[tor-talk] Tor is out

Andrew F andrewfriedman101 at gmail.com
Wed Oct 2 20:27:42 UTC 2013

Congratulations to all participants.   It looks fantastic.

On Wed, Oct 2, 2013 at 12:25 PM, Roger Dingledine <arma at mit.edu> wrote:

> Tor introduces experimental support for syscall sandboxing
> on Linux, allows bridges that offer pluggable transports to report usage
> statistics, fixes many issues to make testing easier, and provides
> a pile of minor features and bugfixes that have been waiting for a
> release of the new branch.
> This is the first alpha release in a new series, so expect there to
> be bugs. Users who would rather test out a more stable branch should
> stay with 0.2.4.x for now.
> I'm going to leave the download pages listing 0.2.3.x and 0.2.4.x,
> so we don't have the confusion of three branches at once. I'm also not
> sure yet how the packaging people plan to handle three branches.
> https://www.torproject.org/dist/
> Changes in version - 2013-10-02
>   o Major features (security):
>     - Use the seccomp2 syscall filtering facility on Linux to limit
>       which system calls Tor can invoke. This is an experimental,
>       Linux-only feature to provide defense-in-depth against unknown
>       attacks. To try turning it on, set "Sandbox 1" in your torrc
>       file. Please be ready to report bugs. We hope to add support
>       for better sandboxing in the future, including more fine-grained
>       filters, better division of responsibility, and support for more
>       platforms. This work has been done by Cristian-Matei Toader for
>       Google Summer of Code.
>     - Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later.
>       Resolves ticket 6055. (OpenSSL before 1.0.1 didn't have TLS 1.1 or
>       1.2, and OpenSSL from 1.0.1 through 1.0.1d had bugs that prevented
>       renegotiation from working with TLS 1.1 or 1.2, so we had disabled
>       them to solve bug 6033.)
>   o Major features (other):
>     - Add support for passing arguments to managed pluggable transport
>       proxies. Implements ticket 3594.
>     - Bridges now track GeoIP information and the number of their users
>       even when pluggable transports are in use, and report usage
>       statistics in their extra-info descriptors. Resolves tickets 4773
>       and 5040.
>     - Make testing Tor networks bootstrap better: lower directory fetch
>       retry schedules and maximum interval without directory requests,
>       and raise maximum download tries. Implements ticket 6752.
>     - Add make target 'test-network' to run tests on a Chutney network.
>       Implements ticket 8530.
>     - The ntor handshake is now on-by-default, no matter what the
>       directory authorities recommend. Implements ticket 8561.
>   o Major bugfixes:
>     - Instead of writing destroy cells directly to outgoing connection
>       buffers, queue them and intersperse them with other outgoing cells.
>       This can prevent a set of resource starvation conditions where too
>       many pending destroy cells prevent data cells from actually getting
>       delivered. Reported by "oftc_must_be_destroyed". Fixes bug 7912;
>       bugfix on
>     - If we are unable to save a microdescriptor to the journal, do not
>       drop it from memory and then reattempt downloading it. Fixes bug
>       9645; bugfix on
>     - The new channel code sometimes lost track of in-progress circuits,
>       causing long-running clients to stop building new circuits. The
>       fix is to always call circuit_n_chan_done(chan, 0) from
>       channel_closed(). Fixes bug 9776; bugfix on
>   o Build features:
>     - Tor now builds each source file in two modes: a mode that avoids
>       exposing identifiers needlessly, and another mode that exposes
>       more identifiers for testing. This lets the compiler do better at
>       optimizing the production code, while enabling us to take more
>       radical measures to let the unit tests test things.
>     - The production builds no longer include functions used only in
>       the unit tests; all functions exposed from a module only for
>       unit-testing are now static in production builds.
>     - Add an --enable-coverage configuration option to make the unit
>       tests (and a new src/or/tor-cov target) to build with gcov test
>       coverage support.
>   o Testing:
>     - We now have rudimentary function mocking support that our unit
>       tests can use to test functions in isolation. Function mocking
>       lets the tests temporarily replace a function's dependencies with
>       stub functions, so that the tests can check the function without
>       invoking the other functions it calls.
>     - Add more unit tests for the <circid,channel>->circuit map, and
>       the destroy-cell-tracking code to fix bug 7912.
>     - Unit tests for failing cases of the TAP onion handshake.
>     - More unit tests for address-manipulation functions.
>   o Minor features (protecting client timestamps):
>     - Clients no longer send timestamps in their NETINFO cells. These were
>       not used for anything, and they provided one small way for clients
>       to be distinguished from each other as they moved from network to
>       network or behind NAT. Implements part of proposal 222.
>     - Clients now round timestamps in INTRODUCE cells down to the nearest
>       10 minutes. If a new Support022HiddenServices option is set to 0, or
>       if it's set to "auto" and the feature is disabled in the consensus,
>       the timestamp is sent as 0 instead. Implements part of proposal 222.
>     - Stop sending timestamps in AUTHENTICATE cells. This is not such
>       a big deal from a security point of view, but it achieves no actual
>       good purpose, and isn't needed. Implements part of proposal 222.
>     - Reduce down accuracy of timestamps in hidden service descriptors.
>       Implements part of proposal 222.
>   o Minor features (config options):
>     - Config (torrc) lines now handle fingerprints which are missing
>       their initial '$'. Resolves ticket 4341; improvement over 0.0.9pre5.
>     - Support a --dump-config option to print some or all of the
>       configured options. Mainly useful for debugging the command-line
>       option parsing code. Helps resolve ticket 4647.
>     - Raise awareness of safer logging: notify user of potentially
>       unsafe config options, like logging more verbosely than severity
>       "notice" or setting SafeLogging to 0. Resolves ticket 5584.
>     - Add a new configuration option TestingV3AuthVotingStartOffset
>       that bootstraps a network faster by changing the timing for
>       consensus votes. Addresses ticket 8532.
>     - Add a new torrc option "ServerTransportOptions" that allows
>       bridge operators to pass configuration parameters to their
>       pluggable transports. Resolves ticket 8929.
>     - The config (torrc) file now accepts bandwidth and space limits in
>       bits as well as bytes. (Anywhere that you can say "2 Kilobytes",
>       you can now say "16 kilobits", and so on.) Resolves ticket 9214.
>       Patch by CharlieB.
>   o Minor features (build):
>     - Add support for `--library-versions` flag. Implements ticket 6384.
>     - Return the "unexpected sendme" warnings to a warn severity, but make
>       them rate limited, to help diagnose ticket 8093.
>     - Detect a missing asciidoc, and warn the user about it, during
>       configure rather than at build time. Fixes issue 6506. Patch from
>       Arlo Breault.
>   o Minor features (other):
>     - Use the SOCK_NONBLOCK socket type, if supported, to open nonblocking
>       sockets in a single system call. Implements ticket 5129.
>     - Log current accounting state (bytes sent and received + remaining
>       time for the current accounting period) in the relay's heartbeat
>       message. Implements ticket 5526; patch from Peter Retzlaff.
>     - Implement the TRANSPORT_LAUNCHED control port event that
>       notifies controllers about new launched pluggable
>       transports. Resolves ticket 5609.
>     - If we're using the pure-C 32-bit curve25519_donna implementation
>       of curve25519, build it with the -fomit-frame-pointer option to
>       make it go faster on register-starved hosts. This improves our
>       handshake performance by about 6% on i386 hosts without nacl.
>       Closes ticket 8109.
>     - Update to the September 4 2013 Maxmind GeoLite Country database.
>   o Minor bugfixes:
>     - Set the listen() backlog limit to the largest actually supported
>       on the system, not to the value in a header file. Fixes bug 9716;
>       bugfix on every released Tor.
>     - No longer accept malformed http headers when parsing urls from
>       headers. Now we reply with Bad Request ("400"). Fixes bug 2767;
>       bugfix on 0.0.6pre1.
>     - In munge_extrainfo_into_routerinfo(), check the return value of
>       memchr(). This would have been a serious issue if we ever passed
>       it a non-extrainfo. Fixes bug 8791; bugfix on Patch
>       from Arlo Breault.
>     - On the chance that somebody manages to build Tor on a
>       platform where time_t is unsigned, correct the way that
>       microdesc_add_to_cache() handles negative time arguments.
>       Fixes bug 8042; bugfix on
>     - Reject relative control socket paths and emit a warning. Previously,
>       single-component control socket paths would be rejected, but Tor
>       would not log why it could not validate the config. Fixes bug 9258;
>       bugfix on
>   o Minor bugfixes (command line):
>     - Use a single command-line parser for parsing torrc options on the
>       command line and for finding special command-line options to avoid
>       inconsistent behavior for torrc option arguments that have the same
>       names as command-line options. Fixes bugs 4647 and 9578; bugfix on
>       0.0.9pre5.
>     - No longer allow 'tor --hash-password' with no arguments. Fixes bug
>       9573; bugfix on 0.0.9pre5.
>   o Minor fixes (build, auxiliary programs):
>     - Stop preprocessing the "torify" script with autoconf, since
>       it no longer refers to LOCALSTATEDIR. Fixes bug 5505; patch
>       from Guilhem.
>     - The tor-fw-helper program now follows the standard convention and
>       exits with status code "0" on success. Fixes bug 9030; bugfix on
> Patch by Arlo Breault.
>     - Corrected ./configure advice for what openssl dev package you should
>       install on Debian. Fixes bug 9207; bugfix on
>   o Minor code improvements:
>     - Remove constants and tests for PKCS1 padding; it's insecure and
>       shouldn't be used for anything new. Fixes bug 8792; patch
>       from Arlo Breault.
>     - Remove instances of strcpy() from the unit tests. They weren't
>       hurting anything, since they were only in the unit tests, but it's
>       embarassing to have strcpy() in the code at all, and some analysis
>       tools don't like it. Fixes bug 8790; bugfix on and
> Patch from Arlo Breault.
>   o Removed features:
>     - Remove migration code from when we renamed the "cached-routers"
>       file to "cached-descriptors" back in This
>       incidentally resolves ticket 6502 by cleaning up the related code
>       a bit. Patch from Akshay Hebbar.
>   o Code simplification and refactoring:
>     - Extract the common duplicated code for creating a subdirectory
>       of the data directory and writing to a file in it. Fixes ticket
>       4282; patch from Peter Retzlaff.
>     - Since OpenSSL 0.9.7, the i2d_*() functions support allocating output
>       buffer. Avoid calling twice: i2d_RSAPublicKey(), i2d_DHparams(),
>       i2d_X509(), and i2d_PublicKey(). Resolves ticket 5170.
>     - Add a set of accessor functions for the circuit timeout data
>       structure. Fixes ticket 6153; patch from "piet".
>     - Clean up exit paths from connection_listener_new(). Closes ticket
>       8789. Patch from Arlo Breault.
>     - Since we rely on OpenSSL 0.9.8 now, we can use EVP_PKEY_cmp()
>       and drop our own custom pkey_eq() implementation. Fixes bug 9043.
>     - Use a doubly-linked list to implement the global circuit list.
>       Resolves ticket 9108. Patch from Marek Majkowski.
>     - Remove contrib/id_to_fp.c since it wasn't used anywhere.
> Version: GnuPG v1.4.10 (GNU/Linux)
> iD8DBQFSTHMj61qJaiiYi/URAmBvAJ9iBT2dZW97RCWm6GAUVoiNjniXFgCaAyty
> bn+gpWVAhisVCUwn9Ub83rM=
> =Lmqy
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsusbscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

More information about the tor-talk mailing list