Debian Bug report logs - #679224
pu: package tor/0.2.2.37

version graph

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Peter Palfrader <weasel@debian.org>

Date: Wed, 27 Jun 2012 10:00:01 UTC

Severity: normal

Tags: confirmed, pending, squeeze

Fixed in version 6.0.6

Done: Adam D. Barratt <adam@adam-barratt.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#679224; Package release.debian.org. (Wed, 27 Jun 2012 10:00:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Peter Palfrader <weasel@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Wed, 27 Jun 2012 10:00:08 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Peter Palfrader <weasel@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: pu: package tor/0.2.2.37
Date: Wed, 27 Jun 2012 11:56:32 +0200
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

I would like to update the Tor in stable from 0.2.2.35 to 0.2.2.37.

This is an update on Tor's stable tree (instead of its development tree)
and the changes are thus rather conservative.

It fixes a couple of minor security issues, like no longer leaking
uninitialized memory, properly rejecting inputs where the number exceeds
valid values for its storage types, or not adding more bytes to input
buffers while renegotiating.

Furthermore, a few issues are resolved that might affect a user's
anonymity.  These include things such as only building circuits when a
client knows a sufficient number of "exit" nodes, never using a bridge
as an exit, or reusing circuits in an unsafe manner.

Additionaly it updates the list of directory authorities, makes building
with newer and older openssl libraries safer (probably not important for
us) and makes building on a few other platforms more robust.


Tor versions 0.2.2.36 and .37 have been in unstable and testing for a
few weeks now and I am reasonably confident that 0.2.2.37 is fit for
being included in the next point release of squeeze.


May I prepare and upload a 0.2.2.37-1~squeeze1 tor package?

Cheers,
weasel

https://gitweb.torproject.org/debian/tor.git/blob/refs/heads/debian-0.2.2:/ChangeLog
https://gitweb.torproject.org/debian/tor.git/blob/refs/heads/debian-0.2.2:/debian/changelog





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#679224; Package release.debian.org. (Fri, 06 Jul 2012 20:39:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Fri, 06 Jul 2012 20:39:09 GMT) Full text and rfc822 format available.

Message #10 received at 679224@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Peter Palfrader <weasel@debian.org>, 679224@bugs.debian.org
Subject: Re: Bug#679224: pu: package tor/0.2.2.37
Date: Fri, 06 Jul 2012 21:35:47 +0100
tags 679224 + squeeze confirmed
thanks

On Wed, 2012-06-27 at 11:56 +0200, Peter Palfrader wrote:
> I would like to update the Tor in stable from 0.2.2.35 to 0.2.2.37.
> 
> This is an update on Tor's stable tree (instead of its development tree)
> and the changes are thus rather conservative.
[...]
> Tor versions 0.2.2.36 and .37 have been in unstable and testing for a
> few weeks now and I am reasonably confident that 0.2.2.37 is fit for
> being included in the next point release of squeeze.
> 
> 
> May I prepare and upload a 0.2.2.37-1~squeeze1 tor package?

Please go ahead; thanks.

Regards,

Adam





Added tag(s) squeeze and confirmed. Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Fri, 06 Jul 2012 20:39:11 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#679224; Package release.debian.org. (Fri, 13 Jul 2012 01:20:33 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Fri, 13 Jul 2012 01:21:33 GMT) Full text and rfc822 format available.

Message #17 received at 679224@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: <679224@bugs.debian.org>
Cc: Peter Palfrader <weasel@debian.org>
Subject: Re: Bug#679224: pu: package tor/0.2.2.37
Date: Thu, 12 Jul 2012 23:48:55 +0100
tags 679224 + pending
thanks

On 06.07.2012 21:35, Adam D. Barratt wrote:
> tags 679224 + squeeze confirmed
> thanks
>
> On Wed, 2012-06-27 at 11:56 +0200, Peter Palfrader wrote:
>> I would like to update the Tor in stable from 0.2.2.35 to 0.2.2.37.
>>
>> This is an update on Tor's stable tree (instead of its development 
>> tree)
>> and the changes are thus rather conservative.
> [...]
>> Tor versions 0.2.2.36 and .37 have been in unstable and testing for 
>> a
>> few weeks now and I am reasonably confident that 0.2.2.37 is fit for
>> being included in the next point release of squeeze.
>>
>>
>> May I prepare and upload a 0.2.2.37-1~squeeze1 tor package?
>
> Please go ahead; thanks.

For the record, this was uploaded and I've flagged it for acceptance.

Regards,

Adam




Added tag(s) pending. Request was from "Adam D. Barratt" <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Fri, 13 Jul 2012 01:40:03 GMT) Full text and rfc822 format available.

Marked as fixed in versions 6.0.6. Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Sat, 29 Sep 2012 14:03:17 GMT) Full text and rfc822 format available.

Marked Bug as done Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Sat, 29 Sep 2012 14:03:18 GMT) Full text and rfc822 format available.

Notification sent to Peter Palfrader <weasel@debian.org>:
Bug acknowledged by developer. (Sat, 29 Sep 2012 14:03:18 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 28 Oct 2012 07:27:19 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 19:30:24 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.