- tor-announce - lists.torproject.org

Tor Browser 9.5.4 is released
by Matthew Finkel 27 Aug '20

27 Aug '20

Hello! Tor Browser 9.5.4 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/9.5.4/ This release updates Firefox to 68.12.0esr and NoScript to 11.0.38, and HTTPS Everywhere to 2020.08.13. Also, this release features important security updates [3] to Firefox. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/ Please see the blog post [4] for more details about this version. 4: https://blog.torproject.org/new-release-tor-browser-954 The full changelog since Tor Browser 9.5.3 is: * All Platforms * Update Firefox to 68.12.0esr * Update HTTPS Everywhere to 2020.08.13 * Update NoScript to 11.0.38 * Windows + OS X + Linux * Bug 40019: Onion-Location should not be processed on .onion webpages [tor-browser] * OS X * Bug 40015: Tor Browser is broken on MacOS 11 Big Sur [tor-browser]

1 0

Tor Browser 9.5.3 is released
by Matthew Finkel 28 Jul '20

28 Jul '20

Hello! Tor Browser 9.5.3 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/9.5.3/ This release updates Firefox to 68.11.0esr and NoScript to 11.0.34, and Tor to 0.4.3.6. Also, this release features important security updates [3] to Firefox. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/ Please see the blog post [4] for more details about this version. 4: https://blog.torproject.org/new-release-tor-browser-953 The full changelog since Tor Browser 9.5.1 is: * All Platforms * Update Firefox to 68.11.0esr * Update NoScript to 11.0.34 * Update Tor to 0.4.3.6

1 0

New stable Tor releases: 0.3.5.11, 0.4.2.8, and 0.4.3.6 (with security fixes)
by Nick Mathewson 09 Jul '20

09 Jul '20

Hello, everybody! (If you are about to reply saying "please take me off this list", instead please follow these instructions: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/. If you have trouble, it is probably because you subscribed using a different address than the one you are trying to unsubscribe with. You will have to enter the actual email address you used when you subscribed.) Source code for Tor 0.3.5.11, 0.4.2.8, and 0.4.3.6 is now available; you can download the source code from the usual place on the website -- the download page at for the latest series, and https://dist.torproject.org for older series. Packages should be available within the next several weeks, with a new Tor Browser around the end of the month. These releases fix numerous issues, including a denial-of-service attack affecting all clients and relays using the NSS library. (If your Tor is built with OpenSSL, which is the default, you don't need to worry about this one. But if you're using NSS, you should upgrade.) Below is the changelog for 0.4.3.6. You can find the changelogs for the other stable releases here: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.2.8 https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.3.6 There is also a new alpha release today; that announcement will go to the tor-talk mailing list, as usual. Changes in version 0.4.3.6 - 2020-07-09 Tor 0.4.3.6 backports several bugfixes from later releases, including some affecting usability. This release also fixes TROVE-2020-001, a medium-severity denial of service vulnerability affecting all versions of Tor when compiled with the NSS encryption library. (This is not the default configuration.) Using this vulnerability, an attacker could cause an affected Tor instance to crash remotely. This issue is also tracked as CVE-2020- 15572. Anybody running a version of Tor built with the NSS library should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha or later. o Major bugfixes (NSS, security, backport from 0.4.4.2-alpha): - Fix a crash due to an out-of-bound memory access when Tor is compiled with NSS support. Fixes bug 33119; bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001 and CVE-2020-15572. o Minor bugfix (CI, Windows, backport from 0.4.4.2-alpha): - Use the correct 64-bit printf format when compiling with MINGW on Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha. o Minor bugfixes (client performance, backport from 0.4.4.1-alpha): - Resume use of preemptively-built circuits when UseEntryGuards is set to 0. We accidentally disabled this feature with that config setting, leading to slower load times. Fixes bug 34303; bugfix on 0.3.3.2-alpha. o Minor bugfixes (compiler warnings, backport from 0.4.4.2-alpha): - Fix a compiler warning on platforms with 32-bit time_t values. Fixes bug 40028; bugfix on 0.3.2.8-rc. o Minor bugfixes (linux seccomp sandbox, nss, backport from 0.4.4.1-alpha): - Fix a startup crash when tor is compiled with --enable-nss and sandbox support is enabled. Fixes bug 34130; bugfix on 0.3.5.1-alpha. Patch by Daniel Pinto. o Minor bugfixes (logging, backport from 0.4.4.2-alpha): - Downgrade a noisy log message that could occur naturally when receiving an extrainfo document that we no longer want. Fixes bug 16016; bugfix on 0.2.6.3-alpha. o Minor bugfixes (manual page, backport from 0.4.4.1-alpha): - Update the man page to reflect that MinUptimeHidServDirectoryV2 defaults to 96 hours. Fixes bug 34299; bugfix on 0.2.6.3-alpha. o Minor bugfixes (onion service v3, backport from 0.4.4.1-alpha): - Prevent an assert() that would occur when cleaning the client descriptor cache, and attempting to close circuits for a non- decrypted descriptor (lacking client authorization). Fixes bug 33458; bugfix on 0.4.2.1-alpha. o Minor bugfixes (portability, backport from 0.4.4.1-alpha): - Fix a portability error in the configure script, where we were using "==" instead of "=". Fixes bug 34233; bugfix on 0.4.3.5. o Minor bugfixes (relays, backport from 0.4.4.1-alpha): - Stop advertising incorrect IPv6 ORPorts in relay and bridge descriptors, when the IPv6 port was configured as "auto". Fixes bug 32588; bugfix on 0.2.3.9-alpha. o Documentation (backport from 0.4.4.1-alpha): - Fix several doxygen warnings related to imbalanced groups. Closes ticket 34255.

1 0

Tor Browser 9.5.1 is released
by Matthew Finkel 02 Jul '20

02 Jul '20

Hello! Tor Browser 9.5.1 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/9.5.1/ This release updates Firefox to 68.10.0esr and NoScript to 11.0.32. Also, this release features important security updates [3] to Firefox. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/ Please see the blog post [4] for more details about this version. 4: https://blog.torproject.org/new-release-tor-browser-951 The full changelog since Tor Browser 9.5 is: * All Platforms * Update Firefox to 68.10.0esr * Update NoScript to 11.0.32 * Translations update * Bug 40009: Improve tor's client auth stability * Windows + OS X + Linux * Bug 34361: "Prioritize .onion sites when known" appears under General * Bug 34362: Improve Onion Service Authentication prompt * Bug 34369: Fix learn more link in Onion Auth prompt * Bug 34379: Fix learn more for Onion-Location * Bug 34347: The Tor Network part on the onboarding is not new anymore

1 0

Tor Browser 9.5 is released
by Georg Koppen 02 Jun '20

02 Jun '20

Hello! Tor Browser 9.5 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. Version 9.5 is a new major stable upgrade. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/9.5/ This new Tor Browser release is focused on helping users understand and use onion services. This release updates Firefox to 68.9.0esr, NoScript to 11.0.26, and Tor to version 0.4.3.5. Also, this release features important security updates [3] to Firefox. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/ Please see the blog post [4] for more details about this version. 4: https://blog.torproject.org/new-release-tor-browser-95 The full changelog since Tor Browser 9.0.10 is: * All Platforms * Update Firefox to 68.9.0esr * Update HTTPS-Everywhere to 2020.5.20 * Update NoScript to 11.0.26 * Update Tor to 0.4.3.5 * Translations update * Bug 21549: Disable wasm for now until it is properly audited * Bug 27268: Preferences clean-up in Torbutton code * Bug 28745: Remove torbutton.js unused code * Bug 28746: Remove torbutton isolation and fp prefs sync * Bug 30237: Control port module improvements for v3 client authentication * Bug 30786: Add th locale * Bug 30787: Add lt locale * Bug 30788: Add ms locale * Bug 30851: Move default preferences to 000-tor-browser.js * Bug 30888: move torbutton_util.js to modules/utils.js * Bug 31134: Govern graphite again by security settings * Bug 31395: Remove inline script in aboutTor.xhtml * Bug 31499: Update libevent to 2.1.11-stable * Bug 33877: Disable Samples and Regression tests For Libevent Build * Bug 31573: Catch SessionStore.jsm exception * Bug 32318: Backport Mozilla's fix for bug 1534339 * Bug 32414: Make Services.search.addEngine obey FPI * Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT * Bug 32618: Backport fixes from Mozilla bugs 1467970 and 1590526 * Bug 33342: Avoid disconnect search addon error after removal * Bug 33726: Fix patch for #23247: Communicating security expectations for .onion * Bug 34157: Backport fix for Mozilla Bug 1511941 * Windows + OS X + Linux * Update Tor Launcher to 0.2.21.8 * Translations update * Bug 19757: Support on-disk storage of v3 client auth keys * Bug 30237: Add v3 onion services client authentication prompt * Bug 30786: Add th locale * Bug 30787: Add lt locale * Bug 30788: Add ms locale * Bug 33514: non-en-US Tor Browser 9.5a6 won't start up * Bug 19251: Show improved error pages for onion service errors * Bug 19757: Support on-disk storage of v3 client auth keys * Bug 21952: Implement Onion-Location * Bug 27604: Fix broken Tor Browser after moving it to a different directory * Bug 28005: Implement .onion alias urlbar rewrites * Bug 30237: Improve TBB UI of hidden service client authorization * Bug 32076: Upgrade to goptlib v1.1.0 * Bug 32220: Improve the letterboxing experience * Bug 32418: Allow updates to be disabled via an enterprise policy. * Bug 32470: Backport fix for bug 1590538 * Bug 32645: Update URL bar onion indicators * Bug 32658: Create a new MAR signing key * Bug 32674: Point the about:tor "Get involved" link to the community portal * Bug 32767: Remove Disconnect search * Bug 33698: Update "About Tor Browser" links in Tor Browser * Bug 33707: Swap out onion icon in circuit display with new one * Bug 34032: Use Securedrop's Official https-everywhere ruleset * Bug 34196: Update site info URL with the onion name * Bug 34321: Add Learn More onboarding item * Windows * Bug 22919: Improve the random number generator for the boundaries in multipart/form-data * Bug 29614: Use SHA-256 algorithm for Windows timestamping * Bug 33113: Bump NSIS version to 3.05 * OS X * Bug 32505: Tighten our rules in our entitlements file for macOS * Linux * Bug 34315: Avoid reading policies from /etc/firefox on Linux * Android * Bug 26529: Notify user about possible proxy-bypass before opening external app * Bug 30767: Custom obfs4 bridge does not work on Tor Browser for Android * Bug 32303: Obfs4 is broken on Android Q * Bug 33359: Use latest Version of TOPL and Remove Patches * Bug 33931: obfs4 bridges are used instead of meek if meek is selected in Tor Browser for Android alpha * Build System * All Platforms * Go to 1.13.11 * Bug 33380: Add *.json to sha256sums-unsigned-build.txt * Windows * Bug 33802: --enable-secure-api is not supported anymore in mingw-w64 * Linux * Bug 32976: Build and bundle geckodriver * Bug 34242: Fix creation of Linux containers * Android * Bug 28765: LibEvent Build for Android * Bug 28766: Tor Build for Android * Bug 28803: Integrate building Pluggable Transports for Android * Bug 30461: Clean up tor-android-service project * Bug 32993: Package Tor With Tor Android Service Project * Bug 33685: Add Support for Building zlib for Android Georg

1 0

Tor 0.4.3.5 is released
by Nick Mathewson 15 May '20

15 May '20

Hello, everyone! (If you are about to reply saying "please take me off this list", instead please follow these instructions: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/ . If you have trouble, it is probably because you subscribed using a different address than the one you are trying to unsubscribe with. You will have to enter the actual email address you used when you subscribed.) After months of work, Tor 0.4.3.5 is now available! This is the first stable release in the 0.4.3.x series, and we hope you find it useful. You can download the source code from the download page on the website. Packages, including a new Tor Browser, should be available within the next several weeks. Changes in version 0.4.3.5 - 2020-05-15 Tor 0.4.3.5 is the first stable release in the 0.4.3.x series. This series adds support for building without relay code enabled, and implements functionality needed for OnionBalance with v3 onion services. It includes significant refactoring of our configuration and controller functionality, and fixes numerous smaller bugs and performance issues. Per our support policy, we support each stable release series for nine months after its first stable release, or three months after the first stable release of the next series: whichever is longer. This means that 0.4.3.x will be supported until around February 2021--later, if 0.4.4.x is later than anticipated. Note also that support for 0.4.1.x is about to end on May 20 of this year; 0.4.2.x will be supported until September 15. We still plan to continue supporting 0.3.5.x, our long-term stable series, until Feb 2022. Below are the changes since 0.4.2.6. For a list of only the changes since 0.4.3.4-rc, see the ChangeLog file. o New system requirements: - When building Tor, you now need to have Python 3 in order to run the integration tests. (Python 2 is officially unsupported upstream, as of 1 Jan 2020.) Closes ticket 32608. o Major features (build system): - The relay code can now be disabled using the --disable-module-relay configure option. When this option is set, we also disable the dirauth module. Closes ticket 32123. - When Tor is compiled --disable-module-relay, we also omit the code used to act as a directory cache. Closes ticket 32487. o Major features (directory authority, ed25519): - Add support for banning a relay's ed25519 keys in the approved- routers file. This will help us migrate away from RSA keys in the future. Previously, only RSA keys could be banned in approved- routers. Resolves ticket 22029. Patch by Neel Chauhan. o Major features (onion services): - New control port commands to manage client-side onion service authorization credentials. The ONION_CLIENT_AUTH_ADD command adds a credential, ONION_CLIENT_AUTH_REMOVE deletes a credential, and ONION_CLIENT_AUTH_VIEW lists the credentials. Closes ticket 30381. - Introduce a new SocksPort flag, ExtendedErrors, to support more detailed error codes in information for applications that support them. Closes ticket 30382; implements proposal 304. o Major features (proxy): - In addition to its current supported proxy types (HTTP CONNECT, SOCKS4, and SOCKS5), Tor can now make its OR connections through a HAProxy server. A new torrc option was added to specify the address/port of the server: TCPProxy <protocol> <host>:<port>. Currently the only supported protocol for the option is haproxy. Closes ticket 31518. Patch done by Suphanat Chunhapanya (haxxpop). o Major bugfixes (security, denial-of-service): - Fix a denial-of-service bug that could be used by anyone to consume a bunch of CPU on any Tor relay or authority, or by directories to consume a bunch of CPU on clients or hidden services. Because of the potential for CPU consumption to introduce observable timing patterns, we are treating this as a high-severity security issue. Fixes bug 33119; bugfix on 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue as TROVE-2020-002 and CVE-2020-10592. o Major bugfixes (circuit padding, memory leak): - Avoid a remotely triggered memory leak in the case that a circuit padding machine is somehow negotiated twice on the same circuit. Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls. This is also tracked as TROVE-2020-004 and CVE-2020-10593. o Major bugfixes (directory authority): - Directory authorities will now send a 503 (not enough bandwidth) code to clients when under bandwidth pressure. Known relays and other authorities will always be answered regardless of the bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha. o Major bugfixes (DoS defenses, bridges, pluggable transport): - Fix a bug that was preventing DoS defenses from running on bridges with a pluggable transport. Previously, the DoS subsystem was not given the transport name of the client connection, thus failed to find the GeoIP cache entry for that client address. Fixes bug 33491; bugfix on 0.3.3.2-alpha. o Major bugfixes (networking): - Correctly handle IPv6 addresses in SOCKS5 RESOLVE_PTR requests, and accept strings as well as binary addresses. Fixes bug 32315; bugfix on 0.3.5.1-alpha. o Major bugfixes (onion service): - Report HS circuit failure back into the HS subsystem so we take appropriate action with regards to the client introduction point failure cache. This improves reachability of onion services, since now clients notice failing introduction circuits properly. Fixes bug 32020; bugfix on 0.3.2.1-alpha. o Minor feature (heartbeat, onion service): - Add the DoS INTRODUCE2 defenses counter to the heartbeat DoS message. Closes ticket 31371. o Minor feature (sendme, flow control): - Default to sending SENDME version 1 cells. (Clients are already sending these, because of a consensus parameter telling them to do so: this change only affects what clients would do if the consensus didn't contain a recommendation.) Closes ticket 33623. o Minor features (best practices tracker): - Practracker now supports a --regen-overbroad option to regenerate the exceptions file, but only to revise exceptions to be _less_ tolerant of best-practices violations. Closes ticket 32372. o Minor features (configuration validation): - Configuration validation can now be done by per-module callbacks, rather than a global validation function. This will let us reduce the size of config.c and some of its more cumbersome functions. Closes ticket 31241. o Minor features (configuration): - If a configured hardware crypto accelerator in AccelName is prefixed with "!", Tor now exits when it cannot be found. Closes ticket 32406. - We now use flag-driven logic to warn about obsolete configuration fields, so that we can include their names. In 0.4.2, we used a special type, which prevented us from generating good warnings. Implements ticket 32404. o Minor features (configure, build system): - Output a list of enabled/disabled features at the end of the configure process in a pleasing way. Closes ticket 31373. o Minor features (continuous integration): - Run Doxygen Makefile target on Travis, so we can learn about regressions in our internal documentation. Closes ticket 32455. - Stop allowing failures on the Travis CI stem tests job. It looks like all the stem hangs we were seeing before are now fixed. Closes ticket 33075. o Minor features (controller): - Add stream isolation data to STREAM event. Closes ticket 19859. - Implement a new GETINFO command to fetch microdescriptor consensus. Closes ticket 31684. o Minor features (debugging, directory system): - Don't crash when we find a non-guard with a guard-fraction value set. Instead, log a bug warning, in an attempt to figure out how this happened. Diagnostic for ticket 32868. o Minor features (defense in depth): - Add additional checks around tor_vasprintf() usage, in case the function returns an error. Patch by Tobias Stoeckmann. Fixes ticket 31147. o Minor features (developer tools): - Remove the 0.2.9.x series branches from git scripts (git-merge- forward.sh, git-pull-all.sh, git-push-all.sh, git-setup-dirs.sh). Closes ticket 32772. - Add a check_cocci_parse.sh script that checks that new code is parseable by Coccinelle. Add an exceptions file for unparseable files, and run the script from travis CI. Closes ticket 31919. - Call the check_cocci_parse.sh script from a 'check-cocci' Makefile target. Closes ticket 31919. - Add a rename_c_identifiers.py tool to rename a bunch of C identifiers at once, and generate a well-formed commit message describing the change. This should help with refactoring. Closes ticket 32237. - Add some scripts in "scripts/coccinelle" to invoke the Coccinelle semantic patching tool with the correct flags. These flags are fairly easy to forget, and these scripts should help us use Coccinelle more effectively in the future. Closes ticket 31705. o Minor features (diagnostic): - Improve assertions and add some memory-poisoning code to try to track down possible causes of a rare crash (32564) in the EWMA code. Closes ticket 33290. o Minor features (directory authorities): - Directory authorities now reject descriptors from relays running Tor versions from the 0.2.9 and 0.4.0 series. The 0.3.5 series is still allowed. Resolves ticket 32672. Patch by Neel Chauhan. o Minor features (Doxygen): - Update Doxygen configuration file to a more recent template (from 1.8.15). Closes ticket 32110. - "make doxygen" now works with out-of-tree builds. Closes ticket 32113. - Make sure that doxygen outputs documentation for all of our C files. Previously, some were missing @file declarations, causing them to be ignored. Closes ticket 32307. - Our "make doxygen" target now respects --enable-fatal-warnings by default, and does not warn about items that are missing documentation. To warn about missing documentation, run configure with the "--enable-missing-doc-warnings" flag: doing so suspends fatal warnings for doxygen. Closes ticket 32385. o Minor features (git scripts): - Add TOR_EXTRA_CLONE_ARGS to git-setup-dirs.sh for git clone customisation. Closes ticket 32347. - Add git-setup-dirs.sh, which sets up an upstream git repository and worktrees for tor maintainers. Closes ticket 29603. - Add TOR_EXTRA_REMOTE_* to git-setup-dirs.sh for a custom extra remote. Closes ticket 32347. - Call the check_cocci_parse.sh script from the git commit and push hooks. Closes ticket 31919. - Make git-push-all.sh skip unchanged branches when pushing to upstream. The script already skipped unchanged test branches. Closes ticket 32216. - Make git-setup-dirs.sh create a master symlink in the worktree directory. Closes ticket 32347. - Skip unmodified source files when doing some existing git hook checks. Related to ticket 31919. o Minor features (IPv6, client): - Make Tor clients tell dual-stack exits that they prefer IPv6 connections. This change is equivalent to setting the PreferIPv6 flag on SOCKSPorts (and most other listener ports). Tor Browser has been setting this flag for some time, and we want to remove a client distinguisher at exits. Closes ticket 32637. o Minor features (portability, android): - When building for Android, disable some tests that depend on $HOME and/or pwdb, which Android doesn't have. Closes ticket 32825. Patch from Hans-Christoph Steiner. o Minor features (relay modularity): - Split the relay and server pluggable transport config code into separate files in the relay module. Disable this code when the relay module is disabled. Closes part of ticket 32213. - When the relay module is disabled, reject attempts to set the ORPort, DirPort, DirCache, BridgeRelay, ExtORPort, or ServerTransport* options, rather than ignoring the values of these options. Closes part of ticket 32213. - When the relay module is disabled, change the default config so that DirCache is 0, and ClientOnly is 1. Closes ticket 32410. o Minor features (release tools): - Port our ChangeLog formatting and sorting tools to Python 3. Closes ticket 32704. o Minor features (testing): - The unit tests now support a "TOR_SKIP_TESTCASES" environment variable to specify a list of space-separated test cases that should not be executed. We will use this to disable certain tests that are failing on Appveyor because of mismatched OpenSSL libraries. Part of ticket 33643. - Detect some common failure cases for test_parseconf.sh in src/test/conf_failures. Closes ticket 32451. - Allow test_parseconf.sh to test expected log outputs for successful configs, as well as failed configs. Closes ticket 32451. - The test_parseconf.sh script now supports result variants for any combination of the optional libraries lzma, nss, and zstd. Closes ticket 32397. - When running the unit tests on Android, create temporary files in a subdirectory of /data/local/tmp. Closes ticket 32172. Based on a patch from Hans-Christoph Steiner. o Minor features (usability): - Include more information when failing to parse a configuration value. This should make it easier to tell what's going wrong when a configuration file doesn't parse. Closes ticket 33460. o Minor bugfix (relay, configuration): - Warn if the ContactInfo field is not set, and tell the relay operator that not having a ContactInfo field set might cause their relay to get rejected in the future. Fixes bug 33361; bugfix on 0.1.1.10-alpha. o Minor bugfixes (bridges): - Lowercase the configured value of BridgeDistribution before adding it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha. o Minor bugfixes (build system): - Fix "make autostyle" for out-of-tree builds. Fixes bug 32370; bugfix on 0.4.1.2-alpha. o Minor bugfixes (compiler compatibility): - Avoid compiler warnings from Clang 10 related to the use of GCC- style "/* falls through */" comments. Both Clang and GCC allow __attribute__((fallthrough)) instead, so that's what we're using now. Fixes bug 34078; bugfix on 0.3.1.3-alpha. - Fix compilation warnings with GCC 10.0.1. Fixes bug 34077; bugfix on 0.4.0.3-alpha. o Minor bugfixes (configuration handling): - Make control_event_conf_changed() take in a config_line_t instead of a smartlist of alternating key/value entries. Fixes bug 31531; bugfix on 0.2.3.3-alpha. Patch by Neel Chauhan. - Check for multiplication overflow when parsing memory units inside configuration. Fixes bug 30920; bugfix on 0.0.9rc1. - When dumping the configuration, stop adding a trailing space after the option name when there is no option value. This issue only affects options that accept an empty value or list. (Most options reject empty values, or delete the entire line from the dumped options.) Fixes bug 32352; bugfix on 0.0.9pre6. - Avoid changing the user's value of HardwareAccel as stored by SAVECONF, when AccelName is set but HardwareAccel is not. Fixes bug 32382; bugfix on 0.2.2.1-alpha. - When creating a KeyDirectory with the same location as the DataDirectory (not recommended), respect the DataDirectory's group-readable setting if one has not been set for the KeyDirectory. Fixes bug 27992; bugfix on 0.3.3.1-alpha. o Minor bugfixes (continuous integration): - Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix on 0.3.2.2-alpha. o Minor bugfixes (controller protocol): - When receiving "ACTIVE" or "DORMANT" signals on the control port, report them as SIGNAL events. Previously we would log a bug warning. Fixes bug 33104; bugfix on 0.4.0.1-alpha. o Minor bugfixes (controller): - In routerstatus_has_changed(), check all the fields that are output over the control port. Fixes bug 20218; bugfix on 0.1.1.11-alpha. o Minor bugfixes (developer tools): - Allow paths starting with ./ in scripts/add_c_file.py. Fixes bug 31336; bugfix on 0.4.1.2-alpha. o Minor bugfixes (dirauth module): - Split the dirauth config code into a separate file in the dirauth module. Disable this code when the dirauth module is disabled. Closes ticket 32213. - When the dirauth module is disabled, reject attempts to set the AuthoritativeDir option, rather than ignoring the value of the option. Fixes bug 32213; bugfix on 0.3.4.1-alpha. o Minor bugfixes (embedded Tor): - When starting Tor any time after the first time in a process, register the thread in which it is running as the main thread. Previously, we only did this on Windows, which could lead to bugs like 23081 on non-Windows platforms. Fixes bug 32884; bugfix on 0.3.3.1-alpha. o Minor bugfixes (git scripts): - Avoid sleeping before the last push in git-push-all.sh. Closes ticket 32216. - Forward all unrecognised arguments in git-push-all.sh to git push. Closes ticket 32216. o Minor bugfixes (key portability): - When reading PEM-encoded key data, tolerate CRLF line-endings even if we are not running on Windows. Previously, non-Windows hosts would reject these line-endings in certain positions, making certain key files hard to move from one host to another. Fixes bug 33032; bugfix on 0.3.5.1-alpha. o Minor bugfixes (logging): - Stop truncating IPv6 addresses and ports in channel and connection logs. Fixes bug 33918; bugfix on 0.2.4.4-alpha. - Flush stderr, stdout, and file logs during shutdown, if supported by the OS. This change helps make sure that any final logs are recorded. Fixes bug 33087; bugfix on 0.4.1.6. - Stop closing stderr and stdout during shutdown. Closing these file descriptors can hide sanitiser logs. Fixes bug 33087; bugfix on 0.4.1.6. - If we encounter a bug when flushing a buffer to a TLS connection, only log the bug once per invocation of the Tor process. Previously we would log with every occurrence, which could cause us to run out of disk space. Fixes bug 33093; bugfix on 0.3.2.2-alpha. - When logging a bug, do not say "Future instances of this warning will be silenced" unless we are actually going to silence them. Previously we would say this whenever a BUG() check failed in the code. Fixes bug 33095; bugfix on 0.4.1.1-alpha. o Minor bugfixes (onion services v2): - Move a series of v2 onion service warnings to protocol-warning level because they can all be triggered remotely by a malformed request. Fixes bug 32706; bugfix on 0.1.1.14-alpha. - When sending the INTRO cell for a v2 Onion Service, look at the failure cache alongside timeout values to check if the intro point is marked as failed. Previously, we only looked at the relay timeout values. Fixes bug 25568; bugfix on 0.2.7.3-rc. Patch by Neel Chauhan. o Minor bugfixes (onion services v3): - Remove a BUG() warning that would cause a stack trace if an onion service descriptor was freed while we were waiting for a rendezvous circuit to complete. Fixes bug 28992; bugfix on 0.3.2.1-alpha. - Relax severity of a log message that can appear naturally when decoding onion service descriptors as a relay. Also add some diagnostics to debug any future bugs in that area. Fixes bug 31669; bugfix on 0.3.0.1-alpha. - Fix an assertion failure that could result from a corrupted ADD_ONION control port command. Found by Saibato. Fixes bug 33137; bugfix on 0.3.3.1-alpha. This issue is also tracked as TROVE-2020-003. - Properly handle the client rendezvous circuit timeout. Previously Tor would sometimes timeout a rendezvous circuit awaiting the introduction ACK, and find itself unable to re-establish all circuits because the rendezvous circuit timed out too early. Fixes bug 32021; bugfix on 0.3.2.1-alpha. o Minor bugfixes (onion services): - Do not rely on a "circuit established" flag for intro circuits but instead always query the HS circuit map. This is to avoid sync issue with that flag and the map. Fixes bug 32094; bugfix on 0.3.2.1-alpha. o Minor bugfixes (onion services, all): - In cancel_descriptor_fetches(), use connection_list_by_type_purpose() instead of connection_list_by_type_state(). Fixes bug 32639; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan. o Minor bugfixes (pluggable transports): - When receiving a message on standard error from a pluggable transport, log it at info level, rather than as a warning. Fixes bug 33005; bugfix on 0.4.0.1-alpha. o Minor bugfixes (rust, build): - Fix a syntax warning given by newer versions of Rust that was creating problems for our continuous integration. Fixes bug 33212; bugfix on 0.3.5.1-alpha. o Minor bugfixes (scripts): - Fix update_versions.py for out-of-tree builds. Fixes bug 32371; bugfix on 0.4.0.1-alpha. o Minor bugfixes (testing): - Use the same code to find the tor binary in all of our test scripts. This change makes sure we are always using the coverage binary when coverage is enabled. Fixes bug 32368; bugfix on 0.2.7.3-rc. - Stop ignoring "tor --dump-config" errors in test_parseconf.sh. Fixes bug 32468; bugfix on 0.4.2.1-alpha. - Our option-validation tests no longer depend on specially configured non-default, non-passing sets of options. Previously, the tests had been written to assume that options would _not_ be set to their defaults, which led to needless complexity and verbosity. Fixes bug 32175; bugfix on 0.2.8.1-alpha. o Minor bugfixes (TLS bug handling): - When encountering a bug in buf_read_from_tls(), return a "MISC" error code rather than "WANTWRITE". This change might help avoid some CPU-wasting loops if the bug is ever triggered. Bug reported by opara. Fixes bug 32673; bugfix on 0.3.0.4-alpha. o Deprecated features: - Deprecate the ClientAutoIPv6ORPort option. This option was not true "Happy Eyeballs", and often failed on connections that weren't reliably dual-stack. Closes ticket 32942. Patch by Neel Chauhan. o Documentation: - Provide a quickstart guide for a Circuit Padding Framework, and documentation for researchers to implement and study circuit padding machines. Closes ticket 28804. - Add documentation in 'HelpfulTools.md' to describe how to build a tag file. Closes ticket 32779. - Create a high-level description of the long-term software architecture goals. Closes ticket 32206. - Describe the --dump-config command in the manual page. Closes ticket 32467. - Unite coding advice from this_not_that.md in torguts repo into our coding standards document. Resolves ticket 31853. o Removed features: - Our Doxygen configuration no longer generates LaTeX output. The reference manual produced by doing this was over 4000 pages long, and generally unusable. Closes ticket 32099. - The option "TestingEstimatedDescriptorPropagationTime" is now marked as obsolete. It has had no effect since 0.3.0.7, when clients stopped rejecting consensuses "from the future". Closes ticket 32807. - We no longer support consensus methods before method 28; these methods were only used by authorities running versions of Tor that are now at end-of-life. In effect, this means that clients, relays, and authorities now assume that authorities will be running version 0.3.5.x or later. Closes ticket 32695. o Testing: - Avoid conflicts between the fake sockets in tor's unit tests, and real file descriptors. Resolves issues running unit tests with GitHub Actions, where the process that embeds or launches the tests has already opened a large number of file descriptors. Fixes bug 33782; bugfix on 0.2.8.1-alpha. Found and fixed by Putta Khunchalee. - Add more test cases for tor's UTF-8 validation function. Also, check the arguments passed to the function for consistency. Closes ticket 32845. - Improve test coverage for relay and dirauth config code, focusing on option validation and normalization. Closes ticket 32213. - Improve the consistency of test_parseconf.sh output, and run all the tests, even if one fails. Closes ticket 32213. - Run the practracker unit tests in the pre-commit git hook. Closes ticket 32609. o Code simplification and refactoring (channel): - Channel layer had a variable length cell handler that was not used and thus removed. Closes ticket 32892. o Code simplification and refactoring (configuration): - Immutability is now implemented as a flag on individual configuration options rather than as part of the option-transition checking code. Closes ticket 32344. - Instead of keeping a list of configuration options to check for relative paths, check all the options whose type is "FILENAME". Solves part of ticket 32339. - Our default log (which ordinarily sends NOTICE-level messages to standard output) is now handled in a more logical manner. Previously, we replaced the configured log options if they were empty. Now, we interpret an empty set of log options as meaning "use the default log". Closes ticket 31999. - Remove some unused arguments from the options_validate() function, to simplify our code and tests. Closes ticket 32187. - Simplify the options_validate() code so that it looks at the default options directly, rather than taking default options as an argument. This change lets us simplify its interface. Closes ticket 32185. - Use our new configuration architecture to move most authority- related options to the directory authority module. Closes ticket 32806. - When parsing the command line, handle options that determine our "quiet level" and our mode of operation (e.g., --dump-config and so on) all in one table. Closes ticket 32003. o Code simplification and refactoring (controller): - Create a new abstraction for formatting control protocol reply lines based on key-value pairs. Refactor some existing control protocol code to take advantage of this. Closes ticket 30984. - Create a helper function that can fetch network status or microdesc consensuses. Closes ticket 31684. o Code simplification and refactoring (dirauth modularization): - Remove the last remaining HAVE_MODULE_DIRAUTH inside a function. Closes ticket 32163. - Replace some confusing identifiers in process_descs.c. Closes ticket 29826. - Simplify some relay and dirauth config code. Closes ticket 32213. o Code simplification and refactoring (mainloop): - Simplify the ip_address_changed() function by removing redundant checks. Closes ticket 33091. o Code simplification and refactoring (misc): - Make all the structs we declare follow the same naming convention of ending with "_t". Closes ticket 32415. - Move and rename some configuration-related code for clarity. Closes ticket 32304. - Our include.am files are now broken up by subdirectory. Previously, src/core/include.am covered all of the subdirectories in "core", "feature", and "app". Closes ticket 32137. - Remove underused NS*() macros from test code: they make our tests more confusing, especially for code-formatting tools. Closes ticket 32887. o Code simplification and refactoring (relay modularization): - Disable relay_periodic when the relay module is disabled. Closes ticket 32244. - Disable relay_sys when the relay module is disabled. Closes ticket 32245. o Code simplification and refactoring (tool support): - Add numerous missing dependencies to our include files, so that they can be included in different reasonable orders and still compile. Addresses part of ticket 32764. - Fix some parts of our code that were difficult for Coccinelle to parse. Related to ticket 31705. - Fix some small issues in our code that prevented automatic formatting tools from working. Addresses part of ticket 32764. o Documentation (manpage): - Alphabetize the Server and Directory server sections of the tor manpage. Also split Statistics options into their own section of the manpage. Closes ticket 33188. Work by Swati Thacker as part of Google Season of Docs. - Document the __OwningControllerProcess torrc option and specify its polling interval. Resolves issue 32971. - Split "Circuit Timeout" options and "Node Selection" options into their own sections of the tor manpage. Closes tickets 32928 and 32929. Work by Swati Thacker as part of Google Season of Docs. - Alphabetize the Client Options section of the tor manpage. Closes ticket 32846. - Alphabetize the General Options section of the tor manpage. Closes ticket 32708. - In the tor(1) manpage, reword and improve formatting of the COMMAND-LINE OPTIONS and DESCRIPTION sections. Closes ticket 32277. Based on work by Swati Thacker as part of Google Season of Docs. - In the tor(1) manpage, reword and improve formatting of the FILES, SEE ALSO, and BUGS sections. Closes ticket 32176. Based on work by Swati Thacker as part of Google Season of Docs. o Testing (Appveyor CI): - In our Appveyor Windows CI, copy required DLLs to test and app directories, before running tor's tests. This ensures that tor.exe and test*.exe use the correct version of each DLL. This fix is not required, but we hope it will avoid DLL search issues in future. Fixes bug 33673; bugfix on 0.3.4.2-alpha. - On Appveyor, skip the crypto/openssl_version test, which is failing because of a mismatched library installation. Fix for 33643. o Testing (circuit, EWMA): - Add unit tests for circuitmux and EWMA subsystems. Closes ticket 32196. o Testing (Travis CI): - Remove a redundant distcheck job. Closes ticket 33194. - Sort the Travis jobs in order of speed: putting the slowest jobs first takes full advantage of Travis job concurrency. Closes ticket 33194. - Stop allowing the Chutney IPv6 Travis job to fail. This job was previously configured to fast_finish (which requires allow_failure), to speed up the build. Closes ticket 33195. - When a Travis chutney job fails, use chutney's new "diagnostics.sh" tool to produce detailed diagnostic output. Closes ticket 32792.

1 0

Tor Browser 9.0.10 is released
by Georg Koppen 06 May '20

06 May '20

Hello! Tor Browser 9.0.10 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/9.0.10/ This release updates Firefox to 68.8.0esr, NoScript to 11.0.25, and OpenSSL to 1.1.1g. Also, this release features important security updates [3] to Firefox. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/ The full changelog since Tor Browser 9.0.9 is: * All Platforms * Update Firefox to 68.8.0esr * Bump NoScript to 11.0.25 * Windows + OS X + Linux * Bug 34017: Bump openssl version to 1.1.1g

1 0

Tor Browser 9.0.9 is released
by Nicolas Vigier 10 Apr '20

10 Apr '20

Tor Browser 9.0.9 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/9.0.9/ This release updates Firefox to 68.7.0esr, NoScript to 11.0.23, and OpenSSL to 1.1.1f. Also, this release features important security updates [3] to Firefox. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/ The full changelog since Tor Browser 9.0.8 is: * All Platforms * Update Firefox to 68.7.0esr * Bump NoScript to 11.0.23 * Bug 33630: Remove noisebridge01 default bridge * Windows + OS X + Linux * Bug 33771: Update some existing licenses and add Libevent license * Bug 33723: Bump openssl version to 1.1.1f * Windows * Bug 33805: Remove escape-openssldir.patch

1 0

New stable Tor releases: 0.3.5.10, 0.4.1.9, and 0.4.2.7
by Nick Mathewson 18 Mar '20

18 Mar '20

Hello! (If you are about to reply saying "please take me off this list", instead please follow these instructions: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/ . If you have trouble, it is probably because you subscribed using a different address than the one you are trying to unsubscribe with. You will have to enter the actual email address you used when you subscribed.) Source code for Tor 0.4.2.7 is now available; you can download the source code from the download place on the website. Packages should be available within the next several days, including a new Tor browser release. (For source code for 0.3.5.10 and 0.4.1.9 , see https://dist.torproject.org/ . There is also a new alpha release today, but those are announced on the tor-talk@ mailing list.) These releases fix a couple of denial-of-service vulnerabilities. Everybody running an older version should upgrade as packages become available. Below is the full changelog for 0.4.2.7. You can find the changelogs for the other releases at: 0.3.5.10: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.5.10 0.4.1.9: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.1.9 Changes in version 0.4.2.7 - 2020-03-18 This is the third stable release in the 0.4.2.x series. It backports numerous fixes from later releases, including a fix for TROVE-2020- 002, a major denial-of-service vulnerability that affected all released Tor instances since 0.2.1.5-alpha. Using this vulnerability, an attacker could cause Tor instances to consume a huge amount of CPU, disrupting their operations for several seconds or minutes. This attack could be launched by anybody against a relay, or by a directory cache against any client that had connected to it. The attacker could launch this attack as much as they wanted, thereby disrupting service or creating patterns that could aid in traffic analysis. This issue was found by OSS-Fuzz, and is also tracked as CVE-2020-10592. We do not have reason to believe that this attack is currently being exploited in the wild, but nonetheless we advise everyone to upgrade as soon as packages are available. o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha): - Fix a denial-of-service bug that could be used by anyone to consume a bunch of CPU on any Tor relay or authority, or by directories to consume a bunch of CPU on clients or hidden services. Because of the potential for CPU consumption to introduce observable timing patterns, we are treating this as a high-severity security issue. Fixes bug 33119; bugfix on 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue as TROVE-2020-002 and CVE-2020-10592. o Major bugfixes (circuit padding, memory leak, backport from 0.4.3.3-alpha): - Avoid a remotely triggered memory leak in the case that a circuit padding machine is somehow negotiated twice on the same circuit. Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls. This is also tracked as TROVE-2020-004 and CVE-2020-10593. o Major bugfixes (directory authority, backport from 0.4.3.3-alpha): - Directory authorities will now send a 503 (not enough bandwidth) code to clients when under bandwidth pressure. Known relays and other authorities will always be answered regardless of the bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha. o Minor features (continuous integration, backport from 0.4.3.2-alpha): - Stop allowing failures on the Travis CI stem tests job. It looks like all the stem hangs we were seeing before are now fixed. Closes ticket 33075. o Minor bugfixes (bridges, backport from 0.4.3.1-alpha): - Lowercase the configured value of BridgeDistribution before adding it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha. o Minor bugfixes (logging, backport from 0.4.3.2-alpha): - If we encounter a bug when flushing a buffer to a TLS connection, only log the bug once per invocation of the Tor process. Previously we would log with every occurrence, which could cause us to run out of disk space. Fixes bug 33093; bugfix on 0.3.2.2-alpha. o Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha): - Fix an assertion failure that could result from a corrupted ADD_ONION control port command. Found by Saibato. Fixes bug 33137; bugfix on 0.3.3.1-alpha. This issue is also tracked as TROVE-2020-003. o Minor bugfixes (rust, build, backport from 0.4.3.2-alpha): - Fix a syntax warning given by newer versions of Rust that was creating problems for our continuous integration. Fixes bug 33212; bugfix on 0.3.5.1-alpha. o Testing (Travis CI, backport from 0.4.3.3-alpha): - Remove a redundant distcheck job. Closes ticket 33194. - Sort the Travis jobs in order of speed: putting the slowest jobs first takes full advantage of Travis job concurrency. Closes ticket 33194. - Stop allowing the Chutney IPv6 Travis job to fail. This job was previously configured to fast_finish (which requires allow_failure), to speed up the build. Closes ticket 33195. - When a Travis chutney job fails, use chutney's new "diagnostics.sh" tool to produce detailed diagnostic output. Closes ticket 32792.

1 0

New stable releases: Tor 0.4.1.8 and 0.4.2.6
by Nick Mathewson 30 Jan '20

30 Jan '20

Hello, everyone! (If you are about to reply saying "please take me off this list", instead please follow these instructions: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/ . If you have trouble, it is probably because you subscribed using a different address than the one you are trying to unsubscribe with. You will have to enter the actual email address you used when you subscribed.) Source code for Tor 0.4.2.6 is now available from the usual place at https://www.torproject.org/download/tor/ . Packages should be available within the next several weeks, with a new Tor Browser by mid-February. Source code for Tor 0.4.1.8 is available from our distribution site, at https://dist.torproject.org/ . Change logs for these releases are below. A reminder about supported releases: 0.2.9.x releases are no longer supported as of Jan 1, and 0.4.0.x releases will no longer be supported as of Feb 2. The currently supported stable series are 0.3.5.x, 0.4.1.x, and 0.4.2.x. For more information about our support policies, see https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTor… Changes in version 0.4.2.6 - 2020-01-30 This is the second stable release in the 0.4.2.x series. It backports several bugfixes from 0.4.3.1-alpha, including some that had affected the Linux seccomp2 sandbox or Windows services. If you're running with one of those configurations, you'll probably want to upgrade; otherwise, you should be fine with 0.4.2.5. o Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha): - Correct how we use libseccomp. Particularly, stop assuming that rules are applied in a particular order or that more rules are processed after the first match. Neither is the case! In libseccomp <2.4.0 this lead to some rules having no effect. libseccomp 2.4.0 changed how rules are generated, leading to a different ordering, which in turn led to a fatal crash during startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by Peter Gerber. - Fix crash when reloading logging configuration while the experimental sandbox is enabled. Fixes bug 32841; bugfix on 0.4.1.7. Patch by Peter Gerber. o Minor bugfixes (correctness checks, backport from 0.4.3.1-alpha): - Use GCC/Clang's printf-checking feature to make sure that tor_assertf() arguments are correctly typed. Fixes bug 32765; bugfix on 0.4.1.1-alpha. o Minor bugfixes (logging, crash, backport from 0.4.3.1-alpha): - Avoid a possible crash when trying to log a (fatal) assertion failure about mismatched magic numbers in configuration objects. Fixes bug 32771; bugfix on 0.4.2.1-alpha. o Minor bugfixes (testing, backport from 0.4.3.1-alpha): - When TOR_DISABLE_PRACTRACKER is set, do not apply it to the test_practracker.sh script. Doing so caused a test failure. Fixes bug 32705; bugfix on 0.4.2.1-alpha. - When TOR_DISABLE_PRACTRACKER is set, log a notice to stderr when skipping practracker checks. Fixes bug 32705; bugfix on 0.4.2.1-alpha. o Minor bugfixes (windows service, backport from 0.4.3.1-alpha): - Initialize the publish/subscribe system when running as a windows service. Fixes bug 32778; bugfix on 0.4.1.1-alpha. o Testing (backport from 0.4.3.1-alpha): - Turn off Tor's Sandbox in Chutney jobs, and run those jobs on Ubuntu Bionic. Turning off the Sandbox is a work-around, until we fix the sandbox errors in 32722. Closes ticket 32240. - Re-enable the Travis CI macOS Chutney build, but don't let it prevent the Travis job from finishing. (The Travis macOS jobs are slow, so we don't want to have it delay the whole CI process.) Closes ticket 32629. o Testing (continuous integration, backport from 0.4.3.1-alpha): - Use zstd in our Travis Linux builds. Closes ticket 32242. Changes in version 0.4.1.8 - 2020-01-30 This release backports several bugfixes from later release series, including some that had affected the Linux seccomp2 sandbox or Windows services. If you're running with one of those configurations, you'll probably want to upgrade; otherwise, you should be fine with your current version of 0.4.1.x. o Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha): - Correct how we use libseccomp. Particularly, stop assuming that rules are applied in a particular order or that more rules are processed after the first match. Neither is the case! In libseccomp <2.4.0 this lead to some rules having no effect. libseccomp 2.4.0 changed how rules are generated, leading to a different ordering, which in turn led to a fatal crash during startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by Peter Gerber. - Fix crash when reloading logging configuration while the experimental sandbox is enabled. Fixes bug 32841; bugfix on 0.4.1.7. Patch by Peter Gerber. o Minor bugfixes (crash, backport form 0.4.2.4-rc): - When running Tor with an option like --verify-config or --dump-config that does not start the event loop, avoid crashing if we try to exit early because of an error. Fixes bug 32407; bugfix on 0.3.3.1-alpha. o Minor bugfixes (windows service, backport from 0.4.3.1-alpha): - Initialize the publish/subscribe system when running as a windows service. Fixes bug 32778; bugfix on 0.4.1.1-alpha. o Testing (backport from 0.4.3.1-alpha): - Turn off Tor's Sandbox in Chutney jobs, and run those jobs on Ubuntu Bionic. Turning off the Sandbox is a work-around, until we fix the sandbox errors in 32722. Closes ticket 32240. - Re-enable the Travis CI macOS Chutney build, but don't let it prevent the Travis job from finishing. (The Travis macOS jobs are slow, so we don't want to have it delay the whole CI process.) Closes ticket 32629. o Testing (continuous integration, backport from 0.4.3.1-alpha): - Use zstd in our Travis Linux builds. Closes ticket 32242.

1 0