- tor-packagers - lists.torproject.org

New Tor *security* releases: 0.3.5.15, 0.4.4.9, 0.4.5.9, 0.4.6.5
by Nick Mathewson 14 Jun '21

14 Jun '21

Hello! There are new security releases today. These releases fix four security issues discovered by Jann Horn and Sergei Glazunov at Google's Project Zero. You can find these releases in the usual place at https://dist.torproject.org. Make sure (as usual) to check the signatures: my key is available at key.cgi?fingerprint=2133BC600AB133E1D826D173FE43009C4607B1FB Also of note: * The 0.4.6.5 release is the first stable release in its series. * Tomorrow is end-of-life for the 0.4.4.x series; there will be no more 0.4.4.x releases after today. For information about how long each series will be supported, see https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/CoreTorRele… . The security issues are as follows. My recommendation is that nobody should freak out, but everybody should upgrade. o Major bugfixes (security): - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it. Fixes bug 40389; bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- 003 and CVE-2021-34548. o Major bugfixes (security, defense-in-depth): - Detect more failure conditions from the OpenSSL RNG code. Previously, we would detect errors from a missing RNG implementation, but not failures from the RNG code itself. Fortunately, it appears those failures do not happen in practice when Tor is using OpenSSL's default RNG implementation. Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. o Major bugfixes (security, denial of service): - Resist a hashtable-based CPU denial-of-service attack against relays. Previously we used a naive unkeyed hash function to look up circuits in a circuitmux object. An attacker could exploit this to construct circuits with chosen circuit IDs, to create collisions and make the hash table inefficient. Now we use a SipHash construction here instead. Fixes bug 40391; bugfix on 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. - Fix an out-of-bounds memory access in v3 onion service descriptor parsing. An attacker could exploit this bug by crafting an onion service descriptor that would crash any client that tried to visit it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei Glazunov from Google's Project Zero. For complete ChangeLogs for each release, see: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.5.15 https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.4.9 https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.5.9 https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.6.5 For the ReleaseNotes for the 0.4.6.x series as a whole, see: https://gitweb.torproject.org/tor.git/tree/ReleaseNotes?h=tor-0.4.6.5 I'll send out announcements after the download page has updated. best wishes, -- Nick

1 0

Upcoming security releases in mid-June
by Nick Mathewson 10 Jun '21

10 Jun '21

Hello! In around two weeks–likely on the 14th or 15th– we plan to put out new stable Tor releases to fix issues in all currently released versions of Tor. There are three issues that will be fixed, with severity levels between "Medium" and "High" according to our classification system. The most severe issue, by our reckoning, is a denial-of-service issue affecting onion service clients. We'll share more details after people have time to patch. Our security policy: https://gitlab.torproject.org/legacy/trac/-/wikis/org/teams/NetworkTeam/Sec… Our registry of vulnerabilities: https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE The new releases will be 0.3.5.15, 0.4.4.9, 0.4.5.9, 0.4.6.5. The issues to be fixed are TROVE-2021-003 through TROVE-2021-006. When these releases are out, we will recommend that everybody upgrade, including clients _and_ relays. Note that Tor 0.4.4.x reaches its end-of-life on 15 June: this will be the last 0.4.4.x release. best wishes, -- Nick

1 1

New release: Tor 0.4.6.4-rc
by Nick Mathewson 28 May '21

28 May '21

Hi! There's a new release candidate available for download at the usual place on https://dist.torproject.org. The version is 0.4.6.4-rc. This is probably the last release candidate before 0.4.6.x is stable, so please test it if you can! Official announcements will follow after the website updates. Here's the changelog: Changes in version 0.4.6.4-rc - 2021-05-28 Tor 0.4.6.4-rc fixes a few bugs from previous releases. This, we hope, the final release candidate in its series: unless major new issues are found, the next release will be stable. o Minor features (compatibility): - Remove an assertion function related to TLS renegotiation. It was used nowhere outside the unit tests, and it was breaking compilation with recent alpha releases of OpenSSL 3.0.0. Closes ticket 40399. o Minor bugfixes (consensus handling): - Avoid a set of bugs that could be caused by inconsistently preferring an out-of-date consensus stored in a stale directory cache over a more recent one stored on disk as the latest consensus. Fixes bug 40375; bugfix on 0.3.1.1-alpha. o Minor bugfixes (control, sandbox): - Allow the control command SAVECONF to succeed when the seccomp sandbox is enabled, and make SAVECONF keep only one backup file to simplify implementation. Previously SAVECONF allowed a large number of backup files, which made it incompatible with the sandbox. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by Daniel Pinto. o Minor bugfixes (metrics port): - Fix a bug that made tor try to re-bind() on an already open MetricsPort every 60 seconds. Fixes bug 40370; bugfix on 0.4.5.1-alpha. o Removed features: - Remove unneeded code for parsing private keys in directory documents. This code was only used for client authentication in v2 onion services, which are now unsupported. Closes ticket 40374.

1 0

New Tor releases: 0.4.6.3-rc and 0.4.5.8
by Nick Mathewson 10 May '21

10 May '21

Hi, all! There's a new stable release (0.4.5.8) and a new release candidate forr the upcoming series (0.4.6.3-rc) available for download at https://dist.torproject.org/ . I'll send out official announcements later today. If you can, please remember to try out alpha releases on your platform, especially if you're building for something besides Linux, Windows, or OSX: it really helps us to know about bugs before the releases are stable. Please report issues at https://bugs.torproject.org/ so we aren't reliant on my inbox management skills. :) Here are the changelogs: Changes in version 0.4.6.3-rc - 2021-05-10 Tor 0.4.6.3-rc is the first release candidate in its series. It fixes a few small bugs from previous versions, and adds a better error message when trying to use (no longer supported) v2 onion services. Though we anticipate that we'll be doing a bit more clean-up between now and the stable release, we expect that our remaining changes will be fairly simple. There will likely be at least one more release candidate before 0.4.6.x is stable. o Major bugfixes (onion service, control port): - Make the ADD_ONION command properly configure client authorization. Before this fix, the created onion failed to add the client(s). Fixes bug 40378; bugfix on 0.4.6.1-alpha. o Minor features (compatibility, Linux seccomp sandbox): - Add a workaround to enable the Linux sandbox to work correctly with Glibc 2.33. This version of Glibc has started using the fstatat() system call, which previously our sandbox did not allow. Closes ticket 40382; see the ticket for a discussion of trade-offs. o Minor features (compilation): - Make the autoconf script build correctly with autoconf versions 2.70 and later. Closes part of ticket 40335. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2021/05/07. o Minor features (onion services): - Add a warning message when trying to connect to (no longer supported) v2 onion services. Closes ticket 40373. o Minor bugfixes (build, cross-compilation): - Allow a custom "ar" for cross-compilation. Our previous build script had used the $AR environment variable in most places, but it missed one. Fixes bug 40369; bugfix on 0.4.5.1-alpha. o Minor bugfixes (compiler warnings): - Fix an indentation problem that led to a warning from GCC 11.1.1. Fixes bug 40380; bugfix on 0.3.0.1-alpha. o Minor bugfixes (logging, relay): - Emit a warning if an Address is found to be internal and tor can't use it. Fixes bug 40290; bugfix on 0.4.5.1-alpha. o Minor bugfixes (onion service, client, memory leak): - Fix a bug where an expired cached descriptor could get overwritten with a new one without freeing it, leading to a memory leak. Fixes bug 40356; bugfix on 0.3.5.1-alpha. Changes in version 0.4.5.8 - 2021-05-10 Tor 0.4.5.8 fixes several bugs in earlier version, backporting fixes from the 0.4.6.x series. o Minor features (compatibility, Linux seccomp sandbox, backport from 0.4.6.3-rc): - Add a workaround to enable the Linux sandbox to work correctly with Glibc 2.33. This version of Glibc has started using the fstatat() system call, which previously our sandbox did not allow. Closes ticket 40382; see the ticket for a discussion of trade-offs. o Minor features (compilation, backport from 0.4.6.3-rc): - Make the autoconf script build correctly with autoconf versions 2.70 and later. Closes part of ticket 40335. o Minor features (fallback directory list, backport from 0.4.6.2-alpha): - Regenerate the list of fallback directories to contain a new set of 200 relays. Closes ticket 40265. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2021/05/07. o Minor features (onion services): - Add warning message when connecting to now deprecated v2 onion services. As announced, Tor 0.4.5.x is the last series that will support v2 onions. Closes ticket 40373. o Minor bugfixes (bridge, pluggable transport, backport from 0.4.6.2-alpha): - Fix a regression that made it impossible start Tor using a bridge line with a transport name and no fingerprint. Fixes bug 40360; bugfix on 0.4.5.4-rc. o Minor bugfixes (build, cross-compilation, backport from 0.4.6.3-rc): - Allow a custom "ar" for cross-compilation. Our previous build script had used the $AR environment variable in most places, but it missed one. Fixes bug 40369; bugfix on 0.4.5.1-alpha. o Minor bugfixes (channel, DoS, backport from 0.4.6.2-alpha): - Fix a non-fatal BUG() message due to a too-early free of a string, when listing a client connection from the DoS defenses subsystem. Fixes bug 40345; bugfix on 0.4.3.4-rc. o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc): - Fix an indentation problem that led to a warning from GCC 11.1.1. Fixes bug 40380; bugfix on 0.3.0.1-alpha. o Minor bugfixes (controller, backport from 0.4.6.1-alpha): - Fix a "BUG" warning that would appear when a controller chooses the first hop for a circuit, and that circuit completes. Fixes bug 40285; bugfix on 0.3.2.1-alpha. o Minor bugfixes (onion service, client, memory leak, backport from 0.4.6.3-rc): - Fix a bug where an expired cached descriptor could get overwritten with a new one without freeing it, leading to a memory leak. Fixes bug 40356; bugfix on 0.3.5.1-alpha. o Minor bugfixes (testing, BSD, backport from 0.4.6.2-alpha): - Fix pattern-matching errors when patterns expand to invalid paths on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by Daniel Pinto.

1 0

New release: Tor 0.4.6.2-alpha
by Nick Mathewson 15 Apr '21

15 Apr '21

Hi all! New alpha release at https://dist.torproject.org/ . I'll send out official announcements after the website has updated. If you can, please remember to try out alpha releases on your platform, especially if you're building for something besides Linux, Windows, or OSX: it really helps us to know about bugs before the releases are stable. Here's the changelog: Changes in version 0.4.6.2-alpha - 2021-04-15 Tor 0.4.6.2-alpha is the second alpha in its series. It fixes several small bugs in previous releases, and solves other issues that had enabled denial-of-service attacks and affected integration with other tools. o Minor features (client): - Clients now check whether their streams are attempting to re-enter the Tor network (i.e. to send Tor traffic over Tor), and close them preemptively if they think exit relays will refuse them for this reason. See ticket 2667 for details. Closes ticket 40271. o Minor features (command line): - Add long format name "--torrc-file" equivalent to the existing command-line option "-f". Closes ticket 40324. Patch by Daniel Pinto. o Minor features (dormant mode): - Add a new 'DormantTimeoutEnabled' option to allow coarse-grained control over whether the client ever becomes dormant from inactivity. Most people won't need this. Closes ticket 40228. o Minor features (fallback directory list): - Regenerate the list of fallback directories to contain a new set of 200 relays. Closes ticket 40265. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2021/04/13. o Minor features (logging): - Edit heartbeat log messages so that more of them begin with the string "Heartbeat: ". Closes ticket 40322; patch from 'cypherpunks'. o Minor bugfixes (bridge, pluggable transport): - Fix a regression that made it impossible start Tor using a bridge line with a transport name and no fingerprint. Fixes bug 40360; bugfix on 0.4.5.4-rc. o Minor bugfixes (channel, DoS): - Fix a non-fatal BUG() message due to a too-early free of a string, when listing a client connection from the DoS defenses subsystem. Fixes bug 40345; bugfix on 0.4.3.4-rc. o Minor bugfixes (compilation): - Fix a compilation warning about unused functions when building with a libc that lacks the GLOB_ALTDIRFUNC constant. Fixes bug 40354; bugfix on 0.4.5.1-alpha. Patch by Daniel Pinto. o Minor bugfixes (configuration): - Fix pattern-matching for directories on all platforms when using %include options in configuration files. This patch also fixes compilation on musl libc based systems. Fixes bug 40141; bugfix on 0.4.5.1-alpha. o Minor bugfixes (relay): - Move the "overload-general" line from extrainfo to the server descriptor. Fixes bug 40364; bugfix on 0.4.6.1-alpha. o Minor bugfixes (testing, BSD): - Fix pattern-matching errors when patterns expand to invalid paths on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by Daniel Pinto. o Documentation (manual): - Move the ServerTransport* options to the "SERVER OPTIONS" section. Closes issue 40331. - Indicate that the HiddenServiceStatistics option also applies to bridges. Closes ticket 40346. - Move the description of BridgeRecordUsageByCountry to the section "STATISTICS OPTIONS". Closes ticket 40323.

1 0

Tor 0.4.6.1-alpha is released
by Nick Mathewson 18 Mar '21

18 Mar '21

Hi! There's a new alpha series beginning: please see tor-0.4.6.1-alpha at https://dist.torproject.org/ . Please remember to try this one out _before_ we ship it as stable: alpha is the easiest time to fix bugs. Official announcements to follow once the website updates. Changes in version 0.4.6.1-alpha - 2021-03-18 Tor 0.4.6.1-alpha is the first alpha release in the 0.4.6.x series. It improves client circuit performance, adds missing features, and improves some of our DoS handling and statistics reporting. It also includes numerous smaller bugfixes. Below are the changes since 0.4.5.7. (Note that this release DOES include the fixes for the security bugs already fixed in 0.4.5.7.) o Major features (control port, onion services): - Add controller support for creating version 3 onion services with client authorization. Previously, only v2 onion services could be created with client authorization. Closes ticket 40084. Patch by Neel Chauhan. o Major features (directory authorityl): - When voting on a relay with a Sybil-like appearance, add the Sybil flag when clearing out the other flags. This lets a relay operator know why their relay hasn't been included in the consensus. Closes ticket 40255. Patch by Neel Chauhan. o Major features (metrics): - Relays now report how overloaded they are in their extrainfo documents. This information is controlled with the OverloadStatistics torrc option, and it will be used to improve decisions about the network's load balancing. Implements proposal 328; closes ticket 40222. o Major features (relay, denial of service): - Add a new DoS subsystem feature to control the rate of client connections for relays. Closes ticket 40253. o Major features (statistics): - Relays now publish statistics about the number of v3 onion services and volume of v3 onion service traffic, in the same manner they already do for v2 onions. Closes ticket 23126. o Major bugfixes (circuit build timeout): - Improve the accuracy of our circuit build timeout calculation for 60%, 70%, and 80% build rates for various guard choices. We now use a maximum likelihood estimator for Pareto parameters of the circuit build time distribution, instead of a "right-censored estimator". This causes clients to ignore circuits that never finish building in their timeout calculations. Previously, clients were counting such unfinished circuits as having the highest possible build time value, when in reality these circuits most likely just contain relays that are offline. We also now wait a bit longer to let circuits complete for measurement purposes, lower the minimum possible effective timeout from 1.5 seconds to 10ms, and increase the resolution of the circuit build time histogram from 50ms bin widths to 10ms bin widths. Additionally, we alter our estimate Xm by taking the maximum of the top 10 most common build time values of the 10ms histogram, and compute Xm as the average of these. Fixes bug 40168; bugfix on 0.2.2.14-alpha. - Remove max_time calculation and associated warning from circuit build timeout 'alpha' parameter estimation, as this is no longer needed by our new estimator from 40168. Fixes bug 34088; bugfix on 0.2.2.9-alpha. o Major bugfixes (signing key): - In the tor-gencert utility, give an informative error message if the passphrase given in `--create-identity-key` is too short. Fixes bug 40189; bugfix on 0.2.0.1-alpha. Patch by Neel Chauhan. o Minor features (bridge): - We now announce the URL to Tor's new bridge status at https://bridges.torproject.org/ when Tor is configured to run as a bridge relay. Closes ticket 30477. o Minor features (build system): - New "make lsp" command to auto generate the compile_commands.json file used by the ccls server. The "bear" program is needed for this. Closes ticket 40227. o Minor features (command-line interface): - Add build informations to `tor --version` in order to ease reproducible builds. Closes ticket 32102. - When parsing command-line flags that take an optional argument, treat the argument as absent if it would start with a '-' character. Arguments in that form are not intelligible for any of our optional-argument flags. Closes ticket 40223. - Allow a relay operator to list the ed25519 keys on the command line by adding the `rsa` and `ed25519` arguments to the --list-fingerprint flag to show the respective RSA and ed25519 relay fingerprint. Closes ticket 33632. Patch by Neel Chauhan. o Minor features (control port, stream handling): - Add the stream ID to the event line in the ADDRMAP control event. Closes ticket 40249. Patch by Neel Chauhan. o Minor features (dormant mode): - Add a new 'DormantTimeoutEnabled' option for coarse-grained control over whether the client can become dormant from inactivity. Most people won't need this. Closes ticket 40228. o Minor features (logging): - Change the DoS subsystem heartbeat line format to be more clear on what has been detected/rejected, and which option is disabled (if any). Closes ticket 40308. - In src/core/mainloop/mainloop.c and src/core/mainloop/connection.c, put brackets around IPv6 addresses in log messages. Closes ticket 40232. Patch by Neel Chauhan. o Minor features (performance, windows): - Use SRWLocks to implement locking on Windows. Replaces the "critical section" locking implementation with the faster SRWLocks, available since Windows Vista. Closes ticket 17927. Patch by Daniel Pinto. o Minor features (protocol, proxy support, defense in depth): - Close HAProxy connections if they somehow manage to send us data before we start reading. Closes another case of ticket 40017. o Minor features (tests, portability): - Port the hs_build_address.py test script to work with recent versions of python. Closes ticket 40213. Patch from Samanta Navarro. o Minor features (vote document): - Add a "stats" line to directory authority votes, to report various statistics that authorities compute about the relays. This will help us diagnose the network better. Closes ticket 40314. o Minor bugfixes (build): - The configure script now shows whether or not lzma and zstd have been used, not just if the enable flag was passed in. Fixes bug 40236; bugfix on 0.4.3.1-alpha. o Minor bugfixes (compatibility): - Fix a failure in the test cases when running on the "hppa" architecture, along with a related test that might fail on other architectures in the future. Fixes bug 40274; bugfix on 0.2.5.1-alpha. o Minor bugfixes (controller): - Fix a "BUG" warning that would appear when a controller chooses the first hop for a circuit, and that circuit completes. Fixes bug 40285; bugfix on 0.3.2.1-alpha. o Minor bugfixes (directory authorities, voting): - Add a new consensus method (31) to support any future changes that authorities decide to make to the value of bwweightscale or maxunmeasuredbw. Previously, there was a bug that prevented the authorities from parsing these consensus parameters correctly under most circumstances. Fixes bug 19011; bugfix on 0.2.2.10-alpha. o Minor bugfixes (ipv6): - Allow non-SOCKSPorts to disable IPv4, IPv6, and PreferIPv4. Some rare configurations might break, but in this case you can disable NoIPv4Traffic and NoIPv6Traffic as needed. Fixes bug 33607; bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. o Minor bugfixes (key generation): - Do not require a valid torrc when using the `--keygen` argument to generate a signing key. This allows us to generate keys on systems or users which may not run Tor. Fixes bug 40235; bugfix on 0.2.7.2-alpha. Patch by Neel Chauhan. o Minor bugfixes (onion services, logging): - Downgrade the severity of a few rendezvous circuit-related warnings from warning to info. Fixes bug 40207; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan. o Minor bugfixes (relay): - Reduce the compression level for data streaming from HIGH to LOW. This should reduce the CPU and memory burden for directory caches. Fixes bug 40301; bugfix on 0.3.5.1-alpha. o Code simplification and refactoring: - Remove the orconn_ext_or_id_map structure and related functions. (Nothing outside of unit tests used them.) Closes ticket 33383. Patch by Neel Chauhan. o Code simplification and refactoring (metrics, DoS): - Move the DoS subsystem into the subsys manager, including its configuration options. Closes ticket 40261. o Removed features (relay): - Because DirPorts are only used on authorities, relays no longer advertise them. Similarly, self-testing for DirPorts has been disabled, since an unreachable DirPort is no reason for a relay not to advertise itself. (Configuring a DirPort will still work, for now.) Closes ticket 40282.

2 1

New security releases: Tor 0.4.5.7, 0.4.4.8, and 0.3.5.14
by Nick Mathewson 16 Mar '21

16 Mar '21

Hello all! There are new security releases today for 0.4.5.7, 0.4.4.8, and 0.3.5.14. Here are the changelogs: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.5.14 https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.4.8 https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.5.7 One of the bugs that is fixed here is a DoS that potentially affects all Tor instances. Everybody should upgrade. Tor 0.4.6.1-alpha will follow later this week, probably around Thursday. Note that the above-listed release series the only ones that are supported right now: if you have been shipping something else (like 0.4.3 for example) you should upgrade. Our supported release schedule is at https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/CoreTorRele… . Official announcements will follow once the website has updated. peace, -- Nick

1 0

Upcoming releases to fix denial-of-service issues in Tor
by Nick Mathewson 15 Mar '21

15 Mar '21

Hello! Early next week -- around Tuesday -- we plan to put out new Tor releases to fix a pair of denial-of-service issues that we have found. We are tracking these issues as "High" and "Medium" severity respectively under our security policy at https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/SecurityPol… . We are tracking these issues as TROVE-2021-001 and TROVE-2021-002 at https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE . All currently supported Tor versions are affected. The impact of these issues is that a remote attacker participating in the directory protocol can cause a denial of service attack against Tor instances. Once the new versions are released, we will recommend that all relays and authorities should upgrade. The impact is worst for directory authorities: we have already distributed patches to the authority operators and encouraged them to upgrade. To the best of our knowledge these vulnerabilities are not being exploited in the wild. We'll be releasing more information about these issues after the fixes are available. best wishes, -- Nick

1 1

New *stable* release: Tor 0.4.5.6
by Nick Mathewson 15 Feb '21

15 Feb '21

Hello! Tor 0.4.5.6 is now signed and uploaded to https://dist.torproject.org/ . It's officially a stable release now! Below is a list of the changes since 0.4.5.5-rc. For a list of all the changes since 0.4.4.7, see the ReleaseNotes file. Official announcements will follow after the website has updated. Changes in version 0.4.5.6 - 2021-02-15 The Tor 0.4.5.x release series is dedicated to the memory of Karsten Loesing (1979-2020), Tor developer, cypherpunk, husband, and father. Karsten is best known for creating the Tor metrics portal and leading the metrics team, but he was involved in Tor from the early days. For example, while he was still a student he invented and implemented the v2 onion service directory design, and he also served as an ambassador to the many German researchers working in the anonymity field. We loved him and respected him for his patience, his consistency, and his welcoming approach to growing our community. This release series introduces significant improvements in relay IPv6 address discovery, a new "MetricsPort" mechanism for relay operators to measure performance, LTTng support, build system improvements to help when using Tor as a static library, and significant bugfixes related to Windows relay performance. It also includes numerous smaller features and bugfixes. Below are the changes since 0.4.4.4-rc. For a complete list of changes since 0.4.4.7, see the ReleaseNotes file. o Major bugfixes (IPv6, relay): - Fix a bug that prevented a relay from publishing its descriptor if an auto-discovered IPv6 that was found unreachable. Fixes bug 40279; bugfix on 0.4.5.1-alpha. o Minor features (protocol versions): - Stop claiming to support the "DirCache=1" subprotocol version. Technically, we stopped supporting this subprotocol back in 0.4.5.1-alpha, but we needed to wait for the authorities to stop listing it as "required" before we could drop it from the list. Closes ticket 40221. o Minor bugfixes (logging): - Avoid a spurious log message about missing subprotocol versions, when the consensus that we're reading from is older than the current release. Previously we had made this message nonfatal, but in practice, it is never relevant when the consensus is older than the current release. Fixes bug 40281; bugfix on 0.4.0.1-alpha. o Minor bugfixes (metrics port): - Fix a bug warning when a metrics port socket was unexpectedly closed. Fixes bug 40257; bugfix on 0.4.5.1-alpha o Minor bugfixes (relay): - Allow relays to have a RFC1918 address if PublishServerDescriptor is set to 0 and AssumeReachable is set to 1. This is to support the use case of a bridge on a local network, exposed via a pluggable transport. Fixes bug 40208; bugfix on 0.4.5.1-alpha. o Minor bugfixes (relay, config): - Fix a problem in the removal of duplicate ORPorts from the internal port list when loading the config file. We were removing the wrong ports, breaking valid torrc uses cases for multiple ORPorts of the same address family. Fixes bug 40289; bugfix on 0.4.5.1-alpha. cheers, -- Nick

1 0

Of potential interest: changes to Tor's LTS policy
by Nick Mathewson 05 Feb '21

05 Feb '21

Hello! I've been working on a proposed change to Tor's LTS policies. I've run it by a few people already, and now I've posted it on tor-dev for broader comment. If you're not on tor-dev, you can read it at https://lists.torproject.org/pipermail/tor-dev/2021-February/014515.html (summary: If we decide to do this, we will still be able to do LTS releases, but we will backport fewer things to them, and we will make fewer promises about how well they will work on the network.) I'm especially interested in feedback from packagers here. best wishes, -- Nick

2 1