Tor is released!

by nickm | August 2, 2016

Tor has been released! You can download the source from the Tor website. Packages should be available over the next week or so.

Tor is the first stable version of the Tor 0.2.8 series.
The Tor 0.2.8 series improves client bootstrapping performance, completes the authority-side implementation of improved identity keys for relays, and includes numerous bugfixes and performance improvements throughout the program. This release continues to improve the coverage of Tor's test suite.
Below is a list of the changes since Tor 0.2.7. For a list of only the changes that are new since, please see the ChangeLog file.

Changes in version - 2016-08-02

  • New system requirements:
    • Tor no longer attempts to support platforms where the "time_t" type is unsigned. (To the best of our knowledge, only OpenVMS does this, and Tor has never actually built on OpenVMS.) Closes ticket 18184.
    • Tor no longer supports versions of OpenSSL with a broken implementation of counter mode. (This bug was present in OpenSSL 1.0.0, and was fixed in OpenSSL 1.0.0a.) Tor still detects, but no longer runs with, these versions.
    • Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or later (released in 2008 and 2009 respectively). If you are building Tor from the git repository instead of from the source distribution, and your tools are older than this, you will need to upgrade. Closes ticket 17732.


  • Directory authority changes:
    • Update the V3 identity key for the dannenberg directory authority: it was changed on 18 November 2015. Closes task 17906. Patch by teor.
    • Urras is no longer a directory authority. Closes ticket 19271.
  • Major features (directory system):
    • Include a trial list of default fallback directories, based on an opt-in survey of suitable relays. Doing this should make clients bootstrap more quickly and reliably, and reduce the load on the directory authorities. Closes ticket 15775. Patch by teor. Candidates identified using an OnionOO script by weasel, teor, gsathya, and karsten.
    • Previously only relays that explicitly opened a directory port (DirPort) accepted directory requests from clients. Now all relays, with and without a DirPort, accept and serve tunneled directory requests that they receive through their ORPort. You can disable this behavior using the new DirCache option. Closes ticket 12538.
    • When bootstrapping multiple consensus downloads at a time, use the first one that starts downloading, and close the rest. This reduces failures when authorities or fallback directories are slow or down. Together with the code for feature 15775, this feature should reduces failures due to fallback churn. Implements ticket 4483. Patch by teor. Implements IPv4 portions of proposal 210 by mikeperry and teor.
  • Major features (security, Linux):
    • When Tor starts as root on Linux and is told to switch user ID, it can now retain the capability to bind to low ports. By default, Tor will do this only when it's switching user ID and some low ports have been configured. You can change this behavior with the new option KeepBindCapabilities. Closes ticket 8195.
  • Major bugfixes (client, bootstrapping):
    • Check if bootstrap consensus downloads are still needed when the linked connection attaches. This prevents tor making unnecessary begindir-style connections, which are the only directory connections tor clients make since the fix for 18483 was merged.
    • Fix some edge cases where consensus download connections may not have been closed, even though they were not needed. Related to fix for 18809.
    • Make relays retry consensus downloads the correct number of times, rather than the more aggressive client retry count. Fixes part of ticket 18809.
  • Major bugfixes (dns proxy mode, crash):
    • Avoid crashing when running as a DNS proxy. Fixes bug 16248; bugfix on Patch from "cypherpunks".
  • Major bugfixes (ed25519, voting):
    • Actually enable support for authorities to match routers by their Ed25519 identities. Previously, the code had been written, but some debugging code that had accidentally been left in the codebase made it stay turned off. Fixes bug 17702; bugfix on
    • When collating votes by Ed25519 identities, authorities now include a "NoEdConsensus" flag if the ed25519 value (or lack thereof) for a server does not reflect the majority consensus. Related to bug 17668; bugfix on
    • When generating a vote with keypinning disabled, never include two entries for the same ed25519 identity. This bug was causing authorities to generate votes that they could not parse when a router violated key pinning by changing its RSA identity but keeping its Ed25519 identity. Fixes bug 17668; fixes part of bug 18318. Bugfix on
  • Major bugfixes (key management):
    • If OpenSSL fails to generate an RSA key, do not retain a dangling pointer to the previous (uninitialized) key value. The impact here should be limited to a difficult-to-trigger crash, if OpenSSL is running an engine that makes key generation failures possible, or if OpenSSL runs out of memory. Fixes bug 19152; bugfix on Found by Yuan Jochen Kang, Suman Jana, and Baishakhi Ray.
  • Major bugfixes (security, client, DNS proxy):
    • Stop a crash that could occur when a client running with DNSPort received a query with multiple address types, and the first address type was not supported. Found and fixed by Scott Dial. Fixes bug 18710; bugfix on
  • Major bugfixes (security, compilation):
    • Correctly detect compiler flags on systems where _FORTIFY_SOURCE is predefined. Previously, our use of -D_FORTIFY_SOURCE would cause a compiler warning, thereby making other checks fail, and needlessly disabling compiler-hardening support. Fixes one case of bug 18841; bugfix on Patch from "trudokal".
    • Repair hardened builds under the clang compiler. Previously, our use of _FORTIFY_SOURCE would conflict with clang's address sanitizer. Fixes bug 14821; bugfix on
  • Major bugfixes (security, pointers):
    • Avoid a difficult-to-trigger heap corruption attack when extending a smartlist to contain over 16GB of pointers. Fixes bug 18162; bugfix on, which fixed a related bug incompletely. Reported by Guido Vranken.
  • Major bugfixes (testing):
    • Fix a bug that would block 'make test-network-all' on systems where IPv6 packets were lost. Fixes bug 19008; bugfix on
  • Major bugfixes (user interface):
    • Correctly give a warning in the cases where a relay is specified by nickname, and one such relay is found, but it is not officially Named. Fixes bug 19203; bugfix on
  • Minor features (accounting):
    • Added two modes to the AccountingRule option: One for limiting only the number of bytes sent ("AccountingRule out"), and one for limiting only the number of bytes received ("AccountingRule in"). Closes ticket 15989; patch from "unixninja92".
  • Minor features (bug-resistance):
    • Make Tor survive errors involving connections without a corresponding event object. Previously we'd fail with an assertion; now we produce a log message. Related to bug 16248.
    • Use tor_snprintf() and tor_vsnprintf() even in external and low- level code, to harden against accidental failures to NUL- terminate. Part of ticket 17852. Patch from jsturgix. Found with Flawfinder.
  • Minor features (build):
    • Detect systems with FreeBSD-derived kernels (such as GNU/kFreeBSD) as having possible IPFW support. Closes ticket 18448. Patch from Steven Chamberlain.
    • Since our build process now uses "make distcheck", we no longer force "make dist" to depend on "make check". Closes ticket 17893; patch from "cypherpunks".
    • Tor now builds once again with the recent OpenSSL 1.1 development branch (tested against 1.1.0-pre5 and 1.1.0-pre6-dev). We have been tracking OpenSSL 1.1 development as it has progressed, and fixing numerous compatibility issues as they arose. See tickets 17549, 17921, 17984, 19499, and 18286.
    • When building manual pages, set the timezone to "UTC", so that the output is reproducible. Fixes bug 19558; bugfix on Patch from intrigeri.
  • Minor features (clients):
    • Make clients, onion services, and bridge relays always use an encrypted begindir connection for directory requests. Resolves ticket 18483. Patch by teor.
  • Minor features (controller):
    • Add 'GETINFO exit-policy/reject-private/[default,relay]', so controllers can examine the the reject rules added by ExitPolicyRejectPrivate. This makes it easier for stem to display exit policies.
    • Adds the FallbackDir entries to 'GETINFO config/defaults'. Closes tickets 16774 and 17817. Patch by George Tankersley.
    • New 'GETINFO hs/service/desc/id/' command to retrieve a hidden service descriptor from a service's local hidden service descriptor cache. Closes ticket 14846.
  • Minor features (crypto):
    • Add SHA3 and SHAKE support to crypto.c. Closes ticket 17783.
    • Add SHA512 support to crypto.c. Closes ticket 17663; patch from George Tankersley.
    • Improve performance when hashing non-multiple of 8 sized buffers, based on Andrew Moon's public domain SipHash-2-4 implementation. Fixes bug 17544; bugfix on
    • Validate the hard-coded Diffie-Hellman parameters and ensure that p is a safe prime, and g is a suitable generator. Closes ticket 18221.
    • When allocating a digest state object, allocate no more space than we actually need. Previously, we would allocate as much space as the state for the largest algorithm would need. This change saves up to 672 bytes per circuit. Closes ticket 17796.
  • Minor features (directory downloads):
    • Add UseDefaultFallbackDirs, which enables any hard-coded fallback directory mirrors. The default is 1; set it to 0 to disable fallbacks. Implements ticket 17576. Patch by teor.
    • Wait for busy authorities and fallback directories to become non- busy when bootstrapping. (A similar change was made in 6c443e987d for directory caches chosen from the consensus.) Closes ticket 17864; patch by teor.
  • Minor features (geoip):
    • Update geoip and geoip6 to the July 6 2016 Maxmind GeoLite2 Country database.
  • Minor features (hidden service directory):
    • Streamline relay-side hsdir handling: when relays consider whether to accept an uploaded hidden service descriptor, they no longer check whether they are one of the relays in the network that is "supposed" to handle that descriptor. Implements ticket 18332.
  • Minor features (IPv6):
    • Add ClientPreferIPv6DirPort, which is set to 0 by default. If set to 1, tor prefers IPv6 directory addresses.
    • Add ClientUseIPv4, which is set to 1 by default. If set to 0, tor avoids using IPv4 for client OR and directory connections.
    • Add address policy assume_action support for IPv6 addresses.
    • Add an argument 'ipv6=address:orport' to the DirAuthority and FallbackDir torrc options, to specify an IPv6 address for an authority or fallback directory. Add hard-coded ipv6 addresses for directory authorities that have them. Closes ticket 17327; patch from Nick Mathewson and teor.
    • Allow users to configure directory authorities and fallback directory servers with IPv6 addresses and ORPorts. Resolves ticket 6027.
    • Limit IPv6 mask bits to 128.
    • Make tor_ersatz_socketpair work on IPv6-only systems. Fixes bug 17638; bugfix on 0.0.2pre8. Patch by teor.
    • Try harder to obey the IP version restrictions "ClientUseIPv4 0", "ClientUseIPv6 0", "ClientPreferIPv6ORPort", and "ClientPreferIPv6DirPort". Closes ticket 17840; patch by teor.
    • Warn when comparing against an AF_UNSPEC address in a policy, it's almost always a bug. Closes ticket 17863; patch by teor.
    • routerset_parse now accepts IPv6 literal addresses. Fixes bug 17060; bugfix on Patch by teor.
  • Minor features (Linux seccomp2 sandbox):
    • Reject attempts to change our Address with "Sandbox 1" enabled. Changing Address with Sandbox turned on would never actually work, but previously it would fail in strange and confusing ways. Found while fixing 18548.
  • Minor features (logging):
    • When logging to syslog, allow a tag to be added to the syslog identity (the string prepended to every log message). The tag can be configured with SyslogIdentityTag and defaults to none. Setting it to "foo" will cause logs to be tagged as "Tor-foo". Closes ticket 17194.
  • Minor features (portability):
  • Minor features (relay, address discovery):
    • Add a family argument to get_interface_addresses_raw() and subfunctions to make network interface address interogation more efficient. Now Tor can specifically ask for IPv4, IPv6 or both types of interfaces from the operating system. Resolves ticket 17950.
    • When get_interface_address6_list(.,AF_UNSPEC,.) is called and fails to enumerate interface addresses using the platform-specific API, have it rely on the UDP socket fallback technique to try and find out what IP addresses (both IPv4 and IPv6) our machine has. Resolves ticket 17951.
  • Minor features (replay cache):
    • The replay cache now uses SHA256 instead of SHA1. Implements feature 8961. Patch by teor, issue reported by rransom.
  • Minor features (robustness):
    • Exit immediately with an error message if the code attempts to use Libevent without having initialized it. This should resolve some frequently-made mistakes in our unit tests. Closes ticket 18241.
  • Minor features (security, clock):
    • Warn when the system clock appears to move back in time (when the state file was last written in the future). Tor doesn't know that consensuses have expired if the clock is in the past. Patch by teor. Implements ticket 17188.
  • Minor features (security, exit policies):
    • ExitPolicyRejectPrivate now rejects more private addresses by default. Specifically, it now rejects the relay's outbound bind addresses (if configured), and the relay's configured port addresses (such as ORPort and DirPort). Fixes bug 17027; bugfix on Patch by teor.
  • Minor features (security, memory erasure):
    • Make memwipe() do nothing when passed a NULL pointer or buffer of zero size. Check size argument to memwipe() for underflow. Fixes bug 18089; bugfix on and Reported by "gk", patch by teor.
    • Set the unused entries in a smartlist to NULL. This helped catch a (harmless) bug, and shouldn't affect performance too much. Implements ticket 17026.
    • Use SecureMemoryWipe() function to securely clean memory on Windows. Previously we'd use OpenSSL's OPENSSL_cleanse() function. Implements feature 17986.
    • Use explicit_bzero or memset_s when present. Previously, we'd use OpenSSL's OPENSSL_cleanse() function. Closes ticket 7419; patches from <> and <>.
  • Minor features (security, RNG):
    • Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely, positively are not allowed to fail. Previously we depended on internal details of OpenSSL's behavior. Closes ticket 17686.
    • Never use the system entropy output directly for anything besides seeding the PRNG. When we want to generate important keys, instead of using system entropy directly, we now hash it with the PRNG stream. This may help resist certain attacks based on broken OS entropy implementations. Closes part of ticket 17694.
    • Use modern system calls (like getentropy() or getrandom()) to generate strong entropy on platforms that have them. Closes ticket 13696.
  • Minor features (security, win32):
    • Set SO_EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing attack. Fixes bug 18123; bugfix on all tor versions. Patch by teor.
  • Minor features (unix domain sockets):
    • Add a new per-socket option, RelaxDirModeCheck, to allow creating Unix domain sockets without checking the permissions on the parent directory. (Tor checks permissions by default because some operating systems only check permissions on the parent directory. However, some operating systems do look at permissions on the socket, and tor's default check is unneeded.) Closes ticket 18458. Patch by weasel.
  • Minor features (unix file permissions):
    • Defer creation of Unix sockets until after setuid. This avoids needing CAP_CHOWN and CAP_FOWNER when using systemd's CapabilityBoundingSet, or chown and fowner when using SELinux. Implements part of ticket 17562. Patch from Jamie Nguyen.
    • If any directory created by Tor is marked as group readable, the filesystem group is allowed to be either the default GID or the root user. Allowing root to read the DataDirectory prevents the need for CAP_READ_SEARCH when using systemd's CapabilityBoundingSet, or dac_read_search when using SELinux. Implements part of ticket 17562. Patch from Jamie Nguyen.
    • Introduce a new DataDirectoryGroupReadable option. If it is set to 1, the DataDirectory will be made readable by the default GID. Implements part of ticket 17562. Patch from Jamie Nguyen.
  • Minor bugfixes (accounting):
    • The max bandwidth when using 'AccountRule sum' is now correctly logged. Fixes bug 18024; bugfix on Patch from "unixninja92".
  • Minor bugfixes (assert, portability):
    • Fix an assertion failure in memarea.c on systems where "long" is shorter than the size of a pointer. Fixes bug 18716; bugfix on
  • Minor bugfixes (bootstrap):
    • Consistently use the consensus download schedule for authority certificates. Fixes bug 18816; bugfix on
  • Minor bugfixes (build):
    • Avoid spurious failures from configure files related to calling exit(0) in TOR_SEARCH_LIBRARY. Fixes bug 18625; bugfix on Patch from "cypherpunks".
    • Do not link the unit tests against both the testing and non- testing versions of the static libraries. Fixes bug 18490; bugfix on
    • Resolve warnings when building on systems that are concerned with signed char. Fixes bug 18728; bugfix on and
    • Silence spurious clang-scan warnings in the ed25519_donna code by explicitly initializing some objects. Fixes bug 18384; bugfix on Patch by teor.
    • When libscrypt.h is found, but no libscrypt library can be linked, treat libscrypt as absent. Fixes bug 19161; bugfix on
    • Cause the unit tests to compile correctly on mingw64 versions that lack sscanf. Fixes bug 19213; bugfix on
    • Don't try to use the pthread_condattr_setclock() function unless it actually exists. Fixes compilation on NetBSD-6.x. Fixes bug 17819; bugfix on
    • Fix backtrace compilation on FreeBSD. Fixes bug 17827; bugfix on
    • Fix search for libevent libraries on OpenBSD (and other systems that install libevent 1 and libevent 2 in parallel). Fixes bug 16651; bugfix on Patch from "rubiate".
    • Isolate environment variables meant for tests from the rest of the build system. Fixes bug 17818; bugfix on
    • Mark all object files that include micro-revision.i as depending on it, so as to make parallel builds more reliable. Fixes bug 17826; bugfix on
    • Remove config.log only from make distclean, not from make clean. Fixes bug 17924; bugfix on
    • Replace usage of 'INLINE' with 'inline'. Fixes bug 17804; bugfix on 0.0.2pre8.
    • Remove an #endif from so that we correctly detect the presence of in6_addr.s6_addr32. Fixes bug 17923; bugfix on
  • Minor bugfixes (client, bootstrap):
    • Count receipt of new microdescriptors as progress towards bootstrapping. Previously, with EntryNodes set, Tor might not successfully repopulate the guard set on bootstrapping. Fixes bug 16825; bugfix on
  • Minor bugfixes (code correctness):
    • Fix a bad memory handling bug that would occur if we had queued a cell on a channel's incoming queue. Fortunately, we can't actually queue a cell like that as our code is constructed today, but it's best to avoid this kind of error, even if there isn't any code that triggers it today. Fixes bug 18570; bugfix on
    • Assert that allocated memory held by the reputation code is freed according to its internal counters. Fixes bug 17753; bugfix on
    • Assert when the TLS contexts fail to initialize. Fixes bug 17683; bugfix on 0.0.6.
    • Update to the latest version of Trunnel, which tries harder to avoid generating code that can invoke memcpy(p,NULL,0). Bug found by clang address sanitizer. Fixes bug 18373; bugfix on
    • When closing an entry connection, generate a warning if we should have sent an end cell for it but we haven't. Fixes bug 17876; bugfix on
  • Minor bugfixes (configuration):
    • Fix a tiny memory leak when parsing a port configuration ending in ":auto". Fixes bug 18374; bugfix on
  • Minor bugfixes (containers):
    • If we somehow attempt to construct a heap with more than 1073741822 elements, avoid an integer overflow when maintaining the heap property. Fixes bug 18296; bugfix on
  • Minor bugfixes (controller, microdescriptors):
    • Make GETINFO dir/status-vote/current/consensus conform to the control specification by returning "551 Could not open cached consensus..." when not caching consensuses. Fixes bug 18920; bugfix on
  • Minor bugfixes (crypto):
    • Check the return value of HMAC() and assert on failure. Fixes bug 17658; bugfix on Patch by teor.
  • Minor bugfixes (directories):
    • When fetching extrainfo documents, compare their SHA256 digests and Ed25519 signing key certificates with the routerinfo that led us to fetch them, rather than with the most recent routerinfo. Otherwise we generate many spurious warnings about mismatches. Fixes bug 17150; bugfix on
    • When generating a URL for a directory server on an IPv6 address, wrap the IPv6 address in square brackets. Fixes bug 18051; bugfix on Patch from Malek.
  • Minor bugfixes (downloading):
    • Predict more correctly whether we'll be downloading over HTTP when we determine the maximum length of a URL. This should avoid a "BUG" warning about the Squid HTTP proxy and its URL limits. Fixes bug 19191.
  • Minor bugfixes (exit policies, security):
    • Refresh an exit relay's exit policy when interface addresses change. Previously, tor only refreshed the exit policy when the configured external address changed. Fixes bug 18208; bugfix on Patch by teor.
  • Minor bugfixes (fallback directories):
    • Mark fallbacks as "too busy" when they return a 503 response, rather than just marking authorities. Fixes bug 17572; bugfix on Patch by teor.
    • When requesting extrainfo descriptors from a trusted directory server, check whether it is an authority or a fallback directory which supports extrainfo descriptors. Fixes bug 18489; bugfix on Reported by atagar, patch by teor.
  • Minor bugfixes (hidden service, client):
    • Handle the case where the user makes several fast consecutive requests to the same .onion address. Previously, the first six requests would each trigger a descriptor fetch, each picking a directory (there are 6 overall) and the seventh one would fail because no directories were left, thereby triggering a close on all current directory connections asking for the hidden service. The solution here is to not close the connections if we have pending directory fetches. Fixes bug 15937; bugfix on
  • Minor bugfixes (hidden service, control port):
    • Add the onion address to the HS_DESC event for the UPLOADED action both on success or failure. It was previously hardcoded with UNKNOWN. Fixes bug 16023; bugfix on
  • Minor bugfixes (hidden service, directory):
    • Bridges now refuse "rendezvous2" (hidden service descriptor) publish attempts. Suggested by ticket 18332.
  • Minor bugfixes (IPv6):
    • Update the limits in max_dl_per_request for IPv6 address length. Fixes bug 17573; bugfix on
  • Minor bugfixes (Linux seccomp2 sandbox):
    • Allow more syscalls when running with "Sandbox 1" enabled: sysinfo, getsockopt(SO_SNDBUF), and setsockopt(SO_SNDBUFFORCE). On some systems, these are required for Tor to start. Fixes bug 18397; bugfix on Patch from Daniel Pinto.
    • Allow IPPROTO_UDP datagram sockets when running with "Sandbox 1", so that get_interface_address6_via_udp_socket_hack() can work. Fixes bug 19660; bugfix on
    • Allow the setrlimit syscall, and the prlimit and prlimit64 syscalls, which some libc implementations use under the hood. Fixes bug 15221; bugfix on
    • Avoid a 10-second delay when starting as a client with "Sandbox 1" enabled and no DNS resolvers configured. This should help TAILS start up faster. Fixes bug 18548; bugfix on
    • Fix a crash when using offline master ed25519 keys with the Linux seccomp2 sandbox enabled. Fixes bug 17675; bugfix on
    • Allow statistics to be written to disk when "Sandbox 1" is enabled. Fixes bugs 19556 and 19957; bugfix on and respectively.
  • Minor bugfixes (logging):
    • In log messages that include a function name, use __FUNCTION__ instead of __PRETTY_FUNCTION__. In GCC, these are synonymous, but with clang __PRETTY_FUNCTION__ has extra information we don't need. Fixes bug 16563; bugfix on 0.0.2pre8. Fix by Tom van der Woerdt.
    • Remove needless quotes from a log message about unparseable addresses. Fixes bug 17843; bugfix on
    • Scrub service name in "unrecognized service ID" log messages. Fixes bug 18600; bugfix on
    • When logging information about an unparsable networkstatus vote or consensus, do not say "vote" when we mean consensus. Fixes bug 18368; bugfix on
    • When we can't generate a signing key because OfflineMasterKey is set, do not imply that we should have been able to load it. Fixes bug 18133; bugfix on
    • When logging a malformed hostname received through socks4, scrub it if SafeLogging says we should. Fixes bug 17419; bugfix on
  • Minor bugfixes (memory safety):
    • Avoid freeing an uninitialized pointer when opening a socket fails in get_interface_addresses_ioctl(). Fixes bug 18454; bugfix on Reported by toralf and "cypherpunks", patch by teor.
    • Fix a memory leak in "tor --list-fingerprint". Fixes part of bug 18672; bugfix on
    • Fix a memory leak in tor-gencert. Fixes part of bug 18672; bugfix on
  • Minor bugfixes (pluggable transports):
    • Avoid reporting a spurious error when we decide that we don't need to terminate a pluggable transport because it has already exited. Fixes bug 18686; bugfix on
  • Minor bugfixes (pointer arithmetic):
    • Fix a bug in memarea_alloc() that could have resulted in remote heap write access, if Tor had ever passed an unchecked size to memarea_alloc(). Fortunately, all the sizes we pass to memarea_alloc() are pre-checked to be less than 128 kilobytes. Fixes bug 19150; bugfix on Bug found by Guido Vranken.
  • Minor bugfixes (private directory):
    • Prevent a race condition when creating private directories. Fixes part of bug 17852; bugfix on 0.0.2pre13. Part of ticket 17852. Patch from jsturgix. Found with Flawfinder.
  • Minor bugfixes (relays):
    • Check that both the ORPort and DirPort (if present) are reachable before publishing a relay descriptor. Otherwise, relays publish a descriptor with DirPort 0 when the DirPort reachability test takes longer than the ORPort reachability test. Fixes bug 18050; bugfix on Reported by "starlight", patch by teor.
    • Resolve some edge cases where we might launch an ORPort reachability check even when DisableNetwork is set. Noticed while fixing bug 18616; bugfix on
  • Minor bugfixes (relays, hidden services):
    • Refuse connection requests to private OR addresses unless ExtendAllowPrivateAddresses is set. Previously, tor would connect, then refuse to send any cells to a private address. Fixes bugs 17674 and 8976; bugfix on Patch by teor.
  • Minor bugfixes (security, hidden services):
    • Prevent hidden services connecting to client-supplied rendezvous addresses that are reserved as internal or multicast. Fixes bug 8976; bugfix on Patch by dgoulet and teor.
  • Minor bugfixes (statistics):
    • Consistently check for overflow in round_*_to_next_multiple_of functions, and add unit tests with additional and maximal values. Fixes part of bug 13192; bugfix on
    • Handle edge cases in the laplace functions: avoid division by zero, avoid taking the log of zero, and silence clang type conversion warnings using round and trunc. Add unit tests for edge cases with maximal values. Fixes part of bug 13192; bugfix on
    • We now include consensus downloads via IPv6 in our directory- request statistics. Fixes bug 18460; bugfix on
  • Minor bugfixes (test networks, IPv6):
    • Allow internal IPv6 addresses in descriptors in test networks. Fixes bug 17153; bugfix on Patch by teor, reported by karsten.
  • Minor bugfixes (testing):
    • Check the full results of SHA256 and SHA512 digests in the unit tests. Bugfix on Patch by teor.
    • Fix a memory leak in the ntor test. Fixes bug 17778; bugfix on
    • Fix a small memory leak that would occur when the TestingEnableCellStatsEvent option was turned on. Fixes bug 18673; bugfix on
    • Make unit tests pass on IPv6-only systems, and systems without localhost addresses (like some FreeBSD jails). Fixes bug 17632; bugfix on Patch by teor.
    • The test for log_heartbeat was incorrectly failing in timezones with non-integer offsets. Instead of comparing the end of the time string against a constant, compare it to the output of format_local_iso_time when given the correct input. Fixes bug 18039; bugfix on
    • We no longer disable assertions in the unit tests when coverage is enabled. Instead, we require you to say --disable-asserts-in-tests to the configure script if you need assertions disabled in the unit tests (for example, if you want to perform branch coverage). Fixes bug 18242; bugfix on
  • Minor bugfixes (time handling):
    • When correcting a corrupt 'struct tm' value, fill in the tm_wday field. Otherwise, our unit tests crash on Windows. Fixes bug 18977; bugfix on
    • Avoid overflow in tor_timegm when parsing dates in and after 2038 on platforms with 32-bit time_t. Fixes bug 18479; bugfix on 0.0.2pre14. Patch by teor.
  • Minor bugfixes (tor-gencert):
    • Correctly handle the case where an authority operator enters a passphrase but sends an EOF before sending a newline. Fixes bug 17443; bugfix on Found by junglefowl.
  • Code simplification and refactoring:
    • Clean up a little duplicated code in crypto_expand_key_material_TAP(). Closes ticket 17587; patch from "pfrankw".
    • Decouple the list of streams waiting to be attached to circuits from the overall connection list. This change makes it possible to attach streams quickly while simplifying Tor's callgraph and avoiding O(N) scans of the entire connection list. Closes ticket 17590.
    • Extract the more complicated parts of circuit_mark_for_close() into a new function that we run periodically before circuits are freed. This change removes more than half of the functions currently in the "blob". Closes ticket 17218.
    • Move logging of redundant policy entries in policies_parse_exit_policy_internal into its own function. Closes ticket 17608; patch from "juce".
    • Quote all the string interpolations in -- even those which we are pretty sure can't contain spaces. Closes ticket 17744. Patch from zerosion.
    • Remove code for configuring OpenSSL dynamic locks; OpenSSL doesn't use them. Closes ticket 17926.
    • Remove specialized code for non-inplace AES_CTR. 99% of our AES is inplace, so there's no need to have a separate implementation for the non-inplace code. Closes ticket 18258. Patch from Malek.
    • Simplify return types for some crypto functions that can't actually fail. Patch from Hassan Alsibyani. Closes ticket 18259.
    • When a direct directory request fails immediately on launch, instead of relaunching that request from inside the code that launches it, instead mark the connection for teardown. This change simplifies Tor's callback and prevents the directory-request launching code from invoking itself recursively. Closes ticket 17589.
  • Documentation:
    • Add a description of the correct use of the '--keygen' command- line option. Closes ticket 17583; based on text by 's7r'.
    • Change build messages to refer to "Fedora" instead of "Fedora Core", and "dnf" instead of "yum". Closes tickets 18459 and 18426. Patches from "icanhasaccount" and "cypherpunks".
    • Document the contents of the 'datadir/keys' subdirectory in the manual page. Closes ticket 17621.
    • Document the minimum HeartbeatPeriod value. Closes ticket 15638.
    • Explain actual minima for BandwidthRate. Closes ticket 16382.
    • Fix a minor formatting typo in the manpage. Closes ticket 17791.
    • Mention torspec URL in the manpage and point the reader to it whenever we mention a document that belongs in torspce. Fixes issue 17392.
    • Stop recommending use of nicknames to identify relays in our MapAddress documentation. Closes ticket 18312.
  • Removed features:
    • Remove client-side support for connecting to Tor relays running versions of Tor before These relays didn't support the v3 TLS handshake protocol, and are no longer allowed on the Tor network. Implements the client side of ticket 11150. Based on patches by Tom van der Woerdt.
    • We no longer maintain an internal freelist in memarea.c. Allocators should be good enough to make this code unnecessary, and it's doubtful that it ever had any performance benefit.
  • Testing:
    • Add unit tests to check for common RNG failure modes, such as returning all zeroes, identical values, or incrementing values (OpenSSL's rand_predictable feature). Patch by teor.
    • Always test both ed25519 backends, so that we can be sure that our batch-open replacement code works. Part of ticket 16794.
    • Cover dns_resolve_impl() in dns.c with unit tests. Implements a portion of ticket 16831.
    • Fix several warnings from clang's address sanitizer produced in the unit tests.
    • Log more information when the backtrace tests fail. Closes ticket 17892. Patch from "cypherpunks."
    • More unit tests for compat_libevent.c, procmon.c, tortls.c, util_format.c, directory.c, and options_validate.c. Closes tickets 17075, 17082, 17084, 17003, and 17076 respectively. Patches from Ola Bini.
    • Treat backtrace test failures as expected on FreeBSD until we solve bug 17808. Closes ticket 18204.
    • Unit tests for directory_handle_command_get. Closes ticket 17004. Patch from Reinaldo de Souza Jr.


Please note that the comment area below has been archived.

August 03, 2016


Great work guys! Please update us when the builds are ready. I like to run current tor and support the network.

August 03, 2016


The trusty package does not start anymore, because it can't open hidden service directory /var/lib/tor/hidden_service/xyz/ (permission denied).

Workaround: Setting USE_AA_EXEC="no" in /etc/default/tor switches off apparmor and Tor can access its hidden_service dirs again. I don't understand this.

# grep var/lib /etc/apparmor.d/system_tor
owner /var/lib/tor/** rwk,
owner /var/lib/tor/ r,

Doesn't the line with ** allow access to /var/lib/tor/hidden_service/subdir and what does "owner /var/lib/tor/ r," do then?

After Tor broke I wanted to downgrade, but did not have any stable versions other than :(

'owner' limits the allow access to a specific user, and denies access to others. Try it without the owner part at the beginning.

my above suggestion to use /usr/share/tor/tor-service-defaults-torrc works but...... first copy tor-service-defaults-torrc over torrc, then start tor service WITHOUT adding hidden-services, then edit torrc and add hidden service and use "tor reload" (not tor restart) and it will work, until you restart :(

I got it to work by adding two lines to /etc/apparmor.d/local/system_tor:

/var/lib/tor/hidden_service/ r,
/var/lib/tor/hidden_service/** rwk,

Then "service apparmor reload" and Tor started again.

Maybe it's not accessing the directory as the correct user?

August 03, 2016


To solve "permission denied" with hidden services....... backup your existing torrc, copy default-torrc into torrc and then add hidden services back into new torrc.

What? Oh no I am not going to do this weird ceremony on a prod server. Besides, what does this have to do with AppArmor?

Can you elaborate?

I wonder why there is a breaking change w/o mention in change file. What gives?

dpkg-dist is an old version it may seem
/usr/share/tor/tor-service-defaults-torrc has more content but I see no lines that could remedy the situation.
Tried it, and wasn't surprised that it didn't work.

Oh right, a new one would be torrc.dpkg-new or something.

It seems the new release has added the line

owner /var/lib/tor/ r,

to /etc/apparmor.d/system_tor.

Removing it didn't change anything (no surprise). Well, I've switched off AppArmor for now on machines that use it and will review this again when I set up a new machine.

August 04, 2016


BMO blocks some exit nodes??? (e.g. $E1E922A20AF608728824A620BADC6EFC8CB8C2B8~TorLand1)

August 04, 2016


I understand everyone dislikes windoze and windoze users here, but why do you always make us wait so much longer for new releases of Tor then other OS's?

I am very keen to install the new standalone "Expert Bundle".

Please could you release all versions at the same time in future, it always leaves windoze users feeling a little rejected by the Tor community :) ... LOL

Instead of going to a hospital for a minor operation, why not spend 12 years studying medicine and operate on yourself at home ??

I believe my initial point remains valid.

The expert bundle gets updated as soon as the stable Tor Browser moves to a new tor versions. Unfortunately, the new stable missed our release schedule slightly. Thus, the expert bundle will get updated with 6.0.4.

August 08, 2016

In reply to gk


OK I understand, thanks for the reply :) I just wish all versions were released at the same time.

Looks like it might be better for me to wait until is out as there seems to have been many improvements.

Thanks for your work.

August 04, 2016


After upgrade the server doesn't start.It will only start when setting USE_AA_EXEC="no" in /etc/default/tor.

When will this be fixed?

August 05, 2016


today update (tor fixed issue with permissions so USE_AA_EXEC="no" is not required anymore