upgrade Tor to v0.4.6.8

ChangeLog

@@ -1,3 +1,62 @@
+Changes in version 0.4.6.8 - 2021-10-26
+  This version fixes several bugs from earlier versions of Tor. One
+  highlight is a fix on how we track DNS timeouts to report general
+  relay overload.
+
+  o Major bugfixes (relay, overload state):
+    - Relays report the general overload state for DNS timeout errors
+      only if X% of all DNS queries over Y seconds are errors. Before
+      that, it only took 1 timeout to report the overload state which
+      was just too low of a threshold. The X and Y values are 1% and 10
+      minutes respectively but they are also controlled by consensus
+      parameters. Fixes bug 40491; bugfix on 0.4.6.1-alpha.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories for October 2021. Closes
+      ticket 40493.
+
+  o Minor features (testing):
+    - On a testing network, relays can now use the
+      TestingMinTimeToReportBandwidth option to change the smallest
+      amount of time over which they're willing to report their observed
+      maximum bandwidth. Previously, this was fixed at 1 day. For
+      safety, values under 2 hours are only supported on testing
+      networks. Part of a fix for ticket 40337.
+    - Relays on testing networks no longer rate-limit how frequently
+      they are willing to report new bandwidth measurements. Part of a
+      fix for ticket 40337.
+    - Relays on testing networks now report their observed bandwidths
+      immediately from startup. Previously, they waited until they had
+      been running for a full day. Closes ticket 40337.
+
+  o Minor bugfix (onion service):
+    - Do not flag an HSDir as non-running in case the descriptor upload
+      or fetch fails. An onion service closes pending directory
+      connections before uploading a new descriptor which can thus lead
+      to wrongly flagging many relays and thus affecting circuit building
+      path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha.
+    - Improve logging when a bad HS version is given. Fixes bug 40476;
+      bugfix on 0.4.6.1-alpha.
+
+  o Minor bugfix (CI, onion service):
+    - Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500;
+      bugfix on 0.3.2.1-alpha.
+
+  o Minor bugfixes (compatibility):
+    - Fix compatibility with the most recent Libevent versions, which no
+      longer have an evdns_set_random_bytes() function. Because this
+      function has been a no-op since Libevent 2.0.4-alpha, it is safe
+      for us to just stop calling it. Fixes bug 40371; bugfix
+      on 0.2.1.7-alpha.
+
+  o Minor bugfixes (onion service, TROVE-2021-008):
+    - Only log v2 access attempts once total, in order to not pollute
+      the logs with warnings and to avoid recording the times on disk
+      when v2 access was attempted. Note that the onion address was
+      _never_ logged. This counts as a Low-severity security issue.
+      Fixes bug 40474; bugfix on 0.4.5.8.
+
+
 Changes in version 0.4.6.7 - 2021-08-16
   This version fixes several bugs from earlier versions of Tor,
   including one that could lead to a denial-of-service attack. Everyone

Makefile.in

@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.16.2 from Makefile.am.
+# Makefile.in generated by automake 1.16.4 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2020 Free Software Foundation, Inc.
+# Copyright (C) 1994-2021 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -4488,9 +4488,6 @@ am__define_uniq_tagged_files = \
   unique=`for i in $$list; do \
     if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
   done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-CSCOPE = cscope
 AM_RECURSIVE_TARGETS = cscope check recheck
 am__tty_colors_dummy = \
   mgn= red= grn= lgn= blu= brg= std=; \
@@ -4647,6 +4644,7 @@ am__set_TESTS_bases = \
   bases='$(TEST_LOGS)'; \
   bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
   bases=`echo $$bases`
+AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)'
 RECHECK_LOGS = $(TEST_LOGS)
 TEST_SUITE_LOG = test-suite.log
 TEST_EXTENSIONS = @EXEEXT@ .test
@@ -4768,6 +4766,8 @@ am__post_remove_distdir = $(am__remove_distdir)
 DIST_ARCHIVES = $(distdir).tar.gz
 GZIP_ENV = --best
 DIST_TARGETS = dist-gzip
+# Exists only to be overridden by the user if desired.
+AM_DISTCHECK_DVI_TARGET = dvi
 distuninstallcheck_listfiles = find . -type f -print
 am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
   | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
@@ -4794,6 +4794,8 @@ CFLAGS_CONSTTIME = @CFLAGS_CONSTTIME@
 CONFDIR = @CONFDIR@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CSCOPE = @CSCOPE@
+CTAGS = @CTAGS@
 CURVE25519_LIBS = @CURVE25519_LIBS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
@@ -4804,6 +4806,7 @@ ECHO_C = @ECHO_C@
 ECHO_N = @ECHO_N@
 ECHO_T = @ECHO_T@
 EGREP = @EGREP@
+ETAGS = @ETAGS@
 EXEEXT = @EXEEXT@
 F_OMIT_FRAME_POINTER = @F_OMIT_FRAME_POINTER@
 GREP = @GREP@
@@ -21859,7 +21862,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
 	  test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG);		\
 	fi;								\
 	echo "$${col}$$br$${std}"; 					\
-	echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}";	\
+	echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}";	\
 	echo "$${col}$$br$${std}"; 					\
 	create_testsuite_report --maybe-color;				\
 	echo "$$col$$br$$std";						\
@@ -22145,7 +22148,6 @@ scripts/maint/checkSpaceTest.sh.log: scripts/maint/checkSpaceTest.sh
 @am__EXEEXT_TRUE@	--log-file $$b.log --trs-file $$b.trs \
 @am__EXEEXT_TRUE@	$(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
 @am__EXEEXT_TRUE@	"$$tst" $(AM_TESTS_FD_REDIRECT)
-
 distdir: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) distdir-am
 
@@ -22267,7 +22269,7 @@ distcheck: dist
 	    $(DISTCHECK_CONFIGURE_FLAGS) \
 	    --srcdir=../.. --prefix="$$dc_install_base" \
 	  && $(MAKE) $(AM_MAKEFLAGS) \
-	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) $(AM_DISTCHECK_DVI_TARGET) \
 	  && $(MAKE) $(AM_MAKEFLAGS) check \
 	  && $(MAKE) $(AM_MAKEFLAGS) install \
 	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \

README

@@ -0,0 +1,31 @@
+Tor protects your privacy on the internet by hiding the connection
+between your Internet address and the services you use. We believe Tor
+is reasonably secure, but please ensure you read the instructions and
+configure it properly.
+
+To build Tor from source:
+        ./configure && make && make install
+
+To build Tor from a just-cloned git repository:
+        sh autogen.sh && ./configure && make && make install
+
+Home page:
+        https://www.torproject.org/
+
+Download new versions:
+        https://www.torproject.org/download/download.html
+
+Documentation, including links to installation and setup instructions:
+        https://www.torproject.org/docs/documentation.html
+
+Making applications work with Tor:
+        https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorifyHOWTO
+
+Frequently Asked Questions:
+        https://www.torproject.org/docs/faq.html
+
+Release timeline:
+        https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/CoreTorReleases
+
+To get started working on Tor development:
+        See the doc/HACKING directory.

ReleaseNotes

@@ -2,6 +2,65 @@ This document summarizes new features and bugfixes in each stable
 release of Tor. If you want to see more detailed descriptions of the
 changes in each development snapshot, see the ChangeLog file.
 
+Changes in version 0.4.6.8 - 2021-10-26
+  This version fixes several bugs from earlier versions of Tor. One
+  highlight is a fix on how we track DNS timeouts to report general
+  relay overload.
+
+  o Major bugfixes (relay, overload state):
+    - Relays report the general overload state for DNS timeout errors
+      only if X% of all DNS queries over Y seconds are errors. Before
+      that, it only took 1 timeout to report the overload state which
+      was just too low of a threshold. The X and Y values are 1% and 10
+      minutes respectively but they are also controlled by consensus
+      parameters. Fixes bug 40491; bugfix on 0.4.6.1-alpha.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories for October 2021. Closes
+      ticket 40493.
+
+  o Minor features (testing):
+    - On a testing network, relays can now use the
+      TestingMinTimeToReportBandwidth option to change the smallest
+      amount of time over which they're willing to report their observed
+      maximum bandwidth. Previously, this was fixed at 1 day. For
+      safety, values under 2 hours are only supported on testing
+      networks. Part of a fix for ticket 40337.
+    - Relays on testing networks no longer rate-limit how frequently
+      they are willing to report new bandwidth measurements. Part of a
+      fix for ticket 40337.
+    - Relays on testing networks now report their observed bandwidths
+      immediately from startup. Previously, they waited until they had
+      been running for a full day. Closes ticket 40337.
+
+  o Minor bugfix (onion service):
+    - Do not flag an HSDir as non-running in case the descriptor upload
+      or fetch fails. An onion service closes pending directory
+      connections before uploading a new descriptor which can thus lead
+      to wrongly flagging many relays and thus affecting circuit building
+      path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha.
+    - Improve logging when a bad HS version is given. Fixes bug 40476;
+      bugfix on 0.4.6.1-alpha.
+
+  o Minor bugfix (CI, onion service):
+    - Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500;
+      bugfix on 0.3.2.1-alpha.
+
+  o Minor bugfixes (compatibility):
+    - Fix compatibility with the most recent Libevent versions, which no
+      longer have an evdns_set_random_bytes() function. Because this
+      function has been a no-op since Libevent 2.0.4-alpha, it is safe
+      for us to just stop calling it. Fixes bug 40371; bugfix
+      on 0.2.1.7-alpha.
+
+  o Minor bugfixes (onion service, TROVE-2021-008):
+    - Only log v2 access attempts once total, in order to not pollute
+      the logs with warnings and to avoid recording the times on disk
+      when v2 access was attempted. Note that the onion address was
+      _never_ logged. This counts as a Low-severity security issue.
+      Fixes bug 40474; bugfix on 0.4.5.8.
+
+
 Changes in version 0.4.6.7 - 2021-08-16
   This version fixes several bugs from earlier versions of Tor, including one
   that could lead to a denial-of-service attack. Everyone running an earlier