Tor 0.2.5.7-rc is out
Tor 0.2.5.7-rc fixes several regressions from earlier in the 0.2.5.x release series, and some long-standing bugs related to ORPort reachability testing and failure to send CREATE cells. It is the first release candidate for the Tor 0.2.5.x series.
The tarball and signature file are currently available from
https://www.torproject.org/dist/
and packages and bundles will be available soon.
Changes in version 0.2.5.7-rc - 2014-09-11
- Major bugfixes (client, startup):
- Start making circuits as soon as DisabledNetwork is turned off.
When Tor started with DisabledNetwork set, it would correctly
conclude that it shouldn't build circuits, but it would mistakenly
cache this conclusion, and continue believing it even when
DisableNetwork is set to 0. Fixes the bug introduced by the fix
for bug 11200; bugfix on 0.2.5.4-alpha. - Resume expanding abbreviations for command-line options. The fix
for bug 4647 accidentally removed our hack from bug 586 that
rewrote HashedControlPassword to __HashedControlSessionPassword
when it appears on the commandline (which allowed the user to set
her own HashedControlPassword in the torrc file while the
controller generates a fresh session password for each run). Fixes
bug 12948; bugfix on 0.2.5.1-alpha. - Warn about attempts to run hidden services and relays in the same
process: that's probably not a good idea. Closes ticket 12908.
- Start making circuits as soon as DisabledNetwork is turned off.
- Major bugfixes (relay):
- Avoid queuing or sending destroy cells for circuit ID zero when we
fail to send a CREATE cell. Fixes bug 12848; bugfix on 0.0.8pre1.
Found and fixed by "cypherpunks". - Fix ORPort reachability detection on relays running behind a
proxy, by correctly updating the "local" mark on the controlling
channel when changing the address of an or_connection_t after the
handshake. Fixes bug 12160; bugfix on 0.2.4.4-alpha.
- Avoid queuing or sending destroy cells for circuit ID zero when we
- Minor features (bridge):
- Add an ExtORPortCookieAuthFileGroupReadable option to make the
cookie file for the ExtORPort g+r by default.
- Add an ExtORPortCookieAuthFileGroupReadable option to make the
- Minor features (geoip):
- Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
Country database.
- Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
- Minor bugfixes (logging):
- Reduce the log severity of the "Pluggable transport proxy does not
provide any needed transports and will not be launched." message,
since Tor Browser includes several ClientTransportPlugin lines in
its torrc-defaults file, leading every Tor Browser user who looks
at her logs to see these notices and wonder if they're dangerous.
Resolves bug 13124; bugfix on 0.2.5.3-alpha. - Downgrade "Unexpected onionskin length after decryption" warning
to a protocol-warn, since there's nothing relay operators can do
about a client that sends them a malformed create cell. Resolves
bug 12996; bugfix on 0.0.6rc1. - Log more specific warnings when we get an ESTABLISH_RENDEZVOUS
cell on a cannibalized or non-OR circuit. Resolves ticket 12997. - When logging information about an EXTEND2 or EXTENDED2 cell, log
their names correctly. Fixes part of bug 12700; bugfix
on 0.2.4.8-alpha. - When logging information about a relay cell whose command we don't
recognize, log its command as an integer. Fixes part of bug 12700;
bugfix on 0.2.1.10-alpha. - Escape all strings from the directory connection before logging
them. Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor".
- Reduce the log severity of the "Pluggable transport proxy does not
- Minor bugfixes (controller):
- Restore the functionality of CookieAuthFileGroupReadable. Fixes
bug 12864; bugfix on 0.2.5.1-alpha. - Actually send TRANSPORT_LAUNCHED and HS_DESC events to
controllers. Fixes bug 13085; bugfix on 0.2.5.1-alpha. Patch
by "teor".
- Restore the functionality of CookieAuthFileGroupReadable. Fixes
- Minor bugfixes (compilation):
- Fix compilation of test.h with MSVC. Patch from Gisle Vanem;
bugfix on 0.2.5.5-alpha. - Make the nmake make files work again. Fixes bug 13081. Bugfix on
0.2.5.1-alpha. Patch from "NewEraCracker". - In routerlist_assert_ok(), don't take the address of a
routerinfo's cache_info member unless that routerinfo is non-NULL.
Fixes bug 13096; bugfix on 0.1.1.9-alpha. Patch by "teor". - Fix a large number of false positive warnings from the clang
analyzer static analysis tool. This should make real warnings
easier for clang analyzer to find. Patch from "teor". Closes
ticket 13036.
- Fix compilation of test.h with MSVC. Patch from Gisle Vanem;
- Distribution (systemd):
- Verify configuration file via ExecStartPre in the systemd unit
file. Patch from intrigeri; resolves ticket 12730. - Explicitly disable RunAsDaemon in the systemd unit file. Our
current systemd unit uses "Type = simple", so systemd does not
expect tor to fork. If the user has "RunAsDaemon 1" in their
torrc, then things won't work as expected. This is e.g. the case
on Debian (and derivatives), since there we pass "--defaults-torrc
/usr/share/tor/tor-service-defaults-torrc" (that contains
"RunAsDaemon 1") by default. Patch by intrigeri; resolves
ticket 12731.
- Verify configuration file via ExecStartPre in the systemd unit
- Documentation:
- Adjust the URLs in the README to refer to the new locations of
several documents on the website. Fixes bug 12830. Patch from
Matt Pagan. - Document 'reject6' and 'accept6' ExitPolicy entries. Resolves
ticket 12878.
- Adjust the URLs in the README to refer to the new locations of
Comments
Please note that the comment area below has been archived.
so nothing new regarding
so nothing new regarding privacy and security? mostly bugfix, not actual improvements to make it more secure faster or private?
Thought so too
Thought so too
step by step!!
step by step!!
What, you don't like
What, you don't like bugfixes? Make up your minds people. :)
The fix for #11200 resolved the pile of "I run Tor Browser and it works, but then it never starts after that!" bug reports on here and elsewhere. I think that's a pretty good fix.
But in any case, it's a release candidate -- we're not supposed to be making major design changes at this point in the release.
And if you're reading this blog post and thinking these are all the differences between 0.2.4.x and 0.2.5.x, then you're reading it wrong:
https://gitweb.torproject.org/tor.git/blob/release-0.2.5:/ChangeLog
>What, you don't like
>What, you don't like bugfixes? Make up your minds people. :)
Well we want both, but security and privacy is top on the list :)
Tor has been around for over
Tor has been around for over ten years and still no 1.0 release? Why is that?
We come from the free
We come from the free software / open source world, where the 1.0 release means that you've solved everything and it works.
I'd love to have a good understanding of the anonymous communications research field, and what the implications are (on performance and on privacy) for scaling the network to millions of relays, and how to make Tor flows blend in with other traffic so you can't detect or censor them, and how to resolve traffic confirmation attacks so large network surveillance adversaries are stymied, and have it work smoothly and safely with all the applications that people want to use, etc etc.
We're not there yet. But I'd say that even though the problem is getting harder year by year, we (the community of thousands of Tor developers and advocates) are nonetheless gaining ground.
you should mention that
you should mention that there is update or closing security bug mentioned by NSA agents and don't forget to sort the bugs due to its severity
I guess you want this
I guess you want this because some journalist intentionally misinterpreted some statement in a very long interview in order to produce more ad revenue for his newspaper?
Sorry, I don't know of any security bugs mentioned to us by NSA agents. Now, there are many Tor users who anonymously report bugs, and some of them even help fix them. You can watch this whole process on https://bugs.torproject.org/ -- for example check out the timeline:
https://trac.torproject.org/projects/tor/timeline
Hope that helps. Also, we do sort the bugs by severity, in hopes of making it easier for you to find out the most important changes. Thanks!
thanks a lot. will you
thanks a lot. will you release any stable version of tor soon ?
You should add the LGBT
You should add the LGBT community to the list of people who use Tor. I'm an activist for LGBT rights in my country, where unfortunately you can go to prison simply for being gay. And my activism ring use Tor (the browser, and tails) to communicate with other activists, and victims of hate crimes, and you can't believe how many times tor saved us from the unjust state persecution and hate crimes.
Just wanted to say good luck.
Just wanted to say good luck.
You should also add those
You should also add those who oppose the gay agenda imposed by NWO and these days they can be prosecuted, jailed and have their lives ruined for not obeying to what they feel is immoral and unnatural.
So the bottom line is that everyone needs Tor to express his activism.
>"gay agenda" yeah, equality
>"gay agenda"
yeah, equality is such a horrible concept /s
>"imposed by NWO"
Forgot to take your meds again?
>"these days they can be prosecuted, jailed and have their lives ruined for not obeying"
yeah, they should totally be free to oppress a helpless minority fighting peacefully for their rights to live in dignity and free of harm just like everyone else
>"immoral and unnatural"
I love the hypocrisy of some of straight people who love to do anal but god forbid if homosexuals do it.
And homosexuality is well documented in nature https://youtu.be/XF-ET9VIuJo?t=2m54s https://youtu.be/Q8gttC6P3bE
And FYI Jacob Appelbaum, one of the core member of the Tor project, is bisexual https://en.wikipedia.org/wiki/Jacob_Appelbaum#Personal_life
Free software has 4
Free software has 4 freedoms.
Freedom 0: The freedom to run the software to any end you need and see fit.
So, yes, people who are gay have the right to express their opinions using Tor and people who think being gay is wrong also have that right. EVERYONE should have the right to express themselves, and Tor gives them that right.
This is more of an
This is more of an ethical-moral issue on why some people want to discriminate against others. Tor is a tool designed to facilitate free speech, by censoring one group (however hateful) you now have the equipment to censor anyone in the future.
In a free, open society, groups tending for more equality will be remembered as freedom fighters, and groups tending for discrimination will be rightly remembered as hate groups, but censoring one will censor both.
Any idea when 0.2.5.x will
Any idea when 0.2.5.x will be in stable?
Thanks :)
Thanks :)
Thanks devs for new version.
Thanks devs for new version. Thanks arma for being active here. Good work.
What happened to
What happened to bridges.torproject.org? Giving 503 since before yesterday
Thanks arma for you ,for
Thanks arma for you ,for me and for him!!
where can we open tickets
where can we open tickets for OrFox?
https://dev.guardianproject.i
https://dev.guardianproject.info/projects/orfox-private-browser is what Nathan just told me.
thanks. can you please tell
thanks. can you please tell nathan to keep his eyes on the following 2 reddit posts about OrFox http://redd.it/2hnd9q http://redd.it/2hnf8w
Good work, thanks
Good work, thanks
I use tor for
I use tor for https://onion.cab/ an can just say thank you for fixing ticket 12908. You realy helped me out.
Torocks newest version from
Torocks newest version from its official site is 1.2, but version 2.0 has been released at https://lists.torproject.org/pipermail/tor-dev/2014-August/007330.html, which should I trust?
Laterly, a number of fte
Laterly, a number of fte bridges in ip range 194.132.0.0-194.132.255.255 are blocked by GFW in mainland china, FUCK IT!!!!
YES! all bridges in ip range
YES! all bridges in ip range 193.132.0.0-194.132.255.255 are blocked in mainland china.by vpn proxy,ping those ip addresses is normal!!
Why isn't there a 64bit mac
Why isn't there a 64bit mac release? aren't all mac os 64bit except one which is very old and probably no one use?
i tried meek a couple of
i tried meek a couple of days ago, and it was awesome! but i think it might pose an anonymity issue: don't you think google (which is nsa affiliated) or amazon (which works with the cia) knowing your ip, first hop, and middle relay is too much info and dangerous? don't you think you should add an other hop?
Always appreciate the great
Always appreciate the great work people here have done and are still doing! Thank you! from 1/(1400000000-100000000).