tor

Lots of new Tor and Vidalia packages

New Vidalia and Tor releases mean lots and lots of new packages. You can download most of them from the download page.

RPM users: we'll have all of the RPMs up within the next 24 hours. Everyone else, read on for Tor Browser Bundle changelogs and other packages.

Bridge-by-Default Bundle

Tor Browser Bundle with Firefox 4

Tor Browser Bundle (2.2.24-1) alpha; suite=osx

  • Update Tor to 0.2.2.24-alpha
  • Update Vidalia to 0.2.12
  • Update NoScript to 2.1.0.1

Tor Browser Bundle (2.2.24-1) alpha; suite=linux

  • Update Tor to 0.2.2.24-alpha
  • Update Vidalia to 0.2.12
  • Update NoScript to 2.1.0.1
  • Fix missing extensions by putting them in the right location (closes: #2828)
  • Disable plugin searching (closes: #2827)

Tor Browser Bundle with Firefox 3.6

https://www.torproject.org/projects/torbrowser

Windows 1.3.23: Released 2011-04-13

  • Update Vidalia to 0.2.12
  • Fix langpack mistake that made Firefox only use English

Linux 1.1.7: Released 2011-04-12

  • Update Tor to 0.2.2.24-alpha
  • Update Vidalia to 0.2.12
  • Update NoScript to 2.1.0.1

OS X 1.0.15: Released 2011-04-11

  • Update Tor to 0.2.2.24-alpha
  • Update Vidalia to 0.2.12
  • Update NoScript to 2.1.0.1

Tor 0.2.2.24-alpha is out

Tor 0.2.2.24-alpha fixes a variety of bugs, including a big bug that
prevented Tor clients from effectively using "multihomed" bridges,
that is, bridges that listen on multiple ports or IP addresses so users
can continue to use some of their addresses even if others get blocked.

https://www.torproject.org/download/download

Major bugfixes:

  • Fix a bug where bridge users who configure the non-canonical
    address of a bridge automatically switch to its canonical
    address. If a bridge listens at more than one address, it should be
    able to advertise those addresses independently and any non-blocked
    addresses should continue to work. Bugfix on Tor 0.2.0.x. Fixes
    bug 2510.
  • If you configured Tor to use bridge A, and then quit and
    configured Tor to use bridge B instead, it would happily continue
    to use bridge A if it's still reachable. While this behavior is
    a feature if your goal is connectivity, in some scenarios it's a
    dangerous bug. Bugfix on Tor 0.2.0.1-alpha; fixes bug 2511.
  • Directory authorities now use data collected from their own
    uptime observations when choosing whether to assign the HSDir flag
    to relays, instead of trusting the uptime value the relay reports in
    its descriptor. This change helps prevent an attack where a small
    set of nodes with frequently-changing identity keys can blackhole
    a hidden service. (Only authorities need upgrade; others will be
    fine once they do.) Bugfix on 0.2.0.10-alpha; fixes bug 2709.

Minor bugfixes:

  • When we restart our relay, we might get a successful connection
    from the outside before we've started our reachability tests,
    triggering a warning: "ORPort found reachable, but I have no
    routerinfo yet. Failing to inform controller of success." This
    bug was harmless unless Tor is running under a controller
    like Vidalia, in which case the controller would never get a
    REACHABILITY_SUCCEEDED status event. Bugfix on 0.1.2.6-alpha;
    fixes bug 1172.
  • Make directory authorities more accurate at recording when
    relays that have failed several reachability tests became
    unreachable, so we can provide more accuracy at assigning Stable,
    Guard, HSDir, etc flags. Bugfix on 0.2.0.6-alpha. Resolves bug 2716.
    - Fix an issue that prevented static linking of libevent on
    some platforms (notably Linux). Fixes bug 2698; bugfix on
    versions 0.2.1.23/0.2.2.8-alpha (the versions introducing
    the --with-static-libevent configure option).
  • We now ask the other side of a stream (the client or the exit)
    for more data on that stream when the amount of queued data on
    that stream dips low enough. Previously, we wouldn't ask the
    other side for more data until either it sent us more data (which
    it wasn't supposed to do if it had exhausted its window!) or we
    had completely flushed all our queued data. This flow control fix
    should improve throughput. Fixes bug 2756; bugfix on the earliest
    released versions of Tor (svn commit r152).
  • Avoid a double-mark-for-free warning when failing to attach a
    transparent proxy connection. (We thought we had fixed this in
    0.2.2.23-alpha, but it turns out our fix was checking the wrong
    connection.) Fixes bug 2757; bugfix on 0.1.2.1-alpha (the original
    bug) and 0.2.2.23-alpha (the incorrect fix).
  • When warning about missing zlib development packages during compile,
    give the correct package names. Bugfix on 0.2.0.1-alpha.

Minor features:

  • Directory authorities now log the source of a rejected POSTed v3
    networkstatus vote.
  • Make compilation with clang possible when using
    --enable-gcc-warnings by removing two warning optionss that clang
    hasn't implemented yet and by fixing a few warnings. Implements
    ticket 2696.
  • When expiring circuits, use microsecond timers rather than
    one-second timers. This can avoid an unpleasant situation where a
    circuit is launched near the end of one second and expired right
    near the beginning of the next, and prevent fluctuations in circuit
    timeout values.
  • Use computed circuit-build timeouts to decide when to launch
    parallel introduction circuits for hidden services. (Previously,
    we would retry after 15 seconds.)

Packaging fixes:

  • Create the /var/run/tor directory on startup on OpenSUSE if it is
    not already created. Patch from Andreas Stieger. Fixes bug 2573.

Documentation changes:

  • Modernize the doxygen configuration file slightly. Fixes bug 2707.
  • Resolve all doxygen warnings except those for missing documentation.
    Fixes bug 2705.
  • Add doxygen documentation for more functions, fields, and types.

tails anonymous operating system, version 0.7 released

The latest in the series, tail 0.7 livecd/liveusb anonymous operating system is released. The Amnesic Incognito Live System, version 0.7, is built on top of Debian Squeeze. The full changelog is available at https://tails.boum.org/news/version_0.7/

Highlight include updated Tor, better hardware and 3G modem support, https everywhere, more anonymity and privacy fixes, debian squeeze-based for updated software all around.

You can get it at https://tails.boum.org/download/index.en.html

Web Developers and Firefox Hackers: Help us with Firefox 4

We need some web-savvy people to help us audit the Torbutton alpha series for Firefox 4. I've performed a preliminary audit, and Torbutton 1.3.2-alpha should be safe from major issues, but a lot more testing is needed. In particular, we need people to test the new Firefox 4 features.

The notes from my preliminary audit are available in the Torbutton git repository, but note that I have not tested everything that struck me as potentially troublesome, and there may be other things I missed too.

As a reminder, the types of things we are looking for are things that violate the Torbutton Security Requirements, which may include new ways to bypass proxy settings, to fingerprint users, or to use novel identifiers to correlate Tor and Non-Tor activity.

In addition, we may have some funding to address outstanding Torbutton-related bugs in Firefox. If you know C++ and/or Firefox internals, we should be able to pay you for your time to address these issues and shepherd the relevant patches through Mozilla's review process.

If you find issues, or if you are interested in working on fixing these bugs, please contact us at tor-assistants at torproject dot org. Torbutton bugs that you find can be added to the growing pile at the Torbutton Bug Tracker.

The sooner we get these issues taken care of, the sooner we can confidently release a stable Torbutton for Firefox 4.

Tor 0.2.2.23-alpha is out

Tor 0.2.2.23-alpha lets relays record their bandwidth history so when
they restart they don't lose their bandwidth capacity estimate. This
release also fixes a diverse set of user-facing bugs, ranging from
relays overrunning their rate limiting to clients falsely warning about
clock skew to bridge descriptor leaks by our bridge directory authority.

https://torproject.org/download/download

Major bugfixes:

  • Stop sending a CLOCK_SKEW controller status event whenever
    we fetch directory information from a relay that has a wrong clock.
    Instead, only inform the controller when it's a trusted authority
    that claims our clock is wrong. Bugfix on 0.1.2.6-alpha; fixes
    the rest of bug 1074.
  • Fix an assert in parsing router descriptors containing IPv6
    addresses. This one took down the directory authorities when
    somebody tried some experimental code. Bugfix on 0.2.1.3-alpha.
  • Make the bridge directory authority refuse to answer directory
    requests for "all" descriptors. It used to include bridge
    descriptors in its answer, which was a major information leak.
    Found by "piebeer". Bugfix on 0.2.0.3-alpha.
  • If relays set RelayBandwidthBurst but not RelayBandwidthRate,
    Tor would ignore their RelayBandwidthBurst setting,
    potentially using more bandwidth than expected. Bugfix on
    0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470.
  • Ignore and warn if the user mistakenly sets "PublishServerDescriptor
    hidserv" in her torrc. The 'hidserv' argument never controlled
    publication of hidden service descriptors. Bugfix on 0.2.0.1-alpha.

Major features:

  • Relays now save observed peak bandwidth throughput rates to their
    state file (along with total usage, which was already saved)
    so that they can determine their correct estimated bandwidth on
    restart. Resolves bug 1863, where Tor relays would reset their
    estimated bandwidth to 0 after restarting.
  • Directory authorities now take changes in router IP address and
    ORPort into account when determining router stability. Previously,
    if a router changed its IP or ORPort, the authorities would not
    treat it as having any downtime for the purposes of stability
    calculation, whereas clients would experience downtime since the
    change could take a while to propagate to them. Resolves issue 1035.
  • Enable Address Space Layout Randomization (ASLR) and Data Execution
    Prevention (DEP) by default on Windows to make it harder for
    attackers to exploit vulnerabilities. Patch from John Brooks.

Minor bugfixes (on 0.2.1.x and earlier):

  • Fix a rare crash bug that could occur when a client was configured
    with a large number of bridges. Fixes bug 2629; bugfix on
    0.2.1.2-alpha. Bugfix by trac user "shitlei".
  • Avoid a double mark-for-free warning when failing to attach a
    transparent proxy connection. Bugfix on 0.1.2.1-alpha. Fixes
    bug 2279.
  • Correctly detect failure to allocate an OpenSSL BIO. Fixes bug 2378;
    found by "cypherpunks". This bug was introduced before the first
    Tor release, in svn commit r110.
  • Country codes aren't supported in EntryNodes until 0.2.3.x, so
    don't mention them in the manpage. Fixes bug 2450; issue
    spotted by keb and G-Lo.
  • Fix a bug in bandwidth history state parsing that could have been
    triggered if a future version of Tor ever changed the timing
    granularity at which bandwidth history is measured. Bugfix on
    Tor 0.1.1.11-alpha.
  • When a relay decides that its DNS is too broken for it to serve
    as an exit server, it advertised itself as a non-exit, but
    continued to act as an exit. This could create accidental
    partitioning opportunities for users. Instead, if a relay is
    going to advertise reject *:* as its exit policy, it should
    really act with exit policy "reject *:*". Fixes bug 2366.
    Bugfix on Tor 0.1.2.5-alpha. Bugfix by user "postman" on trac.
  • In the special case where you configure a public exit relay as your
    bridge, Tor would be willing to use that exit relay as the last
    hop in your circuit as well. Now we fail that circuit instead.
    Bugfix on 0.2.0.12-alpha. Fixes bug 2403. Reported by "piebeer".
  • Fix a bug with our locking implementation on Windows that couldn't
    correctly detect when a file was already locked. Fixes bug 2504,
    bugfix on 0.2.1.6-alpha.
  • Fix IPv6-related connect() failures on some platforms (BSD, OS X).
    Bugfix on 0.2.0.3-alpha; fixes first part of bug 2660. Patch by
    "piebeer".
  • Set target port in get_interface_address6() correctly. Bugfix
    on 0.1.1.4-alpha and 0.2.0.3-alpha; fixes second part of bug 2660.
  • Directory authorities are now more robust to hops back in time
    when calculating router stability. Previously, if a run of uptime
    or downtime appeared to be negative, the calculation could give
    incorrect results. Bugfix on 0.2.0.6-alpha; noticed when fixing
    bug 1035.
  • Fix an assert that got triggered when using the TestingTorNetwork
    configuration option and then issuing a GETINFO config-text control
    command. Fixes bug 2250; bugfix on 0.2.1.2-alpha.

Minor bugfixes (on 0.2.2.x):

  • Clients should not weight BadExit nodes as Exits in their node
    selection. Similarly, directory authorities should not count BadExit
    bandwidth as Exit bandwidth when computing bandwidth-weights.
    Bugfix on 0.2.2.10-alpha; fixes bug 2203.
  • Correctly clear our dir_read/dir_write history when there is an
    error parsing any bw history value from the state file. Bugfix on
    Tor 0.2.2.15-alpha.
  • Resolve a bug in verifying signatures of directory objects
    with digests longer than SHA1. Bugfix on 0.2.2.20-alpha.
    Fixes bug 2409. Found by "piebeer".
  • Bridge authorities no longer crash on SIGHUP when they try to
    publish their relay descriptor to themselves. Fixes bug 2572. Bugfix
    on 0.2.2.22-alpha.

Minor features:

  • Log less aggressively about circuit timeout changes, and improve
    some other circuit timeout messages. Resolves bug 2004.
  • Log a little more clearly about the times at which we're no longer
    accepting new connections. Resolves bug 2181.
  • Reject attempts at the client side to open connections to private
    IP addresses (like 127.0.0.1, 10.0.0.1, and so on) with
    a randomly chosen exit node. Attempts to do so are always
    ill-defined, generally prevented by exit policies, and usually
    in error. This will also help to detect loops in transparent
    proxy configurations. You can disable this feature by setting
    "ClientRejectInternalAddresses 0" in your torrc.
  • Always treat failure to allocate an RSA key as an unrecoverable
    allocation error.
  • Update to the March 1 2011 Maxmind GeoLite Country database.

Minor features (log subsystem):

  • Add documentation for configuring logging at different severities in
    different log domains. We've had this feature since 0.2.1.1-alpha,
    but for some reason it never made it into the manpage. Fixes
    bug 2215.
  • Make it simpler to specify "All log domains except for A and B".
    Previously you needed to say "[*,~A,~B]". Now you can just say
    "[~A,~B]".
  • Add a "LogMessageDomains 1" option to include the domains of log
    messages along with the messages. Without this, there's no way
    to use log domains without reading the source or doing a lot
    of guessing.

Packaging changes:

  • Stop shipping the Tor specs files and development proposal documents
    in the tarball. They are now in a separate git repository at
    git://git.torproject.org/torspec.git

Tor 0.2.1.30 is released

Tor 0.2.1.30 fixes a variety of less critical bugs. The main other change is a slight tweak to Tor's TLS handshake that makes relays and bridges that run this new version reachable from Iran again. We don't expect this tweak will win the arms race long-term, but it buys us time until we roll out a better solution.

https://www.torproject.org/download/download

Major bugfixes:

  • Stop sending a CLOCK_SKEW controller status event whenever
    we fetch directory information from a relay that has a wrong clock.
    Instead, only inform the controller when it's a trusted authority
    that claims our clock is wrong. Bugfix on 0.1.2.6-alpha; fixes
    the rest of bug 1074.
  • Fix a bounds-checking error that could allow an attacker to
    remotely crash a directory authority. Bugfix on 0.2.1.5-alpha.
    Found by "piebeer".
  • If relays set RelayBandwidthBurst but not RelayBandwidthRate,
    Tor would ignore their RelayBandwidthBurst setting,
    potentially using more bandwidth than expected. Bugfix on
    0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470.
  • Ignore and warn if the user mistakenly sets "PublishServerDescriptor
    hidserv" in her torrc. The 'hidserv' argument never controlled
    publication of hidden service descriptors. Bugfix on 0.2.0.1-alpha.

Minor features:

  • Adjust our TLS Diffie-Hellman parameters to match those used by
    Apache's mod_ssl.
  • Update to the February 1 2011 Maxmind GeoLite Country database.

Minor bugfixes:

  • Check for and reject overly long directory certificates and
    directory tokens before they have a chance to hit any assertions.
    Bugfix on 0.2.1.28. Found by "doorss".
  • Bring the logic that gathers routerinfos and assesses the
    acceptability of circuits into line. This prevents a Tor OP from
    getting locked in a cycle of choosing its local OR as an exit for a
    path (due to a .exit request) and then rejecting the circuit because
    its OR is not listed yet. It also prevents Tor clients from using an
    OR running in the same instance as an exit (due to a .exit request)
    if the OR does not meet the same requirements expected of an OR
    running elsewhere. Fixes bug 1859; bugfix on 0.1.0.1-rc.

Packaging changes:

  • Stop shipping the Tor specs files and development proposal documents
    in the tarball. They are now in a separate git repository at
    git://git.torproject.org/torspec.git
  • Do not include Git version tags as though they are SVN tags when
    generating a tarball from inside a repository that has switched
    between branches. Bugfix on 0.2.1.15-rc; fixes bug 2402.

Tor 0.2.2.22-alpha is out

https://www.torproject.org/download/download

Changes in version 0.2.2.22-alpha - 2011-01-25
Major bugfixes:

  • Fix a bounds-checking error that could allow an attacker to
    remotely crash a directory authority. Bugfix on 0.2.1.5-alpha.
    Found by "piebeer".
  • Don't assert when changing from bridge to relay or vice versa
    via the controller. The assert happened because we didn't properly
    initialize our keys in this case. Bugfix on 0.2.2.18-alpha; fixes
    bug 2433. Reported by bastik.

Minor features:

  • Adjust our TLS Diffie-Hellman parameters to match those used by
    Apache's mod_ssl.
  • Provide a log message stating which geoip file we're parsing
    instead of just stating that we're parsing the geoip file.
    Implements ticket 2432.

Minor bugfixes:

  • Check for and reject overly long directory certificates and
    directory tokens before they have a chance to hit any assertions.
    Bugfix on 0.2.1.28 / 0.2.2.20-alpha. Found by "doorss".

Tor Open Hackfest: February 19, 2011

We're holding a Tor hackfest on Saturday, February 19th. The bulk of the Tor developers are in town and coming to this event. Unlike last time when snow kept 75% of them outside the US.

We'll be meeting starting at 10 AM in the new Media Lab building (E14), thanks to the Center for Future Civic Media at MIT. We're hoping to provide pizza and drinks for lunch. Last time we had some fine Indian food for dinner.

Map: http://whereis.mit.edu/?go=E14

Please attend if you have some interest in programming, advocacy, marketing, or research with Tor, or are willing to be persuaded to entertain an interest. :) Tor's a small project (in terms of number of developers) that could really use your help.
Hope to see you on Saturday!

Tor 0.2.2.21-alpha is out (security patches)

Note to 64-bit Linux Tor Browser Bundle users: The previous bundles contained Tor 0.2.2.20-alpha. Please upgrade to 1.1.3-1 (sig).

Tor 0.2.2.21-alpha includes all the patches from Tor 0.2.1.29, which
continues our recent code security audit work. The main fix resolves
a remote heap overflow vulnerability that can allow remote code
execution (CVE-2011-0427). Other fixes address a variety of assert
and crash bugs, most of which we think are hard to exploit remotely.

All Tor users should upgrade.

https://www.torproject.org/download/download

Changes in version 0.2.2.21-alpha - 2011-01-15
Major bugfixes (security), also included in 0.2.1.29: read more »

Lots of new Tor packages

A new Tor stable (0.2.1.29) (sig) and Tor alpha (0.2.2.21-alpha) (sig) have been released and all users are strongly encouraged to upgrade.

The following packages have been released:

  • Windows expert packages (stable & alpha)
  • Vidalia bundles (stable & alpha for Windows, and OS X ppc & x86)
  • Tor Browser Bundles for Windows, Linux, and OS X (see below for other updates)
  • RPM packages (stable & alpha)
  • Debian and Ubuntu packages (stable & alpha)

You can download all of these from our download page or package repositories.

If you encounter any problems, please file a bug on our bug tracker.

Tor Browser Bundles

Windows Bundles
1.3.17: Released 2011-01-16

  • Update Tor to 0.2.1.29

Linux Bundles
1.1.3: Released 2011-01-16

  • Update Tor to 0.2.2.21-alpha
  • Update NoScript to 2.0.9.3

OS X Bundles
1.0.10: Released 2011-01-16

  • Update Tor to 0.2.2.21-alpha
  • Update NoScript to 2.0.9.3
Syndicate content Syndicate content