From 726d4078bb3798abd6bf793c553ab4598c0037fe Mon Sep 17 00:00:00 2001 From: =?utf8?q?Peter=20M=C3=BCller?= Date: Sun, 28 Sep 2025 22:29:00 +0000 Subject: [PATCH] Tor: Update to 0.4.8.18 MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Changes in version 0.4.8.18 - 2025-09-16 This is a minor release with a major onion service directory cache (HSDir) bug fix. A series of minor bugfixes as well. As always, we strongly recommend to upgrade as soon as possible. o Major bugfixes (onion service directory cache): - Preserve the download counter of an onion service descriptor across descriptor uploads, so that recently updated descriptors don't get pruned if there is memory pressure soon after update. Additionally, create a separate torrc option MaxHSDirCacheBytes that defaults to the former 20% of MaxMemInQueues threshold, but can be controlled by relay operators under DoS. Also enforce this theshold during HSDir uploads. Fixes bug 41006; bugfix on 0.4.8.14. o Minor feature (padding, logging): - Reduce the amount of messages being logged related to channel padding timeout when log level is "notice". o Minor features (fallbackdir): - Regenerate fallback directories generated on September 16, 2025. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2025/09/16. o Minor bugfix (conflux): - Remove the pending nonce if we realize that the nonce of the unlinked circuit is not tracked anymore. Should avoid the non fatal assert triggered with a control port circuit event. Fixes bug 41037; bugfix on 0.4.8.15. o Minor bugfixes (circuit handling): - Prevent circuit_mark_for_close() from being called twice on the same circuit. Second fix attempt Fixes bug 41106; bugfix on 0.4.8.17 o Minor bugfixes (threads): - Make thread control POSIX compliant. Fixes bug 41109; bugfix on 0.4.8.17-dev. Changes in version 0.4.8.17 - 2025-06-30 This is a minor providing a series of minor features especially in the realm of TLS. It also brings a new set of recommended and required sub protocols. And finally, few minor bugfixes, nothing major. As always, we strongly recommend you upgrade as soon as possible. o Minor features (security, TLS): - When we are running with OpenSSL 3.5.0 or later, support using the ML-KEM768 for post-quantum key agreement. Closes ticket 41041. o Minor feature (client, TLS): - Set the TLS 1.3 cipher list instead of falling back on the default value. o Minor features (fallbackdir): - Regenerate fallback directories generated on June 30, 2025. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2025/06/30. o Minor features (hsdesc POW): - Tolerate multiple PoW schemes in onion service descriptors, for future extensibility. Implements torspec ticket 272. o Minor features (performance TLS): - When running with with OpenSSL 3.0.0 or later, support using X25519 for TLS key agreement. (This should slightly improve performance for TLS session establishment.) o Minor features (portability): - Fix warnings when compiling with GCC 15. Closes ticket 41079. o Minor features (recommended protocols): - Directory authorities now vote to recommend that clients support certain protocols beyond those that are required. These include improved support for connecting to relays on IPv6, NtorV3, and congestion control. Part of ticket 40836. o Minor features (required protocols): - Directory authorities now vote to require clients to support the authenticated SENDME feature, which was introduced in 0.4.1.1-alpha. Part of ticket 40836. - Directory authorities now vote to require relays to support certain protocols, all of which have been implemented since 0.4.7.4-alpha or earlier. These include improved support for connecting to relays on IPv6, NtorV3, running as a rate-limited introduction point, authenticated SENDMEs, and congestion control. Part of ticket 40836. o Minor bugfix (conflux): - Avoid a non fatal assert when describing a conflux circuit on the control port after being prepped to be freed. Fixes bug 41037; bugfix on 0.4.8.15. o Minor bugfixes (circuit handling): - Prevent circuit_mark_for_close() from being called twice on the same circuit. Fixes bug 40951; bugfix on 0.4.8.16-dev. o Minor bugfixes (compiler warnings): - Make sure the two bitfields in the half-closed edge struct are unsigned, as we're using them for boolean values and assign 1 to them. Fixes bug 40911; bugfix on 0.4.7.2-alpha. o Minor bugfixes (threads, memory): - Improvements in cleanup of resources used by threads. Fixes bug 40991; bugfix on 0.4.8.13-dev. - Rework start and exit of worker threads. Signed-off-by: Peter Müller Signed-off-by: Michael Tremer --- lfs/tor | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/tor b/lfs/tor index 0d57f5fed..af16cc982 100644 --- a/lfs/tor +++ b/lfs/tor @@ -26,7 +26,7 @@ include Config SUMMARY = Anonymizing overlay network for TCP (The onion router) -VER = 0.4.8.16 +VER = 0.4.8.18 THISAPP = tor-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 89 +PAK_VER = 90 DEPS = libseccomp @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = fdaf3d124d3e1b11589a5219033c8d37d3e6c8986ff60e930d2bf80532dd6be4c7ee1634bd0806bd283a9954e4478f3be7b9b61abd13e3274fef3b8373df1b00 +$(DL_FILE)_BLAKE2 = 8a2ff369d3b29557a4bb3018dcc5c17b04e459626d23a44bed2968c938a4073ff85c88f734b8f732273197cbb173b70906b4f553db7a432cfbefad73329f6349 install : $(TARGET) -- 2.47.3