- tor-announce - lists.torproject.org

[RELEASE] Tor 0.4.7.6-rc
by David Goulet 07 Apr '22

07 Apr '22

Greetings, We've just released the first 0.4.7.x release candidate: https://forum.torproject.net/t/release-0-4-7-6-rc/2889 Changes in version 0.4.7.6-rc - 2022-04-07 This is the first release candidate of the 0.4.7.x series. Only one minor bugfix went in since the last alpha couple weeks ago. We strongly recommend anyone running an alpha version to upgrade to this version. Unless major problems are found, the next release will finally be the stable! o Minor features (fallbackdir): - Regenerate fallback directories generated on April 07, 2022. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2022/04/07. o Minor features (linux seccomp2 sandbox): - Permit the clone3 syscall, which is apparently used in glibc-2.34 and later. Closes ticket 40590. Cheers! David -- pICMPlTWKktlCkIv3Hh37RGfrVPd/9zhpvf94Oq3ooA=

1 0

[RELEASE] Tor 0.4.7.5-alpha
by David Goulet 25 Mar '22

25 Mar '22

Greetings, We've just released tor 0.4.7.5-alpha. ChangeLog is below. https://forum.torproject.net/t/release-0-4-7-5-alpha/2744 Cheers! David Changes in version 0.4.7.5-alpha - 2022-03-25 This version contains, of what we hope, the final work for congestion control paving the way to the stable version. We expect this to be the last alpha version of the 0.4.7.x series. Mostly minor bugfixes except one major bugfix that changes how Tor behaves with DNS timeouts for Exit relays. As always with an alpha, we recommend all relay operators to upgrade from previous alpha to this one. o Major bugfixes (onion service, congestion control): - Fix the onion service upload case where the congestion control parameters were not added to the right object. Fixes bug 40586; bugfix on 0.4.7.4-alpha. o Major bugfixes (relay, DNS): - Lower the DNS timeout from 3 attempts at 5 seconds each to 2 attempts at 1 seconds each. Two new consensus parameters were added to control these values. This change should improve observed performance under DNS load; see ticket for more details. Fixes bug 40312; bugfix on 0.3.5.1-alpha. o Minor features (control port): - Provide congestion control fields on CIRC_BW and STREAM control port events, for use by sbws. Closes ticket 40568. o Minor features (fallbackdir): - Regenerate fallback directories generated on March 25, 2022. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2022/03/25. o Minor bugfixes (DNSPort, dormant mode): - A request on the DNSPort now wakes up a dormant tor. Fixes bug 40577; bugfix on 0.3.5.1-alpha. o Minor bugfixes (metrics port, onion service): - Fix the metrics with a port label to be unique. Before this, all ports of an onion service would be on the same line which violates the Prometheus rules of unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha. o Minor bugfixes (onion service congestion control): - Avoid a non-fatal assertion failure in the case where we fail to set up congestion control on a rendezvous circuit. This could happen naturally if a cache entry expired at an unexpected time. Fixes bug 40576; bugfix on 0.4.7.4-alpha. o Minor bugfixes (onion service, client): - Fix a rare but fatal assertion failure due to a guard subsystem recursion triggered by the onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha. o Minor bugfixes (relay, overload): - Decide whether to signal overload based on a fraction and assessment period of ntor handshake drops. Previously, a single drop could trigger an overload state, which caused many false positives. Fixes bug 40560; bugfix on 0.4.7.1-alpha. -- kru8pKXbe2FhypfeM2WSbi8Pd7ZzkaybuvJFT4nvawQ=

1 0

[RELEASE] Tor 0.4.7.4-alpha
by David Goulet 25 Feb '22

25 Feb '22

Greetings, We've just released tor 0.4.7.4-alpha. ChangeLog is below. https://forum.torproject.net/t/release-0-4-7-4-alpha/2300 Cheers! David Changes in version 0.4.7.4-alpha - 2022-02-25 This version contains the negotiation congestion control work which is the final part needed before going stable. There are also various bugfixes including two major ones detailed below. Last, the Exit notice page layout has been modernized but the text is unchanged. We recommend that all relay operators running any previous alpha upgrade to this one. o Major features (relay, client, onion services): - Implement RTT-based congestion control for exits and onion services, from Proposal 324. Disabled by default. Enabled by the 'cc_alg' consensus parameter. Closes ticket 40444. o Major bugfixes (client): - Stop caching TCP connect failures to relays/bridges when we initiated the connection as a client. Now we only cache connect failures as a relay or bridge when we initiated them because of an EXTEND request. Declining to re-attempt the client-based connections could cause problems when we lose connectivity and try to reconnect. Fixes bug 40499; bugfix on 0.3.3.4-alpha. o Major bugfixes (relay, overload): - Do not trigger a general overload on DNS timeout. Even after fixing 40527, some code remained that triggered the overload. Fixes bug 40564; bugfix on 0.4.7.1-alpha. o Minor feature (authority, relay): - Reject End-Of-Life relays running version 0.3.5.x. Closes ticket 40559. o Minor features (fallbackdir): - Regenerate fallback directories generated on February 25, 2022. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2022/02/25. o Minor bugfix (logging): - Update a log notice dead URL to a working one. Fixes bug 40544; bugfix on 0.3.5.1-alpha. o Minor bugfix (relay): - Remove the HSDir and HSIntro onion service v2 protocol versions so relay stop advertising that they support them. Fixes bug 40509; bugfix on 0.3.5.17. o Minor bugfixes (cell scheduling): - Avoid writing empty payload with NSS write. - Don't attempt to write 0 bytes after a cell scheduling loop. No empty payload was put on the wire. Fixes bug 40548; bugfix on 0.3.5.1-alpha. o Minor bugfixes (compilation): - Resume being able to build on old / esoteric gcc versions. Fixes bug 40550; bugfix on 0.4.7.1-alpha. o Minor bugfixes (compiler warnings): - Fix couple compiler warnings on latest Ubuntu Jammy. Fixes bug 40516; bugfix on 0.3.5.1-alpha. o Documentation: - Provide an improved version of the tor-exit-notice.html file for exit relays to use as a landing page. The text is unchanged, but the page design and layout are significantly modernized, and several links are fixed. Patch from "n_user"; closes ticket 40529. -- mS/QhxKfrcPEBE2kKmo6rbgvCB0PCapOMqhxmGoxMc8=

1 0

[RELEASE] Tor 0.4.5.12 and 0.4.6.10
by David Goulet 04 Feb '22

04 Feb '22

Greetings, We just released 0.4.5.12 and 0.4.6.10: https://forum.torproject.net/t/release-0-4-5-12-and-0-4-6-10/2024 Changelog below. Cheers! David Changes in version 0.4.5.12 - 2022-02-04 This version contains mostly minor bugfixes for which you can find the details below. The previous release (0.4.5.11) was suppose to update the GeoIP and fallbackdir lists but a problem in our release pipeline prevented those files to be updated correctly. Thus, this release regenerates up to date lists. Furthermore, another fix to highlight is that relays don't advertise onion service v2 support at the protocol version level. o Minor feature (reproducible build): - The repository can now build reproducible tarballs which adds the build command "make dist-reprod" for that purpose. Closes ticket 26299. o Minor features (compilation): - Give an error message if trying to build with a version of LibreSSL known not to work with Tor. (There's an incompatibility with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes ticket 40511. o Minor features (fallbackdir): - Regenerate fallback directories generated on February 04, 2022. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2022/02/04. o Minor bugfix (logging): - Update a log notice dead URL to a working one. Fixes bug 40544; bugfix on 0.3.5.1-alpha. o Minor bugfix (relay): - Remove the HSDir and HSIntro onion service v2 protocol versions so relay stop advertising that they support them. Fixes bug 40509; bugfix on 0.3.5.17. o Minor bugfixes (compilation): - Fix a compilation error when trying to build Tor with a compiler that does not support expanding statitically initialized const values in macro's. Fixes bug 40410; bugfix on 0.4.5.1-alpha - Fix our configuration logic to detect whether we had OpenSSL 3: previously, our logic was reversed. This has no other effect than to change whether we suppress deprecated API warnings. Fixes bug 40429; bugfix on 0.3.5.13. o Minor bugfixes (MetricsPort, Prometheus): - Add double quotes to the label values of the onion service metrics. Fixes bug 40552; bugfix on 0.4.5.1-alpha. o Minor bugfixes (relay): - Reject IPv6-only DirPorts. Our reachability self-test forces DirPorts to be IPv4, but our configuration parser allowed them to be IPv6-only, which led to an assertion failure. Fixes bug 40494; bugfix on 0.4.5.1-alpha. Changes in version 0.4.6.10 - 2022-02-04 This version contains minor bugfixes but one in particular is that relays don't advertise onion service v2 support at the protocol version level. o Minor features (fallbackdir): - Regenerate fallback directories generated on February 04, 2022. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2022/02/04. o Minor bugfix (logging): - Update a log notice dead URL to a working one. Fixes bug 40544; bugfix on 0.3.5.1-alpha. o Minor bugfix (relay): - Remove the HSDir and HSIntro onion service v2 protocol versions so relay stop advertising that they support them. Fixes bug 40509; bugfix on 0.3.5.17. o Minor bugfixes (MetricsPort, Prometheus): - Add double quotes to the label values of the onion service metrics. Fixes bug 40552; bugfix on 0.4.5.1-alpha. -- CqvhezRRA7YQ69pWBQW0JgqXqRwwcdWriEpwTbfRbU4=

1 0

[RELEASE] Tor 0.3.5.18
by David Goulet 24 Jan '22

24 Jan '22

Greetings! We just released 0.3.5.18. You can find out about it here: https://forum.torproject.net/t/release-0-3-5-18/1871 It is the last release of the 0.3.5.x series because it is reaching end-of-life in 7 days. Download at: https://dist.torproject.org Inline ChangeLog: Changes in version 0.3.5.18 - 2022-01-24 This is the very last version of the 0.3.5.x series as it is end of life on February 1st, 2022. This version fixes some minor bugs including a build warning about LibreSSL incompatibility with OpenSSL TLSv1.3. Godspeed 0.3.5, we won't miss you. o Minor feature (reproducible build): - The repository can now build reproducible tarballs which adds the build command "make dist-reprod" for that purpose. Closes ticket 26299. o Minor features (compilation): - Give an error message if trying to build with a version of LibreSSL known not to work with Tor. (There's an incompatibility with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes ticket 40511. o Minor bugfix (logging): - Update a log notice dead URL to a working one. Fixes bug 40544; bugfix on 0.3.5.1-alpha. o Minor bugfix (relay): - Remove the HSDir and HSIntro onion service v2 protocol versions so relay stop advertising that they support them. Fixes bug 40509; bugfix on 0.3.5.17. o Minor bugfixes (compilation): - Fix our configuration logic to detect whether we had OpenSSL 3: previously, our logic was reversed. This has no other effect than to change whether we suppress deprecated API warnings. Fixes bug 40429; bugfix on 0.3.5.13. Cheers! David -- 3obTrBY9FLhQsK4/YufSTiyO7ERRvmLFjMaVvocpZfQ=

1 0

[RELEASE] Tor 0.4.6.9 and 0.4.7.3-alpha
by David Goulet 17 Dec '21

17 Dec '21

Greetings, We just released 0.4.6.9 and 0.4.7.3-alpha. You can find out about it here: https://forum.torproject.net/t/release-0-4-6-9-and-0-4-7-3-alpha/1265 Download at: https://dist.torproject.org Inline ChangeLog for both versions: Changes in version 0.4.7.3-alpha - 2021-12-15 This third alpha release of the 0.4.7.x series fixes several bugs including two major ones affecting Bridges and Relays (see below). If you are running an earlier 0.4.7.x version, you should upgrade to this version. o Major bugfixes (bridges): - Make Tor work reliably again when you have multiple bridges configured and one or more of them are unreachable. The problem came because we require that we have bridge descriptors for both of our first two bridges (else we refuse to try to connect), but in some cases we would wait three hours before trying to fetch these missing descriptors, and/or never recover when we do try to fetch them. Fixes bugs 40396 and 40495; bugfix on 0.3.0.5-rc and 0.3.2.1-alpha. o Major bugfixes (relay, overload): - Change the MetricsPort DNS "timeout" label to be "tor_timeout" in order to indicate that this was a DNS timeout from tor perspective and not the DNS server itself. - Deprecate overload_dns_timeout_period_secs and overload_dns_timeout_scale_percent consensus parameters as well. They were used to assess the overload state which is no more now. - Don't make Tor DNS timeout trigger an overload general state. These timeouts are different from DNS server timeout. They have to be seen as timeout related to UX and not because of a network problem. Fixes bug 40527; bugfix on 0.4.6.1-alpha. o Minor feature (reproducible build): - The repository can now build reproducible tarballs which adds the build command "make dist-reprod" for that purpose. Closes ticket 26299. o Minor features (compilation): - Give an error message if trying to build with a version of LibreSSL known not to work with Tor. (There's an incompatibility with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes ticket 40511. o Minor features (fallbackdir): - Regenerate fallback directories generated on December 15, 2021. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2021/12/15. o Minor features (portability): - Try to prevent a compiler warning about printf arguments that could sometimes occur on MSYS2 depending on the configuration. Closes ticket 40355. o Minor bugfix (pluggable transport): - Do not kill a managed proxy if one of its transport configurations emits a method error. Instead log a warning and continue processing method arguments. Fixes bug 7362; bugfix on 0.2.3.6-alpha. o Minor bugfixes (bridges): - When we don't yet have a descriptor for one of our bridges, disable the entry guard retry schedule on that bridge. The entry guard retry schedule and the bridge descriptor retry schedule can conflict, e.g. where we mark a bridge as "maybe up" yet we don't try to fetch its descriptor yet, leading Tor to wait (refusing to do anything) until it becomes time to fetch the descriptor. Fixes bug 40497; bugfix on 0.3.0.3-alpha. o Minor bugfixes (compilation): - Fix our configuration logic to detect whether we had OpenSSL 3: previously, our logic was reversed. This has no other effect than to change whether we suppress deprecated API warnings. Fixes bug 40429; bugfix on 0.3.5.13. o Minor bugfixes (controller, path bias): - When a circuit's path is specified, in full or in part, from the controller API, do not count that circuit towards our path-bias calculations. (Doing so was incorrect, since we cannot tell whether the controller is selecting relays randomly.) Resolves a "Bug" warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha. o Minor bugfixes (logging): - When we no longer have enough directory information to use the network, we would log a notice-level message -- but we would not reliably log a message when we recovered and resumed using the network. Now make sure there is always a corresponding message about recovering. Fixes bug 40496; bugfix on 0.3.5.1-alpha. o Minor bugfixes (performance, DoS): - Fix one case of a not-especially viable denial-of-service attack found by OSS-Fuzz in our consensus-diff parsing code. This attack causes a lot small of memory allocations and then immediately frees them: this is only slow when running with all the sanitizers enabled. Fixes one case of bug 40472; bugfix on 0.3.1.1-alpha. o Minor bugfixes (relay): - Reject IPv6-only DirPorts. Our reachability self-test forces DirPorts to be IPv4, but our configuration parser allowed them to be IPv6-only, which led to an assertion failure. Fixes bug 40494; bugfix on 0.4.5.1-alpha. o Minor bugfixes (sandbox): - Fix the sandbox on i386 by modifying it to allow the "clock_gettime64" and "statx" system calls and to filter the "chown32" and "stat64" system calls in place of "chown" and "stat", respectively. Fixes bug 40505; bugfix on 0.2.5.4-alpha. o Documentation (man, relay): - Missing "OverloadStatistics" in tor.1 manpage. Fixes bug 40504; bugfix on 0.4.6.1-alpha. Changes in version 0.4.6.9 - 2021-12-15 This version fixes several bugs from earlier versions of Tor. One important piece is the removal of DNS timeout metric from the overload general signal. See below for more details. o Major bugfixes (relay, overload): - Don't make Tor DNS timeout trigger an overload general state. These timeouts are different from DNS server timeout. They have to be seen as timeout related to UX and not because of a network problem. Fixes bug 40527; bugfix on 0.4.6.1-alpha. o Minor feature (reproducible build): - The repository can now build reproducible tarballs which adds the build command "make dist-reprod" for that purpose. Closes ticket 26299. o Minor features (compilation): - Give an error message if trying to build with a version of LibreSSL known not to work with Tor. (There's an incompatibility with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes ticket 40511. o Minor features (fallbackdir): - Regenerate fallback directories generated on December 15, 2021. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2021/12/15. o Minor bugfixes (compilation): - Fix our configuration logic to detect whether we had OpenSSL 3: previously, our logic was reversed. This has no other effect than to change whether we suppress deprecated API warnings. Fixes bug 40429; bugfix on 0.3.5.13. o Minor bugfixes (relay): - Reject IPv6-only DirPorts. Our reachability self-test forces DirPorts to be IPv4, but our configuration parser allowed them to be IPv6-only, which led to an assertion failure. Fixes bug 40494; bugfix on 0.4.5.1-alpha. o Documentation (man, relay): - Missing "OverloadStatistics" in tor.1 manpage. Fixes bug 40504; bugfix on 0.4.6.1-alpha. Cheers! David -- I1oAG26tseeho4Donns+ByL+PlJSLykdWGFJPx7tCQ8=

1 0

Tor Browser 11.0.1 is released
by Matthew Finkel 16 Nov '21

16 Nov '21

Hello! Tor Browser 11.0.1 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/11.0.1/ This version provides bug fixes on Windows, macOS, and Linux. Please see the blog post [3] for more details about this version. 3: https://blog.torproject.org/new-release-tor-browser-1101 The full changelog since Tor Browser 11.0 is: * Windows + OS X + Linux * Tor Launcher 0.2.32 * Bug 40059: YEC activist sign empty in about:tor on RTL locales [torbutton] * Bug 40383: Workaround issue in https-e wasm [tor-browser-build] * Bug 40438: Add Blockchair as a search engine [tor-browser] * Bug 40689: Change Blockchair Search provider's HTTP method [tor-browser] * Bug 40690: Browser chrome breaks when private browsing mode is turned off [tor-browser] * Bug 40700: Switch Firefox recommendations off by default [tor-browser]

1 0

Re: [tor-announce] [RELEASE] 0.3.5.17, 0.4.5.11, 0.4.6.8 and 0.4.7.2-alpha
by David Goulet 26 Oct '21

26 Oct '21

On 26 Oct (18:58:53), mick wrote: > On Tue, 26 Oct 2021 11:48:54 -0400 > David Goulet <dgoulet(a)torproject.org> allegedly wrote: > > > The Tor Network Team will from now on do its release announcement > > through our new fancy shiny Discourse forum: > > https://forum.torproject.net > > > > If you are interested in getting notified for each release > > announcement, you should follow this category (once you get an > > account): > > > > https://forum.torproject.net/c/news/tor-release-announcement/28 > > > > And for todays' announcement: > > > > https://forum.torproject.net/t/release-0-3-5-17-0-4-5-11-0-4-6-8-and-0-4-7-… > > > > David > > I do hope that this new forum is a supplement to, and not a > substitution for, the current email based Tor lists. It will supplement. We are working on setting up a way for the forum announcement to be replicated onto mailing lists. David -- QH6XWXtrL9blSvXbw+DdZkn1Xx2UJnR2X56tf0A+EeA=

1 0

[RELEASE] 0.3.5.17, 0.4.5.11, 0.4.6.8 and 0.4.7.2-alpha
by David Goulet 26 Oct '21

26 Oct '21

Greetings! The Tor Network Team will from now on do its release announcement through our new fancy shiny Discourse forum: https://forum.torproject.net If you are interested in getting notified for each release announcement, you should follow this category (once you get an account): https://forum.torproject.net/c/news/tor-release-announcement/28 And for todays' announcement: https://forum.torproject.net/t/release-0-3-5-17-0-4-5-11-0-4-6-8-and-0-4-7-… Cheers! David -- QH6XWXtrL9blSvXbw+DdZkn1Xx2UJnR2X56tf0A+EeA=

1 0

Tor Browser 10.5.8 is released
by Matthew Finkel 06 Oct '21

06 Oct '21

Hello! Tor Browser 10.5.8 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/10.5.8/ This version updates Firefox on Windows, macOS, and Linux to 78.15.0esr and includes important security updates [3]. Please see the blog post [4] for more details about this version. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2021-44/ 4: https://blog.torproject.org/new-release-tor-browser-1058 The full changelog since Tor Browser 10.5.7 is: * Windows + OS X + Linux * Update Firefox to 78.15.0esr * Bug 40049: Add banner for VPN survey to about:tor [torbutton] * Android * Bug 40193: Add banner for VPN survey to Android homepage [fenix] * Build System * All Platforms * Bug 40363: Change bsaes git url [tor-browser-build]

1 0