[tor-talk] Tor is released

Alexander Færøy ahf at torproject.org
Fri Sep 17 18:55:51 UTC 2021


There's a new alpha Tor release. Because it's an alpha, you should
only run it if you're ready to find more bugs than usual, and report
them on https://gitlab.torproject.org/ .

The source code is available from the download page at
https://www.torproject.org/download/tor/ ; if you build Tor from
source, why not give it a try? And if you don't build Tor from source,
packages should be ready over the coming days, with a Tor Browser
alpha release likely some time next week.

Here's what's new:

Changes in version - 2021-09-17
  This version is the first alpha release of the 0.4.7.x series. One
  major feature is Vanguards Lite, from proposal 333, to help mitigate
  guard discovery attacks against onion services. It also includes
  numerous bugfixes.

  o Major features (Proposal 332, onion services, guard selection
    - Clients and onion services now choose four long-lived "layer 2"
      guard relays for use as the middle hop in all onion circuits.
      These relays are kept in place for a randomized duration averaging
      1 week. This mitigates guard discovery attacks against clients and
      short-lived onion services such as OnionShare. Long-lived onion
      services that need high security should still use the Vanguards
      addon (https://github.com/mikeperry-tor/vanguards). Closes ticket
      40363; implements proposal 333.

  o Minor features (bridge testing support):
    - Let external bridge reachability testing tools discard cached
      bridge descriptors when setting new bridges, so they can be sure
      to get a clean reachability test. Implements ticket 40209.

  o Minor features (fuzzing):
    - When building with --enable-libfuzzer, use a set of compiler flags
      that works with more recent versions of the library. Previously we
      were using a set of flags from 2017. Closes ticket 40407.

  o Minor features (testing configuration):
    - When TestingTorNetwork is enabled, skip the permissions check on
      hidden service directories. Closes ticket 40338.
    - On a testing network, relays can now use the
      TestingMinTimeToReportBandwidth option to change the smallest
      amount of time over which they're willing to report their observed
      maximum bandwidth. Previously, this was fixed at 1 day. For
      safety, values under 2 hours are only supported on testing
      networks. Part of a fix for ticket 40337.
    - Relays on testing networks no longer rate-limit how frequently
      they are willing to report new bandwidth measurements. Part of a
      fix for ticket 40337.
    - Relays on testing networks now report their observed bandwidths
      immediately from startup. Previously, they waited until they had
      been running for a full day. Closes ticket 40337.

  o Minor bugfixes (circuit padding):
    - Don't send STOP circuit padding cells when the other side has
      already shut down the corresponding padding machine. Fixes bug
      40435; bugfix on

  o Minor bugfixes (compatibility):
    - Fix compatibility with the most recent Libevent versions, which no
      longer have an evdns_set_random_bytes() function. Because this
      function has been a no-op since Libevent 2.0.4-alpha, it is safe
      for us to just stop calling it. Fixes bug 40371; bugfix

  o Minor bugfixes (control, sandbox):
    - Allows the control command SAVECONF to succeed when the seccomp
      sandbox is enabled. Makes SAVECONF keep only one backup file, to
      simplify implementation. Fixes bug 40317; bugfix on
      Patch by Daniel Pinto.

  o Minor bugfixes (heartbeat):
    - Adjust the heartbeat log message about distinct clients to
      consider the HeartbeatPeriod rather than a flat 6-hour delay.
      Fixes bug 40330; bugfix on

  o Minor bugfixes (logging, relay):
    - Add spaces between the "and" when logging the "Your server has not
      managed to confirm reachability for its" on dual-stack relays.
      Fixes bug 40453; bugfix on Patch by Neel Chauhan.

  o Minor bugfixes (onion service):
    - Do not flag an HSDir as non-running in case the descriptor upload
      or fetch fails. An onion service closes pending directory
      connections before uploading a new descriptor which leads to
      wrongly flagging many relays and thus affecting circuit path
      selection. Fixes bug 40434; bugfix on

  o Minor bugfixes (statistics):
    - Fix a fencepost issue when we check stability_last_downrated where
      we called rep_hist_downrate_old_runs() twice. Fixes bug 40394;
      bugfix on Patch by Neel Chauhan.

  o Minor bugfixes (tests):
    - Fix a bug that prevented some tests from running with the correct
      names. Fixes bug 40365; bugfix on

  o Documentation:
    - Add links to original tor design paper and anonbib to
      docs/HACKING/README.1st.md. Closes ticket 33742. Patch from
      Emily Bones.
    - Describe the "fingerprint-ed25519" file in the tor.1 man page.
      Fixes bug 40467; bugfix on Patch by Neel Chauhan.

Alexander Færøy

More information about the tor-talk mailing list