tor-announce
Threads by month
- ----- 2025 -----
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- 2 participants
- 301 discussions
Tor 0.2.5.12 and 0.2.6.7 fix two security issues that could be used by
an attacker to crash hidden services, or crash clients visiting hidden
services. Hidden services should upgrade as soon as possible; clients
should upgrade whenever packages become available.
These releases also contain two simple improvements to make hidden
services a bit less vulnerable to denial-of-service attacks.
We also made a Tor 0.2.4.27 release so that Debian stable can easily
integrate these fixes.
The Tor Browser team is currently evaluating whether to put out a new
Tor Browser stable release with these fixes, or wait until next week
for their scheduled next stable release.
Changes in version 0.2.5.12 - 2015-04-06
o Major bugfixes (security, hidden service):
- Fix an issue that would allow a malicious client to trigger an
assertion failure and halt a hidden service. Fixes bug 15600;
bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
- Fix a bug that could cause a client to crash with an assertion
failure when parsing a malformed hidden service descriptor. Fixes
bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
o Minor features (DoS-resistance, hidden service):
- Introduction points no longer allow multiple INTRODUCE1 cells to
arrive on the same circuit. This should make it more expensive for
attackers to overwhelm hidden services with introductions.
Resolves ticket 15515.
Changes in version 0.2.6.7 - 2015-04-06
o Major bugfixes (security, hidden service):
- Fix an issue that would allow a malicious client to trigger an
assertion failure and halt a hidden service. Fixes bug 15600;
bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
- Fix a bug that could cause a client to crash with an assertion
failure when parsing a malformed hidden service descriptor. Fixes
bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
o Minor features (DoS-resistance, hidden service):
- Introduction points no longer allow multiple INTRODUCE1 cells to
arrive on the same circuit. This should make it more expensive for
attackers to overwhelm hidden services with introductions.
Resolves ticket 15515.
- Decrease the amount of reattempts that a hidden service performs
when its rendezvous circuits fail. This reduces the computational
cost for running a hidden service under heavy load. Resolves
ticket 11447.
1
0
Hello! I released Tor 0.2.5.11 last week. This is the formal announcement.
(Per usual practice with non-critical stable releases, I've delayed
the tor-announce announcement to give distributions have a chance to
make packages. If you are a packager and you didn't notice that,
please let me know and I'll put you on the list of people I notify
extra-early about new releases.)
This is the second stable 0.2.5 release. (The first came out in
October.) Going forward, the 0.2.5 series will only receive patches
for serious issues. You may want to consider upgrading to 0.2.6 soon;
it's going to be officially stable pretty soon now.
You can get the source code for Tor 0.2.5.11 at
https://dist.torproject.org/
and directly from the download page at the Tor website.
This version of Tor also appears in TorBrowser 4.0.5.
Changes in version 0.2.5.11 - 2015-03-17
Tor 0.2.5.11 is the second stable release in the 0.2.5 series.
It backports several bugfixes from the 0.2.6 branch, including a
couple of medium-level security fixes for relays and exit nodes.
It also updates the list of directory authorities.
o Directory authority changes:
- Remove turtles as a directory authority.
- Add longclaw as a new (v3) directory authority. This implements
ticket 13296. This keeps the directory authority count at 9.
- The directory authority Faravahar has a new IP address. This
closes ticket 14487.
o Major bugfixes (crash, OSX, security):
- Fix a remote denial-of-service opportunity caused by a bug in
OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
in OSX 10.9.
o Major bugfixes (relay, stability, possible security):
- Fix a bug that could lead to a relay crashing with an assertion
failure if a buffer of exactly the wrong layout was passed to
buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
0.2.0.10-alpha. Patch from 'cypherpunks'.
- Do not assert if the 'data' pointer on a buffer is advanced to the
very end of the buffer; log a BUG message instead. Only assert if
it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
o Major bugfixes (exit node stability):
- Fix an assertion failure that could occur under high DNS load.
Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
diagnosed and fixed by "cypherpunks".
o Major bugfixes (Linux seccomp2 sandbox):
- Upon receiving sighup with the seccomp2 sandbox enabled, do not
crash during attempts to call wait4. Fixes bug 15088; bugfix on
0.2.5.1-alpha. Patch from "sanic".
o Minor features (controller):
- New "GETINFO bw-event-cache" to get information about recent
bandwidth events. Closes ticket 14128. Useful for controllers to
get recent bandwidth history after the fix for ticket 13988.
o Minor features (geoip):
- Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
- Update geoip6 to the March 3 2015 Maxmind GeoLite2
Country database.
o Minor bugfixes (client, automapping):
- Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
no value follows the option. Fixes bug 14142; bugfix on
0.2.4.7-alpha. Patch by "teor".
- Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
14195; bugfix on 0.1.0.1-rc.
o Minor bugfixes (compilation):
- Build without warnings with the stock OpenSSL srtp.h header, which
has a duplicate declaration of SSL_get_selected_srtp_profile().
Fixes bug 14220; this is OpenSSL's bug, not ours.
o Minor bugfixes (directory authority):
- Allow directory authorities to fetch more data from one another if
they find themselves missing lots of votes. Previously, they had
been bumping against the 10 MB queued data limit. Fixes bug 14261;
bugfix on 0.1.2.5-alpha.
- Enlarge the buffer to read bwauth generated files to avoid an
issue when parsing the file in dirserv_read_measured_bandwidths().
Fixes bug 14125; bugfix on 0.2.2.1-alpha.
o Minor bugfixes (statistics):
- Increase period over which bandwidth observations are aggregated
from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
o Minor bugfixes (preventative security, C safety):
- When reading a hexadecimal, base-32, or base-64 encoded value from
a string, always overwrite the whole output buffer. This prevents
some bugs where we would look at (but fortunately, not reveal)
uninitialized memory on the stack. Fixes bug 14013; bugfix on all
versions of Tor.
1
0
Hello! I released Tor 0.2.4.26 last week. This is the formal announcement.
(Per usual practice with non-critical stable releases, I've delayed
the tor-announce announcement to give distributions have a chance to
make packages. If you are a packager and you didn't notice that,
please let me know and I'll put you on the list of people I notify
extra-early about new releases.)
Tor 0.2.4 is the oldest supported release series. It will receive
only patches for really serious issues. Most people should consider
upgrading to 0.2.5 or 0.2.6 instead.
You can get the source code for Tor 0.2.4.26 at
https://dist.torproject.org/
Changes in version 0.2.4.26 - 2015-03-17
Tor 0.2.4.26 includes an updated list of directory authorities. It
also backports a couple of stability and security bugfixes from 0.2.5
and beyond.
o Directory authority changes:
- Remove turtles as a directory authority.
- Add longclaw as a new (v3) directory authority. This implements
ticket 13296. This keeps the directory authority count at 9.
- The directory authority Faravahar has a new IP address. This
closes ticket 14487.
o Major bugfixes (exit node stability, also in 0.2.6.3-alpha):
- Fix an assertion failure that could occur under high DNS load.
Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
diagnosed and fixed by "cypherpunks".
o Major bugfixes (relay, stability, possible security, also in 0.2.6.4-rc):
- Fix a bug that could lead to a relay crashing with an assertion
failure if a buffer of exactly the wrong layout was passed to
buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
0.2.0.10-alpha. Patch from 'cypherpunks'.
- Do not assert if the 'data' pointer on a buffer is advanced to the
very end of the buffer; log a BUG message instead. Only assert if
it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
o Minor features (geoip):
- Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
- Update geoip6 to the March 3 2015 Maxmind GeoLite2
Country database.
1
0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello, all. This is a release announcement for Tor 0.2.5.10, which I
released as source yesterday. You can download the source from the usual
places on our website. Some operating system packages should already be
available; others will likely be released over the next week.
(Usually, I'd wait for more packages to be available before announcing a
stable release, but people have been asking me questions about whether this
is official or not. So there you have it!)
Changes in version 0.2.5.10 - 2014-10-24
Tor 0.2.5.10 is the first stable release in the 0.2.5 series.
It adds several new security features, including improved
denial-of-service resistance for relays, new compiler hardening
options, and a system-call sandbox for hardened installations on Linux
(requires seccomp2). The controller protocol has several new features,
resolving IPv6 addresses should work better than before, and relays
should be a little more CPU-efficient. We've added support for more
OpenBSD and FreeBSD transparent proxy types. We've improved the build
system and testing infrastructure to allow unit testing of more parts
of the Tor codebase. Finally, we've addressed several nagging pluggable
transport usability issues, and included numerous other small bugfixes
and features mentioned below.
This release marks end-of-life for Tor 0.2.3.x; those Tor versions
have accumulated many known flaws; everyone should upgrade.
o Major features (security):
- The ntor handshake is now on-by-default, no matter what the
directory authorities recommend. Implements ticket 8561.
- Make the "tor-gencert" tool used by directory authority operators
create 2048-bit signing keys by default (rather than 1024-bit, since
1024-bit is uncomfortably small these days). Addresses ticket 10324.
- Warn about attempts to run hidden services and relays in the same
process: that's probably not a good idea. Closes ticket 12908.
- Disable support for SSLv3. All versions of OpenSSL in use with Tor
today support TLS 1.0 or later, so we can safely turn off support
for this old (and insecure) protocol. Fixes bug 13426.
o Major features (relay security, DoS-resistance):
- When deciding whether we have run out of memory and we need to
close circuits, also consider memory allocated in buffers for
streams attached to each circuit.
This change, which extends an anti-DoS feature introduced in
0.2.4.13-alpha and improved in 0.2.4.14-alpha, lets Tor exit relays
better resist more memory-based DoS attacks than before. Since the
MaxMemInCellQueues option now applies to all queues, it is renamed
to MaxMemInQueues. This feature fixes bug 10169.
- Avoid hash-flooding denial-of-service attacks by using the secure
SipHash-2-4 hash function for our hashtables. Without this
feature, an attacker could degrade performance of a targeted
client or server by flooding their data structures with a large
number of entries to be stored at the same hash table position,
thereby slowing down the Tor instance. With this feature, hash
table positions are derived from a randomized cryptographic key,
and an attacker cannot predict which entries will collide. Closes
ticket 4900.
- If you don't specify MaxMemInQueues yourself, Tor now tries to
pick a good value based on your total system memory. Previously,
the default was always 8 GB. You can still override the default by
setting MaxMemInQueues yourself. Resolves ticket 11396.
o Major features (bridges and pluggable transports):
- Add support for passing arguments to managed pluggable transport
proxies. Implements ticket 3594.
- Bridges now track GeoIP information and the number of their users
even when pluggable transports are in use, and report usage
statistics in their extra-info descriptors. Resolves tickets 4773
and 5040.
- Don't launch pluggable transport proxies if we don't have any
bridges configured that would use them. Now we can list many
pluggable transports, and Tor will dynamically start one when it
hears a bridge address that needs it. Resolves ticket 5018.
- The bridge directory authority now assigns status flags (Stable,
Guard, etc) to bridges based on thresholds calculated over all
Running bridges. Now bridgedb can finally make use of its features
to e.g. include at least one Stable bridge in its answers. Fixes
bug 9859.
o Major features (controller):
- Extend ORCONN controller event to include an "ID" parameter,
and add four new controller event types CONN_BW, CIRC_BW,
CELL_STATS, and TB_EMPTY that show connection and circuit usage.
The new events are emitted in private Tor networks only, with the
goal of being able to better track performance and load during
full-network simulations. Implements proposal 218 and ticket 7359.
o Major features (relay performance):
- Speed up server-side lookups of rendezvous and introduction point
circuits by using hashtables instead of linear searches. These
functions previously accounted between 3 and 7% of CPU usage on
some busy relays. Resolves ticket 9841.
- Avoid wasting CPU when extending a circuit over a channel that is
nearly out of circuit IDs. Previously, we would do a linear scan
over possible circuit IDs before finding one or deciding that we
had exhausted our possibilities. Now, we try at most 64 random
circuit IDs before deciding that we probably won't succeed. Fixes
a possible root cause of ticket 11553.
o Major features (seccomp2 sandbox, Linux only):
- Use the seccomp2 syscall filtering facility on Linux to limit
which system calls Tor can invoke. This is an experimental,
Linux-only feature to provide defense-in-depth against unknown
attacks. To try turning it on, set "Sandbox 1" in your torrc
file. Please be ready to report bugs. We hope to add support
for better sandboxing in the future, including more fine-grained
filters, better division of responsibility, and support for more
platforms. This work has been done by Cristian-Matei Toader for
Google Summer of Code. Resolves tickets 11351 and 11465.
o Major features (testing networks):
- Make testing Tor networks bootstrap better: lower directory fetch
retry schedules and maximum interval without directory requests,
and raise maximum download tries. Implements ticket 6752.
- Add make target 'test-network' to run tests on a Chutney network.
Implements ticket 8530.
o Major features (other):
- On some platforms (currently: recent OSX versions, glibc-based
platforms that support the ELF format, and a few other
Unix-like operating systems), Tor can now dump stack traces
when a crash occurs or an assertion fails. By default, traces
are dumped to stderr (if possible) and to any logs that are
reporting errors. Implements ticket 9299.
o Deprecated versions:
- Tor 0.2.3.x has reached end-of-life; it has received no patches or
attention for some while.
o Major bugfixes (security, directory authorities):
- Directory authorities now include a digest of each relay's
identity key as a part of its microdescriptor.
This is a workaround for bug 11743 (reported by "cypherpunks"),
where Tor clients do not support receiving multiple
microdescriptors with the same SHA256 digest in the same
consensus. When clients receive a consensus like this, they only
use one of the relays. Without this fix, a hostile relay could
selectively disable some client use of target relays by
constructing a router descriptor with a different identity and the
same microdescriptor parameters and getting the authorities to
list it in a microdescriptor consensus. This fix prevents an
attacker from causing a microdescriptor collision, because the
router's identity is not forgeable.
o Major bugfixes (openssl bug workaround):
- Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
1.0.1j, built with the 'no-ssl3' configuration option. Fixes
bug 13471. This is a workaround for an OpenSSL bug.
o Major bugfixes (client):
- Perform circuit cleanup operations even when circuit
construction operations are disabled (because the network is
disabled, or because there isn't enough directory information).
Previously, when we were not building predictive circuits, we
were not closing expired circuits either. Fixes bug 8387; bugfix on
0.1.1.11-alpha. This bug became visible in 0.2.4.10-alpha when we
became more strict about when we have "enough directory information
to build circuits".
o Major bugfixes (client, pluggable transports):
- When managing pluggable transports, use OS notification facilities
to learn if they have crashed, and don't attempt to kill any
process that has already exited. Fixes bug 8746; bugfix
on 0.2.3.6-alpha.
o Major bugfixes (relay denial of service):
- Instead of writing destroy cells directly to outgoing connection
buffers, queue them and intersperse them with other outgoing cells.
This can prevent a set of resource starvation conditions where too
many pending destroy cells prevent data cells from actually getting
delivered. Reported by "oftc_must_be_destroyed". Fixes bug 7912;
bugfix on 0.2.0.1-alpha.
o Major bugfixes (relay):
- Avoid queuing or sending destroy cells for circuit ID zero when we
fail to send a CREATE cell. Fixes bug 12848; bugfix on 0.0.8pre1.
Found and fixed by "cypherpunks".
- Fix ORPort reachability detection on relays running behind a
proxy, by correctly updating the "local" mark on the controlling
channel when changing the address of an or_connection_t after the
handshake. Fixes bug 12160; bugfix on 0.2.4.4-alpha.
- Use a direct dirport connection when uploading non-anonymous
descriptors to the directory authorities. Previously, relays would
incorrectly use tunnel connections under a fairly wide variety of
circumstances. Fixes bug 11469; bugfix on 0.2.4.3-alpha.
- When a circuit accidentally has the same circuit ID for its
forward and reverse direction, correctly detect the direction of
cells using that circuit. Previously, this bug made roughly one
circuit in a million non-functional. Fixes bug 12195; this is a
bugfix on every version of Tor.
o Minor features (security):
- New --enable-expensive-hardening option to enable security
hardening options that consume nontrivial amounts of CPU and
memory. Right now, this includes AddressSanitizer and UbSan, which
are supported in newer versions of GCC and Clang. Closes ticket
11477.
- Authorities now assign the Guard flag to the fastest 25% of the
network (it used to be the fastest 50%). Also raise the consensus
weight that guarantees the Guard flag from 250 to 2000. For the
current network, this results in about 1100 guards, down from 2500.
This step paves the way for moving the number of entry guards
down to 1 (proposal 236) while still providing reasonable expected
performance for most users. Implements ticket 12690.
o Minor features (security, memory management):
- Memory allocation tricks (mempools and buffer freelists) are now
disabled by default. You can turn them back on with
--enable-mempools and --enable-buf-freelists respectively. We're
disabling these features because malloc performance is good enough
on most platforms, and a similar feature in OpenSSL exacerbated
exploitation of the Heartbleed attack. Resolves ticket 11476.
o Minor features (bridge client):
- Report a more useful failure message when we can't connect to a
bridge because we don't have the right pluggable transport
configured. Resolves ticket 9665. Patch from Fábio J. Bertinatto.
o Minor features (bridge):
- Add an ExtORPortCookieAuthFileGroupReadable option to make the
cookie file for the ExtORPort g+r by default.
o Minor features (bridges, pluggable transports):
- Bridges now write the SHA1 digest of their identity key
fingerprint (that is, a hash of a hash of their public key) to
notice-level logs, and to a new hashed-fingerprint file. This
information will help bridge operators look up their bridge in
Globe and similar tools. Resolves ticket 10884.
- Improve the message that Tor displays when running as a bridge
using pluggable transports without an Extended ORPort listener.
Also, log the message in the log file too. Resolves ticket 11043.
- Add threshold cutoffs to the networkstatus document created by
the Bridge Authority. Fixes bug 1117.
- On Windows, spawn background processes using the CREATE_NO_WINDOW
flag. Now Tor Browser Bundle 3.5 with pluggable transports enabled
doesn't pop up a blank console window. (In Tor Browser Bundle 2.x,
Vidalia set this option for us.) Implements ticket 10297.
o Minor features (build):
- The configure script has a --disable-seccomp option to turn off
support for libseccomp on systems that have it, in case it (or
Tor's use of it) is broken. Resolves ticket 11628.
- Assume that a user using ./configure --host wants to cross-compile,
and give an error if we cannot find a properly named
tool-chain. Add a --disable-tool-name-check option to proceed
nevertheless. Addresses ticket 9869. Patch by Benedikt Gollatz.
- If we run ./configure and the compiler recognizes -fstack-protector
but the linker rejects it, warn the user about a potentially missing
libssp package. Addresses ticket 9948. Patch from Benedikt Gollatz.
- Add support for `--library-versions` flag. Implements ticket 6384.
- Return the "unexpected sendme" warnings to a warn severity, but make
them rate limited, to help diagnose ticket 8093.
- Detect a missing asciidoc, and warn the user about it, during
configure rather than at build time. Fixes issue 6506. Patch from
Arlo Breault.
o Minor features (client):
- Add a new option, PredictedPortsRelevanceTime, to control how long
after having received a request to connect to a given port Tor
will try to keep circuits ready in anticipation of future requests
for that port. Patch from "unixninja92"; implements ticket 9176.
o Minor features (config options and command line):
- Add an --allow-missing-torrc commandline option that tells Tor to
run even if the configuration file specified by -f is not available.
Implements ticket 10060.
- Add support for the TPROXY transparent proxying facility on Linux.
See documentation for the new TransProxyType option for more
details. Implementation by "thomo". Closes ticket 10582.
o Minor features (config options):
- Config (torrc) lines now handle fingerprints which are missing
their initial '$'. Resolves ticket 4341; improvement over 0.0.9pre5.
- Support a --dump-config option to print some or all of the
configured options. Mainly useful for debugging the command-line
option parsing code. Helps resolve ticket 4647.
- Raise awareness of safer logging: notify user of potentially
unsafe config options, like logging more verbosely than severity
"notice" or setting SafeLogging to 0. Resolves ticket 5584.
- Add a new configuration option TestingV3AuthVotingStartOffset
that bootstraps a network faster by changing the timing for
consensus votes. Addresses ticket 8532.
- Add a new torrc option "ServerTransportOptions" that allows
bridge operators to pass configuration parameters to their
pluggable transports. Resolves ticket 8929.
- The config (torrc) file now accepts bandwidth and space limits in
bits as well as bytes. (Anywhere that you can say "2 Kilobytes",
you can now say "16 kilobits", and so on.) Resolves ticket 9214.
Patch by CharlieB.
o Minor features (controller):
- Make the entire exit policy available from the control port via
GETINFO exit-policy/*. Implements enhancement 7952. Patch from
"rl1987".
- Because of the fix for ticket 11396, the real limit for memory
usage may no longer match the configured MaxMemInQueues value. The
real limit is now exposed via GETINFO limits/max-mem-in-queues.
- Add a new "HS_DESC" controller event that reports activities
related to hidden service descriptors. Resolves ticket 8510.
- New "DROPGUARDS" controller command to forget all current entry
guards. Not recommended for ordinary use, since replacing guards
too frequently makes several attacks easier. Resolves ticket 9934;
patch from "ra".
- Implement the TRANSPORT_LAUNCHED control port event that
notifies controllers about new launched pluggable
transports. Resolves ticket 5609.
o Minor features (diagnostic):
- When logging a warning because of bug 7164, additionally check the
hash table for consistency (as proposed on ticket 11737). This may
help diagnose bug 7164.
- When we log a heartbeat, log how many one-hop circuits we have
that are at least 30 minutes old, and log status information about
a few of them. This is an attempt to track down bug 8387.
- When encountering an unexpected CR while writing text to a file on
Windows, log the name of the file. Should help diagnosing
bug 11233.
- Give more specific warnings when a client notices that an onion
handshake has failed. Fixes ticket 9635.
- Add significant new logging code to attempt to diagnose bug 12184,
where relays seem to run out of available circuit IDs.
- Improve the diagnostic log message for bug 8387 even further to
try to improve our odds of figuring out why one-hop directory
circuits sometimes do not get closed.
- Add more log messages to diagnose bug 7164, which causes
intermittent "microdesc_free() called but md was still referenced"
warnings. We now include more information, to figure out why we
might be cleaning a microdescriptor for being too old if it's
still referenced by a live node_t object.
- Log current accounting state (bytes sent and received + remaining
time for the current accounting period) in the relay's heartbeat
message. Implements ticket 5526; patch from Peter Retzlaff.
o Minor features (geoip):
- Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
Country database.
o Minor features (interface):
- Generate a warning if any ports are listed in the SocksPolicy,
DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or
AuthDirBadExit options. (These options only support address
ranges.) Fixes part of ticket 11108.
o Minor features (kernel API usage):
- Use the SOCK_NONBLOCK socket type, if supported, to open nonblocking
sockets in a single system call. Implements ticket 5129.
o Minor features (log messages):
- When ServerTransportPlugin is set on a bridge, Tor can write more
useful statistics about bridge use in its extrainfo descriptors,
but only if the Extended ORPort ("ExtORPort") is set too. Add a
log message to inform the user in this case. Resolves ticket 9651.
- When receiving a new controller connection, log the origin address.
Resolves ticket 9698; patch from "sigpipe".
- When logging OpenSSL engine status at startup, log the status of
more engines. Fixes ticket 10043; patch from Joshua Datko.
o Minor features (log verbosity):
- Demote the message that we give when a flushing connection times
out for too long from NOTICE to INFO. It was usually meaningless.
Resolves ticket 5286.
- Don't log so many notice-level bootstrapping messages at startup
about downloading descriptors. Previously, we'd log a notice
whenever we learned about more routers. Now, we only log a notice
at every 5% of progress. Fixes bug 9963.
- Warn less verbosely when receiving a malformed
ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279.
o Minor features (performance):
- If we're using the pure-C 32-bit curve25519_donna implementation
of curve25519, build it with the -fomit-frame-pointer option to
make it go faster on register-starved hosts. This improves our
handshake performance by about 6% on i386 hosts without nacl.
Closes ticket 8109.
o Minor features (relay):
- If a circuit timed out for at least 3 minutes, check if we have a
new external IP address, and publish a new descriptor with the new
IP address if it changed. Resolves ticket 2454.
o Minor features (testing):
- If Python is installed, "make check" now runs extra tests beyond
the unit test scripts.
- When bootstrapping a test network, sometimes very few relays get
the Guard flag. Now a new option "TestingDirAuthVoteGuard" can
specify a set of relays which should be voted Guard regardless of
their uptime or bandwidth. Addresses ticket 9206.
o Minor features (transparent proxy, *BSD):
- Support FreeBSD's ipfw firewall interface for TransPort ports on
FreeBSD. To enable it, set "TransProxyType ipfw". Resolves ticket
10267; patch from "yurivict".
- Support OpenBSD's divert-to rules with the pf firewall for
transparent proxy ports. To enable it, set "TransProxyType
pf-divert". This allows Tor to run a TransPort transparent proxy
port on OpenBSD 4.4 or later without root privileges. See the
pf.conf(5) manual page for information on configuring pf to use
divert-to rules. Closes ticket 10896; patch from Dana Koch.
o Minor bugfixes (bridge client):
- Stop accepting bridge lines containing hostnames. Doing so would
cause clients to perform DNS requests on the hostnames, which was
not sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha.
o Minor bugfixes (bridges):
- Avoid potential crashes or bad behavior when launching a
server-side managed proxy with ORPort or ExtORPort temporarily
disabled. Fixes bug 9650; bugfix on 0.2.3.16-alpha.
- Fix a bug where the first connection works to a bridge that uses a
pluggable transport with client-side parameters, but we don't send
the client-side parameters on subsequent connections. (We don't
use any pluggable transports with client-side parameters yet,
but ScrambleSuit will soon become the first one.) Fixes bug 9162;
bugfix on 0.2.0.3-alpha. Based on a patch from "rl1987".
o Minor bugfixes (build, auxiliary programs):
- Stop preprocessing the "torify" script with autoconf, since
it no longer refers to LOCALSTATEDIR. Fixes bug 5505; patch
from Guilhem.
- The tor-fw-helper program now follows the standard convention and
exits with status code "0" on success. Fixes bug 9030; bugfix on
0.2.3.1-alpha. Patch by Arlo Breault.
- Corrected ./configure advice for what openssl dev package you should
install on Debian. Fixes bug 9207; bugfix on 0.2.0.1-alpha.
o Minor bugfixes (client):
- Avoid "Tried to open a socket with DisableNetwork set" warnings
when starting a client with bridges configured and DisableNetwork
set. (Tor launcher starts Tor with DisableNetwork set the first
time it runs.) Fixes bug 10405; bugfix on 0.2.3.9-alpha.
- Improve the log message when we can't connect to a hidden service
because all of the hidden service directory nodes hosting its
descriptor are excluded. Improves on our fix for bug 10722, which
was a bugfix on 0.2.0.10-alpha.
- Raise a control port warning when we fail to connect to all of
our bridges. Previously, we didn't inform the controller, and
the bootstrap process would stall. Fixes bug 11069; bugfix on
0.2.1.2-alpha.
- Exit immediately when a process-owning controller exits.
Previously, tor relays would wait for a little while after their
controller exited, as if they had gotten an INT signal -- but this
was problematic, since there was no feedback for the user. To do a
clean shutdown, controllers should send an INT signal and give Tor
a chance to clean up. Fixes bug 10449; bugfix on 0.2.2.28-beta.
- Stop attempting to connect to bridges before our pluggable
transports are configured (harmless but resulted in some erroneous
log messages). Fixes bug 11156; bugfix on 0.2.3.2-alpha.
- Fix connections to IPv6 addresses over SOCKS5. Previously, we were
generating incorrect SOCKS5 responses, and confusing client
applications. Fixes bug 10987; bugfix on 0.2.4.7-alpha.
o Minor bugfixes (client, DNSPort):
- When using DNSPort, try to respond to AAAA requests with AAAA
answers. Previously, we hadn't looked at the request type when
deciding which answer type to prefer. Fixes bug 10468; bugfix on
0.2.4.7-alpha.
- When receiving a DNS query for an unsupported record type, reply
with no answer rather than with a NOTIMPL error. This behavior
isn't correct either, but it will break fewer client programs, we
hope. Fixes bug 10268; bugfix on 0.2.0.1-alpha. Original patch
from "epoch".
o Minor bugfixes (client, logging during bootstrap):
- Only report the first fatal bootstrap error on a given OR
connection. This stops us from telling the controller bogus error
messages like "DONE". Fixes bug 10431; bugfix on 0.2.1.1-alpha.
- Avoid generating spurious warnings when starting with
DisableNetwork enabled. Fixes bug 11200 and bug 10405; bugfix on
0.2.3.9-alpha.
o Minor bugfixes (closing OR connections):
- If write_to_buf() in connection_write_to_buf_impl_() ever fails,
check if it's an or_connection_t and correctly call
connection_or_close_for_error() rather than
connection_mark_for_close() directly. Fixes bug 11304; bugfix on
0.2.4.4-alpha.
- When closing all connections on setting DisableNetwork to 1, use
connection_or_close_normally() rather than closing OR connections
out from under the channel layer. Fixes bug 11306; bugfix on
0.2.4.4-alpha.
o Minor bugfixes (code correctness):
- Previously we used two temporary files when writing descriptors to
disk; now we only use one. Fixes bug 1376.
- Remove an erroneous (but impossible and thus harmless) pointer
comparison that would have allowed compilers to skip a bounds
check in channeltls.c. Fixes bugs 10313 and 9980; bugfix on
0.2.0.10-alpha. Noticed by Jared L Wong and David Fifield.
- Fix an always-true assertion in pluggable transports code so it
actually checks what it was trying to check. Fixes bug 10046;
bugfix on 0.2.3.9-alpha. Found by "dcb".
o Minor bugfixes (command line):
- Use a single command-line parser for parsing torrc options on the
command line and for finding special command-line options to avoid
inconsistent behavior for torrc option arguments that have the same
names as command-line options. Fixes bugs 4647 and 9578; bugfix on
0.0.9pre5.
- No longer allow 'tor --hash-password' with no arguments. Fixes bug
9573; bugfix on 0.0.9pre5.
o Minor bugfixes (compilation):
- Compile correctly with builds and forks of OpenSSL (such as
LibreSSL) that disable compression. Fixes bug 12602; bugfix on
0.2.1.1-alpha. Patch from "dhill".
- Restore the ability to compile Tor with V2_HANDSHAKE_SERVER
turned off (that is, without support for v2 link handshakes). Fixes
bug 4677; bugfix on 0.2.3.2-alpha. Patch from "piet".
- In routerlist_assert_ok(), don't take the address of a
routerinfo's cache_info member unless that routerinfo is non-NULL.
Fixes bug 13096; bugfix on 0.1.1.9-alpha. Patch by "teor".
- Fix a large number of false positive warnings from the clang
analyzer static analysis tool. This should make real warnings
easier for clang analyzer to find. Patch from "teor". Closes
ticket 13036.
- Resolve GCC complaints on OpenBSD about discarding constness in
TO_{ORIGIN,OR}_CIRCUIT functions. Fixes part of bug 11633; bugfix
on 0.1.1.23. Patch from Dana Koch.
- Resolve clang complaints on OpenBSD with -Wshorten-64-to-32 due to
treatment of long and time_t as comparable types. Fixes part of
bug 11633. Patch from Dana Koch.
- When deciding whether to build the 64-bit curve25519
implementation, detect platforms where we can compile 128-bit
arithmetic but cannot link it. Fixes bug 11729; bugfix on
0.2.4.8-alpha. Patch from "conradev".
- Fix compilation when DNS_CACHE_DEBUG is enabled. Fixes bug 11761;
bugfix on 0.2.3.13-alpha. Found by "cypherpunks".
- Fix compilation with dmalloc. Fixes bug 11605; bugfix
on 0.2.4.10-alpha.
- Build and run correctly on systems like OpenBSD-current that have
patched OpenSSL to remove get_cipher_by_char and/or its
implementations. Fixes issue 13325.
o Minor bugfixes (controller and command-line):
- If changing a config option via "setconf" fails in a recoverable
way, we used to nonetheless write our new control ports to the
file described by the "ControlPortWriteToFile" option. Now we only
write out that file if we successfully switch to the new config
option. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from "Ryman".
o Minor bugfixes (directory server):
- No longer accept malformed http headers when parsing urls from
headers. Now we reply with Bad Request ("400"). Fixes bug 2767;
bugfix on 0.0.6pre1.
- When sending a compressed set of descriptors or microdescriptors,
make sure to finalize the zlib stream. Previously, we would write
all the compressed data, but if the last descriptor we wanted to
send was missing or too old, we would not mark the stream as
finished. This caused problems for decompression tools. Fixes bug
11648; bugfix on 0.1.1.23.
o Minor bugfixes (hidden service):
- Only retry attempts to connect to a chosen rendezvous point 8
times, not 30. Fixes bug 4241; bugfix on 0.1.0.1-rc.
o Minor bugfixes (interface):
- Reject relative control socket paths and emit a warning. Previously,
single-component control socket paths would be rejected, but Tor
would not log why it could not validate the config. Fixes bug 9258;
bugfix on 0.2.3.16-alpha.
o Minor bugfixes (log messages):
- Fix a bug where clients using bridges would report themselves
as 50% bootstrapped even without a live consensus document.
Fixes bug 9922; bugfix on 0.2.1.1-alpha.
- Suppress a warning where, if there's only one directory authority
in the network, we would complain that votes and signatures cannot
be uploaded to other directory authorities. Fixes bug 10842;
bugfix on 0.2.2.26-beta.
- Report bootstrapping progress correctly when we're downloading
microdescriptors. We had updated our "do we have enough microdescs
to begin building circuits?" logic most recently in 0.2.4.10-alpha
(see bug 5956), but we left the bootstrap status event logic at
"how far through getting 1/4 of them are we?" Fixes bug 9958;
bugfix on 0.2.2.36, which is where they diverged (see bug 5343).
o Minor bugfixes (logging):
- Downgrade "Unexpected onionskin length after decryption" warning
to a protocol-warn, since there's nothing relay operators can do
about a client that sends them a malformed create cell. Resolves
bug 12996; bugfix on 0.0.6rc1.
- Log more specific warnings when we get an ESTABLISH_RENDEZVOUS
cell on a cannibalized or non-OR circuit. Resolves ticket 12997.
- When logging information about an EXTEND2 or EXTENDED2 cell, log
their names correctly. Fixes part of bug 12700; bugfix
on 0.2.4.8-alpha.
- When logging information about a relay cell whose command we don't
recognize, log its command as an integer. Fixes part of bug 12700;
bugfix on 0.2.1.10-alpha.
- Escape all strings from the directory connection before logging
them. Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor".
- Squelch a spurious LD_BUG message "No origin circuit for
successful SOCKS stream" in certain hidden service failure cases;
fixes bug 10616.
- Downgrade the severity of the 'unexpected sendme cell from client'
from 'warn' to 'protocol warning'. Closes ticket 8093.
o Minor bugfixes (misc code correctness):
- In munge_extrainfo_into_routerinfo(), check the return value of
memchr(). This would have been a serious issue if we ever passed
it a non-extrainfo. Fixes bug 8791; bugfix on 0.2.0.6-alpha. Patch
from Arlo Breault.
- On the chance that somebody manages to build Tor on a
platform where time_t is unsigned, correct the way that
microdesc_add_to_cache() handles negative time arguments.
Fixes bug 8042; bugfix on 0.2.3.1-alpha.
- Fix various instances of undefined behavior in channeltls.c,
tor_memmem(), and eventdns.c that would cause us to construct
pointers to memory outside an allocated object. (These invalid
pointers were not accessed, but C does not even allow them to
exist.) Fixes bug 10363; bugfixes on 0.1.1.1-alpha, 0.1.2.1-alpha,
0.2.0.10-alpha, and 0.2.3.6-alpha. Reported by "bobnomnom".
- Use the AddressSanitizer and Ubsan sanitizers (in clang-3.4) to
fix some miscellaneous errors in our tests and codebase. Fixes bug
11232. Bugfixes on versions back as far as 0.2.1.11-alpha.
- Always check return values for unlink, munmap, UnmapViewOfFile;
check strftime return values more often. In some cases all we can
do is report a warning, but this may help prevent deeper bugs from
going unnoticed. Closes ticket 8787; bugfixes on many, many tor
versions.
- Fix numerous warnings from the clang "scan-build" static analyzer.
Some of these are programming style issues; some of them are false
positives that indicated awkward code; some are undefined behavior
cases related to constructing (but not using) invalid pointers;
some are assumptions about API behavior; some are (harmlessly)
logging sizeof(ptr) bytes from a token when sizeof(*ptr) would be
correct; and one or two are genuine bugs that weren't reachable
from the rest of the program. Fixes bug 8793; bugfixes on many,
many tor versions.
o Minor bugfixes (node selection):
- If ExcludeNodes is set, consider non-excluded hidden service
directory servers before excluded ones. Do not consider excluded
hidden service directory servers at all if StrictNodes is
set. (Previously, we would sometimes decide to connect to those
servers, and then realize before we initiated a connection that
we had excluded them.) Fixes bug 10722; bugfix on 0.2.0.10-alpha.
Reported by "mr-4".
- If we set the ExitNodes option but it doesn't include any nodes
that have the Exit flag, we would choose not to bootstrap. Now we
bootstrap so long as ExitNodes includes nodes which can exit to
some port. Fixes bug 10543; bugfix on 0.2.4.10-alpha.
o Minor bugfixes (performance):
- Avoid a bug where every successful connection made us recompute
the flag telling us whether we have sufficient information to
build circuits. Previously, we would forget our cached value
whenever we successfully opened a channel (or marked a router as
running or not running for any other reason), regardless of
whether we had previously believed the router to be running. This
forced us to run an expensive update operation far too often.
Fixes bug 12170; bugfix on 0.1.2.1-alpha.
- Avoid using tor_memeq() for checking relay cell integrity. This
removes a possible performance bottleneck. Fixes part of bug
12169; bugfix on 0.2.1.31.
o Minor bugfixes (platform-specific):
- When dumping a malformed directory object to disk, save it in
binary mode on Windows, not text mode. Fixes bug 11342; bugfix on
0.2.2.1-alpha.
- Don't report failures from make_socket_reuseable() on incoming
sockets on OSX: this can happen when incoming connections close
early. Fixes bug 10081.
o Minor bugfixes (pluggable transports):
- Avoid another 60-second delay when starting Tor in a pluggable-
transport-using configuration when we already have cached
descriptors for our bridges. Fixes bug 11965; bugfix
on 0.2.3.6-alpha.
o Minor bugfixes (protocol correctness):
- When receiving a VERSIONS cell with an odd number of bytes, close
the connection immediately since the cell is malformed. Fixes bug
10365; bugfix on 0.2.0.10-alpha. Spotted by "bobnomnom"; fix by
"rl1987".
o Minor bugfixes (relay, other):
- We now drop CREATE cells for already-existent circuit IDs and for
zero-valued circuit IDs, regardless of other factors that might
otherwise have called for DESTROY cells. Fixes bug 12191; bugfix
on 0.0.8pre1.
- When rejecting DATA cells for stream_id zero, still count them
against the circuit's deliver window so that we don't fail to send
a SENDME. Fixes bug 11246; bugfix on 0.2.4.10-alpha.
o Minor bugfixes (relay, threading):
- Check return code on spawn_func() in cpuworker code, so that we
don't think we've spawned a nonworking cpuworker and write junk to
it forever. Fix related to bug 4345; bugfix on all released Tor
versions. Found by "skruffy".
- Use a pthread_attr to make sure that spawn_func() cannot return an
error while at the same time launching a thread. Fix related to
bug 4345; bugfix on all released Tor versions. Reported
by "cypherpunks".
o Minor bugfixes (relays and bridges):
- Avoid crashing on a malformed resolv.conf file when running a
relay using Libevent 1. Fixes bug 8788; bugfix on 0.1.1.23.
- Non-exit relays no longer launch mock DNS requests to check for
DNS hijacking. This has been unnecessary since 0.2.1.7-alpha, when
non-exit relays stopped servicing DNS requests. Fixes bug 965;
bugfix on 0.2.1.7-alpha. Patch from Matt Pagan.
- Bridges now report complete directory request statistics. Related
to bug 5824; bugfix on 0.2.2.1-alpha.
- Bridges now never collect statistics that were designed for
relays. Fixes bug 5824; bugfix on 0.2.3.8-alpha.
o Minor bugfixes (testing):
- Fix all valgrind warnings produced by the unit tests. There were
over a thousand memory leak warnings previously, mostly produced
by forgetting to free things in the unit test code. Fixes bug
11618, bugfixes on many versions of Tor.
o Minor bugfixes (tor-fw-helper):
- Give a correct log message when tor-fw-helper fails to launch.
(Previously, we would say something like "tor-fw-helper sent us a
string we could not parse".) Fixes bug 9781; bugfix
on 0.2.4.2-alpha.
o Minor bugfixes (trivial memory leaks):
- Fix a small memory leak when signing a directory object. Fixes bug
11275; bugfix on 0.2.4.13-alpha.
- Resolve some memory leaks found by coverity in the unit tests, on
exit in tor-gencert, and on a failure to compute digests for our
own keys when generating a v3 networkstatus vote. These leaks
should never have affected anyone in practice.
o Code simplification and refactoring:
- Remove some old fallback code designed to keep Tor clients working
in a network with only two working relays. Elsewhere in the code we
have long since stopped supporting such networks, so there wasn't
much point in keeping it around. Addresses ticket 9926.
- Reject 0-length EXTEND2 cells more explicitly. Fixes bug 10536;
bugfix on 0.2.4.8-alpha. Reported by "cypherpunks".
- Extract the common duplicated code for creating a subdirectory
of the data directory and writing to a file in it. Fixes ticket
4282; patch from Peter Retzlaff.
- Since OpenSSL 0.9.7, the i2d_*() functions support allocating output
buffer. Avoid calling twice: i2d_RSAPublicKey(), i2d_DHparams(),
i2d_X509(), and i2d_PublicKey(). Resolves ticket 5170.
- Add a set of accessor functions for the circuit timeout data
structure. Fixes ticket 6153; patch from "piet".
- Clean up exit paths from connection_listener_new(). Closes ticket
8789. Patch from Arlo Breault.
- Since we rely on OpenSSL 0.9.8 now, we can use EVP_PKEY_cmp()
and drop our own custom pkey_eq() implementation. Fixes bug 9043.
- Use a doubly-linked list to implement the global circuit list.
Resolves ticket 9108. Patch from Marek Majkowski.
- Remove contrib/id_to_fp.c since it wasn't used anywhere.
- Remove constants and tests for PKCS1 padding; it's insecure and
shouldn't be used for anything new. Fixes bug 8792; patch
from Arlo Breault.
- Remove instances of strcpy() from the unit tests. They weren't
hurting anything, since they were only in the unit tests, but it's
embarassing to have strcpy() in the code at all, and some analysis
tools don't like it. Fixes bug 8790; bugfix on 0.2.3.6-alpha and
0.2.3.8-alpha. Patch from Arlo Breault.
- Remove is_internal_IP() function. Resolves ticket 4645.
- Remove unused function circuit_dump_by_chan from circuitlist.c.
Closes issue 9107; patch from "marek".
- Change our use of the ENUM_BF macro to avoid declarations that
confuse Doxygen.
- Get rid of router->address, since in all cases it was just the
string representation of router->addr. Resolves ticket 5528.
o Documentation:
- Adjust the URLs in the README to refer to the new locations of
several documents on the website. Fixes bug 12830. Patch from
Matt Pagan.
- Document 'reject6' and 'accept6' ExitPolicy entries. Resolves
ticket 12878.
- Update manpage to describe some of the files you can expect to
find in Tor's DataDirectory. Addresses ticket 9839.
- Clean up several option names in the manpage to match their real
names, add the missing documentation for a couple of testing and
directory authority options, remove the documentation for a
V2-directory fetching option that no longer exists. Resolves
ticket 11634.
- Correct the documenation so that it lists the correct directory
for the stats files. (They are in a subdirectory called "stats",
not "status".)
- In the manpage, move more authority-only options into the
directory authority section so that operators of regular directory
caches don't get confused.
- Fix the layout of the SOCKSPort flags in the manpage. Fixes bug
11061; bugfix on 0.2.4.7-alpha.
- Resolve warnings from Doxygen.
- Document in the manpage that "KBytes" may also be written as
"kilobytes" or "KB", that "Kbits" may also be written as
"kilobits", and so forth. Closes ticket 9222.
- Document that the ClientOnly config option overrides ORPort.
Our old explanation made ClientOnly sound as though it did
nothing at all. Resolves bug 9059.
- Explain that SocksPolicy, DirPolicy, and similar options don't
take port arguments. Fixes the other part of ticket 11108.
- Fix a comment about the rend_server_descriptor_t.protocols field
to more accurately describe its range. Also, make that field
unsigned, to more accurately reflect its usage. Fixes bug 9099;
bugfix on 0.2.1.5-alpha.
- Fix the manpage's description of HiddenServiceAuthorizeClient:
the maximum client name length is 16, not 19. Fixes bug 11118;
bugfix on 0.2.1.6-alpha.
o Package cleanup:
- The contrib directory has been sorted and tidied. Before, it was
an unsorted dumping ground for useful and not-so-useful things.
Now, it is divided based on functionality, and the items which
seemed to be nonfunctional or useless have been removed. Resolves
ticket 8966; based on patches from "rl1987".
o Removed code and features:
- Clients now reject any directory authority certificates lacking
a dir-key-crosscert element. These have been included since
0.2.1.9-alpha, so there's no real reason for them to be optional
any longer. Completes proposal 157. Resolves ticket 10162.
- Remove all code that existed to support the v2 directory system,
since there are no longer any v2 directory authorities. Resolves
ticket 10758.
- Remove the HSAuthoritativeDir and AlternateHSAuthority torrc
options, which were used for designating authorities as "Hidden
service authorities". There has been no use of hidden service
authorities since 0.2.2.1-alpha, when we stopped uploading or
downloading v0 hidden service descriptors. Fixes bug 10881; also
part of a fix for bug 10841.
- Remove /tor/dbg-stability.txt URL that was meant to help debug WFU
and MTBF calculations, but that nobody was using. Fixes bug 11742.
- The TunnelDirConns and PreferTunnelledDirConns options no longer
exist; tunneled directory connections have been available since
0.1.2.5-alpha, and turning them off is not a good idea. This is a
brute-force fix for 10849, where "TunnelDirConns 0" would break
hidden services.
- Remove all code for the long unused v1 directory protocol.
Resolves ticket 11070.
- Remove all remaining code related to version-0 hidden service
descriptors: they have not been in use since 0.2.2.1-alpha. Fixes
the rest of bug 10841.
- Remove migration code from when we renamed the "cached-routers"
file to "cached-descriptors" back in 0.2.0.8-alpha. This
incidentally resolves ticket 6502 by cleaning up the related code
a bit. Patch from Akshay Hebbar.
o Test infrastructure:
- Tor now builds each source file in two modes: a mode that avoids
exposing identifiers needlessly, and another mode that exposes
more identifiers for testing. This lets the compiler do better at
optimizing the production code, while enabling us to take more
radical measures to let the unit tests test things.
- The production builds no longer include functions used only in
the unit tests; all functions exposed from a module only for
unit-testing are now static in production builds.
- Add an --enable-coverage configuration option to make the unit
tests (and a new src/or/tor-cov target) to build with gcov test
coverage support.
- Update to the latest version of tinytest.
- Improve the tinytest implementation of string operation tests so
that comparisons with NULL strings no longer crash the tests; they
now just fail, normally. Fixes bug 9004; bugfix on 0.2.2.4-alpha.
- New macros in test.h to simplify writing mock-functions for unit
tests. Part of ticket 11507. Patch from Dana Koch.
- We now have rudimentary function mocking support that our unit
tests can use to test functions in isolation. Function mocking
lets the tests temporarily replace a function's dependencies with
stub functions, so that the tests can check the function without
invoking the other functions it calls.
o Testing:
- Complete tests for the status.c module. Resolves ticket 11507.
Patch from Dana Koch.
- Add more unit tests for the <circid,channel>->circuit map, and
the destroy-cell-tracking code to fix bug 7912.
- Unit tests for failing cases of the TAP onion handshake.
- More unit tests for address-manipulation functions.
o Distribution (systemd):
- Include a tor.service file in contrib/dist for use with systemd.
Some distributions will be able to use this file unmodified;
others will need to tweak it, or write their own. Patch from Jamie
Nguyen; resolves ticket 8368.
- Verify configuration file via ExecStartPre in the systemd unit
file. Patch from intrigeri; resolves ticket 12730.
- Explicitly disable RunAsDaemon in the systemd unit file. Our
current systemd unit uses "Type = simple", so systemd does not
expect tor to fork. If the user has "RunAsDaemon 1" in their
torrc, then things won't work as expected. This is e.g. the case
on Debian (and derivatives), since there we pass "--defaults-torrc
/usr/share/tor/tor-service-defaults-torrc" (that contains
"RunAsDaemon 1") by default. Patch by intrigeri; resolves
ticket 12731.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGVAwUBVEva2pEDl9iNKTGaAQIwSwv/ZpDr0k88xIzEKu1BOQkVP+ZJ+0JRH+L+
ggDU69ZXhRveSoC1VK3asUb5DWWqsNhOBgLIGun8B/aa6dJmf54PgxhwHNAPdfi1
O9lv1AGsd3/k7GW0y/RwWUP8AdsDpD2YOsJvssi2sXBXnldAA9rL7AN9Z2k8yw7E
zAjZO7v1FgKsKfUxwuzYHPShoePOYfISKWAJ10wApYcv4LHFacur312BP8e5zJWt
nYpnlG5jxjyQ9WPJvjG1cYybbHccGn93q2mJjdWJfcUx3DwHfA+RAxsEONa3y5ZC
ttIJXZkpLIBUhIZWxIPbenRBPffBgZT4N1AJee/kDri2OCvfMml+DksE/nreaYXm
iLbCMNTV60mC4mUYPZKQG6EwuWpVPEf6c3JYnXRvdXVY/Y91D53/qGks3n56eU7v
SObILrc67MM6/MauCs94nAqiYN/zOgDRdzTVw7b9r080Y6mfm/uoJROnHcoCZWSh
cP1H+2Zc6KBBJR5zrOHLk8wDYUyBuAI/
=urIk
-----END PGP SIGNATURE-----
1
0
The sixth pointfix release of the Tor Browser 3.6 series is available from
the Tor Browser Project page and also from our distribution directory:
https://www.torproject.org/download/download-easy.html
https://www.torproject.org/dist/torbrowser/3.6.6/
This release features important security updates to Firefox:
https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
Here is the complete changelog for 3.6.6:
All Platforms
Update Tor to tor-0.2.4.24
Update Firefox to 24.8.1esr
Update NoScript to 2.6.8.42
Update HTTPS Everywhere to 4.0.1
Bug 12998: Prevent intermediate certs from being written to disk
Update Torbutton to 1.6.12.3
Bug 13091: Use "Tor Browser" everywhere
Bug 10804: Workaround fix for some cases of startup hang
Linux
Bug 9150: Make RPATH unavailable on Tor binary.
-----------------------------------------------------------------------
Tor 0.2.4.24 fixes a bug that affects consistency and speed when
connecting to hidden services, and it updates the location of one of
the directory authorities.
Changes in version 0.2.4.24 - 2014-09-22
o Major bugfixes:
- Clients now send the correct address for their chosen rendezvous
point when trying to access a hidden service. They used to send
the wrong address, which would still work some of the time because
they also sent the identity digest of the rendezvous point, and if
the hidden service happened to try connecting to the rendezvous
point from a relay that already had a connection open to it,
the relay would reuse that connection. Now connections to hidden
services should be more robust and faster. Also, this bug meant
that clients were leaking to the hidden service whether they were
on a little-endian (common) or big-endian (rare) system, which for
some users might have reduced their anonymity. Fixes bug 13151;
bugfix on 0.2.1.5-alpha.
o Directory authority changes:
- Change IP address for gabelmoo (v3 directory authority).
o Minor features (geoip):
- Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
Country database.
1
0
30 Jul '14
SUMMARY:
On July 4 2014 we found a group of relays that we assume were trying
to deanonymize users. They appear to have been targeting people who
operate or access Tor hidden services. The attack involved modifying
Tor protocol headers to do traffic confirmation attacks.
The attacking relays joined the network on January 30 2014, and we
removed them from the network on July 4. While we don't know when they
started doing the attack, users who operated or accessed hidden services
from early February through July 4 should assume they were affected.
Unfortunately, it's still unclear what "affected" includes. We know
the attack looked for users who fetched hidden service descriptors,
but the attackers likely were not able to see any application-level
traffic (e.g. what pages were loaded or even whether users visited
the hidden service they looked up). The attack probably also tried to
learn who published hidden service descriptors, which would allow the
attackers to learn the location of that hidden service. In theory the
attack could also be used to link users to their destinations on normal
Tor circuits too, but we found no evidence that the attackers operated
any exit relays, making this attack less likely. And finally, we don't
know how much data the attackers kept, and due to the way the attack
was deployed (more details below), their protocol header modifications
might have aided other attackers in deanonymizing users too.
Relays should upgrade to a recent Tor release (0.2.4.23 or
0.2.5.6-alpha), to close the particular protocol vulnerability the
attackers used -- but remember that preventing traffic confirmation in
general remains an open research problem. Clients that upgrade (once
new Tor Browser releases are ready) will take another step towards
limiting the number of entry guards that are in a position to see
their traffic, thus reducing the damage from future attacks like this
one. Hidden service operators should consider changing the location of
their hidden service.
THE TECHNICAL DETAILS:
We believe they used a combination of two classes of attacks: a traffic
confirmation attack and a Sybil attack.
A traffic confirmation attack is possible when the attacker controls
or observes the relays on both ends of a Tor circuit and then compares
traffic timing, volume, or other characteristics to conclude that the
two relays are indeed on the same circuit. If the first relay in the
circuit (called the "entry guard") knows the IP address of the user,
and the last relay in the circuit knows the resource or destination
she is accessing, then together they can deanonymize her. You can read
more about traffic confirmation attacks, including pointers to many
research papers, at this blog post from 2009:
https://blog.torproject.org/blog/one-cell-enough
The particular confirmation attack they used was an active attack where
the relay on one end injects a signal into the Tor protocol headers,
and then the relay on the other end reads the signal. These attacking
relays were stable enough to get the HSDir ("suitable for hidden
service directory") and Guard ("suitable for being an entry guard")
consensus flags:
https://gitweb.torproject.org/torspec.git/blob/HEAD:/dir-spec.txt#l1775
Then they injected the signal whenever they were used as a hidden
service directory, and looked for an injected signal whenever they
were used as an entry guard.
The way they injected the signal was by sending sequences of "relay"
vs "relay early" commands down the circuit, to encode the message they
want to send. For background, Tor has two types of cells: link cells,
which are intended for the adjacent relay in the circuit, and relay
cells, which are passed to the other end of the circuit.
https://gitweb.torproject.org/torspec.git/blob/HEAD:/tor-spec.txt#l364
In 2008 we added a new kind of relay cell, called a "relay early"
cell, which is used to prevent people from building very long paths
in the Tor network (very long paths can be used to induce congestion
and aid in breaking anonymity):
http://freehaven.net/anonbib/#congestion-longpaths
https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/110-avoid-in…
But the fix for infinite-length paths introduced a problem with
accessing hidden services:
https://trac.torproject.org/projects/tor/ticket/1038
and one of the side effects of our fix for bug 1038 was that while
we limit the number of outbound (away from the client) "relay early"
cells on a circuit, we don't limit the number of inbound (towards the
client) relay early cells:
https://lists.torproject.org/pipermail/tor-commits/2009-July/014679.html
So in summary, when Tor clients contacted an attacking
relay in its role as a Hidden Service Directory to publish
or retrieve a hidden service descriptor (steps 2 and 3 on
https://www.torproject.org/docs/hidden-services) that relay would
send the hidden service name (encoded as a pattern of relay and
relay-early cells) back down the circuit. Other attacking relays,
when they get chosen for the first hop of a circuit, would look for
inbound relay-early cells (since nobody else sends them) and would
thus learn which clients requested information about a hidden service.
There are three important points about this attack:
A) The attacker encoded the name of the hidden service in the injected
signal (as opposed to, say, sending a random number and keeping a local
list mapping random number to hidden service name). The encoded signal
is encrypted as it is sent over the TLS channel between relays. However,
this signal would be easy to read and interpret by anybody who runs
a relay and receives the encoded traffic. And we might also worry
about a global adversary (e.g. a large intelligence agency) that
records Internet traffic at the entry guards and then tries to break
Tor's link encryption. The way this attack was performed weakens Tor's
anonymity against these other potential attackers too -- either while
it was happening or after the fact if they have traffic logs. So if
the attack was a research project (i.e. not intentionally malicious),
it was deployed in an irresponsible way because it puts users at risk
indefinitely into the future.
(This concern is in addition to the general issue that it's probably
unwise from a legal perspective for researchers to attack real users
by modifying their traffic on one end and wiretapping it on the
other. Tools like Shadow are great for testing Tor research ideas out
in the lab: http://shadow.github.io/ )
B) This protocol header signal injection attack is actually pretty neat
from a research perspective, in that it's a bit different from previous
tagging attacks which targeted the application-level payload. Previous
tagging attacks modified the payload at the entry guard, and then
looked for a modified payload at the exit relay (which can see the
decrypted payload). Those attacks don't work in the other direction
(from the exit relay back towards the client), because the payload
is still encrypted at the entry guard. But because this new approach
modifies ("tags") the cell headers rather than the payload, every
relay in the path can see the tag.
C) We should remind readers that while this particular variant of
the traffic confirmation attack allows high-confidence and efficient
correlation, the general class of passive (statistical) traffic
confirmation attacks remains unsolved and would likely have worked
just fine here. So the good news is traffic confirmation attacks
aren't new or surprising, but the bad news is that they still work. See
https://blog.torproject.org/blog/one-cell-enough for more discussion.
Then the second class of attack they used, in conjunction with their
traffic confirmation attack, was a standard Sybil attack -- they
signed up around 115 fast non-exit relays, all running on 50.7.0.0/16
or 204.45.0.0/16. Together these relays summed to about 6.4% of the
Guard capacity in the network. Then, in part because of our current
guard rotation parameters:
https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-pa…
these relays became entry guards for a significant chunk of users over
their five months of operation.
We actually noticed these relays when they joined the network, since
the DocTor scanner reported them:
https://lists.torproject.org/pipermail/tor-consensus-health/2014-January/00…
https://gitweb.torproject.org/doctor.git
We considered the set of new relays at the time, and made a decision
that it wasn't that large a fraction of the network. It's clear there's
room for improvement in terms of how to let the Tor network grow while
also ensuring we maintain social connections with the operators of all
large groups of relays. (In general having a widely diverse set of relay
locations and relay operators, yet not allowing any bad relays in,
seems like a hard problem; on the other hand our detection scripts did
notice them in this case, so there's hope for a better solution here.)
In response, we've taken the following short-term steps:
1) Removed the attacking relays from the network.
2) Put out a software update for relays to prevent "relay early" cells
from being used this way.
3) Put out a software update that will (once enough clients have
upgraded) let us tell clients to move to using one entry guard
rather than three, to reduce exposure to relays over time.
4) Clients can tell whether they've received a relay or relay-cell.
For expert users, the new Tor version warns you in your logs if
a relay on your path injects any relay-early cells: look for the
phrase "Received an inbound RELAY_EARLY cell".
The following longer-term research areas remain:
5) Further growing the Tor network and diversity of relay operators,
which will reduce the impact from an adversary of a given size.
6) Exploring better mechanisms, e.g. social connections, to limit the
impact from a malicious set of relays. We've also formed a group to
pay more attention to suspicious relays in the network:
https://blog.torproject.org/blog/how-report-bad-relays
7) Further reducing exposure to guards over time, perhaps by extending
the guard rotation lifetime:
https://blog.torproject.org/blog/lifecycle-of-a-new-relay
https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-pa…
8) Better understanding statistical traffic correlation attacks and
whether padding or other approaches can mitigate them.
9) Improving the hidden service design, including making it harder
for relays serving as hidden service directory points to learn what
hidden service address they're handling:
https://blog.torproject.org/blog/hidden-services-need-some-love
OPEN QUESTIONS:
Q1) Was this the Black Hat 2014 talk that got canceled recently?
Q2) Did we find all the malicious relays?
Q3) Did the malicious relays inject the signal at any points besides
the HSDir position?
Q4) What data did the attackers keep, and are they going to destroy it?
How have they protected the data (if any) while storing it?
Great questions. We spent several months trying to extract information
from the researchers who were going to give the Black Hat talk, and
eventually we did get some hints from them about how "relay early"
cells could be used for traffic confirmation attacks, which is how
we started looking for the attacks in the wild. They haven't answered
our emails lately, so we don't know for sure, but it seems likely that
the answer to Q1 is "yes". In fact, we hope they *were* the ones doing
the attacks, since otherwise it means somebody else was. We don't yet
know the answers to Q2, Q3, or Q4.
1
0
Tor 0.2.4.23 brings us a big step closer to slowing down the risk from
guard rotation, and also backports several important fixes from the
Tor 0.2.5 alpha release series.
Changes in version 0.2.4.23 - 2014-07-28
o Major features:
- Clients now look at the "usecreatefast" consensus parameter to
decide whether to use CREATE_FAST or CREATE cells for the first hop
of their circuit. This approach can improve security on connections
where Tor's circuit handshake is stronger than the available TLS
connection security levels, but the tradeoff is more computational
load on guard relays. Implements proposal 221. Resolves ticket 9386.
- Make the number of entry guards configurable via a new
NumEntryGuards consensus parameter, and the number of directory
guards configurable via a new NumDirectoryGuards consensus
parameter. Implements ticket 12688.
o Major bugfixes:
- Fix a bug in the bounds-checking in the 32-bit curve25519-donna
implementation that caused incorrect results on 32-bit
implementations when certain malformed inputs were used along with
a small class of private ntor keys. This bug does not currently
appear to allow an attacker to learn private keys or impersonate a
Tor server, but it could provide a means to distinguish 32-bit Tor
implementations from 64-bit Tor implementations. Fixes bug 12694;
bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
Adam Langley.
o Minor bugfixes:
- Warn and drop the circuit if we receive an inbound 'relay early'
cell. Those used to be normal to receive on hidden service circuits
due to bug 1038, but the buggy Tor versions are long gone from
the network so we can afford to resume watching for them. Resolves
the rest of bug 1038; bugfix on 0.2.1.19.
- Correct a confusing error message when trying to extend a circuit
via the control protocol but we don't know a descriptor or
microdescriptor for one of the specified relays. Fixes bug 12718;
bugfix on 0.2.3.1-alpha.
- Avoid an illegal read from stack when initializing the TLS module
using a version of OpenSSL without all of the ciphers used by the
v2 link handshake. Fixes bug 12227; bugfix on 0.2.4.8-alpha. Found
by "starlight".
o Minor features:
- Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
Country database.
1
0
04 Jun '14
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello, all!
This is a slightly belated announcement for the release of 0.2.4.22.
I'm including the release notes for Tor 0.2.4.20 and Tor 0.2.4.21 as
well, since apparently they never made it onto this list.
I've enlisted help from Colin to make sure that future stable
release announcements make it to this list in a more timely manner
(ideally, as soon as packages are built). TorBrowser releases will
typically lag a little, as they follow their own release schedule.
(Alpha releases will still be announced on tor-talk only.)
Changes in version 0.2.4.22 - 2014-05-16
Tor 0.2.4.22 backports numerous high-priority fixes from the Tor 0.2.5
alpha release series. These include blocking all authority signing
keys that may have been affected by the OpenSSL "heartbleed" bug,
choosing a far more secure set of TLS ciphersuites by default, closing
a couple of memory leaks that could be used to run a target relay out
of RAM, and several others.
o Major features (security, backport from 0.2.5.4-alpha):
- Block authority signing keys that were used on authorities
vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160). (We
don't have any evidence that these keys _were_ compromised; we're
doing this to be prudent.) Resolves ticket 11464.
o Major bugfixes (security, OOM):
- Fix a memory leak that could occur if a microdescriptor parse
fails during the tokenizing step. This bug could enable a memory
exhaustion attack by directory servers. Fixes bug 11649; bugfix
on 0.2.2.6-alpha.
o Major bugfixes (TLS cipher selection, backport from 0.2.5.4-alpha):
- The relay ciphersuite list is now generated automatically based on
uniform criteria, and includes all OpenSSL ciphersuites with
acceptable strength and forward secrecy. Previously, we had left
some perfectly fine ciphersuites unsupported due to omission or
typo. Resolves bugs 11513, 11492, 11498, 11499. Bugs reported by
'cypherpunks'. Bugfix on 0.2.4.8-alpha.
- Relays now trust themselves to have a better view than clients of
which TLS ciphersuites are better than others. (Thanks to bug
11513, the relay list is now well-considered, whereas the client
list has been chosen mainly for anti-fingerprinting purposes.)
Relays prefer: AES over 3DES; then ECDHE over DHE; then GCM over
CBC; then SHA384 over SHA256 over SHA1; and last, AES256 over
AES128. Resolves ticket 11528.
- Clients now try to advertise the same list of ciphersuites as
Firefox 28. This change enables selection of (fast) GCM
ciphersuites, disables some strange old ciphers, and stops
advertising the ECDH (not to be confused with ECDHE) ciphersuites.
Resolves ticket 11438.
o Minor bugfixes (configuration, security):
- When running a hidden service, do not allow TunneledDirConns 0:
trying to set that option together with a hidden service would
otherwise prevent the hidden service from running, and also make
it publish its descriptors directly over HTTP. Fixes bug 10849;
bugfix on 0.2.1.1-alpha.
o Minor bugfixes (controller, backport from 0.2.5.4-alpha):
- Avoid sending a garbage value to the controller when a circuit is
cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
o Minor bugfixes (exit relay, backport from 0.2.5.4-alpha):
- Stop leaking memory when we successfully resolve a PTR record.
Fixes bug 11437; bugfix on 0.2.4.7-alpha.
o Minor bugfixes (bridge client, backport from 0.2.5.4-alpha):
- Avoid 60-second delays in the bootstrapping process when Tor is
launching for a second time while using bridges. Fixes bug 9229;
bugfix on 0.2.0.3-alpha.
o Minor bugfixes (relays and bridges, backport from 0.2.5.4-alpha):
- Give the correct URL in the warning message when trying to run a
relay on an ancient version of Windows. Fixes bug 9393.
o Minor bugfixes (compilation):
- Fix a compilation error when compiling with --disable-curve25519.
Fixes bug 9700; bugfix on 0.2.4.17-rc.
o Minor bugfixes:
- Downgrade the warning severity for the the "md was still
referenced 1 node(s)" warning. Tor 0.2.5.4-alpha has better code
for trying to diagnose this bug, and the current warning in
earlier versions of tor achieves nothing useful. Addresses warning
from bug 7164.
o Minor features (log verbosity, backport from 0.2.5.4-alpha):
- When we run out of usable circuit IDs on a channel, log only one
warning for the whole channel, and describe how many circuits
there were on the channel. Fixes part of ticket 11553.
o Minor features (security, backport from 0.2.5.4-alpha):
- Decrease the lower limit of MaxMemInCellQueues to 256 MBytes (but
leave the default at 8GBytes), to better support Raspberry Pi
users. Fixes bug 9686; bugfix on 0.2.4.14-alpha.
o Documentation (backport from 0.2.5.4-alpha):
- Correctly document that we search for a system torrc file before
looking in ~/.torrc. Fixes documentation side of 9213; bugfix on
0.2.3.18-rc.
Changes in version 0.2.4.21 - 2014-02-28
Tor 0.2.4.21 further improves security against potential adversaries who
find breaking 1024-bit crypto doable, and backports several stability
and robustness patches from the 0.2.5 branch.
o Major features (client security):
- When we choose a path for a 3-hop circuit, make sure it contains
at least one relay that supports the NTor circuit extension
handshake. Otherwise, there is a chance that we're building
a circuit that's worth attacking by an adversary who finds
breaking 1024-bit crypto doable, and that chance changes the game
theory. Implements ticket 9777.
o Major bugfixes:
- Do not treat streams that fail with reason
END_STREAM_REASON_INTERNAL as indicating a definite circuit failure,
since it could also indicate an ENETUNREACH connection error. Fixes
part of bug 10777; bugfix on 0.2.4.8-alpha.
o Code simplification and refactoring:
- Remove data structures which were introduced to implement the
CellStatistics option: they are now redundant with the new timestamp
field in the regular packed_cell_t data structure, which we did
in 0.2.4.18-rc in order to resolve bug 9093. Resolves ticket 10870.
o Minor features:
- Always clear OpenSSL bignums before freeing them -- even bignums
that don't contain secrets. Resolves ticket 10793. Patch by
Florent Daigniere.
- Build without warnings under clang 3.4. (We have some macros that
define static functions only some of which will get used later in
the module. Starting with clang 3.4, these give a warning unless the
unused attribute is set on them.) Resolves ticket 10904.
- Update geoip and geoip6 files to the February 7 2014 Maxmind
GeoLite2 Country database.
o Minor bugfixes:
- Set the listen() backlog limit to the largest actually supported
on the system, not to the value in a header file. Fixes bug 9716;
bugfix on every released Tor.
- Treat ENETUNREACH, EACCES, and EPERM connection failures at an
exit node as a NOROUTE error, not an INTERNAL error, since they
can apparently happen when trying to connect to the wrong sort
of netblocks. Fixes part of bug 10777; bugfix on 0.1.0.1-rc.
- Fix build warnings about missing "a2x" comment when building the
manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py".
Fixes bug 10929; bugfix on 0.2.2.9-alpha. Patch from Dana Koch.
- Avoid a segfault on SIGUSR1, where we had freed a connection but did
not entirely remove it from the connection lists. Fixes bug 9602;
bugfix on 0.2.4.4-alpha.
- Fix a segmentation fault in our benchmark code when running with
Fedora's OpenSSL package, or any other OpenSSL that provides
ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha.
- Turn "circuit handshake stats since last time" log messages into a
heartbeat message. Fixes bug 10485; bugfix on 0.2.4.17-rc.
o Documentation fixes:
- Document that all but one DirPort entry must have the NoAdvertise
flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha.
Changes in version 0.2.4.20 - 2013-12-22
Tor 0.2.4.20 fixes potentially poor random number generation for users
who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their
torrc file, 3) have "Sandy Bridge" or "Ivy Bridge" Intel processors,
and 4) have no state file in their DataDirectory (as would happen on
first start). Users who generated relay or hidden service identity
keys in such a situation should discard them and generate new ones.
This release also fixes a logic error that caused Tor clients to build
many more preemptive circuits than they actually need.
o Major bugfixes:
- Do not allow OpenSSL engines to replace the PRNG, even when
HardwareAccel is set. The only default builtin PRNG engine uses
the Intel RDRAND instruction to replace the entire PRNG, and
ignores all attempts to seed it with more entropy. That's
cryptographically stupid: the right response to a new alleged
entropy source is never to discard all previously used entropy
sources. Fixes bug 10402; works around behavior introduced in
OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman"
and "rl1987".
- Fix assertion failure when AutomapHostsOnResolve yields an IPv6
address. Fixes bug 10465; bugfix on 0.2.4.7-alpha.
- Avoid launching spurious extra circuits when a stream is pending.
This fixes a bug where any circuit that _wasn't_ unusable for new
streams would be treated as if it were, causing extra circuits to
be launched. Fixes bug 10456; bugfix on 0.2.4.12-alpha.
o Minor bugfixes:
- Avoid a crash bug when starting with a corrupted microdescriptor
cache file. Fixes bug 10406; bugfix on 0.2.2.6-alpha.
- If we fail to dump a previously cached microdescriptor to disk, avoid
freeing duplicate data later on. Fixes bug 10423; bugfix on
0.2.4.13-alpha. Spotted by "bobnomnom".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGVAwUBU45IaJEDl9iNKTGaAQKCvAv8CFVTBvwsHap8IpBT48S/sdybN0uL8L7N
1axQbgAbuTyyyskZaOTv/pp/4FvvOJ0ulCZfyrsXV7jQhsUNm1Ri9phWob2/sEpx
6Io9AVxw9W16mzduqlmxkdiVmvQNN17XTuPaYcjBtN2bbDGyrG6XtYjo03Lu3HUV
xgKuaJR7eiked8G44slbccz80V1zmKq75YD4gFJgyBBNoS/0tmjh2zmjaE+7TeBq
jEJyedFPVhhGHWg2PruDLeSgfKTIwA8KtJwAmJ7JwKNSX4LTFGz7MZrX77QdnZ3D
FRDUuvGMVq6p5QGfsx59B9Uc6o8ox6UfnXYEqtzP9fDKPRvFNU7FqSV7Siu54Bk6
f/aY00IC05etz4X6t2NOtSCKAu7/Abd7zbYRLaW/v67/r6iaR6r/LVAILgJZA8jw
acZGBaVov4ta/5sJcWLx/6iCD1VxtGkgk6TH399b1EGn9SFO4Exp5sGMLc4qiLEk
3hP+/YEYNx+yDz1IkupuwZDHa4iQtefh
=du7v
-----END PGP SIGNATURE-----
1
0
A new OpenSSL vulnerability is out this week, which can be used to reveal
memory to a connected client or server. Tor uses OpenSSL so all Tor users
(clients, relays, etc) are potentially affected.
You can read many more details about the Tor impact on our blog post:
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
We have released an updated Tor Browser Bundle:
https://blog.torproject.org/blog/tor-browser-354-released
--Roger
1
0
The Tor 0.2.4 release series is dedicated to the memory of Aaron Swartz
(1986-2013). Aaron worked on diverse projects including helping to guide
Creative Commons, playing a key role in stopping SOPA/PIPA, bringing
transparency to the U.S. government's PACER documents, and contributing
design and development for Tor and Tor2Web. Aaron was one of the latest
martyrs in our collective fight for civil liberties and human rights,
and his death is all the more painful because he was one of us.
Tor 0.2.4.19, the first stable release in the 0.2.4 branch, features
a new circuit handshake and link encryption that use ECC to provide
better security and efficiency; makes relays better manage circuit
creation requests; uses "directory guards" to reduce client enumeration
risks; makes bridges collect and report statistics about the pluggable
transports they support; cleans up and improves our geoip database;
gets much closer to IPv6 support for clients, bridges, and relays; makes
directory authorities use measured bandwidths rather than advertised
ones when computing flags and thresholds; disables client-side DNS
caching to reduce tracking risks; and fixes a big bug in bridge
reachability testing. This release introduces two new design
abstractions in the code: a new "channel" abstraction between circuits
and or_connections to allow for implementing alternate relay-to-relay
transports, and a new "circuitmux" abstraction storing the queue of
circuits for a channel. The release also includes many stability,
security, and privacy fixes.
This new Tor release coincides with the new Tor Browser Bundle 3.5,
which switches to Firefox 24 and includes many other fixes:
https://blog.torproject.org/blog/tor-browser-bundle-35-released
https://www.torproject.org/download/download
Changes in version 0.2.4.19 - 2013-12-11
o Major features (new circuit handshake):
- Tor now supports a new circuit extension handshake designed by Ian
Goldberg, Douglas Stebila, and Berkant Ustaoglu. Our original
circuit extension handshake, later called "TAP", was a bit slow
(especially on the relay side), had a fragile security proof, and
used weaker keys than we'd now prefer. The new circuit handshake
uses Dan Bernstein's "curve25519" elliptic-curve Diffie-Hellman
function, making it significantly more secure than the older
handshake, and significantly faster. Tor can use one of two built-in
pure-C curve25519-donna implementations by Adam Langley, or it
can link against the "nacl" library for a tuned version if present.
The built-in version is very fast for 64-bit systems when building
with GCC. The built-in 32-bit version is still faster than the
old TAP protocol, but using libnacl is better on most such hosts.
Implements proposal 216; closes ticket 7202.
o Major features (better link encryption):
- Relays can now enable the ECDHE TLS ciphersuites when available
and appropriate. These ciphersuites let us negotiate forward-secure
TLS secret keys more safely and more efficiently than with our
previous use of Diffie-Hellman modulo a 1024-bit prime. By default,
public relays prefer the (faster) P224 group, and bridges prefer
the (more common) P256 group; you can override this with the
TLSECGroup option.
This feature requires clients running 0.2.3.17-beta or later,
and requires both sides to be running OpenSSL 1.0.0 or later
with ECC support. OpenSSL 1.0.1, with the compile-time option
"enable-ec_nistp_64_gcc_128", is highly recommended.
Implements the relay side of proposal 198; closes ticket 7200.
- Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later.
Resolves ticket 6055. (OpenSSL before 1.0.1 didn't have TLS 1.1 or
1.2, and OpenSSL from 1.0.1 through 1.0.1d had bugs that prevented
renegotiation from working with TLS 1.1 or 1.2, so we had disabled
them to solve bug 6033.)
o Major features (relay performance):
- Instead of limiting the number of queued onionskins (aka circuit
create requests) to a fixed, hard-to-configure number, we limit
the size of the queue based on how many we expect to be able to
process in a given amount of time. We estimate the time it will
take to process an onionskin based on average processing time
of previous onionskins. Closes ticket 7291. You'll never have to
configure MaxOnionsPending again.
- Relays process the new "NTor" circuit-level handshake requests
with higher priority than the old "TAP" circuit-level handshake
requests. We still process some TAP requests to not totally starve
0.2.3 clients when NTor becomes popular. A new consensus parameter
"NumNTorsPerTAP" lets us tune the balance later if we need to.
Implements ticket 9574.
o Major features (client bootstrapping resilience):
- Add a new "FallbackDir" torrc option to use when we can't use
a directory mirror from the consensus (either because we lack a
consensus, or because they're all down). Currently, all authorities
are fallbacks by default, and there are no other default fallbacks,
but that will change. This option will allow us to give clients a
longer list of servers to try to get a consensus from when first
connecting to the Tor network, and thereby reduce load on the
directory authorities. Implements proposal 206, "Preconfigured
directory sources for bootstrapping". We also removed the old
"FallbackNetworkstatus" option, since we never got it working well
enough to use it. Closes bug 572.
- If we have no circuits open, use a relaxed timeout (the
95th-percentile cutoff) until a circuit succeeds. This heuristic
should allow Tor to succeed at building circuits even when the
network connection drastically changes. Should help with bug 3443.
o Major features (use of guards):
- Support directory guards (proposal 207): when possible, clients now
use their entry guards for non-anonymous directory requests. This
can help prevent client enumeration. Note that this behavior only
works when we have a usable consensus directory, and when options
about what to download are more or less standard. In the future we
should re-bootstrap from our guards, rather than re-bootstrapping
from the preconfigured list of directory sources that ships with
Tor. Resolves ticket 6526.
- Raise the default time that a client keeps an entry guard from
"1-2 months" to "2-3 months", as suggested by Tariq Elahi's WPES
2012 paper. (We would make it even longer, but we need better client
load balancing first.) Also, make the guard lifetime controllable
via a new GuardLifetime torrc option and a GuardLifetime consensus
parameter. Start of a fix for bug 8240; bugfix on 0.1.1.11-alpha.
o Major features (bridges with pluggable transports):
- Bridges now report the pluggable transports they support to the
bridge authority, so it can pass the supported transports on to
bridgedb and/or eventually do reachability testing. Implements
ticket 3589.
- Automatically forward the TCP ports of pluggable transport
proxies using tor-fw-helper if PortForwarding is enabled. Implements
ticket 4567.
o Major features (geoip database):
- Maxmind began labelling Tor relays as being in country "A1",
which breaks by-country node selection inside Tor. Now we use a
script to replace "A1" ("Anonymous Proxy") entries in our geoip
file with real country codes. This script fixes about 90% of "A1"
entries automatically and uses manual country code assignments to
fix the remaining 10%. See src/config/README.geoip for details.
Fixes bug 6266.
- Add GeoIP database for IPv6 addresses. The new config option
is GeoIPv6File.
- Update to the October 2 2013 Maxmind GeoLite Country database.
o Major features (IPv6):
- Clients who set "ClientUseIPv6 1" may connect to entry nodes over
IPv6. Set "ClientPreferIPv6ORPort 1" to make this even more likely
to happen. Implements ticket 5535.
- All kind of relays, not just bridges, can now advertise an IPv6
OR port. Implements ticket 6362.
- Relays can now exit to IPv6 addresses: make sure that you have IPv6
connectivity, then set the IPv6Exit flag to 1. Also make sure your
exit policy reads as you would like: the address * applies to all
address families, whereas *4 is IPv4 address only, and *6 is IPv6
addresses only. On the client side, you'll need to wait for enough
exits to support IPv6, apply the "IPv6Traffic" flag to a SocksPort,
and use Socks5. Closes ticket 5547, implements proposal 117 as
revised in proposal 208.
- Bridge authorities now accept IPv6 bridge addresses and include
them in network status documents. Implements ticket 5534.
- Directory authorities vote on IPv6 OR ports. Implements ticket 6363.
o Major features (directory authorities):
- Directory authorities now prefer using measured bandwidths to
advertised ones when computing flags and thresholds. Resolves
ticket 8273.
- Directory authorities that vote measured bandwidths about more
than a threshold number of relays now treat relays with
unmeasured bandwidths as having bandwidth 0 when computing their
flags. Resolves ticket 8435.
- Directory authorities now support a new consensus method (17)
where they cap the published bandwidth of relays for which
insufficient bandwidth measurements exist. Fixes part of bug 2286.
- Directory authorities that set "DisableV2DirectoryInfo_ 1" no longer
serve any v2 directory information. Now we can test disabling the
old deprecated v2 directory format, and see whether doing so has
any effect on network load. Begins to fix bug 6783.
o Major features (build and portability):
- Switch to a nonrecursive Makefile structure. Now instead of each
Makefile.am invoking other Makefile.am's, there is a master
Makefile.am that includes the others. This change makes our build
process slightly more maintainable, and improves parallelism for
building with make -j. Original patch by Stewart Smith; various
fixes by Jim Meyering.
- Where available, we now use automake's "silent" make rules by
default, so that warnings are easier to spot. You can get the old
behavior with "make V=1". Patch by Stewart Smith for ticket 6522.
- Resume building correctly with MSVC and Makefile.nmake. This patch
resolves numerous bugs and fixes reported by ultramage, including
7305, 7308, 7309, 7310, 7312, 7313, 7315, 7316, and 7669.
o Security features:
- Switch to a completely time-invariant approach for picking nodes
weighted by bandwidth. Our old approach would run through the
part of the loop after it had made its choice slightly slower
than it ran through the part of the loop before it had made its
choice. Addresses ticket 6538.
- Disable the use of Guard nodes when in Tor2WebMode. Guard usage
by tor2web clients allows hidden services to identify tor2web
clients through their repeated selection of the same rendezvous
and introduction point circuit endpoints (their guards). Resolves
ticket 6888.
o Major bugfixes (relay denial of service):
- When we have too much memory queued in circuits (according to a new
MaxMemInCellQueues option), close the circuits that have the oldest
queued cells, on the theory that those are most responsible for
us running low on memory. This prevents us from running out of
memory as a relay if circuits fill up faster than they can be
drained. Fixes bugs 9063 and 9093; bugfix on the 54th commit of
Tor. This bug is a further fix beyond bug 6252, whose fix was
merged into 0.2.3.21-rc.
- Reject bogus create and relay cells with 0 circuit ID or 0 stream
ID: these could be used to create unexpected streams and circuits
which would count as "present" to some parts of Tor but "absent"
to others, leading to zombie circuits and streams or to a bandwidth
denial-of-service. Fixes bug 7889; bugfix on every released version
of Tor. Reported by "oftc_must_be_destroyed".
- Avoid a bug where our response to TLS renegotiation under certain
network conditions could lead to a busy-loop, with 100% CPU
consumption. Fixes bug 5650; bugfix on 0.2.0.16-alpha.
o Major bugfixes (asserts, crashes, leaks):
- Prevent the get_freelists() function from running off the end of
the list of freelists if it somehow gets an unrecognized
allocation. Fixes bug 8844; bugfix on 0.2.0.16-alpha. Reported by
eugenis.
- Avoid a memory leak where we would leak a consensus body when we
find that a consensus which we couldn't previously verify due to
missing certificates is now verifiable. Fixes bug 8719; bugfix
on 0.2.0.10-alpha.
- If we are unable to save a microdescriptor to the journal, do not
drop it from memory and then reattempt downloading it. Fixes bug
9645; bugfix on 0.2.2.6-alpha.
- Fix an assertion failure that would occur when disabling the
ORPort setting on a running Tor process while accounting was
enabled. Fixes bug 6979; bugfix on 0.2.2.18-alpha.
- Avoid an assertion failure on OpenBSD (and perhaps other BSDs)
when an exit connection with optimistic data succeeds immediately
rather than returning EINPROGRESS. Fixes bug 9017; bugfix on
0.2.3.1-alpha.
- Fix a memory leak that would occur whenever a configuration
option changed. Fixes bug 8718; bugfix on 0.2.3.3-alpha.
o Major bugfixes (relay rate limiting):
- When a TLS write is partially successful but incomplete, remember
that the flushed part has been flushed, and notice that bytes were
actually written. Reported and fixed pseudonymously. Fixes bug 7708;
bugfix on Tor 0.1.0.5-rc.
- Raise the default BandwidthRate/BandwidthBurst values from 5MB/10MB
to 1GB/1GB. The previous defaults were intended to be "basically
infinite", but it turns out they're now limiting our 100mbit+
relays and bridges. Fixes bug 6605; bugfix on 0.2.0.10-alpha (the
last time we raised it).
- No longer stop reading or writing on cpuworker connections when
our rate limiting buckets go empty. Now we should handle circuit
handshake requests more promptly. Resolves bug 9731.
o Major bugfixes (client-side privacy):
- When we mark a circuit as unusable for new circuits, have it
continue to be unusable for new circuits even if MaxCircuitDirtiness
is increased too much at the wrong time, or the system clock jumps
backwards. Fixes bug 6174; bugfix on 0.0.2pre26.
- If ClientDNSRejectInternalAddresses ("do not believe DNS queries
which have resolved to internal addresses") is set, apply that
rule to IPv6 as well. Fixes bug 8475; bugfix on 0.2.0.7-alpha.
- When an exit relay rejects a stream with reason "exit policy", but
we only know an exit policy summary (e.g. from the microdesc
consensus) for it, do not mark the relay as useless for all exiting.
Instead, mark just the circuit as unsuitable for that particular
address. Fixes part of bug 7582; bugfix on 0.2.3.2-alpha.
o Major bugfixes (stream isolation):
- Allow applications to get proper stream isolation with
IsolateSOCKSAuth. Many SOCKS5 clients that want to offer
username/password authentication also offer "no authentication". Tor
had previously preferred "no authentication", so the applications
never actually sent Tor their auth details. Now Tor selects
username/password authentication if it's offered. You can disable
this behavior on a per-SOCKSPort basis via PreferSOCKSNoAuth. Fixes
bug 8117; bugfix on 0.2.3.3-alpha.
- Follow the socks5 protocol when offering username/password
authentication. The fix for bug 8117 exposed this bug, and it
turns out real-world applications like Pidgin do care. Bugfix on
0.2.3.2-alpha; fixes bug 8879.
o Major bugfixes (client circuit building):
- Alter circuit build timeout measurement to start at the point
where we begin the CREATE/CREATE_FAST step (as opposed to circuit
initialization). This should make our timeout measurements more
uniform. Previously, we were sometimes including ORconn setup time
in our circuit build time measurements. Should resolve bug 3443.
- If the circuit build timeout logic is disabled (via the consensus,
or because we are an authority), then don't build testing circuits.
Fixes bug 9657; bugfix on 0.2.2.14-alpha.
o Major bugfixes (client-side DNS):
- Turn off the client-side DNS cache by default. Updating and using
the DNS cache is now configurable on a per-client-port
level. SOCKSPort, DNSPort, etc lines may now contain
{No,}Cache{IPv4,IPv6,}DNS lines to indicate that we shouldn't
cache these types of DNS answers when we receive them from an
exit node in response to an application request on this port, and
{No,}UseCached{IPv4,IPv6,DNS} lines to indicate that if we have
cached DNS answers of these types, we shouldn't use them. It's
potentially risky to use cached DNS answers at the client, since
doing so can indicate to one exit what answers we've gotten
for DNS lookups in the past. With IPv6, this becomes especially
problematic. Using cached DNS answers for requests on the same
circuit would present less linkability risk, since all traffic
on a circuit is already linkable, but it would also provide
little performance benefit: the exit node caches DNS replies
too. Implements a simplified version of Proposal 205. Implements
ticket 7570.
o Major bugfixes (hidden service privacy):
- Limit hidden service descriptors to at most ten introduction
points, to slow one kind of guard enumeration. Fixes bug 9002;
bugfix on 0.1.1.11-alpha.
o Major bugfixes (directory fetching):
- If the time to download the next old-style networkstatus is in
the future, do not decline to consider whether to download the
next microdescriptor networkstatus. Fixes bug 9564; bugfix on
0.2.3.14-alpha.
- We used to always request authority certificates by identity digest,
meaning we'd get the newest one even when we wanted one with a
different signing key. Then we would complain about being given
a certificate we already had, and never get the one we really
wanted. Now we use the "fp-sk/" resource as well as the "fp/"
resource to request the one we want. Fixes bug 5595; bugfix on
0.2.0.8-alpha.
o Major bugfixes (bridge reachability):
- Bridges now send AUTH_CHALLENGE cells during their v3 handshakes;
previously they did not, which prevented them from receiving
successful connections from relays for self-test or bandwidth
testing. Also, when a relay is extending a circuit to a bridge,
it needs to send a NETINFO cell, even when the bridge hasn't sent
an AUTH_CHALLENGE cell. Fixes bug 9546; bugfix on 0.2.3.6-alpha.
o Major bugfixes (control interface):
- When receiving a new configuration file via the control port's
LOADCONF command, do not treat the defaults file as absent.
Fixes bug 9122; bugfix on 0.2.3.9-alpha.
o Major bugfixes (directory authorities):
- Stop marking every relay as having been down for one hour every
time we restart a directory authority. These artificial downtimes
were messing with our Stable and Guard flag calculations. Fixes
bug 8218 (introduced by the fix for 1035). Bugfix on 0.2.2.23-alpha.
- When computing directory thresholds, ignore any rejected-as-sybil
nodes during the computation so that they can't influence Fast,
Guard, etc. (We should have done this for proposal 109.) Fixes
bug 8146.
- When marking a node as a likely sybil, reset its uptime metrics
to zero, so that it cannot time towards getting marked as Guard,
Stable, or HSDir. (We should have done this for proposal 109.) Fixes
bug 8147.
- Fix a bug in the voting algorithm that could yield incorrect results
when a non-naming authority declared too many flags. Fixes bug 9200;
bugfix on 0.2.0.3-alpha.
o Internal abstraction features:
- Introduce new channel_t abstraction between circuits and
or_connection_t to allow for implementing alternate OR-to-OR
transports. A channel_t is an abstract object which can either be a
cell-bearing channel, which is responsible for authenticating and
handshaking with the remote OR and transmitting cells to and from
it, or a listening channel, which spawns new cell-bearing channels
at the request of remote ORs. Implements part of ticket 6465.
- Make a channel_tls_t subclass of channel_t, adapting it to the
existing or_connection_t code. The V2/V3 protocol handshaking
code which formerly resided in command.c has been moved below the
channel_t abstraction layer and may be found in channeltls.c now.
Implements the rest of ticket 6465.
- Introduce new circuitmux_t storing the queue of circuits for
a channel; this encapsulates and abstracts the queue logic and
circuit selection policy, and allows the latter to be overridden
easily by switching out a policy object. The existing EWMA behavior
is now implemented as a circuitmux_policy_t. Resolves ticket 6816.
o New build requirements:
- Tor now requires OpenSSL 0.9.8 or later. OpenSSL 1.0.0 or later is
strongly recommended.
- Tor maintainers now require Automake version 1.9 or later to build
Tor from the Git repository. (Automake is not required when building
from a source distribution.)
o Minor features (protocol):
- No longer include the "opt" prefix when generating routerinfos
or v2 directories: it has been needless since Tor 0.1.2. Closes
ticket 5124.
- Reject EXTEND cells sent to nonexistent streams. According to the
spec, an EXTEND cell sent to _any_ nonzero stream ID is invalid, but
we were only checking for stream IDs that were currently in use.
Found while hunting for more instances of bug 6271. Bugfix on
0.0.2pre8, which introduced incremental circuit construction.
- Tor relays and clients now support a better CREATE/EXTEND cell
format, allowing the sender to specify multiple address, identity,
and handshake types. Implements Robert Ransom's proposal 200;
closes ticket 7199.
- Reject as invalid most directory objects containing a NUL.
Belt-and-suspender fix for bug 8037.
o Minor features (security):
- Clear keys and key-derived material left on the stack in
rendservice.c and rendclient.c. Check return value of
crypto_pk_write_private_key_to_string() in rend_service_load_keys().
These fixes should make us more forward-secure against cold-boot
attacks and the like. Fixes bug 2385.
- Use our own weak RNG when we need a weak RNG. Windows's rand() and
Irix's random() only return 15 bits; Solaris's random() returns more
bits but its RAND_MAX says it only returns 15, and so on. Motivated
by the fix for bug 7801; bugfix on 0.2.2.20-alpha.
o Minor features (control protocol):
- Add a "GETINFO signal/names" control port command. Implements
ticket 3842.
- Provide default values for all options via "GETINFO config/defaults".
Implements ticket 4971.
- Allow an optional $ before the node identity digest in the
controller command GETINFO ns/id/<identity>, for consistency with
md/id/<identity> and desc/id/<identity>. Resolves ticket 7059.
- Add CACHED keyword to ADDRMAP events in the control protocol
to indicate whether a DNS result will be cached or not. Resolves
ticket 8596.
- Generate bootstrapping status update events correctly when fetching
microdescriptors. Fixes bug 9927.
o Minor features (path selection):
- When deciding whether we have enough descriptors to build circuits,
instead of looking at raw relay counts, look at which fraction
of (bandwidth-weighted) paths we're able to build. This approach
keeps clients from building circuits if their paths are likely to
stand out statistically. The default fraction of paths needed is
taken from the consensus directory; you can override it with the
new PathsNeededToBuildCircuits option. Fixes ticket 5956.
- When any country code is listed in ExcludeNodes or ExcludeExitNodes,
and we have GeoIP information, also exclude all nodes with unknown
countries "??" and "A1". This behavior is controlled by the
new GeoIPExcludeUnknown option: you can make such nodes always
excluded with "GeoIPExcludeUnknown 1", and disable the feature
with "GeoIPExcludeUnknown 0". Setting "GeoIPExcludeUnknown auto"
gets you the default behavior. Implements feature 7706.
o Minor features (hidden services):
- Improve circuit build timeout handling for hidden services.
In particular: adjust build timeouts more accurately depending
upon the number of hop-RTTs that a particular circuit type
undergoes. Additionally, launch intro circuits in parallel
if they timeout, and take the first one to reply as valid.
- The Tor client now ignores sub-domain components of a .onion
address. This change makes HTTP "virtual" hosting
possible: http://foo.aaaaaaaaaaaaaaaa.onion/ and
http://bar.aaaaaaaaaaaaaaaa.onion/ can be two different websites
hosted on the same hidden service. Implements proposal 204.
- Enable Tor to read configuration, state, and key information from
a FIFO. Previously Tor would only read from files with a positive
stat.st_size. Code from meejah; fixes bug 6044.
o Minor features (clients):
- Teach bridge-using clients to avoid 0.2.2.x bridges when making
microdescriptor-related dir requests, and only fall back to normal
descriptors if none of their bridges can handle microdescriptors
(as opposed to the fix in ticket 4013, which caused them to fall
back to normal descriptors if *any* of their bridges preferred
them). Resolves ticket 4994.
- Tweak tor-fw-helper to accept an arbitrary amount of arbitrary
TCP ports to forward. In the past it only accepted two ports:
the ORPort and the DirPort.
o Minor features (protecting client timestamps):
- Clients no longer send timestamps in their NETINFO cells. These were
not used for anything, and they provided one small way for clients
to be distinguished from each other as they moved from network to
network or behind NAT. Implements part of proposal 222.
- Clients now round timestamps in INTRODUCE cells down to the nearest
10 minutes. If a new Support022HiddenServices option is set to 0, or
if it's set to "auto" and the feature is disabled in the consensus,
the timestamp is sent as 0 instead. Implements part of proposal 222.
- Stop sending timestamps in AUTHENTICATE cells. This is not such
a big deal from a security point of view, but it achieves no actual
good purpose, and isn't needed. Implements part of proposal 222.
- Reduce down accuracy of timestamps in hidden service descriptors.
Implements part of proposal 222.
o Minor features (bridges):
- Make bridge relays check once a minute for whether their IP
address has changed, rather than only every 15 minutes. Resolves
bugs 1913 and 1992.
- Bridge statistics now count bridge clients connecting over IPv6:
bridge statistics files now list "bridge-ip-versions" and
extra-info documents list "geoip6-db-digest". The control protocol
"CLIENTS_SEEN" and "ip-to-country" queries now support IPv6. Initial
implementation by "shkoo", addressing ticket 5055.
- Add a new torrc option "ServerTransportListenAddr" to let bridge
operators select the address where their pluggable transports will
listen for connections. Resolves ticket 7013.
- Randomize the lifetime of our SSL link certificate, so censors can't
use the static value for filtering Tor flows. Resolves ticket 8443;
related to ticket 4014 which was included in 0.2.2.33.
o Minor features (relays):
- Option OutboundBindAddress can be specified multiple times and
accepts IPv6 addresses. Resolves ticket 6876.
o Minor features (IPv6, client side):
- AutomapHostsOnResolve now supports IPv6 addresses. By default, we
prefer to hand out virtual IPv6 addresses, since there are more of
them and we can't run out. To override this behavior and make IPv4
addresses preferred, set NoPreferIPv6Automap on whatever SOCKSPort
or DNSPort you're using for resolving. Implements ticket 7571.
- AutomapHostsOnResolve responses are now randomized, to avoid
annoying situations where Tor is restarted and applications
connect to the wrong addresses.
- Never try more than 1000 times to pick a new virtual address when
AutomapHostsOnResolve is set. That's good enough so long as we
aren't close to handing out our entire virtual address space;
if you're getting there, it's best to switch to IPv6 virtual
addresses anyway.
o Minor features (IPv6, relay/authority side):
- New config option "AuthDirHasIPv6Connectivity 1" that directory
authorities should set if they have IPv6 connectivity and want to
do reachability tests for IPv6 relays. Implements feature 5974.
- A relay with an IPv6 OR port now sends that address in NETINFO
cells (in addition to its other address). Implements ticket 6364.
o Minor features (directory authorities):
- Directory authorities no long accept descriptors for any version of
Tor before 0.2.2.35, or for any 0.2.3 release before 0.2.3.10-alpha.
These versions are insecure, unsupported, or both. Implements
ticket 6789.
- When directory authorities are computing thresholds for flags,
never let the threshold for the Fast flag fall below 4096
bytes. Also, do not consider nodes with extremely low bandwidths
when deciding thresholds for various directory flags. This change
should raise our threshold for Fast relays, possibly in turn
improving overall network performance; see ticket 1854. Resolves
ticket 8145.
- Directory authorities now include inside each vote a statement of
the performance thresholds they used when assigning flags.
Implements ticket 8151.
- Add an "ignoring-advertised-bws" boolean to the flag-threshold lines
in directory authority votes to describe whether they have enough
measured bandwidths to ignore advertised (relay descriptor)
bandwidth claims. Resolves ticket 8711.
o Minor features (path bias detection):
- Path Use Bias: Perform separate accounting for successful circuit
use. Keep separate statistics on stream attempt rates versus stream
success rates for each guard. Provide configurable thresholds to
determine when to emit log messages or disable use of guards that
fail too many stream attempts. Resolves ticket 7802.
- Create three levels of Path Bias log messages, as opposed to just
two. These are configurable via consensus as well as via the torrc
options PathBiasNoticeRate, PathBiasWarnRate, PathBiasExtremeRate.
The default values are 0.70, 0.50, and 0.30 respectively.
- Separate the log message levels from the decision to drop guards,
which also is available via torrc option PathBiasDropGuards.
PathBiasDropGuards still defaults to 0 (off).
- Deprecate PathBiasDisableRate in favor of PathBiasDropGuards
in combination with PathBiasExtremeRate.
- Increase the default values for PathBiasScaleThreshold and
PathBiasCircThreshold from (200, 20) to (300, 150).
- Add in circuit usage accounting to path bias. If we try to use a
built circuit but fail for any reason, it counts as path bias.
Certain classes of circuits where the adversary gets to pick your
destination node are exempt from this accounting. Usage accounting
can be specifically disabled via consensus parameter or torrc.
- Convert all internal path bias state to double-precision floating
point, to avoid roundoff error and other issues.
- Only record path bias information for circuits that have completed
*two* hops. Assuming end-to-end tagging is the attack vector, this
makes us more resilient to ambient circuit failure without any
detection capability loss.
o Minor features (build):
- Tor now builds correctly on Bitrig, an OpenBSD fork. Patch from
dhill. Resolves ticket 6982.
- Compile on win64 using mingw64. Fixes bug 7260; patches from
"yayooo".
- Work correctly on Unix systems where EAGAIN and EWOULDBLOCK are
separate error codes; or at least, don't break for that reason.
Fixes bug 7935. Reported by "oftc_must_be_destroyed".
o Build improvements (autotools):
- Warn if building on a platform with an unsigned time_t: there
are too many places where Tor currently assumes that time_t can
hold negative values. We'd like to fix them all, but probably
some will remain.
- Do not report status verbosely from autogen.sh unless the -v flag
is specified. Fixes issue 4664. Patch from Onizuka.
- Detect and reject attempts to build Tor with threading support
when OpenSSL has been compiled without threading support.
Fixes bug 6673.
- Try to detect if we are ever building on a platform where
memset(...,0,...) does not set the value of a double to 0.0. Such
platforms are permitted by the C standard, though in practice
they're pretty rare (since IEEE 754 is nigh-ubiquitous). We don't
currently support them, but it's better to detect them and fail
than to perform erroneously.
- We no longer warn so much when generating manpages from their
asciidoc source.
- Use Ville Laurikari's implementation of AX_CHECK_SIGN() to determine
the signs of types during autoconf. This is better than our old
approach, which didn't work when cross-compiling.
o Minor features (log messages, warnings):
- Detect when we're running with a version of OpenSSL other than the
one we compiled with. This conflict has occasionally given people
hard-to-track-down errors.
- Warn users who run hidden services on a Tor client with
UseEntryGuards disabled that their hidden services will be
vulnerable to http://freehaven.net/anonbib/#hs-attack06 (the
attack which motivated Tor to support entry guards in the first
place). Resolves ticket 6889.
- Warn when we are binding low ports when hibernation is enabled;
previously we had warned when we were _advertising_ low ports with
hibernation enabled. Fixes bug 7285; bugfix on 0.2.3.9-alpha.
- Issue a warning when running with the bufferevents backend enabled.
It's still not stable, and people should know that they're likely
to hit unexpected problems. Closes ticket 9147.
o Minor features (log messages, notices):
- Refactor resolve_my_address() so it returns the method by which we
decided our public IP address (explicitly configured, resolved from
explicit hostname, guessed from interfaces, learned by gethostname).
Now we can provide more helpful log messages when a relay guesses
its IP address incorrectly (e.g. due to unexpected lines in
/etc/hosts). Resolves ticket 2267.
- Track how many "TAP" and "NTor" circuit handshake requests we get,
and how many we complete, and log it every hour to help relay
operators follow trends in network load. Addresses ticket 9658.
o Minor features (log messages, diagnostics):
- If we fail to free a microdescriptor because of bug 7164, log
the filename and line number from which we tried to free it.
- We compute the overhead from passing onionskins back and forth to
cpuworkers, and report it when dumping statistics in response to
SIGUSR1. Supports ticket 7291.
- Add another diagnostic to the heartbeat message: track and log
overhead that TLS is adding to the data we write. If this is
high, we are sending too little data to SSL_write at a time.
Diagnostic for bug 7707.
- Log packaged cell fullness as part of the heartbeat message.
Diagnosis to try to determine the extent of bug 7743.
- Add more detail to a log message about relaxed timeouts, to help
track bug 7799.
- When learning a fingerprint for a bridge, log its corresponding
transport type. Implements ticket 7896.
- Warn more aggressively when flushing microdescriptors to a
microdescriptor cache fails, in an attempt to mitigate bug 8031,
or at least make it more diagnosable.
- Improve the log message when "Bug/attack: unexpected sendme cell
from client" occurs, to help us track bug 8093.
- Improve debugging output to help track down bug 8185 ("Bug:
outgoing relay cell has n_chan==NULL. Dropping.")
o Minor features (log messages, quieter bootstrapping):
- Log fewer lines at level "notice" about our OpenSSL and Libevent
versions and capabilities when everything is going right. Resolves
part of ticket 6736.
- Omit the first heartbeat log message, because it never has anything
useful to say, and it clutters up the bootstrapping messages.
Resolves ticket 6758.
- Don't log about reloading the microdescriptor cache at startup. Our
bootstrap warnings are supposed to tell the user when there's a
problem, and our bootstrap notices say when there isn't. Resolves
ticket 6759; bugfix on 0.2.2.6-alpha.
- Don't log "I learned some more directory information" when we're
reading cached directory information. Reserve it for when new
directory information arrives in response to a fetch. Resolves
ticket 6760.
- Don't complain about bootstrapping problems while hibernating.
These complaints reflect a general code problem, but not one
with any problematic effects (no connections are actually
opened). Fixes part of bug 7302; bugfix on 0.2.3.2-alpha.
o Minor features (testing):
- In our testsuite, create temporary directories with a bit more
entropy in their name to make name collisions less likely. Fixes
bug 8638.
- Add benchmarks for DH (1024-bit multiplicative group) and ECDH
(P-256) Diffie-Hellman handshakes to src/or/bench.
- Add benchmark functions to test onion handshake performance.
o Renamed options:
- The DirServer option is now DirAuthority, for consistency with
current naming patterns. You can still use the old DirServer form.
o Minor bugfixes (protocol):
- Fix the handling of a TRUNCATE cell when it arrives while the
circuit extension is in progress. Fixes bug 7947; bugfix on 0.0.7.1.
- When a Tor client gets a "truncated" relay cell, the first byte of
its payload specifies why the circuit was truncated. We were
ignoring this 'reason' byte when tearing down the circuit, resulting
in the controller not being told why the circuit closed. Now we
pass the reason from the truncated cell to the controller. Bugfix
on 0.1.2.3-alpha; fixes bug 7039.
- Fix a misframing issue when reading the version numbers in a
VERSIONS cell. Previously we would recognize [00 01 00 02] as
'version 1, version 2, and version 0x100', when it should have
only included versions 1 and 2. Fixes bug 8059; bugfix on
0.2.0.10-alpha. Reported pseudonymously.
- Make the format and order of STREAM events for DNS lookups
consistent among the various ways to launch DNS lookups. Fixes
bug 8203; bugfix on 0.2.0.24-rc. Patch by "Desoxy".
o Minor bugfixes (syscalls and disk interaction):
- Always check the return values of functions fcntl() and
setsockopt(). We don't believe these are ever actually failing in
practice, but better safe than sorry. Also, checking these return
values should please analysis tools like Coverity. Patch from
'flupzor'. Fixes bug 8206; bugfix on all versions of Tor.
- Avoid double-closing the listener socket in our socketpair()
replacement (used on Windows) in the case where the addresses on
our opened sockets don't match what we expected. Fixes bug 9400;
bugfix on 0.0.2pre7. Found by Coverity.
- Correctly store microdescriptors and extrainfo descriptors that
include an internal NUL byte. Fixes bug 8037; bugfix on
0.2.0.1-alpha. Bug reported by "cypherpunks".
- If for some reason we fail to write a microdescriptor while
rebuilding the cache, do not let the annotations from that
microdescriptor linger in the cache file, and do not let the
microdescriptor stay recorded as present in its old location.
Fixes bug 9047; bugfix on 0.2.2.6-alpha.
- Use direct writes rather than stdio when building microdescriptor
caches, in an attempt to mitigate bug 8031, or at least make it
less common.
o Minor fixes (config options):
- Warn and fail if a server is configured not to advertise any
ORPorts at all. (We need *something* to put in our descriptor,
or we just won't work.)
- Behave correctly when the user disables LearnCircuitBuildTimeout
but doesn't tell us what they would like the timeout to be. Fixes
bug 6304; bugfix on 0.2.2.14-alpha.
- Rename the (internal-use-only) UsingTestingNetworkDefaults option
to start with a triple-underscore so the controller won't touch it.
Patch by Meejah. Fixes bug 3155. Bugfix on 0.2.2.23-alpha.
- Rename the (testing-use-only) _UseFilteringSSLBufferevents option
so it doesn't start with _. Fixes bug 3155. Bugfix on 0.2.3.1-alpha.
- When autodetecting the number of CPUs, use the number of available
CPUs in preference to the number of configured CPUs. Inform the
user if this reduces the number of available CPUs. Fixes bug 8002;
bugfix on 0.2.3.1-alpha.
- Command-line option "--version" implies "--quiet". Fixes bug 6997.
- Make it an error when you set EntryNodes but disable UseGuardNodes,
since it will (surprisingly to some users) ignore EntryNodes. Fixes
bug 8180; bugfix on 0.2.3.11-alpha.
- Avoid overflows when the user sets MaxCircuitDirtiness to a
ridiculously high value, by imposing a (ridiculously high) 30-day
maximum on MaxCircuitDirtiness.
o Minor bugfixes (control protocol):
- Stop sending a stray "(null)" in some cases for the server status
"EXTERNAL_ADDRESS" controller event. Resolves bug 8200; bugfix
on 0.1.2.6-alpha.
- The ADDRMAP command can no longer generate an ill-formed error
code on a failed MAPADDRESS. It now says "internal" rather than
an English sentence fragment with spaces in the middle. Bugfix on
Tor 0.2.0.19-alpha.
o Minor bugfixes (clients / edges):
- When we receive a RELAY_END cell with the reason DONE, or with no
reason, before receiving a RELAY_CONNECTED cell, report the SOCKS
status as "connection refused". Previously we reported these cases
as success but then immediately closed the connection. Fixes bug
7902; bugfix on 0.1.0.1-rc. Reported by "oftc_must_be_destroyed".
- If the guard we choose first doesn't answer, we would try the
second guard, but once we connected to the second guard we would
abandon it and retry the first one, slowing down bootstrapping.
The fix is to treat all our initially chosen guards as acceptable
to use. Fixes bug 9946; bugfix on 0.1.1.11-alpha.
- When choosing which stream on a formerly stalled circuit to wake
first, make better use of the platform's weak RNG. Previously,
we had been using the % ("modulo") operator to try to generate a
1/N chance of picking each stream, but this behaves badly with
many platforms' choice of weak RNG. Fixes bug 7801; bugfix on
0.2.2.20-alpha.
o Minor bugfixes (path bias detection):
- If the state file's path bias counts are invalid (presumably from a
buggy Tor prior to 0.2.4.10-alpha), make them correct. Also add
additional checks and log messages to the scaling of Path Bias
counts, in case there still are remaining issues with scaling.
Should help resolve bug 8235.
- Prevent rounding error in path bias counts when scaling
them down, and use the correct scale factor default. Also demote
some path bias related log messages down a level and make others
less scary sounding. Fixes bug 6647. Bugfix on 0.2.3.17-beta.
- Remove a source of rounding error during path bias count scaling;
don't count cannibalized circuits as used for path bias until we
actually try to use them; and fix a circuit_package_relay_cell()
warning message about n_chan==NULL. Fixes bug 7802.
- Paste the description for PathBias parameters from the man
page into or.h, so the code documents them too. Fixes bug 7982;
bugfix on 0.2.3.17-beta.
o Minor bugfixes (relays):
- Stop trying to resolve our hostname so often (e.g. every time we
think about doing a directory fetch). Now we reuse the cached
answer in some cases. Fixes bugs 1992 (bugfix on 0.2.0.20-rc)
and 2410 (bugfix on 0.1.2.2-alpha).
- When examining the list of network interfaces to find our address,
do not consider non-running or disabled network interfaces. Fixes
bug 9904; bugfix on 0.2.3.11-alpha. Patch from "hantwister".
o Minor bugfixes (blocking resistance):
- Only disable TLS session ticket support when running as a TLS
server. Now clients will blend better with regular Firefox
connections. Fixes bug 7189; bugfix on Tor 0.2.3.23-rc.
o Minor bugfixes (IPv6):
- Use square brackets around IPv6 addresses in numerous places
that needed them, including log messages, HTTPS CONNECT proxy
requests, TransportProxy statefile entries, and pluggable transport
extra-info lines. Fixes bug 7011; patch by David Fifield.
o Minor bugfixes (directory authorities):
- Reject consensus votes with more than 64 known-flags. We aren't even
close to that limit yet, and our code doesn't handle it correctly.
Fixes bug 6833; bugfix on 0.2.0.1-alpha.
- Correctly handle votes with more than 31 flags. Fixes bug 6853;
bugfix on 0.2.0.3-alpha.
o Minor bugfixes (memory leaks):
- Avoid leaking memory if we fail to compute a consensus signature
or we generate a consensus we can't parse. Bugfix on 0.2.0.5-alpha.
- Fix a memory leak when receiving headers from an HTTPS proxy. Bugfix
on 0.2.1.1-alpha; fixes bug 7816.
- Fix a memory leak during safe-cookie controller authentication.
Bugfix on 0.2.3.13-alpha; fixes bug 7816.
- Free some more still-in-use memory at exit, to make hunting for
memory leaks easier. Resolves bug 7029.
o Minor bugfixes (code correctness):
- Increase the width of the field used to remember a connection's
link protocol version to two bytes. Harmless for now, since the
only currently recognized versions are one byte long. Reported
pseudonymously. Fixes bug 8062; bugfix on 0.2.0.10-alpha.
- Fix a crash when debugging unit tests on Windows: deallocate a
shared library with FreeLibrary, not CloseHandle. Fixes bug 7306;
bugfix on 0.2.2.17-alpha. Reported by "ultramage".
- When detecting the largest possible file descriptor (in order to
close all file descriptors when launching a new program), actually
use _SC_OPEN_MAX. The old code for doing this was very, very broken.
Fixes bug 8209; bugfix on 0.2.3.1-alpha. Found by Coverity; this
is CID 743383.
- Avoid a crash if we fail to generate an extrainfo descriptor.
Fixes bug 8208; bugfix on 0.2.3.16-alpha. Found by Coverity;
this is CID 718634.
- Avoid an off-by-one error when checking buffer boundaries when
formatting the exit status of a pluggable transport helper.
This is probably not an exploitable bug, but better safe than
sorry. Fixes bug 9928; bugfix on 0.2.3.18-rc. Bug found by
Pedro Ribeiro.
- Get rid of a couple of harmless clang warnings, where we compared
enums to ints. These warnings are newly introduced in clang 3.2.
o Minor bugfixes (code cleanliness):
- Avoid use of reserved identifiers in our C code. The C standard
doesn't like us declaring anything that starts with an
underscore, so let's knock it off before we get in trouble. Fix
for bug 1031; bugfix on the first Tor commit.
- Fix round_to_power_of_2() so it doesn't invoke undefined behavior
with large values. This situation was untriggered, but nevertheless
incorrect. Fixes bug 6831; bugfix on 0.2.0.1-alpha.
- Fix an impossible buffer overrun in the AES unit tests. Fixes
bug 8845; bugfix on 0.2.0.7-alpha. Found by eugenis.
- Fix handling of rendezvous client authorization types over 8.
Fixes bug 6861; bugfix on 0.2.1.5-alpha.
- Remove a couple of extraneous semicolons that were upsetting the
cparser library. Patch by Christian Grothoff. Fixes bug 7115;
bugfix on 0.2.2.1-alpha.
- When complaining about a client port on a public address, log
which address we're complaining about. Fixes bug 4020; bugfix on
0.2.3.3-alpha. Patch by Tom Fitzhenry.
o Minor bugfixes (log messages, warnings):
- If we encounter a write failure on a SOCKS connection before we
finish our SOCKS handshake, don't warn that we closed the
connection before we could send a SOCKS reply. Fixes bug 8427;
bugfix on 0.1.0.1-rc.
- Fix a directory authority warn caused when we have a large amount
of badexit bandwidth. Fixes bug 8419; bugfix on 0.2.2.10-alpha.
- Downgrade "Failed to hand off onionskin" messages to "debug"
severity, since they're typically redundant with the "Your computer
is too slow" messages. Fixes bug 7038; bugfix on 0.2.2.16-alpha.
- Avoid spurious warnings when configuring multiple client ports of
which only some are nonlocal. Previously, we had claimed that some
were nonlocal when in fact they weren't. Fixes bug 7836; bugfix on
0.2.3.3-alpha.
o Minor bugfixes (log messages, other):
- Fix log messages and comments to avoid saying "GMT" when we mean
"UTC". Fixes bug 6113.
- When rejecting a configuration because we were unable to parse a
quoted string, log an actual error message. Fixes bug 7950; bugfix
on 0.2.0.16-alpha.
- Correctly recognize that [::1] is a loopback address. Fixes
bug 8377; bugfix on 0.2.1.3-alpha.
- Don't log inappropriate heartbeat messages when hibernating: a
hibernating node is _expected_ to drop out of the consensus,
decide it isn't bootstrapped, and so forth. Fixes bug 7302;
bugfix on 0.2.3.1-alpha.
- Eliminate several instances where we use "Nickname=ID" to refer to
nodes in logs. Use "Nickname (ID)" instead. (Elsewhere, we still use
"$ID=Nickname", which is also acceptable.) Fixes bug 7065. Bugfix
on 0.2.3.21-rc.
o Minor bugfixes (build):
- Fix some bugs in tor-fw-helper-natpmp when trying to build and
run it on Windows. More bugs likely remain. Patch from Gisle Vanem.
Fixes bug 7280; bugfix on 0.2.3.1-alpha.
o Documentation fixes:
- Make the torify manpage no longer refer to tsocks; torify hasn't
supported tsocks since 0.2.3.14-alpha.
- Make the tor manpage no longer reference tsocks.
- Fix the GeoIPExcludeUnknown documentation to refer to
ExcludeExitNodes rather than the currently nonexistent
ExcludeEntryNodes. Spotted by "hamahangi" on tor-talk.
- Resolve a typo in torrc.sample.in. Fixes bug 6819; bugfix on
0.2.3.14-alpha.
- Say "KBytes" rather than "KB" in the man page (for various values
of K), to further reduce confusion about whether Tor counts in
units of memory or fractions of units of memory. Resolves ticket 7054.
- Update tor-fw-helper.1.txt and tor-fw-helper.c to make option
names match. Fixes bug 7768.
- Fix the documentation of HeartbeatPeriod to say that the heartbeat
message is logged at notice, not at info.
- Clarify the usage and risks of setting the ContactInfo torrc line
for your relay or bridge. Resolves ticket 9854.
- Add anchors to the manpage so we can link to the html version of
the documentation for specific options. Resolves ticket 9866.
- Replace remaining references to DirServer in man page and
log entries. Resolves ticket 10124.
o Removed features:
- Stop exporting estimates of v2 and v3 directory traffic shares
in extrainfo documents. They were unneeded and sometimes inaccurate.
Also stop exporting any v2 directory request statistics. Resolves
ticket 5823.
- Drop support for detecting and warning about versions of Libevent
before 1.3e. Nothing reasonable ships with them any longer; warning
the user about them shouldn't be needed. Resolves ticket 6826.
- Now that all versions before 0.2.2.x are disallowed, we no longer
need to work around their missing features. Remove a bunch of
compatibility code.
o Removed files:
- The tor-tsocks.conf is no longer distributed or installed. We
recommend that tsocks users use torsocks instead. Resolves
ticket 8290.
- Remove some of the older contents of doc/ as obsolete; move others
to torspec.git. Fixes bug 8965.
o Code simplification:
- Avoid using character buffers when constructing most directory
objects: this approach was unwieldy and error-prone. Instead,
build smartlists of strings, and concatenate them when done.
- Rename "isin" functions to "contains", for grammar. Resolves
ticket 5285.
- Rename Tor's logging function log() to tor_log(), to avoid conflicts
with the natural logarithm function from the system libm. Resolves
ticket 7599.
- Start using OpenBSD's implementation of queue.h, so that we don't
need to hand-roll our own pointer and list structures whenever we
need them. (We can't rely on a sys/queue.h, since some operating
systems don't have them, and the ones that do have them don't all
present the same extensions.)
- Start using OpenBSD's implementation of queue.h (originally by
Niels Provos).
- Enhance our internal sscanf replacement so that we can eliminate
the last remaining uses of the system sscanf. (Though those uses
of sscanf were safe, sscanf itself is generally error prone, so
we want to eliminate when we can.) Fixes ticket 4195 and Coverity
CID 448.
- Replace all calls to snprintf() outside of src/ext with
tor_snprintf(). Also remove the #define to replace snprintf with
_snprintf on Windows; they have different semantics, and all of
our callers should be using tor_snprintf() anyway. Fixes bug 7304.
o Refactoring:
- Add a wrapper function for the common "log a message with a
rate-limit" case.
- Split the onion.c file into separate modules for the onion queue
and the different handshakes it supports.
- Move the client-side address-map/virtual-address/DNS-cache code
out of connection_edge.c into a new addressmap.c module.
- Move the entry node code from circuitbuild.c to its own file.
- Move the circuit build timeout tracking code from circuitbuild.c
to its own file.
- Source files taken from other packages now reside in src/ext;
previously they were scattered around the rest of Tor.
- Move the generic "config" code into a new file, and have "config.c"
hold only torrc- and state-related code. Resolves ticket 6823.
- Move the core of our "choose a weighted element at random" logic
into its own function, and give it unit tests. Now the logic is
testable, and a little less fragile too.
- Move ipv6_preferred from routerinfo_t to node_t. Addresses bug 4620.
- Move last_reachable and testing_since from routerinfo_t to node_t.
Implements ticket 5529.
- Add replaycache_t structure, functions and unit tests, then refactor
rend_service_introduce() to be more clear to read, improve, debug,
and test. Resolves bug 6177.
o Removed code:
- Remove some now-needless code that tried to aggressively flush
OR connections as data was added to them. Since 0.2.0.1-alpha, our
cell queue logic has saved us from the failure mode that this code
was supposed to prevent. Removing this code will limit the number
of baroque control flow paths through Tor's network logic. Reported
pseudonymously on IRC. Fixes bug 6468; bugfix on 0.2.0.1-alpha.
- Remove unused code for parsing v1 directories and "running routers"
documents. Fixes bug 6887.
- Remove the marshalling/unmarshalling code for sending requests to
cpuworkers over a socket, and instead just send structs. The
recipient will always be the same Tor binary as the sender, so
any encoding is overkill.
- Remove the testing_since field of node_t, which hasn't been used
for anything since 0.2.0.9-alpha.
- Finally remove support for malloc_good_size and malloc_usable_size.
We had hoped that these functions would let us eke a little more
memory out of our malloc implementation. Unfortunately, the only
implementations that provided these functions are also ones that
are already efficient about not overallocation: they never got us
more than 7 or so bytes per allocation. Removing them saves us a
little code complexity and a nontrivial amount of build complexity.
1
0