From 063906ebc232ec0c3d95b29fdb3b68c6f4e980c8 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Peter=20M=C3=BCller?= Date: Wed, 24 Nov 2021 12:12:27 +0100 Subject: [PATCH] Tor: update to 0.4.6.8 MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Full changelog as per https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.6.8: Changes in version 0.4.6.8 - 2021-10-26 This version fixes several bugs from earlier versions of Tor. One highlight is a fix on how we track DNS timeouts to report general relay overload. o Major bugfixes (relay, overload state): - Relays report the general overload state for DNS timeout errors only if X% of all DNS queries over Y seconds are errors. Before that, it only took 1 timeout to report the overload state which was just too low of a threshold. The X and Y values are 1% and 10 minutes respectively but they are also controlled by consensus parameters. Fixes bug 40491; bugfix on 0.4.6.1-alpha. o Minor features (fallbackdir): - Regenerate fallback directories for October 2021. Closes ticket 40493. o Minor features (testing): - On a testing network, relays can now use the TestingMinTimeToReportBandwidth option to change the smallest amount of time over which they're willing to report their observed maximum bandwidth. Previously, this was fixed at 1 day. For safety, values under 2 hours are only supported on testing networks. Part of a fix for ticket 40337. - Relays on testing networks no longer rate-limit how frequently they are willing to report new bandwidth measurements. Part of a fix for ticket 40337. - Relays on testing networks now report their observed bandwidths immediately from startup. Previously, they waited until they had been running for a full day. Closes ticket 40337. o Minor bugfix (onion service): - Do not flag an HSDir as non-running in case the descriptor upload or fetch fails. An onion service closes pending directory connections before uploading a new descriptor which can thus lead to wrongly flagging many relays and thus affecting circuit building path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. - Improve logging when a bad HS version is given. Fixes bug 40476; bugfix on 0.4.6.1-alpha. o Minor bugfix (CI, onion service): - Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500; bugfix on 0.3.2.1-alpha. o Minor bugfixes (compatibility): - Fix compatibility with the most recent Libevent versions, which no longer have an evdns_set_random_bytes() function. Because this function has been a no-op since Libevent 2.0.4-alpha, it is safe for us to just stop calling it. Fixes bug 40371; bugfix on 0.2.1.7-alpha. o Minor bugfixes (onion service, TROVE-2021-008): - Only log v2 access attempts once total, in order to not pollute the logs with warnings and to avoid recording the times on disk when v2 access was attempted. Note that the onion address was _never_ logged. This counts as a Low-severity security issue. Fixes bug 40474; bugfix on 0.4.5.8. Since we configure Tor to use libseccomp, the latter has been updated for kernel 5.15 as well, hence we need to ship Tor either way. Signed-off-by: Peter Müller --- lfs/tor | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/tor b/lfs/tor index 7aaad07d31..1c41ef89d4 100644 --- a/lfs/tor +++ b/lfs/tor @@ -24,7 +24,7 @@ include Config -VER = 0.4.6.7 +VER = 0.4.6.8 THISAPP = tor-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 64 +PAK_VER = 65 DEPS = libseccomp @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = ff80309cfaa0719b197fdaf83f9d5443 +$(DL_FILE)_MD5 = e65cbb78aece2c135f635970e555506a install : $(TARGET) -- 2.39.5