Hello, everyone!
(If you are about to reply saying "please take me off this list",
instead please follow these instructions:
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/
. If you have trouble, it is probably because you subscribed using a
different address than the one you are trying to unsubscribe with. You
will have to enter the actual email address you used when you
subscribed.)
Source code for Tor 0.4.2.6 is now available from the usual place at
https://www.torproject.org/download/tor/ . Packages should be
available within the next several weeks, with a new Tor Browser by
mid-February.
Source code for Tor 0.4.1.8 is available from our distribution site,
at https://dist.torproject.org/ .
Change logs for these releases are below.
A reminder about supported releases: 0.2.9.x releases are no longer
supported as of Jan 1, and 0.4.0.x releases will no longer be
supported as of Feb 2. The currently supported stable series are
0.3.5.x, 0.4.1.x, and 0.4.2.x. For more information about our support
policies, see https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTor…
Changes in version 0.4.2.6 - 2020-01-30
This is the second stable release in the 0.4.2.x series. It backports
several bugfixes from 0.4.3.1-alpha, including some that had affected
the Linux seccomp2 sandbox or Windows services. If you're running with
one of those configurations, you'll probably want to upgrade;
otherwise, you should be fine with 0.4.2.5.
o Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha):
- Correct how we use libseccomp. Particularly, stop assuming that
rules are applied in a particular order or that more rules are
processed after the first match. Neither is the case! In
libseccomp <2.4.0 this lead to some rules having no effect.
libseccomp 2.4.0 changed how rules are generated, leading to a
different ordering, which in turn led to a fatal crash during
startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by
Peter Gerber.
- Fix crash when reloading logging configuration while the
experimental sandbox is enabled. Fixes bug 32841; bugfix on
0.4.1.7. Patch by Peter Gerber.
o Minor bugfixes (correctness checks, backport from 0.4.3.1-alpha):
- Use GCC/Clang's printf-checking feature to make sure that
tor_assertf() arguments are correctly typed. Fixes bug 32765;
bugfix on 0.4.1.1-alpha.
o Minor bugfixes (logging, crash, backport from 0.4.3.1-alpha):
- Avoid a possible crash when trying to log a (fatal) assertion
failure about mismatched magic numbers in configuration objects.
Fixes bug 32771; bugfix on 0.4.2.1-alpha.
o Minor bugfixes (testing, backport from 0.4.3.1-alpha):
- When TOR_DISABLE_PRACTRACKER is set, do not apply it to the
test_practracker.sh script. Doing so caused a test failure. Fixes
bug 32705; bugfix on 0.4.2.1-alpha.
- When TOR_DISABLE_PRACTRACKER is set, log a notice to stderr when
skipping practracker checks. Fixes bug 32705; bugfix
on 0.4.2.1-alpha.
o Minor bugfixes (windows service, backport from 0.4.3.1-alpha):
- Initialize the publish/subscribe system when running as a windows
service. Fixes bug 32778; bugfix on 0.4.1.1-alpha.
o Testing (backport from 0.4.3.1-alpha):
- Turn off Tor's Sandbox in Chutney jobs, and run those jobs on
Ubuntu Bionic. Turning off the Sandbox is a work-around, until we
fix the sandbox errors in 32722. Closes ticket 32240.
- Re-enable the Travis CI macOS Chutney build, but don't let it
prevent the Travis job from finishing. (The Travis macOS jobs are
slow, so we don't want to have it delay the whole CI process.)
Closes ticket 32629.
o Testing (continuous integration, backport from 0.4.3.1-alpha):
- Use zstd in our Travis Linux builds. Closes ticket 32242.
Changes in version 0.4.1.8 - 2020-01-30
This release backports several bugfixes from later release series,
including some that had affected the Linux seccomp2 sandbox or Windows
services. If you're running with one of those configurations, you'll
probably want to upgrade; otherwise, you should be fine with your
current version of 0.4.1.x.
o Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha):
- Correct how we use libseccomp. Particularly, stop assuming that
rules are applied in a particular order or that more rules are
processed after the first match. Neither is the case! In
libseccomp <2.4.0 this lead to some rules having no effect.
libseccomp 2.4.0 changed how rules are generated, leading to a
different ordering, which in turn led to a fatal crash during
startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by
Peter Gerber.
- Fix crash when reloading logging configuration while the
experimental sandbox is enabled. Fixes bug 32841; bugfix on
0.4.1.7. Patch by Peter Gerber.
o Minor bugfixes (crash, backport form 0.4.2.4-rc):
- When running Tor with an option like --verify-config or
--dump-config that does not start the event loop, avoid crashing
if we try to exit early because of an error. Fixes bug 32407;
bugfix on 0.3.3.1-alpha.
o Minor bugfixes (windows service, backport from 0.4.3.1-alpha):
- Initialize the publish/subscribe system when running as a windows
service. Fixes bug 32778; bugfix on 0.4.1.1-alpha.
o Testing (backport from 0.4.3.1-alpha):
- Turn off Tor's Sandbox in Chutney jobs, and run those jobs on
Ubuntu Bionic. Turning off the Sandbox is a work-around, until we
fix the sandbox errors in 32722. Closes ticket 32240.
- Re-enable the Travis CI macOS Chutney build, but don't let it
prevent the Travis job from finishing. (The Travis macOS jobs are
slow, so we don't want to have it delay the whole CI process.)
Closes ticket 32629.
o Testing (continuous integration, backport from 0.4.3.1-alpha):
- Use zstd in our Travis Linux builds. Closes ticket 32242.
