commit 974170a97444528b0164d277c9567ed711925882
parent 7f69b3ae13d20c38a634d00e3f79f4247cce63a0
Author: David Goulet <dgoulet@torproject.org>
Date: Tue, 16 Sep 2025 11:04:31 -0400
release: ChangeLog and ReleaseNotes for 0.4.9.2-alpha
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat:
29 files changed, 281 insertions(+), 121 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,142 @@
+Changes in version 0.4.9.2-alpha - 2025-09-16
+ This is the second alpha release and likely the last before going stable.
+ This release contains the new CGO circuit encryption. See proposal 359 for
+ more details. Several TLS minor fixes which will strengthen the link
+ security.
+
+ o New system requirements:
+ - When built with LibreSSL, Tor now requires LibreSSL 3.7 or later.
+ Part of ticket 41059.
+ - When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later.
+ (We strongly recommend 3.0 or later, but still build with 1.1.1,
+ even though it is not supported by the OpenSSL team, due to its
+ presence in Debian oldstable.) Part of ticket 41059.
+
+ o Major features (cell format):
+ - Tor now has (unused) internal support to encode and decode relay
+ messages in the new format required by our newer CGO encryption
+ algorithm. Closes ticket 41051. Part of proposal 359.
+
+ o Major features (cryptography):
+ - Clients and relays can now negotiate Counter Galois Onion (CGO)
+ relay cryptography, as designed by Jean Paul Degabriele,
+ Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO
+ provides improved resistance to several kinds of tagging attacks,
+ better forward secrecy, and better forgery resistance. Closes
+ ticket 41047. Implements proposal 359.
+
+ o Major bugfixes (onion service directory cache):
+ - Preserve the download counter of an onion service descriptor
+ across descriptor uploads, so that recently updated descriptors
+ don't get pruned if there is memory pressure soon after update.
+ Additionally, create a separate torrc option MaxHSDirCacheBytes
+ that defaults to the former 20% of MaxMemInQueues threshold, but
+ can be controlled by relay operators under DoS. Also enforce this
+ theshold during HSDir uploads. Fixes bug 41006; bugfix
+ on 0.4.8.14.
+
+ o Minor features (security):
+ - Increase the size of our finite-field Diffie Hellman TLS group
+ (which we should never actually use!) to 2048 bits. Part of
+ ticket 41067.
+ - Require TLS version 1.2 or later. (Version 1.3 support will be
+ required in the near future.) Part of ticket 41067.
+ - Update TLS 1.2 client cipher list to match current Firefox. Part
+ of ticket 41067.
+
+ o Minor features (security, TLS):
+ - When we are running with OpenSSL 3.5.0 or later, support using the
+ ML-KEM768 for post-quantum key agreement. Closes ticket 41041.
+
+ o Minor feature (client, TLS):
+ - Set the TLS 1.3 cipher list instead of falling back on the
+ default value.
+
+ o Minor feature (padding, logging):
+ - Reduce the amount of messages being logged related to channel
+ padding timeout when log level is "notice".
+
+ o Minor features (bridges):
+ - Save complete bridge lines to 'datadir/bridgelines'. Closes
+ ticket 29128.
+
+ o Minor features (fallbackdir):
+ - Regenerate fallback directories generated on September 16, 2025.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2025/09/16.
+
+ o Minor features (hidden services):
+ - Reduce the minimum value of hsdir_interval to match recent tor-
+ spec change.
+
+ o Minor features (hsdesc POW):
+ - Tolerate multiple PoW schemes in onion service descriptors, for
+ future extensibility. Implements torspec ticket 272.
+
+ o Minor features (performance TLS):
+ - When running with with OpenSSL 3.0.0 or later, support using
+ X25519 for TLS key agreement. (This should slightly improve
+ performance for TLS session establishment.)
+
+ o Minor features (portability):
+ - Fix warnings when compiling with GCC 15. Closes ticket 41079.
+
+ o Minor bugfix (conflux):
+ - Remove the pending nonce if we realize that the nonce of the
+ unlinked circuit is not tracked anymore. Should avoid the non
+ fatal assert triggered with a control port circuit event. Fixes
+ bug 41037; bugfix on 0.4.8.15.
+
+ o Minor bugfixes (bridges, pluggable transport):
+ - Fix a bug causing the initial tor process to hang intead of
+ exiting with RunAsDaemon, when pluggable transports are used.
+ Fixes bug 41088; bugfix on 0.4.9.1-alpha.
+
+ o Minor bugfixes (circuit handling):
+ - Prevent circuit_mark_for_close() from being called twice on the
+ same circuit. Fixes bug 40951; bugfix on 0.4.8.16-dev.
+ - Prevent circuit_mark_for_close() from being called twice on the
+ same circuit. Second fix attempt Fixes bug 41106; bugfix
+ on 0.4.8.17
+
+ o Minor bugfixes (compilation):
+ - Fix linking on systems without a working stdatomic.h. Fixes bug
+ 41076; bugfix on 0.4.9.1-alpha.
+
+ o Minor bugfixes (compiler warnings):
+ - Make sure the two bitfields in the half-closed edge struct are
+ unsigned, as we're using them for boolean values and assign 1 to
+ them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
+
+ o Minor bugfixes (logging, metrics port):
+ - Count BUG statements for the MetricsPort only if they are warnings
+ or errors. Fixes bug 41104; bugfix on 0.4.7.1-alpha. Patch
+ contributed by shadowcoder.
+
+ o Minor bugfixes (protocol):
+ - Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH
+ messages. Previously, it was always set to the maximum value.
+ Fixes bug 41056; bugfix on 0.4.8.1-alpha.
+
+ o Minor bugfixes (relay):
+ - Fix a crash when FamilyKeyDir is a path that cannot be read. Fixes
+ bug 41043; bugfix on 0.4.9.2-alpha.
+
+ o Minor bugfixes (threads):
+ - Make thread control POSIX compliant. Fixes bug 41109; bugfix
+ on 0.4.8.17-dev.
+
+ o Removed features:
+ - Relays no longer support clients that falsely advertise TLS
+ ciphers they don't really support. (Clients have not done this
+ since 0.2.3.17-beta). Part of ticket 41031.
+ - Relays no longer support clients that require obsolete v1 and v2
+ link handshakes. (The v3 link handshake has been supported since
+ 0.2.3.6-alpha). Part of ticket 41031.
+
+
Changes in version 0.4.8.17 - 2025-06-30
This is a minor providing a series of minor features especially in the realm
of TLS. It also brings a new set of recommended and required sub protocols.
diff --git a/ReleaseNotes b/ReleaseNotes
@@ -2,6 +2,148 @@ This document summarizes new features and bugfixes in each stable
release of Tor. If you want to see more detailed descriptions of the
changes in each development snapshot, see the ChangeLog file.
+Changes in version 0.4.9.2-alpha - 2025-09-16
+ This is the second alpha release and likely the last before going stable.
+ This release contains the new CGO circuit encryption. See proposal 359 for
+ more details. Several TLS minor fixes which will strengthen the link
+ security.
+
+ o New system requirements:
+ - When built with LibreSSL, Tor now requires LibreSSL 3.7 or later.
+ Part of ticket 41059.
+ - When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later.
+ (We strongly recommend 3.0 or later, but still build with 1.1.1,
+ even though it is not supported by the OpenSSL team, due to its
+ presence in Debian oldstable.) Part of ticket 41059.
+
+ o Major features (cell format):
+ - Tor now has (unused) internal support to encode and decode relay
+ messages in the new format required by our newer CGO encryption
+ algorithm. Closes ticket 41051. Part of proposal 359.
+
+ o Major features (cryptography):
+ - Clients and relays can now negotiate Counter Galois Onion (CGO)
+ relay cryptography, as designed by Jean Paul Degabriele,
+ Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO
+ provides improved resistance to several kinds of tagging attacks,
+ better forward secrecy, and better forgery resistance. Closes
+ ticket 41047. Implements proposal 359.
+
+ o Major bugfixes (onion service directory cache):
+ - Preserve the download counter of an onion service descriptor
+ across descriptor uploads, so that recently updated descriptors
+ don't get pruned if there is memory pressure soon after update.
+ Additionally, create a separate torrc option MaxHSDirCacheBytes
+ that defaults to the former 20% of MaxMemInQueues threshold, but
+ can be controlled by relay operators under DoS. Also enforce this
+ theshold during HSDir uploads. Fixes bug 41006; bugfix
+ on 0.4.8.14.
+
+ o Minor features (security):
+ - Increase the size of our finite-field Diffie Hellman TLS group
+ (which we should never actually use!) to 2048 bits. Part of
+ ticket 41067.
+ - Require TLS version 1.2 or later. (Version 1.3 support will be
+ required in the near future.) Part of ticket 41067.
+ - Update TLS 1.2 client cipher list to match current Firefox. Part
+ of ticket 41067.
+
+ o Minor features (security, TLS):
+ - When we are running with OpenSSL 3.5.0 or later, support using the
+ ML-KEM768 for post-quantum key agreement. Closes ticket 41041.
+
+ o Minor feature (client, TLS):
+ - Set the TLS 1.3 cipher list instead of falling back on the
+ default value.
+
+ o Minor feature (padding, logging):
+ - Reduce the amount of messages being logged related to channel
+ padding timeout when log level is "notice".
+
+ o Minor features (bridges):
+ - Save complete bridge lines to 'datadir/bridgelines'. Closes
+ ticket 29128.
+
+ o Minor features (fallbackdir):
+ - Regenerate fallback directories generated on June 30, 2025.
+ - Regenerate fallback directories generated on September 16, 2025.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2025/06/30.
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2025/09/16.
+
+ o Minor features (hidden services):
+ - Reduce the minimum value of hsdir_interval to match recent tor-
+ spec change.
+
+ o Minor features (hsdesc POW):
+ - Tolerate multiple PoW schemes in onion service descriptors, for
+ future extensibility. Implements torspec ticket 272.
+
+ o Minor features (performance TLS):
+ - When running with with OpenSSL 3.0.0 or later, support using
+ X25519 for TLS key agreement. (This should slightly improve
+ performance for TLS session establishment.)
+
+ o Minor features (portability):
+ - Fix warnings when compiling with GCC 15. Closes ticket 41079.
+
+ o Minor bugfix (conflux):
+ - Remove the pending nonce if we realize that the nonce of the
+ unlinked circuit is not tracked anymore. Should avoid the non
+ fatal assert triggered with a control port circuit event. Fixes
+ bug 41037; bugfix on 0.4.8.15.
+
+ o Minor bugfixes (bridges, pluggable transport):
+ - Fix a bug causing the initial tor process to hang intead of
+ exiting with RunAsDaemon, when pluggable transports are used.
+ Fixes bug 41088; bugfix on 0.4.9.1-alpha.
+
+ o Minor bugfixes (circuit handling):
+ - Prevent circuit_mark_for_close() from being called twice on the
+ same circuit. Fixes bug 40951; bugfix on 0.4.8.16-dev.
+ - Prevent circuit_mark_for_close() from being called twice on the
+ same circuit. Second fix attempt Fixes bug 41106; bugfix
+ on 0.4.8.17
+
+ o Minor bugfixes (compilation):
+ - Fix linking on systems without a working stdatomic.h. Fixes bug
+ 41076; bugfix on 0.4.9.1-alpha.
+
+ o Minor bugfixes (compiler warnings):
+ - Make sure the two bitfields in the half-closed edge struct are
+ unsigned, as we're using them for boolean values and assign 1 to
+ them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
+
+ o Minor bugfixes (logging, metrics port):
+ - Count BUG statements for the MetricsPort only if they are warnings
+ or errors. Fixes bug 41104; bugfix on 0.4.7.1-alpha. Patch
+ contributed by shadowcoder.
+
+ o Minor bugfixes (protocol):
+ - Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH
+ messages. Previously, it was always set to the maximum value.
+ Fixes bug 41056; bugfix on 0.4.8.1-alpha.
+
+ o Minor bugfixes (relay):
+ - Fix a crash when FamilyKeyDir is a path that cannot be read. Fixes
+ bug 41043; bugfix on 0.4.9.2-alpha.
+
+ o Minor bugfixes (threads):
+ - Make thread control POSIX compliant. Fixes bug 41109; bugfix
+ on 0.4.8.17-dev.
+
+ o Removed features:
+ - Relays no longer support clients that falsely advertise TLS
+ ciphers they don't really support. (Clients have not done this
+ since 0.2.3.17-beta). Part of ticket 41031.
+ - Relays no longer support clients that require obsolete v1 and v2
+ link handshakes. (The v3 link handshake has been supported since
+ 0.2.3.6-alpha). Part of ticket 41031.
+
+
Changes in version 0.4.8.17 - 2025-06-30
This is a minor providing a series of minor features especially in the realm
of TLS. It also brings a new set of recommended and required sub protocols.
diff --git a/changes/41031 b/changes/41031
@@ -1,8 +0,0 @@
- o Removed features:
- - Relays no longer support clients that require obsolete v1 and v2
- link handshakes. (The v3 link handshake has been supported since
- 0.2.3.6-alpha). Part of ticket 41031.
- - Relays no longer support clients that falsely advertise TLS
- ciphers they don't really support.
- (Clients have not done this since 0.2.3.17-beta).
- Part of ticket 41031.
diff --git a/changes/bug40911 b/changes/bug40911
@@ -1,5 +0,0 @@
- o Minor bugfixes (compiler warnings):
- - Make sure the two bitfields in the half-closed edge struct are
- unsigned, as we're using them for boolean values and assign 1 to
- them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
-
diff --git a/changes/bug40951 b/changes/bug40951
@@ -1,4 +0,0 @@
- o Minor bugfixes (circuit handling):
- - Prevent circuit_mark_for_close() from
- being called twice on the same circuit.
- Fixes bug 40951; bugfix on 0.4.8.16-dev.
-\ No newline at end of file
diff --git a/changes/bug41043 b/changes/bug41043
@@ -1,3 +0,0 @@
- o Minor bugfixes (relay):
- - Fix a crash when FamilyKeyDir is a path that cannot be read.
- Fixes bug 41043; bugfix on 0.4.9.2-alpha.
diff --git a/changes/bug41056 b/changes/bug41056
@@ -1,4 +0,0 @@
- o Minor bugfixes (protocol):
- - Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH
- messages. Previously, it was always set to the maximum value.
- Fixes bug 41056; bugfix on 0.4.8.1-alpha.
diff --git a/changes/bug41076 b/changes/bug41076
@@ -1,3 +0,0 @@
- o Minor bugfixes (compilation):
- - Fix linking on systems without a working stdatomic.h.
- Fixes bug 41076; bugfix on 0.4.9.1-alpha.
diff --git a/changes/bug41088 b/changes/bug41088
@@ -1,4 +0,0 @@
- o Minor bugfixes (bridges, pluggable transport):
- - Fix a bug causing the initial tor process to hang intead of exiting with
- RunAsDaemon, when pluggable transports are used.
- Fixes bug 41088; bugfix on 0.4.9.1-alpha.
diff --git a/changes/bug41106 b/changes/bug41106
@@ -1,5 +0,0 @@
- o Minor bugfixes (circuit handling):
- - Prevent circuit_mark_for_close() from
- being called twice on the same circuit.
- Second fix attempt
- Fixes bug 41106; bugfix on 0.4.8.17
diff --git a/changes/bug41109 b/changes/bug41109
@@ -1,3 +0,0 @@
- o Minor bugfixes (threads):
- - Make thread control POSIX compliant.
- Fixes bug 41109; bugfix on 0.4.8.17-dev.
diff --git a/changes/cgo b/changes/cgo
@@ -1,8 +0,0 @@
- o Major features (cryptography):
- - Clients and relays can now negotiate Counter Galois Onion (CGO)
- relay cryptography, as designed by Jean Paul Degabriele, Alessandro
- Melloni, Jean-Pierre Münch, and Martijn Stam.
- CGO provides improved resistance to several kinds
- of tagging attacks, better forward secrecy, and better
- forgery resistance. Closes ticket 41047.
- Implements proposal 359.
diff --git a/changes/fallbackdirs-2025-06-30 b/changes/fallbackdirs-2025-06-30
@@ -1,2 +0,0 @@
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on June 30, 2025.
diff --git a/changes/fallbackdirs-2025-09-16 b/changes/fallbackdirs-2025-09-16
@@ -1,2 +0,0 @@
- o Minor features (fallbackdir):
- - Regenerate fallback directories generated on September 16, 2025.
diff --git a/changes/gcc-15 b/changes/gcc-15
@@ -1,3 +0,0 @@
- o Minor features (portability):
- - Fix warnings when compiling with GCC 15.
- Closes ticket 41079.
diff --git a/changes/geoip-2025-06-30 b/changes/geoip-2025-06-30
@@ -1,3 +0,0 @@
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2025/06/30.
diff --git a/changes/geoip-2025-09-16 b/changes/geoip-2025-09-16
@@ -1,3 +0,0 @@
- o Minor features (geoip data):
- - Update the geoip files to match the IPFire Location Database,
- as retrieved on 2025/09/16.
diff --git a/changes/hsdir-interval b/changes/hsdir-interval
@@ -1,2 +0,0 @@
- o Minor features (hidden services):
- - Reduce the minimum value of hsdir_interval to match recent tor-spec change.
diff --git a/changes/logging_fix b/changes/logging_fix
@@ -1,3 +0,0 @@
- o Minor feature (padding, logging):
- - Reduce the amount of messages being logged related to channel padding
- timeout when log level is "notice".
diff --git a/changes/ticket29128 b/changes/ticket29128
@@ -1,2 +0,0 @@
- o Minor features (bridges):
- - Save complete bridge lines to 'datadir/bridgelines'. Closes ticket 29128.
diff --git a/changes/ticket41006 b/changes/ticket41006
@@ -1,8 +0,0 @@
- o Major bugfixes (onion service directory cache):
- - Preserve the download counter of an onion service descriptor across
- descriptor uploads, so that recently updated descriptors don't get
- pruned if there is memory pressure soon after update. Additionally,
- create a separate torrc option MaxHSDirCacheBytes that defaults to the
- former 20% of MaxMemInQueues threshold, but can be controlled by
- relay operators under DoS. Also enforce this theshold during HSDir
- uploads. Fixes bug 41006; bugfix on 0.4.8.14.
diff --git a/changes/ticket41037 b/changes/ticket41037
@@ -1,4 +0,0 @@
- o Minor bugfix (conflux):
- - Remove the pending nonce if we realize that the nonce of the unlinked
- circuit is not tracked anymore. Should avoid the non fatal assert
- triggered with a control port circuit event. Fixes bug 41037; bugfix on 0.4.8.15.
diff --git a/changes/ticket41041 b/changes/ticket41041
@@ -1,10 +0,0 @@
- o Minor features (security, TLS):
- - When we are running with OpenSSL 3.5.0 or later,
- support using the ML-KEM768 for post-quantum key agreement.
- Closes ticket 41041.
-
- o Minor features (performance TLS):
- - When running with with OpenSSL 3.0.0 or later,
- support using X25519 for TLS key agreement.
- (This should slightly improve performance
- for TLS session establishment.)
diff --git a/changes/ticket41051 b/changes/ticket41051
@@ -1,5 +0,0 @@
- o Major features (cell format):
- - Tor now has (unused) internal support to encode and decode
- relay messages in the new format required by our newer
- CGO encryption algorithm.
- Closes ticket 41051. Part of proposal 359.
diff --git a/changes/ticket41059 b/changes/ticket41059
@@ -1,8 +0,0 @@
- o New system requirements:
- - When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later.
- (We strongly recommend 3.0 or later, but still build with 1.1.1,
- even though it is not supported by the OpenSSL team,
- due to its presence in Debian oldstable.)
- Part of ticket 41059.
- - When built with LibreSSL, Tor now requires LibreSSL 3.7 or later.
- Part of ticket 41059.
diff --git a/changes/ticket41067 b/changes/ticket41067
@@ -1,8 +0,0 @@
- o Minor features (security):
- - Require TLS version 1.2 or later. (Version 1.3 support will
- be required in the near future.) Part of ticket 41067.
- - Update TLS 1.2 client cipher list to match current Firefox.
- Part of ticket 41067.
- - Increase the size of our finite-field Diffie Hellman TLS group
- (which we should never actually use!) to 2048 bits.
- Part of ticket 41067.
diff --git a/changes/ticket41104 b/changes/ticket41104
@@ -1,4 +0,0 @@
- o Minor bugfixes (logging, metrics port):
- - Count BUG statements for the MetricsPort only if they are warnings or
- errors. Fixes bug 41104; bugfix on 0.4.7.1-alpha. Patch contributed
- by shadowcoder.
diff --git a/changes/tls13-cipher b/changes/tls13-cipher
@@ -1,2 +0,0 @@
- o Minor feature (client, TLS):
- - Set the TLS 1.3 cipher list instead of falling back on the default value.
diff --git a/changes/torspec_272 b/changes/torspec_272
@@ -1,4 +0,0 @@
- o Minor features (hsdesc POW):
- - Tolerate multiple PoW schemes in onion service descriptors,
- for future extensibility.
- Implements torspec ticket 272.
