[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor is released


There's a new alpha Tor release! Because it's an alpha, you should
only run it if you're ready to find more bugs than usual, and report
them on trac.torproject.org.

The source code is available from the usual place on
www.torproject.org; if you build Tor from source, why not give it a
try? And if you don't build Tor from source, packages should be ready
over the coming days, with a Tor Browser alpha release likely in the
next few weeks.

This release fixes TROVE-2019-001, a possible security bug involving
the KIST cell scheduler code in versions and later.  We
are not certain that it is possible to exploit this bug in the wild,
but to be careful, we recommend that all affected users upgrade.  The
potential impact is a remote denial-of-service attack against clients
or relays.

Here's what's new:

Changes in version - 2019-02-21
  Tor is the second alpha in its series; it fixes several
  bugs from earlier versions, including several that had broken
  backward compatibility.

  It also includes a fix for a medium-severity security bug affecting Tor and later. All Tor instances running an affected release
  should upgrade to,,, or

  o Major bugfixes (cell scheduler, KIST, security):
    - Make KIST consider the outbuf length when computing what it can
      put in the outbuf. Previously, KIST acted as though the outbuf
      were empty, which could lead to the outbuf becoming too full. It
      is possible that an attacker could exploit this bug to cause a Tor
      client or relay to run out of memory and crash. Fixes bug 29168;
      bugfix on This issue is also being tracked as
      TROVE-2019-001 and CVE-2019-8955.

  o Major bugfixes (networking):
    - Gracefully handle empty username/password fields in SOCKS5
      username/password auth messsage and allow SOCKS5 handshake to
      continue. Previously, we had rejected these handshakes, breaking
      certain applications. Fixes bug 29175; bugfix on

  o Major bugfixes (windows, startup):
    - When reading a consensus file from disk, detect whether it was
      written in text mode, and re-read it in text mode if so. Always
      write consensus files in binary mode so that we can map them into
      memory later. Previously, we had written in text mode, which
      confused us when we tried to map the file on windows. Fixes bug
      28614; bugfix on

  o Minor features (compilation):
    - Compile correctly when OpenSSL is built with engine support
      disabled, or with deprecated APIs disabled. Closes ticket 29026.
      Patches from "Mangix".

  o Minor features (developer tooling):
    - Check that bugfix versions in changes files look like Tor versions
      from the versions spec. Warn when bugfixes claim to be on a future
      release. Closes ticket 27761.
    - Provide a git pre-commit hook that disallows commiting if we have
      any failures in our code and changelog formatting checks. It is
      now available in scripts/maint/pre-commit.git-hook. Implements
      feature 28976.

  o Minor features (directory authority):
    - When a directory authority is using a bandwidth file to obtain
      bandwidth values, include the digest of that file in the vote.
      Closes ticket 26698.

  o Minor features (geoip):
    - Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2
      Country database. Closes ticket 29478.

  o Minor features (testing):
    - Treat all unexpected ERR and BUG messages as test failures. Closes
      ticket 28668.

  o Minor bugfixes (build, compatibility, rust):
    - Update Cargo.lock file to match the version made by the latest
      version of Rust, so that "make distcheck" will pass again. Fixes
      bug 29244; bugfix on

  o Minor bugfixes (compilation):
    - Fix compilation warnings in test_circuitpadding.c. Fixes bug
      29169; bugfix on
    - Silence a compiler warning in test-memwipe.c on OpenBSD. Fixes bug
      29145; bugfix on Patch from Kris Katterjohn.

  o Minor bugfixes (documentation):
    - Describe the contents of the v3 onion service client authorization
      files correctly: They hold public keys, not private keys. Fixes
      bug 28979; bugfix on Spotted by "Felixix".

  o Minor bugfixes (linux seccomp sandbox):
    - Fix startup crash when experimental sandbox support is enabled.
      Fixes bug 29150; bugfix on Patch by Peter Gerber.

  o Minor bugfixes (logging):
    - Avoid logging that we are relaxing a circuit timeout when that
      timeout is fixed. Fixes bug 28698; bugfix on
    - Log more information at "warning" level when unable to read a
      private key; log more information at "info" level when unable to
      read a public key. We had warnings here before, but they were lost
      during our NSS work. Fixes bug 29042; bugfix on

  o Minor bugfixes (misc):
    - The amount of total available physical memory is now determined
      using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM)
      when it is defined and a 64-bit variant is not available. Fixes
      bug 28981; bugfix on Patch from Kris Katterjohn.

  o Minor bugfixes (onion services):
    - Avoid crashing if ClientOnionAuthDir (incorrectly) contains more
      than one private key for a hidden service. Fixes bug 29040; bugfix
    - In hs_cache_store_as_client() log an HSDesc we failed to parse at
      "debug" level. Tor used to log it as a warning, which caused very
      long log lines to appear for some users. Fixes bug 29135; bugfix
    - Stop logging "Tried to establish rendezvous on non-OR circuit..."
      as a warning. Instead, log it as a protocol warning, because there
      is nothing that relay operators can do to fix it. Fixes bug 29029;
      bugfix on

  o Minor bugfixes (scheduler):
    - When re-adding channels to the pending list, check the correct
      channel's sched_heap_idx. This issue has had no effect in mainline
      Tor, but could have led to bugs down the road in improved versions
      of our circuit scheduling code. Fixes bug 29508; bugfix

  o Minor bugfixes (tests):
    - Fix intermittent failures on an adaptive padding test. Fixes one
      case of bug 29122; bugfix on
    - Disable an unstable circuit-padding test that was failing
      intermittently because of an ill-defined small histogram. Such
      histograms will be allowed again after 29298 is implemented. Fixes
      a second case of bug 29122; bugfix on
    - Detect and suppress "bug" warnings from the util/time test on
      Windows. Fixes bug 29161; bugfix on
    - Do not log an error-level message if we fail to find an IPv6
      network interface from the unit tests. Fixes bug 29160; bugfix

  o Documentation:
    - In the manpage entry describing MapAddress torrc setting, use
      example IP addresses from ranges specified for use in documentation
      by RFC 5737. Resolves issue 28623.

  o Removed features:
    - Remove the old check-tor script. Resolves issue 29072.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to