Posts by nickm

Announcing Arti, a pure-Rust Tor implementation

by nickm | July 8, 2021

Greetings!

Today I'm happy to announce a new era in Tor implementation.

Over the past year or so, we've been working on "Arti", a project to rewrite Tor in Rust. Thanks to funding from Zcash Open Major Grants (ZOMG), we can finally put the Arti project up in our priorities list, and devote more time to it.

Below I'll talk about why we're doing this project, what it means for Tor users and operators, where it's going in the future, and how people can help.

New stable security releases: 0.3.5.15, 0.4.4.9, 0.4.5.9, 0.4.6.5

by nickm | June 14, 2021

After months of work, we have a new stable release series! If you build Tor from source, you can download the source code for 0.4.6.5 on the download page. Packages should be available within the next several weeks, with a new Tor Browser around the end of the week.

Because this release includes security fixes, we are also releasing updates for our other supported releases. You can find their source at https://dist.torproject.org:

Tor 0.4.6.5 is the first stable release in its series. The 0.4.6.x series includes numerous features and bugfixes, including a significant improvement to our circuit timeout algorithm that should improve observed client performance, and a way for relays to report when they are overloaded.

This release also includes security fixes for several security issues, including a denial-of-service attack against onion service clients, and another denial-of-service attack against relays. Everybody should upgrade to one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5.

Below are the changes since 0.4.5.8. For a list of changes since 0.4.6.4-rc, see the ChangeLog file.

Changes in version 0.4.6.5 - 2021-06-14

  • Major bugfixes (security):
    • Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it. Fixes bug 40389; bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- 003 and CVE-2021-34548.
  • Major bugfixes (security, defense-in-depth):
    • Detect more failure conditions from the OpenSSL RNG code. Previously, we would detect errors from a missing RNG implementation, but not failures from the RNG code itself. Fortunately, it appears those failures do not happen in practice when Tor is using OpenSSL's default RNG implementation. Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as TROVE-2021-004. Reported by Jann Horn at Google's Project Zero.

 

New release candidate: Tor 0.4.6.4-rc

by nickm | May 28, 2021

There's a new release candidate available for download. If you build Tor from source, you can download the source code for 0.4.6.4-rc from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely next week.

Remember, this is a not a stable release yet: but we still hope that people will try it out and look for bugs before the official stable release comes out in June.

Tor 0.4.6.4-rc fixes a few bugs from previous releases. This, we hope, the final release candidate in its series: unless major new issues are found, the next release will be stable.

Changes in version 0.4.6.4-rc - 2021-05-28

  • Minor features (compatibility):
    • Remove an assertion function related to TLS renegotiation. It was used nowhere outside the unit tests, and it was breaking compilation with recent alpha releases of OpenSSL 3.0.0. Closes ticket 40399.
  • Minor bugfixes (consensus handling):
    • Avoid a set of bugs that could be caused by inconsistently preferring an out-of-date consensus stored in a stale directory cache over a more recent one stored on disk as the latest consensus. Fixes bug 40375; bugfix on 0.3.1.1-alpha.

 

New release candidate: Tor 0.4.6.3-rc

by nickm | May 10, 2021

There's a new release candidate available for download. If you build Tor from source, you can download the source code for Tor 0.4.6.3-rc from the download page on the website. Packages should be available over the coming weeks, with a new Tor Browser release likely next week.

Tor 0.4.6.3-rc is the first release candidate in its series. It fixes a few small bugs from previous versions, and adds a better error message when trying to use (no longer supported) v2 onion services.

Though we anticipate that we'll be doing a bit more clean-up between now and the stable release, we expect that our remaining changes will be fairly simple. There will likely be at least one more release candidate before 0.4.6.x is stable.

Changes in version 0.4.6.3-rc - 2021-05-10

  • Major bugfixes (onion service, control port):
    • Make the ADD_ONION command properly configure client authorization. Before this fix, the created onion failed to add the client(s). Fixes bug 40378; bugfix on 0.4.6.1-alpha.
  • Minor features (compatibility, Linux seccomp sandbox):
    • Add a workaround to enable the Linux sandbox to work correctly with Glibc 2.33. This version of Glibc has started using the fstatat() system call, which previously our sandbox did not allow. Closes ticket 40382; see the ticket for a discussion of trade-offs.