tor 0.2.9.14-1ubuntu1~16.04.1 source package in Ubuntu
Changelog
tor (0.2.9.14-1ubuntu1~16.04.1) xenial; urgency=medium
[ Peter Palfrader ]
* apparmor: use Pix instead of PUx for obfs4proxy, giving us
better confinement of the child process while actually working
with systemd's NoNewPrivileges. (closes: #867342)
* Do not rely on aa-exec and aa-enabled being in /usr/sbin in the
SysV init script. This change enables apparmor confinement
on some system-V systems again. (closes: #869153)
* Update apparmor profile: replace CAP_DAC_OVERRIDE with
CAP_DAC_READ_SEARCH to match the systemd capability bounding set
changed with 0.3.0.4-rc-1. This change will allow tor to start
again under apparmor if hidden services are configured.
Patch by intrigeri. (closes: #862993)
* Replace CAP_DAC_OVERRIDE with CAP_DAC_READ_SEARCH in systemd's service
capability bounding set. Read access is sufficient for Tor (as root on
startup) to check its onion service directories (see #847598).
* Change "AppArmorProfile=system_tor" to AppArmorProfile=-system_tor,
causing all errors while switching to the new apparmor profile to
be ignored. This is not ideal, but for now it's probably the
best solution. Thanks to intrigeri; closes: #880490.
[ Simon Deziel ]
* Backport 0.2.9.14 to 16.04 (LP: #1731698)
* debian/rules: stop overriding micro-revision.i
* debian/control: drop build-conflicts
* debian/control: Limit the seccomp build-dependency to [amd64 i386 x32 armel armhf]
* Resync with Debian Stretch
tor (0.2.9.14-1) stretch-security; urgency=medium
* New upstream version, including among others:
- Fix an issue causing DNS to fail on high-bandwidth exit nodes,
making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
identifying and finding a workaround to this bug and to Moritz,
Arthur Edelstein, and Roger for helping to track it down and
analyze it.
- Fix a denial of service bug where an attacker could use a
malformed directory object to cause a Tor instance to pause while
OpenSSL would try to read a passphrase from the terminal. (Tor
instances run without a terminal, which is the case for most Tor
packages, are not impacted.) Fixes bug 24246; bugfix on every
version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
Found by OSS-Fuzz as testcase 6360145429790720.
- Fix a denial of service issue where an attacker could crash a
directory authority using a malformed router descriptor. Fixes bug
24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
and CVE-2017-8820.
- When checking for replays in the INTRODUCE1 cell data for a
(legacy) onion service, correctly detect replays in the RSA-
encrypted part of the cell. We were previously checking for
replays on the entire cell, but those can be circumvented due to
the malleability of Tor's legacy hybrid encryption. This fix helps
prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
and CVE-2017-8819.
- Fix a use-after-free error that could crash v2 Tor onion services
when they failed to open circuits while expiring introduction
points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
also tracked as TROVE-2017-013 and CVE-2017-8823.
- When running as a relay, make sure that we never build a path
through ourselves, even in the case where we have somehow lost the
version of our descriptor appearing in the consensus. Fixes part
of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
as TROVE-2017-012 and CVE-2017-8822.
tor (0.2.9.13-1) stretch; urgency=medium
* New upstream version:
- update directory authority set
tor (0.2.9.12-1) stretch-security; urgency=medium
* New upstream version:
- CVE-2017-0380 (TROVE-2017-008): Stack disclosure in hidden services logs
when SafeLogging disabled
- other maintenance and security related fixes, see upstream changelog.
-- Simon Deziel <email address hidden> Sun, 14 Jan 2018 14:17:46 -0500
Upload details
- Uploaded by:
- Simon Déziel
- Sponsored by:
- Stéphane Graber
- Uploaded to:
- Xenial
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| tor_0.2.9.14-1ubuntu1~16.04.1.tar.gz | 5.3 MiB | b63fc07febfd9a91f18cb44a4fb3a13cc956a01fc247ebccc13ff1365c319733 |
| tor_0.2.9.14-1ubuntu1~16.04.1.dsc | 2.0 KiB | 6cd804a0a82f970238583bf96d57eec971f0626e5202590c6290f0f2e95e9758 |
Available diffs
Binary packages built by this source
- tor: anonymizing overlay network for TCP
Tor is a connection-based low-latency anonymous communication system.
.
Clients choose a source-routed path through a set of relays, and
negotiate a "virtual circuit" through the network, in which each relay
knows its predecessor and successor, but no others. Traffic flowing
down the circuit is decrypted at each relay, which reveals the
downstream relay.
.
Basically, Tor provides a distributed network of relays. Users bounce
their TCP streams (web traffic, ftp, ssh, etc) around the relays, and
recipients, observers, and even the relays themselves have difficulty
learning which users connected to which destinations.
.
This package enables only a Tor client by default, but it can also be
configured as a relay and/or a hidden service easily.
.
Client applications can use the Tor network by connecting to the local
socks proxy interface provided by your Tor instance. If the application
itself does not come with socks support, you can use a socks client
such as torsocks.
.
Note that Tor does no protocol cleaning on application traffic. There
is a danger that application protocols and associated programs can be
induced to reveal information about the user. Tor depends on Torbutton
and similar protocol cleaners to solve this problem. For best
protection when web surfing, the Tor Project recommends that you use
the Tor Browser Bundle, a standalone tarball that includes static
builds of Tor, Torbutton, and a modified Firefox that is patched to fix
a variety of privacy bugs.
- tor-dbg: debugging symbols for Tor
This package provides the debugging symbols for Tor, The Onion Router.
Those symbols allow your debugger to assign names to your backtraces, which
makes it somewhat easier to interpret core dumps.
- tor-dbgsym: debug symbols for package tor
Tor is a connection-based low-latency anonymous communication system.
.
Clients choose a source-routed path through a set of relays, and
negotiate a "virtual circuit" through the network, in which each relay
knows its predecessor and successor, but no others. Traffic flowing
down the circuit is decrypted at each relay, which reveals the
downstream relay.
.
Basically, Tor provides a distributed network of relays. Users bounce
their TCP streams (web traffic, ftp, ssh, etc) around the relays, and
recipients, observers, and even the relays themselves have difficulty
learning which users connected to which destinations.
.
This package enables only a Tor client by default, but it can also be
configured as a relay and/or a hidden service easily.
.
Client applications can use the Tor network by connecting to the local
socks proxy interface provided by your Tor instance. If the application
itself does not come with socks support, you can use a socks client
such as torsocks.
.
Note that Tor does no protocol cleaning on application traffic. There
is a danger that application protocols and associated programs can be
induced to reveal information about the user. Tor depends on Torbutton
and similar protocol cleaners to solve this problem. For best
protection when web surfing, the Tor Project recommends that you use
the Tor Browser Bundle, a standalone tarball that includes static
builds of Tor, Torbutton, and a modified Firefox that is patched to fix
a variety of privacy bugs.
- tor-geoipdb: GeoIP database for Tor
This package provides a GeoIP database for Tor, i.e. it maps IPv4 addresses
to countries.
.
Bridge relays (special Tor relays that aren't listed in the main Tor
directory) use this information to report which countries they see
connections from. These statistics enable the Tor network operators to
learn when certain countries start blocking access to bridges.
.
Clients can also use this to learn what country each relay is in, so
Tor controllers like arm or Vidalia can use it, or if they want to
configure path selection preferences.
