| Message ID | faa5e0fb-55a5-413f-a8d1-fe878583afe9@ipfire.org |
|---|---|
| State | Staged |
| Commit | af0cb1d3e11826bcf3adec04fd18afa38450f653 |
| Headers |
Return-Path: <development+bounces-2113-patchwork=ipfire.org@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1 raw public key) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4gBL6w4CZ6z3wbB for <patchwork@web04.haj.ipfire.org>; Thu, 07 May 2026 18:16:40 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [IPv6:2001:678:b28::201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519) (Client CN "mail02.haj.ipfire.org", Issuer "E8" (not verified)) by mail01.ipfire.org (Postfix) with ESMTPS id 4gBL6v5nsRz5hP for <patchwork@ipfire.org>; Thu, 07 May 2026 18:16:39 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [IPv6:::1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4gBL6v51Srz2y6G for <patchwork@ipfire.org>; Thu, 07 May 2026 18:16:39 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [IPv6:2001:678:b28::25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (secp384r1 raw public key) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R12" (not verified)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4gBL6s0gwNz2xQT for <development@lists.ipfire.org>; Thu, 07 May 2026 18:16:37 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4gBL6p6jwWz1yW for <development@lists.ipfire.org>; Thu, 07 May 2026 18:16:34 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1778177795; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=n0DYy5Jifp1tk5DcwhQr9rROnV6OAk2dKpeR0TPCdAw=; b=e/yIFoY1PbRxd/XghMEHt8Zc0R7m/hCbRo3VQ1V71Tn3ueJUOU1NBOvNGsjnQ9qQIe7slA mSZ/jqjgXeGEO6BA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1778177795; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=n0DYy5Jifp1tk5DcwhQr9rROnV6OAk2dKpeR0TPCdAw=; b=UEqe4WQrbp9HSvEgzoFfFL0Q3B8Jc39dyOqSqO0vlvQEiA853ekqqmZkA5VDRq3M1to1eo jgE8TxoOLjkk7yXTUhrQLQx5d1CBxZD3dhVxZu3FpLKPAXAYLnz0PGCODLUCphMAHhFCpb vLF2pVhPflqliI6kW82Cx+5Bc/CVUE5b6xXTI3pCvCzWGCQ5gAmouqAs/70VUmPrDCcLP2 omVw5BuSg1NhWK7q2/LLIluTku3GXl/V7m+c4QoQmpsN2kSEGxpACZxnzU0ojVfCxJU3u1 ARFCf4xhaVIrrlH3AaqExNutRHoTnsZ5FGbjcpZINwiB6vJLkQzfiChrlmMYaA== Message-ID: <faa5e0fb-55a5-413f-a8d1-fe878583afe9@ipfire.org> Date: Thu, 7 May 2026 18:16:00 +0000 Precedence: list List-Id: <development.lists.ipfire.org> List-Subscribe: <https://lists.ipfire.org/>, <mailto:development+subscribe@lists.ipfire.org?subject=subscribe> List-Unsubscribe: <https://lists.ipfire.org/>, <mailto:development+unsubscribe@lists.ipfire.org?subject=unsubscribe> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development+help@lists.ipfire.org?subject=help> Sender: <development@lists.ipfire.org> Mail-Followup-To: <development@lists.ipfire.org> MIME-Version: 1.0 To: "IPFire: Development" <development@lists.ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org> Subject: [PATCH] Tor: Update to 0.4.9.7 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit |
| Series |
Tor: Update to 0.4.9.7
|
|
Commit Message
Peter Müller
7 May 2026, 6:16 p.m. UTC
Changes in version 0.4.9.7 - 2026-05-06
This is a security release fixing several major bugfixes that were reported
in the past weeks. Huge thanks to everyone that reported these issues! We
strongly recommend upgrading as soon as possible.
o Major bugfixes (cell handling):
- Fix out-of-bounds read (OOB) when END, TRUNCATE and TRUNCATED cell
have no reason in their payload. TROVE-2026-011. Found by Found by
Brian Carpenter (geeknik). Fixes bug 41254; bugfix
on 0.1.1.1-alpha.
o Major bugfixes (conflux):
- Do not attempt or accept BEGIN_DIR via conflux legs. TROVE-2026-
008. Credit to Anas Cherni from Calif.io in collaboration with
Claude and Anthropic Research. Fixes bug 41243; bugfix
on 0.4.8.1-alpha.
o Major bugfixes (conflux, relay):
- Adjust conflux out-of-order queue accounting when clearing a
queue. TROVE-2026-010. Found by aptupdate. Fixes bug 41251; bugfix
on 0.4.8.1-alpha.
o Major bugfixes (pathbias):
- Fix a client-side crash caused by double-close of a circuit while
under circuit queue memory pressure. TROVE-2026-009. Found by
cypherpunks. Fixes bug 41237; bugfix on 0.3.3.6-rc.
o Major bugfixes (relay):
- Fix null pointer dereference when receiving a CERT cell out of
order. TROVE-2026-006. Found by Fwame. Fixes bug 41240; bugfix
on 0.2.4.4-alpha.
o Major bugfixes (relay, onion service):
- Fix off-by-one out-of-bounds read if a malformed BEGIN cell is
received. TROVE-2026-007. Found by Flanagan. Fixes bug 41245;
bugfix on 0.2.4.7-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on May 06, 2026.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2026/05/06.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
lfs/tor | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Comments
Reviewed-by: Adolf Belka <adolf.belka@ipfire.org> On 07/05/2026 20:16, Peter Müller wrote: > Changes in version 0.4.9.7 - 2026-05-06 > This is a security release fixing several major bugfixes that were reported > in the past weeks. Huge thanks to everyone that reported these issues! We > strongly recommend upgrading as soon as possible. > > o Major bugfixes (cell handling): > - Fix out-of-bounds read (OOB) when END, TRUNCATE and TRUNCATED cell > have no reason in their payload. TROVE-2026-011. Found by Found by > Brian Carpenter (geeknik). Fixes bug 41254; bugfix > on 0.1.1.1-alpha. > > o Major bugfixes (conflux): > - Do not attempt or accept BEGIN_DIR via conflux legs. TROVE-2026- > 008. Credit to Anas Cherni from Calif.io in collaboration with > Claude and Anthropic Research. Fixes bug 41243; bugfix > on 0.4.8.1-alpha. > > o Major bugfixes (conflux, relay): > - Adjust conflux out-of-order queue accounting when clearing a > queue. TROVE-2026-010. Found by aptupdate. Fixes bug 41251; bugfix > on 0.4.8.1-alpha. > > o Major bugfixes (pathbias): > - Fix a client-side crash caused by double-close of a circuit while > under circuit queue memory pressure. TROVE-2026-009. Found by > cypherpunks. Fixes bug 41237; bugfix on 0.3.3.6-rc. > > o Major bugfixes (relay): > - Fix null pointer dereference when receiving a CERT cell out of > order. TROVE-2026-006. Found by Fwame. Fixes bug 41240; bugfix > on 0.2.4.4-alpha. > > o Major bugfixes (relay, onion service): > - Fix off-by-one out-of-bounds read if a malformed BEGIN cell is > received. TROVE-2026-007. Found by Flanagan. Fixes bug 41245; > bugfix on 0.2.4.7-alpha. > > o Minor features (fallbackdir): > - Regenerate fallback directories generated on May 06, 2026. > > o Minor features (geoip data): > - Update the geoip files to match the IPFire Location Database, as > retrieved on 2026/05/06. > > Signed-off-by: Peter Müller <peter.mueller@ipfire.org> > --- > lfs/tor | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/lfs/tor b/lfs/tor > index 7ba6c6641..da6f50457 100644 > --- a/lfs/tor > +++ b/lfs/tor > @@ -26,7 +26,7 @@ include Config > > SUMMARY = Anonymizing overlay network for TCP (The onion router) > > -VER = 0.4.9.6 > +VER = 0.4.9.7 > > THISAPP = tor-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) > DIR_APP = $(DIR_SRC)/$(THISAPP) > TARGET = $(DIR_INFO)/$(THISAPP) > PROG = tor > -PAK_VER = 94 > +PAK_VER = 95 > > DEPS = > > @@ -48,7 +48,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_BLAKE2 = 93c4a338e892fdc451826fc5be2fa193aec582257b33b5cbb100f3f2ea2ecec182f56fa80e071e0a64fc81fb3a673d27521807071be85917a6490932659d8ebf > +$(DL_FILE)_BLAKE2 = 189aa16fb2bcc2e0838aceeb3f68b43694dea580a89f0bfc27acd4ded9b3824a0c731fb3182e1e221534be9d0f2cbdd5633a4fba7d3137ed793009b39a1d571f > > install : $(TARGET) >
diff --git a/lfs/tor b/lfs/tor index 7ba6c6641..da6f50457 100644 --- a/lfs/tor +++ b/lfs/tor @@ -26,7 +26,7 @@ include Config SUMMARY = Anonymizing overlay network for TCP (The onion router) -VER = 0.4.9.6 +VER = 0.4.9.7 THISAPP = tor-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 94 +PAK_VER = 95 DEPS = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 93c4a338e892fdc451826fc5be2fa193aec582257b33b5cbb100f3f2ea2ecec182f56fa80e071e0a64fc81fb3a673d27521807071be85917a6490932659d8ebf +$(DL_FILE)_BLAKE2 = 189aa16fb2bcc2e0838aceeb3f68b43694dea580a89f0bfc27acd4ded9b3824a0c731fb3182e1e221534be9d0f2cbdd5633a4fba7d3137ed793009b39a1d571f install : $(TARGET)