unstable; urgency=low + + * New upstream version. + - Make accessing hidden services on 0.2.1.x work right (closes: #538960). + [More items are in the upstream changelog.] + + -- Peter Palfrader Wed, 29 Jul 2009 12:49:03 +0200 + +tor (0.2.1.18-1) unstable; urgency=low + + * New upstream version. + + -- Peter Palfrader Sat, 25 Jul 2009 11:15:11 +0200 + +tor (0.2.1.17-rc-1) experimental; urgency=low + + * New upstream version. + * Update upstream URL in debian/copyright. + + -- Peter Palfrader Mon, 13 Jul 2009 23:37:37 +0200 + +tor (0.2.1.16-rc-1) experimental; urgency=low + + * New upstream version. + * No longer inform the user if/when we re-create the /var/run/tor + directory in the init script. With /var/run on tmpfs this is + completely normal now so our message was just noise. + * Stop shipping /var/run/tor in the package. + * Only clean up permissions of /var/run/tor in postinst if the + directory actually exists. + * Update Standards-Version from 3.8.0 to 3.8.1. No real changes + required, we already support nocheck in DEB_BUILD_OPTIONS since + August 2004, and we already create our var/run directory in the + init script (tho we now no longer ship it either - see above). + * Change debhelper compatibility version from 4 to 5: + - Change dh_strip call from --dbg-package=tor + to --dbg-package=tor-dbg. + - Update versioned build time dependency on debhelper. + * Forward port 06_add_compile_time_defaults. + + -- Peter Palfrader Sat, 20 Jun 2009 13:16:02 +0200 + +tor (0.2.1.15-rc-1) experimental; urgency=low + + * New upstream version. + * Change build time dependency on gs to ghostscript. + + -- Peter Palfrader Sat, 30 May 2009 21:10:03 +0200 + +tor (0.2.1.14-rc-1) experimental; urgency=low + + * New upstream version. + * Change Section of tor-dbg to debug. + + -- Peter Palfrader Thu, 16 Apr 2009 19:54:19 +0200 + +tor (0.2.1.13-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Sun, 15 Mar 2009 00:58:07 +0100 + +tor (0.2.1.12-alpha-1) experimental; urgency=low + + * New upstream version, fixing several security relevant bugs: + - Avoid a potential crash on exit nodes when processing malformed + input. Remote DoS opportunity (closes: #514579). + - Fix a temporary DoS vulnerability that could be performed by + a directory mirror (closes: #514580). + * patches/06_add_compile_time_defaults: Only set the User option in + the config if we run as root. Do not set it when run as debian-tor + as Tor then always insists on changing users which will fail. (If + we run as any other user we don't set our debian defaults anyway.) + + -- Peter Palfrader Tue, 10 Feb 2009 00:19:53 +0100 + +tor (0.2.1.11-alpha-1) experimental; urgency=high + + * New upstream version: + - Fixes a possible remote heap buffer overflow bug. + - torify(1) manpage mentions DNS leaks now (closes: #495829). + * README.Debian: No longer claim we change the default 'Group' setting + when run as debian-user. That setting no longer exists. + * Forward port 03_tor_manpage_in_section_8.dpatch. + + -- Peter Palfrader Wed, 21 Jan 2009 01:00:15 +0100 + +tor (0.2.1.10-alpha-1) experimental; urgency=low + + * New alpha release. + * Forward port 03_tor_manpage_in_section_8.dpatch. + + -- Peter Palfrader Sun, 11 Jan 2009 12:06:28 +0100 + +tor (0.2.1.9-alpha-1) experimental; urgency=low + + * New alpha release. + + -- Peter Palfrader Fri, 26 Dec 2008 20:51:53 +0100 + +tor (0.2.1.8-alpha-1) experimental; urgency=low + + * New alpha release. + + -- Peter Palfrader Mon, 15 Dec 2008 23:00:32 +0100 + +tor (0.2.1.7-alpha-2) experimental; urgency=low + + * No longer set now obsolete Group setting in built-in debian config. + + -- Peter Palfrader Mon, 10 Nov 2008 16:28:31 +0100 + +tor (0.2.1.7-alpha-1) experimental; urgency=low + + * New alpha release. + + -- Peter Palfrader Mon, 10 Nov 2008 09:39:30 +0100 + +tor (0.2.1.6-alpha-1) experimental; urgency=low + + * New alpha release. + * Forward port 14_fix_geoip_warning.dpatch. + + -- Peter Palfrader Tue, 30 Sep 2008 14:37:26 +0200 + +tor (0.2.1.5-alpha-1) experimental; urgency=low + + * New alpha release. + + -- Peter Palfrader Tue, 02 Sep 2008 00:18:55 +0200 + +tor (0.2.1.4-alpha-1) experimental; urgency=low + + * New alpha release. + * Do not build with openbsd's malloc unless enable-openbsd-malloc is in + DEB_BUILD_OPTIONS. + + -- Peter Palfrader Tue, 05 Aug 2008 12:33:23 +0200 + +tor (0.2.1.2-alpha-1) experimental; urgency=low + + * New alpha release. + + -- Peter Palfrader Wed, 16 Jul 2008 13:05:45 +0200 + +tor (0.2.0.30-1) unstable; urgency=low + + * New upstream version. + + -- Peter Palfrader Wed, 16 Jul 2008 02:19:08 +0200 + +tor (0.2.0.29-rc-2) unstable; urgency=low + + * Upload to unstable. + + -- Peter Palfrader Tue, 15 Jul 2008 22:16:08 +0200 + +tor (0.2.0.29-rc-1) experimental; urgency=low + + * New upstream version. + * Warn the admin if the number of file descriptors on his system is + tiny. + + -- Peter Palfrader Wed, 09 Jul 2008 14:02:06 +0200 + +tor (0.2.0.28-rc-1) experimental; urgency=low + + * New upstream version. + * Remove debian/patches/11_tor_as_root_more_helpful.dpatch as + it is no longer needed: We now setuid() to the Tor user + when run as root and it all just works. + * Add comments to the dpatch headers so lintian shuts up. + * Add patches/14_fix_geoip_warning: Change geoipdb open failed message. + * Require unit tests to pass again. + + -- Peter Palfrader Fri, 13 Jun 2008 10:28:36 +0200 + +tor (0.2.0.27-rc-1) experimental; urgency=low + + * New upstream version. + * Add tor-geoipdb arch: all package for the geoip database. + * Update debian/rules so that there now is a binary-common target + and the binary-indep and binary-arch targets call make with + proper DH_OPTIONS options. This is taken from the template + that dh_make nowadays uses for multi-binary packages. + * Unit tests are broken, yay. + * Use ${binary:Version} to depend on the right tor binary package from + the tor-dbg package instead of ${Source-Version}. Some guy on the + internet said the latter was deprecated. + * Add Homepage: https://www.torproject.org/ field to control file. + * And mention www.tp.o instead of the old tor.eff.org in the long + description. + * No longer ignore failure of make clean in the clean target. + * Support passing of parallel= in build options. + * Change declared Standards-Version to 3.8.0. + + -- Peter Palfrader Fri, 06 Jun 2008 01:11:33 +0200 + +tor (0.2.0.26-rc-1) experimental; urgency=critical + + * New upstream version. + * Conflict with old libssls. + * On upgrading from versions prior to, including, 0.1.2.19-2, or + from versions later than 0.2.0 and prior to 0.2.0.26-rc do the + following, and if we are a server (we have a /var/lib/tor/keys + directory) + - move /var/lib/tor/keys/secret_onion_key out of the way. + - move /var/lib/tor/keys/secret_onion_key.old out of the way. + - move /var/lib/tor/keys/secret_id_key out of the way if it was + created on or after 2006-09-17, which is the day the bad + libssl was uploaded to Debian unstable. + * Add a NEWS file explaining this change. + + -- Peter Palfrader Tue, 13 May 2008 16:11:21 +0200 + +tor (0.2.0.24-rc-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Wed, 23 Apr 2008 02:25:22 +0200 + +tor (0.2.0.23-rc-1) experimental; urgency=low + + * New upstream version. + * Mention OpenBSD_malloc_Linux.c in debian/copyright. + * Add a recommends on logrotate. + + -- Peter Palfrader Tue, 25 Mar 2008 09:34:37 +0100 + +tor (0.2.0.22-rc-1) experimental; urgency=low + + * New upstream version. + * Work around fig2dev failing to build the images on all archs + (re #457568). + * Build with --enable-openbsd-malloc, unless no-enable-openbsd-malloc is + found in DEB_BUILD_OPTIONS. Hopefully this deals with some of the + horrible memory fragmentation that glibc's malloc causes. + + -- Peter Palfrader Wed, 19 Mar 2008 08:03:47 +0100 + +tor (0.2.0.21-rc-1) experimental; urgency=low + + * New upstream version. + * Run --verify-config before start/reload/restart as root. No longer + su - to debian-tor tor run it. Given that we now even start Tor as + root (it setuids later on) this should be fine (closes: #468566). + + -- Peter Palfrader Mon, 3 Mar 2008 13:36:59 +0100 + +tor (0.2.0.20-rc-1) experimental; urgency=low + + * New upstream version. + * Change the default for MAX_FILEDESCRIPTORS in our init script to depend + on the number of system-wide available file descriptors: + /proc/sys/fs/file-max is bigger than 80k, set ulimit -n to 32k, if it's + greater than 40k set the limit to 16k, and when greater than 10k our limit + shall be 8k descriptors. If there are less than 20k FDs in the entire + system default to a limit of only 1024. + + Big servers at the moment regularly use more than 10k FDs, so our old + default of 8k no longer is sufficient. On the other hand we don't want + lower end systems to run out of FDs on Tor's account. + * If we run as root also apply debian defaults. + * Add User=debian-tor and Group=debian-tor to debian defaults. That allows + us to start Tor as root and have it setuid/setgid to the target user. + * Change the init script to start Tor as root. Now we should be able to + bind to low port. + + -- Peter Palfrader Mon, 25 Feb 2008 13:54:58 +0100 + +tor (0.2.0.19-alpha-1) experimental; urgency=low + + * New upstream version. + * It's 2008. Now is the time to add copyright statements for 2007. + * Forward port 03_tor_manpage_in_section_8.dpatch. + + -- Peter Palfrader Sun, 10 Feb 2008 01:12:04 +0100 + +tor (0.2.0.18-alpha-2) experimental; urgency=low + + * Work around fig2dev failing to build the images on mipsel like we do on + sparc and s390 (re #457568) + * Fix postinst find command that chowns stuff to the right user. Find + does weird things in the presence of !. + + -- Peter Palfrader Sun, 3 Feb 2008 18:17:16 +0100 + +tor (0.2.0.18-alpha-1) experimental; urgency=low + + * New upstream version. + * postinst: Remove the check that requires the debian-tor user + to have a uid between 100 and 999. There is no good reason + to require this. If the local admin moves the system users/uid-space + to some other range then they probably have a good reason for that. + * postinst: change wording if debian-tor's homedir is wrong, do not + print anything if it is ok. + * postinst: We were only fixing the permissions of /var/{lib,run,log}/tor + when we were not upgrading. Unfortunately the check doesn't work all + that well usually in cases where the package was removed (not purged) + and then later re-installed again. Now we ensure proper ownership + and modes for all the directories and files below /var/{lib,run,log}/tor + (the dirs themselves included) every time we run postinst. + * postinst: if we reboot between unpacking and configuring on some smart + systems this will mean that we just lost /var/run/tor - creating it + in the maintainer script if it doesn't exist. + * Create logfiles in logrotate so that they come into the world with the + correct mode (o-r). + + -- Peter Palfrader Thu, 24 Jan 2008 15:15:32 +0100 + +tor (0.2.0.17-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Thu, 17 Jan 2008 21:42:25 +0100 + +tor (0.2.0.15-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Tue, 25 Dec 2007 08:53:25 +0100 + +tor (0.2.0.14-alpha-1) experimental; urgency=low + + * New upstream version. + * Remove 13_r12907-fix-unit-tests.dpatch (Fix unit tests from HEAD) again - + it's included upstream. + * Work around fig2dev failing to build the images on sparc like we do on + s390. + + -- Peter Palfrader Sun, 23 Dec 2007 13:45:41 +0100 + +tor (0.2.0.13-alpha-1) experimental; urgency=low + + * New upstream version. + * Fix unit tests from HEAD (13_r12907-fix-unit-tests.dpatch). + + -- Peter Palfrader Fri, 21 Dec 2007 11:52:43 +0100 + +tor (0.2.0.12-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Sun, 18 Nov 2007 11:49:06 +0100 + +tor (0.2.0.11-alpha-1) experimental; urgency=low + + * New upstream version. + * remove 12_r12235_do_not_crash_when_myfamily_is_set again, it's + now part of upstream. + + -- Peter Palfrader Thu, 15 Nov 2007 11:07:06 +0100 + +tor (0.2.0.9-alpha-2) experimental; urgency=low + + * Do not separate required lsb facilities with commas in the + init script (closes: #448001). + * Add 12_r12235_do_not_crash_when_myfamily_is_set.dpatch, + from trunk/head. + + -- Peter Palfrader Sun, 28 Oct 2007 00:03:21 +0200 + +tor (0.2.0.9-alpha-1) experimental; urgency=low + + * New upstream version. + * Only create pid dir if we are about to start Tor (Luca Capello, + closes: #447508). + + -- Peter Palfrader Fri, 26 Oct 2007 14:29:56 +0200 + +tor (0.2.0.8-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Sat, 13 Oct 2007 16:27:04 +0200 + +tor (0.2.0.7-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Mon, 24 Sep 2007 23:50:14 +0200 + +tor (0.2.0.6-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Mon, 27 Aug 2007 15:41:31 +0200 + +tor (0.2.0.5-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Sun, 19 Aug 2007 15:10:49 +0200 + +tor (0.2.0.4-alpha-1) experimental; urgency=high + + * New upstream version. + + -- Peter Palfrader Thu, 2 Aug 2007 07:09:36 +0200 + +tor (0.2.0.3-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Tue, 31 Jul 2007 07:03:00 +0200 + +tor (0.2.0.2-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Sun, 3 Jun 2007 02:31:29 +0200 + +tor (0.2.0.1-alpha-1) experimental; urgency=low + + * New upstream version. + * Forward port 06_add_compile_time_defaults. + * teTeX is no more, long live TeX Live: + - remove build depends on tetex-bin, tetex-extra, + - add build depends on texlive-base-bin for dvips and bibtex, + texlive-latex-base for latex, and texlive-fonts-recommended for fonts + like ptmr7t. + + -- Peter Palfrader Sat, 2 Jun 2007 14:31:15 +0200 + +tor (0.1.2.19-1) unstable; urgency=low + + * New upstream version. + + -- Peter Palfrader Thu, 17 Jan 2008 20:57:42 +0100 + +tor (0.1.2.18-1) unstable; urgency=low + + * New upstream version. + + -- Peter Palfrader Mon, 29 Oct 2007 20:36:38 +0100 + +tor (0.1.2.17-1) unstable; urgency=low + + * New upstream version. + + -- Peter Palfrader Fri, 31 Aug 2007 03:14:33 +0200 + +tor (0.1.2.16-1) unstable; urgency=high + + * New upstream version. + + -- Peter Palfrader Thu, 2 Aug 2007 06:43:09 +0200 + +tor (0.1.2.15-1) unstable; urgency=low + + * New upstream version. + * Change build-depends from tetex to texlive suite. + + -- Peter Palfrader Thu, 19 Jul 2007 22:33:43 +0200 + +tor (0.1.2.14-1) unstable; urgency=low + + * New upstream version. + + -- Peter Palfrader Fri, 25 May 2007 21:49:20 +0200 + +tor (0.1.2.13-3) unstable; urgency=low + + * Always give a shell (/bin/sh) when we use su(1) in our init script + (closes: #421465). + + -- Peter Palfrader Sun, 6 May 2007 14:44:11 +0200 + +tor (0.1.2.13-2) unstable; urgency=low + + * In options_init_from_torrc()'s error path only config_free() options + if they already have been initialized (closes: #421235). + + -- Peter Palfrader Fri, 27 Apr 2007 13:06:37 +0200 + +tor (0.1.2.13-1) unstable; urgency=low + + * New upstream version. + + -- Peter Palfrader Tue, 24 Apr 2007 21:21:10 +0200 + +tor (0.1.2.12-rc-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Sat, 17 Mar 2007 11:35:31 +0100 + +tor (0.1.2.10-rc-1) experimental; urgency=low + + * New upstream version. + * Change recommends on privoxy to privoxy | polipo (>= 1) (closes: #413728). + + -- Peter Palfrader Fri, 9 Mar 2007 10:57:40 +0100 + +tor (0.1.2.8-beta-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Mon, 26 Feb 2007 11:50:49 +0100 + +tor (0.1.2.7-alpha-1) experimental; urgency=low + + * New upstream version. + * Install all the spec files into usr/share/doc/tor/spec now. + They moved to doc/spec/* from just doc/* in the source too. + + -- Peter Palfrader Tue, 13 Feb 2007 18:51:14 +0100 + +tor (0.1.2.6-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Tue, 9 Jan 2007 17:39:15 +0100 + +tor (0.1.2.5-alpha-1) experimental; urgency=low + + * New upstream version. + * Disable 02_add_debian_files_in_manpage.dpatch for now. + + -- Peter Palfrader Sun, 7 Jan 2007 13:57:37 +0100 + +tor (0.1.2.4-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Mon, 4 Dec 2006 00:13:37 +0100 + +tor (0.1.2.3-alpha-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Mon, 30 Oct 2006 11:06:52 +0100 + +tor (0.1.2.2-alpha-1) experimental; urgency=low + + [ Peter Palfrader ] + * New upstream version. + + [ Roger Dingledine ] + * Minor update of debian/copyright. + + -- Peter Palfrader Tue, 10 Oct 2006 03:26:00 +0200 + +tor (0.1.2.1-alpha-1) experimental; urgency=low + + * Forward port 07_log_to_file_by_default.dpatch. + * Previously our defaults for DataDirectory, PidFile, RunAsDaemon, and + Log differed from upstreams. Now Tor behaves just like before (with + our own DataDirectory and all) only when run as the debian-tor user. + If invoked as any other user, Tor will behave just like the pristine + upstream version. + * Tell users about the init script when they try to run Tor as root. + Should we also do this when they try to run their Tor as any other + (non root, non debian-tor) user? - add 11_tor_as_root_more_helpful + * Use tor --verify-config before start and reload. Abort init script + with exit 1 if config does not verify. + * Change Standards-Version to 3.7.2. No changes required. + + -- Peter Palfrader Tue, 29 Aug 2006 22:38:29 +0200 + +tor (0.1.1.26-1) unstable; urgency=high + + * New upstream version (Stop sending the HttpProxyAuthenticator string to + directory servers when directory connections are tunnelled through Tor). + + -- Peter Palfrader Fri, 15 Dec 2006 20:24:07 +0100 + +tor (0.1.1.25-1) unstable; urgency=low + + * New upstream version. + + -- Peter Palfrader Sat, 4 Nov 2006 17:16:08 +0100 + +tor (0.1.1.24-1) unstable; urgency=low + + * New upstream version. + * Update debian/copyright: + - tree.h has vanished somewhere along the current branch + - ht.h is new and credits Christopher Clark + - We didn't mention Matej Pfajfar's copyright before. + * Forward port 07_log_to_file_by_default. + + -- Peter Palfrader Fri, 6 Oct 2006 23:32:45 +0200 + +tor (0.1.1.23-1) unstable; urgency=medium + + * New upstream version. + + -- Peter Palfrader Thu, 3 Aug 2006 03:13:24 +0200 + +tor (0.1.1.22-1) unstable; urgency=low + + * New upstream version. + + -- Peter Palfrader Thu, 6 Jul 2006 02:55:37 +0200 + +tor (0.1.1.21-1) unstable; urgency=low + + * New upstream version. + + -- Peter Palfrader Sun, 11 Jun 2006 18:27:13 +0200 + +tor (0.1.1.20-1) unstable; urgency=low + + * New upstream stable release: The 0.1.1.x tree is now the new stable + tree. Upload to unstable rather than experimental. + + -- Peter Palfrader Tue, 23 May 2006 20:16:25 +0200 + +tor (0.1.1.19-rc-1) experimental; urgency=low + + * New upstream version. + * Remove support for my nodoc DEB_BUILD_OPTIONS variable. It clutters + stuff and I haven't used it in ages. + * Update debian/tor.docs file. + + -- Peter Palfrader Fri, 5 May 2006 16:27:48 +0200 + +tor (0.1.1.18-rc-1) experimental; urgency=low + + * New upstream version. + * update debian/tor.doc: + - no longer ship INSTALL and README files, they are useless now. + - doc/stylesheet.css, doc/tor-doc-server.html, doc/tor-doc-unix.html, + doc/tor-hidden-service.html, doc/tor-switchproxy.html got replaced + by doc/website/stylesheet.css and doc/website/tor-* which is more + or less the same, only taken from the website. Some links are + probably broken still, but this should get fixed eventually. + + -- Peter Palfrader Mon, 10 Apr 2006 12:00:50 +0200 + +tor (0.1.1.17-rc-1) experimental; urgency=low + + * New upstream version. + * Forward port patches/07_log_to_file_by_default. + + -- Peter Palfrader Tue, 28 Mar 2006 09:48:04 +0200 + +tor (0.1.1.16-rc-1) experimental; urgency=low + + * New upstream version. + + -- Peter Palfrader Mon, 20 Mar 2006 02:03:29 +0100 + +tor (0.1.1.15-rc-1) experimental; urgency=low + + * New upstream version. + * Apparently passing --host to configure when not cross-compiling + is evil now and greatly confuses configure. So don't do it unless it + actually differs from --build host. + + -- Peter Palfrader Sat, 11 Mar 2006 20:04:36 +0100 + +tor (0.1.1.14-alpha-1) experimental; urgency=low + + * New upstream version. + * Include 0.1.0.17 changelog in experimental tree. + * doc/FAQ is no longer shipped, so remove it from debian/tor.docs. + + -- Peter Palfrader Tue, 21 Feb 2006 05:16:21 +0100 + +tor (0.1.1.13-alpha-1) experimental; urgency=low + + * New upstream version. + * Forward port patches/02_add_debian_files_in_manpage. + * Forward port patches/03_tor_manpage_in_section_8. + * Create /var/run/tor on init script start if it does + not exist already. + * Set default ulimit -n to 8k instead of 4k in /etc/default/tor. + * Print that we're raising the ulimit to stdout in the init script. + * Add CVE numbers to past issues in the changelog where applicable. + + -- Peter Palfrader Fri, 10 Feb 2006 14:38:11 +0100 + +tor (0.1.1.12-alpha-1) experimental; urgency=low + + * New upstream version, that was a quick one. :) + * Forward port patches/02_add_debian_files_in_manpage. + + -- Peter Palfrader Thu, 12 Jan 2006 02:53:27 +0100 + +tor (0.1.1.11-alpha-1) experimental; urgency=low + + * New upstream version. + - Implement "entry guards": automatically choose a handful of entry + nodes and stick with them for all circuits. This will increase + security dramatically against certain end-point attacks + (closes: #349283, CVE-2006-0414). + * Forward port patches/07_log_to_file_by_default. + * Forward port 0.1.0.16 changelog and change to copyright file. + + -- Peter Palfrader Wed, 11 Jan 2006 12:08:25 +0100 + +tor (0.1.1.10-alpha-1) experimental; urgency=low + + * New upstream version. + * doc/tor-doc.css and doc/tor-doc.html are no longer in the upstream + tarball, remove them from debian/tor.docs. + * add the following new files to tor.docs: doc/socks-extensions.txt, + doc/stylesheet.css, doc/tor-doc-server.html, doc/tor-doc-unix.html + + -- Peter Palfrader Sun, 11 Dec 2005 14:02:41 +0100 + +tor (0.1.1.9-alpha-1) experimental; urgency=low + + * New upstream version. + * Remove 08_add_newlines_between_serverdescriptors.dpatch. + * Update 06_add_compile_time_defaults.dpatch + * Use bin/bash for the init script instead of bin/sh. We are using + ulimit -n which is not POSIX (closes: #338797). + * Remove the EVENT_NOEPOLL block from etc/default/tor. + * Add an ARGS block to etc/default/tor as suggested in #338425. + + -- Peter Palfrader Tue, 15 Nov 2005 23:29:54 +0100 + +tor (0.1.1.8-alpha-1) experimental; urgency=low + + * New upstream version. + * Add patch from CVS to + "Insert a newline between all router descriptors when generating (old + style) signed directories, in case somebody was counting on that". + r1.247 of dirserv.c, <20051008060243.85F41140808C@moria.seul.org> + + -- Peter Palfrader Sat, 8 Oct 2005 20:24:39 +0200 + +tor (0.1.1.7-alpha-1) experimental; urgency=low + + * New upstream version. + * More merging from 0.1.0.14+XXXX: + - The tor-dbg package does not really need its own copy of copyright + and changelog in usr/share/doc/tor-dbg. + * Forward port 03_tor_manpage_in_section_8.dpatch + + -- Peter Palfrader Wed, 14 Sep 2005 17:52:35 +0200 + +tor (0.1.1.6-alpha-2) experimental; urgency=low + + * Merge 0.1.0.14+XXXX changes. + + -- Peter Palfrader Wed, 14 Sep 2005 15:05:16 +0200 + +tor (0.1.1.6-alpha-1) experimental; urgency=low + + * Experimental upstream version. + + -- Peter Palfrader Sat, 10 Sep 2005 10:17:43 +0200 + +tor (0.1.1.5-alpha-cvs-1) UNRELEASED; urgency=low + + * Even more experimental cvs snapshot. + * Testsuite is mandatory again. + * Forward port 03_tor_manpage_in_section_8.dpatch + * Forward port 06_add_compile_time_defaults.dpatch + + -- Peter Palfrader Fri, 9 Sep 2005 23:22:38 +0200 + +tor (0.1.1.5-alpha-1) UNRELEASED; urgency=low + + * Experimental upstream version. + * Allow test suite to fail, it's broken in this version. + * Update list of files from doc/ that should be installed. + * Forward port debian/ patches. + + -- Peter Palfrader Fri, 12 Aug 2005 17:02:23 +0200 + +tor (0.1.0.17-1) unstable; urgency=low + + * New upstream version. + + -- Peter Palfrader Sat, 18 Feb 2006 02:49:45 +0100 + +tor (0.1.0.16-1) unstable; urgency=low + + * New upstream version. + * Update copyright file for 2006. + + -- Peter Palfrader Tue, 3 Jan 2006 13:59:34 +0100 + +tor (0.1.0.15-1) unstable; urgency=low + + * New upstream release. + * Forward port 03_tor_manpage_in_section_8. + + -- Peter Palfrader Sat, 24 Sep 2005 15:15:34 +0200 + +tor (0.1.0.14-2) unstable; urgency=low + + * Ship debugging information in a separate package now, instead + of simply not stripping tor. This is still useful while tor is + young. Ideally it would go away some time. + * Add LSB comments to init script as suggested by Petter Reinholdtsen + on the debian-devel list: + - http://lists.debian.org/debian-devel/2005/08/msg01172.html + - http://wiki.debian.net/?LSBInitScripts + * Work around broken chroots that do not resolve localhost or resolve + it to the wrong IP. We now catch such cases in debian/rules, shout + at the buildd maintainer, and ignore the result of our test suite. + + -- Peter Palfrader Wed, 21 Sep 2005 10:23:25 +0200 + +tor (0.1.0.14-1) unstable; urgency=high + + * New upstream version - changes, among others: + - Fixes the other half of the bug with crypto handshakes (CVE-2005-2643). + * Since gs-gpl on s390 is broken (#321435) and unable to + build PDFs of our images for the design paper this version + ships them in the source and uses them on s390, should building + them from source really fail. + * Increase standards-version from 3.6.1 to 3.6.2. No changes + necessary. + + -- Peter Palfrader Mon, 8 Aug 2005 23:55:05 +0200 + +tor (0.1.0.13-1) unstable; urgency=high + + * New upstream version: + - Explicitly set no-unaligned-access for sparc in configure.in. + it turns out the new gcc's let you compile broken code, but + that doesn't make it not-broken (closes: #320140). + - Fix a critical bug in the security of our crypto handshakes. + (Therefore set urgency to high). + and more (see upstream changelog). + * Slightly improve init script to give you proper error messages when + you do not run it as root. + + -- Peter Palfrader Fri, 5 Aug 2005 01:27:49 +0200 + +tor (0.1.0.12-1) unstable; urgency=medium + + * New upstream version: + - New IP for tor26 directory server, + - fix a possible double-free in tor_gzip_uncompress, + - and more (see upstream changelog). + + -- Peter Palfrader Tue, 19 Jul 2005 17:36:24 +0200 + +tor (0.1.0.11-1) unstable; urgency=high + + * New upstream version (closes: #316753): + - Fixes a serious bug: servers now honor their exit policies - + In 0.1.0.x only clients enforced them so far. 0.0.9.x is + not affected. + * Build depend on libevent-dev >= 1.1. + * Urgency high because 0.0.9.10-1 did not make it into testing after + like 3 weeks because of an impending ftp-master move. So I might + just as well upload this one. + + -- Peter Palfrader Mon, 4 Jul 2005 17:53:48 +0200 + +tor (0.1.0.10-0.pre.1) UNRELEASED; urgency=low + + * New upstream version. + * Add a watch file. + * Forward port 03_tor_manpage_in_section_8. + * Forward port 06_add_compile_time_defaults. + * Add libevent-dev to build-depends. + * Update URL to tor in debian/control and debian/copyright. + * Add a snippet to disable epoll in etc/default/tor, commented out. + * Add a snippet to set nice level in etc/default/tor. + * Wait for 60 seconds in init stop. 35 is too little. + * Don't depend on python anymore - tor-resolve is C now. + * If "with-dmalloc" is in DEB_BUILD_OPTIONS we build against libdmalloc4. + Of course the -dev package needs to be installed. + * Update README.Debian to say that upstream now does have a default + for DataDirectory. + * Don't fail in the init script when we cannot raise the ulimit. + Instead just warn a bit (closes: #312882). + + -- Peter Palfrader Wed, 15 Jun 2005 16:38:06 +0200 + +tor (0.0.9.10-1) unstable; urgency=high + + * While we're waiting for a newer libevent to enter sid, make another + upload of the 0.0.9.x tree: + - Refuse relay cells that claim to have a length larger than the + maximum allowed. This prevents a potential attack that could read + arbitrary memory (e.g. keys) from an exit server's process + (CVE-2005-2050). + + -- Peter Palfrader Thu, 16 Jun 2005 22:56:11 +0200 + +tor (0.0.9.9-1) unstable; urgency=low + + * New upstream version. + + -- Peter Palfrader Sat, 23 Apr 2005 23:58:47 +0200 + +tor (0.0.9.8-1) unstable; urgency=low + + * New upstream version. + + -- Peter Palfrader Fri, 8 Apr 2005 09:11:34 +0200 + +tor (0.0.9.7-1) unstable; urgency=low + + * New upstream version. + + -- Peter Palfrader Fri, 1 Apr 2005 09:52:12 +0200 + +tor (0.0.9.6-1) unstable; urgency=low + + * New upstream version. + * Upstream used newer auto* tools, so hopefully the new config.sub + and config.guess files (2003-08-18) are good enough to build + tor on ppc64 (closes: #300376: FTBFS on ppc64). + + -- Peter Palfrader Fri, 25 Mar 2005 01:34:28 +0100 + +tor (0.0.9.5-1) unstable; urgency=low + + * New upstream version. + + -- Peter Palfrader Thu, 24 Feb 2005 09:45:52 +0100 + +tor (0.0.9.4-1) unstable; urgency=low + + * New upstream version. + * Set ulimit for file descriptors to 4096 in our init + script. + * Use SIGINT to shutdown tor. That way - if you are a server - + tor will stop accepting new connections immediately, and + give existing connections a grace period of 30 seconds in + which they might complete their task. If you just run a + client it should make no difference. + + -- Peter Palfrader Fri, 4 Feb 2005 00:20:25 +0100 + +tor (0.0.9.3-1) unstable; urgency=low + + * New upstream version. + * Forward port 07_log_to_file_by_default. + + -- Peter Palfrader Sun, 23 Jan 2005 16:01:58 +0100 + +tor (0.0.9.2-1) unstable; urgency=low + + * New upstream version. + * Update debian/copyright (it's 2005). + * Add sharedscripts tor logrotate.d/tor. + + -- Peter Palfrader Tue, 4 Jan 2005 11:14:03 +0100 + +tor (0.0.9.1-1) unstable; urgency=low + + * New upstream version. + + -- Peter Palfrader Thu, 16 Dec 2004 00:16:47 +0100 + +tor (0.0.8+0.0.9rc7-1) unstable; urgency=medium + + * New upstream release (candidate). + For real this time. Looks like our rc6 orig.tar.gz + was in fact the rc5 one. + * forward port patches/07_log_to_file_by_default + + -- Peter Palfrader Wed, 8 Dec 2004 15:22:44 +0100 + +tor (0.0.8+0.0.9rc6-1) unstable; urgency=medium + + * New upstream release (candidate). + - cleans up more integer underflows that don't look exploitable. + But one never knows (-> medium). + * Remove those 'date' calls in debian/rules again that were + added in rc5-1. + + -- Peter Palfrader Mon, 6 Dec 2004 11:11:23 +0100 + +tor (0.0.8+0.0.9rc5-1) unstable; urgency=medium + + * New upstream release (candidate). + - medium because it fixes an integer overflow that might + be exploitable, but doesn't seem to be currently. + * Add a few 'date' calls in debian/rules, so I can see how long + building the docs take on autobuilders. + + -- Peter Palfrader Wed, 1 Dec 2004 10:02:08 +0100 + +tor (0.0.8+0.0.9rc3-1) unstable; urgency=low + + * New upstream release (candidate). + + -- Peter Palfrader Thu, 25 Nov 2004 10:33:42 +0100 + +tor (0.0.8+0.0.9rc2-1) unstable; urgency=low + + * New upstream release (candidate). + * Nick's patch is now part of upstream, remove it from + the debian diff. + + -- Peter Palfrader Wed, 24 Nov 2004 09:03:13 +0100 + +tor (0.0.8+0.0.9rc1-1) unstable; urgency=low + + * New upstream release (candidate). + * Apply nick's patch against config.c (1.267) to handle + absense of units in BandwidthRate. + + -- Peter Palfrader Tue, 23 Nov 2004 11:57:49 +0100 + +tor (0.0.8+0.0.9pre6-1) unstable; urgency=low + + * New upstream (pre)release. + * Install control-spec.txt into usr/share/doc/tor/. + + -- Peter Palfrader Tue, 16 Nov 2004 04:49:32 +0100 + +tor (0.0.8+0.0.9pre5-2) unstable; urgency=low + + * Symlink tor(8) manpage to torrc(5). + * Make logs readable by the system administrators (group adm). + * Point to /var/log/tor (the directory) instead of a single + file (/var/log/tor/log) in the debian patch of the manpage. + * Do not patch the default torrc to include settings we really want. + Instead modify the compiled in default options. Those settings are + + - RunAsDaemon is enabled by default. + - PidFile is set to /var/run/tor/tor.pid. No default upstream. + - default logging goes to /var/log/tor/log instead of stdout. + - DataDirectory is set to /var/lib/tor by default. No default upstream. + + This is also documented in the new debian/README.Debian. + * Remove /usr/bin/tor-control.py from the binary package, it is + not really useful yet, and wasn't meant to be installed by + default. + * Change init startup script to properly deal with tor + printing stuff on startup. + + -- Peter Palfrader Fri, 12 Nov 2004 18:30:50 +0100 + +tor (0.0.8+0.0.9pre5-1) unstable; urgency=low + + * New upstream (pre)release. + * 04_fix_test can be backed out again. + * Make sure all patches apply cleanly. + * No longer use --pidfile, --logfile, and --runasdaemon + command line options. Set them in the configfile instead. + * Change the description slightly, to say "don't rely on the current Tor + network if you really need strong anonymity", instead of "Tor will not + provide anonymity currently". + + -- Peter Palfrader Wed, 10 Nov 2004 04:43:10 +0100 + +tor (0.0.8+0.0.9pre4-1) unstable; urgency=low + + * New upstream (pre)release. + * Apply patch from cvs to fix a segfault in src/or/test + (test.c, 1.131). + + -- Peter Palfrader Sun, 17 Oct 2004 19:04:31 +0200 + +tor (0.0.8+0.0.9pre3-1) unstable; urgency=high + + * New upstream (pre)release. + * Fixes at least one segfault that can be triggered remotely, + a format string vulnerability which probably is not exploitable, + and several assert bugs. + + -- Peter Palfrader Thu, 14 Oct 2004 13:36:45 +0200 + +tor (0.0.8+0.0.9pre2-1) unstable; urgency=low + + * New upstream (pre)release. + + -- Peter Palfrader Sun, 3 Oct 2004 01:29:13 +0200 + +tor (0.0.8+0.0.9pre1-1) unstable; urgency=low + + * New upstream (pre)release. + * Built depend on zlib1g-dev. + + -- Peter Palfrader Fri, 1 Oct 2004 21:28:49 +0200 + +tor (0.0.8-1) unstable; urgency=low + + * New upstream release. + + -- Peter Palfrader Fri, 27 Aug 2004 14:08:10 +0200 + +tor (0.0.7.2+0.0.8rc1-1) unstable; urgency=low + + * New upstream release candidate. + * Install design paper in usr/share/doc/tor, not usr/share/doc. Ooops. + + -- Peter Palfrader Wed, 18 Aug 2004 09:59:13 +0200 + +tor (0.0.7.2+0.0.8pre3-1) unstable; urgency=low + + * New upstream (pre)release. + * Ship AUTHORS, doc/CLIENTS, doc/FAQ, doc/HACKING, doc/TODO, + doc/tor-doc.{css,html}, doc/{rend,tor}-spec.txt with the binary package. + * Build tor-design.{pdf,ps}, wich adds new build-dependencies: + tetex-{bin,extra}, transfig, and gs. + * Support DEB_BUILD_OPTIONS option 'nodoc' to skip building tor-design. + With nodoc the build will not need tetex-{bin,extra}, transfig, and gs. + * Support DEB_BUILD_OPTIONS option 'nocheck' to skip unittests + ('notest' is an alias') + * Enable coredumps by default, this is still development code. + * Modify 02_add_debian_files_in_manpage to still apply. + + -- Peter Palfrader Sun, 8 Aug 2004 15:03:32 +0200 + +tor (0.0.7.2+0.0.8pre2-1) unstable; urgency=low + + * New upstream (pre)release. + * Depend on python as we now have a python script: tor_resolve + + -- Peter Palfrader Wed, 4 Aug 2004 20:09:26 +0200 + +tor (0.0.7.2-1) unstable; urgency=medium + + * New upstream release. + Fixes another instance of that remote crash bug. + * Mention another reason why stop/reload may fail in the init script. + + -- Peter Palfrader Thu, 8 Jul 2004 03:21:32 +0200 + +tor (0.0.7.1-1) unstable; urgency=medium + + * New upstream release. + Fixes a bug that allows a remote crash on exit nodes. + * Logrotate var/log/tor/*log instead of just var/log/tor/log, in + case the admin wants several logs. + + -- Peter Palfrader Mon, 5 Jul 2004 19:18:12 +0200 + +tor (0.0.7-1) unstable; urgency=low + + * New upstream version + closes: #249893: FTBFS on ia64 + + -- Peter Palfrader Mon, 7 Jun 2004 21:46:08 +0200 + +tor (0.0.6.2-1) unstable; urgency=medium + + * New upstream release (breaks backwards compatibility yet again). + * Recommend socat. + * Since tor is in /usr/sbin, the manpage should be in section 8, not + in section 1. Move it there, including updating the section in + the manpage itself and the reference in torify(1). + * Update debian/copyright file. + + -- Peter Palfrader Sun, 16 May 2004 10:47:20 +0200 + +tor (0.0.6.1-1) unstable; urgency=medium + + * New upstream release (breaks backwards compatibility). + + -- Peter Palfrader Fri, 7 May 2004 00:24:49 +0200 + +tor (0.0.6-1) unstable; urgency=low + + * New upstream release (breaks backwards compatibility). + + -- Peter Palfrader Sun, 2 May 2004 23:58:36 +0200 + +tor (0.0.5+0.0.6rc4-1) unstable; urgency=low + + * New upstream release candidate. + + -- Peter Palfrader Sun, 2 May 2004 14:36:59 +0200 + +tor (0.0.5+0.0.6rc3-1) unstable; urgency=low + + * New upstream release candidate. + + -- Peter Palfrader Thu, 29 Apr 2004 11:52:07 +0200 + +tor (0.0.5+0.0.6rc2-1) unstable; urgency=low + + * New upstream release candidate. + * Mention upstream website and mailinglist archives in long + description. + + -- Peter Palfrader Mon, 26 Apr 2004 12:23:20 +0200 + +tor (0.0.5-1) unstable; urgency=low + + * New upstream release. + * Upstream installs a torrc.sample file now, rather than torrc. + Keep using torrc as dpkg handles conffile upgrades. + + -- Peter Palfrader Tue, 30 Mar 2004 20:54:00 +0200 + +tor (0.0.4-1) unstable; urgency=low + + * New upstream release (how the version numbers fly by :). + + -- Peter Palfrader Fri, 26 Mar 2004 23:46:09 +0100 + +tor (0.0.3-1) unstable; urgency=low + + * New upstream release. + * Also mention that tree.h is by Niels Provos in debian/copyright. + + -- Peter Palfrader Fri, 26 Mar 2004 20:36:08 +0100 + +tor (0.0.2-1) unstable; urgency=low + + * New upstream release. + * Uses strlcpy and strlcat by Todd C. Miller, mention him in + debian/copyright. + + -- Peter Palfrader Fri, 19 Mar 2004 12:37:17 +0100 + +tor (0.0.1+0.0.2pre27-1) unstable; urgency=low + + * New upstream release. + + -- Peter Palfrader Mon, 15 Mar 2004 05:19:16 +0100 + +tor (0.0.1+0.0.2pre26-1) unstable; urgency=low + + * New upstream release. + * Mention log and pidfile location in tor.1. + + -- Peter Palfrader Mon, 15 Mar 2004 02:21:29 +0100 + +tor (0.0.1+0.0.2pre25-1) unstable; urgency=low + + * New upstream release. + + -- Peter Palfrader Thu, 4 Mar 2004 23:05:38 +0100 + +tor (0.0.1+0.0.2pre24-1) unstable; urgency=low + + * New upstream release. + * Do not strip binaries for now. + * Add "# ulimit -c unlimited" to tor.default + * Always enable DataDirectory. + * Actually use dpatch now (to modify upstream torrc.in) + * Wait for tor to die in init stop. Let the user know if it doesn't. + + -- Peter Palfrader Wed, 3 Mar 2004 14:10:25 +0100 + +tor (0.0.1+0.0.2pre23-1) unstable; urgency=low + + * New upstream release. + * The one test that always failed has been fixed: removed comment from + rules file. + + -- Peter Palfrader Sun, 29 Feb 2004 12:36:33 +0100 + +tor (0.0.1+0.0.2pre22-1) unstable; urgency=low + + * New upstream release. + * Upstream has moved tor back to usr/bin, but we will keep it in + usr/sbin. That's the right place and it doesn't break my tab + completion there. + + -- Peter Palfrader Fri, 27 Feb 2004 01:59:09 +0100 + +tor (0.0.1+0.0.2pre21-1) unstable; urgency=low + + * New upstream release. + * 0.0.2pre20-2 removed the Recommends: on privoxy rather + than tsocks (which is now required) by mistake. Fix that. + * package description: Mention that the package starts the OP by default and + that OR can be enabled in the config. + * tor moved to sbin, updating init script. + + -- Peter Palfrader Wed, 18 Feb 2004 10:08:12 +0100 + +tor (0.0.1+0.0.2pre20-2) unstable; urgency=low + + * Add torify script, documentation, and config file. Means we also + depend on tsocks now rather than just recommending it. Right now + we install it in debian/rules, but upcoming versions might install + it in upstream's make install target. + * There's an upstream ChangeLog file now. Enjoy! + * Add a README.privoxy file that explains how to setup privoxy to + go over tor. + * As is the case too often, the INSTALL file not only covers + installation, but also basic usage and configuration. Therefore + include it in the docs dir. + * Add a lintian override for the INSTALL file. + + -- Peter Palfrader Tue, 17 Feb 2004 02:32:00 +0100 + +tor (0.0.1+0.0.2pre20-1) unstable; urgency=low + + * New upstream version. + - various design paper updates + - resolve cygwin warnings + - split the token bucket into "rate" and "burst" params + - try to resolve discrepency between bytes transmitted over TLS and actual + bandwidth use + - setuid to user _before_ complaining about running as root + - fix several memleaks and double frees + - minor logging fixes + - add more debugging for logs. + - various documentation fixes and improvements + - for perforcmance testing, paths are always 3 hops, not "3 or more" + (this will go away at a later date again) + * Add dependency on adduser which was previously missing. + * Change short description to a nicer one. + + -- Peter Palfrader Sat, 31 Jan 2004 10:10:45 +0100 + +tor (0.0.1+0.0.2pre19-1) unstable; urgency=low + + * Initial Release (closes: #216611). + + -- Peter Palfrader Sat, 10 Jan 2004 11:20:06 +0100 + --- tor-0.2.2.35.orig/debian/copyright +++ tor-0.2.2.35/debian/copyright @@ -0,0 +1,124 @@ +This package was debianized by Peter Palfrader on +Sat, 10 Jan 2004 11:20:06 +0100. + +It was downloaded from https://www.torproject.org/ + +Upstream Authors: Roger Dingledine + Nick Mathewson + +Copyright (c) 2001 Matej Pfajfar +Copyright (c) 2001-2004, Roger Dingledine +Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson +Copyright (c) 2007-2008, The Tor Project, Inc. +strlcat, strlcpy: Copyright (c) 1998 Todd C. Miller +ht.h: Copyright (c) 2002, Christopher Clark, 2006 Nick Mathewson +OpenBSD_malloc_Linux.c: phk@FreeBSD.ORG +Modifications for Debian: Copyright (c) 2004, 2005, 2006, 2007, 2008 Peter Palfrader + +Tor is distributed under this license: +=============================================================================== +Copyright (c) 2001-2004, Roger Dingledine +Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson +Copyright (c) 2007-2008, The Tor Project, Inc. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + + * Neither the names of the copyright owners nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +=============================================================================== +strlcat and strlcpy by Todd C. Miller are licensed under the following license: + + * Copyright (c) 1998 Todd C. Miller + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +=============================================================================== +ht.h by Nick Mathewson is licensed as follows: +/* + * Copyright 2005, Nick Mathewson. Implementation logic is adapted from code + * by Cristopher Clark, retrofit to allow drop-in memory management, and to + * use the same interface as Niels Provos's HT_H. I'm not sure whether this + * is a derived work any more, but whether it is or not, the license below + * applies. + * + * Copyright (c) 2002, Christopher Clark + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * * Neither the name of the original author; nor the names of any contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ +=============================================================================== +OpenBSD_malloc_Linux.c: + * "THE BEER-WARE LICENSE" (Revision 42): + * wrote this file. As long as you retain this notice you + * can do whatever you want with this stuff. If we meet some day, and you think + * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp --- tor-0.2.2.35.orig/debian/tor-geoipdb.dirs +++ tor-0.2.2.35/debian/tor-geoipdb.dirs @@ -0,0 +1,2 @@ +usr/share/tor +usr/share/lintian/overrides --- tor-0.2.2.35.orig/debian/patches/03_tor_manpage_in_section_8.dpatch +++ tor-0.2.2.35/debian/patches/03_tor_manpage_in_section_8.dpatch @@ -0,0 +1,75 @@ +#! /bin/sh -e +## 03_tor_manpage_in_section_8.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Move the Tor manpage from section 1 to section 8. + +if [ $# -lt 1 ]; then + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1 +fi + +[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts +patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}" + +case "$1" in + -patch) patch -p1 ${patch_opts} < $0;; + -unpatch) patch -R -p1 ${patch_opts} < $0;; + *) + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -ur tor-0.2.2.9-alpha/doc/tor-gencert.1.txt tor-0.2.2.9-alpha.new/doc/tor-gencert.1.txt +--- tor-0.2.2.9-alpha/doc/tor-gencert.1.txt 2010-02-02 22:40:22.000000000 +0100 ++++ tor-0.2.2.9-alpha.new/doc/tor-gencert.1.txt 2010-02-27 13:47:29.655735605 +0100 +@@ -81,7 +81,7 @@ + + SEE ALSO + -------- +-**tor**(1) + ++**tor**(8) + + + See also the "dir-spec.txt" file, distributed with Tor. + +diff -ur tor-0.2.2.9-alpha/doc/tor-resolve.1.txt tor-0.2.2.9-alpha.new/doc/tor-resolve.1.txt +--- tor-0.2.2.9-alpha/doc/tor-resolve.1.txt 2010-02-02 22:40:22.000000000 +0100 ++++ tor-0.2.2.9-alpha.new/doc/tor-resolve.1.txt 2010-02-27 13:47:37.643234209 +0100 +@@ -36,10 +36,10 @@ + + SEE ALSO + -------- +-**tor**(1), **torify**(1). + ++**tor**(8), **torify**(1). + + + See doc/socks-extensions.txt in the Tor package for protocol details. + + AUTHORS + ------- +-Roger Dingledine , Nick Mathewson . ++Roger Dingledine , Nick Mathewson . +diff -ur tor-0.2.2.9-alpha/doc/tor.1.txt tor-0.2.2.9-alpha.new/doc/tor.1.txt +--- tor-0.2.2.9-alpha/doc/tor.1.txt 2010-02-22 22:22:33.000000000 +0100 ++++ tor-0.2.2.9-alpha.new/doc/tor.1.txt 2010-02-27 13:47:18.531233093 +0100 +@@ -2,7 +2,7 @@ + // See LICENSE for licensing information + // This is an asciidoc file used to generate the manpage/html reference. + // Learn asciidoc on http://www.methods.co.nz/asciidoc/userguide.html +-TOR(1) ++TOR(8) + ====== + + NAME +diff -ur tor-0.2.2.9-alpha/doc/torify.1.txt tor-0.2.2.9-alpha.new/doc/torify.1.txt +--- tor-0.2.2.9-alpha/doc/torify.1.txt 2010-02-02 22:40:22.000000000 +0100 ++++ tor-0.2.2.9-alpha.new/doc/torify.1.txt 2010-02-27 13:47:52.619234342 +0100 +@@ -46,5 +46,5 @@ + + SEE ALSO + -------- +-**tor**(1), **tor-resolve**(1), **torsocks**(1), **tsocks**(1), ++**tor**(8), **tor-resolve**(1), **torsocks**(1), **tsocks**(1), + **tsocks.conf**(5). --- tor-0.2.2.35.orig/debian/patches/07_log_to_file_by_default.dpatch +++ tor-0.2.2.35/debian/patches/07_log_to_file_by_default.dpatch @@ -0,0 +1,44 @@ +#! /bin/sh -e +## 07_log_to_file_by_default.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Change default logging target from stdout to a logfile + +if [ $# -lt 1 ]; then + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1 +fi + +[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts +patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}" + +case "$1" in + -patch) patch -p1 ${patch_opts} < $0;; + -unpatch) patch -R -p1 ${patch_opts} < $0;; + *) + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -urNad tor~/src/or/config.c tor/src/or/config.c +--- tor~/src/or/config.c 2006-07-24 05:15:02.576170550 +0200 ++++ tor/src/or/config.c 2006-07-24 05:18:45.286651501 +0200 +@@ -2118,8 +2118,13 @@ + REJECT("Failed to normalize old Log options. See logs for details."); + + /* Special case on first boot if no Log options are given. */ +- if (!options->Logs && !options->RunAsDaemon && !from_setconf) +- config_line_append(&options->Logs, "Log", "notice stdout"); ++ if (debian_running_as_debiantor()) { ++ if (!options->Logs && !from_setconf) ++ config_line_append(&options->Logs, "Log", "notice file /var/log/tor/log"); ++ } else { ++ if (!options->Logs && !options->RunAsDaemon && !from_setconf) ++ config_line_append(&options->Logs, "Log", "notice stdout"); ++ } + + if (options_init_logs(options, 1)<0) /* Validate the log(s) */ + REJECT("Failed to validate Log options. See logs for details."); --- tor-0.2.2.35.orig/debian/patches/06_add_compile_time_defaults.dpatch +++ tor-0.2.2.35/debian/patches/06_add_compile_time_defaults.dpatch @@ -0,0 +1,140 @@ +#! /bin/sh -e +## 06_add_compile_time_defaults.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Change a few compile time defaults so that Tor is better integrated on a Debian system + +if [ $# -lt 1 ]; then + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1 +fi + +[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts +patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}" + +case "$1" in + -patch) patch -p1 ${patch_opts} < $0;; + -unpatch) patch -R -p1 ${patch_opts} < $0;; + *) + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' tor~/src/or/config.c tor/src/or/config.c +--- tor~/src/or/config.c 2011-06-17 22:11:35.000000000 +0200 ++++ tor/src/or/config.c 2011-06-17 22:31:19.510811846 +0200 +@@ -12,6 +12,7 @@ + #define CONFIG_PRIVATE + + #include "or.h" ++#include + #include "circuitbuild.h" + #include "circuitlist.h" + #include "config.h" +@@ -577,6 +578,9 @@ + static void init_libevent(void); + static int opt_streq(const char *s1, const char *s2); + ++static int debian_running_as_debiantor(void); ++static int debian_config_fix_defaults(void); ++ + /** Magic value for or_options_t. */ + #define OR_OPTIONS_MAGIC 9090909 + +@@ -4086,6 +4090,9 @@ + char *command_arg = NULL; + char *errmsg=NULL; + ++ if (debian_config_fix_defaults() < 0) ++ goto err; ++ + if (argv) { /* first time we're called. save command line args */ + backup_argv = argv; + backup_argc = argc; +@@ -5332,3 +5339,83 @@ + return 0; + } + ++/* Checks whether we are running as the debian-tor user. ++ * Returns -1 on error, 2 if we are root, 1 if we are debian-tor, 0 if we are any normal user */ ++static int ++debian_running_as_debiantor(void) ++{ ++ struct passwd *pw = NULL; ++ int uid; ++ ++ uid = getuid(); ++ /* If we run as root we also apply our debian defaults. */ ++ if (uid == 0) ++ return 2; ++ ++ pw = getpwuid(uid); ++ if (!pw) { ++ log(LOG_WARN, LD_GENERAL, "Could not get passwd information for uid %d.", uid); ++ return -1; ++ } ++ assert(pw->pw_name); ++ if (strcmp(pw->pw_name, "debian-tor") == 0) ++ return 1; ++ else ++ return 0; ++} ++ ++static int ++debian_config_fix_defaults(void) ++{ ++ config_var_t *var; ++ static int fixed = 0; ++ int running_as_debian; ++ ++ if (fixed) return 0; ++ fixed = 1; ++ ++ running_as_debian = debian_running_as_debiantor(); ++ if (running_as_debian < 0) return -1; ++ if (!running_as_debian) return 0; ++ ++ var = config_find_option(&options_format, "DataDirectory"); ++ tor_assert(var); ++ var->initvalue = tor_strdup("/var/lib/tor"); ++ ++ var = config_find_option(&options_format, "PidFile"); ++ tor_assert(var); ++ var->initvalue = tor_strdup("/var/run/tor/tor.pid"); ++ ++ var = config_find_option(&options_format, "RunAsDaemon"); ++ tor_assert(var); ++ var->initvalue = tor_strdup("1"); ++ ++ if (running_as_debian == 2) { ++ var = config_find_option(&options_format, "User"); ++ tor_assert(var); ++ var->initvalue = tor_strdup("debian-tor"); ++ }; ++ ++ /* set up the control socket stuff */ ++ var = config_find_option(&options_format, "ControlSocket"); ++ tor_assert(var); ++ var->initvalue = tor_strdup("/var/run/tor/control"); ++ ++ var = config_find_option(&options_format, "ControlSocketsGroupWritable"); ++ tor_assert(var); ++ var->initvalue = tor_strdup("1"); ++ ++ var = config_find_option(&options_format, "CookieAuthentication"); ++ tor_assert(var); ++ var->initvalue = tor_strdup("1"); ++ ++ var = config_find_option(&options_format, "CookieAuthFileGroupReadable"); ++ tor_assert(var); ++ var->initvalue = tor_strdup("1"); ++ ++ var = config_find_option(&options_format, "CookieAuthFile"); ++ tor_assert(var); ++ var->initvalue = tor_strdup("/var/run/tor/control.authcookie"); ++ ++ return 0; ++} --- tor-0.2.2.35.orig/debian/patches/02_add_debian_files_in_manpage.dpatch +++ tor-0.2.2.35/debian/patches/02_add_debian_files_in_manpage.dpatch @@ -0,0 +1,45 @@ +#! /bin/sh -e +## 02_add_debian_files_in_manpage.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Change the FILES section of the manpage to properly describe the situation on Debian systems. + +if [ $# -lt 1 ]; then + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1 +fi + +[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts +patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}" + +case "$1" in + -patch) patch -p1 ${patch_opts} < $0;; + -unpatch) patch -R -p1 ${patch_opts} < $0;; + *) + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -urNad tor-0.1.1.5/doc/tor.1.in /tmp/dpep.E9VjWB/tor-0.1.1.5/doc/tor.1.in +--- tor-0.1.1.12/doc/tor.1.in ++++ /tmp/dpep.E9VjWB/tor-0.1.1.12/doc/tor.1.in +@@ -700,9 +700,15 @@ + .TP + .B @LOCALSTATEDIR@/lib/tor/ + The tor process stores keys and other data here. ++.TP ++.B /var/log/tor/ ++The tor server logs to this directory. ++.TP ++.B /var/run/tor/tor.pid ++The PID of the tor (master) process is stored in this file. + .LP + .TP +-.B \fIDataDirectory\fP/approved-routers ++.B /var/lib/tor/approved-routers + Only for naming authoritative directory servers + (see \fBNamingAuthoritativeDirectory\fP). + This file lists nickname to identity bindings. Each line lists a --- tor-0.2.2.35.orig/debian/patches/14_fix_geoip_warning.dpatch +++ tor-0.2.2.35/debian/patches/14_fix_geoip_warning.dpatch @@ -0,0 +1,38 @@ +#! /bin/sh -e +## 14_fix_geoip_warning.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Change geoipdb open failed message + +if [ $# -lt 1 ]; then + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1 +fi + +[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts +patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}" + +case "$1" in + -patch) patch -p1 ${patch_opts} < $0;; + -unpatch) patch -R -p1 ${patch_opts} < $0;; + *) + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -urNad git-stable~/src/or/geoip.c git-stable/src/or/geoip.c +--- git-stable~/src/or/geoip.c 2008-06-06 01:00:41.000000000 +0200 ++++ git-stable/src/or/geoip.c 2008-06-11 12:54:17.605150644 +0200 +@@ -182,7 +182,8 @@ + int severity = options_need_geoip_info(options, &msg) ? LOG_WARN : LOG_INFO; + clear_geoip_db(); + if (!(f = fopen(filename, "r"))) { +- log_fn(severity, LD_GENERAL, "Failed to open GEOIP file %s. %s", ++ log_fn(severity, LD_GENERAL, "Failed to open GEOIP file %s. %s" ++ " Do you have the tor-geoipdb package installed?", + filename, msg); + return -1; + } --- tor-0.2.2.35.orig/debian/patches/00list +++ tor-0.2.2.35/debian/patches/00list @@ -0,0 +1,5 @@ +# 02_add_debian_files_in_manpage.dpatch +03_tor_manpage_in_section_8.dpatch +06_add_compile_time_defaults.dpatch +07_log_to_file_by_default.dpatch +14_fix_geoip_warning