* [FAILED] Nightly Build of next (c4ae15e) for aarch64 on arm64-01.zrh.ipfire.org
@ 2026-04-08 16:51 IPFire Nightly Builder
0 siblings, 0 replies; only message in thread
From: IPFire Nightly Builder @ 2026-04-08 16:51 UTC (permalink / raw)
To: Nightly Builds List
https://nightly.ipfire.org/next/2026-04-08%2015%3A26%3A06%20%2B0000-c4ae15e7/aarch64
commit c4ae15e75de968e684161d9162a1575fc7f69a1f
Author: Adolf Belka <adolf.belka@ipfire.org>
Date: Wed Apr 8 17:18:53 2026 +0200
tor: Update to version 0.4.9.6
- Update from version 0.4.8.21 to 0.4.9.6
- Version 0.4.8.22 was likely the last update on the 0.4.8 branch. Everything is now
focussed on the 0.4.9 branch.
- There are some security fixes in some of the update steps.
- No change in rootfile
- Changelog
0.4.9.6
This is a security release fixing major bugfixes that could possibly lead to
remote crashing relays. We strongly recommend upgrading as soon as possible.
o Major bugfix (security):
- Fix a stack overflow of 11 bytes on malicious CREATED2. This lead
to a remote crash. TROVE-2026-003. Reported-by: Anas Cherni of
Calif.io. Fixes bug 41231; bugfix on 0.4.9.1-alpha.
o Major bugfix (security, conflux):
- Fix a memory compare using the wrong length. This could lead to a
remote crash when using the conflux subsystem. TROVE-2026-004.
Fixes bug 41232; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (security):
- Fix a series of defense in depth security issues found across the
codebase. Fixes bug 41228; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (portability):
- (Hopefully) fix our polyval implementation on big-endian
platforms. Fixes bug 41215; bugfix on 0.4.9.3-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on March 25, 2026.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2026/03/25.
0.4.9.5
This first stable release in the 0.4.9 series introduces a new
circuit-level encryption design for better client security, as well
as a more scalable way for large relay operators to annotate which
relays they run so clients can avoid using too many of them in a
single circuit.
o Major features (cryptography):
- Clients and relays can now negotiate Counter Galois Onion (CGO)
relay cryptography, as designed by Jean Paul Degabriele,
Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO
provides improved resistance to several kinds of tagging attacks,
better forward secrecy, and better forgery resistance. Closes
ticket 41047. Implements proposal 359.
o Major features (path selection):
- Clients and relays now support "happy families", a system to
simplify relay family operation and improve directory performance.
With "happy families", relays in a family share a secret "family
key", which they use to prove their membership in the family.
Implements proposal 321; closes ticket 41009. Note that until
enough clients are upgraded, relay operators will still need to
configure MyFamily lists. But once clients no longer depend on
those lists, we will be able to remove them entirely, thereby
simplifying family operation, and making microdescriptor downloads
approximately 80% smaller. For more information, see
https://community.torproject.org/relay/setup/post-install/family-ids/
o Major bugfixes (conflux):
- Ensure conflux guards obey family and subnet restrictions. Fixes
bug 40976; bugfix on 0.4.8.1-alpha.
o Major bugfixes (controller events):
- Fix spikes occurring in bandwidth cache events on control connection.
Fixes bug 31524; bugfix on 0.0.9pre5.
o Major bugfixes (sandbox):
- Fix sandbox to work on architectures that use Linux's generic
syscall interface, extending support for AArch64 (ARM64) and
adding support for RISC-V, allowing test_include.sh and the
sandbox unit tests to pass on these systems even when building
with fragile hardening enabled. Fixes bugs 40465 and 40599; bugfix
on 0.2.5.1-alpha.
o Minor features (client security, reliability):
- When KeepaliveIsolateSOCKSAuth is keeping a circuit alive, expire
the circuit based on when it was last in use for any stream, not
(as we did before) based on when a stream was last attached to it.
Closes ticket 41157. Implements a minimal version of Proposal 368.
o Minor features (exit relays):
- Implement reevaluating new exit policy against existing
connections. This is controlled by new config option
ReevaluateExitPolicy, defaulting to 0. Closes ticket 40676.
- Implement a token-bucket based rate limiter for stream creation
and resolve request. It is configured by the DoSStream* family of
configuration options. Closes ticket 40736.
- Add Monero ports to the ReducedExitPolicy. Closes ticket 41168.
o Minor features (bridges):
- Save complete bridge lines to 'datadir/bridgelines'. Closes
ticket 29128.
o Minor features (client extensibility):
- Implement new HTTPTunnelPort features for interoperability with
Arti's HTTP CONNECT proxy. This work adds new headers to requests
to and replies from the HttpConnectPort, support for OPTIONS
requests, tightens the expected syntax for Proxy-Authorization,
and increases defense-in-depth against some kinds of cross-site
HTTP attacks. Closes ticket 41156. Implements proposal 365.
- Detect invalid SOCKS5 username/password combinations according to
new extended parameters syntax. (Currently, this rejects any
SOCKS5 username beginning with "<torS0X>", except for the username
"<torS0X>0". Such usernames are now reserved to communicate
additional parameters with other Tor implementations.) Implements
proposal 351.
o Minor features (sandboxing):
- Allow the fstatat64 and statx syscalls on i386 architecture when
glibc >= 2.33. On i386, glibc uses fstatat64 instead of newfstatat
for stat operations, and statx for time64 support. Without this,
SIGHUP configuration reload fails when using sandbox mode with
%include directives on i386 with Debian Bookworm or newer.
- Allow the lstat64 syscall on i386 architecture. This syscall is
used by glob() in glibc 2.36+ when processing %include directives
with directory patterns.
o Minor features (security):
- Increase the size of our finite-field Diffie Hellman TLS group
(which we should never actually use!) to 2048 bits. Part of
ticket 41067.
- Require TLS version 1.2 or later. (Version 1.3 support will be
required in the near future.) Part of ticket 41067.
- Update TLS 1.2 client cipher list to match current Firefox. Part
of ticket 41067.
- Verify needle is smaller than haystack before calling memmem.
Closes ticket 40854.
o Minor features (onion services):
- Add 3 more keywords to the ADD_ONION control command:
PoWDefensesEnabled, PoWQueueRate and PoWQueueBurst which correspond
to HiddenServicePoWDefensesEnabled, HiddenServicePoWQueueRate and
HiddenServicePoWQueueBurst from torrc.
- Reduce the minimum value of hsdir_interval to match recent tor-
spec change.
o Minor feature (directory authority):
- Introduce MinimalAcceptedServerVersion to allow configuring
the minimum accepted relay version without requiring a new tor
release. Closes ticket 40817.
o Minor features (metrics port):
- New metrics on the MetricsPort for the number of BUG() calls that
occurred at runtime. Fixes bugs 40839 and 41104; bugfix on
0.4.7.1-alpha.
- Handle rephist tracking of ntor and ntor_v3 handshakes
individually such that MetricsPort exposes the correct values.
Fixes bug 40638; bugfix on 0.4.7.11.
- Add new metrics for relays on the MetricsPort namely the count of
drop cell, destroy cell and the number of circuit protocol
violation seen that lead to a circuit close. Closes ticket 40816.
o Minor features (forward-compatibility):
- We now correctly parse microdescriptors and router descriptors
that do not include TAP onion keys. (For backward compatibility,
authorities continue to require these keys.) Implements part of
proposal 350.
o Minor features (portability, android):
- Use /data/local/tmp for data storage on Android by default. Closes
ticket 40487. Patch from Hans-Christoph Steiner.
o Minor features (directory authority):
- Export unsigned consensus documents once we have seen a threshold
of signatures, as a step toward the consensus transparency
experiment.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on February 12, 2026.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database,
as retrieved on 2026/02/12.
o Minor features (windows):
- Various compilation fixes for our Windows CI. Closes ticket 41214.
o Minor bugfixes (exit relays):
- Clip every returned DNS TTL to 60 (RESOLVED) in order to mitigate
an exit DNS cache oracle. Fixes bug 40979; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (spec conformance):
- Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH
messages. Previously, it was always set to the maximum value.
Fixes bug 41056; bugfix on 0.4.8.1-alpha.
- Do not treat "15" as a recognized remote END reason code.
Formerly, we treated it as synonymous with a local ENTRYPOLICY,
which isn't a valid remote code at all. Fixes bug 41171; bugfix
on 0.2.0.8-alpha.
o Minor bugfixes (tooling):
- Fix a false positive valgrind related to inspecting a bitfield
next to another uninitialized bitfield. Fixes bug 41182; bugfix
on 0.3.3.2-alpha.
- Fix minor warnings from newer versions of shellcheck and clang.
Fixes bug 41166; bugfix on 0.4.3.1-alpha and several
other versions.
- Fix a warning when compiling with GCC 14.2. Closes 41032.
o Minor bugfixes (threads):
- Make thread control POSIX compliant. Fixes bug 41109; bugfix
on 0.4.8.17.
o Minor bugfix (client DNS):
- Handle empty DNS reply without sending back an error and instead
send back NOERROR (RFC1035 error code 0x0). Fixes bug 40248;
bugfix on 0.3.5.1-alpha.
o Minor bugfixes (directory authorities):
- After we added layer-two vanguards, directory authorities wouldn't
think any of their vanguards were suitable for circuits, leading
to a "Failed to find node for hop #2 of our path. Discarding this
circuit." log message once per second from startup until they made
a fresh consensus. Now they look to their existing consensus on
startup, letting them build circuits properly from the beginning.
Fixes bug 40802; bugfix on 0.4.7.1-alpha.
o Minor bugfixes (tests):
- Fix a test failure with OpenSSL builds running at security level 1
or greater, which does not permit SHA-1 certificates. Fixes bug
41021; bugfix on 0.2.8.1-alpha.
o Minor bugfixes (bridges):
- Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set
to 0. Fixes bug 40884; bugfix on 0.4.8.3-rc.
o Minor bugfixes (conflux, client):
- Avoid a non fatal assert caused by data coming in on a conflux set
that is being freed during shutdown. Fixes bug 40870; bugfix
on 0.4.8.1-alpha.
o Minor bugfixes (testing network):
- Enabling TestingTorNetwork no longer forces fast hidden service
intro point rotation. This reduces noise and errors when using
hidden services with TestingTorNetwork enabled. Fixes bug 40922;
bugfix on 0.3.2.1-alpha.
o Minor bugfixes (relay):
- Refuse to overwrite an existing *.secret_family_key when running
tor --keygen-family. Fixes bug 41184; bugfix on 0.4.9.1-alpha.
o New system requirements:
- When built with LibreSSL, Tor now requires LibreSSL 3.7 or later.
Part of ticket 41059.
- When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later.
(We strongly recommend 3.0 or later, but still build with 1.1.1,
even though it is not supported by the OpenSSL team, due to its
presence in Debian oldstable.) Part of ticket 41059.
o Removed features (relays):
- Relays no longer support clients that falsely advertise TLS
ciphers they don't really support. (Clients have not done this
since 0.2.3.17-beta). Part of ticket 41031.
- Relays no longer support clients that require obsolete v1 and v2
link handshakes. (The v3 link handshake has been supported since
0.2.3.6-alpha). Part of ticket 41031.
- Relays no longer support the obsolete TAP circuit extension
protocol. (For backward compatibility, however, relays still
continue to include TAP keys in their descriptors.) Implements
part of proposal 350.
- Relays no longer support the obsolete "RSA-SHA256-TLSSecret"
authentication method, which used a dangerously short RSA key, and
which required access TLS session internals. The current method
("Ed25519-SHA256-RFC5705") has been supported since 0.3.0.1-alpha.
Closes ticket 41020.
o Removed features (directory authorities):
- Directory authorities no longer support consensus methods before
method 32. Closes ticket 40835.
- We include a new consensus method that removes support for
computing "package" lines in consensus documents. This feature was
never used, and support for including it in our votes was removed
in 0.4.2.1-alpha. Finishes implementation of proposal 301.
0.4.9.4-rc
Finally, the release candidate for the 0.4.9.x series. It consists of minor
features and several bugfixes. Nothing major has been added since the alpha.
If everything goes well, the next version will be the first stable.
o Minor features (security, reliability):
- When KeepaliveIsolateSOCKSAuth is keeping a circuit alive, expire
the circuit based on when it was last in use for any stream, not
(as we did before) based on when a stream was last attached to it.
Closes ticket 41157. Implements a minimal version of Proposal 368.
o Minor feature (Exit):
- Add Monero ports to the ReducedExitPolicy. Closes ticket 41168.
o Minor features (HTTPTunnelPort):
- Implement new HTTPTunnelPort features for interoperability with
Arti's HTTP CONNECT proxy. This work adds new headers to requests
to and replies from the HttpConnectPort, support for OPTIONS
requests, tightens the expected syntax for Proxy-Authorization,
and increases defense-in-depth against some kinds of cross-site
HTTP attacks. Closes ticket 41156. Implements proposal 365.
o Minor features (linux seccomp2 sandbox):
- Allow the fstatat64 and statx syscalls on i386 architecture when
glibc >= 2.33. On i386, glibc uses fstatat64 instead of newfstatat
for stat operations, and statx for time64 support. Without this,
SIGHUP configuration reload fails when using sandbox mode with
%include directives on i386 with Debian Bookworm or newer.
- Allow the lstat64 syscall on i386 architecture. This syscall is
used by glob() in glibc 2.36+ when processing %include directives
with directory patterns.
o Minor bugfixes (DNS, exit):
- Clip every returned DNS TTL to 60 (RESOLVED) in order to mitigate
an exit DNS cache oracle. Fixes bug 40979; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (spec conformance):
- Do not treat "15" as a recognized remote END reason code.
Formerly, we treated it as synonymous with a local ENTRYPOLICY,
which isn't a valid remote code at all. Fixes bug 41171; bugfix
on 0.2.0.8-alpha.
o Minor bugfixes (tooling):
- Fix a false positive valgrind related to inspecting a bitfield
next to another uninitialized bitfield. Fixes bug 41182; bugfix
on 0.3.3.2-alpha.
o Minor bugfixes (warnings):
- Fix minor warnings from newer versions of shellcheck and clang.
Fixes bug 41166; bugfix on 0.4.3.1-alpha and several
other versions.
0.4.9.3-alpha
This is the third alpha release and likely the last before going stable.
This release contains the new CGO circuit encryption. See proposal 359 for
more details. Several TLS minor fixes which will strengthen the link
security.
o New system requirements:
- When built with LibreSSL, Tor now requires LibreSSL 3.7 or later.
Part of ticket 41059.
- When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later.
(We strongly recommend 3.0 or later, but still build with 1.1.1,
even though it is not supported by the OpenSSL team, due to its
presence in Debian oldstable.) Part of ticket 41059.
o Major features (cell format):
- Tor now has (unused) internal support to encode and decode relay
messages in the new format required by our newer CGO encryption
algorithm. Closes ticket 41051. Part of proposal 359.
o Major features (cryptography):
- Clients and relays can now negotiate Counter Galois Onion (CGO)
relay cryptography, as designed by Jean Paul Degabriele,
Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO
provides improved resistance to several kinds of tagging attacks,
better forward secrecy, and better forgery resistance. Closes
ticket 41047. Implements proposal 359.
o Major bugfixes (onion service directory cache):
- Preserve the download counter of an onion service descriptor
across descriptor uploads, so that recently updated descriptors
don't get pruned if there is memory pressure soon after update.
Additionally, create a separate torrc option MaxHSDirCacheBytes
that defaults to the former 20% of MaxMemInQueues threshold, but
can be controlled by relay operators under DoS. Also enforce this
threshold during HSDir uploads. Fixes bug 41006; bugfix
on 0.4.8.14.
o Minor features (security):
- Increase the size of our finite-field Diffie Hellman TLS group
(which we should never actually use!) to 2048 bits. Part of
ticket 41067.
- Require TLS version 1.2 or later. (Version 1.3 support will be
required in the near future.) Part of ticket 41067.
- Update TLS 1.2 client cipher list to match current Firefox. Part
of ticket 41067.
o Minor features (security, TLS):
- When we are running with OpenSSL 3.5.0 or later, support using the
ML-KEM768 for post-quantum key agreement. Closes ticket 41041.
o Minor feature (client, TLS):
- Set the TLS 1.3 cipher list instead of falling back on the
default value.
o Minor feature (padding, logging):
- Reduce the amount of messages being logged related to channel
padding timeout when log level is "notice".
o Minor features (bridges):
- Save complete bridge lines to 'datadir/bridgelines'. Closes
ticket 29128.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on September 16, 2025.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/09/16.
o Minor features (hidden services):
- Reduce the minimum value of hsdir_interval to match recent tor-
spec change.
o Minor features (hsdesc POW):
- Tolerate multiple PoW schemes in onion service descriptors, for
future extensibility. Implements torspec ticket 272.
o Minor features (performance TLS):
- When running with with OpenSSL 3.0.0 or later, support using
X25519 for TLS key agreement. (This should slightly improve
performance for TLS session establishment.)
o Minor features (portability):
- Fix warnings when compiling with GCC 15. Closes ticket 41079.
o Minor bugfix (conflux):
- Remove the pending nonce if we realize that the nonce of the
unlinked circuit is not tracked anymore. Should avoid the non
fatal assert triggered with a control port circuit event. Fixes
bug 41037; bugfix on 0.4.8.15.
o Minor bugfixes (bridges, pluggable transport):
- Fix a bug causing the initial tor process to hang instead of
exiting with RunAsDaemon, when pluggable transports are used.
Fixes bug 41088; bugfix on 0.4.9.1-alpha.
o Minor bugfixes (circuit handling):
- Prevent circuit_mark_for_close() from being called twice on the
same circuit. Fixes bug 40951; bugfix on 0.4.8.16-dev.
- Prevent circuit_mark_for_close() from being called twice on the
same circuit. Second fix attempt Fixes bug 41106; bugfix
on 0.4.8.17
o Minor bugfixes (compilation):
- Fix linking on systems without a working stdatomic.h. Fixes bug
41076; bugfix on 0.4.9.1-alpha.
o Minor bugfixes (compiler warnings):
- Make sure the two bitfields in the half-closed edge struct are
unsigned, as we're using them for boolean values and assign 1 to
them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
o Minor bugfixes (logging, metrics port):
- Count BUG statements for the MetricsPort only if they are warnings
or errors. Fixes bug 41104; bugfix on 0.4.7.1-alpha. Patch
contributed by shadowcoder.
o Minor bugfixes (protocol):
- Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH
messages. Previously, it was always set to the maximum value.
Fixes bug 41056; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (relay):
- Fix a crash when FamilyKeyDir is a path that cannot be read. Fixes
bug 41043; bugfix on 0.4.9.2-alpha.
o Minor bugfixes (threads):
- Make thread control POSIX compliant. Fixes bug 41109; bugfix
on 0.4.8.17-dev.
o Removed features:
- Relays no longer support clients that falsely advertise TLS
ciphers they don't really support. (Clients have not done this
since 0.2.3.17-beta). Part of ticket 41031.
- Relays no longer support clients that require obsolete v1 and v2
link handshakes. (The v3 link handshake has been supported since
0.2.3.6-alpha). Part of ticket 41031.
0.4.9.2-alpha
This is the second alpha of the 0.4.9.x series. We have several new minor
features and a big one, the happy families that was long awaited by relay
operators. This release also fixes a number of bugs including major ones.
o Major feature (happy families):
- Clients and relays now support "happy families", a system to
simplify relay family operation and improve directory performance.
With "happy families", relays in a family shares a secret "family
key", which they use to prove their membership in the family.
Implements proposal 321; closes ticket 41009. Note that until
enough clients are upgraded, relay operators will still need to
configure MyFamily lists. But once clients no longer depend on
those lists, we will be able to remove them entirely, thereby
simplifying family operation, and making microdescriptor downloads
approximately 80% smaller. For more information, see
https://community.torproject.org/relay/setup/post-install/family-ids/
o Major features (client):
- Clients now respect "happy families" per proposal 321. This
feature will eventually allow a much more compact representation
for relay families, for a significant savings in directory
download size.
o Minor feature (onion service, control port):
- Add 3 more keywords to the ADD_ONION control command:
PoWDefensesEnabled, PoWQueueRate and PoWQueueBurst which correspond
to HiddenServicePoWDefensesEnabled, HiddenServicePoWQueueRate and
HiddenServicePoWQueueBurst from torrc.
o Minor feature (testing, CI):
- Use a fixed version of chutney (be881a1e) instead of its current
HEAD. This version should also be preferred when testing locally.
o Minor features (compilation):
- Fix a warning when compiling with GCC 14.2. Closes 41032.
o Minor features (continuous integration):
- Upgrade CI runners to use Debian Bookworm instead of Bullseye.
Closes ticket 41029.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on February 05, 2025.
- Regenerate fallback directories generated on March 20, 2025.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/02/05.
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/03/20.
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2025/03/24.
o Minor features (recommended protocols):
- Directory authorities now vote to recommend that clients support
certain protocols beyond those that are required. These include
improved support for connecting to relays on IPv6, NtorV3, and
congestion control. Part of ticket 40836.
o Minor features (required protocols):
- Directory authorities now vote to require clients to support the
authenticated SENDME feature, which was introduced in
0.4.1.1-alpha. Part of ticket 40836.
- Directory authorities now vote to require relays to support
certain protocols, all of which have been implemented since
0.4.7.4-alpha or earlier. These include improved support for
connecting to relays on IPv6, NtorV3, running as a rate-limited
introduction point, authenticated SENDMEs, and congestion control.
Part of ticket 40836.
o Major bugfix (control-events, bw-cache):
- Fixes spikes occurring in bandwidth cache on control connection.
Fixes bug 31524; bugfix on 0.4.8.12-dev.
o Major bugfixes (conflux):
- Ensure conflux guards obey family and subnet restrictions. Fixes
bug 40976; bugfix on 0.4.8.13.
o Major bugfixes (onion service directory cache):
- When the OOM killer kicks in, cleanup the descriptor cache of an
HSDir by looking at the lowest downloaded count instead of time in
cache. Fixes bug 40996; bugfix on 0.3.5.1-alpha.
o Minor bugfix (client DNS):
- Handle empty DNS reply without sending back an error and instead
send back NOERROR (RFC1035 error code 0x0). Fixes bug 40248;
bugfix on 0.3.5.1-alpha.
o Minor bugfix (conflux):
- Avoid a non fatal assert when describing a conflux circuit on the
control port after being prepped to be freed. Fixes bug 41037;
bugfix on 0.4.8.15.
o Minor bugfix (dirauth):
- Fix typo in flag assignment approved-routers file. Fixes bug
41035; bugfix on 0.4.8.15
o Minor bugfixes (control port):
- Correctly report conflux pair information to controller fields
Fixes bug 40872; bugfix on 0.4.8.1-alpha
o Minor bugfixes (directory authorities):
- After we added layer-two vanguards, directory authorities wouldn't
think any of their vanguards were suitable for circuits, leading
to a "Failed to find node for hop #2 of our path. Discarding this
circuit." log message once per second from startup until they made
a fresh consensus. Now they look to their existing consensus on
startup, letting them build circuits properly from the beginning.
Fixes bug 40802; bugfix on 0.4.7.1-alpha.
o Minor bugfixes (relay flag usage):
- Fix client usage of the MiddleOnly flag so that MiddleOnly relays
are not used as HS IP or RP by clients or services. Additionally,
give dirauths the ability to remove specific flags, as an
alternative to MiddleOnly. Fixes bug 41023; bugfix on 0.4.7.2-alpha
o Minor bugfixes (sandbox, bwauth):
- Fix sandbox to work for bandwidth authority. Fixes bug 40933;
bugfix on 0.2.2.1-alpha
o Minor bugfixes (tests):
- Fix a test failure with OpenSSL builds running at security level 1
or greater, which does not permit SHA-1 certificates. (Fixes bug
41021; bugfix on 0.2.8.1-alpha.)
o Minor bugfixes (threads, memory):
- Improvements in cleanup of resources used by threads. Fixes bug
40991; bugfix on 0.4.8.13-dev.
- Rework start and exit of worker threads.
o Removed features:
- Relays no longer support the obsolete "RSA-SHA256-TLSSecret"
authentication method, which used a dangerously short RSA key, and
which required access TLS session internals. The current method
("Ed25519-SHA256-RFC5705") has been supported since 0.3.0.1-alpha.
Closes ticket 41020.
0.4.9.1-alpha
This is the first alpha of the 0.4.9.x series. This release mostly consists
of bugfixes including some major ones. There are several minor features in
this release but no large new subsystem.
o Major bugfixes (sandbox):
- Fix sandbox to work on architectures that use Linux's generic
syscall interface, extending support for AArch64 (ARM64) and
adding support for RISC-V, allowing test_include.sh and the
sandbox unit tests to pass on these systems even when building
with fragile hardening enabled. Fixes bugs 40465 and 40599; bugfix
on 0.2.5.1-alpha.
o Minor feature (defense in depth):
- Verify needle is smaller than haystack before calling memmem.
Closes ticket 40854.
o Minor feature (directory authority):
- Introduce MinimalAcceptedServerVersion to allow modification of
minimal accepted version for relays without requiring a new tor
release. Closes ticket 40817.
o Minor feature (exit policies):
- Implement reevaluating new exit policy against existing
connections. This is controlled by new config option
ReevaluateExitPolicy, defaulting to 0. Closes ticket 40676.
o Minor feature (exit relay, DoS resistance):
- Implement a token-bucket based rate limiter for stream creation
and resolve request. It is configured by the DoSStream* family of
configuration options. Closes ticket 40736.
o Minor feature (metrics port):
- New metrics on the MetricsPort for the number of BUG() that
occurred at runtime. Closes MR 760.
o Minor feature (metrics port, relay):
- Add new metrics for relays on the MetricsPort namely the count of
drop cell, destroy cell and the number of circuit protocol
violation seen that lead to a circuit close. Closes ticket 40816.
o Minor feature (testing):
- test-network now unconditionally includes IPv6 instead of trying
to detect IPv6 support.
o Minor feature (testing, CI):
- Use a fixed version of chutney (be881a1e) instead of its current
HEAD. This version should also be preferred when testing locally.
o Minor features (forward-compatibility):
- We now correctly parse microdescriptors and router descriptors
that do not include TAP onion keys. (For backward compatibility,
authorities continue to require these keys.) Implements part of
proposal 350.
o Minor features (portability, android):
- Use /data/local/tmp for data storage on Android by default. Closes
ticket 40487. Patch from Hans-Christoph Steiner.
o Minor features (SOCKS):
- Detect invalid SOCKS5 username/password combinations according to
new extended parameters syntax. (Currently, this rejects any
SOCKS5 username beginning with "<torS0X>", except for the username
"<torS0X>0". Such usernames are now reserved to communicate
additional parameters with other Tor implementations.) Implements
proposal 351.
o Minor bugfix (MetricsPort, relay):
- Handle rephist tracking of ntor and ntor_v3 handshakes
individually such that MetricsPort exposes the correct values.
Fixes bug 40638; bugfix on 0.4.7.11.
o Minor bugfix (process):
- Avoid closing all possible FDs when spawning a process (PT). On
some systems, this could lead to 3+ minutes hang. Fixes bug 40990;
bugfix on 0.3.5.1-alpha.
o Minor bugfix (relay, sandbox):
- Disable a sandbox unit test that is failing on Debian Sid breaking
our nightly packages. Fixes bug 40918; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (bridge):
- Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set
to 0. Fixes bug 40884; bugfix on 0.4.8.3-rc.
o Minor bugfixes (compiler warnings):
- Make sure the two bitfields in the half-closed edge struct are
unsigned, as we're using them for boolean values and assign 1 to
them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
o Minor bugfixes (conflux, client):
- Avoid a non fatal assert caused by data coming in on a conflux set
that is being freed during shutdown. Fixes bug 40870; bugfix
on 0.4.8.1-alpha.
o Minor bugfixes (memory):
- Fix a pointer free that wasn't set to NULL afterwards which could
be reused by calling back in the free all function. Fixes bug
40989; bugfix on 0.4.8.13.
o Minor bugfixes (sandbox, bwauth):
- Fix sandbox to work for bandwidth authority. Fixes bug 40933;
bugfix on 0.2.2.1-alpha
o Minor bugfixes (testing):
- Enabling TestingTorNetwork no longer forces fast hidden service
intro point rotation. This reduces noise and errors when using
hidden services with TestingTorNetwork enabled. Fixes bug 40922;
bugfix on 0.3.2.1-alpha.
o Minor bugfixes (tor-resolve):
- Create socket with correct family as given by sockshost, fixes
IPv6. Fixes bug 40982; bugfix on 0.4.9.0-alpha.
o Removed features:
- Directory authorities no longer support consensus methods before
method 32. Closes ticket 40835.
o Removed features (directory authority):
- We include a new consensus method that removes support for
computing "package" lines in consensus documents. This feature was
never used, and support for including it in our votes was removed
in 0.4.2.1-alpha. Finishes implementation of proposal 301.
o Removed features (obsolete):
- Relays no longer support the obsolete TAP circuit extension
protocol. (For backward compatibility, however, relays still
continue to include TAP keys in their descriptors.) Implements
part of proposal 350.
- Removed some vestigial code for selecting the TAP circuit
extension protocol.
0.4.8.22
This is likely the very last release of the 0.4.8.x series. Three major
bugfixes detailed below including two affecting directory servers (basically
all relays). We strongly recommend upgrading as soon as possible.
o Major bugfixes (security):
- Avoid an out-of-bounds read error that could occur with
V1-formatted EXTEND cells. Fixes bug 41180; bugfix on 0.4.8.1-alpha.
This is tracked as TROVE-2025-016.
o Major bugfixes (directory servers):
- Allow old clients to fetch the consensus even if they use version
0 of the SENDME protocol. In mid 2025 we changed the required
minimum version of the "FlowCtrl" protocol to 1, meaning directory
caches hang up on clients that send a version 0 SENDME cell. Since
old clients were no longer able to retrieve the consensus, they
couldn't learn about this required minimum version -- meaning
we've had many many old clients loading down directory servers for
the past months. Fixes bug 41191; bugfix on 0.4.1.1-alpha.
- Don't count networkstatus serves until they finish. When we
started serving a consensus document but the client didn't receive
all of it, we were still counting that as a success in our stats.
This mistake, which can be triggered for example by obsolete
clients or by DPI-based censorship, led to wildly inflated user
counts because we estimate total users in the world based on
successful consensus fetches. Fixes bug 41192; bugfix
on 0.2.1.1-alpha.
o Minor feature (testing, CI):
- Bump the CI version of chutney to the current version as of
2026-01-21 (3338f5c).
o Minor features (debugging, compression):
- Do not check for compression bombs for buffers smaller than 5MB
(increased from 64 KB). Fixes ticket 40739; bugfix on 0.2.1.29.
o Minor features (directory servers):
- Track how many times directory servers begin serving networkstatus
documents, so we can compare it to the number of times we finish
serving them. Motivated by the fixes in ticket 41192.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on January 28, 2026.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2026/01/28.
o Minor bugfixes (relay):
- Downgrade "Error relaying cell across rendezvous" log warn to info
as the error condition is possible under normal circumstances. Fixes
bug 40951; bugfix on 0.3.5.1-alpha.
o Code simplification and refactoring:
- Simplify SOCKS4a parsing to avoid the (false) appearance of
integer underflows, and to make the logic more obvious. Fixes bug
41190; bugfix on 0.3.5.1-alpha.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
https://git.ipfire.org/?p=ipfire-2.x.git;a=shortlog;h=c4ae15e75de968e684161d9162a1575fc7f69a1f
Packaged toolchain compilation
Building IPFire
stage2 [ 1 ][ DONE ]
linux (6.18.7) HEADERS=1 [ 25 ][ DONE ]
man-pages (6.17) [ 18 ][ DONE ]
glibc (2.43) [ 6:33 ][ DONE ]
tzdata (2026a) [ 2 ][ DONE ]
cleanup-toolchain [ 0 ][ DONE ]
zlib-ng (2.3.3) [ 12 ][ DONE ]
zstd (1.5.7) [ 1 ][ DONE ]
autoconf (2.73) [ 1 ][ DONE ]
autoconf-archive (2024.10.16) [ 2 ][ DONE ]
automake (1.18.1) [ 3 ][ DONE ]
help2man (1.49.3) [ 0 ][ DONE ]
libtool (2.5.4) [ 8 ][ DONE ]
binutils (2.46.0) [ 59 ][ DONE ]
gmp (6.3.0) [ 31 ][ DONE ]
mpfr (4.2.2) [ 20 ][ DONE ]
libmpc (1.4.0) [ 6 ][ DONE ]
pkg-config (0.29.2) [ 26 ][ DONE ]
libxcrypt (4.5.2) [ 17 ][ DONE ]
file (5.47) [ 7 ][ DONE ]
gcc (15.2.0) [ 6:12 ][ DONE ]
attr (2.5.2) [ 5 ][ DONE ]
acl (2.3.2) [ 7 ][ DONE ]
sed (4.9) [ 28 ][ DONE ]
berkeley (5.3.28) [ 27 ][ DONE ]
coreutils (9.10) [ 1:13 ][ DONE ]
iana-etc (20260327) [ 0 ][ DONE ]
m4 (1.4.21) [ 43 ][ DONE ]
bison (3.8.2) [ 32 ][ DONE ]
ncurses (6.6) [ 32 ][ DONE ]
perl (5.36.0) [ 1:54 ][ DONE ]
readline (8.3) [ 7 ][ DONE ]
bzip2 (1.0.8) [ 1 ][ DONE ]
xz (5.8.3) [ 13 ][ DONE ]
lzip (1.25) [ 1 ][ DONE ]
pcre (8.45) [ 8 ][ DONE ]
pcre2 (10.47) [ 7 ][ DONE ]
gettext (1.0) [ 3:35 ][ DONE ]
bash (5.3) [ 28 ][ DONE ]
diffutils (3.12) [ 37 ][ DONE ]
ed (1.22.2) [ 1 ][ DONE ]
findutils (4.10.0) [ 40 ][ DONE ]
flex (2.6.4) [ 9 ][ DONE ]
gawk (5.3.2) [ 14 ][ DONE ]
go (1.20.4) [ 21 ][ DONE ]
grep (3.12) [ 36 ][ DONE ]
groff (1.24.1) [ 53 ][ DONE ]
gperf (3.3) [ 10 ][ DONE ]
gzip (1.14) [ 17 ][ DONE ]
hostname (3.20) [ 0 ][ DONE ]
whois (5.6.5) [ 1 ][ DONE ]
kbd (2.9.0) [ 14 ][ DONE ]
less (692) [ 4 ][ DONE ]
procps (4.0.6) [ 19 ][ DONE ]
make (4.4.1) [ 15 ][ DONE ]
libpipeline (1.5.8) [ 20 ][ DONE ]
man (2.13.1) [ 55 ][ DONE ]
net-tools (2.10) [ 1 ][ DONE ]
patch (2.8) [ 21 ][ DONE ]
psmisc (23.7) [ 6 ][ DONE ]
shadow (4.18.0) [ 16 ][ DONE ]
sysklogd (2.7.2) [ 4 ][ DONE ]
sysvinit (3.14) [ 1 ][ DONE ]
tar (1.35) [ 33 ][ DONE ]
texinfo (7.2) [ 38 ][ DONE ]
util-linux (2.42) [ 32 ][ DONE ]
vim (9.2.0305) [ 18 ][ DONE ]
e2fsprogs (1.47.4) [ 13 ][ DONE ]
jq (1.8.1) [ 10 ][ DONE ]
configroot [ 1 ][ DONE ]
initscripts [ 1 ][ DONE ]
backup [ 1 ][ DONE ]
rust (1.92.0) [ 16 ][ DONE ]
openssl (3.6.1) [ 2:43 ][ DONE ]
popt (1.19) [ 4 ][ DONE ]
libedit (20251016-3.1) [ 7 ][ DONE ]
expat (2.7.5) [ 5 ][ DONE ]
libffi (3.5.2) [ 6 ][ DONE ]
gdbm (1.26) [ 12 ][ DONE ]
sqlite (3510300) [ 55 ][ DONE ]
python3 (3.10.8) [ 52 ][ DONE ]
python3-wheel (0.45.1) [ 0 ][ DONE ]
python3-toml (0.10.2) [ 0 ][ DONE ]
python3-setuptools (80.9.0) [ 3 ][ DONE ]
python3-pyproject2setuppy (22) [ 1 ][ DONE ]
python3-packaging (25.0) [ 1 ][ DONE ]
python3-pep517 (0.13.0) [ 0 ][ DONE ]
python3-build (0.8.0) [ 1 ][ DONE ]
python3-install (0.0.3) [ 1 ][ DONE ]
python3-urllib3 (1.26.12) [ 0 ][ DONE ]
python3-charset-normalizer (2.1.1) [ 1 ][ DONE ]
python3-idna (3.4) [ 1 ][ DONE ]
python3-certifi (2022.9.24) [ 1 ][ DONE ]
python3-requests (2.28.1) [ 1 ][ DONE ]
python3-docutils (0.19) [ 2 ][ DONE ]
python3-flit (3.7.1) [ 1 ][ DONE ]
python3-more_itertools (10.7.0) [ 1 ][ DONE ]
cython (3.2.4) [ 22 ][ DONE ]
ninja (1.13.2) [ 1 ][ DONE ]
meson (1.10.1) [ 3 ][ DONE ]
pam (1.7.2) [ 7 ][ DONE ]
libcap (2.77) [ 3 ][ DONE ]
libcap-ng (0.9.2) [ 13 ][ DONE ]
libpcap (1.10.6) [ 5 ][ DONE ]
ppp (2.5.2) [ 18 ][ DONE ]
pptp (1.10.0) [ 0 ][ DONE ]
unzip (60) [ 3 ][ DONE ]
which (2.23) [ 3 ][ DONE ]
bc (1.08.1) [ 2 ][ DONE ]
cpio (2.15) [ 28 ][ DONE ]
libaio (0.3.113) [ 0 ][ DONE ]
freetype (2.14.3) [ 5 ][ DONE ]
jansson (2.15.0) [ 6 ][ DONE ]
libmnl (1.0.5) [ 3 ][ DONE ]
libnfnetlink (1.0.2) [ 3 ][ DONE ]
libnetfilter_queue (1.0.5) [ 3 ][ DONE ]
libnetfilter_conntrack (1.1.1) [ 5 ][ DONE ]
libnetfilter_cthelper (1.0.1) [ 3 ][ DONE ]
libnetfilter_cttimeout (1.0.1) [ 3 ][ DONE ]
iptables (1.8.13) [ 8 ][ DONE ]
iproute2 (6.17.0) [ 2 ][ DONE ]
screen (5.0.1) [ 5 ][ DONE ]
elfutils (0.194) [ 12 ][ DONE ]
libconfig (1.8.1) [ 17 ][ DONE ]
curl (8.19.0) [ 32 ][ DONE ]
libarchive (3.8.6) [ 28 ][ DONE ]
cmake (4.1.1) [ 24 ][ DONE ]
json-c (0.18) [ 8 ][ DONE ]
tcl (8.6.14) [ 29 ][ DONE ]
expect (5.45.4) [ 7 ][ DONE ]
python3-MarkupSafe (2.1.3) [ 1 ][ DONE ]
python3-Jinja2 (3.1.2) [ 1 ][ DONE ]
kmod (34.2) [ 3 ][ DONE ]
systemd (260.1) [ 1:12 ][ DONE ]
libusb (1.0.29) [ 6 ][ DONE ]
mdadm (4.6) [ 1 ][ DONE ]
dracut-ng (108) [ 3 ][ DONE ]
lvm2 (2.03.39) [ 15 ][ DONE ]
multipath-tools (0.8.9) [ 0 ][ DONE ]
glib (2.87.0) [ 26 ][ DONE ]
json-glib (1.10.6) [ 3 ][ DONE ]
libgudev (238) [ 2 ][ DONE ]
libgpg-error (1.58) [ 15 ][ DONE ]
libgcrypt (1.12.0) [ 19 ][ DONE ]
libassuan (3.0.2) [ 9 ][ DONE ]
nettle (3.10.2) [ 9 ][ DONE ]
libsodium (1.0.21) [ 10 ][ FAIL ]
/usr/lib/gcc/aarch64-unknown-linux-gnu/15.2.0/include/arm_neon.h:11566:38: note: expected 'uint8x16_t' but argument is of type 'BlockVec' {aka 'uint64x2_t'}
11566 | vextq_u8 (uint8x16_t __a, uint8x16_t __b, __const int __c)
| ~~~~~~~~~~~^~~
crypto_ipcrypt/ipcrypt_armcrypto.c:356:60: error: incompatible type for argument 1 of 'vorrq_u8'
356 | v = vreinterpretq_u64_u8(vorrq_u8(shl, carries));
| ^~~
| |
| BlockVec {aka uint64x2_t}
/usr/lib/gcc/aarch64-unknown-linux-gnu/15.2.0/include/arm_neon.h:1193:22: note: expected 'uint8x16_t' but argument is of type 'BlockVec' {aka 'uint64x2_t'}
1193 | vorrq_u8 (uint8x16_t __a, uint8x16_t __b)
| ~~~~~~~~~~~^~~
crypto_ipcrypt/ipcrypt_armcrypto.c:356:65: error: incompatible type for argument 2 of 'vorrq_u8'
356 | v = vreinterpretq_u64_u8(vorrq_u8(shl, carries));
| ^~~~~~~
| |
| BlockVec {aka uint64x2_t}
/usr/lib/gcc/aarch64-unknown-linux-gnu/15.2.0/include/arm_neon.h:1193:38: note: expected 'uint8x16_t' but argument is of type 'BlockVec' {aka 'uint64x2_t'}
1193 | vorrq_u8 (uint8x16_t __a, uint8x16_t __b)
| ~~~~~~~~~~~^~~
make[4]: *** [Makefile:2712: crypto_ipcrypt/libarmcrypto_la-ipcrypt_armcrypto.lo] Error 1
make[4]: *** Waiting for unfinished jobs....
make[4]: Leaving directory '/usr/src/libsodium-1.0.21/src/libsodium'
make[3]: *** [Makefile:3715: all-recursive] Error 1
make[3]: Leaving directory '/usr/src/libsodium-1.0.21/src/libsodium'
make[2]: *** [Makefile:413: all-recursive] Error 1
make[2]: Leaving directory '/usr/src/libsodium-1.0.21/src'
make[1]: *** [Makefile:528: all-recursive] Error 1
make[1]: Leaving directory '/usr/src/libsodium-1.0.21'
make: *** [libsodium:77: /usr/src/log/libsodium-1.0.21] Error 2
make: Leaving directory '/usr/src/lfs'
ERROR: Building libsodium [ FAIL ]
Check /build/nightly/next/log_aarch64/_build.ipfire.log for errors if applicable[ FAIL ]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-04-08 16:51 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-04-08 16:51 [FAILED] Nightly Build of next (c4ae15e) for aarch64 on arm64-01.zrh.ipfire.org IPFire Nightly Builder
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox