tor-android
tor-android copied to clipboard
guardianproject
Bump to tor 0.4.8.12
https://forum.torproject.org/t/stable-release-0-4-8-12/13060 https://gitlab.torproject.org/tpo/core/tor/-/tags/tor-0.4.8.12
Changes in version 0.4.8.12 - 2024-06-06 This is a minor release with couple bugfixes affecting conflux and logging. We also have the return of faravahar directory authority with new keys and address.
o Minor feature (dirauth): - Add back faravahar with a new address and new keys. Closes 40689.
o Minor features (fallbackdir): - Regenerate fallback directories generated on June 06, 2024.
o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2024/06/06.
o Minor bugfix (circuit): - Remove a log_warn being triggered by a protocol violation that already emits a protocol warning log. Fixes bug 40932; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (conflux): - Avoid a potential hard assert (crash) when sending a cell on a Conflux set. Fixes bug 40921; bugfix on 0.4.8.1-alpha. - Make sure we don't process a closed circuit when packaging data. This lead to a non fatal BUG() spamming logs. Fixes bug 40908; bugfix on 0.4.8.1-alpha.
@uniqx could you please rebase the tor fork and then I prep tor-android for a new release.
I just upgraded us to the new openssl-3.0.14 which is addresses a few CVEs and is what the newest Tor Browser is using alongside tor v0.4.8.12:
Fixed potential use after free after SSL_free_buffers() is called ([CVE-2024-4741]) Fixed an issue where checking excessively long DSA keys or parameters may be very slow ([CVE-2024-4603]) Fixed unbounded memory growth with session handling in TLSv1.3 ([CVE-2024-2511])
I've rebased our Android specific changes on tor 0.4.8.12: https://github.com/guardianproject/tor/pull/10
