Tor: Update to

Message ID
State Accepted
Series Tor: Update to |

Commit Message

Peter Müller 11 Sep 2022, 2:14 p.m. UTC
  Changes in version - 2022-08-12
  This version updates the geoip cache that we generate from IPFire location
  database to use the August 9th, 2022 one. Everyone MUST update to this
  latest release else circuit path selection and relay metrics are badly

  o Major bugfixes (geoip data):
    - IPFire informed us on August 12th that databases generated after
      (including) August 10th did not have proper ARIN network allocations. We
      are updating the database to use the one generated on August 9th, 2022.
      Fixes bug 40658; bugfix on

Changes in version - 2022-08-11
  This version contains several major fixes aimed at reducing memory pressure on
  relays and possible side-channel. It also contains a major bugfix related to
  congestion control also aimed at reducing memory pressure on relays.
  Finally, there is last one major bugfix related to Vanguard L2 layer node

  We strongly recommend to upgrade to this version especially for Exit relays
  in order to help the network defend against this ongoing DDoS.

  o Major bugfixes (congestion control):
    - Implement RFC3742 Limited Slow Start. Congestion control was
      overshooting the congestion window during slow start, particularly
      for onion service activity. With this fix, we now update the
      congestion window more often during slow start, as well as dampen
      the exponential growth when the congestion window grows above a
      capping parameter. This should reduce the memory increases guard
      relays were seeing, as well as allow us to set lower queue limits
      to defend against ongoing DoS attacks. Fixes bug 40642; bugfix

  o Major bugfixes (relay):
    - Remove OR connections btrack subsystem entries when the connections
      close normally. Before this, we would only remove the entry on error and
      thus leaking memory for each normal OR connections. Fixes bug 40604;
      bugfix on
    - Stop sending TRUNCATED cell and instead close the circuit from which we
      received a DESTROY cell. This makes every relay in the circuit path to
      stop queuing cells. Fixes bug 40623; bugfix on

  o Major bugfixes (vanguards):
    - We had omitted some checks for whether our vanguards (second layer
      guards from proposal 333) overlapped. Now make sure to pick each
      of them to be independent. Also, change the design to allow them
      to come from the same family. Fixes bug 40639; bugfix

  o Minor features (dirauth):
    - Add a torrc option to control the Guard flag bandwidth threshold
      percentile. Closes ticket 40652.
    - Add an AuthDirVoteGuard torrc option that can allow authorities to
      assign the Guard flag to the given fingerprints/country code/IPs.
      This is a needed feature mostly for defense purposes in case a DoS
      hits the network and relay start losing the Guard flags too fast.
      from torrc.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on August 11, 2022.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2022/08/11.

  o Minor bugfixes (congestion control):
    - Add a check for an integer underflow condition that might happen
      in cases where the system clock is stopped, the ORconn is blocked,
      and the endpoint sends more than a congestion window worth of non-
      data control cells at once. This would cause a large congestion
      window to be calculated instead of a small one. No security
      impact. Fixes bug 40644; bugfix on

  o Minor bugfixes (defense in depth):
    - Change a test in the netflow padding code to make it more
      _obviously_ safe against remotely triggered crashes. (It was safe
      against these before, but not obviously so.) Fixes bug 40645;
      bugfix on

  o Minor bugfixes (relay):
    - Do not propagate either forward or backward a DESTROY remote reason when
      closing a circuit in order to avoid a possible side channel. Fixes bug
      40649; bugfix on

Signed-off-by: Peter Müller <>
 lfs/tor | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)


diff --git a/lfs/tor b/lfs/tor
index 628ed63a2..c41b6dbed 100644
--- a/lfs/tor
+++ b/lfs/tor
@@ -26,7 +26,7 @@  include Config
 SUMMARY    = Anonymizing overlay network for TCP (The onion router)
-VER        =
+VER        =
 THISAPP    = tor-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@  DL_FROM    = $(URL_IPFIRE)
 PROG       = tor
-PAK_VER    = 70
+PAK_VER    = 71
 DEPS       = libseccomp
@@ -48,7 +48,7 @@  objects = $(DL_FILE)
-$(DL_FILE)_BLAKE2 = 40f6eab453d95a09e4531ce7cdb59715a21b84e1d0b1045d107add6a443fb7563a5747734b23e0e1dfda6490a5a7659f912e38c11cdb5fa635535dcff6169eeb
+$(DL_FILE)_BLAKE2 = 46a9d932e7451bcc683e18d296d7a26bb4b544767cf4622910ebf90d82715718451ec3e0d6cd215eff5fe2cc3ae8441b8e6065c5877d7fc92c2f26ab5c7fa0cb
 install : $(TARGET)