Tor is released

by nickm | May 27, 2016

Tor has been released! You can download the source from the Tor website. Packages should be available over the next week or so.

Tor resolves several bugs, most of them introduced over the course of the 0.2.8 development cycle. It improves the behavior of directory clients, fixes several crash bugs, fixes a gap in compiler hardening, and allows the full integration test suite to run on more platforms.

REMEMBER: This is an alpha release. Expect a lot of bugs. You should only run this release if you're willing to find bugs and report them.

Changes in version - 2016-05-26

  • Major bugfixes (security, client, DNS proxy):
    • Stop a crash that could occur when a client running with DNSPort received a query with multiple address types, and the first address type was not supported. Found and fixed by Scott Dial. Fixes bug 18710; bugfix on
  • Major bugfixes (security, compilation):
    • Correctly detect compiler flags on systems where _FORTIFY_SOURCE is predefined. Previously, our use of -D_FORTIFY_SOURCE would cause a compiler warning, thereby making other checks fail, and needlessly disabling compiler-hardening support. Fixes one case of bug 18841; bugfix on Patch from "trudokal".


  • Major bugfixes (security, directory authorities):
    • Fix a crash and out-of-bounds write during authority voting, when the list of relays includes duplicate ed25519 identity keys. Fixes bug 19032; bugfix on
  • Major bugfixes (client, bootstrapping):
    • Check if bootstrap consensus downloads are still needed when the linked connection attaches. This prevents tor making unnecessary begindir-style connections, which are the only directory connections tor clients make since the fix for 18483 was merged.
    • Fix some edge cases where consensus download connections may not have been closed, even though they were not needed. Related to fix for 18809.
    • Make relays retry consensus downloads the correct number of times, rather than the more aggressive client retry count. Fixes part of ticket 18809.
    • Stop downloading consensuses when we have a consensus, even if we don't have all the certificates for it yet. Fixes bug 18809; bugfix on Patches by arma and teor.
  • Major bugfixes (directory mirrors):
    • Decide whether to advertise begindir support in the the same way we decide whether to advertise our DirPort. Allowing these decisions to become out-of-sync led to surprising behavior like advertising begindir support when hibernation made us not advertise a DirPort. Resolves bug 18616; bugfix on Patch by teor.
  • Major bugfixes (IPv6 bridges, client):
    • Actually use IPv6 addresses when selecting directory addresses for IPv6 bridges. Fixes bug 18921; bugfix on Patch by "teor".
  • Major bugfixes (key management):
    • If OpenSSL fails to generate an RSA key, do not retain a dangling pointer to the previous (uninitialized) key value. The impact here should be limited to a difficult-to-trigger crash, if OpenSSL is running an engine that makes key generation failures possible, or if OpenSSL runs out of memory. Fixes bug 19152; bugfix on Found by Yuan Jochen Kang, Suman Jana, and Baishakhi Ray.
  • Major bugfixes (testing):
    • Fix a bug that would block 'make test-network-all' on systems where IPv6 packets were lost. Fixes bug 19008; bugfix on tor-
    • Avoid "WSANOTINITIALISED" warnings in the unit tests. Fixes bug 18668; bugfix on
  • Minor features (clients):
    • Make clients, onion services, and bridge relays always use an encrypted begindir connection for directory requests. Resolves ticket 18483. Patch by "teor".
  • Minor features (fallback directory mirrors):
    • Give each fallback the same weight for client selection; restrict fallbacks to one per operator; report fallback directory detail changes when rebuilding list; add new fallback directory mirrors to the whitelist; update fallback directories based on the latest OnionOO data; and any other minor simplifications and fixes. Closes tasks 17158, 17905, 18749, bug 18689, and fixes part of bug 18812 on; patch by "teor".
  • Minor features (geoip):
    • Update geoip and geoip6 to the May 4 2016 Maxmind GeoLite2 Country database.
  • Minor bugfixes (assert, portability):
    • Fix an assertion failure in memarea.c on systems where "long" is shorter than the size of a pointer. Fixes bug 18716; bugfix on
  • Minor bugfixes (bootstrap):
    • Consistently use the consensus download schedule for authority certificates. Fixes bug 18816; bugfix on
  • Minor bugfixes (build):
    • Remove a pair of redundant AM_CONDITIONAL declarations from Fixes one final case of bug 17744; bugfix on
    • Resolve warnings when building on systems that are concerned with signed char. Fixes bug 18728; bugfix on and
    • When libscrypt.h is found, but no libscrypt library can be linked, treat libscrypt as absent. Fixes bug 19161; bugfix on
  • Minor bugfixes (client):
    • Turn all TestingClientBootstrap* into non-testing torrc options. This changes simply renames them by removing "Testing" in front of them and they do not require TestingTorNetwork to be enabled anymore. Fixes bug 18481; bugfix on
    • Make directory node selection more reliable, mainly for IPv6-only clients and clients with few reachable addresses. Fixes bug 18929; bugfix on Patch by "teor".
  • Minor bugfixes (controller, microdescriptors):
    • Make GETINFO dir/status-vote/current/consensus conform to the control specification by returning "551 Could not open cached consensus..." when not caching consensuses. Fixes bug 18920; bugfix on
  • Minor bugfixes (crypto, portability):
    • The SHA3 and SHAKE routines now produce the correct output on Big Endian systems. No code calls either algorithm yet, so this is primarily a build fix. Fixes bug 18943; bugfix on
    • Tor now builds again with the recent OpenSSL 1.1 development branch (tested against 1.1.0-pre4 and 1.1.0-pre5-dev). Closes ticket 18286.
  • Minor bugfixes (directories):
    • When fetching extrainfo documents, compare their SHA256 digests and Ed25519 signing key certificates with the routerinfo that led us to fetch them, rather than with the most recent routerinfo. Otherwise we generate many spurious warnings about mismatches. Fixes bug 17150; bugfix on
  • Minor bugfixes (logging):
    • When we can't generate a signing key because OfflineMasterKey is set, do not imply that we should have been able to load it. Fixes bug 18133; bugfix on
    • Stop periodic_event_dispatch() from blasting twelve lines per second at loglevel debug. Fixes bug 18729; fix on
    • When rejecting a misformed INTRODUCE2 cell, only log at PROTOCOL_WARN severity. Fixes bug 18761; bugfix on
  • Minor bugfixes (pluggable transports):
    • Avoid reporting a spurious error when we decide that we don't need to terminate a pluggable transport because it has already exited. Fixes bug 18686; bugfix on
  • Minor bugfixes (pointer arithmetic):
    • Fix a bug in memarea_alloc() that could have resulted in remote heap write access, if Tor had ever passed an unchecked size to memarea_alloc(). Fortunately, all the sizes we pass to memarea_alloc() are pre-checked to be less than 128 kilobytes. Fixes bug 19150; bugfix on Bug found by Guido Vranken.
  • Minor bugfixes (relays):
    • Consider more config options when relays decide whether to regenerate their descriptor. Fixes more of bug 12538; bugfix on
    • Resolve some edge cases where we might launch an ORPort reachability check even when DisableNetwork is set. Noticed while fixing bug 18616; bugfix on
  • Minor bugfixes (statistics):
    • We now include consensus downloads via IPv6 in our directory- request statistics. Fixes bug 18460; bugfix on
  • Minor bugfixes (testing):
    • Allow directories in small networks to bootstrap by skipping DirPort checks when the consensus has no exits. Fixes bug 19003; bugfix on Patch by teor.
    • Fix a small memory leak that would occur when the TestingEnableCellStatsEvent option was turned on. Fixes bug 18673; bugfix on
  • Minor bugfixes (time handling):
    • When correcting a corrupt 'struct tm' value, fill in the tm_wday field. Otherwise, our unit tests crash on Windows. Fixes bug 18977; bugfix on
  • Documentation:
    • Document the contents of the 'datadir/keys' subdirectory in the manual page. Closes ticket 17621.
    • Stop recommending use of nicknames to identify relays in our MapAddress documentation. Closes ticket 18312.

edited to add links to tickets. Please met me know if my script broke anything.


Please note that the comment area below has been archived.

May 29, 2016


Tor has lost its street cred. I don't trust duckduckgo as it is NOT open source but another IT-for-profit company based in the US or Israel. Tor use to be good because you could choose what search engine you wanted as default. Now you have Duckduckgo tracking your search quiries and funneling it to a big search enging like Google which identifies you based on what words you type and your search behaviour.

Why not partner up and diversify companies from privacy conscious EU?

May 30, 2016


This is irritating: tor 5.5.5 switching between exit nodes every few seconds. Is it an error? How can I change it to use on an exit node for a longer time?

June 07, 2016


Are there any plans for a library (.lib and .h like zlib) for C/C++ so we can use Tor functionality standalone from within code instead of shipping Tor.exe?