New alpha release: Tor

by nickm | August 8, 2016

Tor is the first alpha release in the 0.2.9 development series. It improves our support for hardened builds and compiler warnings, deploys some critical infrastructure for improvements to hidden services, includes a new timing backend that we hope to use for better support for traffic padding, makes it easier for programmers to log unexpected events, and contains other small improvements to security, correctness, and performance.
You can download the source from the usual place on the website.
Packages should be available over the next several days. Remember
to check the signatures!

Please note: This is an alpha release. You should only try this one if
you are interested in tracking Tor development, testing new features,
making sure that Tor still builds on unusual platforms, or generally
trying to hunt down bugs. If you want a stable experience, please stick to the stable releases.

Below are the changes since

Changes in version - 2016-08-08

  • New system requirements:
    • Tor now requires Libevent version 2.0.10-stable or later. Older versions of Libevent have less efficient backends for several platforms, and lack the DNS code that we use for our server-side DNS support. This implements ticket 19554.
    • Tor now requires zlib version 1.2 or later, for security, efficiency, and (eventually) gzip support. (Back when we started, zlib 1.1 and zlib 1.0 were still found in the wild. 1.2 was released in 2003. We recommend the latest version.)
  • Major features (build, hardening):
    • Tor now builds with -ftrapv by default on compilers that support it. This option detects signed integer overflow (which C forbids), and turns it into a hard-failure. We do not apply this option to code that needs to run in constant time to avoid side-channels; instead, we use -fwrapv in that code. Closes ticket 17983.
    • When --enable-expensive-hardening is selected, stop applying the clang/gcc sanitizers to code that needs to run in constant time. Although we are aware of no introduced side-channels, we are not able to prove that there are none. Related to ticket 17983.


  • Major features (compilation):
    • Our big list of extra GCC warnings is now enabled by default when building with GCC (or with anything like Clang that claims to be GCC-compatible). To make all warnings into fatal compilation errors, pass --enable-fatal-warnings to configure. Closes ticket 19044.
    • Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS to automatically turn on C and POSIX extensions. (Previously, we attempted to do this on an ad hoc basis.) Closes ticket 19139.
  • Major features (directory authorities, hidden services):
    • Directory authorities can now perform the shared randomness protocol specified by proposal 250. Using this protocol, directory authorities generate a global fresh random value every day. In the future, this value will be used by hidden services to select HSDirs. This release implements the directory authority feature; the hidden service side will be implemented in the future as part of proposal 224. Resolves ticket 16943; implements proposal 250.
  • Major features (downloading, random exponential backoff):
    • When we fail to download an object from a directory service, wait for an (exponentially increasing) randomized amount of time before retrying, rather than a fixed interval as we did before. This prevents a group of Tor instances from becoming too synchronized, or a single Tor instance from becoming too predictable, in its download schedule. Closes ticket 15942.
  • Major bugfixes (exit policies):
    • Avoid disclosing exit outbound bind addresses, configured port bind addresses, and local interface addresses in relay descriptors by default under ExitPolicyRejectPrivate. Instead, only reject these (otherwise unlisted) addresses if ExitPolicyRejectLocalInterfaces is set. Fixes bug 18456; bugfix on Patch by teor.
  • Major bugfixes (hidden service client):
    • Allow Tor clients with appropriate controllers to work with FetchHidServDescriptors set to 0. Previously, this option also disabled descriptor cache lookup, thus breaking hidden services entirely. Fixes bug 18704; bugfix on Patch by "twim".
  • Minor features (build, hardening):
    • Detect and work around a libclang_rt problem that would prevent clang from finding __mulodi4() on some 32-bit platforms, and thus keep -ftrapv from linking on those systems. Closes ticket 19079.
    • When building on a system without runtime support for the runtime hardening options, try to log a useful warning at configuration time, rather than an incomprehensible warning at link time. If expensive hardening was requested, this warning becomes an error. Closes ticket 18895.
  • Minor features (code safety):
    • In our integer-parsing functions, ensure that maxiumum value we give is no smaller than the minimum value. Closes ticket 19063; patch from U+039b.
  • Minor features (controller):
    • Implement new GETINFO queries for all downloads that use download_status_t to schedule retries. This allows controllers to examine the schedule for pending downloads. Closes ticket 19323.
    • Allow controllers to configure basic client authorization on hidden services when they create them with the ADD_ONION control command. Implements ticket 15588. Patch by "special".
    • Fire a STATUS_SERVER controller event whenever the hibernation status changes between "awake"/"soft"/"hard". Closes ticket 18685.
  • Minor features (directory authority):
    • Directory authorities now only give the Guard flag to a relay if they are also giving it the Stable flag. This change allows us to simplify path selection for clients. It should have minimal effect in practice, since >99% of Guards already have the Stable flag. Implements ticket 18624.
    • Directory authorities now write their v3-status-votes file out to disk earlier in the consensus process, so we have a record of the votes even if we abort the consensus process. Resolves ticket 19036.
  • Minor features (hidden service):
    • Stop being so strict about the payload length of "rendezvous1" cells. We used to be locked in to the "TAP" handshake length, and now we can handle better handshakes like "ntor". Resolves ticket 18998.
  • Minor features (infrastructure, time):
    • Tor now uses the operating system's monotonic timers (where available) for internal fine-grained timing. Previously we would look at the system clock, and then attempt to compensate for the clock running backwards. Closes ticket 18908.
    • Tor now includes an improved timer backend, so that we can efficiently support tens or hundreds of thousands of concurrent timers, as will be needed for some of our planned anti-traffic- analysis work. This code is based on William Ahern's "timeout.c" project, which implements a "tickless hierarchical timing wheel". Closes ticket 18365.
  • Minor features (logging):
    • Provide a more useful warning message when configured with an invalid Nickname. Closes ticket 18300; patch from "icanhasaccount".
    • When dumping unparseable router descriptors, optionally store them in separate files, named by digest, up to a configurable size limit. You can change the size limit by setting the MaxUnparseableDescSizeToLog option, and disable this feature by setting that option to 0. Closes ticket 18322.
    • Add a set of macros to check nonfatal assertions, for internal use. Migrating more of our checks to these should help us avoid needless crash bugs. Closes ticket 18613.
  • Minor features (performance):
    • Changer the "optimistic data" extension from "off by default" to "on by default". The default was ordinarily overridden by a consensus option, but when clients were bootstrapping for the first time, they would not have a consensus to get the option from. Changing this default When fetching a consensus for the first time, use optimistic data. This saves a round-trip during startup. Closes ticket 18815.
  • Minor features (relay, usability):
    • When the directory authorities refuse a bad relay's descriptor, encourage the relay operator to contact us. Many relay operators won't notice this line in their logs, but it's a win if even a few learn why we don't like what their relay was doing. Resolves ticket 18760.
  • Minor features (testing):
    • Let backtrace tests work correctly under AddressSanitizer. Fixes part of bug 18934; bugfix on
    • Move the script to chutney, and modify tor's test- to call the (newer) chutney version when available. Resolves ticket 19116. Patch by teor.
    • Use the lcov convention for marking lines as unreachable, so that we don't count them when we're generating test coverage data. Update our coverage tools to understand this convention. Closes ticket 16792.
  • Minor bugfixes (bootstrap):
    • Remember the directory we fetched the consensus or previous certificates from, and use it to fetch future authority certificates. This change improves bootstrapping performance. Fixes bug 18963; bugfix on
  • Minor bugfixes (build):
    • The test-stem and test-network makefile targets now depend only on the tor binary that they are testing. Previously, they depended on "make all". Fixes bug 18240; bugfix on Based on a patch from "cypherpunks".
  • Minor bugfixes (circuits):
    • Make sure extend_info_from_router() is only called on servers. Fixes bug 19639; bugfix on
  • Minor bugfixes (compilation):
    • When building with Clang, use a full set of GCC warnings. (Previously, we included only a subset, because of the way we detected them.) Fixes bug 19216; bugfix on
  • Minor bugfixes (directory authority):
    • Authorities now sort the "package" lines in their votes, for ease of debugging. (They are already sorted in consensus documents.) Fixes bug 18840; bugfix on
    • When parsing a detached signature, make sure we use the length of the digest algorithm instead of an hardcoded DIGEST256_LEN in order to avoid comparing bytes out-of-bounds with a smaller digest length such as SHA1. Fixes bug 19066; bugfix on
  • Minor bugfixes (documentation):
    • Document the --passphrase-fd option in the tor manpage. Fixes bug 19504; bugfix on
    • Fix the description of the --passphrase-fd option in the tor-gencert manpage. The option is used to pass the number of a file descriptor to read the passphrase from, not to read the file descriptor from. Fixes bug 19505; bugfix on
  • Minor bugfixes (ephemeral hidden service):
    • When deleting an ephemeral hidden service, close its intro points even if they are not completely open. Fixes bug 18604; bugfix on
  • Minor bugfixes (guard selection):
    • Use a single entry guard even if the NumEntryGuards consensus parameter is not provided. Fixes bug 17688; bugfix on
    • Don't mark guards as unreachable if connection_connect() fails. That function fails for local reasons, so it shouldn't reveal anything about the status of the guard. Fixes bug 14334; bugfix on
  • Minor bugfixes (hidden service client):
    • Increase the minimum number of internal circuits we preemptively build from 2 to 3, so a circuit is available when a client connects to another onion service. Fixes bug 13239; bugfix on
  • Minor bugfixes (logging):
    • When logging a directory ownership mismatch, log the owning username correctly. Fixes bug 19578; bugfix on
  • Minor bugfixes (memory leaks):
    • Fix a small, uncommon memory leak that could occur when reading a truncated ed25519 key file. Fixes bug 18956; bugfix on
  • Minor bugfixes (testing):
    • Allow clients to retry HSDirs much faster in test networks. Fixes bug 19702; bugfix on Patch by teor.
    • Disable ASAN's detection of segmentation faults while running, so that we can make sure that our own backtrace generation code works. Fixes another aspect of bug 18934; bugfix on Patch from "cypherpunks".
    • Fix the test-network-all target on out-of-tree builds by using the correct path to the test driver script. Fixes bug 19421; bugfix on
  • Minor bugfixes (time):
    • Improve overflow checks in tv_udiff and tv_mdiff. Fixes bug 19483; bugfix on all released tor versions.
    • When computing the difference between two times in milliseconds, we now round to the nearest millisecond correctly. Previously, we could sometimes round in the wrong direction. Fixes bug 19428; bugfix on
  • Minor bugfixes (user interface):
    • Display a more accurate number of suppressed messages in the log rate-limiter. Previously, there was a potential integer overflow in the counter. Now, if the number of messages hits a maximum, the rate-limiter doesn't count any further. Fixes bug 19435; bugfix on
    • Fix a typo in the passphrase prompt for the ed25519 identity key. Fixes bug 19503; bugfix on
  • Code simplification and refactoring:
    • Remove redundant declarations of the MIN macro. Closes ticket 18889.
    • Rename tor_dup_addr() to tor_addr_to_str_dup() to avoid confusion. Closes ticket 18462; patch from "icanhasaccount".
    • Split the 600-line directory_handle_command_get function into separate functions for different URL types. Closes ticket 16698.
  • Documentation:
    • Fix spelling of "--enable-tor2web-mode" in the manpage. Closes ticket 19153. Patch from "U+039b".
  • Removed features:
    • Remove support for "GET /tor/bytes.txt" DirPort request, and "GETINFO dir-usage" controller request, which were only available via a compile-time option in Tor anyway. Feature was added in Resolves ticket 19035.
    • There is no longer a compile-time option to disable support for TransPort. (If you don't want TransPort; just don't use it.) Patch from "U+039b". Closes ticket 19449.
  • Testing:
    • Run more workqueue tests as part of "make check". These had previously been implemented, but you needed to know special command-line options to enable them.
    • We now have unit tests for our code to reject zlib "compression bombs". (Fortunately, the code works fine.)


Please note that the comment area below has been archived.

August 09, 2016


Now this is getting exciting! Maybe a blog post to detail the traffic padding research? I know the lack of padding has always been a weak point as tor was not intended to defend against a global passive adversary. Perhaps the time has come.

Padding. Now there's a concept whose time has come. It's been kicked around the remailer fraternity too for many years because padding will completely befuddle those who regard - in the true sense of what "regard" means.

I didn't know the TOR researchers were coding padding into TOR. While remailers have latency to confuse the global passive adversary (NSA) TOR does not and while remailers are technically challenging and therefore have users only in the thousands, TOR has users in the millions and minimal use is not at all challenging. Therefore, padding is simply a necessity for TOR much more so than other non-crypto hardening efforts.

I second the OP and request a blog post on padding research. Please.

I like to know, why TOR is forcing me to go through that Ukraine IP again and again?? even when i am using new tor circuit function :P

Do you mean the first node always stays the same while the other two get changed?

The first node is your Guard Node, It changes infrequently (constant for months) so that an adversary has less chance of catching you in traffic analysis using a small number of bad nodes.

August 15, 2016


Pray tell : what is the current "user agent" string used by the Tor browser, in order to best mix in the (tiny) Tor-using-crowd ? Please no commets on (not) using the Tor browser bundle ...

Thanks for your continous efforts to make Tor better, looking froward to future advances in cell "padding" with excitement !