Accepted tor 0.2.2.32-1~bpo60+1 (source all amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 10 Sep 2011 12:29:26 CEST
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source all amd64
Version: 0.2.2.32-1~bpo60+1
Distribution: squeeze-backports
Urgency: high
Maintainer: Peter Palfrader <weasel@debian.org>
Changed-By: Peter Palfrader <weasel@debian.org>
Description:
tor - anonymizing overlay network for TCP
tor-dbg - debugging symbols for Tor
tor-geoipdb - geoIP database for Tor
Closes: 413730 443560 478631 482801 497466 526371 552556 568934 594207 595898 604198 623316 623318
Changes:
tor (0.2.2.32-1~bpo60+1) squeeze-backports; urgency=low
.
* Build for squeeze-backports.
.
tor (0.2.2.32-1) unstable; urgency=low
.
* New upstream version, upload to unstable.
.
tor (0.2.2.31-rc-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.2.30-rc-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.2.29-beta-1) experimental; urgency=low
.
* New upstream version.
* Enable Control Socket by default. It lives in /var/run/tor/
(closes: #552556).
* The postinst script changes /var/run/tor to mode 02750 if it exists,
but the tor init script creates it with mode 02700 if it doesn't.
Change the init script to also create the directory with a group
writeable mode, the same as the postinst maintainer script, i.e. 02750.
.
This will allow users in the debian-tor group to access the control
socket (re: #552556).
.
tor (0.2.2.28-beta-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.2.27-beta-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.2.26-beta-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.2.25-alpha-1) experimental; urgency=low
.
* New upstream version.
* Add Vcs-* control fields. Patch by intrigeri@boum.org
(closes: #623316).
* Update mailinglist archive URLs in package description.
Patch by intrigeri@boum.org (closes: #623318).
.
tor (0.2.2.24-alpha-1) experimental; urgency=low
.
* New upstream version.
* Forward port missing changes from the 0.2.1.x tree:
- Add ${misc:Depends} for all three binary packages because debhelper
might want to add stuff [tor 0.2.1.26-1].
- tor.postinst: Stop calling stat(1) with its full path [tor 0.2.1.26-1].
- No longer set ulimit -c to unlimited:
Up until now the init script (or actually /etc/default/tor) raised
the ulimit for coredumps to unlimited, so that Tor would produce
coredumps on assert errors or segfaults. Coredumps however can
leak sensitive information, like cryptographic session keys and
clients' data should the core files get into the wrong hands. As
such it seems prudent to only enable coredumps if the user or
operator explicitly asks for them, and knows what to do with them.
[tor 0.2.1.26-2]
- Also include a cron.weekly job that removes old coredumps from
/var/lib/tor. This action can be disabled in /etc/default/tor.
[tor 0.2.1.26-2]
- Make sure the cronjob does not try to access a /var/lib/tor
that has already been removed (due to for instance package removal).
Thanks to Holger and piuparts for catching this.
[tor 0.2.1.26-3]
.
tor (0.2.2.23-alpha-1) experimental; urgency=low
.
* New upstream version.
* The tor specification files are no longer shipped in the tarball,
so /usr/share/doc/tor/spec is no more. They can be found online
at <URL:https://gitweb.torproject.org/torspec.git/tree>.
.
tor (0.2.2.22-alpha-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.2.21-alpha-1) experimental; urgency=high
.
* New upstream version, including several security related fixes. See
upstream changelog for details. Addresses CVE-2011-0427.
* Forward port patches/03_tor_manpage_in_section_8.
.
tor (0.2.2.20-alpha-1) experimental; urgency=high
.
* New upstream version.
- Fix a remotely exploitable bug that could be used to crash instances
of Tor remotely by overflowing on the heap. Remote-code execution
hasn't been confirmed, but can't be ruled out (CVE-2010-1676).
* Since the dawn of time (0.0.2pre19-1, January 2004, initial release
of the debian package), the postinst script has changed ownership and
permissions of various trees like /var/lib/tor, /var/run/tor, and
/var/log/tor, sometimes recursively.
.
It turns out this actually is a security issue, so try to be more
conservative when fixing up modes and only chown/chgrp
/var/{lib,log,run}/tor directly, never recursively.
* Remove /var/run/tor, recursively, on purge. We already do this
for /var/lib/tor and /var/log/tor.
.
tor (0.2.2.19-alpha-1) experimental; urgency=low
.
* New upstream version.
- remove debian/patches/15_tlsext_host_name (already included in new
upstream version).
.
tor (0.2.2.18-alpha-2) experimental; urgency=low
.
* If we overwrite src/or/micro-revision.i in during build,
clean it out in the clean target.
* Add debian/patches/15_tlsext_host_name: Work around change in libssl0.9.8
(0.9.8g-15+lenny9 and 0.9.8o-3), taken from 0.2.1.27 (closes: #604198):
.
Do not set the tlsext_host_name extension on server SSL objects; only on
client SSL objects. We set it to immitate a browser, not a vhosting
server. This resolves an incompatibility with openssl 0.9.8p and openssl
1.0.0b. Fixes bug 2204; bugfix on 0.2.1.1-alpha.
.
tor (0.2.2.18-alpha-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.2.17-alpha-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.2.16-alpha-1) experimental; urgency=low
.
* New upstream version.
* Downgrade torsocks/tsocks dependency to a recommends. That tool
is not needed if you only run a relay, or if you access Tor only
using polipo or privoxy. The torify(1) wrapper that makes use
of torsocks or tsocks already handles their absense and emmits a
proper message telling the user what they are missing (closes: #595898).
* Remove suggests of mixminion which is no longer in the archive
(closes: #594207), and also of anon-proxy which appears to not
have been updated in at least two years.
* Add xul-ext-torbutton to suggests.
.
tor (0.2.2.15-alpha-1) experimental; urgency=low
.
* New upstream version.
* Forward port 06_add_compile_time_defaults.
.
tor (0.2.2.14-alpha-1) experimental; urgency=low
.
* New upstream version.
Among many other things:
- New config option "WarnUnsafeSocks 0" disables the warning that
occurs whenever Tor receives only an IP address instead of a
hostname. Setups that do DNS locally over Tor are fine, and we
shouldn't spam the logs in that case. (Closes: #497466)
.
tor (0.2.2.13-alpha-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.2.12-alpha-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.2.11-alpha-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.2.10-alpha-2) experimental; urgency=low
.
* In /etc/default/tor also source /etc/default/tor.vidalia if it exists
and if vidalia is installed. We do this so that the vidalia package
can override some of our settings: People who have vidalia installed might
not want to run Tor as a system service. The vidalia .deb can ask them
that and then set run-daemon to no.
.
tor (0.2.2.10-alpha-1) experimental; urgency=low
.
* New upstream version.
* debian/rules:
- make manpage building properly depend on patch-stamp,
- Fix building in the absence of a debian/micro-revision.i file.
.
tor (0.2.2.9-alpha-1) experimental; urgency=low
.
* New upstream version.
- We no longer need to build-depend on a recent libssl-dev because
Tor now detects whether we need to explicitly turn on
autonegotiation at run-time rather than compile time. Good.
(This also means we no longer need to conflict with newer
libssls when we built against an old one on backports.)
- The manpages are now built with asciidoc. While the upstream
tarball already ships with the output of asciidoc, we instead
build the manpages during package build time so we can patch them.
+ Therefore build-depend on asciidoc (>= 8.2), docbook-xml,
docbook-xsl, and xmlto.
+ update 03_tor_manpage_in_section_8 to patch the .txt files now.
+ Remove tor.1.in torify.1.in tor-gencert.1.in tor-resolve.1.in in
the doc directory during clean.
+ And try to work around missing (and if it wasn't, broken)
build-system for the manpages.
+ The torify.1 manpage gets installed by upstream, no longer need
to do it manually in debian/rules.
- The original design paper is no longer shipped with Tor.
+ Remove debian/hexdump-*.pdf (which we used to work around
fig2dev bugs).
+ No longer build the paper in debian/rules, and remove it from
debian/tor.docs.
+ No longer build-depend on texlive-base-bin, texlive-latex-base,
texlive-fonts-recommended, transfig and ghostscript.
- Upstream tarballs no longer ship an AUTHORS file, or the website,
Removed these from debian/tor.docs. No longer shipping parts of
the website also closes: #443560.
- Also no longer distribute doc/TODO and doc/HACKING in the debian
package.
* Move from comm to section net, where it might fit slightly better
(closes: #482801).
* Ship contrib/tor-exit-notice.html in the tor package (put it into
usr/share/doc/tor; closes: #568934).
* Add stark README.polipo with the instructions from Juliusz Chroboczek.
(closes: #413730)
* 0.2.2.4-alpha failed to ship test.h so we had included it in the
debian diff. The upstream bug has long since been fixed so we should
probably stop shipping our own copy of test.h.
* Finally apply Peter Eisentraut's patch for tor's init script to support
status as an argument (closes: #526371).
.
tor (0.2.2.8-alpha-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.2.7-alpha-2) experimental; urgency=low
.
* debian/rules: Minor cleanup (use a single variable for making up our
configure flags, not two).
* debian/rules: Remove logic that ignores the result of unit tests if
localhost does not resolve (or not to 127.0.0.1). This should no
longer be necessary as our build chroots have gotten a lot better.
* Depend on and enable hardening-includes for building.
.
tor (0.2.2.7-alpha-1) experimental; urgency=medium
.
* New upstream version.
- Rotate keys (both v3 identity and relay identity) for moria1
and gabelmoo.
[and more]
.
tor (0.2.2.6-alpha-1) experimental; urgency=low
.
* New upstream version.
- Drop debian/patches/0a58567c-work-with-reneg-ssl.dpatch
(part of upstream).
.
tor (0.2.2.5-alpha-1) experimental; urgency=low
.
* New upstream version.
* Pick 0a58567ce3418f410cf1dd0143dd3e56b4a4bd1f from master git tree:
- work with libssl that has renegotiation disabled by default.
(debian/patches/0a58567c-work-with-reneg-ssl.dpatch)
* Therefore build-depend on libssl-dev >= 0.9.8k-6. If we build against
earlier versions we will not work once libssl gets upgraded to a version
that disabled renegotiations.
* Change order of recommends from privoxy | polipo to polipo | privoxy.
* Allegedly echo -e is a bashism. Remove it from debian/rules, we don't
need it anyways (closes: #478631).
* Change the dependency on tsocks to torsocks | tsocks (see: #554717).
.
tor (0.2.2.4-alpha-1) experimental; urgency=low
.
* New upstream version.
* The testsuite moved from src/or/test to src/test/test,
but let's call it using "make check" now.
* Upstream failed to ship src/test/test.h. Ship it in debian/ and
manually copy it in place during configure and clean up in clean.
Let's not use the patch system as this will most likely be rectified
by next release.
.
tor (0.2.2.3-alpha-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.2.2-alpha-1) experimental; urgency=low
.
* New upstream version.
* The files src/common/common_sha1.i src/or/or_sha1.i get changed
during the build - they contain the checksums of the individual
files that end up in the binary. Of couse changes only end up
in the debian diff.gz after building a second time in the same
directory. So, remove those files in clean to get both a cleaner
diff.gz and idempotent builds.
* If we have a debian/micro-revision.i, replace the one in src/or
with our copy so that this will be the revision that ends up in
the binary. This is an informational only version string, but
it'd be kinda nice if it was (more) accurate nonetheless.
.
Of course this won't help if people manually patch around but
it's still preferable to claiming we are exactly upstream's source.
.
If we are building directly out of a git tree, update
debian/micro-revision.i in the clean target.
.
tor (0.2.2.1-alpha-1) experimental; urgency=low
.
* New upstream version.
* Forward port patches/03_tor_manpage_in_section_8.dpatch.
* Forward port patches/06_add_compile_time_defaults.dpatch.
Checksums-Sha256:
c41a020c6183efe327db6ee33b060f3257338e48d8aa089e6ff843cf8f826b90 1584 tor_0.2.2.32-1~bpo60+1.dsc
32ed6817a6194d370714738ec8c09c22858f1d24be2441cba0d142ceb329405f 31739 tor_0.2.2.32-1~bpo60+1.diff.gz
2b5af1422d1494f8723006b5be07f698425ce3c291e1a26faa69607e3b53ca60 1228422 tor-geoipdb_0.2.2.32-1~bpo60+1_all.deb
0f3ab4722ccf1a131304d688a8eb6482deab71d00bb60cd054542ea98d4ae800 1032968 tor_0.2.2.32-1~bpo60+1_amd64.deb
39b37c30efa46cfd7a19ecf35c7c92a048a31736ae99abc2c6b2625d6cdcadf6 1134042 tor-dbg_0.2.2.32-1~bpo60+1_amd64.deb
8744328c10b54950e08ee404a75a0e76865be0615cad6f7ffc8c75af7151ef4d 2701371 tor_0.2.2.32.orig.tar.gz
Checksums-Sha1:
224f21e0aea5d03e84b069c45d6697585adef072 1584 tor_0.2.2.32-1~bpo60+1.dsc
402fc3ce25ef7f3ba8c8b385d58173d0042bde8a 31739 tor_0.2.2.32-1~bpo60+1.diff.gz
723ef4761794de3474e12b3af2860372beeb4ea6 1228422 tor-geoipdb_0.2.2.32-1~bpo60+1_all.deb
5452b3d60a6e2872efe832b9b113644c92b6d3d3 1032968 tor_0.2.2.32-1~bpo60+1_amd64.deb
abe3fd8b35115ce8b75cb6510f255426b6ce5626 1134042 tor-dbg_0.2.2.32-1~bpo60+1_amd64.deb
4baddc836931b3e915974c261e405e111636b716 2701371 tor_0.2.2.32.orig.tar.gz
Files:
e6bed5ce54c8c3a3462fa59fbb43a970 1584 net optional tor_0.2.2.32-1~bpo60+1.dsc
f44b9d128033109a3096b1ae89bcaed8 31739 net optional tor_0.2.2.32-1~bpo60+1.diff.gz
7cdd63d6d19931fb994d92293a87c61e 1228422 net extra tor-geoipdb_0.2.2.32-1~bpo60+1_all.deb
b312400260ae6f6d135c0c7ed3afe9e5 1032968 net optional tor_0.2.2.32-1~bpo60+1_amd64.deb
030ba4610a6b84fbbbc67aff711e3fd5 1134042 debug extra tor-dbg_0.2.2.32-1~bpo60+1_amd64.deb
6d70db8da9513453d520168e017a272c 2701371 net optional tor_0.2.2.32.orig.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJOazx9AAoJEDTSCgbh3sV3zAEH/35LwCjAJUsf/ByNxofaPpAF
VlYmPvkhGlcFlkLnpPlcU+B0+UYMHhK7xkPBf0z0T3P/ItwCkxDK6WsDDPyyr5Ef
PG0XdmsyjQQA5czQXaiuLZlk2JbZtu9NVxmighpWK0Vft/0iUDq54vKAvlF2cYwZ
PIK6HSD5zhRSqT6sGq4UyiMgazv6ddfqSf521yuXGcyRlUKYvAkuIXzX3G8hRbb7
6NS+tZnkkGJx9BajnUM37SPPr2GzeDyeU0Y5VotbbYfOUyZcVRsAno7oIAiuL/kp
TDa4Q1Mr04a8RbK/ME1dgjw6kdvTUMkhAuxX4KPIkJAcU7exZEg4pskT/Zm9Frc=
=HWJg
-----END PGP SIGNATURE-----
Accepted:
tor-dbg_0.2.2.32-1~bpo60+1_amd64.deb
to main/t/tor/tor-dbg_0.2.2.32-1~bpo60+1_amd64.deb
tor-geoipdb_0.2.2.32-1~bpo60+1_all.deb
to main/t/tor/tor-geoipdb_0.2.2.32-1~bpo60+1_all.deb
tor_0.2.2.32-1~bpo60+1.diff.gz
to main/t/tor/tor_0.2.2.32-1~bpo60+1.diff.gz
tor_0.2.2.32-1~bpo60+1.dsc
to main/t/tor/tor_0.2.2.32-1~bpo60+1.dsc
tor_0.2.2.32-1~bpo60+1_amd64.deb
to main/t/tor/tor_0.2.2.32-1~bpo60+1_amd64.deb
tor_0.2.2.32.orig.tar.gz
to main/t/tor/tor_0.2.2.32.orig.tar.gz
Reply to: