- tor-packagers - lists.torproject.org

Tor 0.4.0.4-rc is now available
by Nick Mathewson 12 Apr '19

12 Apr '19

Hi, all! There's a new release candidate for 0.4.0.x available at https://dist.torproject.org. Please remember to check the signatures. If no serious bugs are found here, this will become a stable release. You can find the changelog at https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.0.4-rc . (Also, a reminder: the clock is ticking on 0.2.9 and 0.3.4. Support for 0.3.4 will end on June 10 of this year; support for 0.2.9 will end January 1 of 2020. If you need a version with long term support, make sure that you upgrade to 0.3.5.x. As usual, our release plans are at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTor…) cheers, -- Nick

1 0

Tor 0.4.0.3-alpha is released!
by Nick Mathewson 22 Mar '19

22 Mar '19

Hi! The Tor 0.4.0.3-alpha source code is now available on https://dist.torproject.org. It fixes several bugs in previous alphas. You can find the changelog at https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.0.3-alpha best wishes, -- Nick

1 0

New source releases: Tor 0.3.3.12, 0.3.4.11, 0.3.5.8, 0.4.0.2-alpha
by Nick Mathewson 21 Feb '19

21 Feb '19

Hello! There are new releases available at https://dist.torproject.org/ ; please remember to check the signatures. These releases fix TROVE-2019-001, a possible security bug involving the KIST cell scheduler code in versions 0.3.2.1-alpha and later. We are not certain that it is possible to exploit this bug in the wild, but out of an abundence caution, we recommend that all affected users upgrate. The potential impact is a remote denial-of-service attack against clients or relays. Please remember that 0.3.3.12 is is our last anticipated release in the 0.3.3.x series; support for that series will end next week. Other current supported stable release series are: 0.2.9.x (long term support, end of life at Jan 1, 2020) 0.3.4.x (end-of-life at June 10, 2019) 0.3.5.x (long-term support, end of life at Feb 1, 2022) 0.4.0.x (currently in alpha; planned to be stable in April 2019 and supported until at least Jan 2020) You can find all of the changelogs at: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.3.12 https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.4.11 https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.5.8 https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.0.2-alpha I'll be sending out an official announcement soon. yrs, -- Nick

1 0

Fwd: Upcoming stable releases to fix a medium-severity security issue
by Nick Mathewson 20 Feb '19

20 Feb '19

---------- Forwarded message --------- From: Nick Mathewson <nickm(a)torproject.org> Date: Wed, Feb 20, 2019 at 12:29 PM Subject: Upcoming stable releases to fix a medium-severity security issue To: <tor-talk(a)lists.torproject.org> Hi! I'm planning to put out new Tor source releases some time Thursday or Friday. They will be versions 0.3.3.12, 0.3.4.11, 0.3.5.8, and 0.4.0.2-alpha. These versions will, among the usual array of bugfixes, fix a medium-severity security issue: a remote denial-of-service attack vector against relays and clients running version 0.3.2.1-alpha and later. While we don't currently know an exploit for the issue, we hope that all affected relays will upgrade. The issue is traced as TROVE-2019-001, Tor bug #29168, and CVE-2019-8955. One more reminder: the 0.3.3.x series was scheduled to reach end-of-life as of February 22. We've extended that to February 28, but after that date, there will be no more security updates for the 0.3.3.x series. If you need a version that will receive long-term support, we recommend that you stick with 0.3.5.x, which will be supported until 2022. best wishes, -- Nick

1 0

Tor 0.4.0.1-alpha is released!
by Nick Mathewson 18 Jan '19

18 Jan '19

Hi! We've got a new dev release: Tor 0.4.0.1-alpha. It's in feature-freeze, and it needs testing. The code is now available at https://dist.torproject.org/ -- I'll send out the official announcements once the download page has updated. You can read the changelog online at https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.0.1-alpha A note: for the new padding backend, we now include some code that implements different statistical distributions. That code needs stochastic tests -- and stochastic tests have a false positive rate. This means that right now, the "test-slow" test suite will fail about 1 time in 300 with a message saying that some stochastic test has failed. I realize that this is inconvenient, especially if you're running a bunch of builds: We're going to try to lower the observed false positive rate for these tests between now and 0.4.0.2-alpha. happy hacking, -- Nick

1 0

Fwd: Nyx Release 2.1.0
by Damian Johnson 13 Jan '19

13 Jan '19

Hi lovely packaging community! Quick friendly head's up that Nyx has a new release. If you run into any issues please let me know. https://pypi.org/project/nyx/ https://nyx.torproject.org/changelog/index.html#version-2-1 Cheers! -Damian ---------- Forwarded message --------- From: Damian Johnson <atagar(a)torproject.org> Date: Sat, Jan 12, 2019 at 3:59 PM Subject: Nyx Release 2.1.0 To: tor-project <tor-project(a)lists.torproject.org> Hi all, I'm pleased to announce Nyx 2.1.0. This is a fixup release that corrects issues uncovered over this last year... https://nyx.torproject.org/changelog/index.html#version-2-1 Cheers! -Damian

1 0

Tor 0.3.3.11, 0.3.4.10, and 0.3.5.7 (!) are released!
by Nick Mathewson 08 Jan '19

08 Jan '19

Hi! I've uploaded new releases to https://dist.torproject.org. Please check the signatures. (Unless you think that the internet is a nice safe place. But if you think that, why are you packaging Tor?) These releases are important for servers and less so for clients, though if you are packaging for an environment that packages OpenSSL 1.1.x, you should really upgrade: there's a fix here to make TLS 1.3 actually work and not crash when you run openssl 1.1.1a. === This is the first stable release for Tor 0.3.5.7. We think it's great, though if you're set on 0.3.4.x, I can't blame you if you take a little while to change over. Don't wait too long though: 0.3.4.x is only supported till June 10. By the way, if you don't like releases becoming "unsupported" all of a sudden, then 0.3.5.x is the one you should standardize on: it is an LTS release, and we plan to support it until at least Feb 2022. The other LTS release, 0.2.9.x, is only going to be supported until Jan 2020. And as for 0.3.3.x? It becomes unsupported on Feb 22 of this year. I hope this is not a surprise! If it was, please see https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTor… to learn more about our release policy and plans. All best wishes to you, and all my thanks in this new year for helping people get the privacy they need. Sincerely, -- Nick Mathewson

1 0

Stem 1.7.1 Hotfix Release
by Damian Johnson 27 Dec '18

27 Dec '18

Hi lovely packaging community. I've cut a hotfix release for Stem per Nick's request [1]. Version 1.7.1 is now available on... https://pypi.org/project/stem/ The only change is a small regex fix [2] so we have forward compatibility with tor's upcoming 0.4.0.x series. Without this Stem's launch_tor() method will fail, timing out due to being unable to find a bootstrap message indicating 'success' Nyx does *not* use this method so there's no need to worry about bumping its dependency. This only impacts applications that launch tor such as OnionLauncher and TorNova. Cheers! -Damian [1] https://trac.torproject.org/projects/tor/ticket/28731#comment:18 [2] https://gitweb.torproject.org/stem.git/commit/?id=991291c

2 1

Tor 0.3.5.6-rc is signed and uploaded
by Nick Mathewson 18 Dec '18

18 Dec '18

Hi, all! I have just signed and taged Tor 0.3.5.6-rc, and uploaded it to the usual place at https://dist.torproject.org/ . Please be sure to check the signature! You can find the changelog at https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.5.6-rc&id=a0… I'll be posting official announcements after the website has updated. best wishes, -- Nick

1 0

Tor 0.3.5.5-alpha is available for download
by Nick Mathewson 16 Nov '18

16 Nov '18

Hi, all! You can get the latest Tor alpha release at https://dist.torproject.org/. Official announcement to follow once the website has updated. Changelog at https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.5.5-alpha We're getting closer and closer to having 0.3.5 be stable, so please do what you can to help users try this one out. yrs, -- Nick

1 0