commit d6b3c7f75f0c131faf97ee0744a14eb3d620117f
parent 5bf1eeaf6d9d850b792a2501133b476d85e0184e
Author: Roger Dingledine <arma@torproject.org>
Date: Sun, 11 Jan 2026 16:43:35 -0500
forward-port 0.4.8 changelogs plus recent fixes
Diffstat:
| M | ChangeLog | | | 159 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------- |
| M | ReleaseNotes | | | 165 | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------- |
2 files changed, 283 insertions(+), 41 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,83 @@
+Changes in version 0.4.8.21 - 2025-11-17
+ This release is a continuation of the previous one and addresses additional
+ Conflux-related issues identified through further testing and feedback from
+ relay operators. We strongly recommend upgrading as soon as possible.
+
+ o Major bugfixes (conflux, exit):
+ - When dequeuing out-of-order conflux cells, the circuit could be
+ closed in between two dequeues, which could lead to mishandling
+ a NULL pointer. Fixes bug 41162; bugfix on 0.4.8.4.
+
+ o Minor feature (compiler flag):
+ - Add -mbranch-protection=standard for arm64.
+
+ o Minor features (fallbackdir):
+ - Regenerate fallback directories generated on November 17, 2025.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2025/11/17.
+
+ o Minor bugfixes (bridges, pluggable transport):
+ - Fix a bug causing the initial tor process to hang instead of
+ exiting with RunAsDaemon, when pluggable transports are used.
+ Fixes bug 41088; bugfix on 0.4.8.1-alpha.
+
+
+Changes in version 0.4.8.20 - 2025-11-10
+ This release fixes several bugs related to Conflux edge cases as well as
+ adding a new hardening compiler flag if supported.
+
+ o Minor feature (compiler flag):
+ - Add -fcf-protection=full if supported by the compiler.
+ Implements ticket 41139.
+
+ o Minor features (fallbackdir):
+ - Regenerate fallback directories generated on November 10, 2025.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2025/11/10.
+
+ o Minor bugfixes (conflux fragile asserts):
+ - Fix the root cause of some conflux fragile asserts when a control
+ port listener is attached. Fixes bug 41037; bugfix on 0.4.8.16.
+
+ o Minor bugfixes (conflux, relay):
+ - Fix a series of conflux edge cases about sequence number
+ arithmetic and OOM handler kicking in under heavy memory pressure.
+ Fixes bug 41155; bugfix on 0.4.8.4.
+
+
+Changes in version 0.4.8.19 - 2025-10-06
+ This release provides major bugfixes for a LibreSSL issue and a flow control
+ C-tor specific problem (not protocol). We strongly recommend you upgrade as
+ soon as possible.
+
+ o Major bugfixes (client, TLS):
+ - Fix some clients not being able to connect to LibreSSL relays.
+ Fixes bug 41134; bugfix on 0.4.8.17.
+
+ o Minor bugfixes (stream flow control performance):
+ - Use a 5 ms grace period to allow an edge connection to flush its
+ stream data to the socket before sending an XOFF. This
+ significantly reduces the number of XON/XOFF messages sent when
+ (1) the application is reading stream data at a fast rate, and (2)
+ conflux is enabled. Fixes part of bug 41130; bugfix on 0.4.7.2-alpha.
+
+ o Minor features (fallbackdir):
+ - Regenerate fallback directories generated on October 06, 2025.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2025/10/06.
+
+ o Minor bugfix (process):
+ - Avoid closing all possible FDs when spawning a process (PT). On
+ some systems, this could lead to 3+ minutes hang. Fixes bug 40990;
+ bugfix on 0.3.5.1-alpha.
+
+
Changes in version 0.4.9.3-alpha - 2025-09-16
This is the third alpha release and likely the last before going stable.
This release contains the new CGO circuit encryption. See proposal 359 for
@@ -137,6 +217,44 @@ Changes in version 0.4.9.3-alpha - 2025-09-16
0.2.3.6-alpha). Part of ticket 41031.
+Changes in version 0.4.8.18 - 2025-09-16
+ This is a minor release with a major onion service directory cache (HSDir)
+ bug fix. A series of minor bugfixes as well. As always, we strongly recommend
+ to upgrade as soon as possible.
+
+ o Major bugfixes (onion service directory cache):
+ - Preserve the download counter of an onion service descriptor
+ across descriptor uploads, so that recently updated descriptors
+ don't get pruned if there is memory pressure soon after update.
+ Additionally, create a separate torrc option MaxHSDirCacheBytes
+ that defaults to the former 20% of MaxMemInQueues threshold, but
+ can be controlled by relay operators under DoS. Also enforce this
+ threshold during HSDir uploads. Fixes bug 41006; bugfix
+ on 0.4.8.14.
+
+ o Minor feature (padding, logging):
+ - Reduce the amount of messages being logged related to channel
+ padding timeout when log level is "notice".
+
+ o Minor features (fallbackdir):
+ - Regenerate fallback directories generated on September 16, 2025.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2025/09/16.
+
+ o Minor bugfix (conflux):
+ - Remove the pending nonce if we realize that the nonce of the
+ unlinked circuit is not tracked anymore. Should avoid the non
+ fatal assert triggered with a control port circuit event. Fixes
+ bug 41037; bugfix on 0.4.8.15.
+
+ o Minor bugfixes (circuit handling):
+ - Prevent circuit_mark_for_close() from being called twice on the
+ same circuit. Second fix attempt Fixes bug 41106; bugfix
+ on 0.4.8.17.
+
+
Changes in version 0.4.8.17 - 2025-06-30
This is a minor providing a series of minor features especially in the realm
of TLS. It also brings a new set of recommended and required sub protocols.
@@ -346,9 +464,8 @@ Changes in version 0.4.9.2-alpha - 2025-04-02
Changes in version 0.4.8.16 - 2025-03-24
- This is quick second release since 0.4.8.15 due to a typo in a directory
- authority rule file. This only affects directory authorities. Regardless,
- upgrading to latest stable is always desired.
+ This is a quick second release since 0.4.8.15 due to a typo in a directory
+ authority rule file. This only affects directory authorities.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
@@ -356,13 +473,13 @@ Changes in version 0.4.8.16 - 2025-03-24
o Minor bugfix (dirauth):
- Fix typo in flag assignment approved-routers file. Fixes bug
- 41035; bugfix on 0.4.8.15
+ 41035; bugfix on 0.4.8.15.
Changes in version 0.4.8.15 - 2025-03-20
This is a minor release fixing a sandbox issue for bandwidth authority and a
conflux issue on the control port. It also has a client fix about relay flag
- usage. We strongly recommend to update as soon as possible as usual.
+ usage.
o Minor feature (testing, CI):
- Use a fixed version of chutney (be881a1e) instead of its current
@@ -380,18 +497,18 @@ Changes in version 0.4.8.15 - 2025-03-20
retrieved on 2025/03/20.
o Minor bugfixes (control port):
- - Correctly report conflux pair information to controller fields
- Fixes bug 40872; bugfix on 0.4.8.1-alpha
+ - Correctly report conflux pair information to controller fields.
+ Fixes bug 40872; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (relay flag usage):
- Fix client usage of the MiddleOnly flag so that MiddleOnly relays
are not used as HS IP or RP by clients or services. Additionally,
give dirauths the ability to remove specific flags, as an
- alternative to MiddleOnly. Fixes bug 41023; bugfix on 0.4.7.2-alpha
+ alternative to MiddleOnly. Fixes bug 41023; bugfix on 0.4.7.2-alpha.
o Minor bugfixes (sandbox, bwauth):
- Fix sandbox to work for bandwidth authority. Fixes bug 40933;
- bugfix on 0.2.2.1-alpha
+ bugfix on 0.2.2.1-alpha.
Changes in version 0.4.8.14 - 2025-02-05
@@ -556,8 +673,8 @@ Changes in version 0.4.9.1-alpha - 2024-12-03
Changes in version 0.4.8.13 - 2024-10-24
- This is minor release fixing an important client circuit building (Conflux
- related) bug which lead to performance degradation and extra load on the
+ This minor release fixes an important client circuit building (conflux
+ related) bug which led to performance degradation and extra load on the
network. Some minor memory leaks fixes as well as an important minor feature
for pluggable transports. We strongly recommend to update as soon as possible
for clients in order to neutralize this conflux bug.
@@ -570,7 +687,7 @@ Changes in version 0.4.8.13 - 2024-10-24
which added overall load to the network, used bandwidth and
battery from clients that weren't actively using their Tor, and
kept sockets open on guards which added connection padding
- essentially forever. Fixes bug 40981; bugfix on 0.4.8.1-alpha;
+ essentially forever. Fixes bug 40981; bugfix on 0.4.8.1-alpha.
o Minor feature (bridges, pluggable transport):
- Add STATUS TYPE=version handler for Pluggable Transport. This
@@ -630,7 +747,11 @@ Changes in version 0.4.8.11 - 2024-04-10
o Minor features (directory authorities):
- Reject 0.4.7.x series at the authority level. Closes ticket 40896.
- - New IP address and keys for tor26.
+
+ o Minor feature (dirauth, tor26):
+ - New IP address and keys.
+
+ o Minor feature (directory authority):
- Allow BandwidthFiles "node_id" KeyValue without the dollar sign at
the start of the hexdigit, in order to easier database queries
combining Tor documents in which the relays fingerprint does not
@@ -646,7 +767,8 @@ Changes in version 0.4.8.11 - 2024-04-10
o Minor bugfixes (directory authorities):
- Add a warning when publishing a vote or signatures to another
- directory authority fails. Fixes bug 40910; bugfix on 0.2.0.3-alpha.
+ directory authority fails. Fixes bug 40910; bugfix
+ on 0.2.0.3-alpha.
Changes in version 0.4.8.10 - 2023-12-08
@@ -747,11 +869,10 @@ Changes in version 0.4.8.7 - 2023-09-25
Changes in version 0.4.8.6 - 2023-09-18
- This version contains an important fix for onion service regarding congestion
- control and its reliability. Apart from that, unneeded BUG warnings have been
- suppressed especially about a compression bomb seen on relays. We strongly
- recommend, in particular onion service operators, to upgrade as soon as
- possible to this latest stable.
+ This version contains an important fix for onion services regarding
+ congestion control and its reliability. Apart from that, unneeded BUG
+ warnings have been suppressed especially about a compression bomb seen
+ on relays.
o Major bugfixes (onion service):
- Fix a reliability issue where services were expiring their
diff --git a/ReleaseNotes b/ReleaseNotes
@@ -2,6 +2,124 @@ This document summarizes new features and bugfixes in each stable
release of Tor. If you want to see more detailed descriptions of the
changes in each development snapshot, see the ChangeLog file.
+Changes in version 0.4.8.21 - 2025-11-17
+ This release is a continuation of the previous one and addresses additional
+ Conflux-related issues identified through further testing and feedback from
+ relay operators. We strongly recommend upgrading as soon as possible.
+
+ o Major bugfixes (conflux, exit):
+ - When dequeuing out-of-order conflux cells, the circuit could be
+ closed in between two dequeues, which could lead to mishandling
+ a NULL pointer. Fixes bug 41162; bugfix on 0.4.8.4.
+
+ o Minor feature (compiler flag):
+ - Add -mbranch-protection=standard for arm64.
+
+ o Minor features (fallbackdir):
+ - Regenerate fallback directories generated on November 17, 2025.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2025/11/17.
+
+ o Minor bugfixes (bridges, pluggable transport):
+ - Fix a bug causing the initial tor process to hang instead of
+ exiting with RunAsDaemon, when pluggable transports are used.
+ Fixes bug 41088; bugfix on 0.4.8.1-alpha.
+
+
+Changes in version 0.4.8.20 - 2025-11-10
+ This release fixes several bugs related to Conflux edge cases as well as
+ adding a new hardening compiler flag if supported.
+
+ o Minor feature (compiler flag):
+ - Add -fcf-protection=full if supported by the compiler.
+ Implements ticket 41139.
+
+ o Minor features (fallbackdir):
+ - Regenerate fallback directories generated on November 10, 2025.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2025/11/10.
+
+ o Minor bugfixes (conflux fragile asserts):
+ - Fix the root cause of some conflux fragile asserts when a control
+ port listener is attached. Fixes bug 41037; bugfix on 0.4.8.16.
+
+ o Minor bugfixes (conflux, relay):
+ - Fix a series of conflux edge cases about sequence number
+ arithmetic and OOM handler kicking in under heavy memory pressure.
+ Fixes bug 41155; bugfix on 0.4.8.4.
+
+
+Changes in version 0.4.8.19 - 2025-10-06
+ This release provides major bugfixes for a LibreSSL issue and a flow control
+ C-tor specific problem (not protocol). We strongly recommend you upgrade as
+ soon as possible.
+
+ o Major bugfixes (client, TLS):
+ - Fix some clients not being able to connect to LibreSSL relays.
+ Fixes bug 41134; bugfix on 0.4.8.17.
+
+ o Minor bugfixes (stream flow control performance):
+ - Use a 5 ms grace period to allow an edge connection to flush its
+ stream data to the socket before sending an XOFF. This
+ significantly reduces the number of XON/XOFF messages sent when
+ (1) the application is reading stream data at a fast rate, and (2)
+ conflux is enabled. Fixes part of bug 41130; bugfix on 0.4.7.2-alpha.
+
+ o Minor features (fallbackdir):
+ - Regenerate fallback directories generated on October 06, 2025.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2025/10/06.
+
+ o Minor bugfix (process):
+ - Avoid closing all possible FDs when spawning a process (PT). On
+ some systems, this could lead to 3+ minutes hang. Fixes bug 40990;
+ bugfix on 0.3.5.1-alpha.
+
+
+Changes in version 0.4.8.18 - 2025-09-16
+ This is a minor release with a major onion service directory cache (HSDir)
+ bug fix. A series of minor bugfixes as well. As always, we strongly recommend
+ to upgrade as soon as possible.
+
+ o Major bugfixes (onion service directory cache):
+ - Preserve the download counter of an onion service descriptor
+ across descriptor uploads, so that recently updated descriptors
+ don't get pruned if there is memory pressure soon after update.
+ Additionally, create a separate torrc option MaxHSDirCacheBytes
+ that defaults to the former 20% of MaxMemInQueues threshold, but
+ can be controlled by relay operators under DoS. Also enforce this
+ threshold during HSDir uploads. Fixes bug 41006; bugfix
+ on 0.4.8.14.
+
+ o Minor feature (padding, logging):
+ - Reduce the amount of messages being logged related to channel
+ padding timeout when log level is "notice".
+
+ o Minor features (fallbackdir):
+ - Regenerate fallback directories generated on September 16, 2025.
+
+ o Minor features (geoip data):
+ - Update the geoip files to match the IPFire Location Database, as
+ retrieved on 2025/09/16.
+
+ o Minor bugfix (conflux):
+ - Remove the pending nonce if we realize that the nonce of the
+ unlinked circuit is not tracked anymore. Should avoid the non
+ fatal assert triggered with a control port circuit event. Fixes
+ bug 41037; bugfix on 0.4.8.15.
+
+ o Minor bugfixes (circuit handling):
+ - Prevent circuit_mark_for_close() from being called twice on the
+ same circuit. Second fix attempt Fixes bug 41106; bugfix
+ on 0.4.8.17.
+
+
Changes in version 0.4.8.17 - 2025-06-30
This is a minor providing a series of minor features especially in the realm
of TLS. It also brings a new set of recommended and required sub protocols.
@@ -73,9 +191,8 @@ Changes in version 0.4.8.17 - 2025-06-30
Changes in version 0.4.8.16 - 2025-03-24
- This is quick second release since 0.4.8.15 due to a typo in a directory
- authority rule file. This only affects directory authorities. Regardless,
- upgrading to latest stable is always desired.
+ This is a quick second release since 0.4.8.15 due to a typo in a directory
+ authority rule file. This only affects directory authorities.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
@@ -83,13 +200,13 @@ Changes in version 0.4.8.16 - 2025-03-24
o Minor bugfix (dirauth):
- Fix typo in flag assignment approved-routers file. Fixes bug
- 41035; bugfix on 0.4.8.15
+ 41035; bugfix on 0.4.8.15.
Changes in version 0.4.8.15 - 2025-03-20
This is a minor release fixing a sandbox issue for bandwidth authority and a
conflux issue on the control port. It also has a client fix about relay flag
- usage. We strongly recommend to update as soon as possible as usual.
+ usage.
o Minor feature (testing, CI):
- Use a fixed version of chutney (be881a1e) instead of its current
@@ -107,18 +224,18 @@ Changes in version 0.4.8.15 - 2025-03-20
retrieved on 2025/03/20.
o Minor bugfixes (control port):
- - Correctly report conflux pair information to controller fields
- Fixes bug 40872; bugfix on 0.4.8.1-alpha
+ - Correctly report conflux pair information to controller fields.
+ Fixes bug 40872; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (relay flag usage):
- Fix client usage of the MiddleOnly flag so that MiddleOnly relays
are not used as HS IP or RP by clients or services. Additionally,
give dirauths the ability to remove specific flags, as an
- alternative to MiddleOnly. Fixes bug 41023; bugfix on 0.4.7.2-alpha
+ alternative to MiddleOnly. Fixes bug 41023; bugfix on 0.4.7.2-alpha.
o Minor bugfixes (sandbox, bwauth):
- Fix sandbox to work for bandwidth authority. Fixes bug 40933;
- bugfix on 0.2.2.1-alpha
+ bugfix on 0.2.2.1-alpha.
Changes in version 0.4.8.14 - 2025-02-05
@@ -150,8 +267,8 @@ Changes in version 0.4.8.14 - 2025-02-05
Changes in version 0.4.8.13 - 2024-10-24
- This is minor release fixing an important client circuit building (Conflux
- related) bug which lead to performance degradation and extra load on the
+ This minor release fixes an important client circuit building (conflux
+ related) bug which led to performance degradation and extra load on the
network. Some minor memory leaks fixes as well as an important minor feature
for pluggable transports. We strongly recommend to update as soon as possible
for clients in order to neutralize this conflux bug.
@@ -164,7 +281,7 @@ Changes in version 0.4.8.13 - 2024-10-24
which added overall load to the network, used bandwidth and
battery from clients that weren't actively using their Tor, and
kept sockets open on guards which added connection padding
- essentially forever. Fixes bug 40981; bugfix on 0.4.8.1-alpha;
+ essentially forever. Fixes bug 40981; bugfix on 0.4.8.1-alpha.
o Minor feature (bridges, pluggable transport):
- Add STATUS TYPE=version handler for Pluggable Transport. This
@@ -224,7 +341,11 @@ Changes in version 0.4.8.11 - 2024-04-10
o Minor features (directory authorities):
- Reject 0.4.7.x series at the authority level. Closes ticket 40896.
- - New IP address and keys for tor26.
+
+ o Minor feature (dirauth, tor26):
+ - New IP address and keys.
+
+ o Minor feature (directory authority):
- Allow BandwidthFiles "node_id" KeyValue without the dollar sign at
the start of the hexdigit, in order to easier database queries
combining Tor documents in which the relays fingerprint does not
@@ -240,7 +361,8 @@ Changes in version 0.4.8.11 - 2024-04-10
o Minor bugfixes (directory authorities):
- Add a warning when publishing a vote or signatures to another
- directory authority fails. Fixes bug 40910; bugfix on 0.2.0.3-alpha.
+ directory authority fails. Fixes bug 40910; bugfix
+ on 0.2.0.3-alpha.
Changes in version 0.4.8.10 - 2023-12-08
@@ -341,11 +463,10 @@ Changes in version 0.4.8.7 - 2023-09-25
Changes in version 0.4.8.6 - 2023-09-18
- This version contains an important fix for onion service regarding congestion
- control and its reliability. Apart from that, unneeded BUG warnings have been
- suppressed especially about a compression bomb seen on relays. We strongly
- recommend, in particular onion service operators, to upgrade as soon as
- possible to this latest stable.
+ This version contains an important fix for onion services regarding
+ congestion control and its reliability. Apart from that, unneeded BUG
+ warnings have been suppressed especially about a compression bomb seen
+ on relays.
o Major bugfixes (onion service):
- Fix a reliability issue where services were expiring their
@@ -491,8 +612,8 @@ Changes in version 0.4.8.4 - 2023-08-23
o Minor features (testing):
- All Rust code is now linted (cargo clippy) as part of GitLab CI, and
- existing warnings have been fixed. - Any unit tests written in Rust now
- run as part of GitLab CI.
+ existing warnings have been fixed.
+ - Any unit tests written in Rust now run as part of GitLab CI.
o Minor feature (CI):
- Update CI to use Debian Bullseye for runners.
@@ -1293,7 +1414,7 @@ Changes in version 0.4.7.7 - 2022-04-27
Exit, Guard, HSDir, and V2Dir; and in favor of BadExit. Implements
part of proposal 335. Based on a patch from Neel Chauhan.
- o Major features (Proposal 332, onion services, guard selection algorithm):
+ o Major features (Proposal 333, onion services, guard selection algorithm):
- Clients and onion services now choose four long-lived "layer 2"
guard relays for use as the middle hop in all onion circuits.
These relays are kept in place for a randomized duration averaging
