Tor 0.2.5.7-rc is out

Tor 0.2.5.7-rc fixes several regressions from earlier in the 0.2.5.x release series, and some long-standing bugs related to ORPort reachability testing and failure to send CREATE cells. It is the first release candidate for the Tor 0.2.5.x series.

The tarball and signature file are currently available from
https://www.torproject.org/dist/
and packages and bundles will be available soon.

Changes in version 0.2.5.7-rc - 2014-09-11

  • Major bugfixes (client, startup):
    • Start making circuits as soon as DisabledNetwork is turned off.
      When Tor started with DisabledNetwork set, it would correctly
      conclude that it shouldn't build circuits, but it would mistakenly
      cache this conclusion, and continue believing it even when
      DisableNetwork is set to 0. Fixes the bug introduced by the fix
      for bug 11200; bugfix on 0.2.5.4-alpha.
    • Resume expanding abbreviations for command-line options. The fix
      for bug 4647 accidentally removed our hack from bug 586 that
      rewrote HashedControlPassword to __HashedControlSessionPassword
      when it appears on the commandline (which allowed the user to set
      her own HashedControlPassword in the torrc file while the
      controller generates a fresh session password for each run). Fixes
      bug 12948; bugfix on 0.2.5.1-alpha.
    • Warn about attempts to run hidden services and relays in the same
      process: that's probably not a good idea. Closes ticket 12908.
  • Major bugfixes (relay):
    • Avoid queuing or sending destroy cells for circuit ID zero when we
      fail to send a CREATE cell. Fixes bug 12848; bugfix on 0.0.8pre1.
      Found and fixed by "cypherpunks".
    • Fix ORPort reachability detection on relays running behind a
      proxy, by correctly updating the "local" mark on the controlling
      channel when changing the address of an or_connection_t after the
      handshake. Fixes bug 12160; bugfix on 0.2.4.4-alpha.
  • Minor features (bridge):
    • Add an ExtORPortCookieAuthFileGroupReadable option to make the
      cookie file for the ExtORPort g+r by default.
  • Minor features (geoip):
    • Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
      Country database.
  • Minor bugfixes (logging):
    • Reduce the log severity of the "Pluggable transport proxy does not
      provide any needed transports and will not be launched." message,
      since Tor Browser includes several ClientTransportPlugin lines in
      its torrc-defaults file, leading every Tor Browser user who looks
      at her logs to see these notices and wonder if they're dangerous.
      Resolves bug 13124; bugfix on 0.2.5.3-alpha.
    • Downgrade "Unexpected onionskin length after decryption" warning
      to a protocol-warn, since there's nothing relay operators can do
      about a client that sends them a malformed create cell. Resolves
      bug 12996; bugfix on 0.0.6rc1.
    • Log more specific warnings when we get an ESTABLISH_RENDEZVOUS
      cell on a cannibalized or non-OR circuit. Resolves ticket 12997.
    • When logging information about an EXTEND2 or EXTENDED2 cell, log
      their names correctly. Fixes part of bug 12700; bugfix
      on 0.2.4.8-alpha.
    • When logging information about a relay cell whose command we don't
      recognize, log its command as an integer. Fixes part of bug 12700;
      bugfix on 0.2.1.10-alpha.
    • Escape all strings from the directory connection before logging
      them. Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor".
  • Minor bugfixes (controller):
    • Restore the functionality of CookieAuthFileGroupReadable. Fixes
      bug 12864; bugfix on 0.2.5.1-alpha.
    • Actually send TRANSPORT_LAUNCHED and HS_DESC events to
      controllers. Fixes bug 13085; bugfix on 0.2.5.1-alpha. Patch
      by "teor".
  • Minor bugfixes (compilation):
    • Fix compilation of test.h with MSVC. Patch from Gisle Vanem;
      bugfix on 0.2.5.5-alpha.
    • Make the nmake make files work again. Fixes bug 13081. Bugfix on
      0.2.5.1-alpha. Patch from "NewEraCracker".
    • In routerlist_assert_ok(), don't take the address of a
      routerinfo's cache_info member unless that routerinfo is non-NULL.
      Fixes bug 13096; bugfix on 0.1.1.9-alpha. Patch by "teor".
    • Fix a large number of false positive warnings from the clang
      analyzer static analysis tool. This should make real warnings
      easier for clang analyzer to find. Patch from "teor". Closes
      ticket 13036.
  • Distribution (systemd):
    • Verify configuration file via ExecStartPre in the systemd unit
      file. Patch from intrigeri; resolves ticket 12730.
    • Explicitly disable RunAsDaemon in the systemd unit file. Our
      current systemd unit uses "Type = simple", so systemd does not
      expect tor to fork. If the user has "RunAsDaemon 1" in their
      torrc, then things won't work as expected. This is e.g. the case
      on Debian (and derivatives), since there we pass "--defaults-torrc
      /usr/share/tor/tor-service-defaults-torrc" (that contains
      "RunAsDaemon 1") by default. Patch by intrigeri; resolves
      ticket 12731.
  • Documentation:
    • Adjust the URLs in the README to refer to the new locations of
      several documents on the website. Fixes bug 12830. Patch from
      Matt Pagan.
    • Document 'reject6' and 'accept6' ExitPolicy entries. Resolves
      ticket 12878.
Anonymous

September 12, 2014

Permalink

so nothing new regarding privacy and security? mostly bugfix, not actual improvements to make it more secure faster or private?

What, you don't like bugfixes? Make up your minds people. :)

The fix for #11200 resolved the pile of "I run Tor Browser and it works, but then it never starts after that!" bug reports on here and elsewhere. I think that's a pretty good fix.

But in any case, it's a release candidate -- we're not supposed to be making major design changes at this point in the release.

And if you're reading this blog post and thinking these are all the differences between 0.2.4.x and 0.2.5.x, then you're reading it wrong:
https://gitweb.torproject.org/tor.git/blob/release-0.2.5:/ChangeLog

We come from the free software / open source world, where the 1.0 release means that you've solved everything and it works.

I'd love to have a good understanding of the anonymous communications research field, and what the implications are (on performance and on privacy) for scaling the network to millions of relays, and how to make Tor flows blend in with other traffic so you can't detect or censor them, and how to resolve traffic confirmation attacks so large network surveillance adversaries are stymied, and have it work smoothly and safely with all the applications that people want to use, etc etc.

We're not there yet. But I'd say that even though the problem is getting harder year by year, we (the community of thousands of Tor developers and advocates) are nonetheless gaining ground.

Anonymous

September 13, 2014

Permalink

you should mention that there is update or closing security bug mentioned by NSA agents and don't forget to sort the bugs due to its severity

I guess you want this because some journalist intentionally misinterpreted some statement in a very long interview in order to produce more ad revenue for his newspaper?

Sorry, I don't know of any security bugs mentioned to us by NSA agents. Now, there are many Tor users who anonymously report bugs, and some of them even help fix them. You can watch this whole process on https://bugs.torproject.org/ -- for example check out the timeline:
https://trac.torproject.org/projects/tor/timeline

Hope that helps. Also, we do sort the bugs by severity, in hopes of making it easier for you to find out the most important changes. Thanks!

Anonymous

September 14, 2014

Permalink

thanks a lot. will you release any stable version of tor soon ?

Anonymous

September 14, 2014

Permalink

You should add the LGBT community to the list of people who use Tor. I'm an activist for LGBT rights in my country, where unfortunately you can go to prison simply for being gay. And my activism ring use Tor (the browser, and tails) to communicate with other activists, and victims of hate crimes, and you can't believe how many times tor saved us from the unjust state persecution and hate crimes.

You should also add those who oppose the gay agenda imposed by NWO and these days they can be prosecuted, jailed and have their lives ruined for not obeying to what they feel is immoral and unnatural.

So the bottom line is that everyone needs Tor to express his activism.

>"gay agenda"
yeah, equality is such a horrible concept /s

>"imposed by NWO"
Forgot to take your meds again?

>"these days they can be prosecuted, jailed and have their lives ruined for not obeying"
yeah, they should totally be free to oppress a helpless minority fighting peacefully for their rights to live in dignity and free of harm just like everyone else

>"immoral and unnatural"
I love the hypocrisy of some of straight people who love to do anal but god forbid if homosexuals do it.
And homosexuality is well documented in nature https://youtu.be/XF-ET9VIuJo?t=2m54s https://youtu.be/Q8gttC6P3bE

And FYI Jacob Appelbaum, one of the core member of the Tor project, is bisexual https://en.wikipedia.org/wiki/Jacob_Appelbaum#Personal_life

Free software has 4 freedoms.
Freedom 0: The freedom to run the software to any end you need and see fit.

So, yes, people who are gay have the right to express their opinions using Tor and people who think being gay is wrong also have that right. EVERYONE should have the right to express themselves, and Tor gives them that right.

This is more of an ethical-moral issue on why some people want to discriminate against others. Tor is a tool designed to facilitate free speech, by censoring one group (however hateful) you now have the equipment to censor anyone in the future.

In a free, open society, groups tending for more equality will be remembered as freedom fighters, and groups tending for discrimination will be rightly remembered as hate groups, but censoring one will censor both.

Anonymous

September 15, 2014

Permalink

Thanks :)

Anonymous

September 15, 2014

Permalink

What happened to bridges.torproject.org? Giving 503 since before yesterday

Anonymous

September 20, 2014

Permalink

Laterly, a number of fte bridges in ip range 194.132.0.0-194.132.255.255 are blocked by GFW in mainland china, FUCK IT!!!!

Anonymous

September 23, 2014

Permalink

Why isn't there a 64bit mac release? aren't all mac os 64bit except one which is very old and probably no one use?

Anonymous

September 23, 2014

Permalink

i tried meek a couple of days ago, and it was awesome! but i think it might pose an anonymity issue: don't you think google (which is nsa affiliated) or amazon (which works with the cia) knowing your ip, first hop, and middle relay is too much info and dangerous? don't you think you should add an other hop?

Anonymous

September 25, 2014

Permalink

Always appreciate the great work people here have done and are still doing! Thank you! from 1/(1400000000-100000000).