On 10/21/2015 02:54 PM, Georg Koppen wrote:
Hi,
we are about to start a hardened Tor Browser series and the first nightly for it is ready to get tested (on 64bit Linux systems):
https://people.torproject.org/~gk/testbuilds/tor-browser-linux64-tbb-nightly... https://people.torproject.org/~gk/testbuilds/tor-browser-linux64-tbb-nightly...
Its major features are:
- expensive hardening for tor (ASan, UBSan...)
- ASan for the browser
- the locales we ship/support are included in one bundle allowing to
choose the locale for Tor Browser on start-up
We plan to have something like 3) for the regular alpha and stable series in the (near) future as well. Thus, testing it and providing feedback is extra welcome.
I experience a crash of Tor when I try to go to a new generated tor hidden service with just a default apache2 page from Debian Jessie.
I run Debian Jessie: Linux boardsofcanada 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1+deb8u4 (2015-09-19) x86_64 GNU/Linux
This happens everytime when I try to go to this URL.
Nov 01 00:12:30.000 [notice] Bootstrapped 85%: Finishing handshake with first hop Nov 01 00:12:30.000 [notice] New control connection opened from 127.0.0.1. Nov 01 00:12:31.000 [notice] Bootstrapped 90%: Establishing a Tor circuit Nov 01 00:12:31.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Nov 01 00:12:31.000 [notice] Bootstrapped 100%: Done console.error: [CustomizableUI] Custom widget with id loop-button does not return a valid node Nov 01 00:12:35.000 [notice] New control connection opened from 127.0.0.1. Nov 01 00:12:35.000 [notice] New control connection opened from 127.0.0.1. ================================================================= ==15963==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c0003fa4aa at pc 0x7f5804a9b94e bp 0x7ffcfe46a470 sp 0x7ffcfe46a468 READ of size 20 at 0x60c0003fa4aa thread T0 ASAN:SIGSEGV ==15963==AddressSanitizer: while reporting a bug found another one. Ignoring.