[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-announce] New stable Tor releases: 0.3.5.12, 0.4.3.7, 0.4.4.6

To: tor-announce@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-announce] New stable Tor releases: 0.3.5.12, 0.4.3.7, 0.4.4.6
From: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Thu, 12 Nov 2020 10:39:02 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 12 Nov 2020 10:40:22 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-announce/>
List-help: <mailto:tor-announce-request@lists.torproject.org?subject=help>
List-id: "announce: Important announcements relating to Tor" <tor-announce.lists.torproject.org>
List-post: <mailto:tor-announce@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce>, <mailto:tor-announce-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-announce>, <mailto:tor-announce-request@lists.torproject.org?subject=unsubscribe>
Sender: "tor-announce" <tor-announce-bounces@xxxxxxxxxxxxxxxxxxxx>

Hello!

(If you are about to reply saying "please take me off this list",
instead please follow these instructions:
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/ .
If you have trouble, it is probably because you subscribed using a
different address than the one you are trying to unsubscribe with. You
will have to enter the actual email address you used when you
subscribed.)

Source code for Tor 0.4.4.6 is now available; you can download the
source code from the download page at
https://www.torproject.org/download/tor/. Packages should be available
within the next several weeks, with a new Tor Browser coming next
week.

Also today, Tor 0.3.5.12 and 0.4.3.7 have also been released; you can
find them (and source for older Tor releases) at
https://dist.torproject.org/ . Their changelogs are here:
https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.5.12
https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.4.3.7

(Note that there's an error in the 0.4.3.7 changelog: Support for
0.4.3.x will in fact continue until 15 February 2021.)


Changes in version 0.4.4.6 - 2020-11-12
  Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It
  backports fixes from later releases, including a fix for TROVE-2020-
  005, a security issue that could be used, under certain cases, by an
  adversary to observe traffic patterns on a limited number of circuits
  intended for a different relay.

  o Major bugfixes (security, backport from 0.4.5.1-alpha):
    - When completing a channel, relays now check more thoroughly to
      make sure that it matches any pending circuits before attaching
      those circuits. Previously, address correctness and Ed25519
      identities were not checked in this case, but only when extending
      circuits on an existing channel. Fixes bug 40080; bugfix on
      0.2.7.2-alpha. Resolves TROVE-2020-005.

  o Minor features (directory authorities, backport from 0.4.5.1-alpha):
    - Authorities now list a different set of protocols as required and
      recommended. These lists have been chosen so that only truly
      recommended and/or required protocols are included, and so that
      clients using 0.2.9 or later will continue to work (even though
      they are not supported), whereas only relays running 0.3.5 or
      later will meet the requirements. Closes ticket 40162.
    - Make it possible to specify multiple ConsensusParams torrc lines.
      Now directory authority operators can for example put the main
      ConsensusParams config in one torrc file and then add to it from a
      different torrc file. Closes ticket 40164.

  o Minor features (subprotocol versions, backport from 0.4.5.1-alpha):
    - Tor no longer allows subprotocol versions larger than 63.
      Previously version numbers up to UINT32_MAX were allowed, which
      significantly complicated our code. Implements proposal 318;
      closes ticket 40133.

  o Minor features (tests, v2 onion services, backport from 0.4.5.1-alpha):
    - Fix a rendezvous cache unit test that was triggering an underflow
      on the global rend cache allocation. Fixes bug 40125; bugfix
      on 0.2.8.1-alpha.
    - Fix another rendezvous cache unit test that was triggering an
      underflow on the global rend cache allocation. Fixes bug 40126;
      bugfix on 0.2.8.1-alpha.

  o Minor bugfixes (compilation, backport from 0.4.5.1-alpha):
    - Fix compiler warnings that would occur when building with
      "--enable-all-bugs-are-fatal" and "--disable-module-relay" at the
      same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha.
    - Resolve a compilation warning that could occur in
      test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha.

  o Minor bugfixes (logging, backport from 0.4.5.1-alpha):
    - Remove a debug logging statement that uselessly spammed the logs.
      Fixes bug 40135; bugfix on 0.3.5.0-alpha.

  o Minor bugfixes (relay configuration, crash, backport from 0.4.5.1-alpha):
    - Avoid a fatal assert() when failing to create a listener
      connection for an address that was in use. Fixes bug 40073; bugfix
      on 0.3.5.1-alpha.

  o Minor bugfixes (v2 onion services, backport from 0.4.5.1-alpha):
    - For HSFETCH commands on v2 onion services addresses, check the
      length of bytes decoded, not the base32 length. Fixes bug 34400;
      bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan.
_______________________________________________
tor-announce mailing list
tor-announce@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce

Prev by Author: [tor-announce] Tor Browser 10.0.5 is released
Next by thread: [tor-announce] Tor Browser 10.0.5 is released
Index(es):
- Author
- Thread