Tor 0.2.6.9 is released.
Hi! I've just put out a new stable Tor release. It is not a high-urgency item for most clients and relays, but directory authorities should upgrade, as should any clients who rely on port-based circuit isolation. Right now, the source is available on the website, and packages should become available once their maintainers build them.
Tor 0.2.6.9 fixes a regression in the circuit isolation code, increases the requirements for receiving an HSDir flag, and addresses some other small bugs in the systemd and sandbox code. Clients using circuit isolation should upgrade; all directory authorities should upgrade.
Changes in version 0.2.6.9 - 2015-06-11
- Major bugfixes (client-side privacy):
- Properly separate out each SOCKSPort when applying stream isolation. The error occurred because each port's session group was being overwritten by a default value when the listener connection was initialized. Fixes bug 16247; bugfix on 0.2.6.3-alpha. Patch by "jojelino".
- Minor feature (directory authorities, security):
- The HSDir flag given by authorities now requires the Stable flag. For the current network, this results in going from 2887 to 2806 HSDirs. Also, it makes it harder for an attacker to launch a sybil attack by raising the effort for a relay to become Stable which takes at the very least 7 days to do so and by keeping the 96 hours uptime requirement for HSDir. Implements ticket 8243.
- Minor bugfixes (compilation):
- Build with --enable-systemd correctly when libsystemd is installed, but systemd is not. Fixes bug 16164; bugfix on 0.2.6.3-alpha. Patch from Peter Palfrader.
- Minor bugfixes (Linux seccomp2 sandbox):
- Fix sandboxing to work when running as a relaymby renaming of secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader.
- Allow systemd connections to work with the Linux seccomp2 sandbox code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by Peter Palfrader.
- Minor bugfixes (tests):
- Fix a crash in the unit tests when built with MSVC2013. Fixes bug 16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
To: Developer(s) of Tor 0.2.6.9
Firstly a big thank-you for your time and effort.
Secondly, please help us understand why you guys made a public announcement on Tor 0.2.6.9 when the next release of Tails is scheduled for June 30, 2015?
Your publishing the bugfixes risk unmasking our anonymity, the anonymity of Tails' users and possibly those who use Orbot.
Even at the time of writing this feedback, we are still using the old version of Tor (version 4.5.1) and erinn or arma have not yet released fresh install executables based on Tor 0.2.6.9. No thanks to you guys, our anonymity is now at risk of being unmasked.
Did you realize that you may have inadvertently helped the NSA, Iran, China, South Sudan and North Korea?