[Bug 1731698] Re: [SRU] Tor 0.2.9.13 and 0.3.0.12
I wasn't sure how you wanted to proceed but since you offered to wait, I'll prepare new debdiffs for Xenial and Artful based on the new Tor versions. ** Summary changed: - [SRU] Tor 0.2.9.13 and 0.3.0.12 + [SRU] Tor 0.2.9.14 and 0.3.0.13 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1731698 Title: [SRU] Tor 0.2.9.14 and 0.3.0.13 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1731698] Re: [SRU] Tor 0.2.9.13 and 0.3.0.12
Sorry about the delay. I've added the tasks for Xenial and Artful. We're going to ignore Zesty due to its EOL. @Simon are you planning on bumping those to the releases that have been released since? If so, I'll wait a bit before uploading those, if not, let me know and I'll upload those. ** Also affects: tor (Ubuntu Artful) Importance: Undecided Status: New ** Also affects: tor (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: tor (Ubuntu) Status: Confirmed => Fix Released ** Changed in: tor (Ubuntu Xenial) Status: New => Triaged ** Changed in: tor (Ubuntu Artful) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1731698 Title: [SRU] Tor 0.2.9.13 and 0.3.0.12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1731698] Re: [SRU] Tor 0.2.9.13 and 0.3.0.12
Even newer versions with security fixes have since been released: https://blog.torproject.org/new-stable-tor-releases-security- fixes-0319-03013-02914-02817-02516 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1731698 Title: [SRU] Tor 0.2.9.13 and 0.3.0.12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1731698] Re: [SRU] Tor 0.2.9.13 and 0.3.0.12
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: tor (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1731698 Title: [SRU] Tor 0.2.9.13 and 0.3.0.12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1731698] Re: [SRU] Tor 0.2.9.13 and 0.3.0.12
** Description changed: Micro versions of Tor were recently released to address some security problems (CVE-2017-0380/TROVE-2017-008) and crashes. The new releases also include directory authority changes. + + [Test Case] + + 1) Setup Tor: + $ sudo apt-get install tor + + 2) Check if the Tor network is usable: + $ torsocks wget -qO - https://ifconfig.co + 192.0.2.1 + + 3) Check that the IP returned by https://ifconfig.co is NOT the one +assigned by you ISP. + + 4) If you got a different IP it means wget used the Tor network + successfully + + 5) Repeat with the -proposed package + + + [Regression Potential] + + Unfortunately, I don't know what regression could be introduced by those + micro version upgrades (0.2.9.11->0.2.9.13 and 0.3.0.10->0.3.0.12). + Debian shipped 0.2.9.12 some time ago and I didn't find any regression + in their bug tracker. Unfortunately, Debian no longer ship the 0.3.0.x + branch as they moved to 0.3.1.x so the version in Artful saw less "in + the wild" testing. + + I also looked at the upstream bug tracker and didn't find any relevant + regression introduced by those new versions. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1731698 Title: [SRU] Tor 0.2.9.13 and 0.3.0.12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1731698] Re: [SRU] Tor 0.2.9.13 and 0.3.0.12
** Patch added: "tor-17.04-v2.debdiff" https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+attachment/5008376/+files/tor-17.04-v2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1731698 Title: [SRU] Tor 0.2.9.13 and 0.3.0.12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1731698] Re: [SRU] Tor 0.2.9.13 and 0.3.0.12
** Patch removed: "tor-16.04.debdiff" https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+attachment/5007680/+files/tor-16.04.debdiff ** Patch removed: "tor-17.04.debdiff" https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+attachment/5007681/+files/tor-17.04.debdiff ** Patch removed: "tor-17.10.debdiff" https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+attachment/5007682/+files/tor-17.10.debdiff ** Patch added: "tor-16.04-v2.debdiff" https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+attachment/5008375/+files/tor-16.04-v2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1731698 Title: [SRU] Tor 0.2.9.13 and 0.3.0.12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1731698] Re: [SRU] Tor 0.2.9.13 and 0.3.0.12
** Patch added: "tor-17.10-v2.debdiff" https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+attachment/5008377/+files/tor-17.10-v2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1731698 Title: [SRU] Tor 0.2.9.13 and 0.3.0.12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1731698] Re: [SRU] Tor 0.2.9.13 and 0.3.0.12
The -v2 debdiffs now target -updates, -security will be handled later on. ** Changed in: tor (Ubuntu) Assignee: (unassigned) => Simon Déziel (sdeziel) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1731698 Title: [SRU] Tor 0.2.9.13 and 0.3.0.12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1731698] Re: [SRU] Tor 0.2.9.13 and 0.3.0.12
Thanks for providing these debdiffs. Since they contain changes unrelated to the CVE-2017-0380 fix, please go through the SRU process as detailed here: https://wiki.ubuntu.com/StableReleaseUpdates Once the new packages have made their way to -updates, we can then rebuild them for the -security pocket if required. I am unsubscribing ubuntu-security-sponsors for now. Alternatively, you may submit debdiffs that only contain the required fix for CVE-2017-0380, and resubscribe ubuntu-security-sponsors. Thank you. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1731698 Title: [SRU] Tor 0.2.9.13 and 0.3.0.12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1731698] Re: [SRU] Tor 0.2.9.13 and 0.3.0.12
The attachment "tor-16.04.debdiff" seems to be a debdiff. The ubuntu- sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1731698 Title: [SRU] Tor 0.2.9.13 and 0.3.0.12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1731698] Re: [SRU] Tor 0.2.9.13 and 0.3.0.12
** Patch added: "tor-16.04.debdiff" https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+attachment/5007680/+files/tor-16.04.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1731698 Title: [SRU] Tor 0.2.9.13 and 0.3.0.12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1731698] Re: [SRU] Tor 0.2.9.13 and 0.3.0.12
** Patch added: "tor-17.04.debdiff" https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+attachment/5007681/+files/tor-17.04.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1731698 Title: [SRU] Tor 0.2.9.13 and 0.3.0.12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1731698] Re: [SRU] Tor 0.2.9.13 and 0.3.0.12
** Patch added: "tor-17.10.debdiff" https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+attachment/5007682/+files/tor-17.10.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1731698 Title: [SRU] Tor 0.2.9.13 and 0.3.0.12 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tor/+bug/1731698/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs