September 2019 - tor-announce - lists.torproject.org

Tor 0.4.1.6 is released
by Nick Mathewson 19 Sep '19

19 Sep '19

Hello, everyone! (If you are about to reply saying "please take me off this list", instead please follow these instructions: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/ . If you have trouble, it is probably because you subscribed using a different address than the one you are trying to unsubscribe with. You will have to enter the actual email address you used when you subscribed.) Source code for Tor 0.4.1.6 is now available; you can download the source code from the usual place on the website, at https://www.torproject.org/download/tor/ . Packages should be available within the next several weeks, with a new Tor Browser in the next week or two. Changes in version 0.4.1.6 - 2019-09-19 This release backports several bugfixes to improve stability and correctness. Anyone experiencing build problems or crashes with 0.4.1.5, or experiencing reliability issues with single onion services, should upgrade. o Major bugfixes (crash, Linux, Android, backport from 0.4.2.1-alpha): - Tolerate systems (including some Android installations) where madvise and MADV_DONTDUMP are available at build-time, but not at run time. Previously, these systems would notice a failed syscall and abort. Fixes bug 31570; bugfix on 0.4.1.1-alpha. - Tolerate systems (including some Linux installations) where madvise and/or MADV_DONTFORK are available at build-time, but not at run time. Previously, these systems would notice a failed syscall and abort. Fixes bug 31696; bugfix on 0.4.1.1-alpha. o Minor features (stem tests, backport from 0.4.2.1-alpha): - Change "make test-stem" so it only runs the stem tests that use tor. This change makes test-stem faster and more reliable. Closes ticket 31554. o Minor bugfixes (build system, backport form 0.4.2.1-alpha): - Do not include the deprecated <sys/sysctl.h> on Linux or Windows systems. Fixes bug 31673; bugfix on 0.2.5.4-alpha. o Minor bugfixes (compilation, backport from 0.4.2.1-alpha): - Add more stub functions to fix compilation on Android with link- time optimization when --disable-module-dirauth is used. Previously, these compilation settings would make the compiler look for functions that didn't exist. Fixes bug 31552; bugfix on 0.4.1.1-alpha. - Suppress spurious float-conversion warnings from GCC when calling floating-point classifier functions on FreeBSD. Fixes part of bug 31687; bugfix on 0.3.1.5-alpha. o Minor bugfixes (controller protocol): - Fix the MAPADDRESS controller command to accept one or more arguments. Previously, it required two or more arguments, and ignored the first. Fixes bug 31772; bugfix on 0.4.1.1-alpha. o Minor bugfixes (guards, backport from 0.4.2.1-alpha): - When tor is missing descriptors for some primary entry guards, make the log message less alarming. It's normal for descriptors to expire, as long as tor fetches new ones soon after. Fixes bug 31657; bugfix on 0.3.3.1-alpha. o Minor bugfixes (logging, backport from 0.4.2.1-alpha): - Change log level of message "Hash of session info was not as expected" to LOG_PROTOCOL_WARN. Fixes bug 12399; bugfix on 0.1.1.10-alpha. o Minor bugfixes (rust, backport from 0.4.2.1-alpha): - Correctly exclude a redundant rust build job in Travis. Fixes bug 31463; bugfix on 0.3.5.4-alpha. o Minor bugfixes (v2 single onion services, backport from 0.4.2.1-alpha): - Always retry v2 single onion service intro and rend circuits with a 3-hop path. Previously, v2 single onion services used a 3-hop path when rendezvous circuits were retried after a remote or delayed failure, but a 1-hop path for immediate retries. Fixes bug 23818; bugfix on 0.2.9.3-alpha. o Minor bugfixes (v3 single onion services, backport from 0.4.2.1-alpha): - Always retry v3 single onion service intro and rend circuits with a 3-hop path. Previously, v3 single onion services used a 3-hop path when rend circuits were retried after a remote or delayed failure, but a 1-hop path for immediate retries. Fixes bug 23818; bugfix on 0.3.2.1-alpha. - Make v3 single onion services fall back to a 3-hop intro, when all intro points are unreachable via a 1-hop path. Previously, v3 single onion services failed when all intro nodes were unreachable via a 1-hop path. Fixes bug 23507; bugfix on 0.3.2.1-alpha. o Documentation (backport from 0.4.2.1-alpha): - Use RFC 2397 data URL scheme to embed an image into tor-exit- notice.html so that operators no longer have to host it themselves. Closes ticket 31089.

1 0

Tor Browser 8.5.6 is released
by Nicolas Vigier 11 Sep '19

11 Sep '19

Tor Browser for Android 8.5.6 is now available from the Tor Browser Download page [1] and also from our distribution directory [2]. This version is for Android only, the latest version for Linux, macOS and Windows is still 8.5.5 [3]. 1: https://www.torproject.org/download/#android 2: https://www.torproject.org/dist/torbrowser/8.5.6/ 3: https://blog.torproject.org/new-release-tor-browser-855 This update is fixing an issue with the aarch64 version, mostly on Android 9 [4] which was causing a crash on every launch. 4: https://trac.torproject.org/projects/tor/ticket/31616 Note: Due to some issue with Google Play's new requirement for 64bit versions [5], we have not yet been able to publish the Android x86 and x86_64 versions on Google Play. We plan to fix this in the next release. In the meantime the x86 version can be downloaded from our website [6]. 5: https://developer.android.com/distribute/best-practices/develop/64-bit 6: https://www.torproject.org/download/#android The full changelog since Tor Browser 8.5.5 is: * Android * Update Torbutton to 2.1.14 * Bug 31616: Fix JIT related crashes on aarch64

1 0

Tor Browser 8.5.5 is released
by Nicolas Vigier 05 Sep '19

05 Sep '19

Tor Browser 8.5.5 is now available from the Tor Browser Download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/8.5.5/ This release features important security updates [3] to Firefox. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/ This release is updating Firefox to 60.9.0esr, Tor to 0.4.1.5 [4], and NoScript to 11.0.3. This release also includes various bug fixes. On the Windows side, we should now have support for accessibility tools [5]. On the Android side, we added support for arm64-v8a devices [6]. 4: https://blog.torproject.org/new-release-tor-0415 5: https://trac.torproject.org/projects/tor/ticket/27503 6: https://trac.torproject.org/projects/tor/ticket/28119 This is expected to be the last release in the 8.5 series: on October 22 we will switch to the 9.0 series, based on Firefox 68ESR. Note 1: Due to some issue with Google Play's new requirement for 64bit versions [7], we have not yet been able to publish the Android x86 and x86_64 versions on Google Play. We hope to be able to fix this in the next days. In the meantime the x86 version can be downloaded from our website [8]. 7: https://developer.android.com/distribute/best-practices/develop/64-bit 8: https://www.torproject.org/download/#android Note 2: There is an issue with the aarch64 version on Android 9 [9] causing a crash on every launch. We are working on a fix for this issue. 9: https://trac.torproject.org/projects/tor/ticket/31616 The full changelog since Tor Browser 8.5.4 is: * All platforms * Update Firefox to 60.9.0esr * Update Torbutton to 2.1.13 * Bug 31520: Remove monthly giving banner from Tor Browser * Bug 31140: Do not enable IonMonkey on AARCH64 * Translations update * Update NoScript to 11.0.3 * Bug 26847: NoScript pops up a full-site window for XSS warning * Bug 31287: NoScript leaks browser locale * Bug 31357: Retire Tom's default obfs4 bridge * Windows + OS X + Linux * Update Tor to 0.4.1.5 * Windows * Bug 31547: Back out patch for Mozilla's bug 1574980 * Bug 27503: Provide full support for accessibility tools * Bug 30575: Don't allow enterprise policies in Tor Browser * Bug 31141: Fix typo in font.system.whitelist * Android * Bug 28119: Tor Browser for aarch64 * Build System * All platforms * Bug 31465: Bump Go to 1.12.9

1 0