+Changes in version 0.4.9.2-alpha - 2025-09-16
+ This is the second alpha release and likely the last before going stable.
+ This release contains the new CGO circuit encryption. See proposal 359 for
+ more details. Several TLS minor fixes which will strengthen the link
+ security.
+
+ o New system requirements:
+ - When built with LibreSSL, Tor now requires LibreSSL 3.7 or later.
+ Part of ticket 41059.
+ - When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later.
+ (We strongly recommend 3.0 or later, but still build with 1.1.1,
+ even though it is not supported by the OpenSSL team, due to its
+ presence in Debian oldstable.) Part of ticket 41059.
+
+ o Major features (cell format):
+ - Tor now has (unused) internal support to encode and decode relay
+ messages in the new format required by our newer CGO encryption
+ algorithm. Closes ticket 41051. Part of proposal 359.
+
+ o Major features (cryptography):
+ - Clients and relays can now negotiate Counter Galois Onion (CGO)
+ relay cryptography, as designed by Jean Paul Degabriele,
+ Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO
+ provides improved resistance to several kinds of tagging attacks,
+ better forward secrecy, and better forgery resistance. Closes
+ ticket 41047. Implements proposal 359.
+
+ o Major bugfixes (onion service directory cache):
+ - Preserve the download counter of an onion service descriptor
+ across descriptor uploads, so that recently updated descriptors
+ don't get pruned if there is memory pressure soon after update.
+ Additionally, create a separate torrc option MaxHSDirCacheBytes
+ that defaults to the former 20% of MaxMemInQueues threshold, but
+ can be controlled by relay operators under DoS. Also enforce this
+ theshold during HSDir uploads. Fixes bug 41006; bugfix
+ on 0.4.8.14.
+
+ o Minor features (security):
+ - Increase the size of our finite-field Diffie Hellman TLS group
+ (which we should never actually use!) to 2048 bits. Part of
+ ticket 41067.
+ - Require TLS version 1.2 or later. (Version 1.3 support will be
+ required in the near future.) Part of ticket 41067.
+ - Update TLS 1.2 client cipher list to match current Firefox. Part
+ of ticket 41067.
+
+ o Minor features (security, TLS):
+ - When we are running with OpenSSL 3.5.0 or later, support using the
+ ML-KEM768 for post-quantum key agreement. Closes ticket 41041.
+
+ o Minor feature (client, TLS):
+ - Set the TLS 1.3 cipher list instead of falling back on the
+ default value.
+
+ o Minor feature (padding, logging):
+ - Reduce the amount of messages being logged related to channel
+ padding timeout when log level is "notice".
+
+ o Minor features (bridges):
+ - Save complete bridge lines to 'datadir/bridgelines'. Closes
+ ticket 29128.
+
+ o Minor features (fallbackdir):
+ - Regenerate fallback directories generated on September 16, 2025.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2025/09/16.
+
+ o Minor features (hidden services):
+ - Reduce the minimum value of hsdir_interval to match recent tor-
+ spec change.
+
+ o Minor features (hsdesc POW):
+ - Tolerate multiple PoW schemes in onion service descriptors, for
+ future extensibility. Implements torspec ticket 272.
+
+ o Minor features (performance TLS):
+ - When running with with OpenSSL 3.0.0 or later, support using
+ X25519 for TLS key agreement. (This should slightly improve
+ performance for TLS session establishment.)
+
+ o Minor features (portability):
+ - Fix warnings when compiling with GCC 15. Closes ticket 41079.
+
+ o Minor bugfix (conflux):
+ - Remove the pending nonce if we realize that the nonce of the
+ unlinked circuit is not tracked anymore. Should avoid the non
+ fatal assert triggered with a control port circuit event. Fixes
+ bug 41037; bugfix on 0.4.8.15.
+
+ o Minor bugfixes (bridges, pluggable transport):
+ - Fix a bug causing the initial tor process to hang intead of
+ exiting with RunAsDaemon, when pluggable transports are used.
+ Fixes bug 41088; bugfix on 0.4.9.1-alpha.
+
+ o Minor bugfixes (circuit handling):
+ - Prevent circuit_mark_for_close() from being called twice on the
+ same circuit. Fixes bug 40951; bugfix on 0.4.8.16-dev.
+ - Prevent circuit_mark_for_close() from being called twice on the
+ same circuit. Second fix attempt Fixes bug 41106; bugfix
+ on 0.4.8.17
+
+ o Minor bugfixes (compilation):
+ - Fix linking on systems without a working stdatomic.h. Fixes bug
+ 41076; bugfix on 0.4.9.1-alpha.
+
+ o Minor bugfixes (compiler warnings):
+ - Make sure the two bitfields in the half-closed edge struct are
+ unsigned, as we're using them for boolean values and assign 1 to
+ them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
+
+ o Minor bugfixes (logging, metrics port):
+ - Count BUG statements for the MetricsPort only if they are warnings
+ or errors. Fixes bug 41104; bugfix on 0.4.7.1-alpha. Patch
+ contributed by shadowcoder.
+
+ o Minor bugfixes (protocol):
+ - Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH
+ messages. Previously, it was always set to the maximum value.
+ Fixes bug 41056; bugfix on 0.4.8.1-alpha.
+
+ o Minor bugfixes (relay):
+ - Fix a crash when FamilyKeyDir is a path that cannot be read. Fixes
+ bug 41043; bugfix on 0.4.9.2-alpha.
+
+ o Minor bugfixes (threads):
+ - Make thread control POSIX compliant. Fixes bug 41109; bugfix
+ on 0.4.8.17-dev.
+
+ o Removed features:
+ - Relays no longer support clients that falsely advertise TLS
+ ciphers they don't really support. (Clients have not done this
+ since 0.2.3.17-beta). Part of ticket 41031.
+ - Relays no longer support clients that require obsolete v1 and v2
+ link handshakes. (The v3 link handshake has been supported since
+ 0.2.3.6-alpha). Part of ticket 41031.
+
+
Changes in version 0.4.8.17 - 2025-06-30
This is a minor providing a series of minor features especially in the realm
of TLS. It also brings a new set of recommended and required sub protocols.
release of Tor. If you want to see more detailed descriptions of the
changes in each development snapshot, see the ChangeLog file.
+Changes in version 0.4.9.2-alpha - 2025-09-16
+ This is the second alpha release and likely the last before going stable.
+ This release contains the new CGO circuit encryption. See proposal 359 for
+ more details. Several TLS minor fixes which will strengthen the link
+ security.
+
+ o New system requirements:
+ - When built with LibreSSL, Tor now requires LibreSSL 3.7 or later.
+ Part of ticket 41059.
+ - When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later.
+ (We strongly recommend 3.0 or later, but still build with 1.1.1,
+ even though it is not supported by the OpenSSL team, due to its
+ presence in Debian oldstable.) Part of ticket 41059.
+
+ o Major features (cell format):
+ - Tor now has (unused) internal support to encode and decode relay
+ messages in the new format required by our newer CGO encryption
+ algorithm. Closes ticket 41051. Part of proposal 359.
+
+ o Major features (cryptography):
+ - Clients and relays can now negotiate Counter Galois Onion (CGO)
+ relay cryptography, as designed by Jean Paul Degabriele,
+ Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO
+ provides improved resistance to several kinds of tagging attacks,
+ better forward secrecy, and better forgery resistance. Closes
+ ticket 41047. Implements proposal 359.
+
+ o Major bugfixes (onion service directory cache):
+ - Preserve the download counter of an onion service descriptor
+ across descriptor uploads, so that recently updated descriptors
+ don't get pruned if there is memory pressure soon after update.
+ Additionally, create a separate torrc option MaxHSDirCacheBytes
+ that defaults to the former 20% of MaxMemInQueues threshold, but
+ can be controlled by relay operators under DoS. Also enforce this
+ theshold during HSDir uploads. Fixes bug 41006; bugfix
+ on 0.4.8.14.
+
+ o Minor features (security):
+ - Increase the size of our finite-field Diffie Hellman TLS group
+ (which we should never actually use!) to 2048 bits. Part of
+ ticket 41067.
+ - Require TLS version 1.2 or later. (Version 1.3 support will be
+ required in the near future.) Part of ticket 41067.
+ - Update TLS 1.2 client cipher list to match current Firefox. Part
+ of ticket 41067.
+
+ o Minor features (security, TLS):
+ - When we are running with OpenSSL 3.5.0 or later, support using the
+ ML-KEM768 for post-quantum key agreement. Closes ticket 41041.
+
+ o Minor feature (client, TLS):
+ - Set the TLS 1.3 cipher list instead of falling back on the
+ default value.
+
+ o Minor feature (padding, logging):
+ - Reduce the amount of messages being logged related to channel
+ padding timeout when log level is "notice".
+
+ o Minor features (bridges):
+ - Save complete bridge lines to 'datadir/bridgelines'. Closes
+ ticket 29128.
+
+ o Minor features (fallbackdir):
+ - Regenerate fallback directories generated on June 30, 2025.
+ - Regenerate fallback directories generated on September 16, 2025.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2025/06/30.
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2025/09/16.
+
+ o Minor features (hidden services):
+ - Reduce the minimum value of hsdir_interval to match recent tor-
+ spec change.
+
+ o Minor features (hsdesc POW):
+ - Tolerate multiple PoW schemes in onion service descriptors, for
+ future extensibility. Implements torspec ticket 272.
+
+ o Minor features (performance TLS):
+ - When running with with OpenSSL 3.0.0 or later, support using
+ X25519 for TLS key agreement. (This should slightly improve
+ performance for TLS session establishment.)
+
+ o Minor features (portability):
+ - Fix warnings when compiling with GCC 15. Closes ticket 41079.
+
+ o Minor bugfix (conflux):
+ - Remove the pending nonce if we realize that the nonce of the
+ unlinked circuit is not tracked anymore. Should avoid the non
+ fatal assert triggered with a control port circuit event. Fixes
+ bug 41037; bugfix on 0.4.8.15.
+
+ o Minor bugfixes (bridges, pluggable transport):
+ - Fix a bug causing the initial tor process to hang intead of
+ exiting with RunAsDaemon, when pluggable transports are used.
+ Fixes bug 41088; bugfix on 0.4.9.1-alpha.
+
+ o Minor bugfixes (circuit handling):
+ - Prevent circuit_mark_for_close() from being called twice on the
+ same circuit. Fixes bug 40951; bugfix on 0.4.8.16-dev.
+ - Prevent circuit_mark_for_close() from being called twice on the
+ same circuit. Second fix attempt Fixes bug 41106; bugfix
+ on 0.4.8.17
+
+ o Minor bugfixes (compilation):
+ - Fix linking on systems without a working stdatomic.h. Fixes bug
+ 41076; bugfix on 0.4.9.1-alpha.
+
+ o Minor bugfixes (compiler warnings):
+ - Make sure the two bitfields in the half-closed edge struct are
+ unsigned, as we're using them for boolean values and assign 1 to
+ them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
+
+ o Minor bugfixes (logging, metrics port):
+ - Count BUG statements for the MetricsPort only if they are warnings
+ or errors. Fixes bug 41104; bugfix on 0.4.7.1-alpha. Patch
+ contributed by shadowcoder.
+
+ o Minor bugfixes (protocol):
+ - Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH
+ messages. Previously, it was always set to the maximum value.
+ Fixes bug 41056; bugfix on 0.4.8.1-alpha.
+
+ o Minor bugfixes (relay):
+ - Fix a crash when FamilyKeyDir is a path that cannot be read. Fixes
+ bug 41043; bugfix on 0.4.9.2-alpha.
+
+ o Minor bugfixes (threads):
+ - Make thread control POSIX compliant. Fixes bug 41109; bugfix
+ on 0.4.8.17-dev.
+
+ o Removed features:
+ - Relays no longer support clients that falsely advertise TLS
+ ciphers they don't really support. (Clients have not done this
+ since 0.2.3.17-beta). Part of ticket 41031.
+ - Relays no longer support clients that require obsolete v1 and v2
+ link handshakes. (The v3 link handshake has been supported since
+ 0.2.3.6-alpha). Part of ticket 41031.
+
+
Changes in version 0.4.8.17 - 2025-06-30
This is a minor providing a series of minor features especially in the realm
of TLS. It also brings a new set of recommended and required sub protocols.
+++ /dev/null
- o Removed features:
- - Relays no longer support clients that require obsolete v1 and v2
- link handshakes. (The v3 link handshake has been supported since
- 0.2.3.6-alpha). Part of ticket 41031.
- - Relays no longer support clients that falsely advertise TLS
- ciphers they don't really support.
- (Clients have not done this since 0.2.3.17-beta).
- Part of ticket 41031.
+++ /dev/null
- o Minor bugfixes (compiler warnings):
- - Make sure the two bitfields in the half-closed edge struct are
- unsigned, as we're using them for boolean values and assign 1 to
- them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
-
+++ /dev/null
- o Minor bugfixes (circuit handling):
- - Prevent circuit_mark_for_close() from
- being called twice on the same circuit.
- Fixes bug 40951; bugfix on 0.4.8.16-dev.
\ No newline at end of file
+++ /dev/null
- o Minor bugfixes (relay):
- - Fix a crash when FamilyKeyDir is a path that cannot be read.
- Fixes bug 41043; bugfix on 0.4.9.2-alpha.
+++ /dev/null
- o Minor bugfixes (protocol):
- - Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH
- messages. Previously, it was always set to the maximum value.
- Fixes bug 41056; bugfix on 0.4.8.1-alpha.
+++ /dev/null
- o Minor bugfixes (compilation):
- - Fix linking on systems without a working stdatomic.h.
- Fixes bug 41076; bugfix on 0.4.9.1-alpha.
+++ /dev/null
- o Minor bugfixes (bridges, pluggable transport):
- - Fix a bug causing the initial tor process to hang intead of exiting with
- RunAsDaemon, when pluggable transports are used.
- Fixes bug 41088; bugfix on 0.4.9.1-alpha.
+++ /dev/null
- o Minor bugfixes (circuit handling):
- - Prevent circuit_mark_for_close() from
- being called twice on the same circuit.
- Second fix attempt
- Fixes bug 41106; bugfix on 0.4.8.17
+++ /dev/null
- o Minor bugfixes (threads):
- - Make thread control POSIX compliant.
- Fixes bug 41109; bugfix on 0.4.8.17-dev.
+++ /dev/null
- o Major features (cryptography):
- - Clients and relays can now negotiate Counter Galois Onion (CGO)
- relay cryptography, as designed by Jean Paul Degabriele, Alessandro
- Melloni, Jean-Pierre Münch, and Martijn Stam.
- CGO provides improved resistance to several kinds
- of tagging attacks, better forward secrecy, and better
- forgery resistance. Closes ticket 41047.
- Implements proposal 359.
+++ /dev/null
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on June 30, 2025.
+++ /dev/null
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on September 16, 2025.
+++ /dev/null
- o Minor features (portability):
- - Fix warnings when compiling with GCC 15.
- Closes ticket 41079.
+++ /dev/null
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2025/06/30.
+++ /dev/null
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2025/09/16.
+++ /dev/null
- o Minor features (hidden services):
- - Reduce the minimum value of hsdir_interval to match recent tor-spec change.
+++ /dev/null
- o Minor feature (padding, logging):
- - Reduce the amount of messages being logged related to channel padding
- timeout when log level is "notice".
+++ /dev/null
- o Minor features (bridges):
- - Save complete bridge lines to 'datadir/bridgelines'. Closes ticket 29128.
+++ /dev/null
- o Major bugfixes (onion service directory cache):
- - Preserve the download counter of an onion service descriptor across
- descriptor uploads, so that recently updated descriptors don't get
- pruned if there is memory pressure soon after update. Additionally,
- create a separate torrc option MaxHSDirCacheBytes that defaults to the
- former 20% of MaxMemInQueues threshold, but can be controlled by
- relay operators under DoS. Also enforce this theshold during HSDir
- uploads. Fixes bug 41006; bugfix on 0.4.8.14.
+++ /dev/null
- o Minor bugfix (conflux):
- - Remove the pending nonce if we realize that the nonce of the unlinked
- circuit is not tracked anymore. Should avoid the non fatal assert
- triggered with a control port circuit event. Fixes bug 41037; bugfix on 0.4.8.15.
+++ /dev/null
- o Minor features (security, TLS):
- - When we are running with OpenSSL 3.5.0 or later,
- support using the ML-KEM768 for post-quantum key agreement.
- Closes ticket 41041.
-
- o Minor features (performance TLS):
- - When running with with OpenSSL 3.0.0 or later,
- support using X25519 for TLS key agreement.
- (This should slightly improve performance
- for TLS session establishment.)
+++ /dev/null
- o Major features (cell format):
- - Tor now has (unused) internal support to encode and decode
- relay messages in the new format required by our newer
- CGO encryption algorithm.
- Closes ticket 41051. Part of proposal 359.
+++ /dev/null
- o New system requirements:
- - When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later.
- (We strongly recommend 3.0 or later, but still build with 1.1.1,
- even though it is not supported by the OpenSSL team,
- due to its presence in Debian oldstable.)
- Part of ticket 41059.
- - When built with LibreSSL, Tor now requires LibreSSL 3.7 or later.
- Part of ticket 41059.
+++ /dev/null
- o Minor features (security):
- - Require TLS version 1.2 or later. (Version 1.3 support will
- be required in the near future.) Part of ticket 41067.
- - Update TLS 1.2 client cipher list to match current Firefox.
- Part of ticket 41067.
- - Increase the size of our finite-field Diffie Hellman TLS group
- (which we should never actually use!) to 2048 bits.
- Part of ticket 41067.
+++ /dev/null
- o Minor bugfixes (logging, metrics port):
- - Count BUG statements for the MetricsPort only if they are warnings or
- errors. Fixes bug 41104; bugfix on 0.4.7.1-alpha. Patch contributed
- by shadowcoder.
+++ /dev/null
- o Minor feature (client, TLS):
- - Set the TLS 1.3 cipher list instead of falling back on the default value.
+++ /dev/null
- o Minor features (hsdesc POW):
- - Tolerate multiple PoW schemes in onion service descriptors,
- for future extensibility.
- Implements torspec ticket 272.
projects / thirdparty / tor.git / commitdiff
