The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2021-08-23T15:17:35Zhttps://gitlab.torproject.org/tpo/core/tor/-/issues/17188Tor should warn users when traveling backwards through time2021-08-23T15:17:35ZTracTor should warn users when traveling backwards through timeAn attacker can do evil things by rewinding a user's clock, without having to own their machine (e.g., NTP attacks).
Tor maintains a monotonic clock to prevent rewinding attacks while Tor is running. Tor also keeps some persistent info...An attacker can do evil things by rewinding a user's clock, without having to own their machine (e.g., NTP attacks).
Tor maintains a monotonic clock to prevent rewinding attacks while Tor is running. Tor also keeps some persistent information about the user's time in the state file, in the LastWritten field.
On launch, if Tor sees that the system time has been rewound to before the LastWritten time, it should warn the user that something strange is happening. However, Tor should not update the monotonic clock or fail to launch, since the user may have changed the time deliberately.
**Trac**:
**Username**: hdevalenceTor: 0.2.8.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/4648Tor shouldn't call expand_filename on filenames specified on the command line2020-07-24T12:09:15ZRobert RansomTor shouldn't call expand_filename on filenames specified on the command lineThe Unix shell is responsible for expanding `~/...` in filenames specified on command lines. This allows users and scripts to quote that so it won't be expanded.
Unfortunately, Tor expands `~/...` in filenames specified on its command ...The Unix shell is responsible for expanding `~/...` in filenames specified on command lines. This allows users and scripts to quote that so it won't be expanded.
Unfortunately, Tor expands `~/...` in filenames specified on its command line itself.
```
rransom@ceres:~/tmp$ mkdir '~'
rransom@ceres:~/tmp$ touch '~/my-screwily-named-torrc'
rransom@ceres:~/tmp$ /usr/sbin/tor -f '~/my-screwily-named-torrc'
Dec 04 16:19:51.190 [notice] Tor v0.2.3.8-alpha (git-da15c0cbd6638af3). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux x86_64)
Dec 04 16:19:51.192 [warn] Unable to open configuration file "/home/rransom/my-screwily-named-torrc".
Dec 04 16:19:51.192 [err] Reading config failed--see warnings above.
```
(That wasn't supposed to work, but it wasn't supposed to fail that way, either.)Tor: unspecifiedhttps://gitlab.torproject.org/tpo/core/tor/-/issues/643tor shouldn't load the config file with --hash-password2020-06-27T14:10:22ZTractor shouldn't load the config file with --hash-passwordI noticed that tor uses the config file /etc/tor/torrc when I use --hash-password too: if I run
"tor --hash-password ..." from a unprivileged user I expect to simply receive the hashed password
but actually tor reads the system wide co...I noticed that tor uses the config file /etc/tor/torrc when I use --hash-password too: if I run
"tor --hash-password ..." from a unprivileged user I expect to simply receive the hashed password
but actually tor reads the system wide config file and fails because of user/group settings.
A simple workaround is to create a 'empty' config file and pass it to tor using the '-f' option.
[Automatically added by flyspray2trac: Operating System: All]
**Trac**:
**Username**: mrfreehttps://gitlab.torproject.org/tpo/core/tor/-/issues/28100Tor shouldn't set Content-Type: application/octet-stream when compressing res...2022-06-14T12:00:30ZAlex XuTor shouldn't set Content-Type: application/octet-stream when compressing resultsarma complained on IRC about his browser trying to download descriptor files instead of displaying them in the browser.
I tracked this to tor replacing the Content-Type with application/octet-stream when compression is done.
At least i...arma complained on IRC about his browser trying to download descriptor files instead of displaying them in the browser.
I tracked this to tor replacing the Content-Type with application/octet-stream when compression is done.
At least in modern HTTP, the Content-Type should not change with compression. You can see this by using curl --compressed -v or -I on any modern web server. Example:
```
$ curl --compressed -I https://www.torproject.org
HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 01:48:00 GMT
Server: Apache
Content-Location: index.html.en
Vary: negotiate,Accept-Encoding
TCN: choice
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-Xss-Protection: 1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15768000; preload
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline';
Last-Modified: Wed, 17 Oct 2018 18:48:13 GMT
ETag: "3ca6-578711cc71540-gzip"
Accept-Ranges: bytes
Content-Encoding: gzip
Cache-Control: max-age=3600
Expires: Thu, 18 Oct 2018 02:48:00 GMT
Content-Length: 4049
Content-Type: text/html
Content-Language: en
```
I didn't really look hard for any specs. It's probably somewhere in some RFC, but as a practical matter, 100% of web servers do this and 100% of web clients expect this.
I'm pretty sure this won't break Tor, since I searched the code for "content-type" and didn't find any results actually checking the type, only setting it.Tor: 0.4.0.x-finalAlex XuAlex Xuhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41894tor signal reload -> no more connections possible2023-07-20T15:44:06ZYetitor signal reload -> no more connections possible### Summary
After reloading TOR configuration by sending signal RELOAD (HUP) to control port no further connections are possible.
### Steps to reproduce:
1. Connect to Torbrowser/Tor control port (usually 9051), authenticate using a con...### Summary
After reloading TOR configuration by sending signal RELOAD (HUP) to control port no further connections are possible.
### Steps to reproduce:
1. Connect to Torbrowser/Tor control port (usually 9051), authenticate using a configured authentication method, and send the "signal reload" command. This is needed for example to (temporary) set a new exit node or exit country for a new browser tab without closing all other tabs and restarting Torbrowser.
2. Try to reload the current page or open a new.
### What is the current bug behavior?
Error "The proxy server is refusing connections". No more browsing is possible.
### What is the expected behavior?
The page navigation should continue working, but with the new Tor config.
### Environment
Windows 10
Torbrowser 12.5.1YetiYetihttps://gitlab.torproject.org/tpo/core/tor/-/issues/927Tor silently dies since v0.2.0.332020-06-27T14:10:00ZTracTor silently dies since v0.2.0.33Tor worked just fine for ages, but unfortunately v0.2.0.32 was last version to work at all.
After upgrading to v0.2.0.33 and later to v0.2.0.34 tor just silently dies. So i forced to roll back to v0.2.0.32
All versions was installed as ...Tor worked just fine for ages, but unfortunately v0.2.0.32 was last version to work at all.
After upgrading to v0.2.0.33 and later to v0.2.0.34 tor just silently dies. So i forced to roll back to v0.2.0.32
All versions was installed as vidalia bundle on Windows 2000 Service Pack 4 server. Application log shows nothing about tor.
And tor own log dosn't help either. Below is two tor versions outputs, started from cmd line, so bundle config is not used.
v0.2.0.32 :
16:29:12
%%>>>H:\WinApp\TOR\Tor\tor
Feb 15 16:29:20.139 [notice] Tor v0.2.0.32 (r17346). This is experimental softwa
re. Do not rely on it for strong anonymity. (Running on Windows 2000 Service Pac
k 4 [server] {enterprise})
Feb 15 16:29:20.239 [notice] Configuration file "G:\Documents and Settings\Admin
istrator\Application Data\tor\torrc" not present, using reasonable defaults.
Feb 15 16:29:20.259 [notice] Initialized libevent version 1.4.7-stable using met
hod win32. Good.
Feb 15 16:29:20.259 [notice] Opening Socks listener on 127.0.0.1:9050
Feb 15 16:29:22.342 [warn] Please upgrade! This version of Tor (0.2.0.32) is obs
olete, according to the directory authorities. Recommended versions are: 0.2.0.3
3,0.2.0.34,0.2.1.11-alpha,0.2.1.12-alpha
Feb 15 16:29:25.236 [notice] We now have enough directory information to build c
ircuits.
Feb 15 16:29:30.974 [notice] Tor has successfully opened a circuit. Looks like c
lient functionality is working.
v0.2.0.32 :
16:30:10
%%>>>H:\WinApp\TOR\Tor\tor
Feb 15 16:31:07.153 [notice] Tor v0.2.0.34 (r18423). This is experimental softwa
re. Do not rely on it for strong anonymity. (Running on Windows 2000 Service Pac
k 4 [server] {enterprise})
Feb 15 16:31:07.243 [notice] Configuration file "G:\Documents and Settings\Admin
istrator\Application Data\tor\torrc" not present, using reasonable defaults.
Feb 15 16:31:07.293 [notice] Initialized libevent version 1.4.9-stable using met
hod win32. Good.
Feb 15 16:31:07.293 [notice] Opening Socks listener on 127.0.0.1:9050
16:31:08
%%>>>H:\WinApp\TOR\Tor\
[Automatically added by flyspray2trac: Operating System: Windows 2k/XP]
**Trac**:
**Username**: Pheamaphhttps://gitlab.torproject.org/tpo/core/tor/-/issues/29885Tor since weekende not working2020-06-27T13:50:35ZTracTor since weekende not workingSince 23.03.2019 my Tor Browser doesen`t work anymore. The connection to the Tor Network takes realy long and I can't load my usual websites. It's all simply extreamly slow. What' could be the problem?
**Trac**:
**Username**: Hansi3000Since 23.03.2019 my Tor Browser doesen`t work anymore. The connection to the Tor Network takes realy long and I can't load my usual websites. It's all simply extreamly slow. What' could be the problem?
**Trac**:
**Username**: Hansi3000https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10469Tor skip line2020-06-27T14:42:24ZcypherpunksTor skip lineWhy don't keep these skip-tor-lauch lines by default in start-tor-browser.sh? Who needs it just uncomment the last line.
## Deactivate tor-launcher,
## a Vidalia replacement as browser extension,
## to prevent running Tor over Tor.
## h...Why don't keep these skip-tor-lauch lines by default in start-tor-browser.sh? Who needs it just uncomment the last line.
## Deactivate tor-launcher,
## a Vidalia replacement as browser extension,
## to prevent running Tor over Tor.
## https://trac.torproject.org/projects/tor/ticket/6009
## https://gitweb.torproject.org/tor-launcher.git
#export TOR_SKIP_LAUNCH=1https://gitlab.torproject.org/tpo/core/tor/-/issues/1202tor slow loading network status2020-06-27T14:09:41ZTractor slow loading network statustor getting slow on loading network status
[Automatically added by flyspray2trac: Operating System: All]
**Trac**:
**Username**: tomlietor getting slow on loading network status
[Automatically added by flyspray2trac: Operating System: All]
**Trac**:
**Username**: tomliehttps://gitlab.torproject.org/tpo/community/support/-/issues/29350Tor SOCKS 5 proxy no longer working on version 8.0.52020-06-27T13:44:39ZTracTor SOCKS 5 proxy no longer working on version 8.0.5connecting to Tor SOCKS 5 proxy on local port 9150 on Win7 Enterprise Edition 64 returns the error X'01' general SOCKS server failure.
telnet 127.0.0.1 9150 gets a connection successfully.
reverting back to Tor 8.0.4 brings back the fu...connecting to Tor SOCKS 5 proxy on local port 9150 on Win7 Enterprise Edition 64 returns the error X'01' general SOCKS server failure.
telnet 127.0.0.1 9150 gets a connection successfully.
reverting back to Tor 8.0.4 brings back the functionality.
**Trac**:
**Username**: zeaug1@gmail.comDavid Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/8117Tor SOCKS handshake makes SOCKS circuit isolation non-functional for many apps2020-06-27T14:04:51ZcypherpunksTor SOCKS handshake makes SOCKS circuit isolation non-functional for many appsTor 0.2.3 is supposed to have SOCKS username+password isolation on by default. But with Pidgin and other apps, vidalia still shows circuits being shared between multiple apps using different SOCKS usernames and passwords.
I dug in with ...Tor 0.2.3 is supposed to have SOCKS username+password isolation on by default. But with Pidgin and other apps, vidalia still shows circuits being shared between multiple apps using different SOCKS usernames and passwords.
I dug in with Wireshark, and it looks like the problem for Pidgin is that its SOCKS client handshake lists 2 "Client Authorization Methods": "No authentication" and "Username/password". Tor's SOCKS port replies that it only supports "No Authentication", so Pidgin doesn't send the username and password at all!
Tor should reply that it supports "Username/password" in this case if the SOCKS isolation feature is enabled.Tor: 0.2.4.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/10856Tor SOCKS proxy fails to reject unsupported IP formats.2020-06-27T14:03:28ZTracTor SOCKS proxy fails to reject unsupported IP formats.Tor attempts to connect to unsupported IP formats/families addresses, such as exotic IPv4 representations:
* hex: 0x40.0xAA.0x62.0x2A
* octal: 00000000100.00000000252.00000000142.00000000052
* base 256: 4294967360.4294967466.4294...Tor attempts to connect to unsupported IP formats/families addresses, such as exotic IPv4 representations:
* hex: 0x40.0xAA.0x62.0x2A
* octal: 00000000100.00000000252.00000000142.00000000052
* base 256: 4294967360.4294967466.4294967394.4294967338
Such requests are forwarded through a circuit and ultimately fail at the exit relay.
**Trac**:
**Username**: ochttps://gitlab.torproject.org/tpo/core/tor/-/issues/32975Tor Socks unresponsive behaviour after 24-36 hours of runtime2020-07-29T14:22:56ZTracTor Socks unresponsive behaviour after 24-36 hours of runtime__**Error description:**__
After around 1 or 1.5 days the tor socks proxy is getting unresponsive. There is actually no error message from tor itself. Only nyx is claiming to not have available buffer (error 105) and does not start any ...__**Error description:**__
After around 1 or 1.5 days the tor socks proxy is getting unresponsive. There is actually no error message from tor itself. Only nyx is claiming to not have available buffer (error 105) and does not start any more.
__**Error message: **__
`nyx -c .nyx/config -i 9951`
`Unable to connect to 127.0.0.1:9951: [Errno 105] No buffer space available`
__**Workaround:**__
I could solve the problem by deleting the ~/.tor folder and restarting tor.
__**Environment:**__
* 2 CPU VPS with 4GB RAM
* Tor version 0.4.2.5 build and installed from source
(also seen this behaviour on CentOS 7 repo package of tor v0.3.5.8)
* CentOS 7
(Linux version 3.10.0-042stab139.1 (root@kbuild-rh6-x64.eng.sw.ru) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) ) !#1 SMP Tue Jun 18 12:51:14 MSK 2019)
* non-exit relay
* controle port blocked by iptables for outside connection
* ssh port blocked by iptables for outside connection
**Trac**:
**Username**: ntrnhttps://gitlab.torproject.org/tpo/ux/team/-/issues/60Tor Socks!2020-03-31T13:18:36ZSarah StevensonTor Socks!Isa approved purchasing 15 Tor socks to offer as prizes for the EOY campaign. Antonela, do you have time to use this site https://www.customsockshop.com/custom-made-socks/?step=3&type=marketing&style=crew to design the sock? I put togeth...Isa approved purchasing 15 Tor socks to offer as prizes for the EOY campaign. Antonela, do you have time to use this site https://www.customsockshop.com/custom-made-socks/?step=3&type=marketing&style=crew to design the sock? I put together a prototype, but I'm sure yours will be much better. I think we'll go with 15 pairs all in size Large to keep it simple. If people are crazy about them, we can consider purchasing more later.
Once you do the design, I can submit the order.Year End Campaign 2019Antonelaantonela@torproject.orgAntonelaantonela@torproject.org2019-11-09https://gitlab.torproject.org/tpo/core/tor/-/issues/23679Tor Software Error2020-06-27T13:55:27ZcypherpunksTor Software Errorcircuit_package_relay_cell(): Bug: outgoing relay cell sent from ../src/or/relay.c:737 has n_chan==NULL. Dropping. (on Tor 0.3.0.10 c33db290a9d8d0f9)
The consensus seems to be that this is a duplicate of legacy/trac#8185. If so, then it...circuit_package_relay_cell(): Bug: outgoing relay cell sent from ../src/or/relay.c:737 has n_chan==NULL. Dropping. (on Tor 0.3.0.10 c33db290a9d8d0f9)
The consensus seems to be that this is a duplicate of legacy/trac#8185. If so, then it's still there. Nothing unusual logged before, nor after, so I've got nothing helpful to add, beyond "someone seems to have wanted to know".https://gitlab.torproject.org/tpo/core/tor/-/issues/22877Tor Software Error2020-06-27T13:56:11ZcypherpunksTor Software ErrorJust slavishly following our machines of loving grace:
Tor Software Error - The Tor software encountered an internal bug. Please report the following error message to the Tor developers at bugs.torproject.org: "circuit_package_relay_cel...Just slavishly following our machines of loving grace:
Tor Software Error - The Tor software encountered an internal bug. Please report the following error message to the Tor developers at bugs.torproject.org: "circuit_package_relay_cell(): Bug: outgoing relay cell sent from ../src/or/relay.c:737 has n_chan==NULL. Dropping. (on Tor 0.3.0.9 22b3bf094e327093)https://gitlab.torproject.org/tpo/core/tor/-/issues/11474Tor Software Error2020-06-27T14:03:10ZTracTor Software Error[Fri Apr 11 11:26:03 2014] Tor Software Error - The Tor software encountered an internal bug. Please report the following error message to the Tor developers at bugs.torproject.org: "microdesc_free_(): Bug: microdesc_free() called from s...[Fri Apr 11 11:26:03 2014] Tor Software Error - The Tor software encountered an internal bug. Please report the following error message to the Tor developers at bugs.torproject.org: "microdesc_free_(): Bug: microdesc_free() called from src/or/microdesc.c:377, but md was still referenced 1 node(s); held_by_nodes == 1
"
**Trac**:
**Username**: internet userhttps://gitlab.torproject.org/tpo/core/tor/-/issues/9092Tor Software Error2020-06-27T14:04:16ZTracTor Software ErrorThe Tor software encountered an internal bug. Please report the following error message to the Tor developers at bugs.torproject.org: "circuit_build_times_network_close(): Bug: Circuit somehow completed a hop while the network was not li...The Tor software encountered an internal bug. Please report the following error message to the Tor developers at bugs.torproject.org: "circuit_build_times_network_close(): Bug: Circuit somehow completed a hop while the network was not live. Network was last live at 2013-06-18 09:24:53, but circuit launched at 2013-06-18 09:24:54. It's now 2013-06-18 09:25:28.
"
**Trac**:
**Username**: vskTor: 0.2.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/8466Tor Software Error2020-06-27T14:04:36ZTracTor Software Error[Mi 13. mar. 19:18:05 2013] Tor Software Error - The Tor software encountered an internal bug. Please report the following error message to the Tor developers at bugs.torproject.org: "microdesc_free(): Bug: microdesc_free() called, but m...[Mi 13. mar. 19:18:05 2013] Tor Software Error - The Tor software encountered an internal bug. Please report the following error message to the Tor developers at bugs.torproject.org: "microdesc_free(): Bug: microdesc_free() called, but md was still referenced 1 node(s); held_by_nodes == 1
"
**Trac**:
**Username**: krowniroshttps://gitlab.torproject.org/tpo/core/tor/-/issues/10814tor software error report.2020-06-27T14:03:29Zcypherpunkstor software error report.[Thu Feb 6 00:00:01 2014] Tor Software Error - The Tor software encountered an internal bug. Please report the following error message to the Tor developers at bugs.torproject.org: "microdesc_free(): Bug: microdesc_free() called, but md ...[Thu Feb 6 00:00:01 2014] Tor Software Error - The Tor software encountered an internal bug. Please report the following error message to the Tor developers at bugs.torproject.org: "microdesc_free(): Bug: microdesc_free() called, but md was still referenced 1 node(s); held_by_nodes == 1
"