upgrade to v0.4.6.7

ChangeLog

@@ -1,3 +1,49 @@
+Changes in version 0.4.6.7 - 2021-08-16
+  This version fixes several bugs from earlier versions of Tor,
+  including one that could lead to a denial-of-service attack. Everyone
+  running an earlier version, whether as a client, a relay, or an onion
+  service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
+
+  o Major bugfixes (cryptography, security):
+    - Resolve an assertion failure caused by a behavior mismatch between
+      our batch-signature verification code and our single-signature
+      verification code. This assertion failure could be triggered
+      remotely, leading to a denial of service attack. We fix this issue
+      by disabling batch verification. Fixes bug 40078; bugfix on
+      0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and
+      CVE-2021-38385. Found by Henry de Valence.
+
+  o Minor feature (fallbackdir):
+    - Regenerate fallback directories list. Close ticket 40447.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2021/08/12.
+
+  o Minor bugfix (crypto):
+    - Disable the unused batch verification feature of ed25519-donna.
+      Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry
+      de Valence.
+
+  o Minor bugfixes (onion service):
+    - Send back the extended SOCKS error 0xF6 (Onion Service Invalid
+      Address) for a v2 onion address. Fixes bug 40421; bugfix
+      on 0.4.6.2-alpha.
+
+  o Minor bugfixes (relay):
+    - Reduce the compression level for data streaming from HIGH to LOW
+      in order to reduce CPU load on the directory relays. Fixes bug
+      40301; bugfix on 0.3.5.1-alpha.
+
+  o Minor bugfixes (timekeeping):
+    - Calculate the time of day correctly on systems where the time_t
+      type includes leap seconds. (This is not the case on most
+      operating systems, but on those where it occurs, our tor_timegm
+      function did not correctly invert the system's gmtime function,
+      which could result in assertion failures when calculating voting
+      schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
+
+
 Changes in version 0.4.6.6 - 2021-06-30
   Tor 0.4.6.6 makes several small fixes on 0.4.6.5, including one that
   allows Tor to build correctly on older versions of GCC. You should

ReleaseNotes

@@ -2,6 +2,50 @@ This document summarizes new features and bugfixes in each stable
 release of Tor. If you want to see more detailed descriptions of the
 changes in each development snapshot, see the ChangeLog file.
 
+Changes in version 0.4.6.7 - 2021-08-16
+  This version fixes several bugs from earlier versions of Tor, including one
+  that could lead to a denial-of-service attack. Everyone running an earlier
+  version, whether as a client, a relay, or an onion service, should upgrade
+  to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
+
+  o Major bugfixes (cryptography, security):
+    - Resolve an assertion failure caused by a behavior mismatch between our
+      batch-signature verification code and our single-signature verification
+      code. This assertion failure could be triggered remotely, leading to a
+      denial of service attack. We fix this issue by disabling batch
+      verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
+      also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
+      Valence.
+
+  o Minor feature (fallbackdir):
+    - Regenerate fallback directories list. Close ticket 40447.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database,
+      as retrieved on 2021/08/12.
+
+  o Minor bugfix (crypto):
+    - Disable the unused batch verification feature of ed25519-donna. Fixes
+      bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence.
+
+  o Minor bugfixes (onion service):
+    - Send back the extended SOCKS error 0xF6 (Onion Service Invalid Address)
+      for a v2 onion address. Fixes bug 40421; bugfix on 0.4.6.2-alpha.
+
+  o Minor bugfixes (relay):
+    - Reduce the compression level for data streaming from HIGH to LOW in
+      order to reduce CPU load on the directory relays. Fixes bug 40301;
+      bugfix on 0.3.5.1-alpha.
+
+  o Minor bugfixes (timekeeping):
+    - Calculate the time of day correctly on systems where the time_t
+      type includes leap seconds. (This is not the case on most
+      operating systems, but on those where it occurs, our tor_timegm
+      function did not correctly invert the system's gmtime function,
+      which could result in assertion failures when calculating
+      voting schedules.)  Fixes bug 40383; bugfix on 0.2.0.3-alpha.
+
+
 Changes in version 0.4.6.6 - 2021-06-30
   Tor 0.4.6.6 makes several small fixes on 0.4.6.5, including one that
   allows Tor to build correctly on older versions of GCC. You should

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for tor 0.4.6.6.
+# Generated by GNU Autoconf 2.69 for tor 0.4.6.7.
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -577,8 +577,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='tor'
 PACKAGE_TARNAME='tor'
-PACKAGE_VERSION='0.4.6.6'
-PACKAGE_STRING='tor 0.4.6.6'
+PACKAGE_VERSION='0.4.6.7'
+PACKAGE_STRING='tor 0.4.6.7'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -1498,7 +1498,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures tor 0.4.6.6 to adapt to many kinds of systems.
+\`configure' configures tor 0.4.6.7 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1569,7 +1569,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of tor 0.4.6.6:";;
+     short | recursive ) echo "Configuration of tor 0.4.6.7:";;
    esac
   cat <<\_ACEOF
 
@@ -1796,7 +1796,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-tor configure 0.4.6.6
+tor configure 0.4.6.7
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2501,7 +2501,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by tor $as_me 0.4.6.6, which was
+It was created by tor $as_me 0.4.6.7, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2867,7 +2867,7 @@ _ACEOF
 # only shuts down for missing "required protocols" when those protocols
 # are listed as required by a consensus after this date.
 
-$as_echo "#define APPROX_RELEASE_DATE \"2021-06-30\"" >>confdefs.h
+$as_echo "#define APPROX_RELEASE_DATE \"2021-08-16\"" >>confdefs.h
 
 
 # "foreign" means we don't follow GNU package layout standards
@@ -3388,7 +3388,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='tor'
- VERSION='0.4.6.6'
+ VERSION='0.4.6.7'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -10040,6 +10040,7 @@ for ac_func in _NSGetEnviron \
 	strtoull \
 	sysconf \
 	sysctl \
+        timegm \
 	truncate \
 	uname \
 	usleep \
@@ -29877,7 +29878,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by tor $as_me 0.4.6.6, which was
+This file was extended by tor $as_me 0.4.6.7, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -29943,7 +29944,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-tor config.status 0.4.6.6
+tor config.status 0.4.6.7
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

configure.ac

@@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc.
 dnl See LICENSE for licensing information
 
 AC_PREREQ([2.63])
-AC_INIT([tor],[0.4.6.6])
+AC_INIT([tor],[0.4.6.7])
 AC_CONFIG_SRCDIR([src/app/main/tor_main.c])
 AC_CONFIG_MACRO_DIR([m4])
 
@@ -18,7 +18,7 @@ AC_DEFINE_UNQUOTED([CONFIG_FLAGS], ["$configure_flags"], [Flags passed to config
 # version number changes.  Tor uses it to make sure that it
 # only shuts down for missing "required protocols" when those protocols
 # are listed as required by a consensus after this date.
-AC_DEFINE(APPROX_RELEASE_DATE, ["2021-06-30"], # for 0.4.6.6
+AC_DEFINE(APPROX_RELEASE_DATE, ["2021-08-16"], # for 0.4.6.7
           [Approximate date when this software was released. (Updated when the version changes.)])
 
 # "foreign" means we don't follow GNU package layout standards
@@ -806,6 +806,7 @@ AC_CHECK_FUNCS(
 	strtoull \
 	sysconf \
 	sysctl \
+        timegm \
 	truncate \
 	uname \
 	usleep \

contrib/win32build/tor-mingw.nsi.in

@@ -8,7 +8,7 @@
 !include "LogicLib.nsh"
 !include "FileFunc.nsh"
 !insertmacro GetParameters
-!define VERSION "0.4.6.6"
+!define VERSION "0.4.6.7"
 !define INSTALLER "tor-${VERSION}-win32.exe"
 !define WEBSITE "https://www.torproject.org/"
 !define LICENSE "LICENSE"

orconfig.h.in

@@ -6,7 +6,7 @@
 /* All assert failures are fatal */
 #undef ALL_BUGS_ARE_FATAL
 
-/* # for 0.4.6.6 Approximate date when this software was released. (Updated
+/* # for 0.4.6.7 Approximate date when this software was released. (Updated
    when the version changes.) */
 #undef APPROX_RELEASE_DATE
 
@@ -603,6 +603,9 @@
 /* Define to 1 if you have the <sys/wait.h> header file. */
 #undef HAVE_SYS_WAIT_H
 
+/* Define to 1 if you have the `timegm' function. */
+#undef HAVE_TIMEGM
+
 /* Define to 1 if you have the <time.h> header file. */
 #undef HAVE_TIME_H