release-candidate

Tor 0.3.0.4-rc is released

Tor 0.3.0.4-rc fixes some remaining bugs, large and small, in the 0.3.0 release series, and introduces a few reliability features to keep them from coming back.

This is the first release candidate in the Tor 0.3.0 series. If we find no new bugs or regressions here, the first stable 0.3.0 release will be nearly identical to it.

You can download the source code from the usual place on the website, but most users should wait for packages to become available over the upcoming weeks.

Please note: This is a release candidate, but not a stable release. Please expect more bugs than usual. If you want a stable experience, please stick to the stable releases.

Changes in version 0.3.0.4-rc - 2017-03-01

  • Major bugfixes (bridges):
    • When the same bridge is configured multiple times with the same identity, but at different address:port combinations, treat those bridge instances as separate guards. This fix restores the ability of clients to configure the same bridge with multiple pluggable transports. Fixes bug 21027; bugfix on 0.3.0.1-alpha.
  • Major bugfixes (hidden service directory v3):
    • Stop crashing on a failed v3 hidden service descriptor lookup failure. Fixes bug 21471; bugfixes on tor-0.3.0.1-alpha.

  read more »

Tor 0.2.9.7-rc is released: almost stable!

There's a new development release of Tor!

Tor 0.2.9.7-rc fixes a few small bugs remaining in Tor 0.2.9.6-rc, including a few that had prevented tests from passing on some platforms.

The source code for this release is now available from the download page on our website. Packages should be available soon. I expect that this Tor release will probably go into the hardened TorBrowser package series coming out in the next couple of days. (I hear that 0.2.9.6-rc will be in the regular TorBrowser alphas, since those froze a little before I finished this Tor release.)

We're rapidly running out of serious bugs to fix in 0.2.9.x, so this is probably the last release candidate before stable ... unless you find bugs while testing! Please try these releases, and let us know if anything breaks. Testing either 0.2.9.6-rc or 0.2.9.7-rc would be helpful.

Changes in version 0.2.9.7-rc - 2016-12-12

  • Minor features (geoip):
    • Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 Country database.
  • Minor bugfix (build):
    • The current Git revision when building from a local repository is now detected correctly when using git worktrees. Fixes bug 20492; bugfix on 0.2.3.9-alpha.

  read more »

Tor 0.2.9.6-rc is released

Tor 0.2.9.6-rc fixes a few remaining bugs found in the previous alpha version. We hope that it will be ready to become stable soon, and we encourage everyone to test this release. If no showstopper bugs are found here, the next 0.2.9 release will be stable.

You can download the source from the usual place on the website. Packages should be available over the next several days, including an alpha TorBrowser release around December 14. Remember to check the signatures!

Please note: This is a release candidate. I think it's pretty stable, but bugs can always remain. If you want a stable experience, please stick to the stable releases.

Below are the changes since 0.2.9.5-alpha.

Changes in version 0.2.9.6-rc - 2016-12-02

  • Major bugfixes (relay, resolver, logging):
    • For relays that don't know their own address, avoid attempting a local hostname resolve for each descriptor we download. This will cut down on the number of "Success: chose address 'x.x.x.x'" log lines, and also avoid confusing clock jumps if the resolver is slow. Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (client, fascistfirewall):
    • Avoid spurious warnings when ReachableAddresses or FascistFirewall is set. Fixes bug 20306; bugfix on 0.2.8.2-alpha.
  • Minor bugfixes (hidden services):
    • Stop ignoring the anonymity status of saved keys for hidden services and single onion services when first starting tor. Instead, refuse to start tor if any hidden service key has been used in a different hidden service anonymity mode. Fixes bug 20638; bugfix on 17178 in 0.2.9.3-alpha; reported by ahf.
  • Minor bugfixes (portability):
    • Work around a bug in the OSX 10.12 SDK that would prevent us from successfully targeting earlier versions of OSX. Resolves ticket 20235.
    • Run correctly when built on Windows build environments that require _vcsprintf(). Fixes bug 20560; bugfix on 0.2.2.11-alpha.
  • Minor bugfixes (single onion services, Tor2web):
    • Stop complaining about long-term one-hop circuits deliberately created by single onion services and Tor2web. These log messages are intended to diagnose issue 8387, which relates to circuits hanging around forever for no reason. Fixes bug 20613; bugfix on 0.2.9.1-alpha. Reported by "pastly".
  • Minor bugfixes (unit tests):
    • Stop spurious failures in the local interface address discovery unit tests. Fixes bug 20634; bugfix on 0.2.8.1-alpha; patch by Neel Chauhan.
  • Documentation:
    • Correct the minimum bandwidth value in torrc.sample, and queue a corresponding change for torrc.minimal. Closes ticket 20085.

Tor 0.2.8.5-rc is released

Tor 0.2.8.5-rc has been released! You can download the source from the Tor website. Packages should be available over the next week or so.

Tor 0.2.8.5-rc is the second release candidate in the Tor 0.2.8 series. If we find no new bugs or regressions here, the first stable 0.2.8 release will be identical to it. It has a few small bugfixes against previous versions.

PLEASE NOTE: This is a release candidate. We think that we solved all of the showstopper bugs, but we also thought the same thing about 0.2.8.4-rc: crucial bugs may remain. Please only run this release if you're willing to test and find bugs. If no showstopper bugs are found, we'll be putting out 0.2.8.6 as a stable release.

Changes in version 0.2.8.5-rc - 2016-07-07

  • Directory authority changes:
    • Urras is no longer a directory authority. Closes ticket 19271.
  • Major bugfixes (heartbeat):
    • Fix a regression that would crash Tor when the periodic "heartbeat" log messages were disabled. Fixes bug 19454; bugfix on tor-0.2.8.1-alpha. Reported by "kubaku".
  • Minor features (build):
    • Tor now again builds with the recent OpenSSL 1.1 development branch (tested against 1.1.0-pre6-dev). Closes ticket 19499.
    • When building manual pages, set the timezone to "UTC", so that the output is reproducible. Fixes bug 19558; bugfix on 0.2.2.9-alpha. Patch from intrigeri.
  • Minor bugfixes (fallback directory selection):
    • Avoid errors during fallback selection if there are no eligible fallbacks. Fixes bug 19480; bugfix on 0.2.8.3-alpha. Patch by teor.
  • Minor bugfixes (IPv6, microdescriptors):
    • Don't check node addresses when we only have a routerstatus. This allows IPv6-only clients to bootstrap by fetching microdescriptors from fallback directory mirrors. (The microdescriptor consensus has no IPv6 addresses in it.) Fixes bug 19608; bugfix on 0.2.8.2-alpha.
  • Minor bugfixes (logging):
    • Reduce pointlessly verbose log messages when directory servers can't be found. Fixes bug 18849; bugfix on 0.2.8.3-alpha and 0.2.8.1-alpha. Patch by teor.
    • When a fallback directory changes its fingerprint from the hard- coded fingerprint, log a less severe, more explanatory log message. Fixes bug 18812; bugfix on 0.2.8.1-alpha. Patch by teor.
  • Minor bugfixes (Linux seccomp2 sandboxing):
    • Allow statistics to be written to disk when "Sandbox 1" is enabled. Fixes bugs 19556 and 19957; bugfix on 0.2.5.1-alpha and 0.2.6.1-alpha respectively.
  • Minor bugfixes (user interface):
    • Remove a warning message "Service [scrubbed] not found after descriptor upload". This message appears when one uses HSPOST control command to upload a service descriptor. Since there is only a descriptor and no service, showing this message is pointless and confusing. Fixes bug 19464; bugfix on 0.2.7.2-alpha.
  • Fallback directory list:
    • Add a comment to the generated fallback directory list that explains how to comment out unsuitable fallbacks in a way that's compatible with the stem fallback parser.
    • Update fallback whitelist and blacklist based on relay operator emails. Blacklist unsuitable (non-working, over-volatile) fallbacks. Resolves ticket 19071. Patch by teor.
    • Update hard-coded fallback list to remove unsuitable fallbacks. Resolves ticket 19071. Patch by teor.

Tor 0.2.8.4-rc is released!

Tor 0.2.8.4-rc has been released! You can download the source from the Tor website. Packages should be available over the next week or so.

Tor 0.2.8.4-rc is the first release candidate in the Tor 0.2.8 series. If we find no new bugs or regressions here, the first stable 0.2.8 release will be identical to it. It has a few small bugfixes against previous versions.

PLEASE NOTE: This is a release candidate. We think that we solved all
of the showstopper bugs, but crucial bugs may remain. Please only run
this release if you're willing to test and find bugs. If no
showstopper bugs are found, we'll be putting out 0.2.8.5 as a stable
release.

Changes in version 0.2.8.4-rc - 2016-06-15

  • Major bugfixes (user interface):
    • Correctly give a warning in the cases where a relay is specified by nickname, and one such relay is found, but it is not officially Named. Fixes bug 19203; bugfix on 0.2.3.1-alpha.
  • Minor features (build):
    • Tor now builds once again with the recent OpenSSL 1.1 development branch (tested against 1.1.0-pre5 and 1.1.0-pre6-dev).

  read more »

Tor 0.2.7.4-rc is released

Tor 0.2.7.4-rc is the second release candidate in the 0.2.7 series. It fixes some important memory leaks, and a scary-looking (but mostly harmless in practice) invalid-read bug. It also has a few small bugfixes, notably fixes for compilation and portability on different platforms. If no further significant bounds are found, the next release will the the official stable release.

NOTE: This is a release candidate. We think we've squashed most of the bugs, but there are probably a few more left over.

You can download the source from the usual place on the website.
Packages should be up in a few days.

Changes in version 0.2.7.4-rc - 2015-10-21
  • Major bugfixes (security, correctness):
    • Fix an error that could cause us to read 4 bytes before the beginning of an openssl string. This bug could be used to cause Tor to crash on systems with unusual malloc implementations, or systems with unusual hardening installed. Fixes bug 17404; bugfix on 0.2.3.6-alpha.
  • Major bugfixes (correctness):
    • Fix a use-after-free bug in validate_intro_point_failure(). Fixes bug 17401; bugfix on 0.2.7.3-rc.

  read more »

Tor 0.2.7.3-rc is released

Tor 0.2.7.3-rc is the first release candidate in the 0.2.7 series. It contains numerous usability fixes for Ed25519 keys, safeguards against several misconfiguration problems, significant simplifications to Tor's callgraph, and numerous bugfixes and small features.

This is the most tested release of Tor to date. The unit tests cover 39.40% of the code, and the integration tests (accessible with "make test-full-online", requiring stem and chutney and a network connection) raise the coverage to 64.49%.

NOTE: This is a release candidate. We think we've squashed most of the bugs, but there are probably a few more left over.

Changes in version 0.2.7.3-rc - 2015-09-25

  • Major features (security, hidden services):
    • Hidden services, if using the EntryNodes option, are required to use more than one EntryNode, in order to avoid a guard discovery attack. (This would only affect people who had configured hidden services and manually specified the EntryNodes option with a single entry-node. The impact was that it would be easy to remotely identify the guard node used by such a hidden service. See ticket for more information.) Fixes ticket 14917.
  • Major features (Ed25519 keys, keypinning):
    • The key-pinning option on directory authorities is now advisory- only by default. In a future version, or when the AuthDirPinKeys option is set, pins are enforced again. Disabling key-pinning seemed like a good idea so that we can survive the fallout of any usability problems associated with Ed25519 keys. Closes ticket 17135.

  read more »

Syndicate content Syndicate content