Tor 0.2.6.9 is released.

Hi! I've just put out a new stable Tor release. It is not a high-urgency item for most clients and relays, but directory authorities should upgrade, as should any clients who rely on port-based circuit isolation. Right now, the source is available on the website, and packages should become available once their maintainers build them.

Tor 0.2.6.9 fixes a regression in the circuit isolation code, increases the requirements for receiving an HSDir flag, and addresses some other small bugs in the systemd and sandbox code. Clients using circuit isolation should upgrade; all directory authorities should upgrade.

Changes in version 0.2.6.9 - 2015-06-11

  • Major bugfixes (client-side privacy):
    • Properly separate out each SOCKSPort when applying stream isolation. The error occurred because each port's session group was being overwritten by a default value when the listener connection was initialized. Fixes bug 16247; bugfix on 0.2.6.3-alpha. Patch by "jojelino".
  • Minor feature (directory authorities, security):
    • The HSDir flag given by authorities now requires the Stable flag. For the current network, this results in going from 2887 to 2806 HSDirs. Also, it makes it harder for an attacker to launch a sybil attack by raising the effort for a relay to become Stable which takes at the very least 7 days to do so and by keeping the 96 hours uptime requirement for HSDir. Implements ticket 8243.

 

  • Minor bugfixes (compilation):
    • Build with --enable-systemd correctly when libsystemd is installed, but systemd is not. Fixes bug 16164; bugfix on 0.2.6.3-alpha. Patch from Peter Palfrader.
  • Minor bugfixes (Linux seccomp2 sandbox):
    • Fix sandboxing to work when running as a relaymby renaming of secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader.
    • Allow systemd connections to work with the Linux seccomp2 sandbox code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by Peter Palfrader.
  • Minor bugfixes (tests):
    • Fix a crash in the unit tests when built with MSVC2013. Fixes bug 16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
Anonymous

June 12, 2015

Permalink

To: Developer(s) of Tor 0.2.6.9

Firstly a big thank-you for your time and effort.

Secondly, please help us understand why you guys made a public announcement on Tor 0.2.6.9 when the next release of Tails is scheduled for June 30, 2015?

Your publishing the bugfixes risk unmasking our anonymity, the anonymity of Tails' users and possibly those who use Orbot.

Even at the time of writing this feedback, we are still using the old version of Tor (version 4.5.1) and erinn or arma have not yet released fresh install executables based on Tor 0.2.6.9. No thanks to you guys, our anonymity is now at risk of being unmasked.

Did you realize that you may have inadvertently helped the NSA, Iran, China, South Sudan and North Korea?

Anonymous

June 12, 2015

Permalink

Wasn't Tor created by the U.S. navy?
Because if it was then Tor could have a backdoor that the Tor Project isn't even aware of.

Anonymous

June 12, 2015

Permalink

Maybe this has been discusses on tor mailing list.
I suggest listing new features on the TBB startup page.
When the security set settings feature is introduced,
TBB users with moderate interest in tor pseudo-anonymity, will feel motivated to choose low or medium sets. TBB users with high concern, will choose high security set.

Anonymous

June 12, 2015

Permalink

Can this blog.torproject.org stylesheet be edited to allow reading when browser images are disabled?

Anonymous

June 12, 2015

Permalink

I use a 14.x laptop. Windows Vista, Many websites use poor css layout, and user's fastest method to fix or improve this error is to Maximize the browser window. (When that doesn't improve enough, I then use text menu command, View>>Page Style >> No Style.)

But now let's look at how TB differs from regular browsers.
The anti-fingerprinting feature that prevents TBB window maximizing to full display size is irritatingly cumbersome.
I don't maintain consciously aware fear of this feature, so sometimes I semi-automatically click TBB browser Maximize button.
Then TBB window becomes ridiculously huge. If I try slightly pulling an edge, TBB window completely disappears off the region of display.
I then must try multiple times to right click TBB in windows taskbar. Sometimes menu shows only Minimize command, with the other commands gray. After more right clicks, the menu shows Size and Move. But neither works correctly, so they don't fix TBB window size as I recall fix the "disappeared" window problem of other software.

After much trying, either Move or Size, with arrow key and mouse movement, somewhat recover TBB window visibility. But TBB window is monstrously huge. I horizontally drag the top bar of TBB window multiple times. it seems to require more than ten left or right drags to pull one of TBB vertical edges into my display region.
So my first gripe is, why does TBB 'punishment' enlarge TBB window to anywhere near as large as 100 inch diameter display?

---------------
For many users. the faster method to restore window is to shutdown TBB Then restart.
TBB window size is not genuinely maximized, yet very close to maximize dimensions. (warning: I have tried this method only once, so perhaps this method is not reliable.)

I think the easiest fix is to punish user bad behavior by *shrinking* the TBB window.
This may not be better because it's possible that the huge size is not origin or cause of the 'bug'. Possibly if the 'punishing' window size is small, TBB will also disappear off the region of the computer's display when user tries pulling an edge.

Other possible fixes:
TBB ignores the Maximize window button click.
TBB responds to Maximize button by toggling the site's stylesheets (the same as "No Style" command). An unfamiliar user would be puzzled, but might often just click the Maximize button again, reloading the site stylesheet.
After TBB goes into ;punishment' window size, any Resize, Minimize, or Maximize command restores the window size that preceded user's clicking
Maximize)

Where can I get latest version for Windows ?
There are only 0.2.6.7 available for us :(

WINDOWS BUILD PLEASE.
I AM USING IT AS A NT SERVICE FOR LONG TIME.

YOUR WINDOWS BUILD TOR IS TOO OLD, SO I AM USING TOR
WHICH EXTRACTED FROM TOR BROWSER BUNDLE.

After updating to this in my centos server hidden service is not working

also not able to stop tor: https://i.imgur.com/nP35m5S.png

i tried re-installing still the same any help?

is tor browser affected by the stream isolation issue?

I have looked all over the torproject website and can't, for the life of me, find instructions on how to install Tor Expert Bundle. It feels like you are pushing everyone to use TB. I thought one of the things about FOSS was choice.

+1

Also, good luck finding the change log for anything but TB.

To be fair, you are writing this comment about changelogs in a blog post with a changelog for something other than Tor Browser. So you must have found at least this one. :)

Also, on https://www.torproject.org/download/download you can click on source code, and two links to changelogs (stable, alpha) are there for Tor.

Please solve the captcha picture problem.

hope this is noticed... apparently the process for reporting bad relays does not always work https://chloe.re/2015/06/20/a-month-with-badonions/