Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
Changes in version 0.2.4.10-alpha - 2013-02-04
Tor 0.2.4.10-alpha adds defenses at the directory authority level from
certain attacks that flood the network with relays; changes the queue
for circuit create requests from a sized-based limit to a time-based
limit; resumes building with MSVC on Windows; and fixes a wide variety
of other issues.
o Major bugfixes (directory authority):
- When computing directory thresholds, ignore any rejected-as-sybil
nodes during the computation so that they can't influence Fast,
Guard, etc. (We shoud have done this for proposal 109.) Fixes
bug 8146.
- When marking a node as a likely sybil, reset its uptime metrics
to zero, so that it cannot time towards getting marked as Guard,
Stable, or HSDir. (We shoud have done this for proposal 109.) Fixes
bug 8147.
o Major bugfixes:
- When a TLS write is partially successful but incomplete, remember
that the flushed part has been flushed, and notice that bytes were
actually written. Reported and fixed pseudonymously. Fixes bug
7708; bugfix on Tor 0.1.0.5-rc.
- Reject bogus create and relay cells with 0 circuit ID or 0 stream
ID: these could be used to create unexpected streams and circuits
which would count as "present" to some parts of Tor but "absent"
to others, leading to zombie circuits and streams or to a bandwidth
denial-of-service. Fixes bug 7889; bugfix on every released version
of Tor. Reported by "oftc_must_be_destroyed".
- Rename all macros in our local copy of queue.h to begin with "TOR_".
This change seems the only good way to permanently prevent conflicts
with queue.h on various operating systems. Fixes bug 8107; bugfix
on 0.2.4.6-alpha.
o Major features (relay):
- Instead of limiting the number of queued onionskins (aka circuit
create requests) to a fixed, hard-to-configure number, we limit
the size of the queue based on how many we expect to be able to
process in a given amount of time. We estimate the time it will
take to process an onionskin based on average processing time
of previous onionskins. Closes ticket 7291. You'll never have to
configure MaxOnionsPending again.
o Major features (portability):
- Resume building correctly with MSVC and Makefile.nmake. This patch
resolves numerous bugs and fixes reported by ultramage, including
7305, 7308, 7309, 7310, 7312, 7313, 7315, 7316, and 7669.
- Make the ntor and curve25519 code build correctly with MSVC.
Fix on 0.2.4.8-alpha.
o Minor features:
- When directory authorities are computing thresholds for flags,
never let the threshold for the Fast flag fall below 4096
bytes. Also, do not consider nodes with extremely low bandwidths
when deciding thresholds for various directory flags. This change
should raise our threshold for Fast relays, possibly in turn
improving overall network performance; see ticket 1854. Resolves
ticket 8145.
- The Tor client now ignores sub-domain components of a .onion
address. This change makes HTTP "virtual" hosting
possible: http://foo.aaaaaaaaaaaaaaaa.onion/ and
http://bar.aaaaaaaaaaaaaaaa.onion/ can be two different websites
hosted on the same hidden service. Implements proposal 204.
- We compute the overhead from passing onionskins back and forth to
cpuworkers, and report it when dumping statistics in response to
SIGUSR1. Supports ticket 7291.
o Minor features (path selection):
- When deciding whether we have enough descriptors to build circuits,
instead of looking at raw relay counts, look at which fraction
of (bandwidth-weighted) paths we're able to build. This approach
keeps clients from building circuits if their paths are likely to
stand out statistically. The default fraction of paths needed is
taken from the consensus directory; you can override it with the
new PathsNeededToBuildCircuits option. Fixes ticket 5956.
- When any country code is listed in ExcludeNodes or ExcludeExitNodes,
and we have GeoIP information, also exclude all nodes with unknown
countries "??" and "A1". This behavior is controlled by the
new GeoIPExcludeUnknown option: you can make such nodes always
excluded with "GeoIPExcludeUnknown 1", and disable the feature
with "GeoIPExcludeUnknown 0". Setting "GeoIPExcludeUnknown auto"
gets you the default behavior. Implements feature 7706.
- Path Use Bias: Perform separate accounting for successful circuit
use. Keep separate statistics on stream attempt rates versus stream
success rates for each guard. Provide configurable thresholds to
determine when to emit log messages or disable use of guards that
fail too many stream attempts. Resolves ticket 7802.
o Minor features (log messages):
- When learning a fingerprint for a bridge, log its corresponding
transport type. Implements ticket 7896.
- Improve the log message when "Bug/attack: unexpected sendme cell
from client" occurs, to help us track bug 8093.
o Minor bugfixes:
- Remove a couple of extraneous semicolons that were upsetting the
cparser library. Patch by Christian Grothoff. Fixes bug 7115;
bugfix on 0.2.2.1-alpha.
- Remove a source of rounding error during path bias count scaling;
don't count cannibalized circuits as used for path bias until we
actually try to use them; and fix a circuit_package_relay_cell()
warning message about n_chan==NULL. Fixes bug 7802.
- Detect nacl when its headers are in a nacl/ subdirectory. Also,
actually link against nacl when we're configured to use it. Fixes
bug 7972; bugfix on 0.2.4.8-alpha.
- Compile correctly with the --disable-curve25519 option. Fixes
bug 8153; bugfix on 0.2.4.8-alpha.
o Build improvements:
- Do not report status verbosely from autogen.sh unless the -v flag
is specified. Fixes issue 4664. Patch from Onizuka.
- Replace all calls to snprintf() outside of src/ext with
tor_snprintf(). Also remove the #define to replace snprintf with
_snprintf on Windows; they have different semantics, and all of
our callers should be using tor_snprintf() anyway. Fixes bug 7304.
- Try to detect if we are ever building on a platform where
memset(...,0,...) does not set the value of a double to 0.0. Such
platforms are permitted by the C standard, though in practice
they're pretty rare (since IEEE 754 is nigh-ubiquitous). We don't
currently support them, but it's better to detect them and fail
than to perform erroneously.
o Removed features:
- Stop exporting estimates of v2 and v3 directory traffic shares
in extrainfo documents. They were unneeded and sometimes inaccurate.
Also stop exporting any v2 directory request statistics. Resolves
ticket 5823.
- Drop support for detecting and warning about versions of Libevent
before 1.3e. Nothing reasonable ships with them any longer;
warning the user about them shouldn't be needed. Resolves ticket
6826.
o Code simplifications and refactoring:
- Rename "isin" functions to "contains", for grammar. Resolves
ticket 5285.
- Rename Tor's logging function log() to tor_log(), to avoid conflicts
with the natural logarithm function from the system libm. Resolves
ticket 7599.
Changes in version 0.2.4.9-alpha - 2013-01-15
Tor 0.2.4.9-alpha provides a quick fix to make the new ntor handshake
work more robustly.
o Major bugfixes:
- Fix backward compatibility logic when receiving an embedded ntor
handshake tunneled in a CREATE cell. This clears up the "Bug:
couldn't format CREATED cell" warning. Fixes bug 7959; bugfix
on 0.2.4.8-alpha.
Changes in version 0.2.4.8-alpha - 2013-01-14
Tor 0.2.4.8-alpha introduces directory guards to reduce user enumeration
risks, adds a new stronger and faster circuit handshake, and offers
stronger and faster link encryption when both sides support it.
o Major features:
- Preliminary support for directory guards (proposal 207): when
possible, clients now use their entry guards for non-anonymous
directory requests. This can help prevent client enumeration. Note
that this behavior only works when we have a usable consensus
directory, and when options about what to download are more or less
standard. In the future we should re-bootstrap from our guards,
rather than re-bootstrapping from the preconfigured list of
directory sources that ships with Tor. Resolves ticket 6526.
- Tor relays and clients now support a better CREATE/EXTEND cell
format, allowing the sender to specify multiple address, identity,
and handshake types. Implements Robert Ransom's proposal 200;
closes ticket 7199.
o Major features (new circuit handshake):
- Tor now supports a new circuit extension handshake designed by Ian
Goldberg, Douglas Stebila, and Berkant Ustaoglu. Our original
circuit extension handshake, later called "TAP", was a bit slow
(especially on the relay side), had a fragile security proof, and
used weaker keys than we'd now prefer. The new circuit handshake
uses Dan Bernstein's "curve25519" elliptic-curve Diffie-Hellman
function, making it significantly more secure than the older
handshake, and significantly faster. Tor can use one of two built-in
pure-C curve25519-donna implementations by Adam Langley, or it
can link against the "nacl" library for a tuned version if present.
The built-in version is very fast for 64-bit systems when building
with GCC. The built-in 32-bit version is still faster than the
old TAP protocol, but using libnacl is better on most such hosts.
Clients don't currently use this protocol by default, since
comparatively few clients support it so far. To try it, set
UseNTorHandshake to 1.
Implements proposal 216; closes ticket 7202.
o Major features (better link encryption):
- Relays can now enable the ECDHE TLS ciphersuites when available
and appropriate. These ciphersuites let us negotiate forward-secure
TLS secret keys more safely and more efficiently than with our
previous use of Diffie-Hellman modulo a 1024-bit prime. By default,
public relays prefer the (faster) P224 group, and bridges prefer
the (more common) P256 group; you can override this with the
TLSECGroup option.
Enabling these ciphers was a little tricky, since for a long time,
clients had been claiming to support them without actually doing
so, in order to foil fingerprinting. But with the client-side
implementation of proposal 198 in 0.2.3.17-beta, clients can now
match the ciphers from recent Firefox versions *and* list the
ciphers they actually mean, so relays can believe such clients
when they advertise ECDHE support in their TLS ClientHello messages.
This feature requires clients running 0.2.3.17-beta or later,
and requires both sides to be running OpenSSL 1.0.0 or later
with ECC support. OpenSSL 1.0.1, with the compile-time option
"enable-ec_nistp_64_gcc_128", is highly recommended.
Implements the relay side of proposal 198; closes ticket 7200.
- Avoid crashing when, as a relay without IPv6-exit support, a
client insists on getting an IPv6 address or nothing. Fixes bug
7814; bugfix on 0.2.4.7-alpha.
o Minor features:
- Improve circuit build timeout handling for hidden services.
In particular: adjust build timeouts more accurately depending
upon the number of hop-RTTs that a particular circuit type
undergoes. Additionally, launch intro circuits in parallel
if they timeout, and take the first one to reply as valid.
- Work correctly on Unix systems where EAGAIN and EWOULDBLOCK are
separate error codes; or at least, don't break for that reason.
Fixes bug 7935. Reported by "oftc_must_be_destroyed".
- Update to the January 2 2013 Maxmind GeoLite Country database.
o Minor features (testing):
- Add benchmarks for DH (1024-bit multiplicative group) and ECDH
(P-256) Diffie-Hellman handshakes to src/or/bench.
- Add benchmark functions to test onion handshake performance.
o Minor features (path bias detection):
- Alter the Path Bias log messages to be more descriptive in terms
of reporting timeouts and other statistics.
- Create three levels of Path Bias log messages, as opposed to just
two. These are configurable via consensus as well as via the torrc
options PathBiasNoticeRate, PathBiasWarnRate, PathBiasExtremeRate.
The default values are 0.70, 0.50, and 0.30 respectively.
- Separate the log message levels from the decision to drop guards,
which also is available via torrc option PathBiasDropGuards.
PathBiasDropGuards still defaults to 0 (off).
- Deprecate PathBiasDisableRate in favor of PathBiasDropGuards
in combination with PathBiasExtremeRate.
- Increase the default values for PathBiasScaleThreshold and
PathBiasCircThreshold from (200, 20) to (300, 150).
- Add in circuit usage accounting to path bias. If we try to use a
built circuit but fail for any reason, it counts as path bias.
Certain classes of circuits where the adversary gets to pick your
destination node are exempt from this accounting. Usage accounting
can be specifically disabled via consensus parameter or torrc.
- Convert all internal path bias state to double-precision floating
point, to avoid roundoff error and other issues.
- Only record path bias information for circuits that have completed
*two* hops. Assuming end-to-end tagging is the attack vector, this
makes us more resilient to ambient circuit failure without any
- Rate-limit the "No circuits are opened. Relaxed timeout for a
circuit with channel state open..." message to once per hour to
keep it from filling the notice logs. Mitigates bug 7799 but does
not fix the underlying cause. Bugfix on 0.2.4.7-alpha.
- Avoid spurious warnings when configuring multiple client ports of
which only some are nonlocal. Previously, we had claimed that some
were nonlocal when in fact they weren't. Fixes bug 7836; bugfix on
0.2.3.3-alpha.
o Code simplifications and refactoring:
- Get rid of a couple of harmless clang warnings, where we compared
enums to ints. These warnings are newly introduced in clang 3.2.
- Split the onion.c file into separate modules for the onion queue
and the different handshakes it supports.
- Remove the marshalling/unmarshalling code for sending requests to
cpuworkers over a socket, and instead just send structs. The
recipient will always be the same Tor binary as the sender, so
any encoding is overkill.
Changes in version 0.2.4.7-alpha - 2012-12-24
Tor 0.2.4.7-alpha introduces a new approach to providing fallback
directory mirrors for more robust bootstrapping; fixes more issues where
clients with changing network conditions refuse to make any circuits;
adds initial support for exiting to IPv6 addresses; resumes being able
to update our GeoIP database, and includes the geoip6 file this time;
turns off the client-side DNS cache by default due to privacy risks;
and fixes a variety of other issues.
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
o Major features (client resilience):
- Add a new "FallbackDir" torrc option to use when we can't use
a directory mirror from the consensus (either because we lack a
consensus, or because they're all down). Currently, all authorities
are fallbacks by default, and there are no other default fallbacks,
but that will change. This option will allow us to give clients a
longer list of servers to try to get a consensus from when first
connecting to the Tor network, and thereby reduce load on the
directory authorities. Implements proposal 206, "Preconfigured
directory sources for bootstrapping". We also removed the old
"FallbackNetworkstatus" option, since we never got it working well
enough to use it. Closes bug 572.
- If we have no circuits open, use a relaxed timeout (the
95-percentile cutoff) until a circuit succeeds. This heuristic
should allow Tor to succeed at building circuits even when the
network connection drastically changes. Should help with bug 3443.
o Major features (IPv6):
- Tor now has (alpha) support for exiting to IPv6 addresses. To
enable it as an exit node, make sure that you have IPv6
connectivity, then set the IPv6Exit flag to 1. Also make sure your
exit policy reads as you would like: the address * applies to all
address families, whereas *4 is IPv4 address only, and *6 is IPv6
addresses only. On the client side, you'll need to wait until the
authorities have upgraded, wait for enough exits to support IPv6,
apply the "IPv6Traffic" flag to a SocksPort, and use Socks5. Closes
ticket 5547, implements proposal 117 as revised in proposal 208.
We DO NOT recommend that clients with actual anonymity needs start
using IPv6 over Tor yet, since not enough exits support it yet.
o Major features (geoip database):
- Maxmind began labelling Tor relays as being in country "A1",
which breaks by-country node selection inside Tor. Now we use a
script to replace "A1" ("Anonymous Proxy") entries in our geoip
file with real country codes. This script fixes about 90% of "A1"
entries automatically and uses manual country code assignments to
fix the remaining 10%. See src/config/README.geoip for details.
Fixes bug 6266. Also update to the December 5 2012 Maxmind GeoLite
Country database, as modified above.
o Major bugfixes (client-side DNS):
- Turn off the client-side DNS cache by default. Updating and using
the DNS cache is now configurable on a per-client-port
level. SOCKSPort, DNSPort, etc lines may now contain
{No,}Cache{IPv4,IPv6,}DNS lines to indicate that we shouldn't
cache these types of DNS answers when we receive them from an
exit node in response to an application request on this port, and
{No,}UseCached{IPv4,IPv6,DNS} lines to indicate that if we have
cached DNS answers of these types, we shouldn't use them. It's
potentially risky to use cached DNS answers at the client, since
doing so can indicate to one exit what answers we've gotten
for DNS lookups in the past. With IPv6, this becomes especially
problematic. Using cached DNS answers for requests on the same
circuit would present less linkability risk, since all traffic
on a circuit is already linkable, but it would also provide
little performance benefit: the exit node caches DNS replies
too. Implements a simplified version of Proposal 205. Implements
ticket 7570.
o Major bugfixes (other):
- Alter circuit build timeout measurement to start at the point
where we begin the CREATE/CREATE_FAST step (as opposed to circuit
initialization). This should make our timeout measurements more
uniform. Previously, we were sometimes including ORconn setup time
in our circuit build time measurements. Should resolve bug 3443.
- Fix an assertion that could trigger in hibernate_go_dormant() when
closing an or_connection_t: call channel_mark_for_close() rather
than connection_mark_for_close(). Fixes bug 7267. Bugfix on
0.2.4.4-alpha.
- Include the geoip6 IPv6 GeoIP database in the tarball. Fixes bug
7655; bugfix on 0.2.4.6-alpha.
o Minor features:
- Add a new torrc option "ServerTransportListenAddr" to let bridge
operators select the address where their pluggable transports will
listen for connections. Resolves ticket 7013.
- Allow an optional $ before the node identity digest in the
controller command GETINFO ns/id/<identity>, for consistency with
md/id/<identity> and desc/id/<identity>. Resolves ticket 7059.
- Log packaged cell fullness as part of the heartbeat message.
Diagnosis to try to determine the extent of bug 7743.
o Minor features (IPv6):
- AutomapHostsOnResolve now supports IPv6 addresses. By default, we
prefer to hand out virtual IPv6 addresses, since there are more of
them and we can't run out. To override this behavior and make IPv4
addresses preferred, set NoPreferIPv6Automap on whatever SOCKSPort
or DNSPort you're using for resolving. Implements ticket 7571.
- AutomapHostsOnResolve responses are now randomized, to avoid
annoying situations where Tor is restarted and applications
connect to the wrong addresses.
- Never try more than 1000 times to pick a new virtual address when
AutomapHostsOnResolve is set. That's good enough so long as we
aren't close to handing out our entire virtual address space;
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
if you're getting there, it's best to switch to IPv6 virtual
addresses anyway.
o Minor bugfixes:
- The ADDRMAP command can no longer generate an ill-formed error
code on a failed MAPADDRESS. It now says "internal" rather than
an English sentence fragment with spaces in the middle. Bugfix on
Tor 0.2.0.19-alpha.
- Fix log messages and comments to avoid saying "GMT" when we mean
"UTC". Fixes bug 6113.
- Compile on win64 using mingw64. Fixes bug 7260; patches from
"yayooo".
- Fix a crash when debugging unit tests on Windows: deallocate a
shared library with FreeLibrary, not CloseHandle. Fixes bug 7306;
bugfix on 0.2.2.17-alpha. Reported by "ultramage".
o Renamed options:
- The DirServer option is now DirAuthority, for consistency with
current naming patterns. You can still use the old DirServer form.
o Code simplification and refactoring:
- Move the client-side address-map/virtual-address/DNS-cache code
out of connection_edge.c into a new addressmap.c module.
- Remove unused code for parsing v1 directories and "running routers"
documents. Fixes bug 6887.
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
Changes in version 0.2.3.25 - 2012-11-19
The Tor 0.2.3 release series is dedicated to the memory of Len "rabbi"
Sassaman (1980-2011), a long-time cypherpunk, anonymity researcher,
Mixmaster maintainer, Pynchon Gate co-designer, CodeCon organizer,
programmer, and friend. Unstinting in his dedication to the cause of
freedom, he inspired and helped many of us as we began our work on
anonymity, and inspires us still. Please honor his memory by writing
software to protect people's freedoms, and by helping others to do so.
Tor 0.2.3.25, the first stable release in the 0.2.3 branch, features
significantly reduced directory overhead (via microdescriptors),
enormous crypto performance improvements for fast relays on new
enough hardware, a new v3 TLS handshake protocol that can better
resist fingerprinting, support for protocol obfuscation plugins (aka
pluggable transports), better scalability for hidden services, IPv6
support for bridges, performance improvements like allowing clients
to skip the first round-trip on the circuit ("optimistic data") and
refilling token buckets more often, a new "stream isolation" design
to isolate different applications on different circuits, and many
stability, security, and privacy fixes.
o Major bugfixes:
- Tor tries to wipe potentially sensitive data after using it, so
that if some subsequent security failure exposes Tor's memory,
the damage will be limited. But we had a bug where the compiler
was eliminating these wipe operations when it decided that the
memory was no longer visible to a (correctly running) program,
hence defeating our attempt at defense in depth. We fix that
by using OpenSSL's OPENSSL_cleanse() operation, which a compiler
is unlikely to optimize away. Future versions of Tor may use
a less ridiculously heavy approach for this. Fixes bug 7352.
Reported in an article by Andrey Karpov.
o Minor bugfixes:
- Fix a harmless bug when opting against publishing a relay descriptor
because DisableNetwork is set. Fixes bug 7464; bugfix on
0.2.3.9-alpha.
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
Changes in version 0.2.4.6-alpha - 2012-11-13
Tor 0.2.4.6-alpha fixes an assert bug that has been plaguing relays,
makes our defense-in-depth memory wiping more reliable, and begins to
count IPv6 addresses in bridge statistics,
o Major bugfixes:
- Fix an assertion failure that could occur when closing a connection
with a spliced rendezvous circuit. Fix for bug 7212; bugfix on
Tor 0.2.4.4-alpha.
- Tor tries to wipe potentially sensitive data after using it, so
that if some subsequent security failure exposes Tor's memory,
the damage will be limited. But we had a bug where the compiler
was eliminating these wipe operations when it decided that the
memory was no longer visible to a (correctly running) program,
hence defeating our attempt at defense in depth. We fix that
by using OpenSSL's OPENSSL_cleanse() operation, which a compiler
is unlikely to optimize away. Future versions of Tor may use
a less ridiculously heavy approach for this. Fixes bug 7352.
Reported in an article by Andrey Karpov.
o Minor features:
- Add GeoIP database for IPv6 addresses. The new config option
is GeoIPv6File.
- Bridge statistics now count bridge clients connecting over IPv6:
bridge statistics files now list "bridge-ip-versions" and
extra-info documents list "geoip6-db-digest". The control protocol
"CLIENTS_SEEN" and "ip-to-country" queries now support IPv6. Initial
implementation by "shkoo", addressing ticket 5055.
o Minor bugfixes:
- Warn when we are binding low ports when hibernation is enabled;
previously we had warned when we were _advertising_ low ports with
hibernation enabled. Fixes bug 7285; bugfix on 0.2.3.9-alpha.
- Fix a harmless bug when opting against publishing a relay descriptor
because DisableNetwork is set. Fixes bug 7464; bugfix on
0.2.3.9-alpha.
- Add warning message when a managed proxy dies during configuration.
Fixes bug 7195; bugfix on 0.2.4.2-alpha.
- Fix a linking error when building tor-fw-helper without miniupnp.
Fixes bug 7235; bugfix on 0.2.4.2-alpha. Fix by Anthony G. Basile.
- Check for closing an or_connection_t without going through correct
channel functions; emit a warning and then call
connection_or_close_for_error() so we don't assert as in bugs 7212
and 7267.
- Compile correctly on compilers without C99 designated initializer
support. Fixes bug 7286; bugfix on 0.2.4.4-alpha.
- Avoid a possible assert that can occur when channel_send_destroy() is
called on a channel in CHANNEL_STATE_CLOSING, CHANNEL_STATE_CLOSED,
or CHANNEL_STATE_ERROR when the Tor process is resumed after being
blocked for a long interval. Fixes bug 7350; bugfix on 0.2.4.4-alpha.
- Fix a memory leak on failing cases of channel_tls_process_certs_cell.
Fixes bug 7422; bugfix on 0.2.4.4-alpha.
o Code simplification and refactoring:
- Start using OpenBSD's implementation of queue.h, so that we don't
need to hand-roll our own pointer and list structures whenever we
need them. (We can't rely on a sys/queue.h, since some operating
systems don't have them, and the ones that do have them don't all
present the same extensions.)
Changes in version 0.2.4.5-alpha - 2012-10-25
Tor 0.2.4.5-alpha comes hard at the heels of 0.2.4.4-alpha, to fix
two important security vulnerabilities that could lead to remotely
triggerable relay crashes, fix a major bug that was preventing clients
from choosing suitable exit nodes, and refactor some of our code.
o Major bugfixes (security, also in 0.2.3.24-rc):
- Fix a group of remotely triggerable assertion failures related to
incorrect link protocol negotiation. Found, diagnosed, and fixed
by "some guy from France". Fix for CVE-2012-2250; bugfix on
- Fix a denial of service attack by which any directory authority
could crash all the others, or by which a single v2 directory
authority could crash everybody downloading v2 directory
information. Fixes bug 7191; bugfix on 0.2.0.10-alpha.
o Major bugfixes (also in 0.2.3.24-rc):
- When parsing exit policy summaries from microdescriptors, we had
previously been ignoring the last character in each one, so that
"accept 80,443,8080" would be treated by clients as indicating
a node that allows access to ports 80, 443, and 808. That would
lead to clients attempting connections that could never work,
and ignoring exit nodes that would support their connections. Now
clients parse these exit policy summaries correctly. Fixes bug 7192;
bugfix on 0.2.3.1-alpha.
o Minor bugfixes (also in 0.2.3.24-rc):
- Clients now consider the ClientRejectInternalAddresses config option
when using a microdescriptor consensus stanza to decide whether
an exit relay would allow exiting to an internal address. Fixes
bug 7190; bugfix on 0.2.3.1-alpha.
o Minor bugfixes:
- Only disable TLS session ticket support when running as a TLS
connections. Fixes bug 7189; bugfix on Tor 0.2.3.23-rc.
o Code simplification and refactoring:
- Start using OpenBSD's implementation of queue.h (originally by
Niels Provos).
- Move the entry node code from circuitbuild.c to its own file.
- Move the circuit build timeout tracking code from circuitbuild.c
to its own file.
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
Changes in version 0.2.3.24-rc - 2012-10-25
Tor 0.2.3.24-rc fixes two important security vulnerabilities that
could lead to remotely triggerable relay crashes, and fixes
a major bug that was preventing clients from choosing suitable exit
nodes.
o Major bugfixes (security):
- Fix a group of remotely triggerable assertion failures related to
incorrect link protocol negotiation. Found, diagnosed, and fixed
by "some guy from France". Fix for CVE-2012-2250; bugfix on
0.2.3.6-alpha.
- Fix a denial of service attack by which any directory authority
could crash all the others, or by which a single v2 directory
authority could crash everybody downloading v2 directory
information. Fixes bug 7191; bugfix on 0.2.0.10-alpha.
o Major bugfixes:
- When parsing exit policy summaries from microdescriptors, we had
previously been ignoring the last character in each one, so that
"accept 80,443,8080" would be treated by clients as indicating
a node that allows access to ports 80, 443, and 808. That would
lead to clients attempting connections that could never work,
and ignoring exit nodes that would support their connections. Now
clients parse these exit policy summaries correctly. Fixes bug 7192;
bugfix on 0.2.3.1-alpha.
o Minor bugfixes:
- Clients now consider the ClientRejectInternalAddresses config option
when using a microdescriptor consensus stanza to decide whether
an exit relay would allow exiting to an internal address. Fixes
bug 7190; bugfix on 0.2.3.1-alpha.
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
Changes in version 0.2.4.4-alpha - 2012-10-20
Tor 0.2.4.4-alpha adds a new v3 directory authority, fixes a privacy
vulnerability introduced by a change in OpenSSL, fixes a remotely
triggerable assert, and adds new channel_t and circuitmux_t abstractions
that will make it easier to test new connection transport and cell
scheduling algorithms.
o New directory authorities (also in 0.2.3.23-rc):
- Add Faravahar (run by Sina Rabbani) as the ninth v3 directory
authority. Closes ticket 5749.
o Major bugfixes (security/privacy, also in 0.2.3.23-rc):
- Disable TLS session tickets. OpenSSL's implementation was giving
our TLS session keys the lifetime of our TLS context objects, when
perfect forward secrecy would want us to discard anything that
could decrypt a link connection as soon as the link connection
was closed. Fixes bug 7139; bugfix on all versions of Tor linked
against OpenSSL 1.0.0 or later. Found by Florent Daignière.
- Discard extraneous renegotiation attempts once the V3 link
protocol has been initiated. Failure to do so left us open to
a remotely triggerable assertion failure. Fixes CVE-2012-2249;
bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
o Internal abstraction features:
- Introduce new channel_t abstraction between circuits and
or_connection_t to allow for implementing alternate OR-to-OR
transports. A channel_t is an abstract object which can either be a
cell-bearing channel, which is responsible for authenticating and
handshaking with the remote OR and transmitting cells to and from
it, or a listening channel, which spawns new cell-bearing channels
at the request of remote ORs. Implements part of ticket 6465.
- Also new is the channel_tls_t subclass of channel_t, adapting it
to the existing or_connection_t code. The V2/V3 protocol handshaking
code which formerly resided in command.c has been moved below the
channel_t abstraction layer and may be found in channeltls.c now.
Implements the rest of ticket 6465.
- Introduce new circuitmux_t storing the queue of circuits for
a channel; this encapsulates and abstracts the queue logic and
circuit selection policy, and allows the latter to be overridden
easily by switching out a policy object. The existing EWMA behavior
is now implemented as a circuitmux_policy_t. Resolves ticket 6816.
o Required libraries:
- Tor now requires OpenSSL 0.9.8 or later. OpenSSL 1.0.0 or later is
strongly recommended.
o Minor features:
- Warn users who run hidden services on a Tor client with
UseEntryGuards disabled that their hidden services will be
vulnerable to http://freehaven.net/anonbib/#hs-attack06 (the
attack which motivated Tor to support entry guards in the first
place). Resolves ticket 6889.
- Tor now builds correctly on Bitrig, an OpenBSD fork. Patch from
dhill. Resolves ticket 6982.
Nick Mathewson
committed
- Option OutboundBindAddress can be specified multiple times and
accepts IPv6 addresses. Resolves ticket 6876.
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
o Minor bugfixes (also in 0.2.3.23-rc):
- Don't serve or accept v2 hidden service descriptors over a
relay's DirPort. It's never correct to do so, and disabling it
might make it more annoying to exploit any bugs that turn up in the
descriptor-parsing code. Fixes bug 7149.
- Fix two cases in src/or/transports.c where we were calling
fmt_addr() twice in a parameter list. Bug found by David
Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha.
- Fix memory leaks whenever we logged any message about the "path
bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc.
- When relays refuse a "create" cell because their queue of pending
create cells is too big (typically because their cpu can't keep up
with the arrival rate), send back reason "resource limit" rather
than reason "internal", so network measurement scripts can get a
more accurate picture. Fixes bug 7037; bugfix on 0.1.1.11-alpha.
o Minor bugfixes:
- Command-line option "--version" implies "--quiet". Fixes bug 6997.
- Free some more still-in-use memory at exit, to make hunting for
memory leaks easier. Resolves bug 7029.
- When a Tor client gets a "truncated" relay cell, the first byte of
its payload specifies why the circuit was truncated. We were
ignoring this 'reason' byte when tearing down the circuit, resulting
in the controller not being told why the circuit closed. Now we
pass the reason from the truncated cell to the controller. Bugfix
on 0.1.2.3-alpha; fixes bug 7039.
- Downgrade "Failed to hand off onionskin" messages to "debug"
severity, since they're typically redundant with the "Your computer
is too slow" messages. Fixes bug 7038; bugfix on 0.2.2.16-alpha.
- Make clients running with IPv6 bridges connect over IPv6 again,
even without setting new config options ClientUseIPv6 and
ClientPreferIPv6ORPort. Fixes bug 6757; bugfix on 0.2.4.1-alpha.
- Use square brackets around IPv6 addresses in numerous places
that needed them, including log messages, HTTPS CONNECT proxy
requests, TransportProxy statefile entries, and pluggable transport
extra-info lines. Fixes bug 7011; patch by David Fifield.
o Code refactoring and cleanup:
- Source files taken from other packages now reside in src/ext;
previously they were scattered around the rest of Tor.
- Avoid use of reserved identifiers in our C code. The C standard
doesn't like us declaring anything that starts with an
underscore, so let's knock it off before we get in trouble. Fix
for bug 1031; bugfix on the first Tor commit.
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
Changes in version 0.2.3.23-rc - 2012-10-20
Tor 0.2.3.23-rc adds a new v3 directory authority, fixes a privacy
vulnerability introduced by a change in OpenSSL, and fixes a variety
of smaller bugs in preparation for the release.
o New directory authorities:
- Add Faravahar (run by Sina Rabbani) as the ninth v3 directory
authority. Closes ticket 5749.
o Major bugfixes (security/privacy):
- Disable TLS session tickets. OpenSSL's implementation was giving
our TLS session keys the lifetime of our TLS context objects, when
perfect forward secrecy would want us to discard anything that
could decrypt a link connection as soon as the link connection
was closed. Fixes bug 7139; bugfix on all versions of Tor linked
against OpenSSL 1.0.0 or later. Found by Florent Daignière.
- Discard extraneous renegotiation attempts once the V3 link
protocol has been initiated. Failure to do so left us open to
a remotely triggerable assertion failure. Fixes CVE-2012-2249;
bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
o Major bugfixes:
- Fix a possible crash bug when checking for deactivated circuits
in connection_or_flush_from_first_active_circuit(). Fixes bug 6341;
bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously.
o Minor bugfixes (on 0.2.3.x):
- Fix two cases in src/or/transports.c where we were calling
fmt_addr() twice in a parameter list. Bug found by David
Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha.
- Convert an assert in the pathbias code to a log message. The assert
appears to only be triggerable by Tor2Web mode. Fixes bug 6866;
bugfix on 0.2.3.17-beta.
- Fix memory leaks whenever we logged any message about the "path
bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc.
o Minor bugfixes (on 0.2.2.x and earlier):
- Don't serve or accept v2 hidden service descriptors over a relay's
DirPort. It's never correct to do so, and disabling it might
make it more annoying to exploit any bugs that turn up in the
descriptor-parsing code. Fixes bug 7149.
- When relays refuse a "create" cell because their queue of pending
create cells is too big (typically because their cpu can't keep up
with the arrival rate), send back reason "resource limit" rather
than reason "internal", so network measurement scripts can get a
more accurate picture. Bugfix on 0.1.1.11-alpha; fixes bug 7037.
- Correct file sizes when reading binary files on Cygwin, to avoid
a bug where Tor would fail to read its state file. Fixes bug 6844;
bugfix on 0.1.2.7-alpha.
- Avoid undefined behaviour when parsing the list of supported
rendezvous/introduction protocols in a hidden service descriptor.
Previously, Tor would have confused (as-yet-unused) protocol version
numbers greater than 32 with lower ones on many platforms. Fixes
bug 6827; bugfix on 0.2.0.10-alpha. Found by George Kadianakis.
o Documentation fixes:
- Clarify that hidden services are TCP only. Fixes bug 6024.
Changes in version 0.2.4.3-alpha - 2012-09-22
Tor 0.2.4.3-alpha fixes another opportunity for a remotely triggerable
assertion, resumes letting relays test reachability of their DirPort,
and cleans up a bunch of smaller bugs.
o Security fixes:
- Fix an assertion failure in tor_timegm() that could be triggered
by a badly formatted directory object. Bug found by fuzzing with
Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
o Major bugfixes:
- Fix a possible crash bug when checking for deactivated circuits
in connection_or_flush_from_first_active_circuit(). Fixes bug 6341;
bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously.
- Allow routers to detect that their own DirPorts are running. When
we removed support for versions_supports_begindir, we also
accidentally removed the mechanism we used to self-test our
DirPort. Diagnosed with help from kargig. Fixes bugs 6814 and 6815;
bugfix on 0.2.4.2-alpha.
o Security features:
- Switch to a completely time-invariant approach for picking nodes
weighted by bandwidth. Our old approach would run through the
part of the loop after it had made its choice slightly slower
than it ran through the part of the loop before it had made its
choice. Addresses ticket 6538.
- Disable the use of Guard nodes when in Tor2WebMode. Guard usage
by tor2web clients allows hidden services to identity tor2web
clients through their repeated selection of the same rendezvous
and introduction point circuit endpoints (their guards). Resolves
ticket 6888.
o Minor features:
- Enable Tor to read configuration, state, and key information from
a FIFO. Previously Tor would only read from files with a positive
stat.st_size. Code from meejah; fixes bug 6044.
o Minor bugfixes:
- Correct file sizes when reading binary files on Cygwin, to avoid
a bug where Tor would fail to read its state file. Fixes bug 6844;
bugfix on 0.1.2.7-alpha.
- Correctly handle votes with more than 31 flags. Fixes bug 6853;
bugfix on 0.2.0.3-alpha.
- When complaining about a client port on a public address, log
which address we're complaining about. Fixes bug 4020; bugfix on
0.2.3.3-alpha. Patch by Tom Fitzhenry.
- Convert an assert in the pathbias code to a log message. The assert
appears to only be triggerable by Tor2Web mode. Fixes bug 6866;
bugfix on 0.2.3.17-beta.
- Our new buildsystem was overzealous about rebuilding manpages: it
would rebuild them all whenever any one of them changed. Now our
dependency checking should be correct. Fixes bug 6843; bugfix on
0.2.4.1-alpha.
- Don't do reachability testing over IPv6 unless AuthDirPublishIPv6
is set. Fixes bug 6880. Bugfix on 0.2.4.1-alpha.
- Correct log printout about which address family is preferred
when connecting to a bridge with both an IPv4 and IPv6 OR port.
Fixes bug 6884; bugfix on 0.2.4.1-alpha.
o Minor bugfixes (code cleanliness):
- Fix round_to_power_of_2() so it doesn't invoke undefined behavior
with large values. This situation was untriggered, but nevertheless
incorrect. Fixes bug 6831; bugfix on 0.2.0.1-alpha.
- Reject consensus votes with more than 64 known-flags. We aren't even
close to that limit yet, and our code doesn't handle it correctly.
Fixes bug 6833; bugfix on 0.2.0.1-alpha.
- Avoid undefined behaviour when parsing the list of supported
rendezvous/introduction protocols in a hidden service descriptor.
Previously, Tor would have confused (as-yet-unused) protocol version
numbers greater than 32 with lower ones on many platforms. Fixes
bug 6827; bugfix on 0.2.0.10-alpha. Found by George Kadianakis.
- Fix handling of rendezvous client authorization types over 8.
Fixes bug 6861; bugfix on 0.2.1.5-alpha.
- Fix building with older versions of GCC (2.95, for one) that don't
like preprocessor directives inside macro arguments. Found by
grarpamp. Fixes bug 6842; bugfix on 0.2.4.2-alpha.
- Switch weighted node selection rule from using a list of doubles
to using a list of int64_t. This change should make the process
slightly easier to debug and maintain. Needed to finish ticket 6538.
o Code simplification and refactoring:
- Move the generic "config" code into a new file, and have "config.c"
hold only torrc- and state-related code. Resolves ticket 6823.
- Move the core of our "choose a weighted element at random" logic
into its own function, and give it unit tests. Now the logic is
testable, and a little less fragile too.
- Removed the testing_since field of node_t, which hasn't been used
for anything since 0.2.0.9-alpha.
- Clarify that hidden services are TCP only. Fixes bug 6024.
- Resolve a typo in torrc.sample.in. Fixes bug 6819; bugfix on
0.2.3.14-alpha.
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
Changes in version 0.2.3.22-rc - 2012-09-11
Tor 0.2.3.22-rc fixes another opportunity for a remotely triggerable
assertion.
o Security fixes:
- Fix an assertion failure in tor_timegm() that could be triggered
by a badly formatted directory object. Bug found by fuzzing with
Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
o Minor bugfixes:
- Avoid segfault when starting up having run with an extremely old
version of Tor and parsing its state file. Fixes bug 6801; bugfix
on 0.2.2.23-alpha.
Changes in version 0.2.2.39 - 2012-09-11
Tor 0.2.2.39 fixes two more opportunities for remotely triggerable
assertions.
o Security fixes:
- Fix an assertion failure in tor_timegm() that could be triggered
by a badly formatted directory object. Bug found by fuzzing with
Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
- Do not crash when comparing an address with port value 0 to an
address policy. This bug could have been used to cause a remote
assertion failure by or against directory authorities, or to
allow some applications to crash clients. Fixes bug 6690; bugfix
on 0.2.1.10-alpha.
Changes in version 0.2.4.2-alpha - 2012-09-10
Tor 0.2.4.2-alpha enables port forwarding for pluggable transports,
raises the default rate limiting even more, and makes the bootstrapping
log messages less noisy.
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
o Major features:
- Automatically forward the TCP ports of pluggable transport
proxies using tor-fw-helper if PortForwarding is enabled. Implements
ticket 4567.
o Major bugfixes:
- Raise the default BandwidthRate/BandwidthBurst values from 5MB/10MB
to 1GB/1GB. The previous defaults were intended to be "basically
infinite", but it turns out they're now limiting our 100mbit+
relays and bridges. Fixes bug 6605; bugfix on 0.2.0.10-alpha (the
last time we raised it).
o Minor features:
- Detect when we're running with a version of OpenSSL other than the
one we compiled with. This has occasionally given people hard-to-
track-down errors.
- Log fewer lines at level "notice" about our OpenSSL and Libevent
versions and capabilities when everything is going right. Resolves
part of ticket 6736.
- Directory authorities no long accept descriptors for any version of
Tor before 0.2.2.35, or for any 0.2.3 release before 0.2.3.10-alpha.
These versions are insecure, unsupported, or both. Implements
ticket 6789.
o Minor bugfixes:
- Rename the (internal-use-only) UsingTestingNetworkDefaults option
to start with a triple-underscore so the controller won't touch it.
Patch by Meejah. Fixes bug 3155. Bugfix on 0.2.2.23-alpha.
- Avoid segfault when starting up having run with an extremely old
version of Tor and parsing its state file. Fixes bug 6801; bugfix
on 0.2.2.23-alpha.
- Rename the (testing-use-only) _UseFilteringSSLBufferevents option
so it doesn't start with _. Fixes bug 3155. Bugfix on 0.2.3.1-alpha.
- Don't follow the NULL pointer if microdescriptor generation fails.
(This does not appear to be triggerable, but it's best to be safe.)
Found by "f. tp.". Fixes bug 6797; bugfix on 0.2.4.1-alpha.
- Fix mis-declared dependencies on src/common/crypto.c and
src/or/tor_main.c that could break out-of-tree builds under some
circumstances. Fixes bug 6778; bugfix on 0.2.4.1-alpha.
- Avoid a warning when building common_sha1.i out of tree. Fixes bug
6778; bugfix on 0.2.4.1-alpha.
- Fix a harmless (in this case) build warning for implicitly
converting a strlen() to an int. Bugfix on 0.2.4.1-alpha.
o Removed features:
- Now that all versions before 0.2.2.x are disallowed, we no longer
need to work around their missing features. Thus we can remove a
bunch of compatibility code.
o Code refactoring:
- Tweak tor-fw-helper to accept an arbitrary amount of arbitrary
TCP ports to forward. In the past it only accepted two ports:
the ORPort and the DirPort.
Changes in version 0.2.4.1-alpha - 2012-09-05
Tor 0.2.4.1-alpha lets bridges publish their pluggable transports to
bridgedb; lets relays use IPv6 addresses and directory authorities
advertise them; and switches to a cleaner build interface.
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
This is the first alpha release in a new series, so expect there to
be bugs. Users who would rather test out a more stable branch should
stay with 0.2.3.x for now.
o Major features (bridges):
- Bridges now report the pluggable transports they support to the
bridge authority, so it can pass the supported transports on to
bridgedb and/or eventually do reachability testing. Implements
ticket 3589.
o Major features (IPv6):
- Bridge authorities now accept IPv6 bridge addresses and include
them in network status documents. Implements ticket 5534.
- Clients who set "ClientUseIPv6 1" may connect to entry nodes over
IPv6. Set "ClientPreferIPv6ORPort 1" to make this even more likely
to happen. Implements ticket 5535.
- All kind of relays, not just bridges, can now advertise an IPv6
OR port. Implements ticket 6362.
- Directory authorities vote on IPv6 OR ports using the new consensus
method 14. Implements ticket 6363.
o Major features (build):
- Switch to a nonrecursive Makefile structure. Now instead of each
Makefile.am invoking other Makefile.am's, there is a master
Makefile.am that includes the others. This change makes our build
process slightly more maintainable, and improves parallelism for
building with make -j. Original patch by Stewart Smith; various
fixes by Jim Meyering.
- Where available, we now use automake's "silent" make rules by
default, so that warnings are easier to spot. You can get the old
behavior with "make V=1". Patch by Stewart Smith for ticket 6522.
o Minor features (code security and spec conformance):
- Clear keys and key-derived material left on the stack in
rendservice.c and rendclient.c. Check return value of
crypto_pk_write_private_key_to_string() in end_service_load_keys().
These fixes should make us more forward-secure against cold-boot
attacks and the like. Fixes bug 2385.
- Reject EXTEND cells sent to nonexistent streams. According to the
spec, an EXTEND cell sent to _any_ nonzero stream ID is invalid, but
we were only checking for stream IDs that were currently in use.
Found while hunting for more instances of bug 6271. Bugfix on
0.0.2pre8, which introduced incremental circuit construction.
o Minor features (streamlining);
- No longer include the "opt" prefix when generating routerinfos
or v2 directories: it has been needless since Tor 0.1.2. Closes
ticket 5124.
- Remove some now-needless code that tried to aggressively flush
OR connections as data was added to them. Since 0.2.0.1-alpha, our
cell queue logic has saved us from the failure mode that this code
was supposed to prevent. Removing this code will limit the number
of baroque control flow paths through Tor's network logic. Reported
pseudonymously on IRC. Fixes bug 6468; bugfix on 0.2.0.1-alpha.
o Minor features (controller):