tor-announce

tor-announce@lists.torproject.org

264 discussions

[RELEASE] Tor 0.4.6.9 and 0.4.7.3-alpha
by David Goulet 17 Dec '21

17 Dec '21

Greetings, We just released 0.4.6.9 and 0.4.7.3-alpha. You can find out about it here: https://forum.torproject.net/t/release-0-4-6-9-and-0-4-7-3-alpha/1265 Download at: https://dist.torproject.org Inline ChangeLog for both versions: Changes in version 0.4.7.3-alpha - 2021-12-15 This third alpha release of the 0.4.7.x series fixes several bugs including two major ones affecting Bridges and Relays (see below). If you are running an earlier 0.4.7.x version, you should upgrade to this version. o Major bugfixes (bridges): - Make Tor work reliably again when you have multiple bridges configured and one or more of them are unreachable. The problem came because we require that we have bridge descriptors for both of our first two bridges (else we refuse to try to connect), but in some cases we would wait three hours before trying to fetch these missing descriptors, and/or never recover when we do try to fetch them. Fixes bugs 40396 and 40495; bugfix on 0.3.0.5-rc and 0.3.2.1-alpha. o Major bugfixes (relay, overload): - Change the MetricsPort DNS "timeout" label to be "tor_timeout" in order to indicate that this was a DNS timeout from tor perspective and not the DNS server itself. - Deprecate overload_dns_timeout_period_secs and overload_dns_timeout_scale_percent consensus parameters as well. They were used to assess the overload state which is no more now. - Don't make Tor DNS timeout trigger an overload general state. These timeouts are different from DNS server timeout. They have to be seen as timeout related to UX and not because of a network problem. Fixes bug 40527; bugfix on 0.4.6.1-alpha. o Minor feature (reproducible build): - The repository can now build reproducible tarballs which adds the build command "make dist-reprod" for that purpose. Closes ticket 26299. o Minor features (compilation): - Give an error message if trying to build with a version of LibreSSL known not to work with Tor. (There's an incompatibility with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes ticket 40511. o Minor features (fallbackdir): - Regenerate fallback directories generated on December 15, 2021. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2021/12/15. o Minor features (portability): - Try to prevent a compiler warning about printf arguments that could sometimes occur on MSYS2 depending on the configuration. Closes ticket 40355. o Minor bugfix (pluggable transport): - Do not kill a managed proxy if one of its transport configurations emits a method error. Instead log a warning and continue processing method arguments. Fixes bug 7362; bugfix on 0.2.3.6-alpha. o Minor bugfixes (bridges): - When we don't yet have a descriptor for one of our bridges, disable the entry guard retry schedule on that bridge. The entry guard retry schedule and the bridge descriptor retry schedule can conflict, e.g. where we mark a bridge as "maybe up" yet we don't try to fetch its descriptor yet, leading Tor to wait (refusing to do anything) until it becomes time to fetch the descriptor. Fixes bug 40497; bugfix on 0.3.0.3-alpha. o Minor bugfixes (compilation): - Fix our configuration logic to detect whether we had OpenSSL 3: previously, our logic was reversed. This has no other effect than to change whether we suppress deprecated API warnings. Fixes bug 40429; bugfix on 0.3.5.13. o Minor bugfixes (controller, path bias): - When a circuit's path is specified, in full or in part, from the controller API, do not count that circuit towards our path-bias calculations. (Doing so was incorrect, since we cannot tell whether the controller is selecting relays randomly.) Resolves a "Bug" warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha. o Minor bugfixes (logging): - When we no longer have enough directory information to use the network, we would log a notice-level message -- but we would not reliably log a message when we recovered and resumed using the network. Now make sure there is always a corresponding message about recovering. Fixes bug 40496; bugfix on 0.3.5.1-alpha. o Minor bugfixes (performance, DoS): - Fix one case of a not-especially viable denial-of-service attack found by OSS-Fuzz in our consensus-diff parsing code. This attack causes a lot small of memory allocations and then immediately frees them: this is only slow when running with all the sanitizers enabled. Fixes one case of bug 40472; bugfix on 0.3.1.1-alpha. o Minor bugfixes (relay): - Reject IPv6-only DirPorts. Our reachability self-test forces DirPorts to be IPv4, but our configuration parser allowed them to be IPv6-only, which led to an assertion failure. Fixes bug 40494; bugfix on 0.4.5.1-alpha. o Minor bugfixes (sandbox): - Fix the sandbox on i386 by modifying it to allow the "clock_gettime64" and "statx" system calls and to filter the "chown32" and "stat64" system calls in place of "chown" and "stat", respectively. Fixes bug 40505; bugfix on 0.2.5.4-alpha. o Documentation (man, relay): - Missing "OverloadStatistics" in tor.1 manpage. Fixes bug 40504; bugfix on 0.4.6.1-alpha. Changes in version 0.4.6.9 - 2021-12-15 This version fixes several bugs from earlier versions of Tor. One important piece is the removal of DNS timeout metric from the overload general signal. See below for more details. o Major bugfixes (relay, overload): - Don't make Tor DNS timeout trigger an overload general state. These timeouts are different from DNS server timeout. They have to be seen as timeout related to UX and not because of a network problem. Fixes bug 40527; bugfix on 0.4.6.1-alpha. o Minor feature (reproducible build): - The repository can now build reproducible tarballs which adds the build command "make dist-reprod" for that purpose. Closes ticket 26299. o Minor features (compilation): - Give an error message if trying to build with a version of LibreSSL known not to work with Tor. (There's an incompatibility with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes ticket 40511. o Minor features (fallbackdir): - Regenerate fallback directories generated on December 15, 2021. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2021/12/15. o Minor bugfixes (compilation): - Fix our configuration logic to detect whether we had OpenSSL 3: previously, our logic was reversed. This has no other effect than to change whether we suppress deprecated API warnings. Fixes bug 40429; bugfix on 0.3.5.13. o Minor bugfixes (relay): - Reject IPv6-only DirPorts. Our reachability self-test forces DirPorts to be IPv4, but our configuration parser allowed them to be IPv6-only, which led to an assertion failure. Fixes bug 40494; bugfix on 0.4.5.1-alpha. o Documentation (man, relay): - Missing "OverloadStatistics" in tor.1 manpage. Fixes bug 40504; bugfix on 0.4.6.1-alpha. Cheers! David -- I1oAG26tseeho4Donns+ByL+PlJSLykdWGFJPx7tCQ8=

1 0

Tor Browser 11.0.1 is released
by Matthew Finkel 16 Nov '21

16 Nov '21

Hello! Tor Browser 11.0.1 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/11.0.1/ This version provides bug fixes on Windows, macOS, and Linux. Please see the blog post [3] for more details about this version. 3: https://blog.torproject.org/new-release-tor-browser-1101 The full changelog since Tor Browser 11.0 is: * Windows + OS X + Linux * Tor Launcher 0.2.32 * Bug 40059: YEC activist sign empty in about:tor on RTL locales [torbutton] * Bug 40383: Workaround issue in https-e wasm [tor-browser-build] * Bug 40438: Add Blockchair as a search engine [tor-browser] * Bug 40689: Change Blockchair Search provider's HTTP method [tor-browser] * Bug 40690: Browser chrome breaks when private browsing mode is turned off [tor-browser] * Bug 40700: Switch Firefox recommendations off by default [tor-browser]

1 0

Re: [tor-announce] [RELEASE] 0.3.5.17, 0.4.5.11, 0.4.6.8 and 0.4.7.2-alpha
by David Goulet 26 Oct '21

26 Oct '21

On 26 Oct (18:58:53), mick wrote: > On Tue, 26 Oct 2021 11:48:54 -0400 > David Goulet <dgoulet(a)torproject.org> allegedly wrote: > > > The Tor Network Team will from now on do its release announcement > > through our new fancy shiny Discourse forum: > > https://forum.torproject.net > > > > If you are interested in getting notified for each release > > announcement, you should follow this category (once you get an > > account): > > > > https://forum.torproject.net/c/news/tor-release-announcement/28 > > > > And for todays' announcement: > > > > https://forum.torproject.net/t/release-0-3-5-17-0-4-5-11-0-4-6-8-and-0-4-7-… > > > > David > > I do hope that this new forum is a supplement to, and not a > substitution for, the current email based Tor lists. It will supplement. We are working on setting up a way for the forum announcement to be replicated onto mailing lists. David -- QH6XWXtrL9blSvXbw+DdZkn1Xx2UJnR2X56tf0A+EeA=

1 0

[RELEASE] 0.3.5.17, 0.4.5.11, 0.4.6.8 and 0.4.7.2-alpha
by David Goulet 26 Oct '21

26 Oct '21

Greetings! The Tor Network Team will from now on do its release announcement through our new fancy shiny Discourse forum: https://forum.torproject.net If you are interested in getting notified for each release announcement, you should follow this category (once you get an account): https://forum.torproject.net/c/news/tor-release-announcement/28 And for todays' announcement: https://forum.torproject.net/t/release-0-3-5-17-0-4-5-11-0-4-6-8-and-0-4-7-… Cheers! David -- QH6XWXtrL9blSvXbw+DdZkn1Xx2UJnR2X56tf0A+EeA=

1 0

Tor Browser 10.5.8 is released
by Matthew Finkel 06 Oct '21

06 Oct '21

Hello! Tor Browser 10.5.8 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/10.5.8/ This version updates Firefox on Windows, macOS, and Linux to 78.15.0esr and includes important security updates [3]. Please see the blog post [4] for more details about this version. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2021-44/ 4: https://blog.torproject.org/new-release-tor-browser-1058 The full changelog since Tor Browser 10.5.7 is: * Windows + OS X + Linux * Update Firefox to 78.15.0esr * Bug 40049: Add banner for VPN survey to about:tor [torbutton] * Android * Bug 40193: Add banner for VPN survey to Android homepage [fenix] * Build System * All Platforms * Bug 40363: Change bsaes git url [tor-browser-build]

1 0

Tor Browser 10.5.5 is released
by Matthew Finkel 20 Aug '21

20 Aug '21

Hello! Tor Browser 10.5.5 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/10.5.5/ This version updates Tor to 0.4.5.10 [3] that includes a fix for a security issue. On Android, this version updates Firefox to 91.2.0 and includes important security updates [4]. Please see the blog post [5] for more details about this version. 3: https://blog.torproject.org/node/2062 4: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/ 5: https://blog.torproject.org/new-release-tor-browser-1055 The full changelog since Tor Browser 10.5.4 is: * All Platforms * Update Tor to 0.4.5.10 * Linux * Bug 40582: Tor Browser 10.5.2 tabs always crash on Fedora Xfce Rawhide [tor-browser] * Android * Update Fenix to 91.2.0 * Update NoScript to 11.2.11 * Bug 40063: Move custom search providers [android-components] * Bug 40176: TBA: sometimes I only see the banner and can't tap on the address bar [fenix] * Bug 40181: Remove V2 Deprecation banner on about:tor for Android [fenix] * Bug 40184: Rebase fenix patches to fenix v91.0.0-beta.5 [fenix] * Bug 40185: Use NimbusDisabled [fenix] * Bug 40186: Hide Credit Cards in Settings [fenix] * Build System * Android * Update Go to 1.15.15 * Bug 40331: Update components for mozilla91 [tor-browser-build]

1 0

New stable security release: Tor 0.4.6.7
by Alexander Færøy 16 Aug '21

16 Aug '21

Hello, everyone! (If you are about to reply saying "please take me off this list", instead please follow these instructions: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/ If you have trouble, it is probably because you subscribed using a different address than the one you are trying to unsubscribe with. You will have to enter the actual email address you used when you subscribed.) Source code for Tor 0.4.6.7 is now available; you can download the source code from the download page at https://www.torproject.org/download/tor/. Packages should be available within the next several weeks, with a new Tor Browser later this week. Changes in version 0.4.6.7 - 2021-08-16 This version fixes several bugs from earlier versions of Tor, including one that could lead to a denial-of-service attack. Everyone running an earlier version, whether as a client, a relay, or an onion service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. o Major bugfixes (cryptography, security): - Resolve an assertion failure caused by a behavior mismatch between our batch-signature verification code and our single-signature verification code. This assertion failure could be triggered remotely, leading to a denial of service attack. We fix this issue by disabling batch verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de Valence. o Minor feature (fallbackdir): - Regenerate fallback directories list. Close ticket 40447. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2021/08/12. o Minor bugfix (crypto): - Disable the unused batch verification feature of ed25519-donna. Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence. o Minor bugfixes (onion service): - Send back the extended SOCKS error 0xF6 (Onion Service Invalid Address) for a v2 onion address. Fixes bug 40421; bugfix on 0.4.6.2-alpha. o Minor bugfixes (relay): - Reduce the compression level for data streaming from HIGH to LOW in order to reduce CPU load on the directory relays. Fixes bug 40301; bugfix on 0.3.5.1-alpha. o Minor bugfixes (timekeeping): - Calculate the time of day correctly on systems where the time_t type includes leap seconds. (This is not the case on most operating systems, but on those where it occurs, our tor_timegm function did not correctly invert the system's gmtime function, which could result in assertion failures when calculating voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. -- Alexander Færøy

1 0

Tor Browser 10.5.4 is released (Windows, macOS, Linux)
by Matthew Finkel 10 Aug '21

10 Aug '21

Hello! Tor Browser 10.5.4 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/10.5.4/ This version updates Firefox to 78.13.0esr. This version includes important security updates [3] to Firefox. Please see the blog post [4] for more details about this version. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/ 4: https://blog.torproject.org/new-release-tor-browser-1054 The full changelog since Tor Browser 10.5.2 is: * Windows + OS X + Linux * Update Firefox to 78.13.0esr * Update NoScript to 11.2.11 * Bug 40041: Remove V2 Deprecation banner on about:tor for desktop [torbutton] * Bug 40506: Saved Logins not available in 10.5 [tor-browser] * Bug 40524: Update DuckDuckGo onion site URL in search preferences and onboarding [tor-browser] * Build System * Windows + OS X + Linux * Update Go to 1.15.14

1 0

Tor Browser 10.5.3 is released (Android)
by Matthew Finkel 20 Jul '21

20 Jul '21

Hello! Tor Browser 10.5.3 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/10.5.3/ This version updates Firefox to 90.1.1. This version includes important security updates [3] to Firefox. Please see the blog post [4] for more details about this version. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/ 4: https://blog.torproject.org/new-release-tor-browser-1053 The full changelog since Tor Browser 10.5.1 is: * Android * Update HTTPS Everywhere to 2021.7.13 * Update Fenix to 90.1.1 * Bug 40172: Find the Quit button [fenix] * Bug 40173: Rebase fenix patches to fenix v90.0.0-beta.6 [fenix] * Bug 40177: Hide Tor icons in settings [fenix] * Bug 40179: Show Snowflake bridge option on Release [fenix] * Bug 40180: Rebase fenix patches to fenix v90.1.1 [fenix] * Build System * Android * Bug 40312: Update components for mozilla90 [tor-browser-build]

1 0

Tor Browser 10.5.2 is released (Windows, macOS, Linux)
by Matthew Finkel 13 Jul '21

13 Jul '21

Hello! Tor Browser 10.5.2 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/10.5.2/ This version updates Firefox to 78.12.0esr. This version includes important security updates [3] to Firefox. Please see the blog post [4] for more details about this version. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/ 4: https://blog.torproject.org/new-release-tor-browser-1052 The full changelog since Tor Browser 10.5 is: * Windows + OS X + Linux * Update Firefox to 78.12.0esr * Bug 40497: Cannot set multiple pages as home pages in 10.5a17 [tor-browser] * Bug 40507: Full update is not downloaded after applying partial update fails [tor-browser] * Bug 40510: open tabs get redirected to about:torconnect on restart [tor-browser]

1 0

← Newer
1
...
9
10
11
12
13
14
15
...
27
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-announce