[PATCH] Tor: Update to 0.4.8.9

[PATCH] Tor: Update to 0.4.8.9

[Peter Müller]

[-- Attachment #1: Type: text/plain, Size: 3554 bytes --]

Changes in version 0.4.8.9 - 2023-11-09
  This is another security release fixing a high severity bug affecting onion
  services which is tracked by TROVE-2023-006. We are also releasing a guard
  major bugfix as well. If you are an onion service operator, we strongly
  recommend to update as soon as possible.

  o Major bugfixes (guard usage):
    - When Tor excluded a guard due to temporary circuit restrictions,
      it considered *additional* primary guards for potential usage by
      that circuit. This could result in more than the specified number
      of guards (currently 2) being used, long-term, by the tor client.
      This could happen when a Guard was also selected as an Exit node,
      but it was exacerbated by the Conflux guard restrictions. Both
      instances have been fixed. Fixes bug 40876; bugfix
      on 0.3.0.1-alpha.

  o Major bugfixes (onion service, TROVE-2023-006):
    - Fix a possible hard assert on a NULL pointer when recording a
      failed rendezvous circuit on the service side for the MetricsPort.
      Fixes bug 40883; bugfix on 0.4.8.1-alpha

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on November 09, 2023.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2023/11/09.

Changes in version 0.4.8.8 - 2023-11-03
  We are releasing today a fix for a high security issue, TROVE-2023-004, that
  is affecting relays. Also a few minor bugfixes detailed below. Please upgrade
  as soon as posssible.

  o Major bugfixes (TROVE-2023-004, relay):
    - Mitigate an issue when Tor compiled with OpenSSL can crash during
      handshake with a remote relay. Fixes bug 40874; bugfix
      on 0.2.7.2-alpha.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on November 03, 2023.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2023/11/03.

  o Minor bugfixes (directory authority):
    - Look at the network parameter "maxunmeasuredbw" with the correct
      spelling. Fixes bug 40869; bugfix on 0.4.6.1-alpha.

  o Minor bugfixes (vanguards addon support):
    - Count the conflux linked cell as valid when it is successfully
      processed. This will quiet a spurious warn in the vanguards addon.
      Fixes bug 40878; bugfix on 0.4.8.1-alpha.

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
 lfs/tor | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/tor b/lfs/tor
index 7a9ca4128..cf0ccaf9e 100644
--- a/lfs/tor
+++ b/lfs/tor
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = Anonymizing overlay network for TCP (The onion router)
 
-VER        = 0.4.8.7
+VER        = 0.4.8.9
 
 THISAPP    = tor-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = tor
-PAK_VER    = 81
+PAK_VER    = 82
 
 DEPS       = libseccomp
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 4d0cde752a729c64e380663e4438398fe768a8657e9aa3246bdf0ec9a4b4e01e277cb594ae0cb44cc66ea8c6080f2e58c6daf1bf01dc51b678d228e8e38fc971
+$(DL_FILE)_BLAKE2 = a2d8cc8e60f162930d64d191af1893cb4060a8d98c16560c9ba30e0a9a0fd9cce2132573ca4db7b8b6e002f127f06b53fc5aea5fb6e8795c10f73671d14d9190
 
 install : $(TARGET)
 
-- 
2.35.3

Re: [PATCH] Tor: Update to 0.4.8.9

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 3823 bytes --]

Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 22 Nov 2023, at 15:00, Peter Müller <peter.mueller(a)ipfire.org> wrote:
> 
> Changes in version 0.4.8.9 - 2023-11-09
>  This is another security release fixing a high severity bug affecting onion
>  services which is tracked by TROVE-2023-006. We are also releasing a guard
>  major bugfix as well. If you are an onion service operator, we strongly
>  recommend to update as soon as possible.
> 
>  o Major bugfixes (guard usage):
>    - When Tor excluded a guard due to temporary circuit restrictions,
>      it considered *additional* primary guards for potential usage by
>      that circuit. This could result in more than the specified number
>      of guards (currently 2) being used, long-term, by the tor client.
>      This could happen when a Guard was also selected as an Exit node,
>      but it was exacerbated by the Conflux guard restrictions. Both
>      instances have been fixed. Fixes bug 40876; bugfix
>      on 0.3.0.1-alpha.
> 
>  o Major bugfixes (onion service, TROVE-2023-006):
>    - Fix a possible hard assert on a NULL pointer when recording a
>      failed rendezvous circuit on the service side for the MetricsPort.
>      Fixes bug 40883; bugfix on 0.4.8.1-alpha
> 
>  o Minor features (fallbackdir):
>    - Regenerate fallback directories generated on November 09, 2023.
> 
>  o Minor features (geoip data):
>    - Update the geoip files to match the IPFire Location Database, as
>      retrieved on 2023/11/09.
> 
> Changes in version 0.4.8.8 - 2023-11-03
>  We are releasing today a fix for a high security issue, TROVE-2023-004, that
>  is affecting relays. Also a few minor bugfixes detailed below. Please upgrade
>  as soon as posssible.
> 
>  o Major bugfixes (TROVE-2023-004, relay):
>    - Mitigate an issue when Tor compiled with OpenSSL can crash during
>      handshake with a remote relay. Fixes bug 40874; bugfix
>      on 0.2.7.2-alpha.
> 
>  o Minor features (fallbackdir):
>    - Regenerate fallback directories generated on November 03, 2023.
> 
>  o Minor features (geoip data):
>    - Update the geoip files to match the IPFire Location Database, as
>      retrieved on 2023/11/03.
> 
>  o Minor bugfixes (directory authority):
>    - Look at the network parameter "maxunmeasuredbw" with the correct
>      spelling. Fixes bug 40869; bugfix on 0.4.6.1-alpha.
> 
>  o Minor bugfixes (vanguards addon support):
>    - Count the conflux linked cell as valid when it is successfully
>      processed. This will quiet a spurious warn in the vanguards addon.
>      Fixes bug 40878; bugfix on 0.4.8.1-alpha.
> 
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> lfs/tor | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/lfs/tor b/lfs/tor
> index 7a9ca4128..cf0ccaf9e 100644
> --- a/lfs/tor
> +++ b/lfs/tor
> @@ -26,7 +26,7 @@ include Config
> 
> SUMMARY    = Anonymizing overlay network for TCP (The onion router)
> 
> -VER        = 0.4.8.7
> +VER        = 0.4.8.9
> 
> THISAPP    = tor-$(VER)
> DL_FILE    = $(THISAPP).tar.gz
> @@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
> DIR_APP    = $(DIR_SRC)/$(THISAPP)
> TARGET     = $(DIR_INFO)/$(THISAPP)
> PROG       = tor
> -PAK_VER    = 81
> +PAK_VER    = 82
> 
> DEPS       = libseccomp
> 
> @@ -48,7 +48,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_BLAKE2 = 4d0cde752a729c64e380663e4438398fe768a8657e9aa3246bdf0ec9a4b4e01e277cb594ae0cb44cc66ea8c6080f2e58c6daf1bf01dc51b678d228e8e38fc971
> +$(DL_FILE)_BLAKE2 = a2d8cc8e60f162930d64d191af1893cb4060a8d98c16560c9ba30e0a9a0fd9cce2132573ca4db7b8b6e002f127f06b53fc5aea5fb6e8795c10f73671d14d9190
> 
> install : $(TARGET)
> 
> -- 
> 2.35.3