forward-port the 0.4.8.x change stanzas

somehow our release process is not moving these into git main

2 files changed, 296 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 3669a5c39f..632cd8a751 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,151 @@
+Changes in version 0.4.8.9 - 2023-11-09
+  This is another security release fixing a high severity bug affecting onion
+  services which is tracked by TROVE-2023-006. We are also releasing a guard
+  major bugfix as well. If you are an onion service operator, we strongly
+  recommend to update as soon as possible.
+
+  o Major bugfixes (guard usage):
+    - When Tor excluded a guard due to temporary circuit restrictions,
+      it considered *additional* primary guards for potential usage by
+      that circuit. This could result in more than the specified number
+      of guards (currently 2) being used, long-term, by the tor client.
+      This could happen when a Guard was also selected as an Exit node,
+      but it was exacerbated by the Conflux guard restrictions. Both
+      instances have been fixed. Fixes bug 40876; bugfix
+      on 0.3.0.1-alpha.
+
+  o Major bugfixes (onion service, TROVE-2023-006):
+    - Fix a possible hard assert on a NULL pointer when recording a
+      failed rendezvous circuit on the service side for the MetricsPort.
+      Fixes bug 40883; bugfix on 0.4.8.1-alpha
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on November 09, 2023.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2023/11/09.
+
+
+Changes in version 0.4.8.8 - 2023-11-03
+  We are releasing today a fix for a high security issue, TROVE-2023-004, that
+  is affecting relays. Also a few minor bugfixes detailed below. Please upgrade
+  as soon as posssible.
+
+  o Major bugfixes (TROVE-2023-004, relay):
+    - Mitigate an issue when Tor compiled with OpenSSL can crash during
+      handshake with a remote relay. Fixes bug 40874; bugfix
+      on 0.2.7.2-alpha.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on November 03, 2023.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2023/11/03.
+
+  o Minor bugfixes (directory authority):
+    - Look at the network parameter "maxunmeasuredbw" with the correct
+      spelling. Fixes bug 40869; bugfix on 0.4.6.1-alpha.
+
+  o Minor bugfixes (vanguards addon support):
+    - Count the conflux linked cell as valid when it is successfully
+      processed. This will quiet a spurious warn in the vanguards addon.
+      Fixes bug 40878; bugfix on 0.4.8.1-alpha.
+
+
+Changes in version 0.4.8.7 - 2023-09-25
+  This version fixes a single major bug in the Conflux subsystem on the client
+  side. See below for more information. The upcoming Tor Browser 13 stable will
+  pick this up.
+
+  o Major bugfixes (conflux):
+    - Fix an issue that prevented us from pre-building more conflux sets
+      after existing sets had been used. Fixes bug 40862; bugfix
+      on 0.4.8.1-alpha.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on September 25, 2023.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2023/09/25.
+
+
+Changes in version 0.4.8.6 - 2023-09-18
+  This version contains an important fix for onion service regarding congestion
+  control and its reliability. Apart from that, uneeded BUG warnings have been
+  suppressed especially about a compression bomb seen on relays. We strongly
+  recommend, in particular onion service operators, to upgrade as soon as
+  possible to this latest stable.
+
+  o Major bugfixes (onion service):
+    - Fix a reliability issue where services were expiring their
+      introduction points every consensus update. This caused
+      connectivity issues for clients caching the old descriptor and
+      intro points. Bug reported and fixed by gitlab user
+      @hyunsoo.kim676. Fixes bug 40858; bugfix on 0.4.7.5-alpha.
+
+  o Minor features (debugging, compression):
+    - Log the input and output buffer sizes when we detect a potential
+      compression bomb. Diagnostic for ticket 40739.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on September 18, 2023.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2023/09/18.
+
+  o Minor bugfix (defensive programming):
+    - Disable multiple BUG warnings of a missing relay identity key when
+      starting an instance of Tor compiled without relay support. Fixes
+      bug 40848; bugfix on 0.4.3.1-alpha.
+
+  o Minor bugfixes (bridge authority):
+    - When reporting a pseudo-networkstatus as a bridge authority, or
+      answering "ns/purpose/*" controller requests, include accurate
+      published-on dates from our list of router descriptors. Fixes bug
+      40855; bugfix on 0.4.8.1-alpha.
+
+  o Minor bugfixes (compression, zstd):
+    - Use less frightening language and lower the log-level of our run-
+      time ABI compatibility check message in our Zstd compression
+      subsystem. Fixes bug 40815; bugfix on 0.4.3.1-alpha.
+
+
+Changes in version 0.4.8.5 - 2023-08-30
+  Quick second release after the first stable few days ago fixing minor
+  annoying bugfixes creating log BUG stacktrace. We also fix BSD compilation
+  failures and PoW unit test.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on August 30, 2023.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2023/08/30.
+
+  o Minor bugfix (NetBSD, compilation):
+    - Fix compilation issue on NetBSD by avoiding an unnecessary
+      dependency on "huge" page mappings in Equi-X. Fixes bug 40843;
+      bugfix on 0.4.8.1-alpha.
+
+  o Minor bugfix (NetBSD, testing):
+    - Fix test failures in "crypto/hashx" and "slow/crypto/equix" on
+      x86_64 and aarch64 NetBSD hosts, by adding support for
+      PROT_MPROTECT() flags. Fixes bug 40844; bugfix on 0.4.8.1-alpha.
+
+  o Minor bugfixes (conflux):
+    - Demote a relay-side warn about too many legs to ProtocolWarn, as
+      there are conditions that it can briefly happen during set
+      construction. Also add additional set logging details for all
+      error cases. Fixes bug 40841; bugfix on 0.4.8.1-alpha.
+    - Prevent non-fatal assert stacktrace caused by using conflux sets
+      during their teardown process. Fixes bug 40842; bugfix
+      on 0.4.8.1-alpha.
+
+
 Changes in version 0.4.8.4 - 2023-08-23
   Finally, this is the very first stable release of the 0.4.8.x series making
   Proof-of-Work (prop#327) and Conflux (prop#329) available to the entire
diff --git a/ReleaseNotes b/ReleaseNotes
index 3504ec179c..168915b8a5 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -2,6 +2,154 @@ This document summarizes new features and bugfixes in each stable
 release of Tor. If you want to see more detailed descriptions of the
 changes in each development snapshot, see the ChangeLog file.
 
+Changes in version 0.4.8.9 - 2023-11-09
+  This is another security release fixing a high severity bug affecting onion
+  services which is tracked by TROVE-2023-006. We are also releasing a guard
+  major bugfix as well. If you are an onion service operator, we strongly
+  recommend to update as soon as possible.
+
+  o Major bugfixes (guard usage):
+    - When Tor excluded a guard due to temporary circuit restrictions,
+      it considered *additional* primary guards for potential usage by
+      that circuit. This could result in more than the specified number
+      of guards (currently 2) being used, long-term, by the tor client.
+      This could happen when a Guard was also selected as an Exit node,
+      but it was exacerbated by the Conflux guard restrictions. Both
+      instances have been fixed. Fixes bug 40876; bugfix
+      on 0.3.0.1-alpha.
+
+  o Major bugfixes (onion service, TROVE-2023-006):
+    - Fix a possible hard assert on a NULL pointer when recording a
+      failed rendezvous circuit on the service side for the MetricsPort.
+      Fixes bug 40883; bugfix on 0.4.8.1-alpha
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on November 09, 2023.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2023/11/09.
+
+
+Changes in version 0.4.8.8 - 2023-11-03
+  We are releasing today a fix for a high security issue, TROVE-2023-004, that
+  is affecting relays. Also a few minor bugfixes detailed below. Please upgrade
+  as soon as posssible.
+
+  o Major bugfixes (TROVE-2023-004, relay):
+    - Mitigate an issue when Tor compiled with OpenSSL can crash during
+      handshake with a remote relay. Fixes bug 40874; bugfix
+      on 0.2.7.2-alpha.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on November 03, 2023.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2023/11/03.
+
+  o Minor bugfixes (directory authority):
+    - Look at the network parameter "maxunmeasuredbw" with the correct
+      spelling. Fixes bug 40869; bugfix on 0.4.6.1-alpha.
+
+  o Minor bugfixes (vanguards addon support):
+    - Count the conflux linked cell as valid when it is successfully
+      processed. This will quiet a spurious warn in the vanguards addon.
+      Fixes bug 40878; bugfix on 0.4.8.1-alpha.
+
+
+Changes in version 0.4.8.7 - 2023-09-25
+  This version fixes a single major bug in the Conflux subsystem on the client
+  side. See below for more information. The upcoming Tor Browser 13 stable will
+  pick this up.
+
+  o Major bugfixes (conflux):
+    - Fix an issue that prevented us from pre-building more conflux sets
+      after existing sets had been used. Fixes bug 40862; bugfix
+      on 0.4.8.1-alpha.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on September 25, 2023.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2023/09/25.
+
+
+Changes in version 0.4.8.6 - 2023-09-18
+  This version contains an important fix for onion service regarding congestion
+  control and its reliability. Apart from that, uneeded BUG warnings have been
+  suppressed especially about a compression bomb seen on relays. We strongly
+  recommend, in particular onion service operators, to upgrade as soon as
+  possible to this latest stable.
+
+  o Major bugfixes (onion service):
+    - Fix a reliability issue where services were expiring their
+      introduction points every consensus update. This caused
+      connectivity issues for clients caching the old descriptor and
+      intro points. Bug reported and fixed by gitlab user
+      @hyunsoo.kim676. Fixes bug 40858; bugfix on 0.4.7.5-alpha.
+
+  o Minor features (debugging, compression):
+    - Log the input and output buffer sizes when we detect a potential
+      compression bomb. Diagnostic for ticket 40739.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on September 18, 2023.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2023/09/18.
+
+  o Minor bugfix (defensive programming):
+    - Disable multiple BUG warnings of a missing relay identity key when
+      starting an instance of Tor compiled without relay support. Fixes
+      bug 40848; bugfix on 0.4.3.1-alpha.
+
+  o Minor bugfixes (bridge authority):
+    - When reporting a pseudo-networkstatus as a bridge authority, or
+      answering "ns/purpose/*" controller requests, include accurate
+      published-on dates from our list of router descriptors. Fixes bug
+      40855; bugfix on 0.4.8.1-alpha.
+
+  o Minor bugfixes (compression, zstd):
+    - Use less frightening language and lower the log-level of our run-
+      time ABI compatibility check message in our Zstd compression
+      subsystem. Fixes bug 40815; bugfix on 0.4.3.1-alpha.
+
+
+Changes in version 0.4.8.5 - 2023-08-30
+  Quick second release after the first stable few days ago fixing minor
+  annoying bugfixes creating log BUG stacktrace. We also fix BSD compilation
+  failures and PoW unit test.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on August 30, 2023.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2023/08/30.
+
+  o Minor bugfix (NetBSD, compilation):
+    - Fix compilation issue on NetBSD by avoiding an unnecessary
+      dependency on "huge" page mappings in Equi-X. Fixes bug 40843;
+      bugfix on 0.4.8.1-alpha.
+
+  o Minor bugfix (NetBSD, testing):
+    - Fix test failures in "crypto/hashx" and "slow/crypto/equix" on
+      x86_64 and aarch64 NetBSD hosts, by adding support for
+      PROT_MPROTECT() flags. Fixes bug 40844; bugfix on 0.4.8.1-alpha.
+
+  o Minor bugfixes (conflux):
+    - Demote a relay-side warn about too many legs to ProtocolWarn, as
+      there are conditions that it can briefly happen during set
+      construction. Also add additional set logging details for all
+      error cases. Fixes bug 40841; bugfix on 0.4.8.1-alpha.
+    - Prevent non-fatal assert stacktrace caused by using conflux sets
+      during their teardown process. Fixes bug 40842; bugfix
+      on 0.4.8.1-alpha.
+
+
 Changes in version 0.4.8.4 - 2023-08-23
   Finally, this is the very first stable release of the 0.4.8.x series making,
   among other features, Proof-of-Work (prop#327) and Conflux (prop#329)