security fixes

Tor Browser Bundle 1.2.9 Released

phobos — Fri, 11 Sep 2009 18:55:03 -0700

Tor Browser Bundle 1.2.9 is released today. It updates Firefox and Pidgin Instant Messaging client to address the security issues in the older versions, and includes the latest and greatest Vidalia.

TBB can be downloaded from https://www.torproject.org/torbrowser.

The details of the changes are:

update Vidalia to 0.2.4
update Qt to 4.5.2
update Pidgin to 2.6.2
update Firefox to 3.0.14

Tor 0.2.2.1-alpha released

phobos — Wed, 02 Sep 2009 12:32:58 -0700

Tor 0.2.2.1-alpha disables ".exit" address notation by default, allows
Tor clients to bootstrap on networks where only port 80 is reachable,
makes it more straightforward to support hardware crypto accelerators,
and starts the groundwork for gathering stats safely at relays.

https://www.torproject.org/download

We've been improving our packages and bundles:
Packaging changes:

Upgrade Vidalia from 0.1.15 to 0.2.3 in the Windows and OS X
installer bundles. See
https://trac.vidalia-project.net/browser/vidalia/tags/vidalia-0.2.3/CHAN...
for details of what's new in Vidalia 0.2.3.
Windows Vidalia Bundle: update Privoxy from 3.0.6 to 3.0.14-beta.
OS X Vidalia Bundle: move to Polipo 1.0.4 with Tor specific
configuration file, rather than the old Privoxy.
OS X Vidalia Bundle: Vidalia, Tor, and Polipo are compiled as
x86-only for better compatibility with OS X 10.6, aka Snow Leopard.
OS X Tor Expert Bundle: Tor is compiled as x86-only for
better compatibility with OS X 10.6, aka Snow Leopard.
OS X Vidalia Bundle: The multi-package installer is now replaced
by a simple drag and drop to the /Applications folder. This change
occurred with the upgrade to Vidalia 0.2.3.

Changes in version 0.2.2.1-alpha - 2009-08-26
Security fixes:

Start the process of disabling ".exit" address notation, since it
can be used for a variety of esoteric application-level attacks
on users. To reenable it, set "AllowDotExit 1" in your torrc. Fix
on 0.0.9rc5.

New directory authorities:

Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
authority.

Major features:

New AccelName and AccelDir options add support for dynamic OpenSSL
hardware crypto acceleration engines.
Tor now supports tunneling all of its outgoing connections over
a SOCKS proxy, using the SOCKS4Proxy and/or SOCKS5Proxy
configuration options. Code by Christopher Davis.

Major bugfixes:

Send circuit or stream sendme cells when our window has decreased
by 100 cells, not when it has decreased by 101 cells. Bug uncovered
by Karsten when testing the "reduce circuit window" performance
patch. Bugfix on the 54th commit on Tor -- from July 2002,
before the release of Tor 0.0.0. This is the new winner of the
oldest-bug prize.

New options for gathering stats safely:

Directories that set "DirReqStatistics 1" write statistics on
directory request to disk every 24 hours. As compared to the
--enable-geoip-stats flag in 0.2.1.x, there are a few improvements:
1) stats are written to disk exactly every 24 hours; 2) estimated
shares of v2 and v3 requests are determined as mean values, not at
the end of a measurement period; 3) unresolved requests are listed
with country code '??'; 4) directories also measure download times.
Exit nodes that set "ExitPortStatistics 1" write statistics on the
number of exit streams and transferred bytes per port to disk every
24 hours.
Relays that set "CellStatistics 1" write statistics on how long
cells spend in their circuit queues to disk every 24 hours.
Entry nodes that set "EntryStatistics 1" write statistics on the
rough number and origins of connecting clients to disk every 24
hours.
Relays that write any of the above statistics to disk and set
"ExtraInfoStatistics 1" include the past 24 hours of statistics in
their extra-info documents.

Minor features:

New --digests command-line switch to output the digests of the
source files Tor was built with.
The "torify" script now uses torsocks where available.
The memarea code now uses a sentinel value at the end of each area
to make sure nothing writes beyond the end of an area. This might
help debug some conceivable causes of bug 930.
Time and memory units in the configuration file can now be set to
fractional units. For example, "2.5 GB" is now a valid value for
AccountingMax.
Certain Tor clients (such as those behind check.torproject.org) may
want to fetch the consensus in an extra early manner. To enable this
a user may now set FetchDirInfoExtraEarly to 1. This also depends on
setting FetchDirInfoEarly to 1. Previous behavior will stay the same
as only certain clients who must have this information sooner should
set this option.
Instead of adding the svn revision to the Tor version string, report
the git commit (when we're building from a git checkout).

Minor bugfixes:

If any the v3 certs we download are unparseable, we should actually
notice the failure so we don't retry indefinitely. Bugfix on
0.2.0.x; reported by "rotator".
If the cached cert file is unparseable, warn but don't exit.
Fix possible segmentation fault on directory authorities. Bugfix on
0.2.1.14-rc.
When Tor fails to parse a descriptor of any kind, dump it to disk.
Might help diagnosing bug 1051.

Deprecated and removed features:

The controller no longer accepts the old obsolete "addr-mappings/"
or "unregistered-servers-" GETINFO values.
Hidden services no longer publish version 0 descriptors, and clients
do not request or use version 0 descriptors. However, the old hidden
service authorities still accept and serve version 0 descriptors
when contacted by older hidden services/clients.
The EXTENDED_EVENTS and VERBOSE_NAMES controller features are now
always on; using them is necessary for correct forward-compatible
controllers.
Remove support for .noconnect style addresses. Nobody was using
them, and they provided another avenue for detecting Tor users
via application-level web tricks.

July 2009 Progress Report

phobos — Mon, 10 Aug 2009 01:07:57 -0700

New releases

On July 8th, we released Vidalia 0.1.15..

On July 8th, we updated the Tor 0.2.0.35-stable bundles with the new Vidalia to fix an ssl issue and the Firefox Torbutton extension installation for OS X users.

On July 8th, we released Tor 0.2.1.17-rc.

Tor Browser Bundle 1.2.3 was released on July 8, 2009.
TBB 1.2.3 was replaced by 1.2.4 on July 11, 2009
TBB 1.2.5 was released on July 25th. It solely included an update to Tor 0.2.1.18 .
TBB 1.2.6 was released on July 28th. It solely included an update to Tor 0.2.1.19.

On July 24th, we released Tor 0.2.1.18.

On July 28th, we released Tor 0.2.1.19.

Make Tor a better tool for users in censored countries

Tor 0.2.1.18 is our new stable. That is, this is the first stable release
of the 0.2.1.x branch. The 0.2.0.x branch went stable in July of 2008.
From the 0.2.1.18 release:

If the bridge config line doesn't specify a port, assume 443.
This makes bridge lines a bit smaller and easier for users to
understand.

If we're using bridges and our network goes away, be more willing
to forgive our bridges and try again when we get an application
request.

Architecture and technical design docs for Tor enhancements related to blocking-resistance.

Proposal 166 details four steps we're taking to safely collect data
about Tor's network performance and network usage: 1) directory client
counts by country, 2) entry guard client counts by country, 3) relay
cell statistics, and 4) exit traffic by port and volume.
https://git.torproject.org/checkout/tor/master/doc/spec/proposals/166-st...

Hide Tor's network signature

Part of the reason why Tor might be especially slow in Iran could
be that they're doing deep packet inspection (DPI) to throttle SSL
connections. Tor's strategy of looking like SSL might turn out to be a
bad move in this case. It's hard to tell whether the SSL throttling is
actually happening, of course, because we get plenty of mixed information
from our sources in Iran. But if it *is* happening, we should start
investigating traffic obfuscation approaches that a) don't look like SSL,
but b) don't look recognizably like any other protocol.

Some other Iran circumvention developers have come up with a patch to
obfuscate ssh traffic:
http://github.com/brl/obfuscated-openssh/tree/master
http://c-skills.blogspot.com/2008/12/sshv2-trickery.html

Sometime soon we should start looking at designs to super-encrypt the
Tor link traffic in this way.

Grow the Tor network and user base. Outreach

On July 1st, Andrew gave a detailed Tor talk at the National Cyber Forensics and Training Alliance. Andrew's blog about the event is at https://blog.torproject.org/blog/visit-ncfta.

On July 7th, Andrew was a panelist for the CIMA/NED discussion on Iran and the Role of New Media, http://cima.ned.org/events/new-media-in-iran.html. Andrew's blog about the event is at https://blog.torproject.org/blog/cimaned-panel-iran-and-new-media.

On July 15th, Andrew presented Tor at Webinno22, http://www.webinnovatorsgroup.com/2009/07/06/the-webinno22-demo-companie.... Further discussions about online privacy startups and business deals with various investors and their seed companies are continuing since this event.

Tor 0.2.1.16-rc Release Candidate now available

phobos — Wed, 24 Jun 2009 07:32:45 -0700

Tor 0.2.1.16-rc speeds up performance for fast exit relays, and fixes
a bunch of minor bugs.

https://www.torproject.org/download

Changes in version 0.2.1.16-rc - 2009-06-20
Security fixes:

Fix an edge case where a malicious exit relay could convince a
controller that the client's DNS question resolves to an internal IP
address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.

Major performance improvements (on 0.2.0.x):

Disable and refactor some debugging checks that forced a linear scan
over the whole server-side DNS cache. These accounted for over 50%
of CPU time on a relatively busy exit node's gprof profile. Found
by Jacob.
Disable some debugging checks that appeared in exit node profile
data.

Minor features:

Update to the "June 3 2009" ip-to-country file.
Do not have tor-resolve automatically refuse all .onion addresses;
if AutomapHostsOnResolve is set in your torrc, this will work fine.

Minor bugfixes (on 0.2.0.x):

Log correct error messages for DNS-related network errors on
Windows.
Fix a race condition that could cause crashes or memory corruption
when running as a server with a controller listening for log
messages.
Avoid crashing when we have a policy specified in a DirPolicy or
SocksPolicy or ReachableAddresses option with ports set on it,
and we re-load the policy. May fix bug 996.
Hidden service clients didn't use a cached service descriptor that
was older than 15 minutes, but wouldn't fetch a new one either,
because there was already one in the cache. Now, fetch a v2
descriptor unless the same descriptor was added to the cache within
the last 15 minutes. Fixes bug 997; reported by Marcus Griep.

Minor bugfixes (on 0.2.1.x):

Don't warn users about low port and hibernation mix when they
provide a *ListenAddress directive to fix that. Bugfix on
0.2.1.15-rc.
When switching back and forth between bridge mode, do not start
gathering GeoIP data until two hours have passed.
Do not complain that the user has requested an excluded node as
an exit when the node is not really an exit. This could happen
because the circuit was for testing, or an introduction point.
Fix for bug 984.

The original announcement can be found at http://archives.seul.org/or/talk/Jun-2009/msg00288.html

Tor 0.2.1.13-alpha released

phobos — Thu, 12 Mar 2009 22:32:59 -0700

Tor 0.2.1.13-alpha includes another big pile of minor bugfixes and
cleanups. We're finally getting close to a release candidate.

https://www.torproject.org/download

Changes in version 0.2.1.13-alpha - 2009-03-09
Major bugfixes:

Correctly update the list of which countries we exclude as
exits, when the GeoIP file is loaded or reloaded. Diagnosed by
lark. Bugfix on 0.2.1.6-alpha.

Minor bugfixes (on 0.2.0.x and earlier):

Automatically detect MacOSX versions earlier than 10.4.0, and
disable kqueue from inside Tor when running with these versions.
We previously did this from the startup script, but that was no
help to people who didn't use the startup script. Resolves bug 863.
When we had picked an exit node for a connection, but marked it as
"optional", and it turned out we had no onion key for the exit,
stop wanting that exit and try again. This situation may not
be possible now, but will probably become feasible with proposal
158. Spotted by rovv. Fixes another case of bug 752.
Clients no longer cache certificates for authorities they do not
recognize. Bugfix on 0.2.0.9-alpha.
When we can't transmit a DNS request due to a network error, retry
it after a while, and eventually transmit a failing response to
the RESOLVED cell. Bugfix on 0.1.2.5-alpha.
If the controller claimed responsibility for a stream, but that
stream never finished making its connection, it would live
forever in circuit_wait state. Now we close it after SocksTimeout
seconds. Bugfix on 0.1.2.7-alpha; reported by Mike Perry.
Drop begin cells to a hidden service if they come from the middle
of a circuit. Patch from lark.
When we erroneously receive two EXTEND cells for the same circuit
ID on the same connection, drop the second. Patch from lark.
Fix a crash that occurs on exit nodes when a nameserver request
timed out. Bugfix on 0.1.2.1-alpha; our CLEAR debugging code had
been suppressing the bug since 0.1.2.10-alpha. Partial fix for
bug 929.
Do not assume that a stack-allocated character array will be
64-bit aligned on platforms that demand that uint64_t access is
aligned. Possible fix for bug 604.
Parse dates and IPv4 addresses in a locale- and libc-independent
manner, to avoid platform-dependent behavior on malformed input.
Build correctly when configured to build outside the main source
path. Patch from Michael Gold.
We were already rejecting relay begin cells with destination port
of 0. Now also reject extend cells with destination port or address
of 0. Suggested by lark.

Minor bugfixes (on 0.2.1.x):

Don't re-extend introduction circuits if we ran out of RELAY_EARLY
cells. Bugfix on 0.2.1.3-alpha. Fixes more of bug 878.
If we're an exit node, scrub the IP address to which we are exiting
in the logs. Bugfix on 0.2.1.8-alpha.

Minor features:

On Linux, use the prctl call to re-enable core dumps when the user
is option is set.
New controller event NEWCONSENSUS that lists the networkstatus
lines for every recommended relay. Now controllers like Torflow
can keep up-to-date on which relays they should be using.
Update to the "February 26 2009" ip-to-country file.

The original notice can be found at http://archives.seul.org/or/talk/Mar-2009/msg00047.html

January 2009 Progress Report

phobos — Sun, 22 Feb 2009 17:23:37 -0800

New releases, new hires, new funding

Tor 0.2.1.10-alpha (released January 6) fixes two major bugs in bridge
relays (one that would make the bridge relay not so useful if it had
DirPort set to 0, and one that could let an attacker learn a little bit
of information about the bridge's users), and a bug that would cause your
Tor relay to ignore a circuit create request it can't decrypt (rather
than reply with an error). It also fixes a wide variety of other bugs.
http://archives.seul.org/or/talk/Jan-2009/msg00078.html

Tor 0.2.1.11-alpha (released Jan 20) finishes fixing the "if your Tor is
off for a week it will take a long time to bootstrap again" bug. It also
fixes an important security-related bug reported by Ilja van Sprundel. You
should upgrade. (We'll send out more details about the bug once people
have had some time to upgrade.)
http://archives.seul.org/or/talk/Jan-2009/msg00171.html

Tor 0.2.0.33 (released Jan 21) fixes a variety of bugs that were making
relays less useful to users. It also finally fixes a bug where a relay or
client that's been off for many days would take a long time to bootstrap.
http://archives.seul.org/or/announce/Jan-2009/msg00000.html

Tor Browser Bundle 1.1.8 (released Jan 22) updates Tor to 0.2.1.11-alpha
(security update), updates OpenSSL to 0.9.8j (security update), updates
Firefox to 3.0.5, updates Pidgin to 2.5.4, and updates libevent to 1.4.9.
https://svn.torproject.org/svn/torbrowser/trunk/README

This month we also hired three new people: Martin Peck is working on
Tor VM, a new way of packaging Tor on Windows that will let people use
Youtube safely again; Mike Perry is working on Torbutton maintenance
and development and on Torflow, a set of scripts to do measurements on
the Tor network; and Andrew Lewman is our new executive director.

Enhancements
Major bugfixes in the Tor 0.2.1.10-alpha and 0.2.0.33 releases:
- If the cached networkstatus consensus is more than five days old,
discard it rather than trying to use it. In theory it could be useful
because it lists alternate directory mirrors, but in practice it just
means we spend many minutes trying directory mirrors that are long
gone from the network. Helps bug 887 a bit; bugfix on 0.2.0.x.

Tor 0.2.1.10-alpha contains cleanups that let Tor build on Google's
Android phone:
- Change our header file guard macros to be less likely to conflict
with system headers. Adam Langley noticed that we were conflicting
with log.h on Android.

Major bugfixes in the Tor 0.2.1.11-alpha and 0.2.0.33 releases:
- Discard router descriptors as we load them if they are more than
five days old. Otherwise if Tor is off for a long time and then
starts with cached descriptors, it will try to use the onion
keys in those obsolete descriptors when building circuits. Bugfix
on 0.2.0.x. Fixes bug 887.

Security bugfixes in the Tor 0.2.1.11-alpha and 0.2.0.33 releases:
- Fix a heap-corruption bug that may be remotely triggerable on
some platforms. Reported by Ilja van Sprundel.

Circuit-building speedups in Tor 0.2.1.10-alpha:
- When a relay gets a create cell it can't decrypt (e.g. because it's
using the wrong onion key), we were dropping it and letting the
client time out. Now actually answer with a destroy cell. Fixes
bug 904. Bugfix on 0.0.2pre8.

Scalability fixes from the Tor 0.2.0.33 ChangeLog:
- Clip the MaxCircuitDirtiness config option to a minimum of 10 seconds,
and the CircuitBuildTimeout to a minimum of 30 seconds. Warn the user if
lower values are given in the configuration. These fixes prevent a user
from rebuilding circuits too often, which can be a denial-of-service
attack on the network.
- When a stream at an exit relay is in state "resolving" or
"connecting" and it receives an "end" relay cell, the exit relay
would silently ignore the end cell and not close the stream. If
the client never closes the circuit, then the exit relay never
closes the TCP connection. Bug introduced in Tor 0.1.2.1-alpha;
reported by "wood".
- When sending CREATED cells back for a given circuit, use a 64-bit
connection ID to find the right connection, rather than an addr:port
combination. Now that we can have multiple OR connections between
the same ORs, it is no longer possible to use addr:port to uniquely
identify a connection.

Bootstrapping speedups in Tor 0.2.1.11-alpha:
- When our circuit fails at the first hop (e.g. we get a destroy
cell back), avoid using that OR connection anymore, and also
tell all the one-hop directory requests waiting for it that they
should fail. Bugfix on 0.2.1.3-alpha.

Architecture
Proposal 158 ("Clients download consensus + microdescriptors") suggests a
new way forward for reducing directory overhead for clients, and replaced
part of proposal 141. Rather than modifying the circuit-building protocol
to fetch a server descriptor inline at each circuit extend, we instead put
all of the information that clients need either into the consensus itself,
or into a new set of data about each relay called a microdescriptor.
https://svn.torproject.org/svn/tor/trunk/doc/spec/proposals/158-microdes...

From the 0.2.0.33 ChangeLog:
- Never use OpenSSL compression: it wastes RAM and CPU trying to compress
cells, which are basically all encrypted, compressed, or both. It also
made us stand out from other applications on the wire.

Advocacy
Jillian York continued blogging for us about the good uses of Tor:
http://www.knightpulse.org/blog/tor

"Federico Heinz advocates anonymous browsing in Argentina", Jan 8
http://www.knightpulse.org/blog/09/01/08/federico-heinz-advocates-anonym...

"Human Rights Organizations in Argentina welcome anonymous browsing", Jan 25
http://www.knightpulse.org/blog/09/01/25/human-rights-organizations-arge...

"Watch how you get around", Jan 30
http://www.knightpulse.org/blog/09/01/30/watch-how-you-get-around

Pre-configured bundles
Tor Browser Bundle 1.1.8 (released Jan 22) updates Tor to 0.2.1.11-alpha
(security update), updates OpenSSL to 0.9.8j (security update), updates
Firefox to 3.0.5, updates Pidgin to 2.5.4, and updates libevent to 1.4.9.
https://svn.torproject.org/svn/torbrowser/trunk/README

We continued work on Vidalia features to support where we want Tor
Browser Bundle to go. In particular, we're changing it to be able to
launch Firefox natively, rather than use the "PortableFirefox" pile of
complex scripts. We hope this change will also let users run a normal
Firefox alongside TBB. More on that in February.

We also continued work on Tor VM, a new way of packaging Tor on
Windows that will (among other things) let people use Youtube safely
again. Hopefully we'll have some simple instructions up about that in
February too.

Bridges
Major bugfixes in the Tor 0.2.1.10-alpha and 0.2.0.33 releases:
- Bridge relays that had DirPort set to 0 would stop fetching
descriptors shortly after startup, and then briefly resume
after a new bandwidth test and/or after publishing a new bridge
descriptor. Bridge users that try to bootstrap from them would
get a recent networkstatus but would get descriptors from up to
18 hours earlier, meaning most of the descriptors were obsolete
already. Reported by Tas; bugfix on 0.2.0.13-alpha.
- Prevent bridge relays from serving their 'extrainfo' document
to anybody who asks, now that extrainfo docs include potentially
sensitive aggregated client geoip summaries. Bugfix on
0.2.0.13-alpha.

Bugfixes in the Tor 0.2.1.10-alpha release:
- When we made bridge authorities stop serving bridge descriptors over
unencrypted links, we also broke DirPort reachability testing for
bridges. So bridges with a non-zero DirPort were printing spurious
warns to their logs. Bugfix on 0.2.0.16-alpha. Fixes bug 709.

New feature in Tor 0.2.1.10-alpha:
- New controller event "clients_seen" to report a geoip-based summary
of which countries we've seen clients from recently. Now controllers
like Vidalia can show bridge operators that they're actually making
a difference.
Vidalia will add support for this feature in February.

Alternate download methods
Our "gettor" email auto-responder is up and working:
https://svn.torproject.org/svn/projects/gettor/README
https://www.torproject.org/finding-tor#Mail

Thandy itself is working smoothly at this point too -- it can contact
the central repository, check all the keys, look in the registry and
compare the currently installed version to the new choices, fetch the
right packages, check all the signatures, and launch the install.

As of December we only had a new MSI-based installer for Tor, but not for
Vidalia, Torbutton, or Polipo. Now we do, though it's still in testing:
https://data.peertech.org/torbld

Translations
Our translation server is up and online:
https://translation.torproject.org/
https://www.torproject.org/translation-portal

We continued enhancements to the Chinese and Russian Tor website
translations. Our Farsi translation from this summer is slowly becoming
obsolete; we should solve that at some point.

Tor 0.2.1.12-alpha is released

phobos — Mon, 09 Feb 2009 15:29:18 -0800

Tor 0.2.1.12-alpha features several more security-related fixes. You
should upgrade, especially if you run an exit relay (remote crash) or
a directory authority (remote infinite loop), or you're on an older
(pre-XP) or not-recently-patched Windows (remote exploit). It also
includes a big pile of minor bugfixes and cleanups.

https://www.torproject.org/download.html.en

Changes in version 0.2.1.12-alpha - 2009-02-08
Security fixes:

Fix an infinite-loop bug on handling corrupt votes under certain
circumstances. Bugfix on 0.2.0.8-alpha.
Fix a temporary DoS vulnerability that could be performed by
a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
Avoid a potential crash on exit nodes when processing malformed
input. Remote DoS opportunity. Bugfix on 0.2.1.7-alpha.

Minor bugfixes:

Let controllers actually ask for the "clients_seen" event for
getting usage summaries on bridge relays. Bugfix on 0.2.1.10-alpha;
reported by Matt Edman.
Fix a compile warning on OSX Panther. Fixes bug 913; bugfix against
0.2.1.11-alpha.
Fix a bug in address parsing that was preventing bridges or hidden
service targets from being at IPv6 addresses.
Solve a bug that kept hardware crypto acceleration from getting
enabled when accounting was turned on. Fixes bug 907. Bugfix on
0.0.9pre6.
Remove a bash-ism from configure.in to build properly on non-Linux
platforms. Bugfix on 0.2.1.1-alpha.
Fix code so authorities _actually_ send back X-Descriptor-Not-New
headers. Bugfix on 0.2.0.10-alpha.
Don't consider expiring already-closed client connections. Fixes
bug 893. Bugfix on 0.0.2pre20.
Fix another interesting corner-case of bug 891 spotted by rovv:
Previously, if two hosts had different amounts of clock drift, and
one of them created a new connection with just the wrong timing,
the other might decide to deprecate the new connection erroneously.
Bugfix on 0.1.1.13-alpha.
Resolve a very rare crash bug that could occur when the user forced
a nameserver reconfiguration during the middle of a nameserver
probe. Fixes bug 526. Bugfix on 0.1.2.1-alpha.
Support changing value of ServerDNSRandomizeCase during SIGHUP.
Bugfix on 0.2.1.7-alpha.
If we're using bridges and our network goes away, be more willing
to forgive our bridges and try again when we get an application
request. Bugfix on 0.2.0.x.

Minor features:

Support platforms where time_t is 64 bits long. (Congratulations,
NetBSD!) Patch from Matthias Drochner.
Add a 'getinfo status/clients-seen' controller command, in case
controllers want to hear clients_seen events but connect late.

Build changes:

Disable GCC's strict alias optimization by default, to avoid the
likelihood of its introducing subtle bugs whenever our code violates
the letter of C99's alias rules.

The original announcement can be found at http://archives.seul.org/or/talk/Feb-2009/msg00054.html

Tor 0.2.0.34-stable released

phobos — Mon, 09 Feb 2009 15:21:20 -0800

Tor 0.2.0.34 features several more security-related fixes. You
should upgrade, especially if you run an exit relay (remote crash) or
a directory authority (remote infinite loop), or you're on an older
(pre-XP) or not-recently-patched Windows (remote exploit).

This release marks end-of-life for Tor 0.1.2.x. Those Tor versions have
many known flaws, and nobody should be using them. You should upgrade. If
you're using a Linux or BSD and its packages are obsolete, stop using
those packages and upgrade anyway.

https://www.torproject.org/download.html

Changes in version 0.2.0.34 - 2009-02-08
Security fixes:

Fix an infinite-loop bug on handling corrupt votes under certain
circumstances. Bugfix on 0.2.0.8-alpha.
Fix a temporary DoS vulnerability that could be performed by
a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
Avoid a potential crash on exit nodes when processing malformed
input. Remote DoS opportunity. Bugfix on 0.2.0.33.
Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
Spec conformance issue. Bugfix on Tor 0.0.2pre27.

Minor bugfixes:

Fix compilation on systems where time_t is a 64-bit integer.
Patch from Matthias Drochner.
Don't consider expiring already-closed client connections. Fixes
bug 893. Bugfix on 0.0.2pre20.

The original announcement can be found at http://archives.seul.org/or/announce/Feb-2009/msg00000.html

December 2008 Progress Report

phobos — Mon, 02 Feb 2009 11:28:39 -0800

Releases
Tor 0.2.1.8-alpha (released December 8) fixes some crash bugs in earlier alpha releases, builds better on unusual platforms like Solaris and old OS X, and fixes a variety of other issues.
http://archives.seul.org/or/talk/Dec-2008/msg00129.html

Tor Browser Bundle 1.1.6 (released December 2) and 1.1.7 (released December 12) update Tor to 0.2.1.8-alpha, include a new version of Firefox, and attempt to wrestle with the "AllowMultipleInstances=false" design that could allow us to run Tor Browser Bundle alongside a normal Firefox.
https://svn.torproject.org/svn/torbrowser/trunk/README

Tor 0.2.1.9-alpha (released December 25) fixes many more bugs, some of them security-related.
http://archives.seul.org/or/talk/Jan-2009/msg00029.html

Bug fixes
Security fixes in the Tor 0.2.1.8-alpha release:
- When the client is choosing entry guards, now it selects at most one guard from a given relay family. Otherwise we could end up with all of our entry points into the network run by the same operator. Suggested by Camilo Viecco. Fix on 0.1.1.11-alpha.
- The "ClientDNSRejectInternalAddresses" config option wasn't being consistently obeyed: if an exit relay refuses a stream because its exit policy doesn't allow it, we would remember what IP address the relay said the destination address resolves to, even if it's an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.
- The "User" and "Group" config options did not clear the supplementary group entries for the Tor process. The "User" option is now more robust, and we now set the groups to the specified user's primary group. The "Group" option is now ignored. For more detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848.

Performance scalability fixes from the Tor 0.2.1.9-alpha ChangeLog:
- Clip the MaxCircuitDirtiness config option to a minimum of 10 seconds. Warn the user if lower values are given in the configuration. Bugfix on 0.1.0.1-rc. Patch by Sebastian.
- Clip the CircuitBuildTimeout to a minimum of 30 seconds. Warn the user if lower values are given in the configuration. Bugfix on 0.1.1.17-rc. Patch by Sebastian.

Relay stability fixes from the Tor 0.2.1.9-alpha ChangeLog:
- Fix a logic error that would automatically reject all but the first configured DNS server. Bugfix on 0.2.1.5-alpha. Possible fix for part of bug 813/868. Bug spotted by coderman.
- When we can't initialize DNS because the network is down, do not automatically stop Tor from starting. Instead, retry failed dns_init() every 10 minutes, and change the exit policy to reject *:* until one succeeds. Fixes bug 691.

Karsten discovered a bug where some directory authorities would take many minutes to send out a network status, because they were rate limiting too low. The short-term fix is to get those authorities to set
"MaxAdvertisedBandwidth 10 KB"
in their torrc, so they don't spend as much of their bandwidth relaying ordinary Tor traffic.
https://bugs.torproject.org/flyspray/index.php?do=details&id=847
We need to consider longer-term solutions too, where clients actually recover more gracefully from this situation.

Advocacy
We finally made our 3-year development roadmap public:
https://blog.torproject.org/blog/our-three-year-development-roadmap-publ...

Jillian York continued blogging for us about the good uses of Tor:
http://www.knightpulse.org/blog/tor

"Syria: Using Tor for Censorship Resistance", Dec 1
http://www.knightpulse.org/blog/08/12/01/syria-using-tor-censorship-resi...

"Australia Addresses Internet Circumvention", Dec 19
http://www.knightpulse.org/blog/08/12/19/australia-addresses-internet-ci...

Howcast produced a quick video for the masses on how to circumvent censorship. We were technical consultants for this video. It's tough to talk about Tor, when the first question you're trying to answer is "What is a proxy? And why do I care?" Howcast did a great job for a high-level overview of circumvention technologies in four minutes.
https://blog.torproject.org/blog/how-circumvent-internet-proxy-howcast

Wendy was a panelist at a conference organized by Paul Ohm and others at Colorado U at the beginning of December on law, wiretapping, and research-oriented data collection: "The Law and Ethics of Network Monitoring":
http://www.silicon-flatirons.org/events.php?id=544

Roger, Karsten, Sebastian, Steven, Jacob, Mike, Peter, Wendy, Frank, Christian, and others attended the 25C3 conference in Berlin, Dec 27-30.
Roger gave a talk there, similar to the DC08 talk but focusing entirely on 'present' and 'future': "Security and anonymity vulnerabilities in Tor: past, present, and future"
http://freehaven.net/~arma/slides-25c3.pdf

There was a workshop after Roger's talk on Germany and data retention. Sebastian Hahn was really great at representing Tor there, particularly because it was right after Roger's talk so he missed half of it, and because it was mostly in German. Roger tried to add the points that a) he really still does want to do Tor talks for German law enforcement (we got a few leads), and b) the major German Tor relay busts were in 2006-2007, not 2008, and maybe we're finally making progress.

Jacob was among the presenters at 25C3 on a talk about how they had managed to forge a root SSL certificate. In short, this meant that they could pretend to be any https site on the Internet, and no browser would complain. Nick wrote up a response explaining how it works and how it can affect Tor users:
"The MD5 certificate collision attack, and what it means for Tor"
http://blog.torproject.org/blog/md5-certificate-collision-attack%2C-and-...

New features
New feature from the Tor 0.2.1.8-alpha ChangeLog:
- New DirPortFrontPage option that takes an html file and publishes it as "/" on the DirPort. Now relay operators can provide a disclaimer without needing to set up a separate webserver. There's a sample disclaimer in contrib/tor-exit-notice.html.

We continued work on Thandy (our secure updater) this month.

Thandy itself is working smoothly at this point -- it can contact the central repository, check all the keys, look in the registry and compare the currently installed version to the new choices, fetch the right packages, check all the signatures, and launch the install.

We also now have a branch of Vidalia that has the GUI components for our updater in and working. It launches the updater to check for updates periodically, and there's a "check now" button. It does the update via Tor if Tor is up and running, and via direct connection otherwise.

We had hoped to be able to get away with patching our current .nsi Windows installer, but it turns out that "nsi silent (non-GUI) install" and "Vista" are not compatible concepts: Vista only likes MSI-based silent installs, due to that whole permissions thing that Vista gets so excited about.

So we now have a shiny new wxs-based msi installer for Tor on Windows:
https://svn.torproject.org/svn/tor/trunk/contrib/tor.wxs.in
with buildbot-style output here:
https://data.peertech.org/torbld

The new installer has been tested for install, upgrade, repair and removal. But that's just Tor, and our recommended download bundle contains four components: Tor, Vidalia (the GUI), Torbutton (our Firefox extension), and either Privoxy or Polipo (an http proxy configured to use Tor -- we're migrating from Privoxy to Polipo).

So, the next step is to work on MSI installer files for the other three, plus a meta-msi file for the bundle. We're aiming to have a first go of that at the beginning of January. That way we can give a simpler demo of "download this bundle, then it will automatically notice that it should upgrade Tor, and it will fetch the new package and upgrade."

In other news, Roger had a long chat with Justin Cappos in early December. Justin did his PhD thesis on security of package managers, and is now a post-doc at UW working on (among other things) auto-update frameworks. See the beginning of a thread here:
http://archives.seul.org/or/dev/Dec-2008/msg00010.html

Translations
We have our translation server up and online:
https://translation.torproject.org/
https://www.torproject.org/translation-portal

We continued enhancements to the Chinese and Russian Tor website translations. Our Farsi translation from this summer is slowly becoming obsolete; we should solve that at some point.

Tor 0.2.0.33-stable released

phobos — Thu, 22 Jan 2009 11:25:00 -0800

Tor 0.2.0.33 fixes a variety of bugs that were making relays less useful
to users. It also finally fixes a bug where a relay or client that's
been off for many days would take a long time to bootstrap.

This update also fixes an important security-related bug reported by
Ilja van Sprundel. You should upgrade. (We'll send out more details
about the bug once people have had some time to upgrade.)

https://www.torproject.org/download.html

Changes in version 0.2.0.33 - 2009-01-21
Security fixes:

Fix a heap-corruption bug that may be remotely triggerable on
some platforms. Reported by Ilja van Sprundel.

Major bugfixes:

When a stream at an exit relay is in state "resolving" or
"connecting" and it receives an "end" relay cell, the exit relay
would silently ignore the end cell and not close the stream. If
the client never closes the circuit, then the exit relay never
closes the TCP connection. Bug introduced in Tor 0.1.2.1-alpha;
reported by "wood".
When sending CREATED cells back for a given circuit, use a 64-bit
connection ID to find the right connection, rather than an addr:port
combination. Now that we can have multiple OR connections between
the same ORs, it is no longer possible to use addr:port to uniquely
identify a connection.
Bridge relays that had DirPort set to 0 would stop fetching
descriptors shortly after startup, and then briefly resume
after a new bandwidth test and/or after publishing a new bridge
descriptor. Bridge users that try to bootstrap from them would
get a recent networkstatus but would get descriptors from up to
18 hours earlier, meaning most of the descriptors were obsolete
already. Reported by Tas; bugfix on 0.2.0.13-alpha.
Prevent bridge relays from serving their 'extrainfo' document
to anybody who asks, now that extrainfo docs include potentially
sensitive aggregated client geoip summaries. Bugfix on
0.2.0.13-alpha.
If the cached networkstatus consensus is more than five days old,
discard it rather than trying to use it. In theory it could be
useful because it lists alternate directory mirrors, but in practice
it just means we spend many minutes trying directory mirrors that
are long gone from the network. Also discard router descriptors as
we load them if they are more than five days old, since the onion
key is probably wrong by now. Bugfix on 0.2.0.x. Fixes bug 887.

Minor bugfixes:

Do not mark smartlist_bsearch_idx() function as ATTR_PURE. This bug
could make gcc generate non-functional binary search code. Bugfix
on 0.2.0.10-alpha.
Build correctly on platforms without socklen_t.
Compile without warnings on solaris.
Avoid potential crash on internal error during signature collection.
Fixes bug 864. Patch from rovv.
Correct handling of possible malformed authority signing key
certificates with internal signature types. Fixes bug 880.
Bugfix on 0.2.0.3-alpha.
Fix a hard-to-trigger resource leak when logging credential status.
CID 349.
When we can't initialize DNS because the network is down, do not
automatically stop Tor from starting. Instead, we retry failed
dns_inits() every 10 minutes, and change the exit policy to reject
*:* until one succeeds. Fixes bug 691.
Use 64 bits instead of 32 bits for connection identifiers used with
the controller protocol, to greatly reduce risk of identifier reuse.
When we're choosing an exit node for a circuit, and we have
no pending streams, choose a good general exit rather than one that
supports "all the pending streams". Bugfix on 0.1.1.x. Fix by rovv.
Fix another case of assuming, when a specific exit is requested,
that we know more than the user about what hosts it allows.
Fixes one case of bug 752. Patch from rovv.
Clip the MaxCircuitDirtiness config option to a minimum of 10
seconds. Warn the user if lower values are given in the
configuration. Bugfix on 0.1.0.1-rc. Patch by Sebastian.
Clip the CircuitBuildTimeout to a minimum of 30 seconds. Warn the
user if lower values are given in the configuration. Bugfix on
0.1.1.17-rc. Patch by Sebastian.
Fix a memory leak when we decline to add a v2 rendezvous descriptor to
the cache because we already had a v0 descriptor with the same ID.
Bugfix on 0.2.0.18-alpha.
Fix a race condition when freeing keys shared between main thread
and CPU workers that could result in a memory leak. Bugfix on
0.1.0.1-rc. Fixes bug 889.
Send a valid END cell back when a client tries to connect to a
nonexistent hidden service port. Bugfix on 0.1.2.15. Fixes bug
840. Patch from rovv.
Check which hops rendezvous stream cells are associated with to
prevent possible guess-the-streamid injection attacks from
intermediate hops. Fixes another case of bug 446. Based on patch
from rovv.
If a broken client asks a non-exit router to connect somewhere,
do not even do the DNS lookup before rejecting the connection.
Fixes another case of bug 619. Patch from rovv.
When a relay gets a create cell it can't decrypt (e.g. because it's
using the wrong onion key), we were dropping it and letting the
client time out. Now actually answer with a destroy cell. Fixes
bug 904. Bugfix on 0.0.2pre8.

Minor bugfixes (hidden services):

Do not throw away existing introduction points on SIGHUP. Bugfix on
0.0.6pre1. Patch by Karsten. Fixes bug 874.

Minor features:

Report the case where all signatures in a detached set are rejected
differently than the case where there is an error handling the
detached set.
When we realize that another process has modified our cached
descriptors, print out a more useful error message rather than
triggering an assertion. Fixes bug 885. Patch from Karsten.
Implement the 0x20 hack to better resist DNS poisoning: set the
case on outgoing DNS requests randomly, and reject responses that do
not match the case correctly. This logic can be disabled with the
ServerDNSRamdomizeCase setting, if you are using one of the 0.3%
of servers that do not reliably preserve case in replies. See
"Increased DNS Forgery Resistance through 0x20-Bit Encoding"
for more info.
Check DNS replies for more matching fields to better resist DNS
poisoning.
Never use OpenSSL compression: it wastes RAM and CPU trying to
compress cells, which are basically all encrypted, compressed, or
both.

The original announcement can be found at http://archives.seul.org/or/announce/Jan-2009/msg00000.html