Log message:
tor: updated to 0.4.8.11

Changes in version 0.4.8.11 - 2024-04-10
  This is a minor release mostly to upgrade the fallbackdir list. Worth noting
  also that directory authority running this version will now automatically
  reject relays running the end of life 0.4.7.x version.

  o Minor feature (authority):
    - Reject 0.4.7.x series at the authority level. Closes ticket 40896.

  o Minor feature (dirauth, tor26):
    - New IP address and keys.

  o Minor feature (directory authority):
    - Allow BandwidthFiles "node_id" KeyValue without the dollar sign at
      the start of the hexdigit, in order to easier database queries
      combining Tor documents in which the relays fingerprint does not
      include it. Fixes bug 40891; bugfix on 0.4.7 (all supported
      versions of Tor).

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on April 10, 2024.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2024/04/10.

  o Minor bugfixes (directory authorities):
    - Add a warning when publishing a vote or signatures to another
      directory authority fails. Fixes bug 40910; bugfix
      on 0.2.0.3-alpha.

Log message:
tor: updated to 0.4.8.10

Changes in version 0.4.8.10 - 2023-12-08
  This is a security release fixing a high severity bug (TROVE-2023-007)
  affecting Exit relays supporting Conflux. We strongly recommend to update as
  soon as possible.

  o Major bugfixes (TROVE-2023-007, exit):
    - Improper error propagation from a safety check in conflux leg
      linking lead to a desynchronization of which legs were part of a
      conflux set, ultimately causing a UAF and NULL pointer dereference
      crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on December 08, 2023.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2023/12/08.

  o Minor bugfixes (bridges, statistics):
    - Correctly report statistics for client count over Pluggable
      transport. Fixes bug 40871; bugfix on 0.4.8.4

Log message:
tor: update to 0.4.8.9.

Changes in version 0.4.8.9 - 2023-11-09
  This is another security release fixing a high severity bug affecting onion
  services which is tracked by TROVE-2023-006. We are also releasing a guard
  major bugfix as well. If you are an onion service operator, we strongly
  recommend to update as soon as possible.

  o Major bugfixes (guard usage):
    - When Tor excluded a guard due to temporary circuit restrictions,
      it considered *additional* primary guards for potential usage by
      that circuit. This could result in more than the specified number
      of guards (currently 2) being used, long-term, by the tor client.
      This could happen when a Guard was also selected as an Exit node,
      but it was exacerbated by the Conflux guard restrictions. Both
      instances have been fixed. Fixes bug 40876; bugfix
      on 0.3.0.1-alpha.

  o Major bugfixes (onion service, TROVE-2023-006):
    - Fix a possible hard assert on a NULL pointer when recording a
      failed rendezvous circuit on the service side for the MetricsPort.
      Fixes bug 40883; bugfix on 0.4.8.1-alpha

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on November 09, 2023.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2023/11/09.

Log message:
tor: update to 0.4.8.8.

Changes in version 0.4.8.8 - 2023-11-03
  We are releasing today a fix for a high security issue, TROVE-2023-004, that
  is affecting relays. Also a few minor bugfixes detailed below. Please upgrade
  as soon as posssible.

  o Major bugfixes (TROVE-2023-004, relay):
    - Mitigate an issue when Tor compiled with OpenSSL can crash during
      handshake with a remote relay. Fixes bug 40874; bugfix
      on 0.2.7.2-alpha.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on November 03, 2023.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2023/11/03.

  o Minor bugfixes (directory authority):
    - Look at the network parameter "maxunmeasuredbw" with the correct
      spelling. Fixes bug 40869; bugfix on 0.4.6.1-alpha.

  o Minor bugfixes (vanguards addon support):
    - Count the conflux linked cell as valid when it is successfully
      processed. This will quiet a spurious warn in the vanguards addon.
      Fixes bug 40878; bugfix on 0.4.8.1-alpha.

Changes in version 0.4.8.7 - 2023-09-25
  This version fixes a single major bug in the Conflux subsystem on the client
  side. See below for more information. The upcoming Tor Browser 13 stable will
  pick this up.

  o Major bugfixes (conflux):
    - Fix an issue that prevented us from pre-building more conflux sets
      after existing sets had been used. Fixes bug 40862; bugfix
      on 0.4.8.1-alpha.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on September 25, 2023.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2023/09/25.

Changes in version 0.4.8.6 - 2023-09-18
  This version contains an important fix for onion service regarding congestion
  control and its reliability. Apart from that, uneeded BUG warnings have been
  suppressed especially about a compression bomb seen on relays. We strongly
  recommend, in particular onion service operators, to upgrade as soon as
  possible to this latest stable.

  o Major bugfixes (onion service):
    - Fix a reliability issue where services were expiring their
      introduction points every consensus update. This caused
      connectivity issues for clients caching the old descriptor and
      intro points. Bug reported and fixed by gitlab user
      @hyunsoo.kim676. Fixes bug 40858; bugfix on 0.4.7.5-alpha.

  o Minor features (debugging, compression):
    - Log the input and output buffer sizes when we detect a potential
      compression bomb. Diagnostic for ticket 40739.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on September 18, 2023.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2023/09/18.

  o Minor bugfix (defensive programming):
    - Disable multiple BUG warnings of a missing relay identity key when
      starting an instance of Tor compiled without relay support. Fixes
      bug 40848; bugfix on 0.4.3.1-alpha.

  o Minor bugfixes (bridge authority):
    - When reporting a pseudo-networkstatus as a bridge authority, or
      answering "ns/purpose/*" controller requests, include accurate
      published-on dates from our list of router descriptors. Fixes bug
      40855; bugfix on 0.4.8.1-alpha.

  o Minor bugfixes (compression, zstd):
    - Use less frightening language and lower the log-level of our run-
      time ABI compatibility check message in our Zstd compression
      subsystem. Fixes bug 40815; bugfix on 0.4.3.1-alpha.

Changes in version 0.4.8.5 - 2023-08-30
  Quick second release after the first stable few days ago fixing minor
  annoying bugfixes creating log BUG stacktrace. We also fix BSD compilation
  failures and PoW unit test.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on August 30, 2023.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2023/08/30.

  o Minor bugfix (NetBSD, compilation):
    - Fix compilation issue on NetBSD by avoiding an unnecessary
      dependency on "huge" page mappings in Equi-X. Fixes bug 40843;
      bugfix on 0.4.8.1-alpha.

  o Minor bugfix (NetBSD, testing):
    - Fix test failures in "crypto/hashx" and \ 
"slow/crypto/equix" on
      x86_64 and aarch64 NetBSD hosts, by adding support for
      PROT_MPROTECT() flags. Fixes bug 40844; bugfix on 0.4.8.1-alpha.

  o Minor bugfixes (conflux):
    - Demote a relay-side warn about too many legs to ProtocolWarn, as
      there are conditions that it can briefly happen during set
      construction. Also add additional set logging details for all
      error cases. Fixes bug 40841; bugfix on 0.4.8.1-alpha.
    - Prevent non-fatal assert stacktrace caused by using conflux sets
      during their teardown process. Fixes bug 40842; bugfix
      on 0.4.8.1-alpha.

Log message:
*: bump for openssl 3

Log message:
tor: remove MESSAGE

'use torbrowser' is not information that belongs in a MESSAGE

Log message:
tor: update to 0.4.8.4.

Changes in version 0.4.8.4 - 2023-08-23
  Finally, this is the very first stable release of the 0.4.8.x series making
  Proof-of-Work (prop#327) and Conflux (prop#329) available to the entire
  network. Some major bugfixes since the release candidate detailed below.

  o Major feature (denial of service):
    - Extend DoS protection to partially opened channels and known
      relays. Because re-entry is not allowed anymore, we can apply DoS
      protections onto known IP namely relays. Fixes bug 40821; bugfix
      on 0.3.5.1-alpha.

  o Major bugfixes (conflux):
    - Fix a relay-side crash caused by side effects of the fix for bug
      40827. Reverts part of that fix that caused the crash and adds
      additional log messages to help find the root cause. Fixes bug
      40834; bugfix on 0.4.8.3-rc.

  o Major bugfixes (proof of work, onion service, hashx):
    - Fix a very rare buffer overflow in hashx, specific to the dynamic
      compiler on aarch64 platforms. Fixes bug 40833; bugfix
      on 0.4.8.2-alpha.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on August 23, 2023.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2023/08/23.

  o Minor features (testing):
    - All Rust code is now linted (cargo clippy) as part of GitLab CI, and
      existing warnings have been fixed. - Any unit tests written in Rust now
      run as part of GitLab CI.

  o Minor bugfix (FreeBSD, compilation):
    - Fix compilation issue on FreeBSD by properly importing
      sys/param.h. Fixes bug 40825; bugfix on 0.4.8.1-alpha.

  o Minor bugfixes (compression):
    - Right after compression/decompression work is done, check for
      errors. Before this, we would consider compression bomb before
      that and then looking for errors leading to false positive on that
      log warning. Fixes bug 40739; bugfix on 0.3.5.1-alpha. Patch
      by "cypherpunks".

Changes in version 0.4.8.3-rc - 2023-08-04
  This is the first release candidate (and likely the only) of the 0.4.8.x
  series. We fixed a major conflux bugfix which was a fatal asserts on the
  relay Exit side. See below for more details. Couple minor bugfixes. Until
  stable, name of the game here is stabilization.

  o Major bugfixes (conflux):
    - Fix a relay-side assert crash caused by attempts to use a conflux
      circuit between circuit close and free, such that no legs were on
      the conflux set. Fixed by nulling out the stream's circuit back-
      pointer when the last leg is removed. Additional checks and log
      messages have been added to detect other cases. Fixes bug 40827;
      bugfix on 0.4.8.1-alpha.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on August 04, 2023.
    - Regenerate fallback directories generated on July 26, 2023.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2023/07/26.
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2023/08/04.

  o Minor bugfixes (compilation):
    - Fix all -Werror=enum-int-mismatch warnings. No behavior change.
      Fixes bug 40824; bugfix on 0.3.5.1-alpha.

  o Minor bugfixes (protocol warn):
    - Wrap a handful of cases where ProtocolWarning logs could emit IP
      addresses. Fixes bug 40828; bugfix on 0.3.5.1-alpha.

Changes in version 0.4.8.2-alpha - 2023-07-12
  This is our second alpha containing some minor bugfixes and one major bugfix
  about L2 vanguard rotation. We believe this will be the last alpha before the
  rc in a couple of weeks.

  o Major bugfixes (vanguards):
    - Rotate to a new L2 vanguard whenever an existing one loses the
      Stable or Fast flag. Previously, we would leave these relays in
      the L2 vanguard list but never use them, and if all of our
      vanguards end up like this we wouldn't have any middle nodes left
      to choose from so we would fail to make onion-related circuits.
      Fixes bug 40805; bugfix on 0.4.7.1-alpha.

  o Minor feature (hs):
    - Fix compiler warnings in equix and hashx when building with clang.
      Closes ticket 40800.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on July 12, 2023.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2023/07/12.

  o Minor bugfix (congestion control):
    - Reduce the accepted range of a circuit's negotiated 'cc_sendme_inc'
      to be +/- 1 from the consensus parameter value. Fixes bug 40569;
      bugfix on 0.4.7.4-alpha.
    - Remove unused congestion control algorithms and BDP calculation
      code, now that we have settled on and fully tuned Vegas. Fixes bug
      40566; bugfix on 0.4.7.4-alpha.
    - Update default congestion control parameters to match consensus.
      Fixes bug 40709; bugfix on 0.4.7.4-alpha.

  o Minor bugfixes (compilation):
    - Fix "initializer is not a constant" compilation error that
      manifests itself on gcc versions < 8.1 and MSVC. Fixes bug 40773;
      bugfix on 0.4.8.1-alpha

  o Minor bugfixes (conflux):
    - Count leg launch attempts prior to attempting to launch them. This
      avoids inifinite launch attempts due to internal circuit building
      failures. Additionally, double-check that we have enough exits in
      our consensus overall, before attempting to launch conflux sets.
      Fixes bug 40811; bugfix on 0.4.8.1-alpha.
    - Fix a case where we were resuming reading on edge connections that
      were already marked for close. Fixes bug 40801; bugfix
      on 0.4.8.1-alpha.
    - Fix stream attachment order when creating conflux circuits, so
      that stream attachment happens after finishing the full link
      handshake, rather than upon set finalization. Fixes bug 40801;
      bugfix on 0.4.8.1-alpha.
    - Handle legs being closed or destroyed before computing an RTT
      (resulting in warns about too many legs). Fixes bug 40810; bugfix
      on 0.4.8.1-alpha.
    - Remove a "BUG" warning from conflux_pick_first_leg that can be
      triggered by broken or malicious clients. Fixes bug 40801; bugfix
      on 0.4.8.1-alpha.

  o Minor bugfixes (KIST):
    - Prevent KISTSchedRunInterval from having values of 0 or 1, neither
      of which work properly. Additionally, make a separate
      KISTSchedRunIntervalClient parameter, so that the client and relay
      KIST values can be set separately. Set the default of both to 2ms.
      Fixes bug 40808; bugfix on 0.3.2.1-alpha.

Changes in version 0.4.8.1-alpha - 2023-06-01
  This is the first alpha of the 0.4.8.x series. Two major features in this
  version which are Conflux and onion service Proof-of-Work (PoW). There are
  also many small features in particular, worth noting, the MetricsPort is now
  exporting more relay and onion service metrics. Finally, there are
  also numerous minor bugfixes included in this version.

  o Major features (onion service, proof-of-work):
    - Implement proposal 327 (Proof-Of-Work). This is aimed at thwarting
      introduction flooding DoS attacks by introducing a dynamic Proof-Of-Work
      protocol that occurs over introduction circuits. This introduces several
      torrc options prefixed with "HiddenServicePoW" in order to \ 
control this
      feature. By default, this is disabled. Closes ticket 40634.

  o Major features (conflux):
    - Implement Proposal 329 (conflux traffic splitting). Conflux splits
      traffic across two circuits to Exits that support the protocol.
      These circuits are pre-built only, which means that if the pre-
      built conflux pool runs out, regular circuits will then be used.
      When using conflux circuit pairs, clients choose the lower-latency
      circuit to send data to the Exit. When the Exit sends data to the
      client, it maximizes throughput, by fully utilizing both circuits
      in a multiplexed fashion. Alternatively, clients can request that
      the Exit optimize for latency when transmitting to them, by
      setting the torrc option 'ConfluxClientUX latency'. Onion services
      are not currently supported, but will be in arti. Many other
      future optimizations will also be possible using this protocol.
      Closes ticket 40593.

  o Major features (dirauth):
    - Directory authorities and relays now interact properly with
      directory authorities if they change addresses. In the past, they
      would continue to upload votes, signatures, descriptors, etc to
      the hard-coded address in the configuration. Now, if the directory
      authority is listed in the consensus at a different address, they
      will direct queries to this new address. Implements ticket 40705.

  o Minor feature (CI):
    - Update CI to use Debian Bullseye for runners.

  o Minor feature (client, IPv6):
    - Make client able to pick IPv6 relays by default now meaning
      ClientUseIPv6 option now defaults to 1. Closes ticket 40785.

  o Minor feature (compilation):
    - Fix returning something other than "Unknown N/A" as libc version
      if we build tor on an O.S. like DragonFlyBSD, FreeBSD, OpenBSD
      or NetBSD.

  o Minor feature (cpuworker):
    - Always use the number of threads for our CPU worker pool to the
      number of core available but cap it to a minimum of 2 in case of a
      single core. Fixes bug 40713; bugfix on 0.3.5.1-alpha.

  o Minor feature (lzma):
    - Fix compiler warnings for liblzma >= 5.3.1. Closes ticket 40741.

  o Minor feature (MetricsPort, relay):
    - Expose time until online keys expires on the MetricsPort. Closes
      ticket 40546.

  o Minor feature (MetricsPort, relay, onion service):
    - Add metrics for the relay side onion service interactions counting
      seen cells. Closes ticket 40797. Patch by "friendly73".

  o Minor features (directory authorities):
    - Directory authorities now include their AuthDirMaxServersPerAddr
      config option in the consensus parameter section of their vote.
      Now external tools can better predict how they will behave.
      Implements ticket 40753.

  o Minor features (directory authority):
    - Add a new consensus method in which the "published" times on
      router entries in a microdesc consensus are all set to a
      meaningless fixed date. Doing this will make the download size for
      compressed microdesc consensus diffs much smaller. Part of ticket
      40130; implements proposal 275.

  o Minor features (network documents):
    - Clients and relays no longer track the "published on" time
      declared for relays in any consensus documents. When reporting
      this time on the control port, they instead report a fixed date in
      the future. Part of ticket 40130.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on June 01, 2023.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2023/06/01.

  o Minor features (hs, metrics):
    - Add tor_hs_rend_circ_build_time and tor_hs_intro_circ_build_time
      histograms to measure hidden service rend/intro circuit build time
      durations. Part of ticket 40757.

  o Minor features (metrics):
    - Add a `reason` label to the HS error metrics. Closes ticket 40758.
    - Add service side metrics for REND and introduction request
      failures. Closes ticket 40755.
    - Add support for histograms. Part of ticket 40757.

  o Minor features (pluggable transports):
    - Automatically restart managed Pluggable Transport processes when
      their process terminate. Resolves ticket 33669.

  o Minor features (portability, compilation):
    - Use OpenSSL 1.1 APIs for LibreSSL, fixing LibreSSL 3.5
      compatibility. Fixes issue 40630; patch by Alex Xu (Hello71).

  o Minor features (relay):
    - Do not warn about configuration options that may expose a non-
      anonymous onion service. Closes ticket 40691.

  o Minor features (relays):
    - Trigger OOS when bind fails with EADDRINUSE. This improves
      fairness when a large number of exit connections are requested,
      and properly signals exhaustion to the network. Fixes issue 40597;
      patch by Alex Xu (Hello71).

  o Minor features (tests):
    - Avoid needless key reinitialization with OpenSSL during unit
      tests, saving significant time. Patch from Alex Xu.

  o Minor bugfix (relay, logging):
    - The wrong max queue cell size was used in a protocol warning
      logging statement. Fixes bug 40745; bugfix on 0.4.7.1-alpha.

  o Minor bugfixes (logging):
    - Avoid ""double-quoting"" strings in several log \ 
messages. Fixes
      bug 22723; bugfix on 0.1.2.2-alpha.
    - Correct a log message when cleaning microdescriptors. Fixes bug
      40619; bugfix on 0.2.5.4-alpha.

  o Minor bugfixes (metrics):
    - Decrement hs_intro_established_count on introduction circuit
      close. Fixes bug 40751; bugfix on 0.4.7.12.

  o Minor bugfixes (pluggable transports, windows):
    - Remove a warning `BUG()` that could occur when attempting to
      execute a non-existing pluggable transport on Windows. Fixes bug
      40596; bugfix on 0.4.0.1-alpha.

  o Minor bugfixes (relay):
    - Remove a "BUG" warning for an acceptable race between a circuit
      close and considering that circuit active. Fixes bug 40647; bugfix
      on 0.3.5.1-alpha.
    - Remove a harmless "Bug" log message that can happen in
      relay_addr_learn_from_dirauth() on relays during startup. Finishes
      fixing bug 40231. Fixes bug 40523; bugfix on 0.4.5.4-rc.

  o Minor bugfixes (sandbox):
    - Allow membarrier for the sandbox. And allow rt_sigprocmask when
      compiled with LTTng. Fixes bug 40799; bugfix on 0.3.5.1-alpha.
    - Fix sandbox support on AArch64 systems. More "*at" variants of
      syscalls are now supported. Signed 32 bit syscall parameters are
      checked more precisely, which should lead to lower likelihood of
      breakages with future compiler and libc releases. Fixes bug 40599;
      bugfix on 0.4.4.3-alpha.

  o Minor bugfixes (state file):
    - Avoid a segfault if the state file doesn't contains TotalBuildTimes
      along CircuitBuildAbandonedCount being above 0. Fixes bug 40437;
      bugfix on 0.3.5.1-alpha.

  o Removed features:
    - Remove the RendPostPeriod option. This was primarily used in
      Version 2 Onion Services and after its deprecation isn't needed
      anymore. Closes ticket 40431. Patch by Neel Chauhan.

Log message:
Mass-change BUILD_DEPENDS to TOOL_DEPENDS outside mk/.

Almost all uses, if not all of them, are wrong, according to the
semantics of BUILD_DEPENDS (packages built for target available for
use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for
host available for use _as_ tools at build-time).

No change to BUILD_DEPENDS as used correctly inside buildlink3.

As proposed on tech-pkg:
https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html

Log message:
*: recursive bump for perl 5.36

Log message:
tor: update to 0.4.7.8.

Changes in version 0.4.7.8 - 2022-06-17
  This version fixes several bugfixes including a High severity security issue
  categorized as a Denial of Service. Everyone running an earlier version
  should upgrade to this version.

  o Major bugfixes (congestion control, TROVE-2022-001):
    - Fix a scenario where RTT estimation can become wedged, seriously
      degrading congestion control performance on all circuits. This
      impacts clients, onion services, and relays, and can be triggered
      remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes
      bug 40626; bugfix on 0.4.7.5-alpha.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on June 17, 2022.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2022/06/17.

  o Minor bugfixes (linux seccomp2 sandbox):
    - Allow the rseq system call in the sandbox. This solves a crash
      issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug
      40601; bugfix on 0.3.5.11.

  o Minor bugfixes (logging):
    - Demote a harmless warn log message about finding a second hop to
      from warn level to info level, if we do not have enough
      descriptors yet. Leave it at notice level for other cases. Fixes
      bug 40603; bugfix on 0.4.7.1-alpha.
    - Demote a notice log message about "Unexpected path length" to info
      level. These cases seem to happen arbitrarily, and we likely will
      never find all of them before the switch to arti. Fixes bug 40612;
      bugfix on 0.4.7.5-alpha.

  o Minor bugfixes (relay, logging):
    - Demote a harmless XOFF log message to from notice level to info
      level. Fixes bug 40620; bugfix on 0.4.7.5-alpha.