New releases: Tor 0.4.2.6 and 0.4.1.8
We have two new stable releases today. If you build Tor from source, you can download the source code for 0.4.2.6 from the download page on our website. Packages should be available within the next several weeks, with a new Tor Browser by mid-February.
We've also put out an update for our older stable 0.4.1.x series: 0.4.1.8 (changelog), which you can download at dist.torproject.org. Note that the currently supported release series are now 0.3.5.x (LTS), 0.4.1.x, 0.4.2.x, and 0.4.3.x (in alpha). The 0.2.9.x series became unsupported on January 1, and support for 0.4.0.x will end on February 2.
This is the second stable release in the 0.4.2.x series. It backports several bugfixes from 0.4.3.1-alpha, including some that had affected the Linux seccomp2 sandbox or Windows services. If you're running with one of those configurations, you'll probably want to upgrade; otherwise, you should be fine with 0.4.2.5.
Changes in version 0.4.2.6 - 2020-01-30
- Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha):
- Correct how we use libseccomp. Particularly, stop assuming that rules are applied in a particular order or that more rules are processed after the first match. Neither is the case! In libseccomp <2.4.0 this led to some rules having no effect. libseccomp 2.4.0 changed how rules are generated, leading to a different ordering, which in turn led to a fatal crash during startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by Peter Gerber.
- Fix crash when reloading logging configuration while the experimental sandbox is enabled. Fixes bug 32841; bugfix on 0.4.1.7. Patch by Peter Gerber.
- Minor bugfixes (correctness checks, backport from 0.4.3.1-alpha):
- Use GCC/Clang's printf-checking feature to make sure that tor_assertf() arguments are correctly typed. Fixes bug 32765; bugfix on 0.4.1.1-alpha.
- Minor bugfixes (logging, crash, backport from 0.4.3.1-alpha):
- Avoid a possible crash when trying to log a (fatal) assertion failure about mismatched magic numbers in configuration objects. Fixes bug 32771; bugfix on 0.4.2.1-alpha.
- Minor bugfixes (testing, backport from 0.4.3.1-alpha):
- Minor bugfixes (windows service, backport from 0.4.3.1-alpha):
- Initialize the publish/subscribe system when running as a windows service. Fixes bug 32778; bugfix on 0.4.1.1-alpha.
- Testing (backport from 0.4.3.1-alpha):
- Turn off Tor's Sandbox in Chutney jobs, and run those jobs on Ubuntu Bionic. Turning off the Sandbox is a work-around, until we fix the sandbox errors in 32722. Closes ticket 32240.
- Re-enable the Travis CI macOS Chutney build, but don't let it prevent the Travis job from finishing. (The Travis macOS jobs are slow, so we don't want to have it delay the whole CI process.) Closes ticket 32629.
- Testing (continuous integration, backport from 0.4.3.1-alpha):
- Use zstd in our Travis Linux builds. Closes ticket 32242.