[tor-announce] New stable Tor releases:,,

Nick Mathewson nickm at torproject.org
Thu Nov 12 15:39:02 UTC 2020


(If you are about to reply saying "please take me off this list",
instead please follow these instructions:
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/ .
If you have trouble, it is probably because you subscribed using a
different address than the one you are trying to unsubscribe with. You
will have to enter the actual email address you used when you

Source code for Tor is now available; you can download the
source code from the download page at
https://www.torproject.org/download/tor/. Packages should be available
within the next several weeks, with a new Tor Browser coming next

Also today, Tor and have also been released; you can
find them (and source for older Tor releases) at
https://dist.torproject.org/ . Their changelogs are here:

(Note that there's an error in the changelog: Support for
0.4.3.x will in fact continue until 15 February 2021.)

Changes in version - 2020-11-12
  Tor is the second stable release in the 0.4.4.x series. It
  backports fixes from later releases, including a fix for TROVE-2020-
  005, a security issue that could be used, under certain cases, by an
  adversary to observe traffic patterns on a limited number of circuits
  intended for a different relay.

  o Major bugfixes (security, backport from
    - When completing a channel, relays now check more thoroughly to
      make sure that it matches any pending circuits before attaching
      those circuits. Previously, address correctness and Ed25519
      identities were not checked in this case, but only when extending
      circuits on an existing channel. Fixes bug 40080; bugfix on Resolves TROVE-2020-005.

  o Minor features (directory authorities, backport from
    - Authorities now list a different set of protocols as required and
      recommended. These lists have been chosen so that only truly
      recommended and/or required protocols are included, and so that
      clients using 0.2.9 or later will continue to work (even though
      they are not supported), whereas only relays running 0.3.5 or
      later will meet the requirements. Closes ticket 40162.
    - Make it possible to specify multiple ConsensusParams torrc lines.
      Now directory authority operators can for example put the main
      ConsensusParams config in one torrc file and then add to it from a
      different torrc file. Closes ticket 40164.

  o Minor features (subprotocol versions, backport from
    - Tor no longer allows subprotocol versions larger than 63.
      Previously version numbers up to UINT32_MAX were allowed, which
      significantly complicated our code. Implements proposal 318;
      closes ticket 40133.

  o Minor features (tests, v2 onion services, backport from
    - Fix a rendezvous cache unit test that was triggering an underflow
      on the global rend cache allocation. Fixes bug 40125; bugfix
    - Fix another rendezvous cache unit test that was triggering an
      underflow on the global rend cache allocation. Fixes bug 40126;
      bugfix on

  o Minor bugfixes (compilation, backport from
    - Fix compiler warnings that would occur when building with
      "--enable-all-bugs-are-fatal" and "--disable-module-relay" at the
      same time. Fixes bug 40129; bugfix on
    - Resolve a compilation warning that could occur in
      test_connection.c. Fixes bug 40113; bugfix on

  o Minor bugfixes (logging, backport from
    - Remove a debug logging statement that uselessly spammed the logs.
      Fixes bug 40135; bugfix on

  o Minor bugfixes (relay configuration, crash, backport from
    - Avoid a fatal assert() when failing to create a listener
      connection for an address that was in use. Fixes bug 40073; bugfix

  o Minor bugfixes (v2 onion services, backport from
    - For HSFETCH commands on v2 onion services addresses, check the
      length of bytes decoded, not the base32 length. Fixes bug 34400;
      bugfix on Patch by Neel Chauhan.

More information about the tor-announce mailing list