Accepted tor 0.2.4.22-1~bpo70+1 (source amd64 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 11 Jun 2014 19:07:02 +0200
Source: tor
Binary: tor tor-dbg tor-geoipdb
Architecture: source amd64 all
Version: 0.2.4.22-1~bpo70+1
Distribution: wheezy-backports
Urgency: high
Maintainer: Peter Palfrader <weasel@debian.org>
Changed-By: Holger Levsen <holger@debian.org>
Description:
tor - anonymizing overlay network for TCP
tor-dbg - debugging symbols for Tor
tor-geoipdb - GeoIP database for Tor
Closes: 705785 722153 723801 732105 732572
Changes:
tor (0.2.4.22-1~bpo70+1) wheezy-backports; urgency=low
.
* Rebuild for wheezy-backports.
* Add myself to uploaders.
.
tor (0.2.4.22-1) unstable; urgency=medium
.
* New upstream version.
.
tor (0.2.4.21-1) unstable; urgency=low
.
* New upstream version.
.
tor (0.2.4.20-1) unstable; urgency=low
.
* New upstream version.
- Avoid a crash bug when starting with a corrupted microdescriptor cache
file. Fixes bug 10406; bugfix on 0.2.2.6-alpha (closes: #732105).
* init script: make /var/log/tor if it does not exist anymore
(closes: #732572).
.
tor (0.2.4.19-1) unstable; urgency=low
.
* New upstream version.
.
tor (0.2.4.18-rc-1) experimental; urgency=low
.
* New upstream version.
* Re-add a few 'exit 1' statements on errors that got lost while
updating the init script to fancy LSB style output (closes: #722153).
* Mention the DisableDebuggerAttachment setting next to the ulimit -c
line in /etc/default/tor (closes: #723801).
.
tor (0.2.4.17-rc-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.4.16-rc-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.4.15-rc-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.4.14-alpha-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.4.13-alpha-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.4.12-alpha-2) experimental; urgency=low
.
* No longer change tor manpage to be in section 8.
* No longer move tor from usr/bin to /usr/sbin after make install.
We now install tor into the same place as upstream. Having it in
the default user path makes it easier for users who want to run
tor themselves.
* Install a compatibility symlink in /usr/sbin.
* Change relation form from (< version) to (<< version) in the tor-geoip
package.
* Update debian/watch file.
* Clean up old /etc/tor/tor-tsocks.conf conffile (closes: #705785).
This requires debhelper >= 8.1.0~, adapt build-dependency accordingly.
.
tor (0.2.4.12-alpha-1) experimental; urgency=low
.
* New upstream version.
* Forward port 03_tor_manpage_in_section_8.dpatch: torify.1 no longer
references tsocks.
* No longer install contrib/tor-tsocks.conf - it was dropped upstream.
* Update year in debian/copyright.
.
tor (0.2.4.11-alpha-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.4.10-alpha-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.4.9-alpha-1) experimental; urgency=low
.
* New upstream version.
* Build-Conflict with libnacl-dev so that we don't pull it in accidentally.
For now Tor doesn't manage to use it on at least amd64 anyway, but that
may change. We should review this decision once we know how things work
and where we want to use nacl.
* Move the geoip6 file to the tor-geoip package (spotted by George
Kargiotakis)
* add appropriate Replaces and Breaks to the tor-geoip package for
tor < 0.2.4.8 since we moved a file to tor-geoip.
* If $DAEMON $VERIFY_ARGS fails, call use the same arguments for
finding the errors and not $DAEMON --verify-config.
.
tor (0.2.4.7-alpha-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.4.6-alpha-1) experimental; urgency=low
.
* New upstream version.
* Update debian/copyright file somewhat.
.
tor (0.2.4.5-alpha-1) experimental; urgency=high
.
* New upstream version:
- Fix a group of remotely triggerable assertion failures related to
incorrect link protocol negotiation. Found, diagnosed, and fixed
by "some guy from France". Fix for CVE-2012-2250; bugfix on
0.2.3.6-alpha.
- Fix a denial of service attack by which any directory authority
could crash all the others, or by which a single v2 directory
authority could crash everybody downloading v2 directory
information. Fixes bug 7191; bugfix on 0.2.0.10-alpha.
- and more.
.
tor (0.2.4.4-alpha-1) experimental; urgency=low
.
* New upstream version.
o Major bugfixes (security/privacy, also in 0.2.3.23-rc):
- Disable TLS session tickets. OpenSSL's implementation was giving
our TLS session keys the lifetime of our TLS context objects, when
perfect forward secrecy would want us to discard anything that
could decrypt a link connection as soon as the link connection
was closed. Fixes bug 7139; bugfix on all versions of Tor linked
against OpenSSL 1.0.0 or later. Found by Florent Daignière.
- Discard extraneous renegotiation attempts once the V3 link
protocol has been initiated. Failure to do so left us open to
a remotely triggerable assertion failure. Fixes CVE-2012-2249;
bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
o And more. For details please see the upstream changelog.
* Add debian/source.lintian-overrides for
rc-version-greater-than-expected-version, similar to what we have for
the binary packages.
.
tor (0.2.4.3-alpha-1) experimental; urgency=low
.
* New upstream version.
* Remove debian/patches/02_add_debian_files_in_manpage which hasn't been
enabled for over five years now.
* Update and fix a minor whitespace issue in
debian/patches/14_fix_geoip_warning.
* remove obsolete debian/TODO file.
* Use dh_lintian to install the override file for tor-geoipdb. Requires
changing debhelper build dependency to >= 6 from >= 5, and renaming
debian/tor-geoipdb.lintian-override to tor-geoipdb.lintian-overrides.
* Use dh_link to create the /usr/share/doc/tor-dbg -> tor symlink in
tor-dbg. Also call dh_link before dh_install*, so that nothing creates a
/usr/share/doc/tor-dbg directory.
* No longer call dh_link with arguments to create the
/usr/share/man/man5/torrc.5 -> ../man8/tor.8 symlink in the tor package,
instead create and populate debian/tor.links accordingly.
* Call configure with --disable-silent-rules, so we actually see what
the build did in a log.
* Try to patch upstream's documenation build system so it does what we want
rather than duplicating parts of it in debian/rules. This will fix a bug
where we would end up with empty .html documentation if building from the
source source tree more than once.
* Upstream no longer installs /usr/bin/tor-control.py, so no need to remove
it in debian/rules.
* No longer try to symlink the changelogs for tor-geoipdb from the tor
package. Frist, this has been broken as dh_installchangelogs stomps all
over our symlinks. Second, the tor and tor-geoipdb package may be of
different versions, so a symlink is probably the wrong thing in the
first place.
* Add lintian overrides for all three binary packages for
rc-version-greater-than-expected-version. Tor's version scheme is sane.
.
tor (0.2.4.2-alpha-1) experimental; urgency=low
.
* New upstream version.
.
tor (0.2.4.1-alpha-1) experimental; urgency=low
.
[ Peter Palfrader ]
* New upstream version (starts 0.2.4.x tree).
* Forward port debian/patches/03_tor_manpage_in_section_8.
.
[ Stefano Zacchiroli ]
* README.privoxy, README.polipo: explicitly set socks type to socks5.
Checksums-Sha1:
f3bf9777b6dc871b140db3ffcf920c6d614a6c2d 2110 tor_0.2.4.22-1~bpo70+1.dsc
41360ed10e0f413a870ee1fa6735503fb958347f 34192 tor_0.2.4.22-1~bpo70+1.diff.gz
1eb907fe6318e92e3b059cd7689266bc0818612a 1356916 tor_0.2.4.22-1~bpo70+1_amd64.deb
84ae01171c1d88007508139a99bed2f27596241b 2369292 tor-dbg_0.2.4.22-1~bpo70+1_amd64.deb
5ea41bcf5a24a4a3a31af6528f82ea5affd345bf 1004050 tor-geoipdb_0.2.4.22-1~bpo70+1_all.deb
Checksums-Sha256:
b431e6d10c0b9cd0908efc7315c94a7de5a2be7a1ddaae6263fd409372771761 2110 tor_0.2.4.22-1~bpo70+1.dsc
419ea78647d46aec95805877430abbe4d0fc0004a8888c5e04bfe225b84c2b02 34192 tor_0.2.4.22-1~bpo70+1.diff.gz
e1d687ffb963b1f6a920de5ada5e5531a1edb2650e773bc30c50e417d02d8af4 1356916 tor_0.2.4.22-1~bpo70+1_amd64.deb
d9a13386f2eeb664e4c430fc26067164ff77e8a86143a9267ffd5c09cda89681 2369292 tor-dbg_0.2.4.22-1~bpo70+1_amd64.deb
e5c57bed2f8e27dcf8299c10bba527f1b9b602406ae65a7c8be83c214c515e1a 1004050 tor-geoipdb_0.2.4.22-1~bpo70+1_all.deb
Files:
4e32be90e9e543cefdadf345d6b355db 2110 net optional tor_0.2.4.22-1~bpo70+1.dsc
5c5641cf296e18bdc626e0b78e97e861 34192 net optional tor_0.2.4.22-1~bpo70+1.diff.gz
55d4d8c69fd20f7c369ab6eb1cbe1139 1356916 net optional tor_0.2.4.22-1~bpo70+1_amd64.deb
8d0aa045c27ff9ff2b05be843c1487d4 2369292 debug extra tor-dbg_0.2.4.22-1~bpo70+1_amd64.deb
e1d9af577109d5e9e52e735c49f59d0a 1004050 net extra tor-geoipdb_0.2.4.22-1~bpo70+1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIVAwUBU5iV3gkauFYGmqocAQg7eg/+PqiV0scct63U3BMTFpg6ulTGvpNQ1fJ1
pf2mKRJmsI3OIin5HO4I2wt0KQigf52PYUF5Uhrirexv2hUeLo/Aqby6lzbhaTW+
53wJjvK93i7BUppE+/K16nAy0ztxzYZRhq8BrfnvunaqUTAmtCBJ+PIZBt9FpnHU
uGS61eBzZeO96HMzqPgc9hS3XN9gqpuSstou4GaDCdqx6GDetA5g3NBRYT8tml0c
ElILxXlzeTdo7gAGpLKgXDwQtRf/hENMg7LUOis03YOnLp8leG3Ph4yijNnJ84hq
um7e0Vh3Ovr9xeuRkoza+iQlU6hr0LpRSSMZXtpX7/icvMK1/ySFAOaynqvNGAkS
xxl9l4+iUMVPWvAa7lbG1ycH0ImVDr2R3TOb7DYbqerzBSUlBajXyct+MXWwfP5g
fa2bjIW85QpofUuvz6JUuBmv5ARoqQom1oe1VyaVx6dz66+db21sDGRVekHq+lUH
F/Dnxx7S10/laBRFvtroHw2mHKsFvqPntkdsH6zwNWcWK1sknRGIPFxEupDcKjSp
TqI99hIp5xk+cSH7B/NCJbuHf1aT7RUwMcz7xFXw5PxenjNM1iA8bTD2JNpatO83
5kpBdkVdAAxrvaIS/sfldzc1jN3yR9SSK383ajcOtgtDejD49yoKxRdrdEx/6XD5
ivKEBrkbXrE=
=G6dA
-----END PGP SIGNATURE-----
Reply to: