This update for tor fixes the following issues:

- update to 0.4.8.23:
  * Fix a memory compare using the wrong length. This could lead to
    a remote crash when using the conflux subsystem
    (TROVE-2026-004, boo#1262302)
  * Fix a series of defense in depth security issues found across
    the codebase
  * Regenerate fallback directories generated on March 25, 2026.
  * Update the geoip files to match the IPFire Location Database,
    as retrieved on 2026/03/25.
- includes changes from 0.4.8.22: 
  * Avoid an out-of-bounds read error that could occur with
    V1-formatted EXTEND cells
    (TROVE-2025-016, boo#1262301)
  * Allow old clients to fetch the consensus even if they use
    version 0 of the SENDME protocol
  * Do not check for compression bombs for buffers smaller than
    5MB (increased from 64 KB)
  * Improvements to directory server statistics

- update to 0.4.8.21:
  * This release is a continuation of the previous one and
    addresses additional Conflux-related issues identified through
    further testing and feedback from relay operators. We strongly
    recommend upgrading as soon as possible.
  * Major bugfixes (conflux, exit):
    - When dequeuing out-of-order conflux cells, the circuit
    could be close in between two dequeue which could lead to a
    mishandling of a NULL pointer. Fixes bug 41162;
  * Add -mbranch-protection=standard for arm64.
  * Regenerate fallback directories generated on November
  * Update the geoip files to match the IPFire Location
    Database, as retrieved on 2025/11/17.
  * Fix a bug causing the initial tor process to hang
    intead of exiting with RunAsDaemon, when pluggable transports
    are used.

- 0.4.8.20
  * Add a new hardening compiler flag -fcf-protection=full
  * Fix the root cause of some conflux fragile asserts
  * Fix a series of conflux edge cases

- 0.4.8.19
  * Fix some clients not being able to connect to LibreSSL relays
  * Improve stream flow control performance