Bump to tor 0.4.8.12

[bitmold]

https://forum.torproject.org/t/stable-release-0-4-8-12/13060 https://gitlab.torproject.org/tpo/core/tor/-/tags/tor-0.4.8.12

Changes in version 0.4.8.12 - 2024-06-06 This is a minor release with couple bugfixes affecting conflux and logging. We also have the return of faravahar directory authority with new keys and address.

o Minor feature (dirauth):

• Add back faravahar with a new address and new keys. Closes 40689.

  o Minor features (fallbackdir):

• Regenerate fallback directories generated on June 06, 2024.

  o Minor features (geoip data):

• Update the geoip files to match the IPFire Location Database, as retrieved on 2024/06/06.

  o Minor bugfix (circuit):

• Remove a log_warn being triggered by a protocol violation that already emits a protocol warning log. Fixes bug 40932; bugfix on 0.4.8.1-alpha.

  o Minor bugfixes (conflux):

• Avoid a potential hard assert (crash) when sending a cell on a Conflux set. Fixes bug 40921; bugfix on 0.4.8.1-alpha.
• Make sure we don't process a closed circuit when packaging data. This lead to a non fatal BUG() spamming logs. Fixes bug 40908; bugfix on 0.4.8.1-alpha.

[bitmold]

@uniqx could you please rebase the tor fork and then I prep tor-android for a new release.

[bitmold]

I just upgraded us to the new openssl-3.0.14 which is addresses a few CVEs and is what the newest Tor Browser is using alongside tor v0.4.8.12:

Fixed potential use after free after SSL_free_buffers() is called ([CVE-2024-4741]) Fixed an issue where checking excessively long DSA keys or parameters may be very slow ([CVE-2024-4603]) Fixed unbounded memory growth with session handling in TLSv1.3 ([CVE-2024-2511])