tor: Update to version 0.4.9.6

- Update from version 0.4.8.21 to 0.4.9.6
- Version 0.4.8.22 was likely the last update on the 0.4.8 branch. Everything is now
   focussed on the 0.4.9 branch.
- There are some security fixes in some of the update steps.
- No change in rootfile
- Changelog
    0.4.9.6
  This is a security release fixing major bugfixes that could possibly lead to
  remote crashing relays. We strongly recommend upgrading as soon as possible.
  o Major bugfix (security):
    - Fix a stack overflow of 11 bytes on malicious CREATED2. This lead
      to a remote crash. TROVE-2026-003. Reported-by: Anas Cherni of
      Calif.io. Fixes bug 41231; bugfix on 0.4.9.1-alpha.
  o Major bugfix (security, conflux):
    - Fix a memory compare using the wrong length. This could lead to a
      remote crash when using the conflux subsystem. TROVE-2026-004.
      Fixes bug 41232; bugfix on 0.4.8.1-alpha.
  o Minor bugfixes (security):
    - Fix a series of defense in depth security issues found across the
      codebase. Fixes bug 41228; bugfix on 0.3.5.1-alpha.
  o Minor bugfixes (portability):
    - (Hopefully) fix our polyval implementation on big-endian
      platforms. Fixes bug 41215; bugfix on 0.4.9.3-alpha.
  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on March 25, 2026.
  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2026/03/25.
    0.4.9.5
  This first stable release in the 0.4.9 series introduces a new
  circuit-level encryption design for better client security, as well
  as a more scalable way for large relay operators to annotate which
  relays they run so clients can avoid using too many of them in a
  single circuit.
  o Major features (cryptography):
    - Clients and relays can now negotiate Counter Galois Onion (CGO)
      relay cryptography, as designed by Jean Paul Degabriele,
      Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO
      provides improved resistance to several kinds of tagging attacks,
      better forward secrecy, and better forgery resistance. Closes
      ticket 41047. Implements proposal 359.
  o Major features (path selection):
    - Clients and relays now support "happy families", a system to
      simplify relay family operation and improve directory performance.
      With "happy families", relays in a family share a secret "family
      key", which they use to prove their membership in the family.
      Implements proposal 321; closes ticket 41009. Note that until
      enough clients are upgraded, relay operators will still need to
      configure MyFamily lists. But once clients no longer depend on
      those lists, we will be able to remove them entirely, thereby
      simplifying family operation, and making microdescriptor downloads
      approximately 80% smaller. For more information, see
      https://community.torproject.org/relay/setup/post-install/family-ids/
  o Major bugfixes (conflux):
    - Ensure conflux guards obey family and subnet restrictions. Fixes
      bug 40976; bugfix on 0.4.8.1-alpha.
  o Major bugfixes (controller events):
    - Fix spikes occurring in bandwidth cache events on control connection.
      Fixes bug 31524; bugfix on 0.0.9pre5.
  o Major bugfixes (sandbox):
    - Fix sandbox to work on architectures that use Linux's generic
      syscall interface, extending support for AArch64 (ARM64) and
      adding support for RISC-V, allowing test_include.sh and the
      sandbox unit tests to pass on these systems even when building
      with fragile hardening enabled. Fixes bugs 40465 and 40599; bugfix
      on 0.2.5.1-alpha.
  o Minor features (client security, reliability):
    - When KeepaliveIsolateSOCKSAuth is keeping a circuit alive, expire
      the circuit based on when it was last in use for any stream, not
      (as we did before) based on when a stream was last attached to it.
      Closes ticket 41157. Implements a minimal version of Proposal 368.
  o Minor features (exit relays):
    - Implement reevaluating new exit policy against existing
      connections. This is controlled by new config option
      ReevaluateExitPolicy, defaulting to 0. Closes ticket 40676.
    - Implement a token-bucket based rate limiter for stream creation
      and resolve request. It is configured by the DoSStream* family of
      configuration options. Closes ticket 40736.
    - Add Monero ports to the ReducedExitPolicy. Closes ticket 41168.
  o Minor features (bridges):
    - Save complete bridge lines to 'datadir/bridgelines'. Closes
      ticket 29128.
  o Minor features (client extensibility):
    - Implement new HTTPTunnelPort features for interoperability with
      Arti's HTTP CONNECT proxy. This work adds new headers to requests
      to and replies from the HttpConnectPort, support for OPTIONS
      requests, tightens the expected syntax for Proxy-Authorization,
      and increases defense-in-depth against some kinds of cross-site
      HTTP attacks. Closes ticket 41156. Implements proposal 365.
    - Detect invalid SOCKS5 username/password combinations according to
      new extended parameters syntax. (Currently, this rejects any
      SOCKS5 username beginning with "<torS0X>", except for the username
      "<torS0X>0". Such usernames are now reserved to communicate
      additional parameters with other Tor implementations.) Implements
      proposal 351.
  o Minor features (sandboxing):
    - Allow the fstatat64 and statx syscalls on i386 architecture when
      glibc >= 2.33. On i386, glibc uses fstatat64 instead of newfstatat
      for stat operations, and statx for time64 support. Without this,
      SIGHUP configuration reload fails when using sandbox mode with
      %include directives on i386 with Debian Bookworm or newer.
    - Allow the lstat64 syscall on i386 architecture. This syscall is
      used by glob() in glibc 2.36+ when processing %include directives
      with directory patterns.
  o Minor features (security):
    - Increase the size of our finite-field Diffie Hellman TLS group
      (which we should never actually use!) to 2048 bits. Part of
      ticket 41067.
    - Require TLS version 1.2 or later. (Version 1.3 support will be
      required in the near future.) Part of ticket 41067.
    - Update TLS 1.2 client cipher list to match current Firefox. Part
      of ticket 41067.
    - Verify needle is smaller than haystack before calling memmem.
      Closes ticket 40854.
  o Minor features (onion services):
    - Add 3 more keywords to the ADD_ONION control command:
      PoWDefensesEnabled, PoWQueueRate and PoWQueueBurst which correspond
      to HiddenServicePoWDefensesEnabled, HiddenServicePoWQueueRate and
      HiddenServicePoWQueueBurst from torrc.
    - Reduce the minimum value of hsdir_interval to match recent tor-
      spec change.
  o Minor feature (directory authority):
    - Introduce MinimalAcceptedServerVersion to allow configuring
      the minimum accepted relay version without requiring a new tor
      release. Closes ticket 40817.
  o Minor features (metrics port):
    - New metrics on the MetricsPort for the number of BUG() calls that
      occurred at runtime. Fixes bugs 40839 and 41104; bugfix on
      0.4.7.1-alpha.
    - Handle rephist tracking of ntor and ntor_v3 handshakes
      individually such that MetricsPort exposes the correct values.
      Fixes bug 40638; bugfix on 0.4.7.11.
    - Add new metrics for relays on the MetricsPort namely the count of
      drop cell, destroy cell and the number of circuit protocol
      violation seen that lead to a circuit close. Closes ticket 40816.
  o Minor features (forward-compatibility):
    - We now correctly parse microdescriptors and router descriptors
      that do not include TAP onion keys. (For backward compatibility,
      authorities continue to require these keys.) Implements part of
      proposal 350.
  o Minor features (portability, android):
    - Use /data/local/tmp for data storage on Android by default. Closes
      ticket 40487. Patch from Hans-Christoph Steiner.
  o Minor features (directory authority):
    - Export unsigned consensus documents once we have seen a threshold
      of signatures, as a step toward the consensus transparency
      experiment.
  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on February 12, 2026.
  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database,
      as retrieved on 2026/02/12.
  o Minor features (windows):
    - Various compilation fixes for our Windows CI. Closes ticket 41214.
  o Minor bugfixes (exit relays):
    - Clip every returned DNS TTL to 60 (RESOLVED) in order to mitigate
      an exit DNS cache oracle. Fixes bug 40979; bugfix on 0.3.5.1-alpha.
  o Minor bugfixes (spec conformance):
    - Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH
      messages. Previously, it was always set to the maximum value.
      Fixes bug 41056; bugfix on 0.4.8.1-alpha.
    - Do not treat "15" as a recognized remote END reason code.
      Formerly, we treated it as synonymous with a local ENTRYPOLICY,
      which isn't a valid remote code at all. Fixes bug 41171; bugfix
      on 0.2.0.8-alpha.
  o Minor bugfixes (tooling):
    - Fix a false positive valgrind related to inspecting a bitfield
      next to another uninitialized bitfield. Fixes bug 41182; bugfix
      on 0.3.3.2-alpha.
    - Fix minor warnings from newer versions of shellcheck and clang.
      Fixes bug 41166; bugfix on 0.4.3.1-alpha and several
      other versions.
    - Fix a warning when compiling with GCC 14.2. Closes 41032.
  o Minor bugfixes (threads):
    - Make thread control POSIX compliant. Fixes bug 41109; bugfix
      on 0.4.8.17.
  o Minor bugfix (client DNS):
    - Handle empty DNS reply without sending back an error and instead
      send back NOERROR (RFC1035 error code 0x0). Fixes bug 40248;
      bugfix on 0.3.5.1-alpha.
  o Minor bugfixes (directory authorities):
    - After we added layer-two vanguards, directory authorities wouldn't
      think any of their vanguards were suitable for circuits, leading
      to a "Failed to find node for hop #2 of our path. Discarding this
      circuit." log message once per second from startup until they made
      a fresh consensus. Now they look to their existing consensus on
      startup, letting them build circuits properly from the beginning.
      Fixes bug 40802; bugfix on 0.4.7.1-alpha.
  o Minor bugfixes (tests):
    - Fix a test failure with OpenSSL builds running at security level 1
      or greater, which does not permit SHA-1 certificates. Fixes bug
      41021; bugfix on 0.2.8.1-alpha.
  o Minor bugfixes (bridges):
    - Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set
      to 0. Fixes bug 40884; bugfix on 0.4.8.3-rc.
  o Minor bugfixes (conflux, client):
    - Avoid a non fatal assert caused by data coming in on a conflux set
      that is being freed during shutdown. Fixes bug 40870; bugfix
      on 0.4.8.1-alpha.
  o Minor bugfixes (testing network):
    - Enabling TestingTorNetwork no longer forces fast hidden service
      intro point rotation. This reduces noise and errors when using
      hidden services with TestingTorNetwork enabled. Fixes bug 40922;
      bugfix on 0.3.2.1-alpha.
  o Minor bugfixes (relay):
    - Refuse to overwrite an existing *.secret_family_key when running
      tor --keygen-family. Fixes bug 41184; bugfix on 0.4.9.1-alpha.
  o New system requirements:
    - When built with LibreSSL, Tor now requires LibreSSL 3.7 or later.
      Part of ticket 41059.
    - When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later.
      (We strongly recommend 3.0 or later, but still build with 1.1.1,
      even though it is not supported by the OpenSSL team, due to its
      presence in Debian oldstable.) Part of ticket 41059.
  o Removed features (relays):
    - Relays no longer support clients that falsely advertise TLS
      ciphers they don't really support. (Clients have not done this
      since 0.2.3.17-beta). Part of ticket 41031.
    - Relays no longer support clients that require obsolete v1 and v2
      link handshakes. (The v3 link handshake has been supported since
      0.2.3.6-alpha). Part of ticket 41031.
    - Relays no longer support the obsolete TAP circuit extension
      protocol. (For backward compatibility, however, relays still
      continue to include TAP keys in their descriptors.) Implements
      part of proposal 350.
    - Relays no longer support the obsolete "RSA-SHA256-TLSSecret"
      authentication method, which used a dangerously short RSA key, and
      which required access TLS session internals. The current method
      ("Ed25519-SHA256-RFC5705") has been supported since 0.3.0.1-alpha.
      Closes ticket 41020.
  o Removed features (directory authorities):
    - Directory authorities no longer support consensus methods before
      method 32. Closes ticket 40835.
    - We include a new consensus method that removes support for
      computing "package" lines in consensus documents. This feature was
      never used, and support for including it in our votes was removed
      in 0.4.2.1-alpha. Finishes implementation of proposal 301.
    0.4.9.4-rc
  Finally, the release candidate for the 0.4.9.x series. It consists of minor
  features and several bugfixes. Nothing major has been added since the alpha.
  If everything goes well, the next version will be the first stable.
  o Minor features (security, reliability):
    - When KeepaliveIsolateSOCKSAuth is keeping a circuit alive, expire
      the circuit based on when it was last in use for any stream, not
      (as we did before) based on when a stream was last attached to it.
      Closes ticket 41157. Implements a minimal version of Proposal 368.
  o Minor feature (Exit):
    - Add Monero ports to the ReducedExitPolicy. Closes ticket 41168.
  o Minor features (HTTPTunnelPort):
    - Implement new HTTPTunnelPort features for interoperability with
      Arti's HTTP CONNECT proxy. This work adds new headers to requests
      to and replies from the HttpConnectPort, support for OPTIONS
      requests, tightens the expected syntax for Proxy-Authorization,
      and increases defense-in-depth against some kinds of cross-site
      HTTP attacks. Closes ticket 41156. Implements proposal 365.
  o Minor features (linux seccomp2 sandbox):
    - Allow the fstatat64 and statx syscalls on i386 architecture when
      glibc >= 2.33. On i386, glibc uses fstatat64 instead of newfstatat
      for stat operations, and statx for time64 support. Without this,
      SIGHUP configuration reload fails when using sandbox mode with
      %include directives on i386 with Debian Bookworm or newer.
    - Allow the lstat64 syscall on i386 architecture. This syscall is
      used by glob() in glibc 2.36+ when processing %include directives
      with directory patterns.
  o Minor bugfixes (DNS, exit):
    - Clip every returned DNS TTL to 60 (RESOLVED) in order to mitigate
      an exit DNS cache oracle. Fixes bug 40979; bugfix on 0.3.5.1-alpha.
  o Minor bugfixes (spec conformance):
    - Do not treat "15" as a recognized remote END reason code.
      Formerly, we treated it as synonymous with a local ENTRYPOLICY,
      which isn't a valid remote code at all. Fixes bug 41171; bugfix
      on 0.2.0.8-alpha.
  o Minor bugfixes (tooling):
    - Fix a false positive valgrind related to inspecting a bitfield
      next to another uninitialized bitfield. Fixes bug 41182; bugfix
      on 0.3.3.2-alpha.
  o Minor bugfixes (warnings):
    - Fix minor warnings from newer versions of shellcheck and clang.
      Fixes bug 41166; bugfix on 0.4.3.1-alpha and several
      other versions.
    0.4.9.3-alpha
  This is the third alpha release and likely the last before going stable.
  This release contains the new CGO circuit encryption. See proposal 359 for
  more details. Several TLS minor fixes which will strengthen the link
  security.
  o New system requirements:
    - When built with LibreSSL, Tor now requires LibreSSL 3.7 or later.
      Part of ticket 41059.
    - When built with OpenSSL, Tor now requires OpenSSL 1.1.1 or later.
      (We strongly recommend 3.0 or later, but still build with 1.1.1,
      even though it is not supported by the OpenSSL team, due to its
      presence in Debian oldstable.) Part of ticket 41059.
  o Major features (cell format):
    - Tor now has (unused) internal support to encode and decode relay
      messages in the new format required by our newer CGO encryption
      algorithm. Closes ticket 41051. Part of proposal 359.
  o Major features (cryptography):
    - Clients and relays can now negotiate Counter Galois Onion (CGO)
      relay cryptography, as designed by Jean Paul Degabriele,
      Alessandro Melloni, Jean-Pierre Münch, and Martijn Stam. CGO
      provides improved resistance to several kinds of tagging attacks,
      better forward secrecy, and better forgery resistance. Closes
      ticket 41047. Implements proposal 359.
  o Major bugfixes (onion service directory cache):
    - Preserve the download counter of an onion service descriptor
      across descriptor uploads, so that recently updated descriptors
      don't get pruned if there is memory pressure soon after update.
      Additionally, create a separate torrc option MaxHSDirCacheBytes
      that defaults to the former 20% of MaxMemInQueues threshold, but
      can be controlled by relay operators under DoS. Also enforce this
      threshold during HSDir uploads. Fixes bug 41006; bugfix
      on 0.4.8.14.
  o Minor features (security):
    - Increase the size of our finite-field Diffie Hellman TLS group
      (which we should never actually use!) to 2048 bits. Part of
      ticket 41067.
    - Require TLS version 1.2 or later. (Version 1.3 support will be
      required in the near future.) Part of ticket 41067.
    - Update TLS 1.2 client cipher list to match current Firefox. Part
      of ticket 41067.
  o Minor features (security, TLS):
    - When we are running with OpenSSL 3.5.0 or later, support using the
      ML-KEM768 for post-quantum key agreement. Closes ticket 41041.
  o Minor feature (client, TLS):
    - Set the TLS 1.3 cipher list instead of falling back on the
      default value.
  o Minor feature (padding, logging):
    - Reduce the amount of messages being logged related to channel
      padding timeout when log level is "notice".
  o Minor features (bridges):
    - Save complete bridge lines to 'datadir/bridgelines'. Closes
      ticket 29128.
  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on September 16, 2025.
  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2025/09/16.
  o Minor features (hidden services):
    - Reduce the minimum value of hsdir_interval to match recent tor-
      spec change.
  o Minor features (hsdesc POW):
    - Tolerate multiple PoW schemes in onion service descriptors, for
      future extensibility. Implements torspec ticket 272.
  o Minor features (performance TLS):
    - When running with with OpenSSL 3.0.0 or later, support using
      X25519 for TLS key agreement. (This should slightly improve
      performance for TLS session establishment.)
  o Minor features (portability):
    - Fix warnings when compiling with GCC 15. Closes ticket 41079.
  o Minor bugfix (conflux):
    - Remove the pending nonce if we realize that the nonce of the
      unlinked circuit is not tracked anymore. Should avoid the non
      fatal assert triggered with a control port circuit event. Fixes
      bug 41037; bugfix on 0.4.8.15.
  o Minor bugfixes (bridges, pluggable transport):
    - Fix a bug causing the initial tor process to hang instead of
      exiting with RunAsDaemon, when pluggable transports are used.
      Fixes bug 41088; bugfix on 0.4.9.1-alpha.
  o Minor bugfixes (circuit handling):
    - Prevent circuit_mark_for_close() from being called twice on the
      same circuit. Fixes bug 40951; bugfix on 0.4.8.16-dev.
    - Prevent circuit_mark_for_close() from being called twice on the
      same circuit. Second fix attempt Fixes bug 41106; bugfix
      on 0.4.8.17
  o Minor bugfixes (compilation):
    - Fix linking on systems without a working stdatomic.h. Fixes bug
      41076; bugfix on 0.4.9.1-alpha.
  o Minor bugfixes (compiler warnings):
    - Make sure the two bitfields in the half-closed edge struct are
      unsigned, as we're using them for boolean values and assign 1 to
      them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
  o Minor bugfixes (logging, metrics port):
    - Count BUG statements for the MetricsPort only if they are warnings
      or errors. Fixes bug 41104; bugfix on 0.4.7.1-alpha. Patch
      contributed by shadowcoder.
  o Minor bugfixes (protocol):
    - Set the length field correctly on RELAY_COMMAND_CONFLUX_SWITCH
      messages. Previously, it was always set to the maximum value.
      Fixes bug 41056; bugfix on 0.4.8.1-alpha.
  o Minor bugfixes (relay):
    - Fix a crash when FamilyKeyDir is a path that cannot be read. Fixes
      bug 41043; bugfix on 0.4.9.2-alpha.
  o Minor bugfixes (threads):
    - Make thread control POSIX compliant. Fixes bug 41109; bugfix
      on 0.4.8.17-dev.
  o Removed features:
    - Relays no longer support clients that falsely advertise TLS
      ciphers they don't really support. (Clients have not done this
      since 0.2.3.17-beta). Part of ticket 41031.
    - Relays no longer support clients that require obsolete v1 and v2
      link handshakes. (The v3 link handshake has been supported since
      0.2.3.6-alpha). Part of ticket 41031.
    0.4.9.2-alpha
  This is the second alpha of the 0.4.9.x series. We have several new minor
  features and a big one, the happy families that was long awaited by relay
  operators. This release also fixes a number of bugs including major ones.
  o Major feature (happy families):
    - Clients and relays now support "happy families", a system to
      simplify relay family operation and improve directory performance.
      With "happy families", relays in a family shares a secret "family
      key", which they use to prove their membership in the family.
      Implements proposal 321; closes ticket 41009. Note that until
      enough clients are upgraded, relay operators will still need to
      configure MyFamily lists. But once clients no longer depend on
      those lists, we will be able to remove them entirely, thereby
      simplifying family operation, and making microdescriptor downloads
      approximately 80% smaller. For more information, see
      https://community.torproject.org/relay/setup/post-install/family-ids/
  o Major features (client):
    - Clients now respect "happy families" per proposal 321. This
      feature will eventually allow a much more compact representation
      for relay families, for a significant savings in directory
      download size.
  o Minor feature (onion service, control port):
    - Add 3 more keywords to the ADD_ONION control command:
      PoWDefensesEnabled, PoWQueueRate and PoWQueueBurst which correspond
      to HiddenServicePoWDefensesEnabled, HiddenServicePoWQueueRate and
      HiddenServicePoWQueueBurst from torrc.
  o Minor feature (testing, CI):
    - Use a fixed version of chutney (be881a1e) instead of its current
      HEAD. This version should also be preferred when testing locally.
  o Minor features (compilation):
    - Fix a warning when compiling with GCC 14.2. Closes 41032.
  o Minor features (continuous integration):
    - Upgrade CI runners to use Debian Bookworm instead of Bullseye.
      Closes ticket 41029.
  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on February 05, 2025.
    - Regenerate fallback directories generated on March 20, 2025.
  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2025/02/05.
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2025/03/20.
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2025/03/24.
  o Minor features (recommended protocols):
    - Directory authorities now vote to recommend that clients support
      certain protocols beyond those that are required. These include
      improved support for connecting to relays on IPv6, NtorV3, and
      congestion control. Part of ticket 40836.
  o Minor features (required protocols):
    - Directory authorities now vote to require clients to support the
      authenticated SENDME feature, which was introduced in
      0.4.1.1-alpha. Part of ticket 40836.
    - Directory authorities now vote to require relays to support
      certain protocols, all of which have been implemented since
      0.4.7.4-alpha or earlier. These include improved support for
      connecting to relays on IPv6, NtorV3, running as a rate-limited
      introduction point, authenticated SENDMEs, and congestion control.
      Part of ticket 40836.
  o Major bugfix (control-events, bw-cache):
    - Fixes spikes occurring in bandwidth cache on control connection.
      Fixes bug 31524; bugfix on 0.4.8.12-dev.
  o Major bugfixes (conflux):
    - Ensure conflux guards obey family and subnet restrictions. Fixes
      bug 40976; bugfix on 0.4.8.13.
  o Major bugfixes (onion service directory cache):
    - When the OOM killer kicks in, cleanup the descriptor cache of an
      HSDir by looking at the lowest downloaded count instead of time in
      cache. Fixes bug 40996; bugfix on 0.3.5.1-alpha.
  o Minor bugfix (client DNS):
    - Handle empty DNS reply without sending back an error and instead
      send back NOERROR (RFC1035 error code 0x0). Fixes bug 40248;
      bugfix on 0.3.5.1-alpha.
  o Minor bugfix (conflux):
    - Avoid a non fatal assert when describing a conflux circuit on the
      control port after being prepped to be freed. Fixes bug 41037;
      bugfix on 0.4.8.15.
  o Minor bugfix (dirauth):
    - Fix typo in flag assignment approved-routers file. Fixes bug
      41035; bugfix on 0.4.8.15
  o Minor bugfixes (control port):
    - Correctly report conflux pair information to controller fields
      Fixes bug 40872; bugfix on 0.4.8.1-alpha
  o Minor bugfixes (directory authorities):
    - After we added layer-two vanguards, directory authorities wouldn't
      think any of their vanguards were suitable for circuits, leading
      to a "Failed to find node for hop #2 of our path. Discarding this
      circuit." log message once per second from startup until they made
      a fresh consensus. Now they look to their existing consensus on
      startup, letting them build circuits properly from the beginning.
      Fixes bug 40802; bugfix on 0.4.7.1-alpha.
  o Minor bugfixes (relay flag usage):
    - Fix client usage of the MiddleOnly flag so that MiddleOnly relays
      are not used as HS IP or RP by clients or services. Additionally,
      give dirauths the ability to remove specific flags, as an
      alternative to MiddleOnly. Fixes bug 41023; bugfix on 0.4.7.2-alpha
  o Minor bugfixes (sandbox, bwauth):
    - Fix sandbox to work for bandwidth authority. Fixes bug 40933;
      bugfix on 0.2.2.1-alpha
  o Minor bugfixes (tests):
    - Fix a test failure with OpenSSL builds running at security level 1
      or greater, which does not permit SHA-1 certificates. (Fixes bug
      41021; bugfix on 0.2.8.1-alpha.)
  o Minor bugfixes (threads, memory):
    - Improvements in cleanup of resources used by threads. Fixes bug
      40991; bugfix on 0.4.8.13-dev.
    - Rework start and exit of worker threads.
  o Removed features:
    - Relays no longer support the obsolete "RSA-SHA256-TLSSecret"
      authentication method, which used a dangerously short RSA key, and
      which required access TLS session internals. The current method
      ("Ed25519-SHA256-RFC5705") has been supported since 0.3.0.1-alpha.
      Closes ticket 41020.
    0.4.9.1-alpha
  This is the first alpha of the 0.4.9.x series. This release mostly consists
  of bugfixes including some major ones. There are several minor features in
  this release but no large new subsystem.
  o Major bugfixes (sandbox):
    - Fix sandbox to work on architectures that use Linux's generic
      syscall interface, extending support for AArch64 (ARM64) and
      adding support for RISC-V, allowing test_include.sh and the
      sandbox unit tests to pass on these systems even when building
      with fragile hardening enabled. Fixes bugs 40465 and 40599; bugfix
      on 0.2.5.1-alpha.
  o Minor feature (defense in depth):
    - Verify needle is smaller than haystack before calling memmem.
      Closes ticket 40854.
  o Minor feature (directory authority):
    - Introduce MinimalAcceptedServerVersion to allow modification of
      minimal accepted version for relays without requiring a new tor
      release. Closes ticket 40817.
  o Minor feature (exit policies):
    - Implement reevaluating new exit policy against existing
      connections. This is controlled by new config option
      ReevaluateExitPolicy, defaulting to 0. Closes ticket 40676.
  o Minor feature (exit relay, DoS resistance):
    - Implement a token-bucket based rate limiter for stream creation
      and resolve request. It is configured by the DoSStream* family of
      configuration options. Closes ticket 40736.
  o Minor feature (metrics port):
    - New metrics on the MetricsPort for the number of BUG() that
      occurred at runtime. Closes MR 760.
  o Minor feature (metrics port, relay):
    - Add new metrics for relays on the MetricsPort namely the count of
      drop cell, destroy cell and the number of circuit protocol
      violation seen that lead to a circuit close. Closes ticket 40816.
  o Minor feature (testing):
    - test-network now unconditionally includes IPv6 instead of trying
      to detect IPv6 support.
  o Minor feature (testing, CI):
    - Use a fixed version of chutney (be881a1e) instead of its current
      HEAD. This version should also be preferred when testing locally.
  o Minor features (forward-compatibility):
    - We now correctly parse microdescriptors and router descriptors
      that do not include TAP onion keys. (For backward compatibility,
      authorities continue to require these keys.) Implements part of
      proposal 350.
  o Minor features (portability, android):
    - Use /data/local/tmp for data storage on Android by default. Closes
      ticket 40487. Patch from Hans-Christoph Steiner.
  o Minor features (SOCKS):
    - Detect invalid SOCKS5 username/password combinations according to
      new extended parameters syntax. (Currently, this rejects any
      SOCKS5 username beginning with "<torS0X>", except for the username
      "<torS0X>0". Such usernames are now reserved to communicate
      additional parameters with other Tor implementations.) Implements
      proposal 351.
  o Minor bugfix (MetricsPort, relay):
    - Handle rephist tracking of ntor and ntor_v3 handshakes
      individually such that MetricsPort exposes the correct values.
      Fixes bug 40638; bugfix on 0.4.7.11.
  o Minor bugfix (process):
    - Avoid closing all possible FDs when spawning a process (PT). On
      some systems, this could lead to 3+ minutes hang. Fixes bug 40990;
      bugfix on 0.3.5.1-alpha.
  o Minor bugfix (relay, sandbox):
    - Disable a sandbox unit test that is failing on Debian Sid breaking
      our nightly packages. Fixes bug 40918; bugfix on 0.3.5.1-alpha.
  o Minor bugfixes (bridge):
    - Don't warn when BridgeRelay is 1 and ExitRelay is explicitly set
      to 0. Fixes bug 40884; bugfix on 0.4.8.3-rc.
  o Minor bugfixes (compiler warnings):
    - Make sure the two bitfields in the half-closed edge struct are
      unsigned, as we're using them for boolean values and assign 1 to
      them. Fixes bug 40911; bugfix on 0.4.7.2-alpha.
  o Minor bugfixes (conflux, client):
    - Avoid a non fatal assert caused by data coming in on a conflux set
      that is being freed during shutdown. Fixes bug 40870; bugfix
      on 0.4.8.1-alpha.
  o Minor bugfixes (memory):
    - Fix a pointer free that wasn't set to NULL afterwards which could
      be reused by calling back in the free all function. Fixes bug
      40989; bugfix on 0.4.8.13.
  o Minor bugfixes (sandbox, bwauth):
    - Fix sandbox to work for bandwidth authority. Fixes bug 40933;
      bugfix on 0.2.2.1-alpha
  o Minor bugfixes (testing):
    - Enabling TestingTorNetwork no longer forces fast hidden service
      intro point rotation. This reduces noise and errors when using
      hidden services with TestingTorNetwork enabled. Fixes bug 40922;
      bugfix on 0.3.2.1-alpha.
  o Minor bugfixes (tor-resolve):
    - Create socket with correct family as given by sockshost, fixes
      IPv6. Fixes bug 40982; bugfix on 0.4.9.0-alpha.
  o Removed features:
    - Directory authorities no longer support consensus methods before
      method 32. Closes ticket 40835.
  o Removed features (directory authority):
    - We include a new consensus method that removes support for
      computing "package" lines in consensus documents. This feature was
      never used, and support for including it in our votes was removed
      in 0.4.2.1-alpha. Finishes implementation of proposal 301.
  o Removed features (obsolete):
    - Relays no longer support the obsolete TAP circuit extension
      protocol. (For backward compatibility, however, relays still
      continue to include TAP keys in their descriptors.) Implements
      part of proposal 350.
    - Removed some vestigial code for selecting the TAP circuit
      extension protocol.
    0.4.8.22
  This is likely the very last release of the 0.4.8.x series. Three major
  bugfixes detailed below including two affecting directory servers (basically
  all relays). We strongly recommend upgrading as soon as possible.
  o Major bugfixes (security):
    - Avoid an out-of-bounds read error that could occur with
      V1-formatted EXTEND cells. Fixes bug 41180; bugfix on 0.4.8.1-alpha.
      This is tracked as TROVE-2025-016.
  o Major bugfixes (directory servers):
    - Allow old clients to fetch the consensus even if they use version
      0 of the SENDME protocol. In mid 2025 we changed the required
      minimum version of the "FlowCtrl" protocol to 1, meaning directory
      caches hang up on clients that send a version 0 SENDME cell. Since
      old clients were no longer able to retrieve the consensus, they
      couldn't learn about this required minimum version -- meaning
      we've had many many old clients loading down directory servers for
      the past months. Fixes bug 41191; bugfix on 0.4.1.1-alpha.
    - Don't count networkstatus serves until they finish. When we
      started serving a consensus document but the client didn't receive
      all of it, we were still counting that as a success in our stats.
      This mistake, which can be triggered for example by obsolete
      clients or by DPI-based censorship, led to wildly inflated user
      counts because we estimate total users in the world based on
      successful consensus fetches. Fixes bug 41192; bugfix
      on 0.2.1.1-alpha.
  o Minor feature (testing, CI):
    - Bump the CI version of chutney to the current version as of
      2026-01-21 (3338f5c).
  o Minor features (debugging, compression):
    - Do not check for compression bombs for buffers smaller than 5MB
      (increased from 64 KB). Fixes ticket 40739; bugfix on 0.2.1.29.
  o Minor features (directory servers):
    - Track how many times directory servers begin serving networkstatus
      documents, so we can compare it to the number of times we finish
      serving them. Motivated by the fixes in ticket 41192.
  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on January 28, 2026.
  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2026/01/28.
  o Minor bugfixes (relay):
    - Downgrade "Error relaying cell across rendezvous" log warn to info
      as the error condition is possible under normal circumstances. Fixes
      bug 40951; bugfix on 0.3.5.1-alpha.
  o Code simplification and refactoring:
    - Simplify SOCKS4a parsing to avoid the (false) appearance of
      integer underflows, and to make the logic more obvious. Fixes bug
      41190; bugfix on 0.3.5.1-alpha.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/tor | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)