tor-packagers

tor-packagers@lists.torproject.org

104 discussions

Tor 0.3.3.5-rc source code is available
by Nick Mathewson 15 Apr '18

15 Apr '18

Hi! You can get the latest Tor release candidate at https://dist.torproject.org/ . Please remember to check the signatures! Since this is a release candidate, I'd like to get as much testing as possible, before we call this series stable. The changes: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.3.5-rc cheers, -- Nick

1 0

Tor 0.3.3.4-alpha source is available for download
by Nick Mathewson 29 Mar '18

29 Mar '18

Hi all! The latest tor alpha, 0.3.3.4-alpha, is available at the usual place at https://dist.torproject.org/ Please test this out if you can, and get it to users so that they can test it too. I hope that the next release will be a release candidate. I'll send official announcements once the website has updated and I'm out of meetings for the day. cheers, -- Nick

1 0

[security] new releases available for download: Tor 0.2.9.15, 0.3.1.10, 0.3.2.10, 0.3.3.3-alpha
by Nick Mathewson 03 Mar '18

03 Mar '18

Hello! There are new releases tagged and available for download from the usual place at https://dist.torproject.org/ . Please remember to check the signatures! These releases are security-relevant for relays. In brief: 0.2.9.15, 0.3.1.10, and 0.3.2.10 all backport our countermeasures to mitigate current denial-of-service attacks against the Tor network (trac ticket #24902). All of these releases contain a fix for TROVE-2018-001, a denial-of-service issue affecting directory authorities. 0.3.2.10 backports a fix for TROVE-2018-002, a use-after-free issue affecting relays running earlier versions of 0.3.2. None of these fixes appear to be essential for clients, but relays should upgrade, especially if they are running 0.3.2.x or 0.3.3.1-alpha. You can see their full changelogs at https://gitweb.torproject.org/tor.git/tree/ChangeLog . I'll be sending out official announcements later today, with blog posts to follow after the website has updated. peace, -- Nick

1 0

Upcoming Tor security releases affecting 0.2.9, 0.3.1, 0.3.2, 0.3.3.
by Nick Mathewson 21 Feb '18

21 Feb '18

Hi! [Sorry for the cross-posting!] This coming week, we'll be putting out new stable releases for 0.2.9 and later supported branches to fix a few security bugs. The highest-severity bug to be fixed is severity "medium". (See https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/Securit… for information about how we rank security issues.) These releases will also backport the anti-DoS features from Tor 0.3.3. Relays and authorities should be sure to upgrade once packages are available; these issues are not high-priority for clients. best wishes, -- Nick

1 0

Tor 0.3.3.2-alpha source is released
by Nick Mathewson 10 Feb '18

10 Feb '18

Hi, all! You can now get the source to Tor 0.3.3.2-alpha from the usual place at https://dist.torproject.org/. I'll send out the official announcements once the website has updated. Changelog: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.3.2-alpha best wishes, -- Nick

1 0

New alpha release: Tor 0.3.3.1-alpha
by Nick Mathewson 25 Jan '18

25 Jan '18

Hi! Tor 0.3.3.1-alpha is out! You can get it at https://dist.torproject.org/ ; make sure to check the signatures. I'll send out the official announcements later today. Changelog: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.3.1-alpha I'm hoping to get another alpha out in 5-14 days, with stable release updates soon after. peace, -- Nick

1 0

New stable release: Tor 0.3.2.9
by Nick Mathewson 09 Jan '18

09 Jan '18

Hi, all! There's a new release 0.3.2.9: the 0.3.2.x series is now stable! You can get it at https://dist.torproject.org/ I'll send out the official announcements once the website has updated. Changelog (changes since 0.3.2.8-rc): https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.2.9&id=9e8b7… Release notes (changes since 0.3.1.7): https://gitweb.torproject.org/tor.git/tree/ReleaseNotes?h=tor-0.3.2.9&id=9e… best wishes, -- Nick

1 0

Tor 0.3.2.8-rc is released.
by Nick Mathewson 21 Dec '17

21 Dec '17

Hi! Tor 0.3.2.8-rc is now available from https://dist.torproject.org/ . I'll send an official announcement once the website has updated. This is an important update for relays running earlier versions of 0.3.2.x. Changes in version 0.3.2.8-rc - 2017-12-21 Tor 0.3.2.8-rc fixes a pair of bugs in the KIST and KISTLite schedulers that had led servers under heavy load to overload their outgoing connections. All relay operators running earlier 0.3.2.x versions should upgrade. This version also includes a mitigation for over-full DESTROY queues leading to out-of-memory conditions: if it works, we will soon backport it to earlier release series. This is the second release candidate in the 0.3.2 series. If we find no new bugs or regression here, then the first stable 0.3.2 release will be nearly identical to this. o Major bugfixes (KIST, scheduler): - The KIST scheduler did not correctly account for data already enqueued in each connection's send socket buffer, particularly in cases when the TCP/IP congestion window was reduced between scheduler calls. This situation lead to excessive per-connection buffering in the kernel, and a potential memory DoS. Fixes bug 24665; bugfix on 0.3.2.1-alpha. o Minor features (geoip): - Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2 Country database. o Minor bugfixes (hidden service v3): - Bump hsdir_spread_store parameter from 3 to 4 in order to increase the probability of reaching a service for a client missing microdescriptors. Fixes bug 24425; bugfix on 0.3.2.1-alpha. o Minor bugfixes (memory usage): - When queuing DESTROY cells on a channel, only queue the circuit-id and reason fields: not the entire 514-byte cell. This fix should help mitigate any bugs or attacks that fill up these queues, and free more RAM for other uses. Fixes bug 24666; bugfix on 0.2.5.1-alpha. o Minor bugfixes (scheduler, KIST): - Use a sane write limit for KISTLite when writing onto a connection buffer instead of using INT_MAX and shoving as much as it can. Because the OOM handler cleans up circuit queues, we are better off at keeping them in that queue instead of the connection's buffer. Fixes bug 24671; bugfix on 0.3.2.1-alpha.

2 1

Tor 0.3.2.7-rc is available
by Nick Mathewson 14 Dec '17

14 Dec '17

Hi, all! Tor 0.3.2.7-rc, the first release candidate in its series, is now available. You can find it, along with its signature, at https://dist.torproject.org/ . best wishes, -- Nick

1 0

New Tor releases: all supported series
by Nick Mathewson 01 Dec '17

01 Dec '17

Hello again! Tarballs for the today's security releases are now available at https://dist.torproject.org/ . Remember to check the signatures! The new version are 0.2.5.16, 0.2.8.17, 0.2.9.14, 0.3.0.13, 0.3.1.9, and 0.3.2.6-alpha. I have pushed the signed tags for 0.3.1.9 and 0.3.2.6-alpha; I will push the rest of the signed tags, and send official announcements, once the website has updated. Remember that the following release series are approaching end-of-life: 0.2.8 on 1 Jan 2018 0.3.0 on 26 Jan 2018 0.2.5 on 1 May 2018 If you need to package a release series with long term support, stick to 0.2.9.x. Otherwise, please stay up-to-date with the latest stable release series (or with the alphas, if you are feeling brave and you like reporting bugs). many thanks, -- Nick

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-packagers