New Release Candidate: Tor 0.4.2.4-rc
There's a new release candidate available for download. If you build Tor from source, you can download the source code for 0.4.2.4-rc from the download page on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely by December 3.
Remember, this is a release candidate: there may still be more bugs here than usual. We'd love to know about any new ones, so that we can try to get them fixed before we call this series stable.
Tor 0.4.2.4-rc is the first release candidate in its series. It fixes several bugs from earlier versions, including a few that would result in stack traces or incorrect behavior.
Changes in version 0.4.2.4-rc - 2019-11-15
- Minor features (build system):
- Make pkg-config use --prefix when cross-compiling, if PKG_CONFIG_PATH is not set. Closes ticket 32191.
- Minor features (geoip):
- Update geoip and geoip6 to the November 6 2019 Maxmind GeoLite2 Country database. Closes ticket 32440.
- Minor bugfixes (client, onion service v3):
- Fix a BUG() assertion that occurs within a very small race window between when a client intro circuit opens and when its descriptor gets cleaned up from the cache. The circuit is now closed early, which will trigger a re-fetch of the descriptor and continue the connection. Fixes bug 28970; bugfix on 0.3.2.1-alpha.
- Minor bugfixes (code quality):
- Fix "make check-includes" so it runs correctly on out-of-tree builds. Fixes bug 31335; bugfix on 0.3.5.1-alpha.
- Minor bugfixes (configuration):
- Log the option name when skipping an obsolete option. Fixes bug 32295; bugfix on 0.4.2.1-alpha.
- Minor bugfixes (crash):
- When running Tor with an option like --verify-config or --dump-config that does not start the event loop, avoid crashing if we try to exit early because of an error. Fixes bug 32407; bugfix on 0.3.3.1-alpha.
- Minor bugfixes (directory):
- When checking if a directory connection is anonymous, test if the circuit was marked for close before looking at its channel. This avoids a BUG() stacktrace if the circuit was previously closed. Fixes bug 31958; bugfix on 0.4.2.1-alpha.
- Minor bugfixes (shellcheck):
- Testing (continuous integration):
- Use Ubuntu Bionic images for our Travis CI builds, so we can get a recent version of coccinelle. But leave chutney on Ubuntu Trusty, until we can fix some Bionic permissions issues (see ticket 32240). Related to ticket 31919.
- Install the mingw OpenSSL package in Appveyor. This makes sure that the OpenSSL headers and libraries match in Tor's Appveyor builds. (This bug was triggered by an Appveyor image update.) Fixes bug 32449; bugfix on 0.3.5.6-rc.
- In Travis, use Xcode 11.2 on macOS 10.14. Closes ticket 32241.
Please note that the comment area below has been archived.
Read the DDOS fix was coming…
Read the DDOS fix was coming in 4.2 no mention of it. Is the fix still planned for this? How can onion operators use it when it is added
I don't think there is…
I don't think there is something like "the DDOS" fix. There a a multitude of denial-of-service attacks feasible against the Tor network. As a result there has been a stream of mitigations against denial-of-service attacks in recent versions of Tor and not just in 0.4.2.
However, there is a major DoS defense included in 0.4.2 to mitigate attacks against onion services. Perhaps, you meant this defense. Since this blog is only about the latest alpha release in the 0.4.2 series (i.e changes since 0.4.2.3-alpha), you can't find anything about it in this post. To get a complete picture of all changes within the 0.4.2 series, check out the release notes of the earlier alpha releases. In particular 0.4.2.1-alpha should be of interest. Details about fine-tuning the defense can be found in the manpages.
When will 0.4.2 be released?…
When will 0.4.2 be released? not beta or rc version.
We're aiming for releasing a…
We're aiming for releasing a stable 0.4.2.x somewhere around 15 December 2019, but of course it's impossible to say for sure: if we find a huge bug that's hard to fix, it'll take longer than that.
(Our intended schedule is at https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/Cor… )
Downloading the r.c and with…
Downloading the r.c and with the aim to test it today do I need to add the DoS defense to torrc?
These - DoSCircuitCreationEnabled 0|1|auto, DoSCircuitCreationMinConnections, DoSCircuitCreationRate, DoSCircuitCreationBurst, DoSCircuitCreationDefenseType , DoSCircuitCreationDefenseTimePeriod N seconds|minutes|hours, DoSConnectionEnabled 0|1|auto, DoSConnectionMaxConcurrentCount NUM, DoSConnectionDefenseType NUM, DoSRefuseSingleHopClientRendezvous 0|1|auto
Aim is to help with DDoS attack against hidden service will I use them all and do I put them inside my torrc file ?
Those parameters do not…
Those parameters do not apply to hidden service themselves. They only apply if you run a relay. The tor network currently enables some of them with some default values.
If you run a relay and you are unsure here, I would avoid setting any of them.
The hidden service specific DoS defenses are:
Use Ubuntu Bionic images for…
Use Ubuntu Bionic images for our Travis CI builds, so we can get a recent version of coccinelle. But leave chutney on Ubuntu Trusty, until we can fix some Bionic permissions issues (see ticket 32240). Related to ticket 31919.
If those words were uttered only a short time ago, you'd be approached by men and woman in white coats.
Its a headscratcher still.
My favorite such headline is…
My favorite such headline is the classic "Galaxy Nexus: Android Ice Cream Sandwich Guinea Pig?"
can anyone link me to a…
can anyone link me to a detailed guide for torify terminal commands?
What programs can I use with…
Note: Those guides are probably old. If you don't find your program there, search the web for how to torify it or connect it to Tor. In general, you configure a
SocksPortin your torrc file and then configure your user-facing program to proxy through that local port or the default port, 9050 or 9150. Beware of your program or protocols possibly leaking data by not always connecting to that port.
thanks! seems i wasn't…
thanks! seems i wasn't searching for the right thing. didn't find much on torifying my whole system but i found lot of tutorials for setting up a socks proxy with tor.
So... One 'must' donate in…
One 'must' donate in order to avail of free unfettered onion flavoured Web access?
And if one, say, is unemployed or without finances etc...
Thanks in advance for expected non reply.
Sorry, but I don't know what…
Sorry, but I don't know what you're talking about. Tor is free to use, as it always has been. We're asking for donations, but you don't have to donate to use the software if you don't want to.
> if one, say, is unemployed…
> if one, say, is unemployed or without finances etc... What then?
Thinking about businesses…
Thinking about businesses whose revenue either is made from web admins purchasing defenses or is in direct competition with the Tor network for privacy-minded customers who become fed up with captchas or perceived association with illegal behavior, I hope that Tor Project has mulled over the extent of exit relays that could be surreptitiously operated by such entities.
Consider that Shodan was discovered in 2016 running innocent-looking public NTP servers that harvested connection addresses, including private DNS-absent IPv6 addresses, to run port scans on them. It would be trivial to substitute NTP with tor, connection addresses with web destinations, and port scans with DoS or "unusual traffic from your network."