tor

Tor 0.3.0.3-alpha is released:

Tor 0.3.0.3-alpha fixes a few significant bugs introduced over the 0.3.0.x development series, including some that could cause authorities to behave badly. There is also a fix for a longstanding bug that could prevent IPv6 exits from working. Tor 0.3.0.3-alpha also includes some smaller features and bugfixes.

The Tor 0.3.0.x release series is now in patch-freeze: no additional features will be considered for inclusion in 0.3.0.x. We suspect that some bugs will probably remain, however, and we encourage people to test this release.

You can download the source code from the usual place on the website, but most users should wait for packages to become available over the upcoming weeks.

Please note: This is an alpha release. Please expect more bugs than usual. If you want a stable experience, please stick to the stable releases.

Below are the changes since 0.3.0.2-alpha:

Changes in version 0.3.0.3-alpha - 2017-02-03

  • Major bugfixes (directory authority):
    • During voting, when marking a relay as a probable sybil, do not clear its BadExit flag: sybils can still be bad in other ways too. (We still clear the other flags.) Fixes bug 21108; bugfix on 0.2.0.13-alpha.
    • When deciding whether we have just found a router to be reachable, do not penalize it for not having performed an Ed25519 link handshake if it does not claim to support an Ed25519 handshake. Previously, we would treat such relays as non-running. Fixes bug 21107; bugfix on 0.3.0.1-alpha.
  • Major bugfixes (entry guards):
    • Stop trying to build circuits through entry guards for which we have no descriptor. Also, stop crashing in the case that we *do* accidentally try to build a circuit in such a state. Fixes bug 21242; bugfix on 0.3.0.1-alpha.

  read more »

Tor 0.3.0.2-alpha is released

Tor 0.3.0.2-alpha fixes a denial-of-service bug where an attacker could cause relays and clients to crash, even if they were not built with the --enable-expensive-hardening option. This bug affects all 0.2.9.x versions, and also affects 0.3.0.1-alpha: all relays running an affected version should upgrade.

Tor 0.3.0.2-alpha also improves how exit relays and clients handle DNS time-to-live values, makes directory authorities enforce the 1-to-1 mapping of relay RSA identity keys to ED25519 identity keys, fixes a client-side onion service reachability bug, does better at selecting the set of fallback directories, and more.

You can download the source code from https://dist.torproject.org/ but most users should wait for the upcoming 7.0a Tor Browser alpha release, or for their upcoming system package updates.

Changes in version 0.3.0.2-alpha - 2017-01-23

  • Major bugfixes (security, also in 0.2.9.9):
    • Downgrade the "-ftrapv" option from "always on" to "only on when --enable-expensive-hardening is provided." This hardening option, like others, can turn survivable bugs into crashes--and having it on by default made a (relatively harmless) integer overflow bug into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on 0.2.9.1-alpha.
  • Major features (security):
    • Change the algorithm used to decide DNS TTLs on client and server side, to better resist DNS-based correlation attacks like the DefecTor attack of Greschbach, Pulls, Roberts, Winter, and Feamster. Now relays only return one of two possible DNS TTL values, and clients are willing to believe DNS TTL values up to 3 hours long. Closes ticket 19769.

  read more »

Tor 0.2.9.9 is released

Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could cause relays and clients to crash, even if they were not built with the --enable-expensive-hardening option. This bug affects all 0.2.9.x versions, and also affects 0.3.0.1-alpha: all relays running an affected version should upgrade.

This release also resolves a client-side onion service reachability bug, and resolves a pair of small portability issues.

You can download the source code from https://dist.torproject.org/ but most users should wait for the upcoming Tor Browser release, or for their upcoming system package updates.

Changes in version 0.2.9.9 - 2017-01-23

  • Major bugfixes (security):
    • Downgrade the "-ftrapv" option from "always on" to "only on when --enable-expensive-hardening is provided." This hardening option, like others, can turn survivable bugs into crashes -- and having it on by default made a (relatively harmless) integer overflow bug into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on 0.2.9.1-alpha.
  • Major bugfixes (client, onion service):
    • Fix a client-side onion service reachability bug, where multiple socks requests to an onion service (or a single slow request) could cause us to mistakenly mark some of the service's introduction points as failed, and we cache that failure so eventually we run out and can't reach the service. Also resolves a mysterious "Remote server sent bogus reason code 65021" log warning. The bug was introduced in ticket 17218, where we tried to remember the circuit end reason as a uint16_t, which mangled negative values. Partially fixes bug 21056 and fixes bug 20307; bugfix on 0.2.8.1-alpha.
  • Minor features (geoip):
    • Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2 Country database.
  • Minor bugfixes (portability):
    • Avoid crashing when Tor is built using headers that contain CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix on 0.2.9.1-alpha.
    • Fix Libevent detection on platforms without Libevent 1 headers installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha.

Tor 0.3.0.1-alpha: A new alpha series begins

Now that Tor 0.2.9.8 is stable, it's time to release a new alpha series for testing and bug-hunting!

Tor 0.3.0.1-alpha is the first alpha release in the 0.3.0 development series. It strengthens Tor's link and circuit handshakes by identifying relays by their Ed25519 keys, improves the algorithm that clients use to choose and maintain their list of guards, and includes additional backend support for the next-generation hidden service design. It also contains numerous other small features and improvements to security, correctness, and performance.

You can download the source from the usual place on the website. Packages should be available over the next weeks, including an alpha TorBrowser release some time in January.

Please note: This is an alpha release. Please expect more bugs than usual. If you want a stable experience, please stick to the stable releases.

Below are the changes since 0.2.9.8.

Changes in version 0.3.0.1-alpha - 2016-12-19

  • Major features (guard selection algorithm):
    • Tor's guard selection algorithm has been redesigned from the ground up, to better support unreliable networks and restrictive sets of entry nodes, and to better resist guard-capture attacks by hostile local networks. Implements proposal 271; closes ticket 19877.
  • Major features (next-generation hidden services):
    • Relays can now handle v3 ESTABLISH_INTRO cells as specified by prop224 aka "Next Generation Hidden Services". Service and clients don't use this functionality yet. Closes ticket 19043. Based on initial code by Alec Heifetz.
    • Relays now support the HSDir version 3 protocol, so that they can can store and serve v3 descriptors. This is part of the next- generation onion service work detailled in proposal 224. Closes ticket 17238.
  • Major features (protocol, ed25519 identity keys):
    • Relays now use Ed25519 to prove their Ed25519 identities and to one another, and to clients. This algorithm is faster and more secure than the RSA-based handshake we've been doing until now. Implements the second big part of proposal 220; Closes ticket 15055.
    • Clients now support including Ed25519 identity keys in the EXTEND2 cells they generate. By default, this is controlled by a consensus parameter, currently disabled. You can turn this feature on for testing by setting ExtendByEd25519ID in your configuration. This might make your traffic appear different than the traffic generated by other users, however. Implements part of ticket 15056; part of proposal 220.
    • Relays now understand requests to extend to other relays by their Ed25519 identity keys. When an Ed25519 identity key is included in an EXTEND2 cell, the relay will only extend the circuit if the other relay can prove ownership of that identity. Implements part of ticket 15056; part of proposal 220.

  read more »

Tor 0.2.9.8 is released: finally, a new stable series!

Tor 0.2.9.8 is the first stable release of the Tor 0.2.9 series.

The Tor 0.2.9 series makes mandatory a number of security features that were formerly optional. It includes support for a new shared- randomness protocol that will form the basis for next generation hidden services, includes a single-hop hidden service mode for optimizing .onion services that don't actually want to be hidden, tries harder not to overload the directory authorities with excessive downloads, and supports a better protocol versioning scheme for improved compatibility with other implementations of the Tor protocol.

And of course, there are numerous other bugfixes and improvements.

This release also includes a fix for a medium-severity issue (bug 21018 below) where Tor clients could crash when attempting to visit a hostile hidden service. Clients are recommended to upgrade as packages become available for their systems.

You can download the source code from the usual place on the website. Packages should be up within the next few days, with a
TorBrowser release planned for early January.

Below are listed the changes since Tor 0.2.8.11. For a list of changes since 0.2.9.7-rc, see the ChangeLog file.

Changes in version 0.2.9.8 - 2016-12-19

  • New system requirements:
    • When building with OpenSSL, Tor now requires version 1.0.1 or later. OpenSSL 1.0.0 and earlier are no longer supported by the OpenSSL team, and should not be used. Closes ticket 20303.
    • Tor now requires Libevent version 2.0.10-stable or later. Older versions of Libevent have less efficient backends for several platforms, and lack the DNS code that we use for our server-side DNS support. This implements ticket 19554.
    • Tor now requires zlib version 1.2 or later, for security, efficiency, and (eventually) gzip support. (Back when we started, zlib 1.1 and zlib 1.0 were still found in the wild. 1.2 was released in 2003. We recommend the latest version.)
  • Deprecated features:
    • A number of DNS-cache-related sub-options for client ports are now deprecated for security reasons, and may be removed in a future version of Tor. (We believe that client-side DNS caching is a bad idea for anonymity, and you should not turn it on.) The options are: CacheDNS, CacheIPv4DNS, CacheIPv6DNS, UseDNSCache, UseIPv4Cache, and UseIPv6Cache.
    • A number of options are deprecated for security reasons, and may be removed in a future version of Tor. The options are: AllowDotExit, AllowInvalidNodes, AllowSingleHopCircuits, AllowSingleHopExits, ClientDNSRejectInternalAddresses, CloseHSClientCircuitsImmediatelyOnTimeout, CloseHSServiceRendCircuitsImmediatelyOnTimeout, ExcludeSingleHopRelays, FastFirstHopPK, TLSECGroup, UseNTorHandshake, and WarnUnsafeSocks.
    • The *ListenAddress options are now deprecated as unnecessary: the corresponding *Port options should be used instead. These options may someday be removed. The affected options are: ControlListenAddress, DNSListenAddress, DirListenAddress, NATDListenAddress, ORListenAddress, SocksListenAddress, and TransListenAddress.

  read more »

Tor 0.2.8.12 is released

There's a new "old stable" release of Tor! (But maybe you want the 0.2.9.8 release instead; that also comes out today.)

Tor 0.2.8.12 backports a fix for a medium-severity issue (bug 21018 below) where Tor clients could crash when attempting to visit a hostile hidden service. Clients are recommended to upgrade as packages become available for their systems.

It also includes an updated list of fallback directories, backported from 0.2.9.

Now that the Tor 0.2.9 series is stable, only major bugfixes will be backported to 0.2.8 in the future.

You can download Tor 0.2.8 -- and other older release series -- from dist.torproject.org.

Changes in version 0.2.8.12 - 2016-12-19

  • Major bugfixes (parsing, security, backported from 0.2.9.8):
    • Fix a bug in parsing that could cause clients to read a single byte past the end of an allocated region. This bug could be used to cause hardened clients (built with --enable-expensive-hardening) to crash if they tried to visit a hostile hidden service. Non- hardened clients are only affected depending on the details of their platform's memory allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE- 2016-12-002 and as CVE-2016-1254.
  • Minor features (fallback directory list, backported from 0.2.9.8):
    • Replace the 81 remaining fallbacks of the 100 originally introduced in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks (123 new, 54 existing, 27 removed) generated in December 2016. Resolves ticket 20170.
  • Minor features (geoip, backported from 0.2.9.7-rc):
    • Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 Country database.

Tor 0.2.9.7-rc is released: almost stable!

There's a new development release of Tor!

Tor 0.2.9.7-rc fixes a few small bugs remaining in Tor 0.2.9.6-rc, including a few that had prevented tests from passing on some platforms.

The source code for this release is now available from the download page on our website. Packages should be available soon. I expect that this Tor release will probably go into the hardened TorBrowser package series coming out in the next couple of days. (I hear that 0.2.9.6-rc will be in the regular TorBrowser alphas, since those froze a little before I finished this Tor release.)

We're rapidly running out of serious bugs to fix in 0.2.9.x, so this is probably the last release candidate before stable ... unless you find bugs while testing! Please try these releases, and let us know if anything breaks. Testing either 0.2.9.6-rc or 0.2.9.7-rc would be helpful.

Changes in version 0.2.9.7-rc - 2016-12-12

  • Minor features (geoip):
    • Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 Country database.
  • Minor bugfix (build):
    • The current Git revision when building from a local repository is now detected correctly when using git worktrees. Fixes bug 20492; bugfix on 0.2.3.9-alpha.

  read more »

Tor 0.2.8.11 is released, with small portability fixes

There's a new stable release of Tor!

Tor 0.2.8.11 backports fixes for additional portability issues that could prevent Tor from building correctly on OSX Sierra, or with OpenSSL 1.1. Affected users should upgrade; others can safely stay with 0.2.8.10.

You can download the source from the usual place on the website. Packages should be available over the next several days, including a TorBrowser release around December 14. Remember to check the signatures!

Below are the changes since 0.2.8.10.

Changes in version 0.2.8.11 - 2016-12-08

  • Minor bugfixes (portability):
    • Avoid compilation errors when building on OSX Sierra. Sierra began to support the getentropy() and clock_gettime() APIs, but created a few problems in doing so. Tor 0.2.9 has a more thorough set of workarounds; in 0.2.8, we are just using the /dev/urandom and mach monotonic time interfaces. Fixes bug 20865. Bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (portability, backport from 0.2.9.5-alpha):
    • Fix compilation with OpenSSL 1.1 and less commonly-used CPU architectures. Closes ticket 20588.

Tor 0.2.9.6-rc is released

Tor 0.2.9.6-rc fixes a few remaining bugs found in the previous alpha version. We hope that it will be ready to become stable soon, and we encourage everyone to test this release. If no showstopper bugs are found here, the next 0.2.9 release will be stable.

You can download the source from the usual place on the website. Packages should be available over the next several days, including an alpha TorBrowser release around December 14. Remember to check the signatures!

Please note: This is a release candidate. I think it's pretty stable, but bugs can always remain. If you want a stable experience, please stick to the stable releases.

Below are the changes since 0.2.9.5-alpha.

Changes in version 0.2.9.6-rc - 2016-12-02

  • Major bugfixes (relay, resolver, logging):
    • For relays that don't know their own address, avoid attempting a local hostname resolve for each descriptor we download. This will cut down on the number of "Success: chose address 'x.x.x.x'" log lines, and also avoid confusing clock jumps if the resolver is slow. Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (client, fascistfirewall):
    • Avoid spurious warnings when ReachableAddresses or FascistFirewall is set. Fixes bug 20306; bugfix on 0.2.8.2-alpha.
  • Minor bugfixes (hidden services):
    • Stop ignoring the anonymity status of saved keys for hidden services and single onion services when first starting tor. Instead, refuse to start tor if any hidden service key has been used in a different hidden service anonymity mode. Fixes bug 20638; bugfix on 17178 in 0.2.9.3-alpha; reported by ahf.
  • Minor bugfixes (portability):
    • Work around a bug in the OSX 10.12 SDK that would prevent us from successfully targeting earlier versions of OSX. Resolves ticket 20235.
    • Run correctly when built on Windows build environments that require _vcsprintf(). Fixes bug 20560; bugfix on 0.2.2.11-alpha.
  • Minor bugfixes (single onion services, Tor2web):
    • Stop complaining about long-term one-hop circuits deliberately created by single onion services and Tor2web. These log messages are intended to diagnose issue 8387, which relates to circuits hanging around forever for no reason. Fixes bug 20613; bugfix on 0.2.9.1-alpha. Reported by "pastly".
  • Minor bugfixes (unit tests):
    • Stop spurious failures in the local interface address discovery unit tests. Fixes bug 20634; bugfix on 0.2.8.1-alpha; patch by Neel Chauhan.
  • Documentation:
    • Correct the minimum bandwidth value in torrc.sample, and queue a corresponding change for torrc.minimal. Closes ticket 20085.

Tor 0.2.8.10 is released

There's a new stable version of Tor!

Tor 0.2.8.10 backports a fix for a bug that would sometimes make clients unusable after they left standby mode. It also backports fixes for a few portability issues and a small but problematic memory leak.

You can download the source from the usual place on the website. Packages should be available over the next several days, including a TorBrowser release around December 14. Remember to check the signatures!

Below are the changes since 0.2.8.9.

Changes in version 0.2.8.10 - 2016-12-02

  • Major bugfixes (client reliability, backport from 0.2.9.5-alpha):
    • When Tor leaves standby because of a new application request, open circuits as needed to serve that request. Previously, we would potentially wait a very long time. Fixes part of bug 19969; bugfix on 0.2.8.1-alpha.
  • Major bugfixes (client performance, backport from 0.2.9.5-alpha):
    • Clients now respond to new application stream requests immediately when they arrive, rather than waiting up to one second before starting to handle them. Fixes part of bug 19969; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (portability, backport from 0.2.9.6-rc):
    • Work around a bug in the OSX 10.12 SDK that would prevent us from successfully targeting earlier versions of OSX. Resolves ticket 20235.
  • Minor bugfixes (portability, backport from 0.2.9.5-alpha):
    • Fix implicit conversion warnings under OpenSSL 1.1. Fixes bug 20551; bugfix on 0.2.1.1-alpha.
  • Minor bugfixes (relay, backport from 0.2.9.5-alpha):
    • Work around a memory leak in OpenSSL 1.1 when encoding public keys. Fixes bug 20553; bugfix on 0.0.2pre8.
  • Minor features (geoip):
    • Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2 Country database.
Syndicate content Syndicate content