tor

Thank you to our donors

2011 was an exciting year for communications security. Online communications helped to support activists in the Middle East's "Arab Spring" as they toppled Tunisia's Ben Ali and Egypt's Mubarak. Tor's entry nodes and hidden "bridge" entry points have seen increased usage from Iran and Syria, as citizens there seek to communicate securely and evade government censorship. Secretary of State Clinton has made Internet Freedom part of the U.S. State Department's agenda, while here in the United States, advertisers have developed more sophisticated ways to track browsers' online activity.

The Tor Project can help, but the censors and snoops are never very far behind. We must keep improving our software and network, researching its security against new threats, and training users to communicate safely. As a non-profit, we depend on your donations of money, relays, and advocacy to keep making progress.

In the past year, Tor released new versions to improve security and blocking resistance, including a same-day fix to a block detected in Iran. We have enhanced translations in more than a dozen languages including Farsi, Arabic, and Chinese; presented security and anonymity research; and taught security practices to groups including journalists, activists, law enforcement, and survivors of domestic violence.

Please help us keep the Internet open and private for all.

If you would like to keep up to date with Tor, please visit our donor thank you page at https://www.torproject.org/donate/thankyou.

Donate securely online at https://www.torproject.org/donate

Announcing the Tor Farsi blog

We are happy to announce the launch of the Tor Farsi blog. The site is created in response to the great reception of Tor and circumvention tools amongst Iranian users. The goal of this site is to be a one-stop place to find Tor related material in Farsi.

The Farsi team will translate white papers, summaries of select posts, and important updates relevant to Tor. We want to create a community of Farsi-speaking Tor users and empower them with information about anonymity and privacy on the Internet. We hope this community will spread this information to others to help them with their Internet anonymity and privacy needs.

Tor 0.2.2.35 is released (security patches)

Tor 0.2.2.35 fixes a critical heap-overflow security issue in Tor's
buffers code. Absolutely everybody should upgrade.

The bug relied on an incorrect calculation when making data continuous
in one of our IO buffers, if the first chunk of the buffer was
misaligned by just the wrong amount. The miscalculation would allow an
attacker to overflow a piece of heap-allocated memory. To mount this
attack, the attacker would need to either open a SOCKS connection to
Tor's SocksPort (usually restricted to localhost), or target a Tor
instance configured to make its connections through a SOCKS proxy
(which Tor does not do by default).

Good security practice requires that all heap-overflow bugs should be
presumed to be exploitable until proven otherwise, so we are treating
this as a potential code execution attack. Please upgrade immediately!
This bug does not affect bufferevents-based builds of Tor. Special
thanks to "Vektor" for reporting this issue to us!

Tor 0.2.2.35 also fixes several bugs in previous versions, including
crash bugs for unusual configurations, and a long-term bug that
would prevent Tor from starting on Windows machines with draconian
AV software.

With this release, we remind everyone that 0.2.0.x has reached its
formal end-of-life. Those Tor versions have many known flaws, and
nobody should be using them. You should upgrade -- ideally to the
0.2.2.x series. If you're using a Linux or BSD and its packages are
obsolete, stop using those packages and upgrade anyway.

The Tor 0.2.1.x series is also approaching its end-of-life: it will no
longer receive support after some time in early 2012.

https://www.torproject.org/download

Changes in version 0.2.2.35 - 2011-12-16

Major bugfixes:

  • Fix a heap overflow bug that could occur when trying to pull
    data into the first chunk of a buffer, when that chunk had
    already had some data drained from it. Fixes CVE-2011-2778;
    bugfix on 0.2.0.16-alpha. Reported by "Vektor".
  • Initialize Libevent with the EVENT_BASE_FLAG_NOLOCK flag enabled, so
    that it doesn't attempt to allocate a socketpair. This could cause
    some problems on Windows systems with overzealous firewalls. Fix for
    bug 4457; workaround for Libevent versions 2.0.1-alpha through
    2.0.15-stable.
  • If we mark an OR connection for close based on a cell we process,
    don't process any further cells on it. We already avoid further
    reads on marked-for-close connections, but now we also discard the
    cells we'd already read. Fixes bug 4299; bugfix on 0.2.0.10-alpha,
    which was the first version where we might mark a connection for
    close based on processing a cell on it.
  • Correctly sanity-check that we don't underflow on a memory
    allocation (and then assert) for hidden service introduction
    point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410;
    bugfix on 0.2.1.5-alpha.
  • Fix a memory leak when we check whether a hidden service
    descriptor has any usable introduction points left. Fixes bug
    4424. Bugfix on 0.2.2.25-alpha.
  • Don't crash when we're running as a relay and don't have a GeoIP
    file. Bugfix on 0.2.2.34; fixes bug 4340. This backports a fix
    we've had in the 0.2.3.x branch already.
  • When running as a client, do not print a misleading (and plain
    wrong) log message that we're collecting "directory request"
    statistics: clients don't collect statistics. Also don't create a
    useless (because empty) stats file in the stats/ directory. Fixes
    bug 4353; bugfix on 0.2.2.34.

Minor bugfixes:

  • Detect failure to initialize Libevent. This fix provides better
    detection for future instances of bug 4457.
  • Avoid frequent calls to the fairly expensive cull_wedged_cpuworkers
    function. This was eating up hideously large amounts of time on some
    busy servers. Fixes bug 4518; bugfix on 0.0.9.8.
  • Resolve an integer overflow bug in smartlist_ensure_capacity().
    Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by
    Mansour Moufid.
  • Don't warn about unused log_mutex in log.c when building with
    --disable-threads using a recent GCC. Fixes bug 4437; bugfix on
    0.1.0.6-rc which introduced --disable-threads.
  • When configuring, starting, or stopping an NT service, stop
    immediately after the service configuration attempt has succeeded
    or failed. Fixes bug 3963; bugfix on 0.2.0.7-alpha.
  • When sending a NETINFO cell, include the original address
    received for the other side, not its canonical address. Found
    by "troll_un"; fixes bug 4349; bugfix on 0.2.0.10-alpha.
  • Fix a typo in a hibernation-related log message. Fixes bug 4331;
    bugfix on 0.2.2.23-alpha; found by "tmpname0901".
  • Fix a memory leak in launch_direct_bridge_descriptor_fetch() that
    occurred when a client tried to fetch a descriptor for a bridge
    in ExcludeNodes. Fixes bug 4383; bugfix on 0.2.2.25-alpha.
  • Backport fixes for a pair of compilation warnings on Windows.
    Fixes bug 4521; bugfix on 0.2.2.28-beta and on 0.2.2.29-beta.
  • If we had ever tried to call tor_addr_to_str on an address of
    unknown type, we would have done a strdup on an uninitialized
    buffer. Now we won't. Fixes bug 4529; bugfix on 0.2.1.3-alpha.
    Reported by "troll_un".
  • Correctly detect and handle transient lookup failures from
    tor_addr_lookup. Fixes bug 4530; bugfix on 0.2.1.5-alpha.
    Reported by "troll_un".
  • Fix null-pointer access that could occur if TLS allocation failed.
    Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un".
  • Use tor_socket_t type for listener argument to accept(). Fixes bug
    4535; bugfix on 0.2.2.28-beta. Found by "troll_un".

Minor features:

  • Add two new config options for directory authorities:
    AuthDirFastGuarantee sets a bandwidth threshold for guaranteeing the
    Fast flag, and AuthDirGuardBWGuarantee sets a bandwidth threshold
    that is always sufficient to satisfy the bandwidth requirement for
    the Guard flag. Now it will be easier for researchers to simulate
    Tor networks with different values. Resolves ticket 4484.
  • When Tor ignores a hidden service specified in its configuration,
    include the hidden service's directory in the warning message.
    Previously, we would only tell the user that some hidden service
    was ignored. Bugfix on 0.0.6; fixes bug 4426.
  • Update to the December 6 2011 Maxmind GeoLite Country database.

Packaging changes:

  • Make it easier to automate expert package builds on Windows,
    by removing an absolute path from makensis.exe command.

Tor 0.2.3.10-alpha is out (security fix)

Tor 0.2.3.10-alpha fixes a critical heap-overflow security issue in
Tor's buffers code. Absolutely everybody should upgrade.

The bug relied on an incorrect calculation when making data continuous
in one of our IO buffers, if the first chunk of the buffer was
misaligned by just the wrong amount. The miscalculation would allow an
attacker to overflow a piece of heap-allocated memory. To mount this
attack, the attacker would need to either open a SOCKS connection to
Tor's SocksPort (usually restricted to localhost), or target a Tor
instance configured to make its connections through a SOCKS proxy
(which Tor does not do by default).

Good security practice requires that all heap-overflow bugs should be
presumed to be exploitable until proven otherwise, so we are treating
this as a potential code execution attack. Please upgrade immediately!
This bug does not affect bufferevents-based builds of Tor. Special
thanks to "Vektor" for reporting this issue to us!

This release also contains a few minor bugfixes for issues discovered
in 0.2.3.9-alpha.

https://www.torproject.org/download

Changes in version 0.2.3.10-alpha - 2011-12-16

Major bugfixes

  • Fix a heap overflow bug that could occur when trying to pull
    data into the first chunk of a buffer, when that chunk had
    already had some data drained from it. Fixes CVE-2011-2778;
    bugfix on 0.2.0.16-alpha. Reported by "Vektor".

Minor bugfixes

  • If we can't attach streams to a rendezvous circuit when we
    finish connecting to a hidden service, clear the rendezvous
    circuit's stream-isolation state and try to attach streams
    again. Previously, we cleared rendezvous circuits' isolation
    state either too early (if they were freshly built) or not at all
    (if they had been built earlier and were cannibalized). Bugfix on
    0.2.3.3-alpha; fixes bug 4655.
  • Fix compilation of the libnatpmp helper on non-Windows. Bugfix on
    0.2.3.9-alpha; fixes bug 4691. Reported by Anthony G. Basile.
  • Fix an assertion failure when a relay with accounting enabled
    starts up while dormant. Fixes bug 4702; bugfix on 0.2.3.9-alpha.

Minor features

  • Update to the December 6 2011 Maxmind GeoLite Country database.

Tor 0.2.3.9-alpha is out

Tor 0.2.3.9-alpha introduces initial IPv6 support for bridges, adds
a "DisableNetwork" security feature that bundles can use to avoid
touching the network until bridges are configured, moves forward on
the pluggable transport design, fixes a flaw in the hidden service
design that unnecessarily prevented clients with wrong clocks from
reaching hidden services, and fixes a wide variety of other issues.

https://www.torproject.org/download

Changes in version 0.2.3.9-alpha - 2011-12-08
Major features:

  • Clients can now connect to private bridges over IPv6. Bridges
    still need at least one IPv4 address in order to connect to
    other relays. Note that we don't yet handle the case where the
    user has two bridge lines for the same bridge (one IPv4, one
    IPv6). Implements parts of proposal 186.
  • New "DisableNetwork" config option to prevent Tor from launching any
    connections or accepting any connections except on a control port.
    Bundles and controllers can set this option before letting Tor talk
    to the rest of the network, for example to prevent any connections
    to a non-bridge address. Packages like Orbot can also use this
    option to instruct Tor to save power when the network is off.
  • Clients and bridges can now be configured to use a separate
    "transport" proxy. This approach makes the censorship arms race
    easier by allowing bridges to use protocol obfuscation plugins. It
    implements the "managed proxy" part of proposal 180 (ticket 3472).
  • When using OpenSSL 1.0.0 or later, use OpenSSL's counter mode
    implementation. It makes AES_CTR about 7% faster than our old one
    (which was about 10% faster than the one OpenSSL used to provide).
    Resolves ticket 4526.
  • Add a "tor2web mode" for clients that want to connect to hidden
    services non-anonymously (and possibly more quickly). As a safety
    measure to try to keep users from turning this on without knowing
    what they are doing, tor2web mode must be explicitly enabled at
    compile time, and a copy of Tor compiled to run in tor2web mode
    cannot be used as a normal Tor client. Implements feature 2553.
  • Add experimental support for running on Windows with IOCP and no
    kernel-space socket buffers. This feature is controlled by a new
    "UserspaceIOCPBuffers" config option (off by default), which has
    no effect unless Tor has been built with support for bufferevents,
    is running on Windows, and has enabled IOCP. This may, in the long
    run, help solve or mitigate bug 98.
  • Use a more secure consensus parameter voting algorithm. Now at
    least three directory authorities or a majority of them must
    vote on a given parameter before it will be included in the
    consensus. Implements proposal 178.

Major bugfixes:

  • Hidden services now ignore the timestamps on INTRODUCE2 cells.
    They used to check that the timestamp was within 30 minutes
    of their system clock, so they could cap the size of their
    replay-detection cache, but that approach unnecessarily refused
    service to clients with wrong clocks. Bugfix on 0.2.1.6-alpha, when
    the v3 intro-point protocol (the first one which sent a timestamp
    field in the INTRODUCE2 cell) was introduced; fixes bug 3460.
  • Only use the EVP interface when AES acceleration is enabled,
    to avoid a 5-7% performance regression. Resolves issue 4525;
    bugfix on 0.2.3.8-alpha.

Privacy/anonymity features (bridge detection):

  • Make bridge SSL certificates a bit more stealthy by using random
    serial numbers, in the same fashion as OpenSSL when generating
    self-signed certificates. Implements ticket 4584.
  • Introduce a new config option "DynamicDHGroups", enabled by
    default, which provides each bridge with a unique prime DH modulus
    to be used during SSL handshakes. This option attempts to help
    against censors who might use the Apache DH modulus as a static
    identifier for bridges. Addresses ticket 4548.

Minor features (new/different config options):

  • New configuration option "DisableDebuggerAttachment" (on by default)
    to prevent basic debugging attachment attempts by other processes.
    Supports Mac OS X and Gnu/Linux. Resolves ticket 3313.
  • Allow MapAddress directives to specify matches against super-domains,
    as in "MapAddress *.torproject.org *.torproject.org.torserver.exit".
    Implements issue 933.
  • Slightly change behavior of "list" options (that is, config
    options that can appear more than once) when they appear both in
    torrc and on the command line. Previously, the command-line options
    would be appended to the ones from torrc. Now, the command-line
    options override the torrc options entirely. This new behavior
    allows the user to override list options (like exit policies and
    ports to listen on) from the command line, rather than simply
    appending to the list.
  • You can get the old (appending) command-line behavior for "list"
    options by prefixing the option name with a "+".
  • You can remove all the values for a "list" option from the command
    line without adding any new ones by prefixing the option name
    with a "/".
  • Add experimental support for a "defaults" torrc file to be parsed
    before the regular torrc. Torrc options override the defaults file's
    options in the same way that the command line overrides the torrc.
    The SAVECONF controller command saves only those options which
    differ between the current configuration and the defaults file. HUP
    reloads both files. (Note: This is an experimental feature; its
    behavior will probably be refined in future 0.2.3.x-alpha versions
    to better meet packagers' needs.)

Minor features:

  • Try to make the introductory warning message that Tor prints on
    startup more useful for actually finding help and information.
    Resolves ticket 2474.
  • Running "make version" now displays the version of Tor that
    we're about to build. Idea from katmagic; resolves issue 4400.
  • Expire old or over-used hidden service introduction points.
    Required by fix for bug 3460.
  • Move the replay-detection cache for the RSA-encrypted parts of
    INTRODUCE2 cells to the introduction point data structures.
    Previously, we would use one replay-detection cache per hidden
    service. Required by fix for bug 3460.
  • Reduce the lifetime of elements of hidden services' Diffie-Hellman
    public key replay-detection cache from 60 minutes to 5 minutes. This
    replay-detection cache is now used only to detect multiple
    INTRODUCE2 cells specifying the same rendezvous point, so we can
    avoid launching multiple simultaneous attempts to connect to it.

Minor bugfixes (on Tor 0.2.2.x and earlier):

  • Resolve an integer overflow bug in smartlist_ensure_capacity().
    Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by
    Mansour Moufid.
  • Fix a minor formatting issue in one of tor-gencert's error messages.
    Fixes bug 4574.
  • Prevent a false positive from the check-spaces script, by disabling
    the "whitespace between function name and (" check for functions
    named 'op()'.
  • Fix a log message suggesting that people contact a non-existent
    email address. Fixes bug 3448.
  • Fix null-pointer access that could occur if TLS allocation failed.
    Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un".
  • Report a real bootstrap problem to the controller on router
    identity mismatch. Previously we just said "foo", which probably
    made a lot of sense at the time. Fixes bug 4169; bugfix on
    0.2.1.1-alpha.
  • If we had ever tried to call tor_addr_to_str() on an address of
    unknown type, we would have done a strdup() on an uninitialized
    buffer. Now we won't. Fixes bug 4529; bugfix on 0.2.1.3-alpha.
    Reported by "troll_un".
  • Correctly detect and handle transient lookup failures from
    tor_addr_lookup(). Fixes bug 4530; bugfix on 0.2.1.5-alpha.
    Reported by "troll_un".
  • Use tor_socket_t type for listener argument to accept(). Fixes bug
    4535; bugfix on 0.2.2.28-beta. Found by "troll_un".
  • Initialize conn->addr to a valid state in spawn_cpuworker(). Fixes
    bug 4532; found by "troll_un".

Minor bugfixes (on Tor 0.2.3.x):

  • Fix a compile warning in tor_inet_pton(). Bugfix on 0.2.3.8-alpha;
    fixes bug 4554.
  • Don't send two ESTABLISH_RENDEZVOUS cells when opening a new
    circuit for use as a hidden service client's rendezvous point.
    Fixes bugs 4641 and 4171; bugfix on 0.2.3.3-alpha. Diagnosed
    with help from wanoskarnet.
  • Restore behavior of overriding SocksPort, ORPort, and similar
    options from the command line. Bugfix on 0.2.3.3-alpha.

Build fixes:

  • Properly handle the case where the build-tree is not the same
    as the source tree when generating src/common/common_sha1.i,
    src/or/micro-revision.i, and src/or/or_sha1.i. Fixes bug 3953;
    bugfix on 0.2.0.1-alpha.

Code simplifications, cleanups, and refactorings:

  • Remove the pure attribute from all functions that used it
    previously. In many cases we assigned it incorrectly, because the
    functions might assert or call impure functions, and we don't have
    evidence that keeping the pure attribute is worthwhile. Implements
    changes suggested in ticket 4421.
  • Remove some dead code spotted by coverity. Fixes cid 432.
    Bugfix on 0.2.3.1-alpha, closes bug 4637.

Tor 0.2.3.8-alpha is out

Tor 0.2.3.8-alpha fixes some crash and assert bugs, including a
socketpair-related bug that has been bothering Windows users. It adds
support to serve microdescriptors to controllers, so Vidalia's network
map can resume listing relays (once Vidalia implements its side),
and adds better support for hardware AES acceleration. Finally, it
starts the process of adjusting the bandwidth cutoff for getting the
"Fast" flag from 20KB to (currently) 32KB -- preliminary results show
that tiny relays harm performance more than they help network capacity.

Changes in version 0.2.3.8-alpha - 2011-11-22
Major bugfixes:

  • Initialize Libevent with the EVENT_BASE_FLAG_NOLOCK flag enabled, so
    that it doesn't attempt to allocate a socketpair. This could cause
    some problems on Windows systems with overzealous firewalls. Fix for
    bug 4457; workaround for Libevent versions 2.0.1-alpha through
    2.0.15-stable.
  • Correctly sanity-check that we don't underflow on a memory
    allocation (and then assert) for hidden service introduction
    point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410;
    bugfix on 0.2.1.5-alpha.
  • Remove the artificially low cutoff of 20KB to guarantee the Fast
    flag. In the past few years the average relay speed has picked
    up, and while the "top 7/8 of the network get the Fast flag" and
    "all relays with 20KB or more of capacity get the Fast flag" rules
    used to have the same result, now the top 7/8 of the network has
    a capacity more like 32KB. Bugfix on 0.2.1.14-rc. Fixes bug 4489.
  • Fix a rare assertion failure when checking whether a v0 hidden
    service descriptor has any usable introduction points left, and
    we don't have enough information to build a circuit to the first
    intro point named in the descriptor. The HS client code in
    0.2.3.x no longer uses v0 HS descriptors, but this assertion can
    trigger on (and crash) v0 HS authorities. Fixes bug 4411.
    Bugfix on 0.2.3.1-alpha; diagnosed by frosty_un.
  • Make bridge authorities not crash when they are asked for their own
    descriptor. Bugfix on 0.2.3.7-alpha, reported by Lucky Green.
  • When running as a client, do not print a misleading (and plain
    wrong) log message that we're collecting "directory request"
    statistics: clients don't collect statistics. Also don't create a
    useless (because empty) stats file in the stats/ directory. Fixes
    bug 4353; bugfix on 0.2.2.34 and 0.2.3.7-alpha.

Major features:

  • Allow Tor controllers like Vidalia to obtain the microdescriptor
    for a relay by identity digest or nickname. Previously,
    microdescriptors were only available by their own digests, so a
    controller would have to ask for and parse the whole microdescriptor
    consensus in order to look up a single relay's microdesc. Fixes
    bug 3832; bugfix on 0.2.3.1-alpha.
  • Use OpenSSL's EVP interface for AES encryption, so that all AES
    operations can use hardware acceleration (if present). Resolves
    ticket 4442.

Minor bugfixes (on 0.2.2.x and earlier):

  • Detect failure to initialize Libevent. This fix provides better
    detection for future instances of bug 4457.
  • Avoid frequent calls to the fairly expensive cull_wedged_cpuworkers
    function. This was eating up hideously large amounts of time on some
    busy servers. Fixes bug 4518; bugfix on 0.0.9.8.
  • Don't warn about unused log_mutex in log.c when building with
    --disable-threads using a recent GCC. Fixes bug 4437; bugfix on
    0.1.0.6-rc which introduced --disable-threads.
  • Allow manual 'authenticate' commands to the controller interface
    from netcat (nc) as well as telnet. We were rejecting them because
    they didn't come with the expected whitespace at the end of the
    command. Bugfix on 0.1.1.1-alpha; fixes bug 2893.
  • Fix some (not actually triggerable) buffer size checks in usage of
    tor_inet_ntop. Fixes bug 4434; bugfix on Tor 0.2.0.1-alpha. Patch
    by Anders Sundman.
  • Fix parsing of some corner-cases with tor_inet_pton(). Fixes
    bug 4515; bugfix on 0.2.0.1-alpha; fix by Anders Sundman.
  • When configuring, starting, or stopping an NT service, stop
    immediately after the service configuration attempt has succeeded
    or failed. Fixes bug 3963; bugfix on 0.2.0.7-alpha.
  • When sending a NETINFO cell, include the original address
    received for the other side, not its canonical address. Found
    by "troll_un"; fixes bug 4349; bugfix on 0.2.0.10-alpha.
  • Rename the bench_{aes,dmap} functions to test_*, so that tinytest
    can pick them up when the tests aren't disabled. Bugfix on
    0.2.2.4-alpha which introduced tinytest.
  • Fix a memory leak when we check whether a hidden service
    descriptor has any usable introduction points left. Fixes bug
    4424. Bugfix on 0.2.2.25-alpha.
  • Fix a memory leak in launch_direct_bridge_descriptor_fetch() that
    occurred when a client tried to fetch a descriptor for a bridge
    in ExcludeNodes. Fixes bug 4383; bugfix on 0.2.2.25-alpha.

Minor bugfixes (on 0.2.3.x):

  • Make util unit tests build correctly with MSVC. Bugfix on
    0.2.3.3-alpha. Patch by Gisle Vanem.
  • Successfully detect AUTH_CHALLENGE cells with no recognized
    authentication type listed. Fixes bug 4367; bugfix on 0.2.3.6-alpha.
    Found by frosty_un.
  • If a relay receives an AUTH_CHALLENGE cell it can't answer,
    it should still send a NETINFO cell to allow the connection to
    become open. Fixes bug 4368; fix on 0.2.3.6-alpha; bug found by
    "frosty".
  • Log less loudly when we get an invalid authentication certificate
    from a source other than a directory authority: it's not unusual
    to see invalid certs because of clock skew. Fixes bug 4370; bugfix
    on 0.2.3.4-alpha and 0.2.3.6-alpha.

Minor features:

  • Add two new config options for directory authorities:
    AuthDirFastGuarantee sets a bandwidth threshold for guaranteeing the
    Fast flag, and AuthDirGuardBWGuarantee sets a bandwidth threshold
    that is always sufficient to satisfy the bandwidth requirement for
    the Guard flag. Now it will be easier for researchers to simulate
    Tor networks with different values. Resolves ticket 4484.
  • When Tor ignores a hidden service specified in its configuration,
    include the hidden service's directory in the warning message.
    Previously, we would only tell the user that some hidden service
    was ignored. Bugfix on 0.0.6; fixes bug 4426.
  • When we fail to initialize Libevent, retry with IOCP disabled so we
    don't need to turn on multi-threading support in Libevent, which in
    turn requires a working socketpair(). This is a workaround for bug
    4457, which affects Libevent versions from 2.0.1-alpha through
    2.0.15-stable.
  • Detect when we try to build on a platform that doesn't define
    AF_UNSPEC to 0. We don't work there, so refuse to compile.
  • Update to the November 1 2011 Maxmind GeoLite Country database.

Packaging changes:

  • Make it easier to automate expert package builds on Windows,
    by removing an absolute path from makensis.exe command.

Code simplifications and refactoring:

  • Remove some redundant #include directives throughout the code.
    Patch from Andrea Gelmini.
  • Unconditionally use OpenSSL's AES implementation instead of our
    old built-in one. OpenSSL's AES has been better for a while, and
    relatively few servers should still be on any version of OpenSSL
    that doesn't have good optimized assembly AES.
  • Use the name "CERTS" consistently to refer to the new cell type;
    we were calling it CERT in some places and CERTS in others.

Testing:

  • Numerous new unit tests for functions in util.c and address.c by
    Anders Sundman.
  • The long-disabled benchmark tests are now split into their own
    ./src/test/bench binary.
  • The benchmark tests can now use more accurate timers than
    gettimeofday() when such timers are available.

Suggest a new name for the Torouter, win an Excito B3

The Torouter is the codename for a hardware project that aims to provide users with a device that can easily be configured to run as a Tor bridge or relay. We are currently working on two devices; the Excito B3 and the DreamPlug.

Having two devices that are both called "the Torouter" can be a bit confusing, so we would like your help in renaming the Excito B3 Torouter!

The best suggestion will not only be the new name for the Excito B3 Torouter, but the winner will also receive an Excito B3, a Tor t-shirt and stickers. Five runners-up will receive Tor t-shirts and stickers.

To suggest new names for the Excito B3 Torouter, send an email to tor-assistants AT torproject.org with "Torouter naming contest" in the subject. The deadline is December 5, 2011.

UPDATE: We have received a lot of good naming suggestions for the Excito B3 Torouter, thank you to everyone who emailed us! We have decided that the new name for the Excito B3 Torouter is onionbox. An email has gone out to the lucky winner of a B3, a t-shirt and some stickers, as well as five-runners up who will all get t-shirts and stickers.

Run Tor as a bridge in the Amazon Cloud

The Tor Cloud project gives you a user-friendly way of deploying bridges to help users access an uncensored Internet. By setting up a bridge, you donate bandwidth to the Tor network and help improve the safety and speed at which users can access the Internet.

Bridges are Tor relays that aren't listed in the main directory. This means that to use a bridge, you'll need to locate one first. And because there is no complete public list of all the bridges, they are also harder to block. A bridge will act as the first hop in a circuit, and will only forward traffic on to other relays in the Tor network.

Setting up a Tor bridge on Amazon EC2 is simple and will only take you a couple of minutes. The images have been configured with automatic package updates and port forwarding, so you do not have to worry about Tor not working or the server not getting security updates.

You should not have to do anything once the instance is up and running. Tor will start up as a bridge, confirm that it is reachable from the outside, and then tell the bridge authority that it exists. After that, the address for your bridge will be given out to users.

To help new customers get started in the cloud, Amazon is introducing a free usage tier. The Tor Cloud images are all micro instances, and new customers will be able to run a free micro instance for a whole year. The Tor Cloud images have been configured with a bandwidth limit, so customers who don't qualify for the free usage tier should only have to pay an estimated $30 a month.

For more information, see the Tor Cloud website.

UPDATE: Some users have asked about the AWS free usage tier and pointed out that it only includes 15 GB of bandwidth out per month. I have updated the Tor Cloud website (changes should go live soon) with the following:

The Tor Cloud images have been configured to use no more than 40 GB of bandwidth out per month. We have estimated that customers who do not qualify for the free usage tier will pay up to $30 a month. Customers who qualify for the free usage tier, but who run bridges that use more than 15 GB of bandwidth out per month, will pay up to $3 per month.

I hope that this better clarifies the cost of running a bridge in the Amazon cloud, let me know if you have any questions.

Tor 0.2.3.7-alpha is out

Tor 0.2.3.7-alpha fixes a crash bug in 0.2.3.6-alpha introduced by the new v3 handshake. It also resolves yet another bridge address enumeration issue.

All packages are updated, with the exception of the OS X PPC packages. The build machine is down and packages will be built as soon as it is back online.

https://www.torproject.org/download

Changes in version 0.2.3.7-alpha - 2011-10-30
Major bugfixes:

  • If we mark an OR connection for close based on a cell we process,
    don't process any further cells on it. We already avoid further
    reads on marked-for-close connections, but now we also discard the
    cells we'd already read. Fixes bug 4299; bugfix on 0.2.0.10-alpha,
    which was the first version where we might mark a connection for
    close based on processing a cell on it.
  • Fix a double-free bug that would occur when we received an invalid
    certificate in a CERT cell in the new v3 handshake. Fixes bug 4343;
    bugfix on 0.2.3.6-alpha.
  • Bridges no longer include their address in NETINFO cells on outgoing
    OR connections, to allow them to blend in better with clients.
    Removes another avenue for enumerating bridges. Reported by
    "troll_un". Fixes bug 4348; bugfix on 0.2.0.10-alpha, when NETINFO
    cells were introduced.

Trivial fixes:

  • Fixed a typo in a hibernation-related log message. Fixes bug 4331;
    bugfix on 0.2.2.23-alpha; found by "tmpname0901".

Tor 0.2.2.34 is released (security patches)

Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker
can deanonymize Tor users. Everybody should upgrade.

The attack relies on four components:

  • 1) Clients reuse their TLS cert when talking to different relays, so relays can recognize a user by the identity key in her cert.
  • 2) An attacker who knows the client's identity key can probe each guard relay to see if that identity key is connected to that guard relay right now.
  • 3) A variety of active attacks in the literature (starting from "Low-Cost Traffic Analysis of Tor" by Murdoch and Danezis in 2005) allow a malicious website to discover the guard relays that a Tor user visiting the website is using.
  • 4) Clients typically pick three guards at random, so the set of guards for a given user could well be a unique fingerprint for her. This release fixes components #1 and #2, which is enough to block the attack; the other two remain as open research problems.

Special thanks to "frosty_un" for reporting the issue to us! (As far as we know, this has nothing to do with any claimed attack currently getting attention in the media.)

Clients should upgrade so they are no longer recognizable by the TLS certs they present. Relays should upgrade so they no longer allow a remote attacker to probe them to test whether unpatched clients are currently connected to them.

This release also fixes several vulnerabilities that allow an attacker to enumerate bridge relays. Some bridge enumeration attacks still remain; see for example proposal 188.

https://torproject.org/download/download-easy

Changes in version 0.2.2.34 - 2011-10-26

Privacy/anonymity fixes (clients):

  • Clients and bridges no longer send TLS certificate chains on outgoing OR
    connections. Previously, each client or bridge would use the same cert chain
    for all outgoing OR connections until its IP address changes, which allowed any
    relay that the client or bridge contacted to determine which entry guards it is
    using. Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
  • If a relay receives a CREATE_FAST cell on a TLS connection, it no longer
    considers that connection as suitable for satisfying a circuit EXTEND request.
    Now relays can protect clients from the CVE-2011-2768 issue even if the clients
    haven't upgraded yet.
  • Directory authorities no longer assign the Guard flag to relays that
    haven't upgraded to the above "refuse EXTEND requests to client connections"
    fix. Now directory authorities can protect clients from the CVE-2011-2768 issue
    even if neither the clients nor the relays have upgraded yet. There's a new
    "GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays" config option to let us
    transition smoothly, else tomorrow there would be no guard relays.

Privacy/anonymity fixes (bridge enumeration):

  • Bridge relays now do their directory fetches inside Tor TLS connections,
    like all the other clients do, rather than connecting directly to the DirPort
    like public relays do. Removes another avenue for enumerating bridges. Fixes
    bug 4115; bugfix on 0.2.0.35.
  • Bridges relays now build circuits for themselves in a more similar way to
    how clients build them. Removes another avenue for enumerating bridges. Fixes
    bug 4124; bugfix on 0.2.0.3-alpha, when bridges were introduced.
  • Bridges now refuse CREATE or CREATE_FAST cells on OR connections that they
    initiated. Relays could distinguish incoming bridge connections from client
    connections, creating another avenue for enumerating bridges. Fixes
    CVE-2011-2769. Bugfix on 0.2.0.3-alpha. Found by "frosty_un".

Major bugfixes:

  • Fix a crash bug when changing node restrictions while a DNS lookup is
    in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix by "Tey'".
  • Don't launch a useless circuit after failing to use one of a hidden
    service's introduction points. Previously, we would launch a new introduction
    circuit, but not set the hidden service which that circuit was intended to
    connect to, so it would never actually be used. A different piece of code would
    then create a new introduction circuit correctly. Bug reported by katmagic and
    found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug 4212.

Minor bugfixes:

  • Change an integer overflow check in the OpenBSD_Malloc code so that GCC is
    less likely to eliminate it as impossible. Patch from Mansour Moufid. Fixes bug
    4059.
  • When a hidden service turns an extra service-side introduction circuit into
    a general-purpose circuit, free the rend_data and intro_key fields first, so we
    won't leak memory if the circuit is cannibalized for use as another
    service-side introduction circuit. Bugfix on 0.2.1.7-alpha; fixes bug
    4251.
  • Bridges now skip DNS self-tests, to act a little more stealthily. Fixes
    bug 4201; bugfix on 0.2.0.3-alpha, which first introduced bridges. Patch by
    "warms0x".
  • Fix internal bug-checking logic that was supposed to catch failures in
    digest generation so that it will fail more robustly if we ask for a
    nonexistent algorithm. Found by Coverity Scan. Bugfix on 0.2.2.1-alpha; fixes
    Coverity CID 479.
  • Report any failure in init_keys() calls launched because our IP address has
    changed. Spotted by Coverity Scan. Bugfix on 0.1.1.4-alpha; fixes CID 484.

Minor bugfixes (log messages and documentation):

  • Remove a confusing dollar sign from the example fingerprint in the man
    page, and also make the example fingerprint a valid one. Fixes bug 4309; bugfix
    on 0.2.1.3-alpha.
  • The next version of Windows will be called Windows 8, and it has a major
    version of 6, minor version of 2. Correctly identify that version instead of
    calling it "Very recent version". Resolves ticket 4153; reported by
    funkstar.
  • Downgrade log messages about circuit timeout calibration from "notice" to
    "info": they don't require or suggest any human intervention. Patch from Tom
    Lowenthal. Fixes bug 4063; bugfix on 0.2.2.14-alpha.

Minor features:

  • Turn on directory request statistics by default and include them in
    extra-info descriptors. Don't break if we have no GeoIP database. Backported
    from 0.2.3.1-alpha; implements ticket 3951.
  • Update to the October 4 2011 Maxmind GeoLite Country database.
Syndicate content Syndicate content