- tor-announce - lists.torproject.org

New stable Tor release: 0.4.5.6
by Nick Mathewson 15 Feb '21

15 Feb '21

Hello, everyone! (If you are about to reply saying "please take me off this list", instead please follow these instructions: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/ . If you have trouble, it is probably because you subscribed using a different address than the one you are trying to unsubscribe with. You will have to enter the actual email address you used when you subscribed.) After months of work, Tor 0.4.5.6 is now available! This is the first stable release in the 0.4.5.x series, and we hope you find it useful. You can download the source code from the download page at https://www.torproject.org/download/tor/ . Packages should be available within the next several weeks, with a new Tor Browser likely in a week or so. Changes in version 0.4.5.6 - 2021-02-15 The Tor 0.4.5.x release series is dedicated to the memory of Karsten Loesing (1979-2020), Tor developer, cypherpunk, husband, and father. Karsten is best known for creating the Tor metrics portal and leading the metrics team, but he was involved in Tor from the early days. For example, while he was still a student he invented and implemented the v2 onion service directory design, and he also served as an ambassador to the many German researchers working in the anonymity field. We loved him and respected him for his patience, his consistency, and his welcoming approach to growing our community. This release series introduces significant improvements in relay IPv6 address discovery, a new "MetricsPort" mechanism for relay operators to measure performance, LTTng support, build system improvements to help when using Tor as a static library, and significant bugfixes related to Windows relay performance. It also includes numerous smaller features and bugfixes. Below are the changes since 0.4.4.7. For a list of changes since 0.4.5.5-rc, see the ChangeLog file. o Major features (build): - When building Tor, first link all object files into a single static library. This may help with embedding Tor in other programs. Note that most Tor functions do not constitute a part of a stable or supported API: only those functions in tor_api.h should be used if embedding Tor. Closes ticket 40127. o Major features (metrics): - Introduce a new MetricsPort which exposes, through an HTTP interface, a series of metrics that tor collects at runtime. At the moment, the only supported output format is Prometheus data model. Closes ticket 40063. See the manual page for more information and security considerations. o Major features (relay, IPv6): - The torrc option Address now supports IPv6. This unifies our address discovery interface to support IPv4, IPv6, and hostnames. Closes ticket 33233. - Launch IPv4 and IPv6 ORPort self-test circuits on relays and bridges. Closes ticket 33222. - Relays now automatically bind on IPv6 for their ORPort, unless specified otherwise with the IPv4Only flag. Closes ticket 33246. - When a relay with IPv6 support is told to open a connection to another relay, and the extend cell lists both IPv4 and IPv6 addresses, the first relay now picks randomly which address to use. Closes ticket 33220. - Relays now track their IPv6 ORPort reachability separately from the reachability of their IPv4 ORPort. They will not publish a descriptor unless _both_ ports appear to be externally reachable. Closes ticket 34067. o Major features (tracing): - Add event-tracing library support for USDT and LTTng-UST, and a few tracepoints in the circuit subsystem. More will come incrementally. This feature is compiled out by default: it needs to be enabled at configure time. See documentation in doc/HACKING/Tracing.md. Closes ticket 32910. o Major bugfixes (directory cache, performance, windows): - Limit the number of items in the consensus diff cache to 64 on Windows. We hope this will mitigate an issue where Windows relay operators reported Tor using 100% CPU, while we investigate better solutions. Fixes bug 24857; bugfix on 0.3.1.1-alpha. o Major bugfixes (relay, windows): - Fix a bug in our implementation of condition variables on Windows. Previously, a relay on Windows would use 100% CPU after running for some time. Because of this change, Tor now require Windows Vista or later to build and run. Fixes bug 30187; bugfix on 0.2.6.3-alpha. (This bug became more serious in 0.3.1.1-alpha with the introduction of consensus diffs.) Patch by Daniel Pinto. o Major bugfixes (TLS, buffer): - When attempting to read N bytes on a TLS connection, really try to read all N bytes. Previously, Tor would stop reading after the first TLS record, which can be smaller than the N bytes requested, and not check for more data until the next mainloop event. Fixes bug 40006; bugfix on 0.1.0.5-rc. o Minor features (address discovery): - If no Address statements are found, relays now prioritize guessing their address by looking at the local interface instead of the local hostname. If the interface address can't be found, the local hostname is used. Closes ticket 33238. o Minor features (admin tools): - Add a new --format argument to -key-expiration option to allow specifying the time format of the expiration date. Adds Unix timestamp format support. Patch by Daniel Pinto. Closes ticket 30045. o Minor features (authority, logging): - Log more information for directory authority operators during the consensus voting process, and while processing relay descriptors. Closes ticket 40245. o Minor features (bootstrap reporting): - When reporting bootstrapping status on a relay, do not consider connections that have never been the target of an origin circuit. Previously, all connection failures were treated as potential bootstrapping failures, including connections that had been opened because of client requests. Closes ticket 25061. o Minor features (build): - When running the configure script, try to detect version mismatches between the OpenSSL headers and libraries, and suggest that the user should try "--with-openssl-dir". Closes 40138. - If the configure script has given any warnings, remind the user about them at the end of the script. Related to 40138. o Minor features (configuration): - Allow using wildcards (* and ?) with the %include option on configuration files. Closes ticket 25140. Patch by Daniel Pinto. - Allow the configuration options EntryNodes, ExcludeNodes, ExcludeExitNodes, ExitNodes, MiddleNodes, HSLayer2Nodes and HSLayer3Nodes to be specified multiple times. Closes ticket 28361. Patch by Daniel Pinto. o Minor features (control port): - Add a DROPTIMEOUTS command to drop circuit build timeout history and reset the current timeout. Closes ticket 40002. - When a stream enters the AP_CONN_STATE_CONTROLLER_WAIT status, send a control port event. Closes ticket 32190. Patch by Neel Chauhan. - Introduce GETINFO "stats/ntor/{assigned/requested}" and "stats/tap/{assigned/requested}" to get the NTor and TAP circuit onion handshake counts respectively. Closes ticket 28279. Patch by Neel Chauhan. o Minor features (control port, IPv6): - Tor relays now try to report to the controller when they are launching an IPv6 self-test. Closes ticket 34068. - Introduce "GETINFO address/v4" and "GETINFO address/v6" in the control port to fetch the Tor host's respective IPv4 or IPv6 address. We keep "GETINFO address" for backwards-compatibility. Closes ticket 40039. Patch by Neel Chauhan. o Minor features (directory authorities): - Add a new consensus method 30 that removes the unnecessary "=" padding from ntor-onion-key. Closes ticket 7869. Patch by Daniel Pinto. - Directory authorities now reject descriptors from relays running Tor versions from the obsolete 0.4.1 series. Resolves ticket 34357. Patch by Neel Chauhan. - The AssumeReachable option no longer stops directory authorities from checking whether other relays are running. A new AuthDirTestReachability option can be used to disable these checks. Closes ticket 34445. - When looking for possible Sybil attacks, also consider IPv6 addresses. Two routers are considered to have "the same" address by this metric if they are in the same /64 network. Patch from Maurice Pibouin. Closes ticket 7193. o Minor features (directory authorities, IPv6): - Make authorities add their IPv6 ORPort (if any) to the trusted servers list. Authorities previously added only their IPv4 addresses. Closes ticket 32822. o Minor features (documentation): - Mention the "!badexit" directive that can appear in an authority's approved-routers file, and update the description of the "!invalid" directive. Closes ticket 40188. o Minor features (ed25519, relay): - Save a relay's base64-encoded ed25519 identity key to the data directory in a file named fingerprint-ed25519. Closes ticket 30642. Patch by Neel Chauhan. o Minor features (heartbeat): - Include the total number of inbound and outbound IPv4 and IPv6 connections in the heartbeat message. Closes ticket 29113. o Minor features (IPv6, ExcludeNodes): - Handle IPv6 addresses in ExcludeNodes; previously they were ignored. Closes ticket 34065. Patch by Neel Chauhan. o Minor features (logging): - Add the running glibc version to the log, and the compiled glibc version to the library list returned when using --library-versions. Patch from Daniel Pinto. Closes ticket 40047. - Consider an HTTP 301 response to be an error (like a 404) when processing a directory response. Closes ticket 40053. - Log directory fetch statistics as a single line. Closes ticket 40159. - Provide more complete descriptions of our connections when logging about them. Closes ticket 40041. - When describing a relay in the logs, we now include its ed25519 identity. Closes ticket 22668. o Minor features (onion services): - Only overwrite an onion service's existing hostname file if its contents are wrong. This enables read-only onion-service directories. Resolves ticket 40062. Patch by Neel Chauhan. o Minor features (pluggable transports): - Add an OutboundBindAddressPT option to allow users to specify which IPv4 and IPv6 address pluggable transports should use for outgoing IP packets. Tor does not have a way to enforce that the pluggable transport honors this option, so each pluggable transport needs to implement support on its own. Closes ticket 5304. o Minor features (protocol, proxy support, defense in depth): - Respond more deliberately to misbehaving proxies that leave leftover data on their connections, so as to make Tor even less likely to allow the proxies to pass their data off as having come from a relay. Closes ticket 40017. o Minor features (relay address tracking): - We now store relay addresses for OR connections in a more logical way. Previously we would sometimes overwrite the actual address of a connection with a "canonical address", and then store the "real address" elsewhere to remember it. We now track the "canonical address" elsewhere for the cases where we need it, and leave the connection's address alone. Closes ticket 33898. o Minor features (relay): - If a relay is unable to discover its address, attempt to learn it from the NETINFO cell. Closes ticket 40022. - Log immediately when launching a relay self-check. Previously we would try to log before launching checks, or approximately when we intended to launch checks, but this tended to be error-prone. Closes ticket 34137. o Minor features (relay, address discovery): - If Address option is not found in torrc, attempt to learn our address with the configured ORPort address if any. Closes ticket 33236. o Minor features (relay, IPv6): - Add an AssumeReachableIPv6 option to disable self-checking IPv6 reachability. Closes part of ticket 33224. - Add new "assume-reachable" and "assume-reachable-ipv6" consensus parameters to be used in an emergency to tell relays that they should publish even if they cannot complete their ORPort self- checks. Closes ticket 34064 and part of 33224. - Allow relays to send IPv6-only extend cells. Closes ticket 33222. - Declare support for the Relay=3 subprotocol version. Closes ticket 33226. - When launching IPv6 ORPort self-test circuits, make sure that the second-last hop can initiate an IPv6 extend. Closes ticket 33222. o Minor features (safety): - Log a warning at startup if Tor is built with compile-time options that are likely to make it less stable or reliable. Closes ticket 18888. o Minor features (specification update): - Several fields in microdescriptors, router descriptors, and consensus documents that were formerly optional are now required. Implements proposal 315; closes ticket 40132. o Minor features (state management): - When loading the state file, remove entries from the statefile that have been obsolete for a long time. Ordinarily Tor preserves unrecognized entries in order to keep forward-compatibility, but these entries have not actually been used in any release since before 0.3.5.x. Closes ticket 40137. o Minor features (statistics, ipv6): - Relays now publish IPv6-specific counts of single-direction versus bidirectional relay connections. Closes ticket 33264. - Relays now publish their IPv6 read and write statistics over time, if statistics are enabled. Closes ticket 33263. o Minor features (subprotocol versions): - Use the new limitations on subprotocol versions due to proposal 318 to simplify our implementation. Part of ticket 40133. o Minor features (testing configuration): - The TestingTorNetwork option no longer implicitly sets AssumeReachable to 1. This change allows us to test relays' self- testing mechanisms, and to test authorities' relay-testing functionality. Closes ticket 34446. o Minor features (testing): - Added unit tests for channel_matches_target_addr_for_extend(). Closes Ticket 33919. Patch by MrSquanchee. o Minor bugfixes (circuit padding): - When circpad_send_padding_cell_for_callback is called, `is_padding_timer_scheduled` flag was not reset. Now it is set to 0 at the top of that function. Fixes bug 32671; bugfix on 0.4.0.1-alpha. - Add a per-circuit padding machine instance counter, so we can differentiate between shutdown requests for old machines on a circuit. Fixes bug 30992; bugfix on 0.4.1.1-alpha. - Add the ability to keep circuit padding machines if they match a set of circuit states or purposes. This allows us to have machines that start up under some conditions but don't shut down under others. We now use this mask to avoid starting up introduction circuit padding again after the machines have already completed. Fixes bug 32040; bugfix on 0.4.1.1-alpha. o Minor bugfixes (circuit, handshake): - In the v3 handshaking code, use connection_or_change_state() to change the state. Previously, we changed the state directly, but this did not pass the state change to the pubsub or channel objects, potentially leading to bugs. Fixes bug 32880; bugfix on 0.2.3.6-alpha. Patch by Neel Chauhan. o Minor bugfixes (compilation): - Change the linker flag ordering in our library search code so that it works for compilers that need the libraries to be listed in the right order. Fixes bug 33624; bugfix on 0.1.1.0-alpha. - Fix the "--enable-static-tor" switch to properly set the "-static" compile option onto the tor binary only. Fixes bug 40111; bugfix on 0.2.3.1-alpha. o Minor bugfixes (configuration): - Exit Tor on a misconfiguration when the Bridge line is configured to use a transport but no corresponding ClientTransportPlugin can be found. Prior to this fix, Tor would attempt to connect to the bridge directly without using the transport, making it easier for adversaries to notice the bridge. Fixes bug 25528; bugfix on 0.2.6.1-alpha. o Minor bugfixes (control port): - Make sure we send the SOCKS request address in relay begin cells when a stream is attached with the purpose CIRCUIT_PURPOSE_CONTROLLER. Fixes bug 33124; bugfix on 0.0.5. Patch by Neel Chauhan. o Minor bugfixes (crash, relay, signing key): - Avoid assertion failures when we run Tor from the command line with `--key-expiration sign`, but an ORPort is not set. Fixes bug 40015; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan. o Minor bugfixes (logging): - Avoid a spurious log message about missing subprotocol versions, when the consensus that we're reading from is older than the current release. Previously we had made this message nonfatal, but in practice, it is never relevant when the consensus is older than the current release. Fixes bug 40281; bugfix on 0.4.0.1-alpha. - Remove trailing whitespace from control event log messages. Fixes bug 32178; bugfix on 0.1.1.1-alpha. Based on a patch by Amadeusz Pawlik. - Turn warning-level log message about SENDME failure into a debug- level message. (This event can happen naturally, and is no reason for concern). Fixes bug 40142; bugfix on 0.4.1.1-alpha. - When logging a rate-limited message about how many messages have been suppressed in the last N seconds, give an accurate value for N, rounded up to the nearest minute. Previously we would report the size of the rate-limiting interval, regardless of when the messages started to occur. Fixes bug 19431; bugfix on 0.2.2.16-alpha. o Minor bugfixes (onion services): - Avoid a non-fatal assertion in certain edge-cases when establishing a circuit to an onion service. Fixes bug 32666; bugfix on 0.3.0.3-alpha. o Minor bugfixes (rust, protocol versions): - Declare support for the onion service introduction point denial of service extensions when building with Rust. Fixes bug 34248; bugfix on 0.4.2.1-alpha. - Make Rust protocol version support checks consistent with the undocumented error behavior of the corresponding C code. Fixes bug 34251; bugfix on 0.3.3.5-rc. o Minor bugfixes (self-testing): - When receiving an incoming circuit, only accept it as evidence that we are reachable if the declared address of its channel is the same address we think that we have. Otherwise, it could be evidence that we're reachable on some other address. Fixes bug 20165; bugfix on 0.1.0.1-rc. o Minor bugfixes (spec conformance): - Use the correct key type when generating signing->link certificates. Fixes bug 40124; bugfix on 0.2.7.2-alpha. o Minor bugfixes (subprotocol versions): - Consistently reject extra commas, instead of only rejecting leading commas. Fixes bug 27194; bugfix on 0.2.9.4-alpha. - In summarize_protover_flags(), treat empty strings the same as NULL. This prevents protocols_known from being set. Previously, we treated empty strings as normal strings, which led to protocols_known being set. Fixes bug 34232; bugfix on 0.3.3.2-alpha. Patch by Neel Chauhan. o Code simplification and refactoring: - Add and use a set of functions to perform down-casts on constant connection and channel pointers. Closes ticket 40046. - Refactor our code that logs descriptions of connections, channels, and the peers on them, to use a single call path. This change enables us to refactor the data types that they use, and eliminates many confusing usages of those types. Closes ticket 40041. - Refactor some common node selection code into a single function. Closes ticket 34200. - Remove the now-redundant 'outbuf_flushlen' field from our connection type. It was previously used for an older version of our rate-limiting logic. Closes ticket 33097. - Rename "fascist_firewall_*" identifiers to "reachable_addr_*" instead, for consistency with other code. Closes ticket 18106. - Rename functions about "advertised" ports which are not in fact guaranteed to return the ports that have been advertised. Closes ticket 40055. - Split implementation of several command line options from options_init_from_torrc into smaller isolated functions. Patch by Daniel Pinto. Closes ticket 40102. - When an extend cell is missing an IPv4 or IPv6 address, fill in the address from the extend info. This is similar to what was done in ticket 33633 for ed25519 keys. Closes ticket 33816. Patch by Neel Chauhan. o Deprecated features: - The "non-builtin" argument to the "--dump-config" command is now deprecated. When it works, it behaves the same as "short", which you should use instead. Closes ticket 33398. o Documentation: - Replace URLs from our old bugtracker so that they refer to the new bugtracker and wiki. Closes ticket 40101. o Removed features: - We no longer ship or build a "tor.service" file for use with systemd. No distribution included this script unmodified, and we don't have the expertise ourselves to maintain this in a way that all the various systemd-based distributions can use. Closes ticket 30797. - We no longer ship support for the Android logging API. Modern versions of Android can use the syslog API instead. Closes ticket 32181. - The "optimistic data" feature is now always on; there is no longer an option to disable it from the torrc file or from the consensus directory. Closes part of 40139. - The "usecreatefast" network parameter is now removed; there is no longer an option for authorities to turn it off. Closes part of 40139. o Testing: - Add unit tests for bandwidth statistics manipulation functions. Closes ticket 33812. Patch by MrSquanchee. o Code simplification and refactoring (autoconf): - Remove autoconf checks for unused funcs and headers. Closes ticket 31699; Patch by @bduszel o Code simplification and refactoring (maintainer scripts): - Disable by default the pre-commit hook. Use the environment variable TOR_EXTRA_PRE_COMMIT_CHECKS in order to run it. Furthermore, stop running practracker in the pre-commit hook and make check-local. Closes ticket 40019. o Code simplification and refactoring (relay address): - Most of IPv4 representation was using "uint32_t". It has now been moved to use the internal "tor_addr_t" interface instead. This is so we can properly integrate IPv6 along IPv4 with common interfaces. Closes ticket 40043. o Documentation (manual page): - Move them from doc/ to doc/man/. Closes ticket 40044. - Describe the status of the "Sandbox" option more accurately. It is no longer "experimental", but it _is_ dependent on kernel and libc versions. Closes ticket 23378. o Documentation (tracing): - Document in depth the circuit subsystem trace events in the new doc/tracing/EventsCircuit.md. Closes ticket 40036. o Removed features (controller): - Remove the "GETINFO network-status" controller command. It has been deprecated since 0.3.1.1-alpha. Closes ticket 22473.

1 0

Tor Browser 10.0.10 is released
by Matthew Finkel 04 Feb '21

04 Feb '21

Hello! Tor Browser 10.0.10 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/10.0.10/ Tor Browser 10.0.10 backports increases the availability of version 3 (v3) onion services. The fix is included in the recently released stable tor versions, as well. Please see the blog post [3] for more details about this version. 3: https://blog.torproject.org/new-release-tor-browser-10010 The full changelog since Tor Browser 10.0.9 is: * All Platforms * Update NoScript to 11.2 * Update HTTPS Everywhere to 2021.1.27 * Bug 40224: Backport Tor patch for v3 onion services [tor-browser-build] * Android * Pick up fix for Mozilla's bug 1688783 * Pick up fix for Mozilla's bug 1688017

1 0

New stable Tor releases: 0.3.5.13, 0.4.3.8, and 0.4.4.7
by Nick Mathewson 03 Feb '21

03 Feb '21

(If you are about to reply saying "please take me off this list", instead please follow these instructions: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/ . If you have trouble, it is probably because you subscribed using a different address than the one you are trying to unsubscribe with. You will have to enter the actual email address you used when you subscribed.) Source code for Tor 0.4.4.7 is now available; you can download the source code from the download page at https://www.torproject.org/download/tor/. Packages should be available within the next several weeks, with a new Tor Browser coming later this month. Also today, Tor 0.3.5.13 and 0.4.3.8 have also been released; you can find them (and source for older Tor releases) at https://dist.torproject.org/ . Their changelogs are here: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.5.13 https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.3.8 Note that the 0.4.3.x series is almost at end-of-life: it will no longer get supported after 15 Feb. Changes in version 0.4.4.7 - 2021-02-03 Tor 0.4.4.7 backports numerous bugfixes from later releases, including one that made v3 onion services more susceptible to denial-of-service attacks, and a feature that makes some kinds of DoS attacks harder to perform. o Major bugfixes (onion service v3, backport from 0.4.5.3-rc): - Stop requiring a live consensus for v3 clients and services, and allow a "reasonably live" consensus instead. This allows v3 onion services to work even if the authorities fail to generate a consensus for more than 2 hours in a row. Fixes bug 40237; bugfix on 0.3.5.1-alpha. o Major feature (exit, backport from 0.4.5.5-rc): - Re-entry into the network is now denied at the Exit level to all relays' ORPorts and authorities' ORPorts and DirPorts. This change should help mitgate a set of denial-of-service attacks. Closes ticket 2667. o Minor feature (build system, backport from 0.4.5.4-rc): - New "make lsp" command to generate the compile_commands.json file used by the ccls language server. The "bear" program is needed for this. Closes ticket 40227. o Minor features (compilation, backport from 0.4.5.2-rc): - Disable deprecation warnings when building with OpenSSL 3.0.0 or later. There are a number of APIs newly deprecated in OpenSSL 3.0.0 that Tor still requires. (A later version of Tor will try to stop depending on these APIs.) Closes ticket 40165. o Minor features (crypto, backport from 0.4.5.3-rc): - Fix undefined behavior on our Keccak library. The bug only appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) and would result in wrong digests. Fixes bug 40210; bugfix on 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and weasel for diagnosing this. o Minor bugfixes (compatibility, backport from 0.4.5.1-rc): - Strip '\r' characters when reading text files on Unix platforms. This should resolve an issue where a relay operator migrates a relay from Windows to Unix, but does not change the line ending of Tor's various state files to match the platform, and the CRLF line endings from Windows end up leaking into other files such as the extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. o Minor bugfixes (compilation, backport from 0.4.5.3-rc): - Fix a compilation warning about unreachable fallthrough annotations when building with "--enable-all-bugs-are-fatal" on some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc): - Handle partial SOCKS5 messages correctly. Previously, our code would send an incorrect error message if it got a SOCKS5 request that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. o Minor bugfixes (testing, backport from 0.4.5.2-alpha): - Fix the `config/parse_tcp_proxy_line` test so that it works correctly on systems where the DNS provider hijacks invalid queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. - Fix our Python reference-implementation for the v3 onion service handshake so that it works correctly with the version of hashlib provided by Python 3.9. Fixes part of bug 40179; bugfix on 0.3.1.6-rc. - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha.

1 0

Tor Browser 10.0.9 is released
by Matthew Finkel 27 Jan '21

27 Jan '21

Hello! Tor Browser 10.0.9 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/10.0.9/ This release updates Firefox for desktops to 78.7.0esr and Firefox for Android to 85.1.0 This release includes important security updates to Firefox for Desktop [3] and Firefox for Android [4]. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/ 4: https://www.mozilla.org/en-US/security/advisories/mfsa2021-03/ Please see the blog post [4] for more details about this version. 4: https://blog.torproject.org/new-release-tor-browser-1009 The full changelog since Tor Browser 10.0.8 is: * All Platforms * Update NoScript to 11.1.9 * Windows + OS X + Linux * Update Firefox to 78.7.0esr * Bug 40249: Remove EOY 2020 Campaign [tor-browser] * Android * Update Fenix to 85.1.0 * Bug 40137: Remove EOY 2020 Campaign [fenix] * Bug 40165: Update zstd to 1.4.8 [tor-browser-build] * Bug 40308: Disable network state partitioning until audit [tor-browser] * Build System * All Platforms * Update Go to 1.14.14 * Android * Bug 40190: Update toolchain for Fenix 85 [tor-browser-build] * Bug 40191: Update Fenix and dependencies to 85.0.0-beta1 [tor-browser-build] * Bug 40193: Build all mobile Rust targets in a single step [tor-browser-build] * Bug 40208: Mitigate uniffi non-deterministic code generation [tor-browser-build]

1 0

Tor Browser 10.0.8 is released
by Matthew Finkel 13 Jan '21

13 Jan '21

Hello! Tor Browser 10.0.8 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/10.0.8/ This release updates Firefox for desktops to 78.6.1esr and Firefox for Android to 84.1.4 This version resolves instability on Apple macOS devices with the new M1 processor. Please see the blog post [3] for more details about this version. 3: https://blog.torproject.org/new-release-tor-browser-1008 The full changelog since Tor Browser 10.0.7 is: * All Platforms * Update NoScript to 11.1.7 * Windows + OS X + Linux * Update Firefox to 78.6.1esr * Android * Update Firefox to 84.1.4 * OS X * Bug 40262: Browser tabs crashing on the new Macbooks with the M1 chip [tor-browser] * Build System * Android * Bug 40195: repo.spring.io is not usable anymore [tor-browser-build]

1 0

Tor Browser 10.0.7 is released
by Matthew Finkel 15 Dec '20

15 Dec '20

Hello! Tor Browser 10.0.7 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/10.0.7/ This release updates Firefox for desktops to 78.6.0esr and Firefox for Android to 84.1.0 This release includes important security updates to Firefox for Desktop [3] and Firefox for Android [4]. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/ 4: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/ Please see the blog post [4] for more details about this version. 4: https://blog.torproject.org/new-release-tor-browser-1007 The full changelog since Tor Browser 10.0.6 is: * All Platforms * Update HTTPS Everywhere to 2020.11.17 * Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots [tor-browser] * Bug 40176: Update openssl to 1.1.1i [tor-browser-build] * Windows + OS X + Linux * Update Firefox to 78.6.0esr * Android * Update Fenix to 84.1.0 * Update NoScript to 11.1.6 * Linux * Bug 40226: Crash on Fedora Workstation Rawhide GNOME [tor-browser] * Build System * All Platforms * Bug 40139: Pick up rbm commit for bug 40008 [tor-browser-build] * Bug 40161: Update Go compiler to 1.14.13 [tor-browser-build] * Android * Bug 40128: Allow updating Fenix allowed_addons.json * [tor-browser-build] * Bug 40140: Create own Gradle project [tor-browser-build] * Bug 40155: Update toolchain for Fenix 84 [tor-browser-build] * Bug 40156: Update Fenix and dependencies to 84.0.0-beta2 * [tor-browser-build] * Bug 40163: Avoid checking hash of .pom files [tor-browser-build] * Bug 40171: Include all uniffi-rs artifacts into * application-services [tor-browser-build] * Bug 40184: Update Fenix and deps to 84.1.0 [tor-browser-build]

1 0

Tor Browser 10.0.6 is released
by Matthew Finkel 09 Dec '20

09 Dec '20

Hello! Tor Browser 10.0.6 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/10.0.6/ This release back a functioning meek bridge and allows to get bridges from torproject.org again. Please see the blog post [4] for more details about this version. 3: https://blog.torproject.org/new-release-tor-browser-1006 The full changelog since Tor Browser 10.0.5 is: * All Platforms * Bug 40175: Update obfs4proxy's TLS certificate public key pinning

1 0

Tor Browser 10.0.5 is released
by Matthew Finkel 17 Nov '20

17 Nov '20

Hello! (We'll begin sending Tor Browser release announcements again.) Tor Browser 10.0.5 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/10.0.5/ This release updates Firefox to 78.5.0esr and updates Tor to 0.4.4.6. This release includes important security updates [3] to Firefox. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/ Please see the blog post [4] for more details about this version. 4: https://blog.torproject.org/new-release-tor-browser-1005 The full changelog since Tor Browser 10.0.4 is: * Windows + OS X + Linux * Update Firefox to 78.5.0esr * Update Tor to 0.4.4.6 * Bug 40212: Add new default obfs4 bridge [tor-browser]

1 0

New stable Tor releases: 0.3.5.12, 0.4.3.7, 0.4.4.6
by Nick Mathewson 12 Nov '20

12 Nov '20

Hello! (If you are about to reply saying "please take me off this list", instead please follow these instructions: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/ . If you have trouble, it is probably because you subscribed using a different address than the one you are trying to unsubscribe with. You will have to enter the actual email address you used when you subscribed.) Source code for Tor 0.4.4.6 is now available; you can download the source code from the download page at https://www.torproject.org/download/tor/. Packages should be available within the next several weeks, with a new Tor Browser coming next week. Also today, Tor 0.3.5.12 and 0.4.3.7 have also been released; you can find them (and source for older Tor releases) at https://dist.torproject.org/ . Their changelogs are here: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.5.12 https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.3.7 (Note that there's an error in the 0.4.3.7 changelog: Support for 0.4.3.x will in fact continue until 15 February 2021.) Changes in version 0.4.4.6 - 2020-11-12 Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It backports fixes from later releases, including a fix for TROVE-2020- 005, a security issue that could be used, under certain cases, by an adversary to observe traffic patterns on a limited number of circuits intended for a different relay. o Major bugfixes (security, backport from 0.4.5.1-alpha): - When completing a channel, relays now check more thoroughly to make sure that it matches any pending circuits before attaching those circuits. Previously, address correctness and Ed25519 identities were not checked in this case, but only when extending circuits on an existing channel. Fixes bug 40080; bugfix on 0.2.7.2-alpha. Resolves TROVE-2020-005. o Minor features (directory authorities, backport from 0.4.5.1-alpha): - Authorities now list a different set of protocols as required and recommended. These lists have been chosen so that only truly recommended and/or required protocols are included, and so that clients using 0.2.9 or later will continue to work (even though they are not supported), whereas only relays running 0.3.5 or later will meet the requirements. Closes ticket 40162. - Make it possible to specify multiple ConsensusParams torrc lines. Now directory authority operators can for example put the main ConsensusParams config in one torrc file and then add to it from a different torrc file. Closes ticket 40164. o Minor features (subprotocol versions, backport from 0.4.5.1-alpha): - Tor no longer allows subprotocol versions larger than 63. Previously version numbers up to UINT32_MAX were allowed, which significantly complicated our code. Implements proposal 318; closes ticket 40133. o Minor features (tests, v2 onion services, backport from 0.4.5.1-alpha): - Fix a rendezvous cache unit test that was triggering an underflow on the global rend cache allocation. Fixes bug 40125; bugfix on 0.2.8.1-alpha. - Fix another rendezvous cache unit test that was triggering an underflow on the global rend cache allocation. Fixes bug 40126; bugfix on 0.2.8.1-alpha. o Minor bugfixes (compilation, backport from 0.4.5.1-alpha): - Fix compiler warnings that would occur when building with "--enable-all-bugs-are-fatal" and "--disable-module-relay" at the same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha. - Resolve a compilation warning that could occur in test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. o Minor bugfixes (logging, backport from 0.4.5.1-alpha): - Remove a debug logging statement that uselessly spammed the logs. Fixes bug 40135; bugfix on 0.3.5.0-alpha. o Minor bugfixes (relay configuration, crash, backport from 0.4.5.1-alpha): - Avoid a fatal assert() when failing to create a listener connection for an address that was in use. Fixes bug 40073; bugfix on 0.3.5.1-alpha. o Minor bugfixes (v2 onion services, backport from 0.4.5.1-alpha): - For HSFETCH commands on v2 onion services addresses, check the length of bytes decoded, not the base32 length. Fixes bug 34400; bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan.

1 0

Tor 0.4.4.5 is released
by Nick Mathewson 15 Sep '20

15 Sep '20

Hi, all! Hello, everyone! (If you are about to reply saying "please take me off this list", instead please follow these instructions: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/ . If you have trouble, it is probably because you subscribed using a different address than the one you are trying to unsubscribe with. You will have to enter the actual email address you used when you subscribed.) After months of work, Tor 0.4.4.5 is now available! This is the first stable release in the 0.4.4.x series, and we hope you find it useful. You can download the source code from the download page at https://www.torproject.org/download/tor/ . Packages should be available within the next several weeks, with a new Tor Browser by some time next week. Changes in version 0.4.4.5 - 2020-09-15 Tor 0.4.4.5 is the first stable release in the 0.4.4.x series. This series improves our guard selection algorithms, adds v3 onion balance support, improves the amount of code that can be disabled when running without relay support, and includes numerous small bugfixes and enhancements. It also lays the ground for some IPv6 features that we'll be developing more in the next (0.4.5) series. Per our support policy, we support each stable release series for nine months after its first stable release, or three months after the first stable release of the next series: whichever is longer. This means that 0.4.4.x will be supported until around June 2021--or later, if 0.4.5.x is later than anticipated. Note also that support for 0.4.2.x has just ended; support for 0.4.3 will continue until Feb 15, 2021. We still plan to continue supporting 0.3.5.x, our long-term stable series, until Feb 2022. Below are the changes since 0.4.3.6-rc. For a complete list of changes since 0.4.4.4-rc, see the ChangeLog file. o Major features (Proposal 310, performance + security): - Implements Proposal 310, "Bandaid on guard selection". Proposal 310 solves load-balancing issues with older versions of the guard selection algorithm, and improves its security. Under this new algorithm, a newly selected guard never becomes Primary unless all previously sampled guards are unreachable. Implements recommendation from 32088. (Proposal 310 is linked to the CLAPS project researching optimal client location-aware path selections. This project is a collaboration between the UCLouvain Crypto Group, the U.S. Naval Research Laboratory, and Princeton University.) o Major features (fallback directory list): - Replace the 148 fallback directories originally included in Tor 0.4.1.4-rc (of which around 105 are still functional) with a list of 144 fallbacks generated in July 2020. Closes ticket 40061. o Major features (IPv6, relay): - Consider IPv6-only EXTEND2 cells valid on relays. Log a protocol warning if the IPv4 or IPv6 address is an internal address, and internal addresses are not allowed. But continue to use the other address, if it is valid. Closes ticket 33817. - If a relay can extend over IPv4 and IPv6, and both addresses are provided, it chooses between them uniformly at random. Closes ticket 33817. - Re-use existing IPv6 connections for circuit extends. Closes ticket 33817. - Relays may extend circuits over IPv6, if the relay has an IPv6 ORPort, and the client supplies the other relay's IPv6 ORPort in the EXTEND2 cell. IPv6 extends will be used by the relay IPv6 ORPort self-tests in 33222. Closes ticket 33817. o Major features (v3 onion services): - Allow v3 onion services to act as OnionBalance backend instances, by using the HiddenServiceOnionBalanceInstance torrc option. Closes ticket 32709. o Major bugfixes (NSS): - When running with NSS enabled, make sure that NSS knows to expect nonblocking sockets. Previously, we set our TCP sockets as nonblocking, but did not tell NSS, which in turn could lead to unexpected blocking behavior. Fixes bug 40035; bugfix on 0.3.5.1-alpha. o Major bugfixes (onion services, DoS): - Correct handling of parameters for the onion service DoS defense. Previously, the consensus parameters for the onion service DoS defenses were overwriting the parameters set by the service operator using HiddenServiceEnableIntroDoSDefense. Fixes bug 40109; bugfix on 0.4.2.1-alpha. o Major bugfixes (stats, onion services): - Fix a bug where we were undercounting the Tor network's total onion service traffic, by ignoring any traffic originating from clients. Now we count traffic from both clients and services. Fixes bug 40117; bugfix on 0.2.6.2-alpha. o Minor features (security): - Channels using obsolete versions of the Tor link protocol are no longer allowed to circumvent address-canonicity checks. (This is only a minor issue, since such channels have no way to set ed25519 keys, and therefore should always be rejected for circuits that specify ed25519 identities.) Closes ticket 40081. o Minor features (bootstrap reporting): - Report more detailed reasons for bootstrap failure when the failure happens due to a TLS error. Previously we would just call these errors "MISC" when they happened during read, and "DONE" when they happened during any other TLS operation. Closes ticket 32622. o Minor features (client-only compilation): - Disable more code related to the ext_orport protocol when compiling without support for relay mode. Closes ticket 33368. - Disable more of our self-testing code when support for relay mode is disabled. Closes ticket 33370. - Most server-side DNS code is now disabled when building without support for relay mode. Closes ticket 33366. o Minor features (code safety): - Check for failures of tor_inet_ntop() and tor_inet_ntoa() functions in DNS and IP address processing code, and adjust codepaths to make them less likely to crash entire Tor instances. Resolves issue 33788. o Minor features (continuous integration): - Run unit-test and integration test (Stem, Chutney) jobs with ALL_BUGS_ARE_FATAL macro being enabled on Travis and Appveyor. Resolves ticket 32143. o Minor features (control port): - If a ClientName was specified in ONION_CLIENT_AUTH_ADD for an onion service, display it when we use ONION_CLIENT_AUTH_VIEW. Closes ticket 40089. Patch by Neel Chauhan. - Return a descriptive error message from the 'GETINFO status/fresh- relay-descs' command on the control port. Previously, we returned a generic error of "Error generating descriptor". Closes ticket 32873. Patch by Neel Chauhan. o Minor features (defense in depth): - Wipe more data from connection address fields before returning them to the memory heap. Closes ticket 6198. o Minor features (denial-of-service memory limiter): - Allow the user to configure even lower values for the MaxMemInQueues parameter. Relays now enforce a minimum of 64 MB, when previously the minimum was 256 MB. On clients, there is no minimum. Relays and clients will both warn if the value is set so low that Tor is likely to stop working. Closes ticket 24308. o Minor features (developer tooling): - Add a script to help check the alphabetical ordering of option names in the manual page. Closes ticket 33339. - Refrain from listing all .a files that are generated by the Tor build in .gitignore. Add a single wildcard *.a entry that covers all of them for present and future. Closes ticket 33642. - Add a script ("git-install-tools.sh") to install git hooks and helper scripts. Closes ticket 33451. o Minor features (directory authority): - Authorities now recommend the protocol versions that are supported by Tor 0.3.5 and later. (Earlier versions of Tor have been deprecated since January of this year.) This recommendation will cause older clients and relays to give a warning on startup, or when they download a consensus directory. Closes ticket 32696. o Minor features (directory authority, shared random): - Refactor more authority-only parts of the shared-random scheduling code to reside in the dirauth module, and to be disabled when compiling with --disable-module-dirauth. Closes ticket 33436. o Minor features (directory): - Remember the number of bytes we have downloaded for each directory purpose while bootstrapping, and while fully bootstrapped. Log this information as part of the heartbeat message. Closes ticket 32720. o Minor features (entry guards): - Reinstate support for GUARD NEW/UP/DOWN control port events. Closes ticket 40001. o Minor features (IPv6 support): - Adds IPv6 support to tor_addr_is_valid(). Adds tests for the above changes and tor_addr_is_null(). Closes ticket 33679. Patch by MrSquanchee. - Allow clients and relays to send dual-stack and IPv6-only EXTEND2 cells. Parse dual-stack and IPv6-only EXTEND2 cells on relays. Closes ticket 33901. o Minor features (linux seccomp2 sandbox, portability): - Allow Tor to build on platforms where it doesn't know how to report which syscall caused the linux seccomp2 sandbox to fail. This change should make the sandbox code more portable to less common Linux architectures. Closes ticket 34382. - Permit the unlinkat() syscall, which some Libc implementations use to implement unlink(). Closes ticket 33346. o Minor features (logging): - When trying to find our own address, add debug-level logging to report the sources of candidate addresses. Closes ticket 32888. o Minor features (onion service client, SOCKS5): - Add 3 new SocksPort ExtendedErrors (F2, F3, F7) that reports back new type of onion service connection failures. The semantics of these error codes are documented in proposal 309. Closes ticket 32542. o Minor features (onion service v3): - If a service cannot upload its descriptor(s), log why at INFO level. Closes ticket 33400; bugfix on 0.3.2.1-alpha. o Minor features (python scripts): - Stop assuming that /usr/bin/python exists. Instead of using a hardcoded path in scripts that still use Python 2, use /usr/bin/env, similarly to the scripts that use Python 3. Fixes bug 33192; bugfix on 0.4.2. o Minor features (testing, architecture): - Our test scripts now double-check that subsystem initialization order is consistent with the inter-module dependencies established by our .may_include files. Implements ticket 31634. - Initialize all subsystems at the beginning of our unit test harness, to avoid crashes due to uninitialized subsystems. Follow- up from ticket 33316. - Our "make check" target now runs the unit tests in 8 parallel chunks. Doing this speeds up hardened CI builds by more than a factor of two. Closes ticket 40098. o Minor features (v3 onion services): - Add v3 onion service status to the dumpstats() call which is triggered by a SIGUSR1 signal. Previously, we only did v2 onion services. Closes ticket 24844. Patch by Neel Chauhan. o Minor features (windows): - Add support for console control signals like Ctrl+C in Windows. Closes ticket 34211. Patch from Damon Harris (TheDcoder). o Minor bugfixes (control port, onion service): - Consistently use 'address' in "Invalid v3 address" response to ONION_CLIENT_AUTH commands. Previously, we would sometimes say 'addr'. Fixes bug 40005; bugfix on 0.4.3.1-alpha. o Minor bugfixes (correctness, buffers): - Fix a correctness bug that could cause an assertion failure if we ever tried using the buf_move_all() function with an empty input buffer. As far as we know, no released versions of Tor do this. Fixes bug 40076; bugfix on 0.3.3.1-alpha. o Minor bugfixes (directory authorities): - Directory authorities now reject votes that arrive too late. In particular, once an authority has started fetching missing votes, it no longer accepts new votes posted by other authorities. This change helps prevent a consensus split, where only some authorities have the late vote. Fixes bug 4631; bugfix on 0.2.0.5-alpha. o Minor bugfixes (git scripts): - Stop executing the checked-out pre-commit hook from the pre-push hook. Instead, execute the copy in the user's git directory. Fixes bug 33284; bugfix on 0.4.1.1-alpha. o Minor bugfixes (initialization): - Initialize the subsystems in our code in an order more closely corresponding to their dependencies, so that every system is initialized before the ones that (theoretically) depend on it. Fixes bug 33316; bugfix on 0.4.0.1-alpha. o Minor bugfixes (IPv4, relay): - Check for invalid zero IPv4 addresses and ports when sending and receiving extend cells. Fixes bug 33900; bugfix on 0.2.4.8-alpha. o Minor bugfixes (IPv6, relay): - Consider IPv6 addresses when checking if a connection is canonical. In 17604, relays assumed that a remote relay could consider an IPv6 connection canonical, but did not set the canonical flag on their side of the connection. Fixes bug 33899; bugfix on 0.3.1.1-alpha. - Log IPv6 addresses on connections where this relay is the responder. Previously, responding relays would replace the remote IPv6 address with the IPv4 address from the consensus. Fixes bug 33899; bugfix on 0.3.1.1-alpha. o Minor bugfixes (linux seccomp2 sandbox): - Fix a regression on sandboxing rules for the openat() syscall. The fix for bug 25440 fixed the problem on systems with glibc >= 2.27 but broke with versions of glibc. We now choose a rule based on the glibc version. Patch from Daniel Pinto. Fixes bug 27315; bugfix on 0.3.5.11. - Makes the seccomp sandbox allow the correct syscall for opendir according to the running glibc version. This fixes crashes when reloading torrc with sandbox enabled when running on glibc 2.15 to 2.21 and 2.26. Patch from Daniel Pinto. Fixes bug 40020; bugfix on 0.3.5.11. o Minor bugfixes (logging, testing): - Make all of tor's assertion macros support the ALL_BUGS_ARE_FATAL and DISABLE_ASSERTS_IN_UNIT_TESTS debugging modes. (IF_BUG_ONCE() used to log a non-fatal warning, regardless of the debugging mode.) Fixes bug 33917; bugfix on 0.2.9.1-alpha. - Remove surprising empty line in the INFO-level log about circuit build timeout. Fixes bug 33531; bugfix on 0.3.3.1-alpha. o Minor bugfixes (mainloop): - Better guard against growing a buffer past its maximum 2GB in size. Fixes bug 33131; bugfix on 0.3.0.4-rc. o Minor bugfixes (onion service v3 client): - Remove a BUG() warning that could occur naturally. Fixes bug 34087; bugfix on 0.3.2.1-alpha. o Minor bugfixes (onion service, logging): - Fix a typo in a log message PublishHidServDescriptors is set to 0. Fixes bug 33779; bugfix on 0.3.2.1-alpha. o Minor bugfixes (onion services v3): - Avoid a non-fatal assertion failure in certain edge-cases when opening an intro circuit as a client. Fixes bug 34084; bugfix on 0.3.2.1-alpha. o Minor bugfixes (protocol versions): - Sort tor's supported protocol version lists, as recommended by the tor directory specification. Fixes bug 33285; bugfix on 0.4.0.1-alpha. o Minor bugfixes (rate limiting, bridges, pluggable transports): - On a bridge, treat all connections from an ExtORPort as remote by default for the purposes of rate-limiting. Previously, bridges would treat the connection as local unless they explicitly received a "USERADDR" command. ExtORPort connections still count as local if there is a USERADDR command with an explicit local address. Fixes bug 33747; bugfix on 0.2.5.1-alpha. o Minor bugfixes (refactoring): - Lift circuit_build_times_disabled() out of the circuit_expire_building() loop, to save CPU time when there are many circuits open. Fixes bug 33977; bugfix on 0.3.5.9. o Minor bugfixes (relay, self-testing): - When starting up as a relay, if we haven't been able to verify that we're reachable, only launch reachability tests at most once a minute. Previously, we had been launching tests up to once a second, which was needlessly noisy. Fixes bug 40083; bugfix on 0.2.8.1-alpha. o Minor bugfixes (relay, usability): - Adjust the rules for when to warn about having too many connections to other relays. Previously we'd tolerate up to 1.5 connections per relay on average. Now we tolerate more connections for directory authorities, and raise the number of total connections we need to see before we warn. Fixes bug 33880; bugfix on 0.3.1.1-alpha. o Minor bugfixes (SOCKS, onion service client): - Detect v3 onion service addresses of the wrong length when returning the F6 ExtendedErrors code. Fixes bug 33873; bugfix on 0.4.3.1-alpha. o Minor bugfixes (tests): - Fix the behavior of the rend_cache/clean_v2_descs_as_dir when run on its own. Previously, it would exit with an error. Fixes bug 40099; bugfix on 0.2.8.1-alpha. o Minor bugfixes (v3 onion services): - Remove a BUG() warning that could trigger in certain unlikely edge-cases. Fixes bug 34086; bugfix on 0.3.2.1-alpha. - Remove a BUG() that was causing a stacktrace when a descriptor changed at an unexpected time. Fixes bug 28992; bugfix on 0.3.2.1-alpha. o Minor bugfixes (windows): - Fix a bug that prevented Tor from starting if its log file grew above 2GB. Fixes bug 31036; bugfix on 0.2.1.8-alpha. o Code simplification and refactoring: - Define and use a new constant TOR_ADDRPORT_BUF_LEN which is like TOR_ADDR_BUF_LEN but includes enough space for an IP address, brackets, separating colon, and port number. Closes ticket 33956. Patch by Neel Chauhan. - Merge the orconn and ocirc events into the "core" subsystem, which manages or connections and origin circuits. Previously they were isolated in subsystems of their own. - Move LOG_PROTOCOL_WARN to app/config. Resolves a dependency inversion. Closes ticket 33633. - Move the circuit extend code to the relay module. Split the circuit extend function into smaller functions. Closes ticket 33633. - Rewrite port_parse_config() to use the default port flags from port_cfg_new(). Closes ticket 32994. Patch by MrSquanchee. - Updated comments in 'scheduler.c' to reflect old code changes, and simplified the scheduler channel state change code. Closes ticket 33349. - Refactor configuration parsing to use the new config subsystem code. Closes ticket 33014. - Move a series of functions related to address resolving into their own files. Closes ticket 33789. o Documentation: - Replace most http:// URLs in our code and documentation with https:// URLs. (We have left unchanged the code in src/ext/, and the text in LICENSE.) Closes ticket 31812. Patch from Jeremy Rand. - Document the limitations of using %include on config files with seccomp sandbox enabled. Fixes documentation bug 34133; bugfix on 0.3.1.1-alpha. Patch by Daniel Pinto. o Removed features: - Our "check-local" test target no longer tries to use the Coccinelle semantic patching tool parse all the C files. While it is a good idea to try to make sure Coccinelle works on our C before we run a Coccinelle patch, doing so on every test run has proven to be disruptive. You can still run this tool manually with "make check-cocci". Closes ticket 40030. - Remove the ClientAutoIPv6ORPort option. This option attempted to randomly choose between IPv4 and IPv6 for client connections, and wasn't a true implementation of Happy Eyeballs. Often, this option failed on IPv4-only or IPv6-only connections. Closes ticket 32905. Patch by Neel Chauhan. - Stop shipping contrib/dist/rc.subr file, as it is not being used on FreeBSD anymore. Closes issue 31576. o Testing: - Add a basic IPv6 test to "make test-network". This test only runs when the local machine has an IPv6 stack. Closes ticket 33300. - Add test-network-ipv4 and test-network-ipv6 jobs to the Makefile. These jobs run the IPv4-only and dual-stack chutney flavours from test-network-all. Closes ticket 33280. - Remove a redundant distcheck job. Closes ticket 33194. - Run the test-network-ipv6 Makefile target in the Travis CI IPv6 chutney job. This job runs on macOS, so it's a bit slow. Closes ticket 33303. - Sort the Travis jobs in order of speed. Putting the slowest jobs first takes full advantage of Travis job concurrency. Closes ticket 33194. - Stop allowing the Chutney IPv6 Travis job to fail. This job was previously configured to fast_finish (which requires allow_failure), to speed up the build. Closes ticket 33195. - Test v3 onion services to tor's mixed IPv4 chutney network. And add a mixed IPv6 chutney network. These networks are used in the test-network-all, test-network-ipv4, and test-network-ipv6 make targets. Closes ticket 33334. - Use the "bridges+hs-v23" chutney network flavour in "make test- network". This test requires a recent version of chutney (mid- February 2020). Closes ticket 28208. - When a Travis chutney job fails, use chutney's new "diagnostics.sh" tool to produce detailed diagnostic output. Closes ticket 32792. o Deprecated features (onion service v2): - Add a deprecation warning for version 2 onion services. Closes ticket 40003. o Documentation (manual page): - Add cross reference links and a table of contents to the HTML tor manual page. Closes ticket 33369. Work by Swati Thacker as part of Google Season of Docs. - Alphabetize the Denial of Service Mitigation Options, Directory Authority Server Options, Hidden Service Options, and Testing Network Options sections of the tor(1) manual page. Closes ticket 33275. Work by Swati Thacker as part of Google Season of Docs. - Refrain from mentioning nicknames in manpage section for MyFamily torrc option. Resolves issue 33417. - Updated the options set by TestingTorNetwork in the manual page. Closes ticket 33778.

1 0