- tor-announce - lists.torproject.org

Tor Browser 5.5.5 is released
by Nicolas Vigier 27 Apr '16

27 Apr '16

Tor Browser 5.5.5 is now available from the Tor Browser Project page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/download-easy.html 2: https://www.torproject.org/dist/torbrowser/5.5.5/ This release features important security updates [3] to Firefox. 3: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#f… This release updates Firefox to 38.8.0esr. Additionally, we bump NoScript to version 2.9.0.11 and HTTPS-Everywhere to 5.1.6. Moreover, we don't advertise our help desk anymore as we are currently restructuring our user support. Here is the full changelog since 5.5.4: Tor Browser 5.5.5 -- April 26 2016 * All Platforms * Update Firefox to 38.8.0esr * Update Tor Launcher to 0.2.7.9 * Bug 10534: Don't advertise the help desk directly anymore * Translation updates * Update HTTPS-Everywhere to 5.1.6 * Update NoScript to 2.9.0.11 * Bug 18726: Add new default obfs4 bridge (GreenBelt) _______________________________________________ You are receiving this email because you are subscribed to the tor-announce mailing list. Starting with Tor Browser 5.5.5, we are using this mailing list to announce Tor Browser stable releases: https://trac.torproject.org/projects/tor/ticket/18594 If you want to unsubscribe, use the form at the bottom of this page: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce

1 0

Tor 0.2.7.6 is released
by Nick Mathewson 11 Dec '15

11 Dec '15

Hi, all! (If you are about to reply saying "please take me off this list", instead please follow the instructions over here to get yourself removed: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/ . You will have to enter the actual email address you used to subscribe.) Tor version 0.2.7.6 fixes a major bug in entry guard selection, as well as a minor bug in hidden service reliability. (For Roger's preliminary analysis of the guard selection bug, see https://trac.torproject.org/projects/tor/ticket/17772#comment:1 ) You can download the source from the usual place on the website. Packages should be up in a few days. Changes in version 0.2.7.6 - 2015-12-10 Tor version 0.2.7.6 fixes a major bug in entry guard selection, as well as a minor bug in hidden service reliability. o Major bugfixes (guard selection): - Actually look at the Guard flag when selecting a new directory guard. When we implemented the directory guard design, we accidentally started treating all relays as if they have the Guard flag during guard selection, leading to weaker anonymity and worse performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered by Mohsen Imani. o Minor features (geoip): - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2 Country database. o Minor bugfixes (compilation): - When checking for net/pfvar.h, include netinet/in.h if possible. This fixes transparent proxy detection on OpenBSD. Fixes bug 17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate". - Fix a compilation warning with Clang 3.6: Do not check the presence of an address which can never be NULL. Fixes bug 17781. o Minor bugfixes (correctness): - When displaying an IPv6 exit policy, include the mask bits correctly even when the number is greater than 31. Fixes bug 16056; bugfix on 0.2.4.7-alpha. Patch from "gturner". - The wrong list was used when looking up expired intro points in a rend service object, causing what we think could be reachability issues for hidden services, and triggering a BUG log. Fixes bug 16702; bugfix on 0.2.7.2-alpha. - Fix undefined behavior in the tor_cert_checksig function. Fixes bug 17722; bugfix on 0.2.7.2-alpha.

1 0

Tor 0.2.7.5 is released
by Nick Mathewson 23 Nov '15

23 Nov '15

Hi, all! (If you are about to reply saying "please take me off this list", instead please follow the instructions over here to get yourself removed: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/ . You will have to enter the actual email address you used to subscribe.) Tor 0.2.7.5 is the first stable release in the Tor 0.2.7 series. It makes no changes beyond those in 0.2.7.4-rc; the summary below lists all changes in the 0.2.7 series. You can download the source from the usual place on the website. Packages should be up in a few days. Changes in version 0.2.7.5 - 2015-11-20 The Tor 0.2.7 release series is dedicated to the memory of Tor user and privacy advocate Caspar Bowden (1961-2015). Caspar worked tirelessly to advocate human rights regardless of national borders, and oppose the encroachments of mass surveillance. He opposed national exceptionalism, he brought clarity to legal and policy debates, he understood and predicted the impact of mass surveillance on the world, and he laid the groundwork for resisting it. While serving on the Tor Project's board of directors, he brought us his uncompromising focus on technical excellence in the service of humankind. Caspar was an inimitable force for good and a wonderful friend. He was kind, humorous, generous, gallant, and believed we should protect one another without exception. We honor him here for his ideals, his efforts, and his accomplishments. Please honor his memory with works that would make him proud. The 0.2.7 series adds a more secure identity key type for relays, improves cryptography performance, resolves several longstanding hidden-service performance issues, improves controller support for hidden services, and includes small bugfixes and performance improvements throughout the program. This release series also includes more tests than before, and significant simplifications to which parts of Tor invoke which others. For a full list of changes, see below. o New system requirements: - Tor no longer includes workarounds to support Libevent versions before 1.3e. Libevent 2.0 or later is recommended. Closes ticket 15248. - Tor no longer supports copies of OpenSSL that are missing support for Elliptic Curve Cryptography. (We began using ECC when available in 0.2.4.8-alpha, for more safe and efficient key negotiation.) In particular, support for at least one of P256 or P224 is now required, with manual configuration needed if only P224 is available. Resolves ticket 16140. - Tor no longer supports versions of OpenSSL before 1.0. (If you are on an operating system that has not upgraded to OpenSSL 1.0 or later, and you compile Tor from source, you will need to install a more recent OpenSSL to link Tor against.) These versions of OpenSSL are still supported by the OpenSSL, but the numerous cryptographic improvements in later OpenSSL releases makes them a clear choice. Resolves ticket 16034. o Major features (controller): - Add the ADD_ONION and DEL_ONION commands that allow the creation and management of hidden services via the controller. Closes ticket 6411. - New "GETINFO onions/current" and "GETINFO onions/detached" commands to get information about hidden services created via the controller. Part of ticket 6411. - New HSFETCH command to launch a request for a hidden service descriptor. Closes ticket 14847. - New HSPOST command to upload a hidden service descriptor. Closes ticket 3523. Patch by "DonnchaC". o Major features (Ed25519 identity keys, Proposal 220): - Add support for offline encrypted Ed25519 master keys. To use this feature on your tor relay, run "tor --keygen" to make a new master key (or to make a new signing key if you already have a master key). Closes ticket 13642. - All relays now maintain a stronger identity key, using the Ed25519 elliptic curve signature format. This master key is designed so that it can be kept offline. Relays also generate an online signing key, and a set of other Ed25519 keys and certificates. These are all automatically regenerated and rotated as needed. Implements part of ticket 12498. - Directory authorities now vote on Ed25519 identity keys along with RSA1024 keys. Implements part of ticket 12498. - Directory authorities track which Ed25519 identity keys have been used with which RSA1024 identity keys, and do not allow them to vary freely. Implements part of ticket 12498. - Microdescriptors now include Ed25519 identity keys. Implements part of ticket 12498. - Add a --newpass option to allow changing or removing the passphrase of an encrypted key with tor --keygen. Implements part of ticket 16769. - Add a new OfflineMasterKey option to tell Tor never to try loading or generating a secret Ed25519 identity key. You can use this in combination with tor --keygen to manage offline and/or encrypted Ed25519 keys. Implements ticket 16944. - On receiving a HUP signal, check to see whether the Ed25519 signing key has changed, and reload it if so. Closes ticket 16790. - Significant usability improvements for Ed25519 key management. Log messages are better, and the code can recover from far more failure conditions. Thanks to "s7r" for reporting and diagnosing so many of these! o Major features (ECC performance): - Improve the runtime speed of Ed25519 signature verification by using Ed25519-donna's batch verification support. Implements ticket 16533. - Improve the speed of Ed25519 operations and Curve25519 keypair generation when built targeting 32 bit x86 platforms with SSE2 available. Implements ticket 16535. - Improve the runtime speed of Ed25519 operations by using the public-domain Ed25519-donna by Andrew M. ("floodyberry"). Implements ticket 16467. - Improve the runtime speed of the ntor handshake by using an optimized curve25519 basepoint scalarmult implementation from the public-domain Ed25519-donna by Andrew M. ("floodyberry"), based on ideas by Adam Langley. Implements ticket 9663. o Major features (Hidden services): - Hidden services, if using the EntryNodes option, are required to use more than one EntryNode, in order to avoid a guard discovery attack. (This would only affect people who had configured hidden services and manually specified the EntryNodes option with a single entry-node. The impact was that it would be easy to remotely identify the guard node used by such a hidden service. See ticket for more information.) Fixes ticket 14917. - Add the torrc option HiddenServiceNumIntroductionPoints, to specify a fixed number of introduction points. Its maximum value is 10 and default is 3. Using this option can increase a hidden service's reliability under load, at the cost of making it more visible that the hidden service is facing extra load. Closes ticket 4862. - Remove the adaptive algorithm for choosing the number of introduction points, which used to change the number of introduction points (poorly) depending on the number of connections the HS sees. Closes ticket 4862. o Major features (onion key cross-certification): - Relay descriptors now include signatures of their own identity keys, made using the TAP and ntor onion keys. These signatures allow relays to prove ownership of their own onion keys. Because of this change, microdescriptors will no longer need to include RSA identity keys. Implements proposal 228; closes ticket 12499. o Major bugfixes (client-side privacy, also in 0.2.6.9): - Properly separate out each SOCKSPort when applying stream isolation. The error occurred because each port's session group was being overwritten by a default value when the listener connection was initialized. Fixes bug 16247; bugfix on 0.2.6.3-alpha. Patch by "jojelino". o Major bugfixes (hidden service clients, stability, also in 0.2.6.10): - Stop refusing to store updated hidden service descriptors on a client. This reverts commit 9407040c59218 (which indeed fixed bug 14219, but introduced a major hidden service reachability regression detailed in bug 16381). This is a temporary fix since we can live with the minor issue in bug 14219 (it just results in some load on the network) but the regression of 16381 is too much of a setback. First-round fix for bug 16381; bugfix on 0.2.6.3-alpha. o Major bugfixes (hidden services): - Revert commit that made directory authorities assign the HSDir flag to relay without a DirPort; this was bad because such relays can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix on tor-0.2.6.3-alpha. - When cannibalizing a circuit for an introduction point, always extend to the chosen exit node (creating a 4 hop circuit). Previously Tor would use the current circuit exit node, which changed the original choice of introduction point, and could cause the hidden service to skip excluded introduction points or reconnect to a skipped introduction point. Fixes bug 16260; bugfix on 0.1.0.1-rc. o Major bugfixes (memory leaks): - Fix a memory leak in ed25519 batch signature checking. Fixes bug 17398; bugfix on 0.2.6.1-alpha. o Major bugfixes (open file limit): - The open file limit wasn't checked before calling tor_accept_socket_nonblocking(), which would make Tor exceed the limit. Now, before opening a new socket, Tor validates the open file limit just before, and if the max has been reached, return an error. Fixes bug 16288; bugfix on 0.1.1.1-alpha. o Major bugfixes (security, correctness): - Fix an error that could cause us to read 4 bytes before the beginning of an openssl string. This bug could be used to cause Tor to crash on systems with unusual malloc implementations, or systems with unusual hardening installed. Fixes bug 17404; bugfix on 0.2.3.6-alpha. o Major bugfixes (stability, also in 0.2.6.10): - Stop crashing with an assertion failure when parsing certain kinds of malformed or truncated microdescriptors. Fixes bug 16400; bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch by "cypherpunks_backup". - Stop random client-side assertion failures that could occur when connecting to a busy hidden service, or connecting to a hidden service while a NEWNYM is in progress. Fixes bug 16013; bugfix on 0.1.0.1-rc. o Minor features (client, SOCKS): - Add GroupWritable and WorldWritable options to unix-socket based SocksPort and ControlPort options. These options apply to a single socket, and override {Control,Socks}SocketsGroupWritable. Closes ticket 15220. - Relax the validation done to hostnames in SOCKS5 requests, and allow a single trailing '.' to cope with clients that pass FQDNs using that syntax to explicitly indicate that the domain name is fully-qualified. Fixes bug 16674; bugfix on 0.2.6.2-alpha. - Relax the validation of hostnames in SOCKS5 requests, allowing the character '_' to appear, in order to cope with domains observed in the wild that are serving non-RFC compliant records. Resolves ticket 16430. o Minor features (client-side privacy): - New KeepAliveIsolateSOCKSAuth option to indefinitely extend circuit lifespan when IsolateSOCKSAuth and streams with SOCKS authentication are attached to the circuit. This allows applications like TorBrowser to manage circuit lifetime on their own. Implements feature 15482. - When logging malformed hostnames from SOCKS5 requests, respect SafeLogging configuration. Fixes bug 16891; bugfix on 0.1.1.16-rc. o Minor features (clock-jump tolerance): - Recover better when our clock jumps back many hours, like might happen for Tails or Whonix users who start with a very wrong hardware clock, use Tor to discover a more accurate time, and then fix their clock. Resolves part of ticket 8766. o Minor features (command-line interface): - Make --hash-password imply --hush to prevent unnecessary noise. Closes ticket 15542. Patch from "cypherpunks". - Print a warning whenever we find a relative file path being used as torrc option. Resolves issue 14018. o Minor features (compilation): - Give a warning as early as possible when trying to build with an unsupported OpenSSL version. Closes ticket 16901. - Use C99 variadic macros when the compiler is not GCC. This avoids failing compilations on MSVC, and fixes a log-file-based race condition in our old workarounds. Original patch from Gisle Vanem. o Minor features (control protocol): - Support network-liveness GETINFO key and NETWORK_LIVENESS event in the control protocol. Resolves ticket 15358. o Minor features (controller): - Add DirAuthority lines for default directory authorities to the output of the "GETINFO config/defaults" command if not already present. Implements ticket 14840. - Controllers can now use "GETINFO hs/client/desc/id/..." to retrieve items from the client's hidden service descriptor cache. Closes ticket 14845. - Implement a new controller command "GETINFO status/fresh-relay- descs" to fetch a descriptor/extrainfo pair that was generated on demand just for the controller's use. Implements ticket 14784. o Minor features (directory authorities): - Directory authorities no longer vote against the "Fast", "Stable", and "HSDir" flags just because they were going to vote against "Running": if the consensus turns out to be that the router was running, then the authority's vote should count. Patch from Peter Retzlaff; closes issue 8712. o Minor features (directory authorities, security, also in 0.2.6.9): - The HSDir flag given by authorities now requires the Stable flag. For the current network, this results in going from 2887 to 2806 HSDirs. Also, it makes it harder for an attacker to launch a sybil attack by raising the effort for a relay to become Stable to require at the very least 7 days, while maintaining the 96 hours uptime requirement for HSDir. Implements ticket 8243. o Minor features (DoS-resistance): - Make it harder for attackers to overload hidden services with introductions, by blocking multiple introduction requests on the same circuit. Resolves ticket 15515. o Minor features (geoip): - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2 Country database. o Minor features (hidden services): - Add the new options "HiddenServiceMaxStreams" and "HiddenServiceMaxStreamsCloseCircuit" to allow hidden services to limit the maximum number of simultaneous streams per circuit, and optionally tear down the circuit when the limit is exceeded. Part of ticket 16052. - Client now uses an introduction point failure cache to know when to fetch or keep a descriptor in their cache. Previously, failures were recorded implicitly, but not explicitly remembered. Closes ticket 16389. - Relays need to have the Fast flag to get the HSDir flag. As this is being written, we'll go from 2745 HSDirs down to 2342, a ~14% drop. This change should make some attacks against the hidden service directory system harder. Fixes ticket 15963. - Turn on hidden service statistics collection by setting the torrc option HiddenServiceStatistics to "1" by default. (This keeps track only of the fraction of traffic used by hidden services, and the total number of hidden services in existence.) Closes ticket 15254. - To avoid leaking HS popularity, don't cycle the introduction point when we've handled a fixed number of INTRODUCE2 cells but instead cycle it when a random number of introductions is reached, thus making it more difficult for an attacker to find out the amount of clients that have used the introduction point for a specific HS. Closes ticket 15745. o Minor features (logging): - Include the Tor version in all LD_BUG log messages, since people tend to cut and paste those into the bugtracker. Implements ticket 15026. o Minor features (pluggable transports): - When launching managed pluggable transports on Linux systems, attempt to have the kernel deliver a SIGTERM on tor exit if the pluggable transport process is still running. Resolves ticket 15471. - When launching managed pluggable transports, setup a valid open stdin in the child process that can be used to detect if tor has terminated. The "TOR_PT_EXIT_ON_STDIN_CLOSE" environment variable can be used by implementations to detect this new behavior. Resolves ticket 15435. o Minor bugfixes (torrc exit policies): - In each instance above, usage advice is provided to avoid the message. Resolves ticket 16069. Patch by "teor". Fixes part of bug 16069; bugfix on 0.2.4.7-alpha. - In torrc, "accept6 *" and "reject6 *" ExitPolicy lines now only produce IPv6 wildcard addresses. Previously they would produce both IPv4 and IPv6 wildcard addresses. Patch by "teor". Fixes part of bug 16069; bugfix on 0.2.4.7-alpha. - When parsing torrc ExitPolicies, we now issue an info-level message when expanding an "accept/reject *" line to include both IPv4 and IPv6 wildcard addresses. Related to ticket 16069. - When parsing torrc ExitPolicies, we now warn for a number of cases where the user's intent is likely to differ from Tor's actual behavior. These include: using an IPv4 address with an accept6 or reject6 line; using "private" on an accept6 or reject6 line; and including any ExitPolicy lines after accept *:* or reject *:*. Related to ticket 16069. o Minor bugfixes (command-line interface): - When "--quiet" is provided along with "--validate-config", do not write anything to stdout on success. Fixes bug 14994; bugfix on 0.2.3.3-alpha. - When complaining about bad arguments to "--dump-config", use stderr, not stdout. - Print usage information for --dump-config when it is used without an argument. Also, fix the error message to use different wording and add newline at the end. Fixes bug 15541; bugfix on 0.2.5.1-alpha. o Minor bugfixes (compilation): - Fix compilation of sandbox.c with musl-libc. Fixes bug 17347; bugfix on 0.2.5.1-alpha. Patch from 'jamestk'. - Repair compilation with the most recent (unreleased, alpha) vesions of OpenSSL 1.1. Fixes part of ticket 17237. o Minor bugfixes (compilation, also in 0.2.6.9): - Build with --enable-systemd correctly when libsystemd is installed, but systemd is not. Fixes bug 16164; bugfix on 0.2.6.3-alpha. Patch from Peter Palfrader. o Minor bugfixes (configuration, unit tests): - Only add the default fallback directories when the DirAuthorities, AlternateDirAuthority, and FallbackDir directory config options are set to their defaults. The default fallback directory list is currently empty, this fix will only change tor's behavior when it has default fallback directories. Includes unit tests for consider_adding_dir_servers(). Fixes bug 15642; bugfix on 90f6071d8dc0 in 0.2.4.7-alpha. Patch by "teor". o Minor bugfixes (controller): - Add the descriptor ID in each HS_DESC control event. It was missing, but specified in control-spec.txt. Fixes bug 15881; bugfix on 0.2.5.2-alpha. o Minor bugfixes (correctness): - For correctness, avoid modifying a constant string in handle_control_postdescriptor. Fixes bug 15546; bugfix on 0.1.1.16-rc. - Remove side-effects from tor_assert() calls. This was harmless, because we never disable assertions, but it is bad style and unnecessary. Fixes bug 15211; bugfix on 0.2.5.5, 0.2.2.36, and 0.2.0.10. - When calling channel_free_list(), avoid calling smartlist_remove() while inside a FOREACH loop. This partially reverts commit 17356fe7fd96af where the correct SMARTLIST_DEL_CURRENT was incorrectly removed. Fixes bug 16924; bugfix on 0.2.4.4-alpha. o Minor bugfixes (crypto error-handling, also in 0.2.6.10): - Check for failures from crypto_early_init, and refuse to continue. A previous typo meant that we could keep going with an uninitialized crypto library, and would have OpenSSL initialize its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced when implementing ticket 4900. Patch by "teor". o Minor bugfixes (hidden service): - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on a client authorized hidden service. Fixes bug 15823; bugfix on 0.2.1.6-alpha. - Remove an extraneous newline character from the end of hidden service descriptors. Fixes bug 15296; bugfix on 0.2.0.10-alpha. o Minor bugfixes (Linux seccomp2 sandbox): - Use the sandbox in tor_open_cloexec whether or not O_CLOEXEC is defined. Patch by "teor". Fixes bug 16515; bugfix on 0.2.3.1-alpha. - Allow bridge authorities to run correctly under the seccomp2 sandbox. Fixes bug 16964; bugfix on 0.2.5.1-alpha. - Add the "hidserv-stats" filename to our sandbox filter for the HiddenServiceStatistics option to work properly. Fixes bug 17354; bugfix on tor-0.2.6.2-alpha. Patch from David Goulet. o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.10): - Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need these when eventfd2() support is missing. Fixes bug 16363; bugfix on 0.2.6.3-alpha. Patch from "teor". o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.9): - Allow systemd connections to work with the Linux seccomp2 sandbox code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by Peter Palfrader. - Fix sandboxing to work when running as a relay, by allowing the renaming of secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader. o Minor bugfixes (logging): - When building Tor under Clang, do not include an extra set of parentheses in log messages that include function names. Fixes bug 15269; bugfix on every released version of Tor when compiled with recent enough Clang. o Minor bugfixes (network): - When attempting to use fallback technique for network interface lookup, disregard loopback and multicast addresses since they are unsuitable for public communications. o Minor bugfixes (open file limit): - Fix set_max_file_descriptors() to set by default the max open file limit to the current limit when setrlimit() fails. Fixes bug 16274; bugfix on tor- 0.2.0.10-alpha. Patch by dgoulet. o Minor bugfixes (portability): - Check correctly for Windows socket errors in the workqueue backend. Fixes bug 16741; bugfix on 0.2.6.3-alpha. - Try harder to normalize the exit status of the Tor process to the standard-provided range. Fixes bug 16975; bugfix on every version of Tor ever. - Use libexecinfo on FreeBSD to enable backtrace support. Fixes part of bug 17151; bugfix on 0.2.5.2-alpha. Patch from Marcin Cieślak. o Minor bugfixes (relay): - Ensure that worker threads actually exit when a fatal error or shutdown is indicated. This fix doesn't currently affect the behavior of Tor, because Tor workers never indicates fatal error or shutdown except in the unit tests. Fixes bug 16868; bugfix on 0.2.6.3-alpha. - Fix a rarely-encountered memory leak when failing to initialize the thread pool. Fixes bug 16631; bugfix on 0.2.6.3-alpha. Patch from "cypherpunks". - Unblock threads before releasing the work queue mutex to ensure predictable scheduling behavior. Fixes bug 16644; bugfix on 0.2.6.3-alpha. o Minor bugfixes (security, exit policies): - ExitPolicyRejectPrivate now also rejects the relay's published IPv6 address (if any), and any publicly routable IPv4 or IPv6 addresses on any local interfaces. ticket 17027. Patch by "teor". Fixes bug 17027; bugfix on 0.2.0.11-alpha. o Minor bugfixes (statistics): - Disregard the ConnDirectionStatistics torrc options when Tor is not a relay since in that mode of operation no sensible data is being collected and because Tor might run into measurement hiccups when running as a client for some time, then becoming a relay. Fixes bug 15604; bugfix on 0.2.2.35. o Minor bugfixes (systemd): - Tor's systemd unit file no longer contains extraneous spaces. These spaces would sometimes confuse tools like deb-systemd- helper. Fixes bug 16162; bugfix on 0.2.5.5-alpha. o Minor bugfixes (test networks): - When self-testing reachability, use ExtendAllowPrivateAddresses to determine if local/private addresses imply reachability. The previous fix used TestingTorNetwork, which implies ExtendAllowPrivateAddresses, but this excluded rare configurations where ExtendAllowPrivateAddresses is set but TestingTorNetwork is not. Fixes bug 15771; bugfix on 0.2.6.1-alpha. Patch by "teor", issue discovered by CJ Ess. o Minor bugfixes (tests, also in 0.2.6.9): - Fix a crash in the unit tests when built with MSVC2013. Fixes bug 16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker". o Code simplification and refactoring: - Change the function that's called when we need to retry all downloads so that it only reschedules the downloads to happen immediately, rather than launching them all at once itself. This further simplifies Tor's callgraph. - Define WINVER and _WIN32_WINNT centrally, in orconfig.h, in order to ensure they remain consistent and visible everywhere. - Move some format-parsing functions out of crypto.c and crypto_curve25519.c into crypto_format.c and/or util_format.c. - Move the client-only parts of init_keys() into a separate function. Closes ticket 16763. - Move the hacky fallback code out of get_interface_address6() into separate function and get it covered with unit-tests. Resolves ticket 14710. - Refactor hidden service client-side cache lookup to intelligently report its various failure cases, and disentangle failure cases involving a lack of introduction points. Closes ticket 14391. - Remove some vestigial workarounds for the MSVC6 compiler. We haven't supported that in ages. - Remove the unused "nulterminate" argument from buf_pullup(). - Simplify the microdesc_free() implementation so that it no longer appears (to code analysis tools) to potentially invoke a huge suite of other microdesc functions. - Simply the control graph further by deferring the inner body of directory_all_unreachable() into a callback. Closes ticket 16762. - The link authentication code has been refactored for better testability and reliability. It now uses code generated with the "trunnel" binary encoding generator, to reduce the risk of bugs due to programmer error. Done as part of ticket 12498. - Treat the loss of an owning controller as equivalent to a SIGTERM signal. This removes a tiny amount of duplicated code, and simplifies our callgraph. Closes ticket 16788. - Use our own Base64 encoder instead of OpenSSL's, to allow more control over the output. Part of ticket 15652. - When generating an event to send to the controller, we no longer put the event over the network immediately. Instead, we queue these events, and use a Libevent callback to deliver them. This change simplifies Tor's callgraph by reducing the number of functions from which all other Tor functions are reachable. Closes ticket 16695. - Wrap Windows-only C files inside '#ifdef _WIN32' so that tools that try to scan or compile every file on Unix won't decide that they are broken. o Documentation: - Fix capitalization of SOCKS in sample torrc. Closes ticket 15609. - Improve the descriptions of statistics-related torrc options in the manpage to describe rationale and possible uses cases. Fixes issue 15550. - Improve the layout and formatting of ./configure --help messages. Closes ticket 15024. Patch from "cypherpunks". - Include a specific and (hopefully) accurate documentation of the torrc file's meta-format in doc/torrc_format.txt. This is mainly of interest to people writing programs to parse or generate torrc files. This document is not a commitment to long-term compatibility; some aspects of the current format are a bit ridiculous. Closes ticket 2325. - Include the TUNING document in our source tarball. It is referred to in the ChangeLog and an error message. Fixes bug 16929; bugfix on 0.2.6.1-alpha. - Note that HiddenServicePorts can take a unix domain socket. Closes ticket 17364. - Recommend a 40 GB example AccountingMax in torrc.sample rather than a 4 GB max. Closes ticket 16742. - Standardize on the term "server descriptor" in the manual page. Previously, we had used "router descriptor", "server descriptor", and "relay descriptor" interchangeably. Part of ticket 14987. - Advise users on how to configure separate IPv4 and IPv6 exit policies in the manpage and sample torrcs. Related to ticket 16069. - Fix an error in the manual page and comments for TestingDirAuthVoteHSDir[IsStrict], which suggested that a HSDir required "ORPort connectivity". While this is true, it is in no way unique to the HSDir flag. Of all the flags, only HSDirs need a DirPort configured in order for the authorities to assign that particular flag. Patch by "teor". Fixed as part of 14882; bugfix on 0.2.6.3-alpha. - Fix the usage message of tor-resolve(1) so that it no longer lists the removed -F option. Fixes bug 16913; bugfix on 0.2.2.28-beta. o Removed code: - Remove `USE_OPENSSL_BASE64` and the corresponding fallback code and always use the internal Base64 decoder. The internal decoder has been part of tor since tor-0.2.0.10-alpha, and no one should be using the OpenSSL one. Part of ticket 15652. - Remove the 'tor_strclear()' function; use memwipe() instead. Closes ticket 14922. - Remove the code that would try to aggressively flush controller connections while writing to them. This code was introduced in 0.1.2.7-alpha, in order to keep output buffers from exceeding their limits. But there is no longer a maximum output buffer size, and flushing data in this way caused some undesirable recursions in our call graph. Closes ticket 16480. - The internal pure-C tor-fw-helper tool is now removed from the Tor distribution, in favor of the pure-Go clone available from https://gitweb.torproject.org/tor-fw-helper.git/ . The libraries used by the C tor-fw-helper are not, in our opinion, very confidence- inspiring in their secure-programming techniques. Closes ticket 13338. o Removed features: - Remove the (seldom-used) DynamicDHGroups feature. For anti- fingerprinting we now recommend pluggable transports; for forward- secrecy in TLS, we now use the P-256 group. Closes ticket 13736. - Remove the HidServDirectoryV2 option. Now all relays offer to store hidden service descriptors. Related to 16543. - Remove the VoteOnHidServDirectoriesV2 option, since all authorities have long set it to 1. Closes ticket 16543. - Remove the undocumented "--digests" command-line option. It complicated our build process, caused subtle build issues on multiple platforms, and is now redundant since we started including git version identifiers. Closes ticket 14742. - Tor no longer contains checks for ancient directory cache versions that didn't know about microdescriptors. - Tor no longer contains workarounds for stat files generated by super-old versions of Tor that didn't choose guards sensibly. o Testing: - The test-network.sh script now supports performance testing. Requires corresponding chutney performance testing changes. Patch by "teor". Closes ticket 14175. - Add a new set of callgraph analysis scripts that use clang to produce a list of which Tor functions are reachable from which other Tor functions. We're planning to use these to help simplify our code structure by identifying illogical dependencies. - Add new 'test-full' and 'test-full-online' targets to run all tests, including integration tests with stem and chutney. - Autodetect CHUTNEY_PATH if the chutney and Tor sources are side- by-side in the same parent directory. Closes ticket 16903. Patch by "teor". - Document use of coverity, clang static analyzer, and clang dynamic undefined behavior and address sanitizers in doc/HACKING. Include detailed usage instructions in the blacklist. Patch by "teor". Closes ticket 15817. - Make "bridges+hs" the default test network. This tests almost all tor functionality during make test-network, while allowing tests to succeed on non-IPv6 systems. Requires chutney commit 396da92 in test-network-bridges-hs. Closes tickets 16945 (tor) and 16946 (chutney). Patches by "teor". - Make the test-workqueue test work on Windows by initializing the network before we begin. - New make target (make test-network-all) to run multiple applicable chutney test cases. Patch from Teor; closes 16953. - Now that OpenSSL has its own scrypt implementation, add an unit test that checks for interoperability between libscrypt_scrypt() and OpenSSL's EVP_PBE_scrypt() so that we could not use libscrypt and rely on EVP_PBE_scrypt() whenever possible. Resolves ticket 16189. - The link authentication protocol code now has extensive tests. - The relay descriptor signature testing code now has extensive tests. - The test_workqueue program now runs faster, and is enabled by default as a part of "make check". - Unit test dns_resolve(), dns_clip_ttl() and dns_get_expiry_ttl() functions in dns.c. Implements a portion of ticket 16831. - Use environment variables rather than autoconf substitutions to send variables from the build system to the test scripts. This change should be easier to maintain, and cause 'make distcheck' to work better than before. Fixes bug 17148. - When building Tor with testing coverage enabled, run Chutney tests (if any) using the 'tor-cov' coverage binary. - When running test-network or test-stem, check for the absence of stem/chutney before doing any build operations. - Add a test to verify that the compiler does not eliminate our memwipe() implementation. Closes ticket 15377. - Add make rule `check-changes` to verify the format of changes files. Closes ticket 15180. - Add unit tests for control_event_is_interesting(). Add a compile- time check that the number of events doesn't exceed the capacity of control_event_t.event_mask. Closes ticket 15431, checks for bugs similar to 13085. Patch by "teor". - Command-line argument tests moved to Stem. Resolves ticket 14806. - Integrate the ntor, backtrace, and zero-length keys tests into the automake test suite. Closes ticket 15344. - Remove assertions during builds to determine Tor's test coverage. We don't want to trigger these even in assertions, so including them artificially makes our branch coverage look worse than it is. This patch provides the new test-stem-full and coverage-html-full configure options. Implements ticket 15400. - New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags to explicitly manage consensus flags in testing networks. Patch by "robgjansen", modified by "teor". Implements part of ticket 14882. - Check for matching value in server response in ntor_ref.py. Fixes bug 15591; bugfix on 0.2.4.8-alpha. Reported and fixed by "joelanders". - Set the severity correctly when testing get_interface_addresses_ifaddrs() and get_interface_addresses_win32(), so that the tests fail gracefully instead of triggering an assertion. Fixes bug 15759; bugfix on 0.2.6.3-alpha. Reported by Nicolas Derive.

1 0

New stable source release for Tor 0.2.6.10
by Nick Mathewson 12 Jul '15

12 Jul '15

[If you do not want to be on this mailing list, please try to follow the instructions at the bottom of https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce .] Hello, all! There's a new stable Tor release out, and source code is now available on the website. If you build Tor from source code, you'll want to upgrade. Otherwise, packages should be available reasonably soon. Remember to check signatures! (See the FAQ for information how) Here's the changelog: Changes in version 0.2.6.10 - 2015-07-12 Tor version 0.2.6.10 fixes some significant stability and hidden service client bugs, bulletproofs the cryptography init process, and fixes a bug when using the sandbox code with some older versions of Linux. Everyone running an older version, especially an older version of 0.2.6, should upgrade. o Major bugfixes (hidden service clients, stability): - Stop refusing to store updated hidden service descriptors on a client. This reverts commit 9407040c59218 (which indeed fixed bug 14219, but introduced a major hidden service reachability regression detailed in bug 16381). This is a temporary fix since we can live with the minor issue in bug 14219 (it just results in some load on the network) but the regression of 16381 is too much of a setback. First-round fix for bug 16381; bugfix on 0.2.6.3-alpha. o Major bugfixes (stability): - Stop crashing with an assertion failure when parsing certain kinds of malformed or truncated microdescriptors. Fixes bug 16400; bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch by "cypherpunks_backup". - Stop random client-side assertion failures that could occur when connecting to a busy hidden service, or connecting to a hidden service while a NEWNYM is in progress. Fixes bug 16013; bugfix on 0.1.0.1-rc. o Minor features (geoip): - Update geoip to the June 3 2015 Maxmind GeoLite2 Country database. - Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database. o Minor bugfixes (crypto error-handling): - Check for failures from crypto_early_init, and refuse to continue. A previous typo meant that we could keep going with an uninitialized crypto library, and would have OpenSSL initialize its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced when implementing ticket 4900. Patch by "teor". o Minor bugfixes (Linux seccomp2 sandbox): - Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need these when eventfd2() support is missing. Fixes bug 16363; bugfix on 0.2.6.3-alpha. Patch from "teor".

1 0

Tor 0.2.6.9 is released
by Nick Mathewson 11 Jun '15

11 Jun '15

(If you want to get off this mailing list, please don't email me. Use the "unsubscribe" link at the bottom of https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce .) Hi! I've just put out a new stable Tor release. It is not a high-urgency item for most clients and relays, but directory authorities should upgrade, as should any clients who rely on port-based circuit isolation. Right now, the source is available on the website, and packages should become available once their maintainers build them. Changes in version 0.2.6.9 - 2015-06-11 Tor 0.2.6.9 fixes a regression in the circuit isolation code, increases the requirements for receiving an HSDir flag, and addresses some other small bugs in the systemd and sandbox code. Clients using circuit isolation should upgrade; all directory authorities should upgrade. o Major bugfixes (client-side privacy): - Properly separate out each SOCKSPort when applying stream isolation. The error occurred because each port's session group was being overwritten by a default value when the listener connection was initialized. Fixes bug 16247; bugfix on 0.2.6.3-alpha. Patch by "jojelino". o Minor feature (directory authorities, security): - The HSDir flag given by authorities now requires the Stable flag. For the current network, this results in going from 2887 to 2806 HSDirs. Also, it makes it harder for an attacker to launch a sybil attack by raising the effort for a relay to become Stable which takes at the very least 7 days to do so and by keeping the 96 hours uptime requirement for HSDir. Implements ticket 8243. o Minor bugfixes (compilation): - Build with --enable-systemd correctly when libsystemd is installed, but systemd is not. Fixes bug 16164; bugfix on 0.2.6.3-alpha. Patch from Peter Palfrader. o Minor bugfixes (Linux seccomp2 sandbox): - Fix sandboxing to work when running as a relaymby renaming of secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader. - Allow systemd connections to work with the Linux seccomp2 sandbox code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by Peter Palfrader. o Minor bugfixes (tests): - Fix a crash in the unit tests when built with MSVC2013. Fixes bug 16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".

1 0

Tor 0.2.6.8 is released.
by Nick Mathewson 21 May '15

21 May '15

Hi, I've just put out a new stable Tor release. It is not a high-urgency item for most clients and relays, but directory authorities should upgrade. Right now, the source is available on the website, and packages should become available one their maintainers build them. Tor 0.2.6.8 fixes a bit of dodgy code in parsing INTRODUCE2 cells, and fixes an authority-side bug in assigning the HSDir flag. All directory authorities should upgrade. Here are the changes in this version: Changes in version 0.2.6.8 - 2015-05-21 Tor 0.2.6.8 fixes a bit of dodgy code in parsing INTRODUCE2 cells, and fixes an authority-side bug in assigning the HSDir flag. All directory authorities should upgrade. o Major bugfixes (hidden services, backport from 0.2.7.1-alpha): - Revert commit that made directory authorities assign the HSDir flag to relay without a DirPort; this was bad because such relays can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix on tor-0.2.6.3-alpha. o Minor bugfixes (hidden service, backport from 0.2.7.1-alpha): - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on a client authorized hidden service. Fixes bug 15823; bugfix on 0.2.1.6-alpha. o Minor features (geoip): - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database. - Update geoip6 to the April 8 2015 Maxmind GeoLite2 Country database.

1 0

Tor 0.2.5.12 and 0.2.6.7 are released
by Roger Dingledine 07 Apr '15

07 Apr '15

Tor 0.2.5.12 and 0.2.6.7 fix two security issues that could be used by an attacker to crash hidden services, or crash clients visiting hidden services. Hidden services should upgrade as soon as possible; clients should upgrade whenever packages become available. These releases also contain two simple improvements to make hidden services a bit less vulnerable to denial-of-service attacks. We also made a Tor 0.2.4.27 release so that Debian stable can easily integrate these fixes. The Tor Browser team is currently evaluating whether to put out a new Tor Browser stable release with these fixes, or wait until next week for their scheduled next stable release. Changes in version 0.2.5.12 - 2015-04-06 o Major bugfixes (security, hidden service): - Fix an issue that would allow a malicious client to trigger an assertion failure and halt a hidden service. Fixes bug 15600; bugfix on 0.2.1.6-alpha. Reported by "disgleirio". - Fix a bug that could cause a client to crash with an assertion failure when parsing a malformed hidden service descriptor. Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC". o Minor features (DoS-resistance, hidden service): - Introduction points no longer allow multiple INTRODUCE1 cells to arrive on the same circuit. This should make it more expensive for attackers to overwhelm hidden services with introductions. Resolves ticket 15515. Changes in version 0.2.6.7 - 2015-04-06 o Major bugfixes (security, hidden service): - Fix an issue that would allow a malicious client to trigger an assertion failure and halt a hidden service. Fixes bug 15600; bugfix on 0.2.1.6-alpha. Reported by "disgleirio". - Fix a bug that could cause a client to crash with an assertion failure when parsing a malformed hidden service descriptor. Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC". o Minor features (DoS-resistance, hidden service): - Introduction points no longer allow multiple INTRODUCE1 cells to arrive on the same circuit. This should make it more expensive for attackers to overwhelm hidden services with introductions. Resolves ticket 15515. - Decrease the amount of reattempts that a hidden service performs when its rendezvous circuits fail. This reduces the computational cost for running a hidden service under heavy load. Resolves ticket 11447.

1 0

Tor 0.2.5.11 is released.
by Nick Mathewson 24 Mar '15

24 Mar '15

Hello! I released Tor 0.2.5.11 last week. This is the formal announcement. (Per usual practice with non-critical stable releases, I've delayed the tor-announce announcement to give distributions have a chance to make packages. If you are a packager and you didn't notice that, please let me know and I'll put you on the list of people I notify extra-early about new releases.) This is the second stable 0.2.5 release. (The first came out in October.) Going forward, the 0.2.5 series will only receive patches for serious issues. You may want to consider upgrading to 0.2.6 soon; it's going to be officially stable pretty soon now. You can get the source code for Tor 0.2.5.11 at https://dist.torproject.org/ and directly from the download page at the Tor website. This version of Tor also appears in TorBrowser 4.0.5. Changes in version 0.2.5.11 - 2015-03-17 Tor 0.2.5.11 is the second stable release in the 0.2.5 series. It backports several bugfixes from the 0.2.6 branch, including a couple of medium-level security fixes for relays and exit nodes. It also updates the list of directory authorities. o Directory authority changes: - Remove turtles as a directory authority. - Add longclaw as a new (v3) directory authority. This implements ticket 13296. This keeps the directory authority count at 9. - The directory authority Faravahar has a new IP address. This closes ticket 14487. o Major bugfixes (crash, OSX, security): - Fix a remote denial-of-service opportunity caused by a bug in OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared in OSX 10.9. o Major bugfixes (relay, stability, possible security): - Fix a bug that could lead to a relay crashing with an assertion failure if a buffer of exactly the wrong layout was passed to buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'. - Do not assert if the 'data' pointer on a buffer is advanced to the very end of the buffer; log a BUG message instead. Only assert if it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha. o Major bugfixes (exit node stability): - Fix an assertion failure that could occur under high DNS load. Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed by "cypherpunks". o Major bugfixes (Linux seccomp2 sandbox): - Upon receiving sighup with the seccomp2 sandbox enabled, do not crash during attempts to call wait4. Fixes bug 15088; bugfix on 0.2.5.1-alpha. Patch from "sanic". o Minor features (controller): - New "GETINFO bw-event-cache" to get information about recent bandwidth events. Closes ticket 14128. Useful for controllers to get recent bandwidth history after the fix for ticket 13988. o Minor features (geoip): - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database. - Update geoip6 to the March 3 2015 Maxmind GeoLite2 Country database. o Minor bugfixes (client, automapping): - Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when no value follows the option. Fixes bug 14142; bugfix on 0.2.4.7-alpha. Patch by "teor". - Fix a memory leak when using AutomapHostsOnResolve. Fixes bug 14195; bugfix on 0.1.0.1-rc. o Minor bugfixes (compilation): - Build without warnings with the stock OpenSSL srtp.h header, which has a duplicate declaration of SSL_get_selected_srtp_profile(). Fixes bug 14220; this is OpenSSL's bug, not ours. o Minor bugfixes (directory authority): - Allow directory authorities to fetch more data from one another if they find themselves missing lots of votes. Previously, they had been bumping against the 10 MB queued data limit. Fixes bug 14261; bugfix on 0.1.2.5-alpha. - Enlarge the buffer to read bwauth generated files to avoid an issue when parsing the file in dirserv_read_measured_bandwidths(). Fixes bug 14125; bugfix on 0.2.2.1-alpha. o Minor bugfixes (statistics): - Increase period over which bandwidth observations are aggregated from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1. o Minor bugfixes (preventative security, C safety): - When reading a hexadecimal, base-32, or base-64 encoded value from a string, always overwrite the whole output buffer. This prevents some bugs where we would look at (but fortunately, not reveal) uninitialized memory on the stack. Fixes bug 14013; bugfix on all versions of Tor.

1 0

Tor 0.2.4.26 is released
by Nick Mathewson 24 Mar '15

24 Mar '15

Hello! I released Tor 0.2.4.26 last week. This is the formal announcement. (Per usual practice with non-critical stable releases, I've delayed the tor-announce announcement to give distributions have a chance to make packages. If you are a packager and you didn't notice that, please let me know and I'll put you on the list of people I notify extra-early about new releases.) Tor 0.2.4 is the oldest supported release series. It will receive only patches for really serious issues. Most people should consider upgrading to 0.2.5 or 0.2.6 instead. You can get the source code for Tor 0.2.4.26 at https://dist.torproject.org/ Changes in version 0.2.4.26 - 2015-03-17 Tor 0.2.4.26 includes an updated list of directory authorities. It also backports a couple of stability and security bugfixes from 0.2.5 and beyond. o Directory authority changes: - Remove turtles as a directory authority. - Add longclaw as a new (v3) directory authority. This implements ticket 13296. This keeps the directory authority count at 9. - The directory authority Faravahar has a new IP address. This closes ticket 14487. o Major bugfixes (exit node stability, also in 0.2.6.3-alpha): - Fix an assertion failure that could occur under high DNS load. Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed by "cypherpunks". o Major bugfixes (relay, stability, possible security, also in 0.2.6.4-rc): - Fix a bug that could lead to a relay crashing with an assertion failure if a buffer of exactly the wrong layout was passed to buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'. - Do not assert if the 'data' pointer on a buffer is advanced to the very end of the buffer; log a BUG message instead. Only assert if it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha. o Minor features (geoip): - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database. - Update geoip6 to the March 3 2015 Maxmind GeoLite2 Country database.

1 0

Tor 0.2.5.10 is released!
by Nick Mathewson 25 Oct '14

25 Oct '14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, all. This is a release announcement for Tor 0.2.5.10, which I released as source yesterday. You can download the source from the usual places on our website. Some operating system packages should already be available; others will likely be released over the next week. (Usually, I'd wait for more packages to be available before announcing a stable release, but people have been asking me questions about whether this is official or not. So there you have it!) Changes in version 0.2.5.10 - 2014-10-24 Tor 0.2.5.10 is the first stable release in the 0.2.5 series. It adds several new security features, including improved denial-of-service resistance for relays, new compiler hardening options, and a system-call sandbox for hardened installations on Linux (requires seccomp2). The controller protocol has several new features, resolving IPv6 addresses should work better than before, and relays should be a little more CPU-efficient. We've added support for more OpenBSD and FreeBSD transparent proxy types. We've improved the build system and testing infrastructure to allow unit testing of more parts of the Tor codebase. Finally, we've addressed several nagging pluggable transport usability issues, and included numerous other small bugfixes and features mentioned below. This release marks end-of-life for Tor 0.2.3.x; those Tor versions have accumulated many known flaws; everyone should upgrade. o Major features (security): - The ntor handshake is now on-by-default, no matter what the directory authorities recommend. Implements ticket 8561. - Make the "tor-gencert" tool used by directory authority operators create 2048-bit signing keys by default (rather than 1024-bit, since 1024-bit is uncomfortably small these days). Addresses ticket 10324. - Warn about attempts to run hidden services and relays in the same process: that's probably not a good idea. Closes ticket 12908. - Disable support for SSLv3. All versions of OpenSSL in use with Tor today support TLS 1.0 or later, so we can safely turn off support for this old (and insecure) protocol. Fixes bug 13426. o Major features (relay security, DoS-resistance): - When deciding whether we have run out of memory and we need to close circuits, also consider memory allocated in buffers for streams attached to each circuit. This change, which extends an anti-DoS feature introduced in 0.2.4.13-alpha and improved in 0.2.4.14-alpha, lets Tor exit relays better resist more memory-based DoS attacks than before. Since the MaxMemInCellQueues option now applies to all queues, it is renamed to MaxMemInQueues. This feature fixes bug 10169. - Avoid hash-flooding denial-of-service attacks by using the secure SipHash-2-4 hash function for our hashtables. Without this feature, an attacker could degrade performance of a targeted client or server by flooding their data structures with a large number of entries to be stored at the same hash table position, thereby slowing down the Tor instance. With this feature, hash table positions are derived from a randomized cryptographic key, and an attacker cannot predict which entries will collide. Closes ticket 4900. - If you don't specify MaxMemInQueues yourself, Tor now tries to pick a good value based on your total system memory. Previously, the default was always 8 GB. You can still override the default by setting MaxMemInQueues yourself. Resolves ticket 11396. o Major features (bridges and pluggable transports): - Add support for passing arguments to managed pluggable transport proxies. Implements ticket 3594. - Bridges now track GeoIP information and the number of their users even when pluggable transports are in use, and report usage statistics in their extra-info descriptors. Resolves tickets 4773 and 5040. - Don't launch pluggable transport proxies if we don't have any bridges configured that would use them. Now we can list many pluggable transports, and Tor will dynamically start one when it hears a bridge address that needs it. Resolves ticket 5018. - The bridge directory authority now assigns status flags (Stable, Guard, etc) to bridges based on thresholds calculated over all Running bridges. Now bridgedb can finally make use of its features to e.g. include at least one Stable bridge in its answers. Fixes bug 9859. o Major features (controller): - Extend ORCONN controller event to include an "ID" parameter, and add four new controller event types CONN_BW, CIRC_BW, CELL_STATS, and TB_EMPTY that show connection and circuit usage. The new events are emitted in private Tor networks only, with the goal of being able to better track performance and load during full-network simulations. Implements proposal 218 and ticket 7359. o Major features (relay performance): - Speed up server-side lookups of rendezvous and introduction point circuits by using hashtables instead of linear searches. These functions previously accounted between 3 and 7% of CPU usage on some busy relays. Resolves ticket 9841. - Avoid wasting CPU when extending a circuit over a channel that is nearly out of circuit IDs. Previously, we would do a linear scan over possible circuit IDs before finding one or deciding that we had exhausted our possibilities. Now, we try at most 64 random circuit IDs before deciding that we probably won't succeed. Fixes a possible root cause of ticket 11553. o Major features (seccomp2 sandbox, Linux only): - Use the seccomp2 syscall filtering facility on Linux to limit which system calls Tor can invoke. This is an experimental, Linux-only feature to provide defense-in-depth against unknown attacks. To try turning it on, set "Sandbox 1" in your torrc file. Please be ready to report bugs. We hope to add support for better sandboxing in the future, including more fine-grained filters, better division of responsibility, and support for more platforms. This work has been done by Cristian-Matei Toader for Google Summer of Code. Resolves tickets 11351 and 11465. o Major features (testing networks): - Make testing Tor networks bootstrap better: lower directory fetch retry schedules and maximum interval without directory requests, and raise maximum download tries. Implements ticket 6752. - Add make target 'test-network' to run tests on a Chutney network. Implements ticket 8530. o Major features (other): - On some platforms (currently: recent OSX versions, glibc-based platforms that support the ELF format, and a few other Unix-like operating systems), Tor can now dump stack traces when a crash occurs or an assertion fails. By default, traces are dumped to stderr (if possible) and to any logs that are reporting errors. Implements ticket 9299. o Deprecated versions: - Tor 0.2.3.x has reached end-of-life; it has received no patches or attention for some while. o Major bugfixes (security, directory authorities): - Directory authorities now include a digest of each relay's identity key as a part of its microdescriptor. This is a workaround for bug 11743 (reported by "cypherpunks"), where Tor clients do not support receiving multiple microdescriptors with the same SHA256 digest in the same consensus. When clients receive a consensus like this, they only use one of the relays. Without this fix, a hostile relay could selectively disable some client use of target relays by constructing a router descriptor with a different identity and the same microdescriptor parameters and getting the authorities to list it in a microdescriptor consensus. This fix prevents an attacker from causing a microdescriptor collision, because the router's identity is not forgeable. o Major bugfixes (openssl bug workaround): - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or 1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug 13471. This is a workaround for an OpenSSL bug. o Major bugfixes (client): - Perform circuit cleanup operations even when circuit construction operations are disabled (because the network is disabled, or because there isn't enough directory information). Previously, when we were not building predictive circuits, we were not closing expired circuits either. Fixes bug 8387; bugfix on 0.1.1.11-alpha. This bug became visible in 0.2.4.10-alpha when we became more strict about when we have "enough directory information to build circuits". o Major bugfixes (client, pluggable transports): - When managing pluggable transports, use OS notification facilities to learn if they have crashed, and don't attempt to kill any process that has already exited. Fixes bug 8746; bugfix on 0.2.3.6-alpha. o Major bugfixes (relay denial of service): - Instead of writing destroy cells directly to outgoing connection buffers, queue them and intersperse them with other outgoing cells. This can prevent a set of resource starvation conditions where too many pending destroy cells prevent data cells from actually getting delivered. Reported by "oftc_must_be_destroyed". Fixes bug 7912; bugfix on 0.2.0.1-alpha. o Major bugfixes (relay): - Avoid queuing or sending destroy cells for circuit ID zero when we fail to send a CREATE cell. Fixes bug 12848; bugfix on 0.0.8pre1. Found and fixed by "cypherpunks". - Fix ORPort reachability detection on relays running behind a proxy, by correctly updating the "local" mark on the controlling channel when changing the address of an or_connection_t after the handshake. Fixes bug 12160; bugfix on 0.2.4.4-alpha. - Use a direct dirport connection when uploading non-anonymous descriptors to the directory authorities. Previously, relays would incorrectly use tunnel connections under a fairly wide variety of circumstances. Fixes bug 11469; bugfix on 0.2.4.3-alpha. - When a circuit accidentally has the same circuit ID for its forward and reverse direction, correctly detect the direction of cells using that circuit. Previously, this bug made roughly one circuit in a million non-functional. Fixes bug 12195; this is a bugfix on every version of Tor. o Minor features (security): - New --enable-expensive-hardening option to enable security hardening options that consume nontrivial amounts of CPU and memory. Right now, this includes AddressSanitizer and UbSan, which are supported in newer versions of GCC and Clang. Closes ticket 11477. - Authorities now assign the Guard flag to the fastest 25% of the network (it used to be the fastest 50%). Also raise the consensus weight that guarantees the Guard flag from 250 to 2000. For the current network, this results in about 1100 guards, down from 2500. This step paves the way for moving the number of entry guards down to 1 (proposal 236) while still providing reasonable expected performance for most users. Implements ticket 12690. o Minor features (security, memory management): - Memory allocation tricks (mempools and buffer freelists) are now disabled by default. You can turn them back on with --enable-mempools and --enable-buf-freelists respectively. We're disabling these features because malloc performance is good enough on most platforms, and a similar feature in OpenSSL exacerbated exploitation of the Heartbleed attack. Resolves ticket 11476. o Minor features (bridge client): - Report a more useful failure message when we can't connect to a bridge because we don't have the right pluggable transport configured. Resolves ticket 9665. Patch from Fábio J. Bertinatto. o Minor features (bridge): - Add an ExtORPortCookieAuthFileGroupReadable option to make the cookie file for the ExtORPort g+r by default. o Minor features (bridges, pluggable transports): - Bridges now write the SHA1 digest of their identity key fingerprint (that is, a hash of a hash of their public key) to notice-level logs, and to a new hashed-fingerprint file. This information will help bridge operators look up their bridge in Globe and similar tools. Resolves ticket 10884. - Improve the message that Tor displays when running as a bridge using pluggable transports without an Extended ORPort listener. Also, log the message in the log file too. Resolves ticket 11043. - Add threshold cutoffs to the networkstatus document created by the Bridge Authority. Fixes bug 1117. - On Windows, spawn background processes using the CREATE_NO_WINDOW flag. Now Tor Browser Bundle 3.5 with pluggable transports enabled doesn't pop up a blank console window. (In Tor Browser Bundle 2.x, Vidalia set this option for us.) Implements ticket 10297. o Minor features (build): - The configure script has a --disable-seccomp option to turn off support for libseccomp on systems that have it, in case it (or Tor's use of it) is broken. Resolves ticket 11628. - Assume that a user using ./configure --host wants to cross-compile, and give an error if we cannot find a properly named tool-chain. Add a --disable-tool-name-check option to proceed nevertheless. Addresses ticket 9869. Patch by Benedikt Gollatz. - If we run ./configure and the compiler recognizes -fstack-protector but the linker rejects it, warn the user about a potentially missing libssp package. Addresses ticket 9948. Patch from Benedikt Gollatz. - Add support for `--library-versions` flag. Implements ticket 6384. - Return the "unexpected sendme" warnings to a warn severity, but make them rate limited, to help diagnose ticket 8093. - Detect a missing asciidoc, and warn the user about it, during configure rather than at build time. Fixes issue 6506. Patch from Arlo Breault. o Minor features (client): - Add a new option, PredictedPortsRelevanceTime, to control how long after having received a request to connect to a given port Tor will try to keep circuits ready in anticipation of future requests for that port. Patch from "unixninja92"; implements ticket 9176. o Minor features (config options and command line): - Add an --allow-missing-torrc commandline option that tells Tor to run even if the configuration file specified by -f is not available. Implements ticket 10060. - Add support for the TPROXY transparent proxying facility on Linux. See documentation for the new TransProxyType option for more details. Implementation by "thomo". Closes ticket 10582. o Minor features (config options): - Config (torrc) lines now handle fingerprints which are missing their initial '$'. Resolves ticket 4341; improvement over 0.0.9pre5. - Support a --dump-config option to print some or all of the configured options. Mainly useful for debugging the command-line option parsing code. Helps resolve ticket 4647. - Raise awareness of safer logging: notify user of potentially unsafe config options, like logging more verbosely than severity "notice" or setting SafeLogging to 0. Resolves ticket 5584. - Add a new configuration option TestingV3AuthVotingStartOffset that bootstraps a network faster by changing the timing for consensus votes. Addresses ticket 8532. - Add a new torrc option "ServerTransportOptions" that allows bridge operators to pass configuration parameters to their pluggable transports. Resolves ticket 8929. - The config (torrc) file now accepts bandwidth and space limits in bits as well as bytes. (Anywhere that you can say "2 Kilobytes", you can now say "16 kilobits", and so on.) Resolves ticket 9214. Patch by CharlieB. o Minor features (controller): - Make the entire exit policy available from the control port via GETINFO exit-policy/*. Implements enhancement 7952. Patch from "rl1987". - Because of the fix for ticket 11396, the real limit for memory usage may no longer match the configured MaxMemInQueues value. The real limit is now exposed via GETINFO limits/max-mem-in-queues. - Add a new "HS_DESC" controller event that reports activities related to hidden service descriptors. Resolves ticket 8510. - New "DROPGUARDS" controller command to forget all current entry guards. Not recommended for ordinary use, since replacing guards too frequently makes several attacks easier. Resolves ticket 9934; patch from "ra". - Implement the TRANSPORT_LAUNCHED control port event that notifies controllers about new launched pluggable transports. Resolves ticket 5609. o Minor features (diagnostic): - When logging a warning because of bug 7164, additionally check the hash table for consistency (as proposed on ticket 11737). This may help diagnose bug 7164. - When we log a heartbeat, log how many one-hop circuits we have that are at least 30 minutes old, and log status information about a few of them. This is an attempt to track down bug 8387. - When encountering an unexpected CR while writing text to a file on Windows, log the name of the file. Should help diagnosing bug 11233. - Give more specific warnings when a client notices that an onion handshake has failed. Fixes ticket 9635. - Add significant new logging code to attempt to diagnose bug 12184, where relays seem to run out of available circuit IDs. - Improve the diagnostic log message for bug 8387 even further to try to improve our odds of figuring out why one-hop directory circuits sometimes do not get closed. - Add more log messages to diagnose bug 7164, which causes intermittent "microdesc_free() called but md was still referenced" warnings. We now include more information, to figure out why we might be cleaning a microdescriptor for being too old if it's still referenced by a live node_t object. - Log current accounting state (bytes sent and received + remaining time for the current accounting period) in the relay's heartbeat message. Implements ticket 5526; patch from Peter Retzlaff. o Minor features (geoip): - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2 Country database. o Minor features (interface): - Generate a warning if any ports are listed in the SocksPolicy, DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or AuthDirBadExit options. (These options only support address ranges.) Fixes part of ticket 11108. o Minor features (kernel API usage): - Use the SOCK_NONBLOCK socket type, if supported, to open nonblocking sockets in a single system call. Implements ticket 5129. o Minor features (log messages): - When ServerTransportPlugin is set on a bridge, Tor can write more useful statistics about bridge use in its extrainfo descriptors, but only if the Extended ORPort ("ExtORPort") is set too. Add a log message to inform the user in this case. Resolves ticket 9651. - When receiving a new controller connection, log the origin address. Resolves ticket 9698; patch from "sigpipe". - When logging OpenSSL engine status at startup, log the status of more engines. Fixes ticket 10043; patch from Joshua Datko. o Minor features (log verbosity): - Demote the message that we give when a flushing connection times out for too long from NOTICE to INFO. It was usually meaningless. Resolves ticket 5286. - Don't log so many notice-level bootstrapping messages at startup about downloading descriptors. Previously, we'd log a notice whenever we learned about more routers. Now, we only log a notice at every 5% of progress. Fixes bug 9963. - Warn less verbosely when receiving a malformed ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279. o Minor features (performance): - If we're using the pure-C 32-bit curve25519_donna implementation of curve25519, build it with the -fomit-frame-pointer option to make it go faster on register-starved hosts. This improves our handshake performance by about 6% on i386 hosts without nacl. Closes ticket 8109. o Minor features (relay): - If a circuit timed out for at least 3 minutes, check if we have a new external IP address, and publish a new descriptor with the new IP address if it changed. Resolves ticket 2454. o Minor features (testing): - If Python is installed, "make check" now runs extra tests beyond the unit test scripts. - When bootstrapping a test network, sometimes very few relays get the Guard flag. Now a new option "TestingDirAuthVoteGuard" can specify a set of relays which should be voted Guard regardless of their uptime or bandwidth. Addresses ticket 9206. o Minor features (transparent proxy, *BSD): - Support FreeBSD's ipfw firewall interface for TransPort ports on FreeBSD. To enable it, set "TransProxyType ipfw". Resolves ticket 10267; patch from "yurivict". - Support OpenBSD's divert-to rules with the pf firewall for transparent proxy ports. To enable it, set "TransProxyType pf-divert". This allows Tor to run a TransPort transparent proxy port on OpenBSD 4.4 or later without root privileges. See the pf.conf(5) manual page for information on configuring pf to use divert-to rules. Closes ticket 10896; patch from Dana Koch. o Minor bugfixes (bridge client): - Stop accepting bridge lines containing hostnames. Doing so would cause clients to perform DNS requests on the hostnames, which was not sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha. o Minor bugfixes (bridges): - Avoid potential crashes or bad behavior when launching a server-side managed proxy with ORPort or ExtORPort temporarily disabled. Fixes bug 9650; bugfix on 0.2.3.16-alpha. - Fix a bug where the first connection works to a bridge that uses a pluggable transport with client-side parameters, but we don't send the client-side parameters on subsequent connections. (We don't use any pluggable transports with client-side parameters yet, but ScrambleSuit will soon become the first one.) Fixes bug 9162; bugfix on 0.2.0.3-alpha. Based on a patch from "rl1987". o Minor bugfixes (build, auxiliary programs): - Stop preprocessing the "torify" script with autoconf, since it no longer refers to LOCALSTATEDIR. Fixes bug 5505; patch from Guilhem. - The tor-fw-helper program now follows the standard convention and exits with status code "0" on success. Fixes bug 9030; bugfix on 0.2.3.1-alpha. Patch by Arlo Breault. - Corrected ./configure advice for what openssl dev package you should install on Debian. Fixes bug 9207; bugfix on 0.2.0.1-alpha. o Minor bugfixes (client): - Avoid "Tried to open a socket with DisableNetwork set" warnings when starting a client with bridges configured and DisableNetwork set. (Tor launcher starts Tor with DisableNetwork set the first time it runs.) Fixes bug 10405; bugfix on 0.2.3.9-alpha. - Improve the log message when we can't connect to a hidden service because all of the hidden service directory nodes hosting its descriptor are excluded. Improves on our fix for bug 10722, which was a bugfix on 0.2.0.10-alpha. - Raise a control port warning when we fail to connect to all of our bridges. Previously, we didn't inform the controller, and the bootstrap process would stall. Fixes bug 11069; bugfix on 0.2.1.2-alpha. - Exit immediately when a process-owning controller exits. Previously, tor relays would wait for a little while after their controller exited, as if they had gotten an INT signal -- but this was problematic, since there was no feedback for the user. To do a clean shutdown, controllers should send an INT signal and give Tor a chance to clean up. Fixes bug 10449; bugfix on 0.2.2.28-beta. - Stop attempting to connect to bridges before our pluggable transports are configured (harmless but resulted in some erroneous log messages). Fixes bug 11156; bugfix on 0.2.3.2-alpha. - Fix connections to IPv6 addresses over SOCKS5. Previously, we were generating incorrect SOCKS5 responses, and confusing client applications. Fixes bug 10987; bugfix on 0.2.4.7-alpha. o Minor bugfixes (client, DNSPort): - When using DNSPort, try to respond to AAAA requests with AAAA answers. Previously, we hadn't looked at the request type when deciding which answer type to prefer. Fixes bug 10468; bugfix on 0.2.4.7-alpha. - When receiving a DNS query for an unsupported record type, reply with no answer rather than with a NOTIMPL error. This behavior isn't correct either, but it will break fewer client programs, we hope. Fixes bug 10268; bugfix on 0.2.0.1-alpha. Original patch from "epoch". o Minor bugfixes (client, logging during bootstrap): - Only report the first fatal bootstrap error on a given OR connection. This stops us from telling the controller bogus error messages like "DONE". Fixes bug 10431; bugfix on 0.2.1.1-alpha. - Avoid generating spurious warnings when starting with DisableNetwork enabled. Fixes bug 11200 and bug 10405; bugfix on 0.2.3.9-alpha. o Minor bugfixes (closing OR connections): - If write_to_buf() in connection_write_to_buf_impl_() ever fails, check if it's an or_connection_t and correctly call connection_or_close_for_error() rather than connection_mark_for_close() directly. Fixes bug 11304; bugfix on 0.2.4.4-alpha. - When closing all connections on setting DisableNetwork to 1, use connection_or_close_normally() rather than closing OR connections out from under the channel layer. Fixes bug 11306; bugfix on 0.2.4.4-alpha. o Minor bugfixes (code correctness): - Previously we used two temporary files when writing descriptors to disk; now we only use one. Fixes bug 1376. - Remove an erroneous (but impossible and thus harmless) pointer comparison that would have allowed compilers to skip a bounds check in channeltls.c. Fixes bugs 10313 and 9980; bugfix on 0.2.0.10-alpha. Noticed by Jared L Wong and David Fifield. - Fix an always-true assertion in pluggable transports code so it actually checks what it was trying to check. Fixes bug 10046; bugfix on 0.2.3.9-alpha. Found by "dcb". o Minor bugfixes (command line): - Use a single command-line parser for parsing torrc options on the command line and for finding special command-line options to avoid inconsistent behavior for torrc option arguments that have the same names as command-line options. Fixes bugs 4647 and 9578; bugfix on 0.0.9pre5. - No longer allow 'tor --hash-password' with no arguments. Fixes bug 9573; bugfix on 0.0.9pre5. o Minor bugfixes (compilation): - Compile correctly with builds and forks of OpenSSL (such as LibreSSL) that disable compression. Fixes bug 12602; bugfix on 0.2.1.1-alpha. Patch from "dhill". - Restore the ability to compile Tor with V2_HANDSHAKE_SERVER turned off (that is, without support for v2 link handshakes). Fixes bug 4677; bugfix on 0.2.3.2-alpha. Patch from "piet". - In routerlist_assert_ok(), don't take the address of a routerinfo's cache_info member unless that routerinfo is non-NULL. Fixes bug 13096; bugfix on 0.1.1.9-alpha. Patch by "teor". - Fix a large number of false positive warnings from the clang analyzer static analysis tool. This should make real warnings easier for clang analyzer to find. Patch from "teor". Closes ticket 13036. - Resolve GCC complaints on OpenBSD about discarding constness in TO_{ORIGIN,OR}_CIRCUIT functions. Fixes part of bug 11633; bugfix on 0.1.1.23. Patch from Dana Koch. - Resolve clang complaints on OpenBSD with -Wshorten-64-to-32 due to treatment of long and time_t as comparable types. Fixes part of bug 11633. Patch from Dana Koch. - When deciding whether to build the 64-bit curve25519 implementation, detect platforms where we can compile 128-bit arithmetic but cannot link it. Fixes bug 11729; bugfix on 0.2.4.8-alpha. Patch from "conradev". - Fix compilation when DNS_CACHE_DEBUG is enabled. Fixes bug 11761; bugfix on 0.2.3.13-alpha. Found by "cypherpunks". - Fix compilation with dmalloc. Fixes bug 11605; bugfix on 0.2.4.10-alpha. - Build and run correctly on systems like OpenBSD-current that have patched OpenSSL to remove get_cipher_by_char and/or its implementations. Fixes issue 13325. o Minor bugfixes (controller and command-line): - If changing a config option via "setconf" fails in a recoverable way, we used to nonetheless write our new control ports to the file described by the "ControlPortWriteToFile" option. Now we only write out that file if we successfully switch to the new config option. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from "Ryman". o Minor bugfixes (directory server): - No longer accept malformed http headers when parsing urls from headers. Now we reply with Bad Request ("400"). Fixes bug 2767; bugfix on 0.0.6pre1. - When sending a compressed set of descriptors or microdescriptors, make sure to finalize the zlib stream. Previously, we would write all the compressed data, but if the last descriptor we wanted to send was missing or too old, we would not mark the stream as finished. This caused problems for decompression tools. Fixes bug 11648; bugfix on 0.1.1.23. o Minor bugfixes (hidden service): - Only retry attempts to connect to a chosen rendezvous point 8 times, not 30. Fixes bug 4241; bugfix on 0.1.0.1-rc. o Minor bugfixes (interface): - Reject relative control socket paths and emit a warning. Previously, single-component control socket paths would be rejected, but Tor would not log why it could not validate the config. Fixes bug 9258; bugfix on 0.2.3.16-alpha. o Minor bugfixes (log messages): - Fix a bug where clients using bridges would report themselves as 50% bootstrapped even without a live consensus document. Fixes bug 9922; bugfix on 0.2.1.1-alpha. - Suppress a warning where, if there's only one directory authority in the network, we would complain that votes and signatures cannot be uploaded to other directory authorities. Fixes bug 10842; bugfix on 0.2.2.26-beta. - Report bootstrapping progress correctly when we're downloading microdescriptors. We had updated our "do we have enough microdescs to begin building circuits?" logic most recently in 0.2.4.10-alpha (see bug 5956), but we left the bootstrap status event logic at "how far through getting 1/4 of them are we?" Fixes bug 9958; bugfix on 0.2.2.36, which is where they diverged (see bug 5343). o Minor bugfixes (logging): - Downgrade "Unexpected onionskin length after decryption" warning to a protocol-warn, since there's nothing relay operators can do about a client that sends them a malformed create cell. Resolves bug 12996; bugfix on 0.0.6rc1. - Log more specific warnings when we get an ESTABLISH_RENDEZVOUS cell on a cannibalized or non-OR circuit. Resolves ticket 12997. - When logging information about an EXTEND2 or EXTENDED2 cell, log their names correctly. Fixes part of bug 12700; bugfix on 0.2.4.8-alpha. - When logging information about a relay cell whose command we don't recognize, log its command as an integer. Fixes part of bug 12700; bugfix on 0.2.1.10-alpha. - Escape all strings from the directory connection before logging them. Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor". - Squelch a spurious LD_BUG message "No origin circuit for successful SOCKS stream" in certain hidden service failure cases; fixes bug 10616. - Downgrade the severity of the 'unexpected sendme cell from client' from 'warn' to 'protocol warning'. Closes ticket 8093. o Minor bugfixes (misc code correctness): - In munge_extrainfo_into_routerinfo(), check the return value of memchr(). This would have been a serious issue if we ever passed it a non-extrainfo. Fixes bug 8791; bugfix on 0.2.0.6-alpha. Patch from Arlo Breault. - On the chance that somebody manages to build Tor on a platform where time_t is unsigned, correct the way that microdesc_add_to_cache() handles negative time arguments. Fixes bug 8042; bugfix on 0.2.3.1-alpha. - Fix various instances of undefined behavior in channeltls.c, tor_memmem(), and eventdns.c that would cause us to construct pointers to memory outside an allocated object. (These invalid pointers were not accessed, but C does not even allow them to exist.) Fixes bug 10363; bugfixes on 0.1.1.1-alpha, 0.1.2.1-alpha, 0.2.0.10-alpha, and 0.2.3.6-alpha. Reported by "bobnomnom". - Use the AddressSanitizer and Ubsan sanitizers (in clang-3.4) to fix some miscellaneous errors in our tests and codebase. Fixes bug 11232. Bugfixes on versions back as far as 0.2.1.11-alpha. - Always check return values for unlink, munmap, UnmapViewOfFile; check strftime return values more often. In some cases all we can do is report a warning, but this may help prevent deeper bugs from going unnoticed. Closes ticket 8787; bugfixes on many, many tor versions. - Fix numerous warnings from the clang "scan-build" static analyzer. Some of these are programming style issues; some of them are false positives that indicated awkward code; some are undefined behavior cases related to constructing (but not using) invalid pointers; some are assumptions about API behavior; some are (harmlessly) logging sizeof(ptr) bytes from a token when sizeof(*ptr) would be correct; and one or two are genuine bugs that weren't reachable from the rest of the program. Fixes bug 8793; bugfixes on many, many tor versions. o Minor bugfixes (node selection): - If ExcludeNodes is set, consider non-excluded hidden service directory servers before excluded ones. Do not consider excluded hidden service directory servers at all if StrictNodes is set. (Previously, we would sometimes decide to connect to those servers, and then realize before we initiated a connection that we had excluded them.) Fixes bug 10722; bugfix on 0.2.0.10-alpha. Reported by "mr-4". - If we set the ExitNodes option but it doesn't include any nodes that have the Exit flag, we would choose not to bootstrap. Now we bootstrap so long as ExitNodes includes nodes which can exit to some port. Fixes bug 10543; bugfix on 0.2.4.10-alpha. o Minor bugfixes (performance): - Avoid a bug where every successful connection made us recompute the flag telling us whether we have sufficient information to build circuits. Previously, we would forget our cached value whenever we successfully opened a channel (or marked a router as running or not running for any other reason), regardless of whether we had previously believed the router to be running. This forced us to run an expensive update operation far too often. Fixes bug 12170; bugfix on 0.1.2.1-alpha. - Avoid using tor_memeq() for checking relay cell integrity. This removes a possible performance bottleneck. Fixes part of bug 12169; bugfix on 0.2.1.31. o Minor bugfixes (platform-specific): - When dumping a malformed directory object to disk, save it in binary mode on Windows, not text mode. Fixes bug 11342; bugfix on 0.2.2.1-alpha. - Don't report failures from make_socket_reuseable() on incoming sockets on OSX: this can happen when incoming connections close early. Fixes bug 10081. o Minor bugfixes (pluggable transports): - Avoid another 60-second delay when starting Tor in a pluggable- transport-using configuration when we already have cached descriptors for our bridges. Fixes bug 11965; bugfix on 0.2.3.6-alpha. o Minor bugfixes (protocol correctness): - When receiving a VERSIONS cell with an odd number of bytes, close the connection immediately since the cell is malformed. Fixes bug 10365; bugfix on 0.2.0.10-alpha. Spotted by "bobnomnom"; fix by "rl1987". o Minor bugfixes (relay, other): - We now drop CREATE cells for already-existent circuit IDs and for zero-valued circuit IDs, regardless of other factors that might otherwise have called for DESTROY cells. Fixes bug 12191; bugfix on 0.0.8pre1. - When rejecting DATA cells for stream_id zero, still count them against the circuit's deliver window so that we don't fail to send a SENDME. Fixes bug 11246; bugfix on 0.2.4.10-alpha. o Minor bugfixes (relay, threading): - Check return code on spawn_func() in cpuworker code, so that we don't think we've spawned a nonworking cpuworker and write junk to it forever. Fix related to bug 4345; bugfix on all released Tor versions. Found by "skruffy". - Use a pthread_attr to make sure that spawn_func() cannot return an error while at the same time launching a thread. Fix related to bug 4345; bugfix on all released Tor versions. Reported by "cypherpunks". o Minor bugfixes (relays and bridges): - Avoid crashing on a malformed resolv.conf file when running a relay using Libevent 1. Fixes bug 8788; bugfix on 0.1.1.23. - Non-exit relays no longer launch mock DNS requests to check for DNS hijacking. This has been unnecessary since 0.2.1.7-alpha, when non-exit relays stopped servicing DNS requests. Fixes bug 965; bugfix on 0.2.1.7-alpha. Patch from Matt Pagan. - Bridges now report complete directory request statistics. Related to bug 5824; bugfix on 0.2.2.1-alpha. - Bridges now never collect statistics that were designed for relays. Fixes bug 5824; bugfix on 0.2.3.8-alpha. o Minor bugfixes (testing): - Fix all valgrind warnings produced by the unit tests. There were over a thousand memory leak warnings previously, mostly produced by forgetting to free things in the unit test code. Fixes bug 11618, bugfixes on many versions of Tor. o Minor bugfixes (tor-fw-helper): - Give a correct log message when tor-fw-helper fails to launch. (Previously, we would say something like "tor-fw-helper sent us a string we could not parse".) Fixes bug 9781; bugfix on 0.2.4.2-alpha. o Minor bugfixes (trivial memory leaks): - Fix a small memory leak when signing a directory object. Fixes bug 11275; bugfix on 0.2.4.13-alpha. - Resolve some memory leaks found by coverity in the unit tests, on exit in tor-gencert, and on a failure to compute digests for our own keys when generating a v3 networkstatus vote. These leaks should never have affected anyone in practice. o Code simplification and refactoring: - Remove some old fallback code designed to keep Tor clients working in a network with only two working relays. Elsewhere in the code we have long since stopped supporting such networks, so there wasn't much point in keeping it around. Addresses ticket 9926. - Reject 0-length EXTEND2 cells more explicitly. Fixes bug 10536; bugfix on 0.2.4.8-alpha. Reported by "cypherpunks". - Extract the common duplicated code for creating a subdirectory of the data directory and writing to a file in it. Fixes ticket 4282; patch from Peter Retzlaff. - Since OpenSSL 0.9.7, the i2d_*() functions support allocating output buffer. Avoid calling twice: i2d_RSAPublicKey(), i2d_DHparams(), i2d_X509(), and i2d_PublicKey(). Resolves ticket 5170. - Add a set of accessor functions for the circuit timeout data structure. Fixes ticket 6153; patch from "piet". - Clean up exit paths from connection_listener_new(). Closes ticket 8789. Patch from Arlo Breault. - Since we rely on OpenSSL 0.9.8 now, we can use EVP_PKEY_cmp() and drop our own custom pkey_eq() implementation. Fixes bug 9043. - Use a doubly-linked list to implement the global circuit list. Resolves ticket 9108. Patch from Marek Majkowski. - Remove contrib/id_to_fp.c since it wasn't used anywhere. - Remove constants and tests for PKCS1 padding; it's insecure and shouldn't be used for anything new. Fixes bug 8792; patch from Arlo Breault. - Remove instances of strcpy() from the unit tests. They weren't hurting anything, since they were only in the unit tests, but it's embarassing to have strcpy() in the code at all, and some analysis tools don't like it. Fixes bug 8790; bugfix on 0.2.3.6-alpha and 0.2.3.8-alpha. Patch from Arlo Breault. - Remove is_internal_IP() function. Resolves ticket 4645. - Remove unused function circuit_dump_by_chan from circuitlist.c. Closes issue 9107; patch from "marek". - Change our use of the ENUM_BF macro to avoid declarations that confuse Doxygen. - Get rid of router->address, since in all cases it was just the string representation of router->addr. Resolves ticket 5528. o Documentation: - Adjust the URLs in the README to refer to the new locations of several documents on the website. Fixes bug 12830. Patch from Matt Pagan. - Document 'reject6' and 'accept6' ExitPolicy entries. Resolves ticket 12878. - Update manpage to describe some of the files you can expect to find in Tor's DataDirectory. Addresses ticket 9839. - Clean up several option names in the manpage to match their real names, add the missing documentation for a couple of testing and directory authority options, remove the documentation for a V2-directory fetching option that no longer exists. Resolves ticket 11634. - Correct the documenation so that it lists the correct directory for the stats files. (They are in a subdirectory called "stats", not "status".) - In the manpage, move more authority-only options into the directory authority section so that operators of regular directory caches don't get confused. - Fix the layout of the SOCKSPort flags in the manpage. Fixes bug 11061; bugfix on 0.2.4.7-alpha. - Resolve warnings from Doxygen. - Document in the manpage that "KBytes" may also be written as "kilobytes" or "KB", that "Kbits" may also be written as "kilobits", and so forth. Closes ticket 9222. - Document that the ClientOnly config option overrides ORPort. Our old explanation made ClientOnly sound as though it did nothing at all. Resolves bug 9059. - Explain that SocksPolicy, DirPolicy, and similar options don't take port arguments. Fixes the other part of ticket 11108. - Fix a comment about the rend_server_descriptor_t.protocols field to more accurately describe its range. Also, make that field unsigned, to more accurately reflect its usage. Fixes bug 9099; bugfix on 0.2.1.5-alpha. - Fix the manpage's description of HiddenServiceAuthorizeClient: the maximum client name length is 16, not 19. Fixes bug 11118; bugfix on 0.2.1.6-alpha. o Package cleanup: - The contrib directory has been sorted and tidied. Before, it was an unsorted dumping ground for useful and not-so-useful things. Now, it is divided based on functionality, and the items which seemed to be nonfunctional or useless have been removed. Resolves ticket 8966; based on patches from "rl1987". o Removed code and features: - Clients now reject any directory authority certificates lacking a dir-key-crosscert element. These have been included since 0.2.1.9-alpha, so there's no real reason for them to be optional any longer. Completes proposal 157. Resolves ticket 10162. - Remove all code that existed to support the v2 directory system, since there are no longer any v2 directory authorities. Resolves ticket 10758. - Remove the HSAuthoritativeDir and AlternateHSAuthority torrc options, which were used for designating authorities as "Hidden service authorities". There has been no use of hidden service authorities since 0.2.2.1-alpha, when we stopped uploading or downloading v0 hidden service descriptors. Fixes bug 10881; also part of a fix for bug 10841. - Remove /tor/dbg-stability.txt URL that was meant to help debug WFU and MTBF calculations, but that nobody was using. Fixes bug 11742. - The TunnelDirConns and PreferTunnelledDirConns options no longer exist; tunneled directory connections have been available since 0.1.2.5-alpha, and turning them off is not a good idea. This is a brute-force fix for 10849, where "TunnelDirConns 0" would break hidden services. - Remove all code for the long unused v1 directory protocol. Resolves ticket 11070. - Remove all remaining code related to version-0 hidden service descriptors: they have not been in use since 0.2.2.1-alpha. Fixes the rest of bug 10841. - Remove migration code from when we renamed the "cached-routers" file to "cached-descriptors" back in 0.2.0.8-alpha. This incidentally resolves ticket 6502 by cleaning up the related code a bit. Patch from Akshay Hebbar. o Test infrastructure: - Tor now builds each source file in two modes: a mode that avoids exposing identifiers needlessly, and another mode that exposes more identifiers for testing. This lets the compiler do better at optimizing the production code, while enabling us to take more radical measures to let the unit tests test things. - The production builds no longer include functions used only in the unit tests; all functions exposed from a module only for unit-testing are now static in production builds. - Add an --enable-coverage configuration option to make the unit tests (and a new src/or/tor-cov target) to build with gcov test coverage support. - Update to the latest version of tinytest. - Improve the tinytest implementation of string operation tests so that comparisons with NULL strings no longer crash the tests; they now just fail, normally. Fixes bug 9004; bugfix on 0.2.2.4-alpha. - New macros in test.h to simplify writing mock-functions for unit tests. Part of ticket 11507. Patch from Dana Koch. - We now have rudimentary function mocking support that our unit tests can use to test functions in isolation. Function mocking lets the tests temporarily replace a function's dependencies with stub functions, so that the tests can check the function without invoking the other functions it calls. o Testing: - Complete tests for the status.c module. Resolves ticket 11507. Patch from Dana Koch. - Add more unit tests for the <circid,channel>->circuit map, and the destroy-cell-tracking code to fix bug 7912. - Unit tests for failing cases of the TAP onion handshake. - More unit tests for address-manipulation functions. o Distribution (systemd): - Include a tor.service file in contrib/dist for use with systemd. Some distributions will be able to use this file unmodified; others will need to tweak it, or write their own. Patch from Jamie Nguyen; resolves ticket 8368. - Verify configuration file via ExecStartPre in the systemd unit file. Patch from intrigeri; resolves ticket 12730. - Explicitly disable RunAsDaemon in the systemd unit file. Our current systemd unit uses "Type = simple", so systemd does not expect tor to fork. If the user has "RunAsDaemon 1" in their torrc, then things won't work as expected. This is e.g. the case on Debian (and derivatives), since there we pass "--defaults-torrc /usr/share/tor/tor-service-defaults-torrc" (that contains "RunAsDaemon 1") by default. Patch by intrigeri; resolves ticket 12731. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGVAwUBVEva2pEDl9iNKTGaAQIwSwv/ZpDr0k88xIzEKu1BOQkVP+ZJ+0JRH+L+ ggDU69ZXhRveSoC1VK3asUb5DWWqsNhOBgLIGun8B/aa6dJmf54PgxhwHNAPdfi1 O9lv1AGsd3/k7GW0y/RwWUP8AdsDpD2YOsJvssi2sXBXnldAA9rL7AN9Z2k8yw7E zAjZO7v1FgKsKfUxwuzYHPShoePOYfISKWAJ10wApYcv4LHFacur312BP8e5zJWt nYpnlG5jxjyQ9WPJvjG1cYybbHccGn93q2mJjdWJfcUx3DwHfA+RAxsEONa3y5ZC ttIJXZkpLIBUhIZWxIPbenRBPffBgZT4N1AJee/kDri2OCvfMml+DksE/nreaYXm iLbCMNTV60mC4mUYPZKQG6EwuWpVPEf6c3JYnXRvdXVY/Y91D53/qGks3n56eU7v SObILrc67MM6/MauCs94nAqiYN/zOgDRdzTVw7b9r080Y6mfm/uoJROnHcoCZWSh cP1H+2Zc6KBBJR5zrOHLk8wDYUyBuAI/ =urIk -----END PGP SIGNATURE-----

1 0