This update for tor fixes the following issues:

- Update to 0.4.9.9
  * Major bugfixes (compression, security):
    - Fix a compression bomb bypass where an attacker could concatenate
      many gzip or zlib sub-streams, each just under the per-stream
      detection threshold, to avoid the compression bomb check entirely.
      TROVE-2026-022. Fixes bug 41275; bugfix on 0.3.1.1-alpha.
    - Fix an infinite loop when decompressing a truncated zlib/gzip
      stream with done=1. A truncated stream never reaches Z_STREAM_END,
      causing zlib to return Z_BUF_ERROR with no input remaining, which
      buf_add_compress() mistook for a full output buffer and retried
      forever. Fixed by returning TOR_COMPRESS_ERROR in that case so the
      caller can abort cleanly. TROVE-2026-021. Fixes bug 41274; bugfix
      on 0.2.6.1-alpha.
  * Major bugfixes (conflux, security):
    - Fix a NULL write after free when sending a CONFLUX_SWITCH cell
      fails. The return value of relay_send_command_from_edge() was
      ignored, so a send failure (which calls circuit_mark_for_close()
      and removes the leg via cfx_del_leg()) would go undetected,
      causing the caller to write to the now-freed current leg and
      resulting in a crash. TROVE-2026-017. Fixes bug 41263; bugfix
      on 0.4.8.1-alpha.
  * Major bugfixes (security, TROVE-2026-019):
    - Avoid out-of-bounds read/write when parsing a consensus or
      detached signature with unexpected signature digest type. Impact
      is minor for most Tor roles, but potentially major for directory
      authorities. Fixes bug 41267; bugfix on 0.2.8.2-alpha.
  * Major bugfixes (client stability, TROVE-2026-013, TROVE-2026-015):
    - Protect against a client-side assert that can happen if a
      malicious onion service gets the client to load its carefully
      crafted onion descriptor. Fixes bugs 41259 and 41261; bugfix
      on 0.3.1.1-alpha.
  * Major bugfixes (code safety):
    - Avoid a dangerous situation in router_find_exact_exit_enclave()
      where we could have reached an assert if bridges or relays claim
      an IP address of 0.0.0.0. Fixes bug 41276; bugfix on 0.4.5.1-alpha.
  * Major bugfixes (conflux, shutdown):
    - Fix a use-after-free in the shutdown path when freeing conflux
      circuits. cfx_add_leg() shares stream list pointers across legs
      without NULLing the old leg, so circuit_free_all() would free the
      lists via one leg and then access freed memory via another. TROVE-
      2026-016. Fixes bug 41262; bugfix on 0.4.8.1-alpha.
  * Major bugfixes (DNSPort, TROVE-2026-018):
    - Fix a client-side crash that would happen if we decide to stop
      reading on a RESOLVE request that came from the DNSPort or
      controller. This crash could happen naturally under heavy load and
      with poor luck, but since 0.4.7.2-alpha it could be induced by the
      exit relay via a flow control request. Fixes bug 41265; bugfix
      on 0.2.0.1-alpha.
  * Major bugfixes (memory safety, TROVE-2026-014):
    - Avoid a heap-use-after-free mistake that can happen in the conflux
      subsystem, and which can be induced at either the client or the
      exit relay. Fixes bug 41260; bugfix on 0.4.8.1-alpha.
  * Major bugfixes (onion services, TROVE-2026-020):
    - Avoid a possible divide by zero crash on onion services that have
      the proof-of-work (PoW) defense enabled. This bug could be hit by
      extreme bad luck or maybe by the help of an attacker crafting just
      the right circumstances. Fixes bug 41270; bugfix on 0.4.8.1-alpha.