7 files changed, 141 insertions, 40 deletions

diff --git a/ChangeLog b/ChangeLog
index a0421ea3ac..55b02340fb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,52 @@
+Changes in version 0.4.8.11 - 2024-04-10
+  This is a minor release mostly to upgrade the fallbackdir list.
+  Directory authorities running this version will now automatically
+  reject relays running the end of life 0.4.7.x version.
+
+  o Minor features (directory authorities):
+    - Reject 0.4.7.x series at the authority level. Closes ticket 40896.
+    - New IP address and keys for tor26.
+    - Allow BandwidthFiles "node_id" KeyValue without the dollar sign at
+      the start of the hexdigit, in order to easier database queries
+      combining Tor documents in which the relays fingerprint does not
+      include it. Fixes bug 40891; bugfix on 0.4.7 (all supported
+      versions of Tor).
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on April 10, 2024.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2024/04/10.
+
+  o Minor bugfixes (directory authorities):
+    - Add a warning when publishing a vote or signatures to another
+      directory authority fails. Fixes bug 40910; bugfix on 0.2.0.3-alpha.
+
+
+Changes in version 0.4.8.10 - 2023-12-08
+  This is a security release fixing a high severity bug (TROVE-2023-007)
+  affecting Exit relays supporting Conflux. We strongly recommend to update as
+  soon as possible.
+
+  o Major bugfixes (TROVE-2023-007, exit):
+    - Improper error propagation from a safety check in conflux leg
+      linking led to a desynchronization of which legs were part of a
+      conflux set, ultimately causing a UAF and NULL pointer dereference
+      crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on December 08, 2023.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2023/12/08.
+
+  o Minor bugfixes (bridges, statistics):
+    - Correctly report statistics for client count over pluggable
+      transports. Fixes bug 40871; bugfix on 0.4.8.4.
+
+
 Changes in version 0.4.8.9 - 2023-11-09
   This is another security release fixing a high severity bug affecting onion
   services which is tracked by TROVE-2023-006. We are also releasing a guard
diff --git a/ReleaseNotes b/ReleaseNotes
index 362e687306..151236620d 100644
--- a/ReleaseNotes
+++ b/ReleaseNotes
@@ -2,6 +2,55 @@ This document summarizes new features and bugfixes in each stable
 release of Tor. If you want to see more detailed descriptions of the
 changes in each development snapshot, see the ChangeLog file.
 
+Changes in version 0.4.8.11 - 2024-04-10
+  This is a minor release mostly to upgrade the fallbackdir list.
+  Directory authorities running this version will now automatically
+  reject relays running the end of life 0.4.7.x version.
+
+  o Minor features (directory authorities):
+    - Reject 0.4.7.x series at the authority level. Closes ticket 40896.
+    - New IP address and keys for tor26.
+    - Allow BandwidthFiles "node_id" KeyValue without the dollar sign at
+      the start of the hexdigit, in order to easier database queries
+      combining Tor documents in which the relays fingerprint does not
+      include it. Fixes bug 40891; bugfix on 0.4.7 (all supported
+      versions of Tor).
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on April 10, 2024.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2024/04/10.
+
+  o Minor bugfixes (directory authorities):
+    - Add a warning when publishing a vote or signatures to another
+      directory authority fails. Fixes bug 40910; bugfix on 0.2.0.3-alpha.
+
+
+Changes in version 0.4.8.10 - 2023-12-08
+  This is a security release fixing a high severity bug (TROVE-2023-007)
+  affecting Exit relays supporting Conflux. We strongly recommend to update as
+  soon as possible.
+
+  o Major bugfixes (TROVE-2023-007, exit):
+    - Improper error propagation from a safety check in conflux leg
+      linking led to a desynchronization of which legs were part of a
+      conflux set, ultimately causing a UAF and NULL pointer dereference
+      crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha.
+
+  o Minor features (fallbackdir):
+    - Regenerate fallback directories generated on December 08, 2023.
+
+  o Minor features (geoip data):
+    - Update the geoip files to match the IPFire Location Database, as
+      retrieved on 2023/12/08.
+
+  o Minor bugfixes (bridges, statistics):
+    - Correctly report statistics for client count over pluggable
+      transports. Fixes bug 40871; bugfix on 0.4.8.4.
+
+
 Changes in version 0.4.8.9 - 2023-11-09
   This is another security release fixing a high severity bug affecting onion
   services which is tracked by TROVE-2023-006. We are also releasing a guard
diff --git a/changes/ticket40932 b/changes/ticket40932
new file mode 100644
index 0000000000..10e1b651c4
--- /dev/null
+++ b/changes/ticket40932
@@ -0,0 +1,3 @@
+  o Minor bugfix (circuit):
+    - Remove a log_warn being triggered by a protocol violation that already
+      emits a protocol warning log. Fixes bug 40932; bugfix on 0.4.8.1-alpha.
diff --git a/m4/ax_check_compile_flag.m4 b/m4/ax_check_compile_flag.m4
index 95df39679e..68fd43d5dd 100644
--- a/m4/ax_check_compile_flag.m4
+++ b/m4/ax_check_compile_flag.m4
@@ -1,43 +1,45 @@
- #   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
- #   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
- #
- #   This program is free software: you can redistribute it and/or modify it
- #   under the terms of the GNU General Public License as published by the
- #   Free Software Foundation, either version 3 of the License, or (at your
- #   option) any later version.
- #
- #   This program is distributed in the hope that it will be useful, but
- #   WITHOUT ANY WARRANTY; without even the implied warranty of
- #   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
- #   Public License for more details.
- #
- #   You should have received a copy of the GNU General Public License along
- #   with this program. If not, see <https://www.gnu.org/licenses/>.
- #
- #   As a special exception, the respective Autoconf Macro's copyright owner
- #   gives unlimited permission to copy, distribute and modify the configure
- #   scripts that are the output of Autoconf when processing the Macro. You
- #   need not follow the terms of the GNU General Public License when using
- #   or distributing such scripts, even though portions of the text of the
- #   Macro appear in them. The GNU General Public License (GPL) does govern
- #   all other use of the material that constitutes the Autoconf Macro.
- #
- #   This special exception to the GPL applies to versions of the Autoconf
- #   Macro released by the Autoconf Archive. When you make and distribute a
- #   modified version of the Autoconf Macro, you may extend this special
- #   exception to the GPL to apply to your modified version as well.
- #   Copying and distribution of this file, with or without modification, are
- #   permitted in any medium without royalty provided the copyright notice
- #   and this notice are preserved.  This file is offered as-is, without any
- #   warranty.
+# ===========================================================================
+#  https://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
+#
+# DESCRIPTION
+#
+#   Check whether the given FLAG works with the current language's compiler
+#   or gives an error.  (Warnings, however, are ignored)
+#
+#   ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+#   success/failure.
+#
+#   If EXTRA-FLAGS is defined, it is added to the current language's default
+#   flags (e.g. CFLAGS) when the check is done.  The check is thus made with
+#   the flags: "CFLAGS EXTRA-FLAGS FLAG".  This can for example be used to
+#   force the compiler to issue an error when a bad flag is given.
+#
+#   INPUT gives an alternative input source to AC_COMPILE_IFELSE.
+#
+#   NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
+#   macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+#   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+#   Copying and distribution of this file, with or without modification, are
+#   permitted in any medium without royalty provided the copyright notice
+#   and this notice are preserved.  This file is offered as-is, without any
+#   warranty.
 
- #serial 5
- #serial 6
+#serial 7
 
- AC_DEFUN([AX_CHECK_COMPILE_FLAG],
- [AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF
+AC_DEFUN([AX_CHECK_COMPILE_FLAG],
+[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF
 AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
-AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
+AC_CACHE_CHECK([whether the _AC_LANG compiler accepts $1], CACHEVAR, [
   ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
   _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
   AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
diff --git a/src/core/or/conflux_params.c b/src/core/or/conflux_params.c
index 65728032f9..b6109625ac 100644
--- a/src/core/or/conflux_params.c
+++ b/src/core/or/conflux_params.c
@@ -178,7 +178,7 @@ conflux_is_enabled(const circuit_t *circ)
         log_warn(LD_GENERAL,
                  "This tor is a relay and ConfluxEnabled is set to 0. "
                  "We would ask you to please write to us on "
-                 "tor-relay@lists.torproject.org or file a bug explaining "
+                 "tor-relays@lists.torproject.org or file a bug explaining "
                  "why you have disabled this option. Without news from you, "
                  "we might end up marking your relay as a BadExit.");
         tor_free(msg);
diff --git a/src/core/or/relay.c b/src/core/or/relay.c
index 5841a56ffa..f7d200c18d 100644
--- a/src/core/or/relay.c
+++ b/src/core/or/relay.c
@@ -751,7 +751,6 @@ relay_send_command_from_edge_,(streamid_t stream_id, circuit_t *orig_circ,
                                        cpath_layer, stream_id, filename,
                                        lineno);
   if (ret < 0) {
-    log_warn(LD_BUG,"circuit_package_relay_cell failed. Closing.");
     circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);
     return -1;
   } else if (ret == 0) {
diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c
index 02b5b4866b..e799a4c7e4 100644
--- a/src/feature/hs/hs_intropoint.c
+++ b/src/feature/hs/hs_intropoint.c
@@ -710,7 +710,6 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request,
                                    RELAY_COMMAND_INTRODUCE2,
                                    (char *) request, request_len, NULL)) {
     relay_increment_intro1_action(INTRO1_CIRCUIT_DEAD);
-    log_warn(LD_PROTOCOL, "Unable to send INTRODUCE2 cell to the service.");
     /* Inform the client that we can't relay the cell. Use the unknown ID
      * status code since it means that we do not know the service. */
     status = TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID;