[tor-talk] Tor 0.2.5.4-alpha is released
nickm at freehaven.net
Sat Apr 26 15:01:10 UTC 2014
Changes in version 0.2.5.4-alpha - 2014-04-25
Tor 0.2.5.4-alpha includes several security and performance
improvements for clients and relays, including blacklisting authority
signing keys that were used while susceptible to the OpenSSL
"heartbleed" bug, fixing two expensive functions on busy relays,
improved TLS ciphersuite preference lists, support for run-time
hardening on compilers that support AddressSanitizer, and more work on
the Linux sandbox code.
There are also several usability fixes for clients (especially clients
that use bridges), two new TransPort protocols supported (one on
OpenBSD, one on FreeBSD), and various other bugfixes.
This release marks end-of-life for Tor 0.2.2.x; those Tor versions
have accumulated many known flaws; everyone should upgrade.
The source is ready today; packages should be ready in the next several days.
(I'm trying to take some load off of Roger's shoulders by doing
releases myself. This means that the signatures on the release are be
made with my PGP key, not Roger's. Please don't freak out.)
o Major features (security):
- If you don't specify MaxMemInQueues yourself, Tor now tries to
pick a good value based on your total system memory. Previously,
the default was always 8 GB. You can still override the default by
setting MaxMemInQueues yourself. Resolves ticket 11396.
- Block authority signing keys that were used on authorities
vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160). (We
don't have any evidence that these keys _were_ compromised; we're
doing this to be prudent.) Resolves ticket 11464.
o Major features (relay performance):
- Speed up server-side lookups of rendezvous and introduction point
circuits by using hashtables instead of linear searches. These
functions previously accounted between 3 and 7% of CPU usage on
some busy relays. Resolves ticket 9841.
- Avoid wasting CPU when extending a circuit over a channel that is
nearly out of circuit IDs. Previously, we would do a linear scan
over possible circuit IDs before finding one or deciding that we
had exhausted our possibilities. Now, we try at most 64 random
circuit IDs before deciding that we probably won't succeed. Fixes
a possible root cause of ticket 11553.
o Major features (seccomp2 sandbox, Linux only):
- The seccomp2 sandbox can now run a test network for multiple hours
without crashing. The sandbox is still experimental, and more bugs
will probably turn up. To try it, enable "Sandbox 1" on a Linux
host. Resolves ticket 11351.
- Strengthen sandbox code: the sandbox can now test the arguments
for rename(), and blocks _sysctl() entirely. Resolves another part
of ticket 11351.
- When the sandbox blocks a system call, it now tries to log a stack
trace before exiting. Resolves ticket 11465.
o Major bugfixes (TLS cipher selection):
- The relay ciphersuite list is now generated automatically based on
uniform criteria, and includes all OpenSSL ciphersuites with
acceptable strength and forward secrecy. Previously, we had left
some perfectly fine ciphersuites unsupported due to omission or
typo. Resolves bugs 11513, 11492, 11498, 11499. Bugs reported by
'cypherpunks'. Bugfix on 0.2.4.8-alpha.
- Relays now trust themselves to have a better view than clients of
which TLS ciphersuites are better than others. (Thanks to bug
11513, the relay list is now well-considered, whereas the client
list has been chosen mainly for anti-fingerprinting purposes.)
Relays prefer: AES over 3DES; then ECDHE over DHE; then GCM over
CBC; then SHA384 over SHA256 over SHA1; and last, AES256 over
AES128. Resolves ticket 11528.
- Clients now try to advertise the same list of ciphersuites as
Firefox 28. This change enables selection of (fast) GCM
ciphersuites, disables some strange old ciphers, and stops
advertising the ECDH (not to be confused with ECDHE) ciphersuites.
Resolves ticket 11438.
o Major bugfixes (bridge client):
- Avoid 60-second delays in the bootstrapping process when Tor is
launching for a second time while using bridges. Fixes bug 9229;
bugfix on 0.2.0.3-alpha.
o Minor features (transparent proxy, *BSD):
- Support FreeBSD's ipfw firewall interface for TransPort ports on
FreeBSD. To enable it, set "TransProxyType ipfw". Resolves ticket
10267; patch from "yurivict".
- Support OpenBSD's divert-to rules with the pf firewall for
transparent proxy ports. To enable it, set "TransProxyType
pf-divert". This allows Tor to run a TransPort transparent proxy
port on OpenBSD 4.4 or later without root privileges. See the
pf.conf(5) manual page for information on configuring pf to use
divert-to rules. Closes ticket 10896; patch from Dana Koch.
o Minor features (security):
- New --enable-expensive-hardening option to enable security
hardening options that consume nontrivial amounts of CPU and
memory. Right now, this includes AddressSanitizer and UbSan, which
are supported in newer versions of GCC and Clang. Closes ticket
o Minor features (log verbosity):
- Demote the message that we give when a flushing connection times
out for too long from NOTICE to INFO. It was usually meaningless.
Resolves ticket 5286.
- Don't log so many notice-level bootstrapping messages at startup
about downloading descriptors. Previously, we'd log a notice
whenever we learned about more routers. Now, we only log a notice
at every 5% of progress. Fixes bug 9963.
- Warn less verbosely when receiving a malformed
ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279.
- When we run out of usable circuit IDs on a channel, log only one
warning for the whole channel, and describe how many circuits
there were on the channel. Fixes part of ticket 11553.
o Minor features (relay):
- If a circuit timed out for at least 3 minutes, check if we have a
new external IP address, and publish a new descriptor with the new
IP address if it changed. Resolves ticket 2454.
o Minor features (controller):
- Make the entire exit policy available from the control port via
GETINFO exit-policy/*. Implements enhancement 7952. Patch from
- Because of the fix for ticket 11396, the real limit for memory
usage may no longer match the configured MaxMemInQueues value. The
real limit is now exposed via GETINFO limits/max-mem-in-queues.
o Minor features (bridge client):
- Report a more useful failure message when we can't connect to a
bridge because we don't have the right pluggable transport
configured. Resolves ticket 9665. Patch from Fábio J. Bertinatto.
o Minor features (diagnostic):
- Add more log messages to diagnose bug 7164, which causes
intermittent "microdesc_free() called but md was still referenced"
warnings. We now include more information, to figure out why we
might be cleaning a microdescriptor for being too old if it's
still referenced by a live node_t object.
o Minor bugfixes (client, DNSPort):
- When using DNSPort, try to respond to AAAA requests with AAAA
answers. Previously, we hadn't looked at the request type when
deciding which answer type to prefer. Fixes bug 10468; bugfix on
- When receiving a DNS query for an unsupported record type, reply
with no answer rather than with a NOTIMPL error. This behavior
isn't correct either, but it will break fewer client programs, we
hope. Fixes bug 10268; bugfix on 0.2.0.1-alpha. Original patch
o Minor bugfixes (exit relay):
- Stop leaking memory when we successfully resolve a PTR record.
Fixes bug 11437; bugfix on 0.2.4.7-alpha.
o Minor bugfixes (bridge client):
- Stop accepting bridge lines containing hostnames. Doing so would
cause clients to perform DNS requests on the hostnames, which was
not sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha.
- Avoid a 60-second delay in the bootstrapping process when a Tor
client with pluggable transports re-reads its configuration at
just the wrong time. Re-fixes bug 11156; bugfix on 0.2.5.3-alpha.
o Minor bugfixes (client, logging during bootstrap):
- Warn only once if we start logging in an unsafe way. Previously,
we complain as many times as we had problems. Fixes bug 9870;
bugfix on 0.2.5.1-alpha.
- Only report the first fatal bootstrap error on a given OR
connection. This stops us from telling the controller bogus error
messages like "DONE". Fixes bug 10431; bugfix on 0.2.1.1-alpha.
- Be more helpful when trying to run sandboxed on Linux without
libseccomp. Instead of saying "Sandbox is not implemented on this
platform", we now explain that we need to be built with
libseccomp. Fixes bug 11543; bugfix on 0.2.5.1-alpha.
- Avoid generating spurious warnings when starting with
DisableNetwork enabled. Fixes bug 11200 and bug 10405; bugfix on
o Minor bugfixes (closing OR connections):
- If write_to_buf() in connection_write_to_buf_impl_() ever fails,
check if it's an or_connection_t and correctly call
connection_or_close_for_error() rather than
connection_mark_for_close() directly. Fixes bug 11304; bugfix on
- When closing all connections on setting DisableNetwork to 1, use
connection_or_close_normally() rather than closing OR connections
out from under the channel layer. Fixes bug 11306; bugfix on
o Minor bugfixes (controller):
- Avoid sending a garbage value to the controller when a circuit is
cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
o Minor bugfixes (tor-fw-helper):
- Allow tor-fw-helper to build again by adding src/ext to its
CPPFLAGS. Fixes bug 11296; bugfix on 0.2.5.3-alpha.
o Minor bugfixes (bridges):
- Avoid potential crashes or bad behavior when launching a
server-side managed proxy with ORPort or ExtORPort temporarily
disabled. Fixes bug 9650; bugfix on 0.2.3.16-alpha.
o Minor bugfixes (platform-specific):
- Fix compilation on Solaris, which does not have <endian.h>. Fixes
bug 11426; bugfix on 0.2.5.3-alpha.
- When dumping a malformed directory object to disk, save it in
binary mode on Windows, not text mode. Fixes bug 11342; bugfix on
- Don't report failures from make_socket_reuseable() on incoming
sockets on OSX: this can happen when incoming connections close
early. Fixes bug 10081.
o Minor bugfixes (trivial memory leaks):
- Fix a small memory leak when signing a directory object. Fixes bug
11275; bugfix on 0.2.4.13-alpha.
- Free placeholder entries in our circuit table at exit; fixes a
harmless memory leak. Fixes bug 11278; bugfix on 0.2.5.1-alpha.
- Don't re-initialize a second set of OpenSSL mutexes when starting
up. Previously, we'd make one set of mutexes, and then immediately
replace them with another. Fixes bug 11726; bugfix on
- Resolve some memory leaks found by coverity in the unit tests, on
exit in tor-gencert, and on a failure to compute digests for our
own keys when generating a v3 networkstatus vote. These leaks
should never have affected anyone in practice.
o Minor bugfixes (hidden service):
- Only retry attempts to connect to a chosen rendezvous point 8
times, not 30. Fixes bug 4241; bugfix on 0.1.0.1-rc.
o Minor bugfixes (misc code correctness):
- Fix various instances of undefined behavior in channeltls.c,
tor_memmem(), and eventdns.c that would cause us to construct
pointers to memory outside an allocated object. (These invalid
pointers were not accessed, but C does not even allow them to
exist.) Fixes bug 10363; bugfixes on 0.1.1.1-alpha, 0.1.2.1-alpha,
0.2.0.10-alpha, and 0.2.3.6-alpha. Reported by "bobnomnom".
- Use the AddressSanitizer and Ubsan sanitizers (in clang-3.4) to
fix some miscellaneous errors in our tests and codebase. Fixes bug
11232. Bugfixes on versions back as far as 0.2.1.11-alpha.
- Always check return values for unlink, munmap, UnmapViewOfFile;
check strftime return values more often. In some cases all we can
do is report a warning, but this may help prevent deeper bugs from
going unnoticed. Closes ticket 8787; bugfixes on many, many tor
- Fix numerous warnings from the clang "scan-build" static analyzer.
Some of these are programming style issues; some of them are false
positives that indicated awkward code; some are undefined behavior
cases related to constructing (but not using) invalid pointers;
some are assumptions about API behavior; some are (harmlessly)
logging sizeof(ptr) bytes from a token when sizeof(*ptr) would be
correct; and one or two are genuine bugs that weren't reachable
from the rest of the program. Fixes bug 8793; bugfixes on many,
many tor versions.
- Build the torify.1 manpage again. Previously, we were only trying
to build it when also building tor-fw-helper. That's why we didn't
notice that we'd broken the ability to build it. Fixes bug 11321;
bugfix on 0.2.5.1-alpha.
- Fix the layout of the SOCKSPort flags in the manpage. Fixes bug
11061; bugfix on 0.2.4.7-alpha.
- Correctly document that we search for a system torrc file before
looking in ~/.torrc. Fixes documentation side of 9213; bugfix on
- Resolve warnings from Doxygen.
o Code simplifications and refactoring:
- Remove is_internal_IP() function. Resolves ticket 4645.
- Remove unused function circuit_dump_by_chan from circuitlist.c.
Closes issue 9107; patch from "marek".
- Change our use of the ENUM_BF macro to avoid declarations that
o Deprecated versions:
- Tor 0.2.2.x has reached end-of-life; it has received no patches or
attention for some while. Directory authorities no longer accept
descriptors from relays running any version of Tor prior to Tor
0.2.3.16-alpha. Resolves ticket 11149.
- New macros in test.h to simplify writing mock-functions for unit
tests. Part of ticket 11507. Patch from Dana Koch.
- Complete tests for the status.c module. Resolves ticket 11507.
Patch from Dana Koch.
o Removed code:
- Remove all code for the long unused v1 directory protocol.
Resolves ticket 11070.
More information about the tor-talk