Tor Changelog

What's new in Tor 0.4.7.1 Alpha

Sep 18, 2021

Major features (Proposal 332, onion services, guard selection algorithm):
Clients and onion services now choose four long-lived "layer 2" guard relays for use as the middle hop in all onion circuits. These relays are kept in place for a randomized duration averaging 1 week. This mitigates guard discovery attacks against clients and short-lived onion services such as OnionShare. Long-lived onion services that need high security should still use the Vanguards addon (https://github.com/mikeperry-tor/vanguards). Closes ticket 40363; implements proposal 333.
Minor features (bridge testing support):
Let external bridge reachability testing tools discard cached bridge descriptors when setting new bridges, so they can be sure to get a clean reachability test. Implements ticket 40209.

New in Tor 0.4.6.6 (Aug 11, 2021)

New in Tor 0.4.5.6 (Feb 16, 2021)

New in Tor 0.4.4.5 (Sep 27, 2020)

New in Tor 0.4.3.6 (Sep 27, 2020)

New in Tor 0.4.3.5 (Sep 27, 2020)

New in Tor 0.4.2.7 (Sep 27, 2020)

Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha):
Fix a denial-of-service bug that could be used by anyone to consume a bunch of CPU on any Tor relay or authority, or by directories to consume a bunch of CPU on clients or hidden services. Because of the potential for CPU consumption to introduce observable timing patterns, we are treating this as a high-severity security issue. Fixes bug 33119; bugfix on 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue as TROVE-2020-002 and CVE-2020-10592.
Major bugfixes (circuit padding, memory leak, backport from 0.4.3.3-alpha):
Avoid a remotely triggered memory leak in the case that a circuit padding machine is somehow negotiated twice on the same circuit. Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls. This is also tracked as TROVE-2020-004 and CVE-2020-10593.
Major bugfixes (directory authority, backport from 0.4.3.3-alpha):
Directory authorities will now send a 503 (not enough bandwidth) code to clients when under bandwidth pressure. Known relays and other authorities will always be answered regardless of the bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha.
Minor features (continuous integration, backport from 0.4.3.2-alpha):
Stop allowing failures on the Travis CI stem tests job. It looks like all the stem hangs we were seeing before are now fixed. Closes ticket 33075.
Minor bugfixes (bridges, backport from 0.4.3.1-alpha):
Lowercase the configured value of BridgeDistribution before adding it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha.
Minor bugfixes (logging, backport from 0.4.3.2-alpha):
If we encounter a bug when flushing a buffer to a TLS connection, only log the bug once per invocation of the Tor process. Previously we would log with every occurrence, which could cause us to run out of disk space. Fixes bug 33093; bugfix on 0.3.2.2-alpha.
Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha):
Fix an assertion failure that could result from a corrupted ADD_ONION control port command. Found by Saibato. Fixes bug 33137; bugfix on 0.3.3.1-alpha. This issue is also tracked as TROVE-2020-003.
Minor bugfixes (rust, build, backport from 0.4.3.2-alpha):
Fix a syntax warning given by newer versions of Rust that was creating problems for our continuous integration. Fixes bug 33212; bugfix on 0.3.5.1-alpha.
Testing (Travis CI, backport from 0.4.3.3-alpha):
Remove a redundant distcheck job. Closes ticket 33194.
Sort the Travis jobs in order of speed: putting the slowest jobs first takes full advantage of Travis job concurrency. Closes ticket 33194.
Stop allowing the Chutney IPv6 Travis job to fail. This job was previously configured to fast_finish (which requires allow_failure), to speed up the build. Closes ticket 33195.
When a Travis chutney job fails, use chutney's new "diagnostics.sh" tool to produce detailed diagnostic output. Closes ticket 32792.

New in Tor 0.4.2.6 (Sep 27, 2020)

New in Tor 0.4.2.5 (Dec 10, 2019)

New in Tor 0.4.2.4 RC (Dec 4, 2019)

New in Tor 0.4.1.6 (Oct 2, 2019)

Major bugfixes (crash, Linux, Android, backport from 0.4.2.1-alpha):
Tolerate systems (including some Android installations) where madvise and MADV_DONTDUMP are available at build-time, but not at run time. Previously, these systems would notice a failed syscall and abort. Fixes bug 31570; bugfix on 0.4.1.1-alpha.
Tolerate systems (including some Linux installations) where madvise and/or MADV_DONTFORK are available at build-time, but not at run time. Previously, these systems would notice a failed syscall and abort. Fixes bug 31696; bugfix on 0.4.1.1-alpha.
Minor features (stem tests, backport from 0.4.2.1-alpha):
Change "make test-stem" so it only runs the stem tests that use tor. This change makes test-stem faster and more reliable. Closes ticket 31554.
Minor bugfixes (build system, backport form 0.4.2.1-alpha):
Do not include the deprecated on Linux or Windows systems. Fixes bug 31673; bugfix on 0.2.5.4-alpha.
Minor bugfixes (compilation, backport from 0.4.2.1-alpha):
Add more stub functions to fix compilation on Android with link- time optimization when --disable-module-dirauth is used. Previously, these compilation settings would make the compiler look for functions that didn't exist. Fixes bug 31552; bugfix on 0.4.1.1-alpha.
Suppress spurious float-conversion warnings from GCC when calling floating-point classifier functions on FreeBSD. Fixes part of bug 31687; bugfix on 0.3.1.5-alpha.
Minor bugfixes (controller protocol):
Fix the MAPADDRESS controller command to accept one or more arguments. Previously, it required two or more arguments, and ignored the first. Fixes bug 31772; bugfix on 0.4.1.1-alpha.
Minor bugfixes (guards, backport from 0.4.2.1-alpha):
When tor is missing descriptors for some primary entry guards, make the log message less alarming. It's normal for descriptors to expire, as long as tor fetches new ones soon after. Fixes bug 31657; bugfix on 0.3.3.1-alpha.
Minor bugfixes (logging, backport from 0.4.2.1-alpha):
Change log level of message "Hash of session info was not as expected" to LOG_PROTOCOL_WARN. Fixes bug 12399; bugfix on 0.1.1.10-alpha.
Minor bugfixes (rust, backport from 0.4.2.1-alpha):
Correctly exclude a redundant rust build job in Travis. Fixes bug 31463; bugfix on 0.3.5.4-alpha.
Minor bugfixes (v2 single onion services, backport from 0.4.2.1-alpha):
Always retry v2 single onion service intro and rend circuits with a 3-hop path. Previously, v2 single onion services used a 3-hop path when rendezvous circuits were retried after a remote or delayed failure, but a 1-hop path for immediate retries. Fixes bug 23818; bugfix on 0.2.9.3-alpha.
Minor bugfixes (v3 single onion services, backport from 0.4.2.1-alpha):
Always retry v3 single onion service intro and rend circuits with a 3-hop path. Previously, v3 single onion services used a 3-hop path when rend circuits were retried after a remote or delayed failure, but a 1-hop path for immediate retries. Fixes bug 23818; bugfix on 0.3.2.1-alpha.
Make v3 single onion services fall back to a 3-hop intro, when all intro points are unreachable via a 1-hop path. Previously, v3 single onion services failed when all intro nodes were unreachable via a 1-hop path. Fixes bug 23507; bugfix on 0.3.2.1-alpha.
Documentation (backport from 0.4.2.1-alpha):
Use RFC 2397 data URL scheme to embed an image into tor-exit- notice.html so that operators no longer have to host it themselves. Closes ticket 31089.

New in Tor 0.4.1.5 (Aug 21, 2019)

New in Tor 0.4.0.5 (May 5, 2019)

New in Tor 0.3.5.8 (Feb 25, 2019)

Major bugfixes (cell scheduler, KIST, security):
Make KIST consider the outbuf length when computing what it can put in the outbuf. Previously, KIST acted as though the outbuf were empty, which could lead to the outbuf becoming too full. It is possible that an attacker could exploit this bug to cause a Tor client or relay to run out of memory and crash. Fixes bug 29168; bugfix on 0.3.2.1-alpha. This issue is also being tracked as TROVE-2019-001 and CVE-2019-8955.
Major bugfixes (networking, backport from 0.4.0.2-alpha):
Gracefully handle empty username/password fields in SOCKS5 username/password auth messsage and allow SOCKS5 handshake to continue. Previously, we had rejected these handshakes, breaking certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.
Minor features (compilation, backport from 0.4.0.2-alpha):
Compile correctly when OpenSSL is built with engine support disabled, or with deprecated APIs disabled. Closes ticket 29026. Patches from "Mangix".
Minor features (geoip):
Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2 Country database. Closes ticket 29478.
Minor features (testing, backport from 0.4.0.2-alpha):
Treat all unexpected ERR and BUG messages as test failures. Closes ticket 28668.
Minor bugfixes (onion service v3, client, backport from 0.4.0.1-alpha):
Stop logging a "BUG()" warning and stacktrace when we find a SOCKS connection waiting for a descriptor that we actually have in the cache. It turns out that this can actually happen, though it is rare. Now, tor will recover and retry the descriptor. Fixes bug 28669; bugfix on 0.3.2.4-alpha.
Minor bugfixes (IPv6, backport from 0.4.0.1-alpha):
Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the IPv6 socket was bound using an address family of AF_INET instead of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.
Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha):
Update Cargo.lock file to match the version made by the latest version of Rust, so that "make distcheck" will pass again. Fixes bug 29244; bugfix on 0.3.3.4-alpha.
Minor bugfixes (client, clock skew, backport from 0.4.0.1-alpha):
Select guards even if the consensus has expired, as long as the consensus is still reasonably live. Fixes bug 24661; bugfix on 0.3.0.1-alpha.
Minor bugfixes (compilation, backport from 0.4.0.1-alpha):
Compile correctly on OpenBSD; previously, we were missing some headers required in order to detect it properly. Fixes bug 28938; bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.
Minor bugfixes (documentation, backport from 0.4.0.2-alpha):
Describe the contents of the v3 onion service client authorization files correctly: They hold public keys, not private keys. Fixes bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".
Minor bugfixes (logging, backport from 0.4.0.1-alpha):
Rework rep_hist_log_link_protocol_counts() to iterate through all link protocol versions when logging incoming/outgoing connection counts. Tor no longer skips version 5, and we won't have to remember to update this function when new link protocol version is developed. Fixes bug 28920; bugfix on 0.2.6.10.
Minor bugfixes (logging, backport from 0.4.0.2-alpha):
Log more information at "warning" level when unable to read a private key; log more information at "info" level when unable to read a public key. We had warnings here before, but they were lost during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.
Minor bugfixes (misc, backport from 0.4.0.2-alpha):
The amount of total available physical memory is now determined using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM) when it is defined and a 64-bit variant is not available. Fixes bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.
Minor bugfixes (onion services, backport from 0.4.0.2-alpha):
Avoid crashing if ClientOnionAuthDir (incorrectly) contains more than one private key for a hidden service. Fixes bug 29040; bugfix on 0.3.5.1-alpha.
In hs_cache_store_as_client() log an HSDesc we failed to parse at "debug" level. Tor used to log it as a warning, which caused very long log lines to appear for some users. Fixes bug 29135; bugfix on 0.3.2.1-alpha.
Stop logging "Tried to establish rendezvous on non-OR circuit..." as a warning. Instead, log it as a protocol warning, because there is nothing that relay operators can do to fix it. Fixes bug 29029; bugfix on 0.2.5.7-rc.
Minor bugfixes (tests, directory clients, backport from 0.4.0.1-alpha):
Mark outdated dirservers when Tor only has a reasonably live consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha.
Minor bugfixes (tests, backport from 0.4.0.2-alpha):
Detect and suppress "bug" warnings from the util/time test on Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha.
Do not log an error-level message if we fail to find an IPv6 network interface from the unit tests. Fixes bug 29160; bugfix on 0.2.7.3-rc.
Minor bugfixes (usability, backport from 0.4.0.1-alpha):
Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate(). Some users took this phrasing to mean that the mentioned guard was under their control or responsibility, which it is not. Fixes bug 28895; bugfix on Tor 0.3.0.1-alpha.

New in Tor 0.3.4.9 (Nov 8, 2018)

Major bugfixes (compilation, backport from 0.3.5.3-alpha):
Fix compilation on ARM (and other less-used CPUs) when compiling with OpenSSL before 1.1. Fixes bug 27781; bugfix on 0.3.4.1-alpha.
Major bugfixes (mainloop, bootstrap, backport from 0.3.5.3-alpha):
Make sure Tor bootstraps and works properly if only the ControlPort is set. Prior to this fix, Tor would only bootstrap when a client port was set (Socks, Trans, NATD, DNS or HTTPTunnel port). Fixes bug 27849; bugfix on 0.3.4.1-alpha.
Major bugfixes (relay, backport from 0.3.5.3-alpha):
When our write bandwidth limit is exhausted, stop writing on the connection. Previously, we had a typo in the code that would make us stop reading instead, leading to relay connections being stuck indefinitely and consuming kernel RAM. Fixes bug 28089; bugfix on 0.3.4.1-alpha.
Major bugfixes (restart-in-process, backport from 0.3.5.1-alpha):
Fix a use-after-free error that could be caused by passing Tor an impossible set of options that would fail during options_act(). Fixes bug 27708; bugfix on 0.3.3.1-alpha.
Minor features (continuous integration, backport from 0.3.5.1-alpha):
Don't do a distcheck with --disable-module-dirauth in Travis. Implements ticket 27252.
Only run one online rust build in Travis, to reduce network errors. Skip offline rust builds on Travis for Linux gcc, because they're redundant. Implements ticket 27252.
Skip gcc on OSX in Travis CI, because it's rarely used. Skip a duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on Linux with default settings, because all the non-default builds use gcc on Linux. Implements ticket 27252.
Minor features (continuous integration, backport from 0.3.5.3-alpha):
Use the Travis Homebrew addon to install packages on macOS during Travis CI. The package list is the same, but the Homebrew addon does not do a `brew update` by default. Implements ticket 27738.
Minor features (geoip):
Update geoip and geoip6 to the October 9 2018 Maxmind GeoLite2 Country database. Closes ticket 27991.
Minor bugfixes (32-bit OSX and iOS, timing, backport from 0.3.5.2-alpha):
Fix an integer overflow bug in our optimized 32-bit millisecond- difference algorithm for 32-bit Apple platforms. Previously, it would overflow when calculating the difference between two times more than 47 days apart. Fixes part of bug 27139; bugfix on 0.3.4.1-alpha.
Improve the precision of our 32-bit millisecond difference algorithm for 32-bit Apple platforms. Fixes part of bug 27139; bugfix on 0.3.4.1-alpha.
Relax the tolerance on the mainloop/update_time_jumps test when running on 32-bit Apple platforms. Fixes part of bug 27139; bugfix on 0.3.4.1-alpha.
Minor bugfixes (C correctness, to appear in 0.3.5.4-alpha):
Avoid undefined behavior in an end-of-string check when parsing the BEGIN line in a directory object. Fixes bug 28202; bugfix on 0.2.0.3-alpha.
Minor bugfixes (CI, appveyor, to appear in 0.3.5.4-alpha):
Only install the necessary mingw packages during our appveyor builds. This change makes the build a little faster, and prevents a conflict with a preinstalled mingw openssl that appveyor now ships. Fixes bugs 27943 and 27765; bugfix on 0.3.4.2-alpha.
Minor bugfixes (code safety, backport from 0.3.5.3-alpha):
Rewrite our assertion macros so that they no longer suppress the compiler's -Wparentheses warnings. Fixes bug 27709; bugfix
Minor bugfixes (continuous integration, backport from 0.3.5.1-alpha):
Stop reinstalling identical packages in our Windows CI. Fixes bug 27464; bugfix on 0.3.4.1-alpha.
Minor bugfixes (directory authority, to appear in 0.3.5.4-alpha):
Log additional info when we get a relay that shares an ed25519 ID with a different relay, instead making a BUG() warning. Fixes bug 27800; bugfix on 0.3.2.1-alpha.
Minor bugfixes (directory connection shutdown, backport from 0.3.5.1-alpha):
Avoid a double-close when shutting down a stalled directory connection. Fixes bug 26896; bugfix on 0.3.4.1-alpha.
Minor bugfixes (HTTP tunnel, backport from 0.3.5.1-alpha):
Fix a bug warning when closing an HTTP tunnel connection due to an HTTP request we couldn't handle. Fixes bug 26470; bugfix on 0.3.2.1-alpha.
Minor bugfixes (netflow padding, backport from 0.3.5.1-alpha):
Ensure circuitmux queues are empty before scheduling or sending padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha.
Minor bugfixes (onion service v3, backport from 0.3.5.1-alpha):
When the onion service directory can't be created or has the wrong permissions, do not log a stack trace. Fixes bug 27335; bugfix on 0.3.2.1-alpha.
Minor bugfixes (onion service v3, backport from 0.3.5.2-alpha):
Close all SOCKS request (for the same .onion) if the newly fetched descriptor is unusable. Before that, we would close only the first one leaving the other hanging and let to time out by themselves. Fixes bug 27410; bugfix on 0.3.2.1-alpha.
Minor bugfixes (onion service v3, backport from 0.3.5.3-alpha):
When selecting a v3 rendezvous point, don't only look at the protover, but also check whether the curve25519 onion key is present. This way we avoid picking a relay that supports the v3 rendezvous but for which we don't have the microdescriptor. Fixes bug 27797; bugfix on 0.3.2.1-alpha.
Minor bugfixes (protover, backport from 0.3.5.3-alpha):
Reject protocol names containing bytes other than alphanumeric characters and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix on 0.2.9.4-alpha.
Minor bugfixes (rust, backport from 0.3.5.1-alpha):
Compute protover votes correctly in the rust version of the protover code. Previously, the protover rewrite in 24031 allowed repeated votes from the same voter for the same protocol version to be counted multiple times in protover_compute_vote(). Fixes bug 27649; bugfix on 0.3.3.5-rc.
Reject protover names that contain invalid characters. Fixes bug 27687; bugfix on 0.3.3.1-alpha.
Minor bugfixes (rust, backport from 0.3.5.2-alpha):
protover_all_supported() would attempt to allocate up to 16GB on some inputs, leading to a potential memory DoS. Fixes bug 27206; bugfix on 0.3.3.5-rc.
Minor bugfixes (rust, directory authority, to appear in 0.3.5.4-alpha):
Fix an API mismatch in the rust implementation of protover_compute_vote(). This bug could have caused crashes on any directory authorities running Tor with Rust (which we do not yet recommend). Fixes bug 27741; bugfix on 0.3.3.6.
Minor bugfixes (rust, to appear in 0.3.5.4-alpha):
Fix a potential null dereference in protover_all_supported(). Add a test for it. Fixes bug 27804; bugfix on 0.3.3.1-alpha.
Return a string that can be safely freed by C code, not one created by the rust allocator, in protover_all_supported(). Fixes bug 27740; bugfix on 0.3.3.1-alpha.
Minor bugfixes (testing, backport from 0.3.5.1-alpha):
If a unit test running in a subprocess exits abnormally or with a nonzero status code, treat the test as having failed, even if the test reported success. Without this fix, memory leaks don't cause the tests to fail, even with LeakSanitizer. Fixes bug 27658; bugfix on 0.2.2.4-alpha.
Minor bugfixes (testing, backport from 0.3.5.3-alpha):
Make the hs_service tests use the same time source when creating the introduction point and when testing it. Now tests work better on very slow systems like ARM or Travis. Fixes bug 27810; bugfix on 0.3.2.1-alpha.
Minor bugfixes (testing, to appear in 0.3.5.4-alpha):
Treat backtrace test failures as expected on BSD-derived systems (NetBSD, OpenBSD, and macOS/Darwin) until we solve bug 17808. (FreeBSD failures have been treated as expected since 18204 in 0.2.8.) Fixes bug 27948; bugfix on 0.2.5.2-alpha.

New in Tor 0.3.4.4 RC (Jul 14, 2018)

New in Tor 0.3.3.7 (Jun 13, 2018)

New in Tor 0.3.2.8 RC (Dec 27, 2017)

New in Tor 0.3.1.8 (Oct 25, 2017)

Directory authority changes:
Add "Bastet" as a ninth directory authority to the default list. Closes ticket 23910.
The directory authority "Longclaw" has changed its IP address. Closes ticket 23592.
Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
Fix a timing-based assertion failure that could occur when the circuit out-of-memory handler freed a connection's output buffer. Fixes bug 23690; bugfix on 0.2.6.1-alpha.
Minor features (directory authorities, backport from 0.3.2.2-alpha):
Remove longclaw's IPv6 address, as it will soon change. Authority IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves 3/8 directory authorities with IPv6 addresses, but there are also 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
Minor features (geoip):
Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 Country database.
Minor bugfixes (compilation, backport from 0.3.2.2-alpha):
Fix a compilation warning when building with zstd support on 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found and fixed by Andreas Stieger.
Minor bugfixes (compression, backport from 0.3.2.2-alpha):
Handle a pathological case when decompressing Zstandard data when the output buffer size is zero. Fixes bug 23551; bugfix on 0.3.1.1-alpha.
Minor bugfixes (directory authority, backport from 0.3.2.1-alpha):
Remove the length limit on HTTP status lines that authorities can send in their replies. Fixes bug 23499; bugfix on 0.3.1.6-rc.
Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha):
Avoid a possible double close of a circuit by the intro point on error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610; bugfix on 0.3.0.1-alpha.
Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
Clear the address when node_get_prim_orport() returns early. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
Minor bugfixes (unit tests, backport from 0.3.2.2-alpha):
Fix additional channelpadding unit test failures by using mocked time instead of actual time for all tests. Fixes bug 23608; bugfix on 0.3.1.1-alpha.

New in Tor 0.3.0.8 (Jun 12, 2017)

Major bugfixes (hidden service, relay, security, backport from 0.3.1.3-alpha):
Fix a remotely triggerable assertion failure when a hidden service handles a malformed BEGIN cell. Fixes bug 22493, tracked as TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
When performing the v3 link handshake on a TLS connection, report that we have the x509 certificate that we actually used on that connection, even if we have changed certificates since that connection was first opened. Previously, we would claim to have used our most recent x509 link certificate, which would sometimes make the link handshake fail. Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha.
Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
Regenerate link and authentication certificates whenever the key that signs them changes; also, regenerate link certificates whenever the signed key changes. Previously, these processes were only weakly coupled, and we relays could (for minutes to hours) wind up with an inconsistent set of keys and certificates, which other relays would not accept. Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
When sending an Ed25519 signing->link certificate in a CERTS cell, send the certificate that matches the x509 certificate that we used on the TLS connection. Previously, there was a race condition if the TLS context rotated after we began the TLS handshake but before we sent the CERTS cell. Fixes a case of bug 22460; bugfix on 0.3.0.1-alpha.
Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
Stop rejecting v3 hidden service descriptors because their size did not match an old padding rule. Fixes bug 22447; bugfix on tor-0.3.0.1-alpha.
Minor features (fallback directory list, backport from 0.3.1.3-alpha):
Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in December 2016 (of which ~126 were still functional) with a list of 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May 2017. Resolves ticket 21564.
Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes bug 22252; bugfix on 0.2.9.3-alpha.
Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
Lower the lifetime of the RSA->Ed25519 cross-certificate to six months, and regenerate it when it is within one month of expiring. Previously, we had generated this certificate at startup with a ten-year lifetime, but that could lead to weird behavior when Tor was started with a grossly inaccurate clock. Mitigates bug 22466; mitigation on 0.3.0.1-alpha.
Minor bugfixes (memory leak, directory authority, backport from 0.3.1.2-alpha):
When directory authorities reject a router descriptor due to keypinning, free the router descriptor rather than leaking the memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.

New in Tor 0.2.9.8 (Dec 20, 2016)

New system requirements:
When building with OpenSSL, Tor now requires version 1.0.1 or later. OpenSSL 1.0.0 and earlier are no longer supported by the OpenSSL team, and should not be used. Closes ticket 20303.
Tor now requires Libevent version 2.0.10-stable or later. Older versions of Libevent have less efficient backends for several platforms, and lack the DNS code that we use for our server-side DNS support. This implements ticket 19554.
Tor now requires zlib version 1.2 or later, for security, efficiency, and (eventually) gzip support. (Back when we started, zlib 1.1 and zlib 1.0 were still found in the wild. 1.2 was released in 2003. We recommend the latest version.)
Deprecated features:
A number of DNS-cache-related sub-options for client ports are now deprecated for security reasons, and may be removed in a future version of Tor. (We believe that client-side DNS caching is a bad idea for anonymity, and you should not turn it on.) The options are: CacheDNS, CacheIPv4DNS, CacheIPv6DNS, UseDNSCache, UseIPv4Cache, and UseIPv6Cache.
A number of options are deprecated for security reasons, and may be removed in a future version of Tor. The options are: AllowDotExit, AllowInvalidNodes, AllowSingleHopCircuits, AllowSingleHopExits, ClientDNSRejectInternalAddresses, CloseHSClientCircuitsImmediatelyOnTimeout, CloseHSServiceRendCircuitsImmediatelyOnTimeout, ExcludeSingleHopRelays, FastFirstHopPK, TLSECGroup, UseNTorHandshake, and WarnUnsafeSocks.
The *ListenAddress options are now deprecated as unnecessary: the corresponding *Port options should be used instead. These options may someday be removed. The affected options are: ControlListenAddress, DNSListenAddress, DirListenAddress, NATDListenAddress, ORListenAddress, SocksListenAddress, and TransListenAddress.
Major bugfixes (parsing, security, new since 0.2.9.7-rc):
Fix a bug in parsing that could cause clients to read a single byte past the end of an allocated region. This bug could be used to cause hardened clients (built with --enable-expensive-hardening) to crash if they tried to visit a hostile hidden service. Non- hardened clients are only affected depending on the details of their platform's memory allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE- 2016-12-002 and as CVE-2016-1254.
Major features (build, hardening):
Tor now builds with -ftrapv by default on compilers that support it. This option detects signed integer overflow (which C forbids), and turns it into a hard-failure. We do not apply this option to code that needs to run in constant time to avoid side-channels; instead, we use -fwrapv in that code. Closes ticket 17983.
When --enable-expensive-hardening is selected, stop applying the clang/gcc sanitizers to code that needs to run in constant time. Although we are aware of no introduced side-channels, we are not able to prove that there are none. Related to ticket 17983.
Major features (circuit building, security):
Authorities, relays, and clients now require ntor keys in all descriptors, for all hops (except for rare hidden service protocol cases), for all circuits, and for all other roles. Part of ticket 19163.
Authorities, relays, and clients only use ntor, except for rare cases in the hidden service protocol. Part of ticket 19163.
Major features (compilation):
Our big list of extra GCC warnings is now enabled by default when building with GCC (or with anything like Clang that claims to be GCC-compatible). To make all warnings into fatal compilation errors, pass --enable-fatal-warnings to configure. Closes ticket 19044.
Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS to automatically turn on C and POSIX extensions. (Previously, we attempted to do this on an ad hoc basis.) Closes ticket 19139.
Major features (directory authorities, hidden services):
Directory authorities can now perform the shared randomness protocol specified by proposal 250. Using this protocol, directory authorities generate a global fresh random value every day. In the future, this value will be used by hidden services to select HSDirs. This release implements the directory authority feature; the hidden service side will be implemented in the future as part of proposal 224. Resolves ticket 16943; implements proposal 250.
Major features (downloading, random exponential backoff):
When we fail to download an object from a directory service, wait for an (exponentially increasing) randomized amount of time before retrying, rather than a fixed interval as we did before. This prevents a group of Tor instances from becoming too synchronized, or a single Tor instance from becoming too predictable, in its download schedule. Closes ticket 15942.
Major features (resource management):
Tor can now notice it is about to run out of sockets, and preemptively close connections of lower priority. (This feature is off by default for now, since the current prioritizing method is yet not mature enough. You can enable it by setting "DisableOOSCheck 0", but watch out: it might close some sockets you would rather have it keep.) Closes ticket 18640.
Major features (single-hop "hidden" services):
Add experimental HiddenServiceSingleHopMode and HiddenServiceNonAnonymousMode options. When both are set to 1, every hidden service on that Tor instance becomes a non-anonymous Single Onion Service. Single Onions make one-hop (direct) connections to their introduction and rendezvous points. One-hop circuits make Single Onion servers easily locatable, but clients remain location-anonymous. This is compatible with the existing hidden service implementation, and works on the current Tor network without any changes to older relays or clients. Implements proposal 260, completes ticket 17178. Patch by teor and asn.
Major features (subprotocol versions):
Tor directory authorities now vote on a set of recommended "subprotocol versions", and on a set of required subprotocol versions. Clients and relays that lack support for a _required_ subprotocol version will not start; those that lack support for a _recommended_ subprotocol version will warn the user to upgrade. This change allows compatible implementations of the Tor protocol(s) to exist without pretending to be 100% bug-compatible with particular releases of Tor itself. Closes ticket 19958; implements part of proposal 264.
Major bugfixes (circuit building):
Hidden service client-to-intro-point and service-to-rendezvous- point circuits use the TAP key supplied by the protocol, to avoid epistemic attacks. Fixes bug 19163; bugfix on 0.2.4.18-rc.
Major bugfixes (download scheduling):
Avoid resetting download status for consensuses hourly, since we already have another, smarter retry mechanism. Fixes bug 8625; bugfix on 0.2.0.9-alpha.
If a consensus expires while we are waiting for certificates to download, stop waiting for certificates.
If we stop waiting for certificates less than a minute after we started downloading them, do not consider the certificate download failure a separate failure. Fixes bug 20533; bugfix on 0.2.0.9-alpha.
When using exponential backoff in test networks, use a lower exponent, so the delays do not vary as much. This helps test networks bootstrap consistently. Fixes bug 20597; bugfix on 20499.
Major bugfixes (exit policies):
Avoid disclosing exit outbound bind addresses, configured port bind addresses, and local interface addresses in relay descriptors by default under ExitPolicyRejectPrivate. Instead, only reject these (otherwise unlisted) addresses if ExitPolicyRejectLocalInterfaces is set. Fixes bug 18456; bugfix on 0.2.7.2-alpha. Patch by teor.
Major bugfixes (hidden services):
Allow Tor clients with appropriate controllers to work with FetchHidServDescriptors set to 0. Previously, this option also disabled descriptor cache lookup, thus breaking hidden services entirely. Fixes bug 18704; bugfix on 0.2.0.20-rc. Patch by "twim".
Clients now require hidden services to include the TAP keys for their intro points in the hidden service descriptor. This prevents an inadvertent upgrade to ntor, which a malicious hidden service could use to distinguish clients by consensus version. Fixes bug 20012; bugfix on 0.2.4.8-alpha. Patch by teor.
Major bugfixes (relay, resolver, logging):
For relays that don't know their own address, avoid attempting a local hostname resolve for each descriptor we download. This will cut down on the number of "Success: chose address 'x.x.x.x'" log lines, and also avoid confusing clock jumps if the resolver is slow. Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha.
Minor features (port flags):
Add new flags to the *Port options to give finer control over which requests are allowed. The flags are NoDNSRequest, NoOnionTraffic, and the synthetic flag OnionTrafficOnly, which is equivalent to NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic. Closes enhancement 18693; patch by "teor".
Minor features (build, hardening):
Detect and work around a libclang_rt problem that would prevent clang from finding __mulodi4() on some 32-bit platforms, and thus keep -ftrapv from linking on those systems. Closes ticket 19079.
When building on a system without runtime support for the runtime hardening options, try to log a useful warning at configuration time, rather than an incomprehensible warning at link time. If expensive hardening was requested, this warning becomes an error. Closes ticket 18895.
Minor features (client, directory):
Since authorities now omit all routers that lack the Running and Valid flags, we assume that any relay listed in the consensus must have those flags. Closes ticket 20001; implements part of proposal 272.
Minor features (code safety):
In our integer-parsing functions, ensure that the maximum value we allow is no smaller than the minimum value. Closes ticket 19063; patch from "U+039b".
Minor features (compilation, portability):
Compile correctly on MacOS 10.12 (aka "Sierra"). Closes ticket 20241.
Minor features (config):
Warn users when descriptor and port addresses are inconsistent. Mitigates bug 13953; patch by teor.
Minor features (controller):
Allow controllers to configure basic client authorization on hidden services when they create them with the ADD_ONION controller command. Implements ticket 15588. Patch by "special".
Fire a STATUS_SERVER controller event whenever the hibernation status changes between "awake"/"soft"/"hard". Closes ticket 18685.
Implement new GETINFO queries for all downloads that use download_status_t to schedule retries. This allows controllers to examine the schedule for pending downloads. Closes ticket 19323.
Minor features (development tools, etags):
Teach the "make tags" Makefile target how to correctly find "MOCK_IMPL" function definitions. Patch from nherring; closes ticket 16869.
Minor features (directory authority):
After voting, if the authorities decide that a relay is not "Valid", they no longer include it in the consensus at all. Closes ticket 20002; implements part of proposal 272.
Directory authorities now only give the Guard flag to a relay if they are also giving it the Stable flag. This change allows us to simplify path selection for clients. It should have minimal effect in practice, since >99% of Guards already have the Stable flag. Implements ticket 18624.
Directory authorities now write their v3-status-votes file out to disk earlier in the consensus process, so we have a record of the votes even if we abort the consensus process. Resolves ticket 19036.
Minor features (fallback directory list, new since 0.2.9.7-rc):
Replace the 81 remaining fallbacks of the 100 originally introduced in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks (123 new, 54 existing, 27 removed) generated in December 2016. Resolves ticket 20170.
Minor features (hidden service):
Stop being so strict about the payload length of "rendezvous1" cells. We used to be locked in to the "TAP" handshake length, and now we can handle better handshakes like "ntor". Resolves ticket 18998.
Minor features (infrastructure, time):
Tor now includes an improved timer backend, so that we can efficiently support tens or hundreds of thousands of concurrent timers, as will be needed for some of our planned anti-traffic- analysis work. This code is based on William Ahern's "timeout.c" project, which implements a "tickless hierarchical timing wheel". Closes ticket 18365.
Tor now uses the operating system's monotonic timers (where available) for internal fine-grained timing. Previously we would look at the system clock, and then attempt to compensate for the clock running backwards. Closes ticket 18908.
Minor features (logging):
Add a set of macros to check nonfatal assertions, for internal use. Migrating more of our checks to these should help us avoid needless crash bugs. Closes ticket 18613.
Provide a more useful warning message when configured with an invalid Nickname. Closes ticket 18300; patch from "icanhasaccount".
When dumping unparseable router descriptors, optionally store them in separate files, named by digest, up to a configurable size limit. You can change the size limit by setting the MaxUnparseableDescSizeToLog option, and disable this feature by setting that option to 0. Closes ticket 18322.
Minor features (performance):
Change the "optimistic data" extension from "off by default" to "on by default". The default was ordinarily overridden by a consensus option, but when clients were bootstrapping for the first time, they would not have a consensus to get the option from. Changing this default saves a round-trip during startup. Closes ticket 18815.
Minor features (relay, usability):
When the directory authorities refuse a bad relay's descriptor, encourage the relay operator to contact us. Many relay operators won't notice this line in their logs, but it's a win if even a few learn why we don't like what their relay was doing. Resolves ticket 18760.
Minor features (security, TLS):
Servers no longer support clients that lack AES ciphersuites. (3DES is no longer considered an acceptable cipher.) We believe that no such Tor clients currently exist, since Tor has required OpenSSL 0.9.7 or later since 2009. Closes ticket 19998.
Minor features (testing):
Disable memory protections on OpenBSD when performing our unit tests for memwipe(). The test deliberately invokes undefined behavior, and the OpenBSD protections interfere with this. Patch from "rubiate". Closes ticket 20066.
Move the test-network.sh script to chutney, and modify tor's test- network.sh to call the (newer) chutney version when available. Resolves ticket 19116. Patch by teor.
Use the lcov convention for marking lines as unreachable, so that we don't count them when we're generating test coverage data. Update our coverage tools to understand this convention. Closes ticket 16792.
Our link-handshake unit tests now check that when invalid handshakes fail, they fail with the error messages we expected.
Our unit testing code that captures log messages no longer prevents them from being written out if the user asked for them (by passing --debug or --info or --notice or --warn to the "test" binary). This change prevents us from missing unexpected log messages simply because we were looking for others. Related to ticket 19999.
The unit tests now log all warning messages with the "BUG" flag. Previously, they only logged errors by default. This change will help us make our testing code more correct, and make sure that we only hit this code when we mean to. In the meantime, however, there will be more warnings in the unit test logs than before. This is preparatory work for ticket 19999.
The unit tests now treat any failure of a "tor_assert_nonfatal()" assertion as a test failure.
We've done significant work to make the unit tests run faster.
Minor features (testing, ipv6):
Add the hs-ipv6 chutney target to make test-network-all's IPv6 tests. Remove bridges+hs, as it's somewhat redundant. This requires a recent chutney version that supports IPv6 clients, relays, and authorities. Closes ticket 20069; patch by teor.
Add the single-onion and single-onion-ipv6 chutney targets to "make test-network-all". This requires a recent chutney version with the single onion network flavors (git c72a652 or later). Closes ticket 20072; patch by teor.
Minor features (Tor2web):
Make Tor2web clients respect ReachableAddresses. This feature was inadvertently enabled in 0.2.8.6, then removed by bugfix 19973 on 0.2.8.7. Implements feature 20034. Patch by teor.
Minor features (unix domain sockets):
When configuring a unix domain socket for a SocksPort, ControlPort, or Hidden service, you can now wrap the address in quotes, using C-style escapes inside the quotes. This allows unix domain socket paths to contain spaces. Resolves ticket 18753.
Minor features (user interface):
Tor now supports the ability to declare options deprecated, so that we can recommend that people stop using them. Previously, this was done in an ad-hoc way. There is a new --list-deprecated-options command-line option to list all of the deprecated options. Closes ticket 19820.
Minor features (virtual addresses):
Increase the maximum number of bits for the IPv6 virtual network prefix from 16 to 104. In this way, the condition for address allocation is less restrictive. Closes ticket 20151; feature on 0.2.4.7-alpha.
Minor bug fixes (circuits):
Use the CircuitBuildTimeout option whenever LearnCircuitBuildTimeout is disabled. Previously, we would respect the option when a user disabled it, but not when it was disabled because some other option was set. Fixes bug 20073; bugfix on 0.2.4.12-alpha. Patch by teor.
Minor bugfixes (build):
The current Git revision when building from a local repository is now detected correctly when using git worktrees. Fixes bug 20492; bugfix on 0.2.3.9-alpha.
Minor bugfixes (relay address discovery):
Stop reordering IP addresses returned by the OS. This makes it more likely that Tor will guess the same relay IP address every time. Fixes issue 20163; bugfix on 0.2.7.1-alpha, ticket 17027. Reported by René Mayrhofer, patch by "cypherpunks".
Minor bugfixes (memory allocation):
Change how we allocate memory for large chunks on buffers, to avoid a (currently impossible) integer overflow, and to waste less space when allocating unusually large chunks. Fixes bug 20081; bugfix on 0.2.0.16-alpha. Issue identified by Guido Vranken.
Minor bugfixes (bootstrap):
Remember the directory server we fetched the consensus or previous certificates from, and use it to fetch future authority certificates. This change improves bootstrapping performance. Fixes bug 18963; bugfix on 0.2.8.1-alpha.
Minor bugfixes (circuits):
Make sure extend_info_from_router() is only called on servers. Fixes bug 19639; bugfix on 0.2.8.1-alpha.
Minor bugfixes (client, fascistfirewall):
Avoid spurious warnings when ReachableAddresses or FascistFirewall is set. Fixes bug 20306; bugfix on 0.2.8.2-alpha.
Minor bugfixes (client, unix domain sockets):
Disable IsolateClientAddr when using AF_UNIX backed SocksPorts as the client address is meaningless. Fixes bug 20261; bugfix on 0.2.6.3-alpha.
Minor bugfixes (code style):
Fix an integer signedness conversion issue in the case conversion tables. Fixes bug 19168; bugfix on 0.2.1.11-alpha.
Minor bugfixes (compilation):
Build correctly on versions of libevent2 without support for evutil_secure_rng_add_bytes(). Fixes bug 19904; bugfix on 0.2.5.4-alpha.
When building with Clang, use a full set of GCC warnings. (Previously, we included only a subset, because of the way we detected them.) Fixes bug 19216; bugfix on 0.2.0.1-alpha.
Detect Libevent2 functions correctly on systems that provide libevent2, but where libevent1 is linked with -levent. Fixes bug 19904; bugfix on 0.2.2.24-alpha. Patch from Rubiate.
Run correctly when built on Windows build environments that require _vcsprintf(). Fixes bug 20560; bugfix on 0.2.2.11-alpha.
Minor bugfixes (configuration):
When parsing quoted configuration values from the torrc file, handle Windows line endings correctly. Fixes bug 19167; bugfix on 0.2.0.16-alpha. Patch from "Pingl".
Minor bugfixes (directory authority):
Authorities now sort the "package" lines in their votes, for ease of debugging. (They are already sorted in consensus documents.) Fixes bug 18840; bugfix on 0.2.6.3-alpha.
Die with a more useful error when the operator forgets to place the authority_signing_key file into the keys directory. This avoids an uninformative assert & traceback about having an invalid key. Fixes bug 20065; bugfix on 0.2.0.1-alpha.
When allowing private addresses, mark Exits that only exit to private locations as such. Fixes bug 20064; bugfix on 0.2.2.9-alpha.
When parsing a detached signature, make sure we use the length of the digest algorithm instead of a hardcoded DIGEST256_LEN in order to avoid comparing bytes out-of-bounds with a smaller digest length such as SHA1. Fixes bug 19066; bugfix on 0.2.2.6-alpha.
Minor bugfixes (getpass):
Defensively fix a non-triggerable heap corruption at do_getpass() to protect ourselves from mistakes in the future. Fixes bug 19223; bugfix on 0.2.7.3-rc. Bug found by Guido Vranken, patch by nherring.
Minor bugfixes (guard selection):
Don't mark guards as unreachable if connection_connect() fails. That function fails for local reasons, so it shouldn't reveal anything about the status of the guard. Fixes bug 14334; bugfix on 0.2.3.10-alpha.
Use a single entry guard even if the NumEntryGuards consensus parameter is not provided. Fixes bug 17688; bugfix on 0.2.5.6-alpha.
Minor bugfixes (hidden services):
Increase the minimum number of internal circuits we preemptively build from 2 to 3, so a circuit is available when a client connects to another onion service. Fixes bug 13239; bugfix on 0.1.0.1-rc.
Allow hidden services to run on IPv6 addresses even when the IPv6Exit option is not set. Fixes bug 18357; bugfix on 0.2.4.7-alpha.
Stop logging intro point details to the client log on certain error conditions. Fixed as part of bug 20012; bugfix on 0.2.4.8-alpha. Patch by teor.
When deleting an ephemeral hidden service, close its intro points even if they are not completely open. Fixes bug 18604; bugfix on 0.2.7.1-alpha.
When configuring hidden services, check every hidden service directory's permissions. Previously, we only checked the last hidden service. Fixes bug 20529; bugfix on 0.2.6.2-alpha.
Minor bugfixes (IPv6, testing):
Check for IPv6 correctly on Linux when running test networks. Fixes bug 19905; bugfix on 0.2.7.3-rc; patch by teor.
Minor bugfixes (Linux seccomp2 sandbox):
Add permission to run the sched_yield() and sigaltstack() system calls, in order to support versions of Tor compiled with asan or ubsan code that use these calls. Now "sandbox 1" and "--enable-expensive-hardening" should be compatible on more systems. Fixes bug 20063; bugfix on 0.2.5.1-alpha.
Minor bugfixes (logging):
Downgrade a harmless log message about the pending_entry_connections list from "warn" to "info". Mitigates bug 19926.
Log a more accurate message when we fail to dump a microdescriptor. Fixes bug 17758; bugfix on 0.2.2.8-alpha. Patch from Daniel Pinto.
When logging a directory ownership mismatch, log the owning username correctly. Fixes bug 19578; bugfix on 0.2.2.29-beta.
When we are unable to remove the bw_accounting file, do not warn if the reason we couldn't remove it was that it didn't exist. Fixes bug 19964; bugfix on 0.2.5.4-alpha. Patch from pastly.
Minor bugfixes (memory leak):
Fix a series of slow memory leaks related to parsing torrc files and options. Fixes bug 19466; bugfix on 0.2.1.6-alpha.
Avoid a small memory leak when informing worker threads about rotated onion keys. Fixes bug 20401; bugfix on 0.2.6.3-alpha.
Fix a small memory leak when receiving AF_UNIX connections on a SocksPort. Fixes bug 20716; bugfix on 0.2.6.3-alpha.
When moving a signed descriptor object from a source to an existing destination, free the allocated memory inside that destination object. Fixes bug 20715; bugfix on 0.2.8.3-alpha.
Fix a memory leak and use-after-free error when removing entries from the sandbox's getaddrinfo() cache. Fixes bug 20710; bugfix on 0.2.5.5-alpha. Patch from "cypherpunks".
Fix a small, uncommon memory leak that could occur when reading a truncated ed25519 key file. Fixes bug 18956; bugfix on 0.2.6.1-alpha.
Minor bugfixes (option parsing):
Count unix sockets when counting client listeners (SOCKS, Trans, NATD, and DNS). This has no user-visible behavior changes: these options are set once, and never read. Required for correct behavior in ticket 17178. Fixes bug 19677; bugfix on 0.2.6.3-alpha. Patch by teor.
Minor bugfixes (options):
Check the consistency of UseEntryGuards and EntryNodes more reliably. Fixes bug 20074; bugfix on 0.2.4.12-alpha. Patch by teor.
Stop changing the configured value of UseEntryGuards on authorities and Tor2web clients. Fixes bug 20074; bugfix on commits 51fc6799 in 0.1.1.16-rc and acda1735 in 0.2.4.3-alpha. Patch by teor.
Minor bugfixes (relay):
Ensure relays don't make multiple connections during bootstrap. Fixes bug 20591; bugfix on 0.2.8.1-alpha.
Do not try to parallelize workers more than 16x without the user explicitly configuring us to do so, even if we do detect more than 16 CPU cores. Fixes bug 19968; bugfix on 0.2.3.1-alpha.
Minor bugfixes (testing):
The test-stem and test-network makefile targets now depend only on the tor binary that they are testing. Previously, they depended on "make all". Fixes bug 18240; bugfix on 0.2.8.2-alpha. Based on a patch from "cypherpunks".
Allow clients to retry HSDirs much faster in test networks. Fixes bug 19702; bugfix on 0.2.7.1-alpha. Patch by teor.
Avoid a unit test failure on systems with over 16 detectable CPU cores. Fixes bug 19968; bugfix on 0.2.3.1-alpha.
Let backtrace tests work correctly under AddressSanitizer: disable ASAN's detection of segmentation faults while running test_bt.sh, so that we can make sure that our own backtrace generation code works. Fixes bug 18934; bugfix on 0.2.5.2-alpha. Patch from "cypherpunks".
Fix the test-network-all target on out-of-tree builds by using the correct path to the test driver script. Fixes bug 19421; bugfix on 0.2.7.3-rc.
Stop spurious failures in the local interface address discovery unit tests. Fixes bug 20634; bugfix on 0.2.8.1-alpha; patch by Neel Chauhan.
Use ECDHE ciphers instead of ECDH in tortls tests. LibreSSL has removed the ECDH ciphers which caused the tests to fail on platforms which use it. Fixes bug 20460; bugfix on 0.2.8.1-alpha.
The tor_tls_server_info_callback unit test no longer crashes when debug-level logging is turned on. Fixes bug 20041; bugfix on 0.2.8.1-alpha.
Minor bugfixes (time):
Improve overflow checks in tv_udiff and tv_mdiff. Fixes bug 19483; bugfix on all released tor versions.
When computing the difference between two times in milliseconds, we now round to the nearest millisecond correctly. Previously, we could sometimes round in the wrong direction. Fixes bug 19428; bugfix on 0.2.2.2-alpha.
Minor bugfixes (Tor2web):
Prevent Tor2web clients from running hidden services: these services are not anonymous due to the one-hop client paths. Fixes bug 19678. Patch by teor.
Minor bugfixes (user interface):
Display a more accurate number of suppressed messages in the log rate-limiter. Previously, there was a potential integer overflow in the counter. Now, if the number of messages hits a maximum, the rate-limiter doesn't count any further. Fixes bug 19435; bugfix on 0.2.4.11-alpha.
Fix a typo in the passphrase prompt for the ed25519 identity key. Fixes bug 19503; bugfix on 0.2.7.2-alpha.
Code simplification and refactoring:
Remove redundant declarations of the MIN macro. Closes ticket 18889.
Rename tor_dup_addr() to tor_addr_to_str_dup() to avoid confusion. Closes ticket 18462; patch from "icanhasaccount".
Split the 600-line directory_handle_command_get function into separate functions for different URL types. Closes ticket 16698.
Documentation:
Add module-level internal documentation for 36 C files that previously didn't have a high-level overview. Closes ticket 20385.
Correct the IPv6 syntax in our documentation for the VirtualAddrNetworkIPv6 torrc option. Closes ticket 19743.
Correct the minimum bandwidth value in torrc.sample, and queue a corresponding change for torrc.minimal. Closes ticket 20085.
Fix spelling of "--enable-tor2web-mode" in the manpage. Closes ticket 19153. Patch from "U+039b".
Module-level documentation for several more modules. Closes tickets 19287 and 19290.
Document the --passphrase-fd option in the tor manpage. Fixes bug 19504; bugfix on 0.2.7.3-rc.
Document the default PathsNeededToBuildCircuits value that's used by clients when the directory authorities don't set min_paths_for_circs_pct. Fixes bug 20117; bugfix on 0.2.4.10-alpha. Patch by teor, reported by Jesse V.
Fix manual for the User option: it takes a username, not a UID. Fixes bug 19122; bugfix on 0.0.2pre16 (the first version to have a manpage!).
Fix the description of the --passphrase-fd option in the tor-gencert manpage. The option is used to pass the number of a file descriptor to read the passphrase from, not to read the file descriptor from. Fixes bug 19505; bugfix on 0.2.0.20-alpha.
Removed code:
We no longer include the (dead, deprecated) bufferevent code in Tor. Closes ticket 19450. Based on a patch from "U+039b".
Removed features:
Remove support for "GET /tor/bytes.txt" DirPort request, and "GETINFO dir-usage" controller request, which were only available via a compile-time option in Tor anyway. Feature was added in 0.2.2.1-alpha. Resolves ticket 19035.
There is no longer a compile-time option to disable support for TransPort. (If you don't want TransPort, just don't use it.) Patch from "U+039b". Closes ticket 19449.
Testing:
Run more workqueue tests as part of "make check". These had previously been implemented, but you needed to know special command-line options to enable them.
We now have unit tests for our code to reject zlib "compression bombs". (Fortunately, the code works fine.)

New in Tor 0.2.8.11 (Dec 8, 2016)

New in Tor 0.2.8.10 (Dec 5, 2016)

New in Tor 0.2.8.8 (Sep 25, 2016)

New in Tor 0.2.8.7 (Aug 29, 2016)

New in Tor 0.2.8.6 (Aug 4, 2016)

New system requirements:
Tor no longer attempts to support platforms where the "time_t" type is unsigned. (To the best of our knowledge, only OpenVMS does this, and Tor has never actually built on OpenVMS.) Closes ticket 18184.
Tor no longer supports versions of OpenSSL with a broken implementation of counter mode. (This bug was present in OpenSSL 1.0.0, and was fixed in OpenSSL 1.0.0a.) Tor still detects, but no longer runs with, these versions.
Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or later (released in 2008 and 2009 respectively). If you are building Tor from the git repository instead of from the source distribution, and your tools are older than this, you will need to upgrade. Closes ticket 17732.
Directory authority changes:
Update the V3 identity key for the dannenberg directory authority: it was changed on 18 November 2015. Closes task 17906. Patch by teor.
Urras is no longer a directory authority. Closes ticket 19271.
Major features (directory system):
Include a trial list of default fallback directories, based on an opt-in survey of suitable relays. Doing this should make clients bootstrap more quickly and reliably, and reduce the load on the directory authorities. Closes ticket 15775. Patch by teor. Candidates identified using an OnionOO script by weasel, teor, gsathya, and karsten.
Previously only relays that explicitly opened a directory port (DirPort) accepted directory requests from clients. Now all relays, with and without a DirPort, accept and serve tunneled directory requests that they receive through their ORPort. You can disable this behavior using the new DirCache option. Closes ticket 12538.
When bootstrapping multiple consensus downloads at a time, use the first one that starts downloading, and close the rest. This reduces failures when authorities or fallback directories are slow or down. Together with the code for feature 15775, this feature should reduces failures due to fallback churn. Implements ticket 4483. Patch by teor. Implements IPv4 portions of proposal 210 by mikeperry and teor.
Major features (security, Linux):
When Tor starts as root on Linux and is told to switch user ID, it can now retain the capability to bind to low ports. By default, Tor will do this only when it's switching user ID and some low ports have been configured. You can change this behavior with the new option KeepBindCapabilities. Closes ticket 8195.
Major bugfixes (client, bootstrapping):
Check if bootstrap consensus downloads are still needed when the linked connection attaches. This prevents tor making unnecessary begindir-style connections, which are the only directory connections tor clients make since the fix for 18483 was merged.
Fix some edge cases where consensus download connections may not have been closed, even though they were not needed. Related to fix for 18809.
Make relays retry consensus downloads the correct number of times, rather than the more aggressive client retry count. Fixes part of ticket 18809.
Major bugfixes (dns proxy mode, crash):
Avoid crashing when running as a DNS proxy. Fixes bug 16248; bugfix on 0.2.0.1-alpha. Patch from "cypherpunks".
Major bugfixes (ed25519, voting):
Actually enable support for authorities to match routers by their Ed25519 identities. Previously, the code had been written, but some debugging code that had accidentally been left in the codebase made it stay turned off. Fixes bug 17702; bugfix on 0.2.7.2-alpha.
When collating votes by Ed25519 identities, authorities now include a "NoEdConsensus" flag if the ed25519 value (or lack thereof) for a server does not reflect the majority consensus. Related to bug 17668; bugfix on 0.2.7.2-alpha.
When generating a vote with keypinning disabled, never include two entries for the same ed25519 identity. This bug was causing authorities to generate votes that they could not parse when a router violated key pinning by changing its RSA identity but keeping its Ed25519 identity. Fixes bug 17668; fixes part of bug 18318. Bugfix on 0.2.7.2-alpha.
Major bugfixes (key management):
If OpenSSL fails to generate an RSA key, do not retain a dangling pointer to the previous (uninitialized) key value. The impact here should be limited to a difficult-to-trigger crash, if OpenSSL is running an engine that makes key generation failures possible, or if OpenSSL runs out of memory. Fixes bug 19152; bugfix on 0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and Baishakhi Ray.
Major bugfixes (security, client, DNS proxy):
Stop a crash that could occur when a client running with DNSPort received a query with multiple address types, and the first address type was not supported. Found and fixed by Scott Dial. Fixes bug 18710; bugfix on 0.2.5.4-alpha.
Major bugfixes (security, compilation):
Correctly detect compiler flags on systems where _FORTIFY_SOURCE is predefined. Previously, our use of -D_FORTIFY_SOURCE would cause a compiler warning, thereby making other checks fail, and needlessly disabling compiler-hardening support. Fixes one case of bug 18841; bugfix on 0.2.3.17-beta. Patch from "trudokal".
Repair hardened builds under the clang compiler. Previously, our use of _FORTIFY_SOURCE would conflict with clang's address sanitizer. Fixes bug 14821; bugfix on 0.2.5.4-alpha.
Major bugfixes (security, pointers):
Avoid a difficult-to-trigger heap corruption attack when extending a smartlist to contain over 16GB of pointers. Fixes bug 18162; bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely. Reported by Guido Vranken.
Major bugfixes (testing):
Fix a bug that would block 'make test-network-all' on systems where IPv6 packets were lost. Fixes bug 19008; bugfix on 0.2.7.3-rc.
Major bugfixes (user interface):
Correctly give a warning in the cases where a relay is specified by nickname, and one such relay is found, but it is not officially Named. Fixes bug 19203; bugfix on 0.2.3.1-alpha.
Minor features (accounting):
Added two modes to the AccountingRule option: One for limiting only the number of bytes sent ("AccountingRule out"), and one for limiting only the number of bytes received ("AccountingRule in"). Closes ticket 15989; patch from "unixninja92".
Minor features (bug-resistance):
Make Tor survive errors involving connections without a corresponding event object. Previously we'd fail with an assertion; now we produce a log message. Related to bug 16248.
Use tor_snprintf() and tor_vsnprintf() even in external and low- level code, to harden against accidental failures to NUL- terminate. Part of ticket 17852. Patch from jsturgix. Found with Flawfinder.
Minor features (build):
Detect systems with FreeBSD-derived kernels (such as GNU/kFreeBSD) as having possible IPFW support. Closes ticket 18448. Patch from Steven Chamberlain.
Since our build process now uses "make distcheck", we no longer force "make dist" to depend on "make check". Closes ticket 17893; patch from "cypherpunks".
Tor now builds once again with the recent OpenSSL 1.1 development branch (tested against 1.1.0-pre5 and 1.1.0-pre6-dev). We have been tracking OpenSSL 1.1 development as it has progressed, and fixing numerous compatibility issues as they arose. See tickets 17549, 17921, 17984, 19499, and 18286.
When building manual pages, set the timezone to "UTC", so that the output is reproducible. Fixes bug 19558; bugfix on 0.2.2.9-alpha. Patch from intrigeri.
Minor features (clients):
Make clients, onion services, and bridge relays always use an encrypted begindir connection for directory requests. Resolves ticket 18483. Patch by teor.
Minor features (controller):
Add 'GETINFO exit-policy/reject-private/[default,relay]', so controllers can examine the the reject rules added by ExitPolicyRejectPrivate. This makes it easier for stem to display exit policies.
Adds the FallbackDir entries to 'GETINFO config/defaults'. Closes tickets 16774 and 17817. Patch by George Tankersley.
New 'GETINFO hs/service/desc/id/' command to retrieve a hidden service descriptor from a service's local hidden service descriptor cache. Closes ticket 14846.
Minor features (crypto):
Add SHA3 and SHAKE support to crypto.c. Closes ticket 17783.
Add SHA512 support to crypto.c. Closes ticket 17663; patch from George Tankersley.
Improve performance when hashing non-multiple of 8 sized buffers, based on Andrew Moon's public domain SipHash-2-4 implementation. Fixes bug 17544; bugfix on 0.2.5.3-alpha.
Validate the hard-coded Diffie-Hellman parameters and ensure that p is a safe prime, and g is a suitable generator. Closes ticket 18221.
When allocating a digest state object, allocate no more space than we actually need. Previously, we would allocate as much space as the state for the largest algorithm would need. This change saves up to 672 bytes per circuit. Closes ticket 17796.
Minor features (directory downloads):
Add UseDefaultFallbackDirs, which enables any hard-coded fallback directory mirrors. The default is 1; set it to 0 to disable fallbacks. Implements ticket 17576. Patch by teor.
Wait for busy authorities and fallback directories to become non- busy when bootstrapping. (A similar change was made in 6c443e987d for directory caches chosen from the consensus.) Closes ticket 17864; patch by teor.
Minor features (geoip):
Update geoip and geoip6 to the July 6 2016 Maxmind GeoLite2 Country database.
Minor features (hidden service directory):
Streamline relay-side hsdir handling: when relays consider whether to accept an uploaded hidden service descriptor, they no longer check whether they are one of the relays in the network that is "supposed" to handle that descriptor. Implements ticket 18332.
Minor features (IPv6):
Add ClientPreferIPv6DirPort, which is set to 0 by default. If set to 1, tor prefers IPv6 directory addresses.
Add ClientUseIPv4, which is set to 1 by default. If set to 0, tor avoids using IPv4 for client OR and directory connections.
Add address policy assume_action support for IPv6 addresses.
Add an argument 'ipv6=address:orport' to the DirAuthority and FallbackDir torrc options, to specify an IPv6 address for an authority or fallback directory. Add hard-coded ipv6 addresses for directory authorities that have them. Closes ticket 17327; patch from Nick Mathewson and teor.
Allow users to configure directory authorities and fallback directory servers with IPv6 addresses and ORPorts. Resolves ticket 6027.
Limit IPv6 mask bits to 128.
Make tor_ersatz_socketpair work on IPv6-only systems. Fixes bug 17638; bugfix on 0.0.2pre8. Patch by teor.
Try harder to obey the IP version restrictions "ClientUseIPv4 0", "ClientUseIPv6 0", "ClientPreferIPv6ORPort", and "ClientPreferIPv6DirPort". Closes ticket 17840; patch by teor.
Warn when comparing against an AF_UNSPEC address in a policy, it's almost always a bug. Closes ticket 17863; patch by teor.
routerset_parse now accepts IPv6 literal addresses. Fixes bug 17060; bugfix on 0.2.1.3-alpha. Patch by teor.
Minor features (Linux seccomp2 sandbox):
Reject attempts to change our Address with "Sandbox 1" enabled. Changing Address with Sandbox turned on would never actually work, but previously it would fail in strange and confusing ways. Found while fixing 18548.
Minor features (logging):
When logging to syslog, allow a tag to be added to the syslog identity (the string prepended to every log message). The tag can be configured with SyslogIdentityTag and defaults to none. Setting it to "foo" will cause logs to be tagged as "Tor-foo". Closes ticket 17194.
Minor features (portability):
Use timingsafe_memcmp() where available. Closes ticket 17944; patch from .
Minor features (relay, address discovery):
Add a family argument to get_interface_addresses_raw() and subfunctions to make network interface address interogation more efficient. Now Tor can specifically ask for IPv4, IPv6 or both types of interfaces from the operating system. Resolves ticket 17950.
When get_interface_address6_list(.,AF_UNSPEC,.) is called and fails to enumerate interface addresses using the platform-specific API, have it rely on the UDP socket fallback technique to try and find out what IP addresses (both IPv4 and IPv6) our machine has. Resolves ticket 17951.
Minor features (replay cache):
The replay cache now uses SHA256 instead of SHA1. Implements feature 8961. Patch by teor, issue reported by rransom.
Minor features (robustness):
Exit immediately with an error message if the code attempts to use Libevent without having initialized it. This should resolve some frequently-made mistakes in our unit tests. Closes ticket 18241.
Minor features (security, clock):
Warn when the system clock appears to move back in time (when the state file was last written in the future). Tor doesn't know that consensuses have expired if the clock is in the past. Patch by teor. Implements ticket 17188.
Minor features (security, exit policies):
ExitPolicyRejectPrivate now rejects more private addresses by default. Specifically, it now rejects the relay's outbound bind addresses (if configured), and the relay's configured port addresses (such as ORPort and DirPort). Fixes bug 17027; bugfix on 0.2.0.11-alpha. Patch by teor.
Minor features (security, memory erasure):
Make memwipe() do nothing when passed a NULL pointer or buffer of zero size. Check size argument to memwipe() for underflow. Fixes bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", patch by teor.
Set the unused entries in a smartlist to NULL. This helped catch a (harmless) bug, and shouldn't affect performance too much. Implements ticket 17026.
Use SecureMemoryWipe() function to securely clean memory on Windows. Previously we'd use OpenSSL's OPENSSL_cleanse() function. Implements feature 17986.
Use explicit_bzero or memset_s when present. Previously, we'd use OpenSSL's OPENSSL_cleanse() function. Closes ticket 7419; patches from and .
Minor features (security, RNG):
Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely, positively are not allowed to fail. Previously we depended on internal details of OpenSSL's behavior. Closes ticket 17686.
Never use the system entropy output directly for anything besides seeding the PRNG. When we want to generate important keys, instead of using system entropy directly, we now hash it with the PRNG stream. This may help resist certain attacks based on broken OS entropy implementations. Closes part of ticket 17694.
Use modern system calls (like getentropy() or getrandom()) to generate strong entropy on platforms that have them. Closes ticket 13696.
Minor features (security, win32):
Set SO_EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing attack. Fixes bug 18123; bugfix on all tor versions. Patch by teor.
Minor features (unix domain sockets):
Add a new per-socket option, RelaxDirModeCheck, to allow creating Unix domain sockets without checking the permissions on the parent directory. (Tor checks permissions by default because some operating systems only check permissions on the parent directory. However, some operating systems do look at permissions on the socket, and tor's default check is unneeded.) Closes ticket 18458. Patch by weasel.
Minor features (unix file permissions):
Defer creation of Unix sockets until after setuid. This avoids needing CAP_CHOWN and CAP_FOWNER when using systemd's CapabilityBoundingSet, or chown and fowner when using SELinux. Implements part of ticket 17562. Patch from Jamie Nguyen.
If any directory created by Tor is marked as group readable, the filesystem group is allowed to be either the default GID or the root user. Allowing root to read the DataDirectory prevents the need for CAP_READ_SEARCH when using systemd's CapabilityBoundingSet, or dac_read_search when using SELinux. Implements part of ticket 17562. Patch from Jamie Nguyen.
Introduce a new DataDirectoryGroupReadable option. If it is set to 1, the DataDirectory will be made readable by the default GID. Implements part of ticket 17562. Patch from Jamie Nguyen.
Minor bugfixes (accounting):
The max bandwidth when using 'AccountRule sum' is now correctly logged. Fixes bug 18024; bugfix on 0.2.6.1-alpha. Patch from "unixninja92".
Minor bugfixes (assert, portability):
Fix an assertion failure in memarea.c on systems where "long" is shorter than the size of a pointer. Fixes bug 18716; bugfix on 0.2.1.1-alpha.
Minor bugfixes (bootstrap):
Consistently use the consensus download schedule for authority certificates. Fixes bug 18816; bugfix on 0.2.4.13-alpha.
Minor bugfixes (build):
Avoid spurious failures from configure files related to calling exit(0) in TOR_SEARCH_LIBRARY. Fixes bug 18625; bugfix on 0.2.0.1-alpha. Patch from "cypherpunks".
Do not link the unit tests against both the testing and non- testing versions of the static libraries. Fixes bug 18490; bugfix on 0.2.7.1-alpha.
Resolve warnings when building on systems that are concerned with signed char. Fixes bug 18728; bugfix on 0.2.7.2-alpha and 0.2.6.1-alpha.
Silence spurious clang-scan warnings in the ed25519_donna code by explicitly initializing some objects. Fixes bug 18384; bugfix on 0.2.7.2-alpha. Patch by teor.
When libscrypt.h is found, but no libscrypt library can be linked, treat libscrypt as absent. Fixes bug 19161; bugfix on 0.2.6.1-alpha.
Cause the unit tests to compile correctly on mingw64 versions that lack sscanf. Fixes bug 19213; bugfix on 0.2.7.1-alpha.
Don't try to use the pthread_condattr_setclock() function unless it actually exists. Fixes compilation on NetBSD-6.x. Fixes bug 17819; bugfix on 0.2.6.3-alpha.
Fix backtrace compilation on FreeBSD. Fixes bug 17827; bugfix on 0.2.5.2-alpha.
Fix search for libevent libraries on OpenBSD (and other systems that install libevent 1 and libevent 2 in parallel). Fixes bug 16651; bugfix on 0.1.0.7-rc. Patch from "rubiate".
Isolate environment variables meant for tests from the rest of the build system. Fixes bug 17818; bugfix on 0.2.7.3-rc.
Mark all object files that include micro-revision.i as depending on it, so as to make parallel builds more reliable. Fixes bug 17826; bugfix on 0.2.5.1-alpha.
Remove config.log only from make distclean, not from make clean. Fixes bug 17924; bugfix on 0.2.4.1-alpha.
Replace usage of 'INLINE' with 'inline'. Fixes bug 17804; bugfix on 0.0.2pre8.
Remove an #endif from configure.ac so that we correctly detect the presence of in6_addr.s6_addr32. Fixes bug 17923; bugfix on 0.2.0.13-alpha.
Minor bugfixes (client, bootstrap):
Count receipt of new microdescriptors as progress towards bootstrapping. Previously, with EntryNodes set, Tor might not successfully repopulate the guard set on bootstrapping. Fixes bug 16825; bugfix on 0.2.3.1-alpha.
Minor bugfixes (code correctness):
Fix a bad memory handling bug that would occur if we had queued a cell on a channel's incoming queue. Fortunately, we can't actually queue a cell like that as our code is constructed today, but it's best to avoid this kind of error, even if there isn't any code that triggers it today. Fixes bug 18570; bugfix on 0.2.4.4-alpha.
Assert that allocated memory held by the reputation code is freed according to its internal counters. Fixes bug 17753; bugfix on 0.1.1.1-alpha.
Assert when the TLS contexts fail to initialize. Fixes bug 17683; bugfix on 0.0.6.
Update to the latest version of Trunnel, which tries harder to avoid generating code that can invoke memcpy(p,NULL,0). Bug found by clang address sanitizer. Fixes bug 18373; bugfix on 0.2.7.2-alpha.
When closing an entry connection, generate a warning if we should have sent an end cell for it but we haven't. Fixes bug 17876; bugfix on 0.2.3.2-alpha.
Minor bugfixes (configuration):
Fix a tiny memory leak when parsing a port configuration ending in ":auto". Fixes bug 18374; bugfix on 0.2.3.3-alpha.
Minor bugfixes (containers):
If we somehow attempt to construct a heap with more than 1073741822 elements, avoid an integer overflow when maintaining the heap property. Fixes bug 18296; bugfix on 0.1.2.1-alpha.
Minor bugfixes (controller, microdescriptors):
Make GETINFO dir/status-vote/current/consensus conform to the control specification by returning "551 Could not open cached consensus..." when not caching consensuses. Fixes bug 18920; bugfix on 0.2.2.6-alpha.
Minor bugfixes (crypto):
Check the return value of HMAC() and assert on failure. Fixes bug 17658; bugfix on 0.2.3.6-alpha. Patch by teor.
Minor bugfixes (directories):
When fetching extrainfo documents, compare their SHA256 digests and Ed25519 signing key certificates with the routerinfo that led us to fetch them, rather than with the most recent routerinfo. Otherwise we generate many spurious warnings about mismatches. Fixes bug 17150; bugfix on 0.2.7.2-alpha.
When generating a URL for a directory server on an IPv6 address, wrap the IPv6 address in square brackets. Fixes bug 18051; bugfix on 0.2.3.9-alpha. Patch from Malek.
Minor bugfixes (downloading):
Predict more correctly whether we'll be downloading over HTTP when we determine the maximum length of a URL. This should avoid a "BUG" warning about the Squid HTTP proxy and its URL limits. Fixes bug 19191.
Minor bugfixes (exit policies, security):
Refresh an exit relay's exit policy when interface addresses change. Previously, tor only refreshed the exit policy when the configured external address changed. Fixes bug 18208; bugfix on 0.2.7.3-rc. Patch by teor.
Minor bugfixes (fallback directories):
Mark fallbacks as "too busy" when they return a 503 response, rather than just marking authorities. Fixes bug 17572; bugfix on 0.2.4.7-alpha. Patch by teor.
When requesting extrainfo descriptors from a trusted directory server, check whether it is an authority or a fallback directory which supports extrainfo descriptors. Fixes bug 18489; bugfix on 0.2.4.7-alpha. Reported by atagar, patch by teor.
Minor bugfixes (hidden service, client):
Handle the case where the user makes several fast consecutive requests to the same .onion address. Previously, the first six requests would each trigger a descriptor fetch, each picking a directory (there are 6 overall) and the seventh one would fail because no directories were left, thereby triggering a close on all current directory connections asking for the hidden service. The solution here is to not close the connections if we have pending directory fetches. Fixes bug 15937; bugfix on 0.2.7.1-alpha.
Minor bugfixes (hidden service, control port):
Add the onion address to the HS_DESC event for the UPLOADED action both on success or failure. It was previously hardcoded with UNKNOWN. Fixes bug 16023; bugfix on 0.2.7.2-alpha.
Minor bugfixes (hidden service, directory):
Bridges now refuse "rendezvous2" (hidden service descriptor) publish attempts. Suggested by ticket 18332.
Minor bugfixes (IPv6):
Update the limits in max_dl_per_request for IPv6 address length. Fixes bug 17573; bugfix on 0.2.1.5-alpha.
Minor bugfixes (Linux seccomp2 sandbox):
Allow more syscalls when running with "Sandbox 1" enabled: sysinfo, getsockopt(SO_SNDBUF), and setsockopt(SO_SNDBUFFORCE). On some systems, these are required for Tor to start. Fixes bug 18397; bugfix on 0.2.5.1-alpha. Patch from Daniel Pinto.
Allow IPPROTO_UDP datagram sockets when running with "Sandbox 1", so that get_interface_address6_via_udp_socket_hack() can work. Fixes bug 19660; bugfix on 0.2.5.1-alpha.
Allow the setrlimit syscall, and the prlimit and prlimit64 syscalls, which some libc implementations use under the hood. Fixes bug 15221; bugfix on 0.2.5.1-alpha.
Avoid a 10-second delay when starting as a client with "Sandbox 1" enabled and no DNS resolvers configured. This should help TAILS start up faster. Fixes bug 18548; bugfix on 0.2.5.1-alpha.
Fix a crash when using offline master ed25519 keys with the Linux seccomp2 sandbox enabled. Fixes bug 17675; bugfix on 0.2.7.3-rc.
Allow statistics to be written to disk when "Sandbox 1" is enabled. Fixes bugs 19556 and 19957; bugfix on 0.2.5.1-alpha and 0.2.6.1-alpha respectively.
Minor bugfixes (logging):
In log messages that include a function name, use __FUNCTION__ instead of __PRETTY_FUNCTION__. In GCC, these are synonymous, but with clang __PRETTY_FUNCTION__ has extra information we don't need. Fixes bug 16563; bugfix on 0.0.2pre8. Fix by Tom van der Woerdt.
Remove needless quotes from a log message about unparseable addresses. Fixes bug 17843; bugfix on 0.2.3.3-alpha.
Scrub service name in "unrecognized service ID" log messages. Fixes bug 18600; bugfix on 0.2.4.11-alpha.
When logging information about an unparsable networkstatus vote or consensus, do not say "vote" when we mean consensus. Fixes bug 18368; bugfix on 0.2.0.8-alpha.
When we can't generate a signing key because OfflineMasterKey is set, do not imply that we should have been able to load it. Fixes bug 18133; bugfix on 0.2.7.2-alpha.
When logging a malformed hostname received through socks4, scrub it if SafeLogging says we should. Fixes bug 17419; bugfix on 0.1.1.16-rc.
Minor bugfixes (memory safety):
Avoid freeing an uninitialized pointer when opening a socket fails in get_interface_addresses_ioctl(). Fixes bug 18454; bugfix on 0.2.3.11-alpha. Reported by toralf and "cypherpunks", patch by teor.
Fix a memory leak in "tor --list-fingerprint". Fixes part of bug 18672; bugfix on 0.2.5.1-alpha.
Fix a memory leak in tor-gencert. Fixes part of bug 18672; bugfix on 0.2.0.1-alpha.
Minor bugfixes (pluggable transports):
Avoid reporting a spurious error when we decide that we don't need to terminate a pluggable transport because it has already exited. Fixes bug 18686; bugfix on 0.2.5.5-alpha.
Minor bugfixes (pointer arithmetic):
Fix a bug in memarea_alloc() that could have resulted in remote heap write access, if Tor had ever passed an unchecked size to memarea_alloc(). Fortunately, all the sizes we pass to memarea_alloc() are pre-checked to be less than 128 kilobytes. Fixes bug 19150; bugfix on 0.2.1.1-alpha. Bug found by Guido Vranken.
Minor bugfixes (private directory):
Prevent a race condition when creating private directories. Fixes part of bug 17852; bugfix on 0.0.2pre13. Part of ticket 17852. Patch from jsturgix. Found with Flawfinder.
Minor bugfixes (relays):
Check that both the ORPort and DirPort (if present) are reachable before publishing a relay descriptor. Otherwise, relays publish a descriptor with DirPort 0 when the DirPort reachability test takes longer than the ORPort reachability test. Fixes bug 18050; bugfix on 0.1.0.1-rc. Reported by "starlight", patch by teor.
Resolve some edge cases where we might launch an ORPort reachability check even when DisableNetwork is set. Noticed while fixing bug 18616; bugfix on 0.2.3.9-alpha.
Minor bugfixes (relays, hidden services):
Refuse connection requests to private OR addresses unless ExtendAllowPrivateAddresses is set. Previously, tor would connect, then refuse to send any cells to a private address. Fixes bugs 17674 and 8976; bugfix on 0.2.3.21-rc. Patch by teor.
Minor bugfixes (security, hidden services):
Prevent hidden services connecting to client-supplied rendezvous addresses that are reserved as internal or multicast. Fixes bug 8976; bugfix on 0.2.3.21-rc. Patch by dgoulet and teor.
Minor bugfixes (statistics):
Consistently check for overflow in round_*_to_next_multiple_of functions, and add unit tests with additional and maximal values. Fixes part of bug 13192; bugfix on 0.2.2.1-alpha.
Handle edge cases in the laplace functions: avoid division by zero, avoid taking the log of zero, and silence clang type conversion warnings using round and trunc. Add unit tests for edge cases with maximal values. Fixes part of bug 13192; bugfix on 0.2.6.2-alpha.
We now include consensus downloads via IPv6 in our directory- request statistics. Fixes bug 18460; bugfix on 0.2.3.14-alpha.
Minor bugfixes (test networks, IPv6):
Allow internal IPv6 addresses in descriptors in test networks. Fixes bug 17153; bugfix on 0.2.3.16-alpha. Patch by teor, reported by karsten.
Minor bugfixes (testing):
Check the full results of SHA256 and SHA512 digests in the unit tests. Bugfix on 0.2.2.4-alpha. Patch by teor.
Fix a memory leak in the ntor test. Fixes bug 17778; bugfix on 0.2.4.8-alpha.
Fix a small memory leak that would occur when the TestingEnableCellStatsEvent option was turned on. Fixes bug 18673; bugfix on 0.2.5.2-alpha.
Make unit tests pass on IPv6-only systems, and systems without localhost addresses (like some FreeBSD jails). Fixes bug 17632; bugfix on 0.2.7.3-rc. Patch by teor.
The test for log_heartbeat was incorrectly failing in timezones with non-integer offsets. Instead of comparing the end of the time string against a constant, compare it to the output of format_local_iso_time when given the correct input. Fixes bug 18039; bugfix on 0.2.5.4-alpha.
We no longer disable assertions in the unit tests when coverage is enabled. Instead, we require you to say --disable-asserts-in-tests to the configure script if you need assertions disabled in the unit tests (for example, if you want to perform branch coverage). Fixes bug 18242; bugfix on 0.2.7.1-alpha.
Minor bugfixes (time handling):
When correcting a corrupt 'struct tm' value, fill in the tm_wday field. Otherwise, our unit tests crash on Windows. Fixes bug 18977; bugfix on 0.2.2.25-alpha.
Avoid overflow in tor_timegm when parsing dates in and after 2038 on platforms with 32-bit time_t. Fixes bug 18479; bugfix on 0.0.2pre14. Patch by teor.
Minor bugfixes (tor-gencert):
Correctly handle the case where an authority operator enters a passphrase but sends an EOF before sending a newline. Fixes bug 17443; bugfix on 0.2.0.20-rc. Found by junglefowl.
Code simplification and refactoring:
Clean up a little duplicated code in crypto_expand_key_material_TAP(). Closes ticket 17587; patch from "pfrankw".
Decouple the list of streams waiting to be attached to circuits from the overall connection list. This change makes it possible to attach streams quickly while simplifying Tor's callgraph and avoiding O(N) scans of the entire connection list. Closes ticket 17590.
Extract the more complicated parts of circuit_mark_for_close() into a new function that we run periodically before circuits are freed. This change removes more than half of the functions currently in the "blob". Closes ticket 17218.
Move logging of redundant policy entries in policies_parse_exit_policy_internal into its own function. Closes ticket 17608; patch from "juce".
Quote all the string interpolations in configure.ac -- even those which we are pretty sure can't contain spaces. Closes ticket 17744. Patch from zerosion.
Remove code for configuring OpenSSL dynamic locks; OpenSSL doesn't use them. Closes ticket 17926.
Remove specialized code for non-inplace AES_CTR. 99% of our AES is inplace, so there's no need to have a separate implementation for the non-inplace code. Closes ticket 18258. Patch from Malek.
Simplify return types for some crypto functions that can't actually fail. Patch from Hassan Alsibyani. Closes ticket 18259.
When a direct directory request fails immediately on launch, instead of relaunching that request from inside the code that launches it, instead mark the connection for teardown. This change simplifies Tor's callback and prevents the directory-request launching code from invoking itself recursively. Closes ticket 17589.
Documentation:
Add a description of the correct use of the '--keygen' command- line option. Closes ticket 17583; based on text by 's7r'.
Change build messages to refer to "Fedora" instead of "Fedora Core", and "dnf" instead of "yum". Closes tickets 18459 and 18426. Patches from "icanhasaccount" and "cypherpunks".
Document the contents of the 'datadir/keys' subdirectory in the manual page. Closes ticket 17621.
Document the minimum HeartbeatPeriod value. Closes ticket 15638.
Explain actual minima for BandwidthRate. Closes ticket 16382.
Fix a minor formatting typo in the manpage. Closes ticket 17791.
Mention torspec URL in the manpage and point the reader to it whenever we mention a document that belongs in torspce. Fixes issue 17392.
Stop recommending use of nicknames to identify relays in our MapAddress documentation. Closes ticket 18312.
Removed features:
Remove client-side support for connecting to Tor relays running versions of Tor before 0.2.3.6-alpha. These relays didn't support the v3 TLS handshake protocol, and are no longer allowed on the Tor network. Implements the client side of ticket 11150. Based on patches by Tom van der Woerdt.
We no longer maintain an internal freelist in memarea.c. Allocators should be good enough to make this code unnecessary, and it's doubtful that it ever had any performance benefit.
Testing:
Add unit tests to check for common RNG failure modes, such as returning all zeroes, identical values, or incrementing values (OpenSSL's rand_predictable feature). Patch by teor.
Always test both ed25519 backends, so that we can be sure that our batch-open replacement code works. Part of ticket 16794.
Cover dns_resolve_impl() in dns.c with unit tests. Implements a portion of ticket 16831.
Fix several warnings from clang's address sanitizer produced in the unit tests.
Log more information when the backtrace tests fail. Closes ticket 17892. Patch from "cypherpunks."
More unit tests for compat_libevent.c, procmon.c, tortls.c, util_format.c, directory.c, and options_validate.c. Closes tickets 17075, 17082, 17084, 17003, and 17076 respectively. Patches from Ola Bini.
Treat backtrace test failures as expected on FreeBSD until we solve bug 17808. Closes ticket 18204.
Unit tests for directory_handle_command_get. Closes ticket 17004. Patch from Reinaldo de Souza Jr.

New in Tor 0.2.7.2 Alpha (Aug 7, 2015)

Major features (Ed25519 identity keys, Proposal 220):
All relays now maintain a stronger identity key, using the Ed25519 elliptic curve signature format. This master key is designed so that it can be kept offline. Relays also generate an online signing key, and a set of other Ed25519 keys and certificates. These are all automatically regenerated and rotated as needed. Implements part of ticket 12498.
Directory authorities now vote on Ed25519 identity keys along with RSA1024 keys. Implements part of ticket 12498.
Directory authorities track which Ed25519 identity keys have been used with which RSA1024 identity keys, and do not allow them to vary freely. Implements part of ticket 12498.
Microdescriptors now include Ed25519 identity keys. Implements part of ticket 12498.
Add support for offline encrypted Ed25519 master keys. To use this feature on your tor relay, run "tor --keygen" to make a new master key (or to make a new signing key if you already have a master key). Closes ticket 13642.
Major features (Hidden services):
Add the torrc option HiddenServiceNumIntroductionPoints, to specify a fixed number of introduction points. Its maximum value is 10 and default is 3. Using this option can increase a hidden service's reliability under load, at the cost of making it more visible that the hidden service is facing extra load. Closes ticket 4862.
Remove the adaptive algorithm for choosing the number of introduction points, which used to change the number of introduction points (poorly) depending on the number of connections the HS sees. Closes ticket 4862.
Major features (onion key cross-certification):
Relay descriptors now include signatures of their own identity keys, made using the TAP and ntor onion keys. These signatures allow relays to prove ownership of their own onion keys. Because of this change, microdescriptors will no longer need to include RSA identity keys. Implements proposal 228; closes ticket 12499.
Major features (performance):
Improve the runtime speed of Ed25519 operations by using the public-domain Ed25519-donna by Andrew M. ("floodyberry"). Implements ticket 16467.
Improve the runtime speed of the ntor handshake by using an optimized curve25519 basepoint scalarmult implementation from the public-domain Ed25519-donna by Andrew M. ("floodyberry"), based on ideas by Adam Langley. Implements ticket 9663.
Major bugfixes (client-side privacy, also in 0.2.6.9):
Properly separate out each SOCKSPort when applying stream isolation. The error occurred because each port's session group was being overwritten by a default value when the listener connection was initialized. Fixes bug 16247; bugfix on 0.2.6.3-alpha. Patch by "jojelino".
Major bugfixes (hidden service clients, stability, also in 0.2.6.10):
Stop refusing to store updated hidden service descriptors on a client. This reverts commit 9407040c59218 (which indeed fixed bug 14219, but introduced a major hidden service reachability regression detailed in bug 16381). This is a temporary fix since we can live with the minor issue in bug 14219 (it just results in some load on the network) but the regression of 16381 is too much of a setback. First-round fix for bug 16381; bugfix on 0.2.6.3-alpha.
Major bugfixes (hidden services):
When cannibalizing a circuit for an introduction point, always extend to the chosen exit node (creating a 4 hop circuit). Previously Tor would use the current circuit exit node, which changed the original choice of introduction point, and could cause the hidden service to skip excluded introduction points or reconnect to a skipped introduction point. Fixes bug 16260; bugfix on 0.1.0.1-rc.
Major bugfixes (open file limit):
The open file limit wasn't checked before calling tor_accept_socket_nonblocking(), which would make Tor exceed the limit. Now, before opening a new socket, Tor validates the open file limit just before, and if the max has been reached, return an error. Fixes bug 16288; bugfix on 0.1.1.1-alpha.
Major bugfixes (stability, also in 0.2.6.10):
Stop crashing with an assertion failure when parsing certain kinds of malformed or truncated microdescriptors. Fixes bug 16400; bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch by "cypherpunks_backup".
Stop random client-side assertion failures that could occur when connecting to a busy hidden service, or connecting to a hidden service while a NEWNYM is in progress. Fixes bug 16013; bugfix on 0.1.0.1-rc.
Minor features (directory authorities, security, also in 0.2.6.9):
The HSDir flag given by authorities now requires the Stable flag. For the current network, this results in going from 2887 to 2806 HSDirs. Also, it makes it harder for an attacker to launch a sybil attack by raising the effort for a relay to become Stable to require at the very least 7 days, while maintaining the 96 hours uptime requirement for HSDir. Implements ticket 8243.
Minor features (client):
Relax the validation of hostnames in SOCKS5 requests, allowing the character '_' to appear, in order to cope with domains observed in the wild that are serving non-RFC compliant records. Resolves ticket 16430.
Relax the validation done to hostnames in SOCKS5 requests, and allow a single trailing '.' to cope with clients that pass FQDNs using that syntax to explicitly indicate that the domain name is fully-qualified. Fixes bug 16674; bugfix on 0.2.6.2-alpha.
Add GroupWritable and WorldWritable options to unix-socket based SocksPort and ControlPort options. These options apply to a single socket, and override {Control,Socks}SocketsGroupWritable. Closes ticket 15220.
Minor features (control protocol):
Support network-liveness GETINFO key and NETWORK_LIVENESS event in the control protocol. Resolves ticket 15358.
Minor features (directory authorities):
Directory authorities no longer vote against the "Fast", "Stable", and "HSDir" flags just because they were going to vote against "Running": if the consensus turns out to be that the router was running, then the authority's vote should count. Patch from Peter Retzlaff; closes issue 8712.
Minor features (geoip, also in 0.2.6.10):
Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
Minor features (hidden services):
Add the new options "HiddenServiceMaxStreams" and "HiddenServiceMaxStreamsCloseCircuit" to allow hidden services to limit the maximum number of simultaneous streams per circuit, and optionally tear down the circuit when the limit is exceeded. Part of ticket 16052.
Minor features (portability):
Use C99 variadic macros when the compiler is not GCC. This avoids failing compilations on MSVC, and fixes a log-file-based race condition in our old workarounds. Original patch from Gisle Vanem.
Minor bugfixes (compilation, also in 0.2.6.9):
Build with --enable-systemd correctly when libsystemd is installed, but systemd is not. Fixes bug 16164; bugfix on 0.2.6.3-alpha. Patch from Peter Palfrader.
Minor bugfixes (controller):
Add the descriptor ID in each HS_DESC control event. It was missing, but specified in control-spec.txt. Fixes bug 15881; bugfix on 0.2.5.2-alpha.
Minor bugfixes (crypto error-handling, also in 0.2.6.10):
Check for failures from crypto_early_init, and refuse to continue. A previous typo meant that we could keep going with an uninitialized crypto library, and would have OpenSSL initialize its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced when implementing ticket 4900. Patch by "teor".
Minor bugfixes (hidden services):
Fix a crash when reloading configuration while at least one configured and one ephemeral hidden service exists. Fixes bug 16060; bugfix on 0.2.7.1-alpha.
Avoid crashing with a double-free bug when we create an ephemeral hidden service but adding it fails for some reason. Fixes bug 16228; bugfix on 0.2.7.1-alpha.
Minor bugfixes (Linux seccomp2 sandbox):
Use the sandbox in tor_open_cloexec whether or not O_CLOEXEC is defined. Patch by "teor". Fixes bug 16515; bugfix on 0.2.3.1-alpha.
Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.10):
Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need these when eventfd2() support is missing. Fixes bug 16363; bugfix on 0.2.6.3-alpha. Patch from "teor".
Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.9):
Fix sandboxing to work when running as a relay, by allowing the renaming of secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader.
Allow systemd connections to work with the Linux seccomp2 sandbox code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by Peter Palfrader.
Minor bugfixes (relay):
Fix a rarely-encountered memory leak when failing to initialize the thread pool. Fixes bug 16631; bugfix on 0.2.6.3-alpha. Patch from "cypherpunks".
Minor bugfixes (systemd):
Fix an accidental formatting error that broke the systemd configuration file. Fixes bug 16152; bugfix on 0.2.7.1-alpha.
Tor's systemd unit file no longer contains extraneous spaces. These spaces would sometimes confuse tools like deb-systemd- helper. Fixes bug 16162; bugfix on 0.2.5.5-alpha.
Minor bugfixes (tests):
Use the configured Python executable when running test-stem-full. Fixes bug 16470; bugfix on 0.2.7.1-alpha.
Minor bugfixes (tests, also in 0.2.6.9):
Fix a crash in the unit tests when built with MSVC2013. Fixes bug 16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
Minor bugfixes (threads, comments):
Always initialize return value in compute_desc_id in rendcommon.c Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
Check for NULL values in getinfo_helper_onions(). Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
Remove undefined directive-in-macro in test_util_writepid clang 3.7 complains that using a preprocessor directive inside a macro invocation in test_util_writepid in test_util.c is undefined. Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
Code simplification and refactoring:
Define WINVER and _WIN32_WINNT centrally, in orconfig.h, in order to ensure they remain consistent and visible everywhere.
Remove some vestigial workarounds for the MSVC6 compiler. We haven't supported that in ages.
The link authentication code has been refactored for better testability and reliability. It now uses code generated with the "trunnel" binary encoding generator, to reduce the risk of bugs due to programmer error. Done as part of ticket 12498.
Documentation:
Include a specific and (hopefully) accurate documentation of the torrc file's meta-format in doc/torrc_format.txt. This is mainly of interest to people writing programs to parse or generate torrc files. This document is not a commitment to long-term compatibility; some aspects of the current format are a bit ridiculous. Closes ticket 2325.
Removed features:
Tor no longer supports copies of OpenSSL that are missing support for Elliptic Curve Cryptography. (We began using ECC when available in 0.2.4.8-alpha, for more safe and efficient key negotiation.) In particular, support for at least one of P256 or P224 is now required, with manual configuration needed if only P224 is available. Resolves ticket 16140.
Tor no longer supports versions of OpenSSL before 1.0. (If you are on an operating system that has not upgraded to OpenSSL 1.0 or later, and you compile Tor from source, you will need to install a more recent OpenSSL to link Tor against.) These versions of OpenSSL are still supported by the OpenSSL, but the numerous cryptographic improvements in later OpenSSL releases makes them a clear choice. Resolves ticket 16034.
Remove the HidServDirectoryV2 option. Now all relays offer to store hidden service descriptors. Related to 16543.
Remove the VoteOnHidServDirectoriesV2 option, since all authorities have long set it to 1. Closes ticket 16543.
Testing:
Document use of coverity, clang static analyzer, and clang dynamic undefined behavior and address sanitizers in doc/HACKING. Include detailed usage instructions in the blacklist. Patch by "teor". Closes ticket 15817.
The link authentication protocol code now has extensive tests.
The relay descriptor signature testing code now has extensive tests.
The test_workqueue program now runs faster, and is enabled by default as a part of "make check".
Now that OpenSSL has its own scrypt implementation, add an unit test that checks for interoperability between libscrypt_scrypt() and OpenSSL's EVP_PBE_scrypt() so that we could not use libscrypt and rely on EVP_PBE_scrypt() whenever possible. Resolves ticket 16189.

New in Tor 0.2.6.7 (Apr 7, 2015)

New in Tor 0.2.4.18 RC (Nov 18, 2013)

Tor 0.2.4.18-rc is the fourth release candidate for the Tor 0.2.4.x series. It takes a variety of fixes from the 0.2.5.x branch to improve stability, performance, and better handling of edge cases.
Major features:
Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later. Resolves ticket 6055. (OpenSSL before 1.0.1 didn't have TLS 1.1 or 1.2, and OpenSSL from 1.0.1 through 1.0.1d had bugs that prevented renegotiation from working with TLS 1.1 or 1.2, so we had disabled them to solve bug 6033.)
Major bug fixes:
No longer stop reading or writing on cpuworker connections when our rate limiting buckets go empty. Now we should handle circuit handshake requests more promptly. Resolves bug 9731.
If we are unable to save a microdescriptor to the journal, do not drop it from memory and then reattempt downloading it. Fixes bug 9645; bugfix on 0.2.2.6-alpha.
Stop trying to bootstrap all our directory information from only our first guard. Discovered while fixing bug 9946; bugfix on 0.2.4.8-alpha.
The new channel code sometimes lost track of in-progress circuits, causing long-running clients to stop building new circuits. The fix is to always call circuit_n_chan_done(chan, 0) from channel_closed(). Fixes bug 9776; bugfix on 0.2.4.17-rc.
Minor bug fixes (on 0.2.4.x):
Correctly log long IPv6 exit policies, instead of truncating them or reporting an error. Fixes bug 9596; bugfix on 0.2.4.7-alpha.
Our default TLS ecdhe groups were backwards: we meant to be using P224 for relays (for performance win) and P256 for bridges (since it is more common in the wild). Instead we had it backwards. After reconsideration, we decided that the default should be P256 on all hosts, since its security is probably better, and since P224 is reportedly used quite little in the wild. Found by "skruffy" on IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha.
Free directory authority certificate download statuses on exit rather than leaking them. Fixes bug 9644; bugfix on 0.2.4.13-alpha.
Minor bug fixes (on 0.2.3.x and earlier):
If the guard we choose first doesn't answer, we would try the second guard, but once we connected to the second guard we would abandon it and retry the first one, slowing down bootstrapping. The fix is to treat all our initially chosen guards as acceptable to use. Fixes bug 9946; bugfix on 0.1.1.11-alpha.
Fix an assertion failure that would occur when disabling the ORPort setting on a running Tor process while accounting was enabled. Fixes bug 6979; bugfix on 0.2.2.18-alpha.
When examining the list of network interfaces to find our address, do not consider non-running or disabled network interfaces. Fixes bug 9904; bugfix on 0.2.3.11-alpha. Patch from "hantwister".
Avoid an off-by-one error when checking buffer boundaries when formatting the exit status of a pluggable transport helper. This is probably not an exploitable bug, but better safe than sorry. Fixes bug 9928; bugfix on 0.2.3.18-rc. Bug found by Pedro Ribeiro.
Minor features (protecting client timestamps):
Clients no longer send timestamps in their NETINFO cells. These were not used for anything, and they provided one small way for clients to be distinguished from each other as they moved from network to network or behind NAT. Implements part of proposal 222.
Clients now round timestamps in INTRODUCE cells down to the nearest 10 minutes. If a new Support022HiddenServices option is set to 0, or if it's set to "auto" and the feature is disabled in the consensus, the timestamp is sent as 0 instead. Implements part of proposal 222.
Stop sending timestamps in AUTHENTICATE cells. This is not such a big deal from a security point of view, but it achieves no actual good purpose, and isn't needed. Implements part of proposal 222.
Reduce down accuracy of timestamps in hidden service descriptors. Implements part of proposal 222.
Minor features (other):
Improve the circuit queue out-of-memory handler. Previously, when we ran low on memory, we'd close whichever circuits had the most queued cells. Now, we close those that have the *oldest* queued cells, on the theory that those are most responsible for us running low on memory. Based on analysis from a forthcoming paper by Jansen, Tschorsch, Johnson, and Scheuermann. Fixes bug 9093.
Generate bootstrapping status update events correctly when fetching microdescriptors. Fixes bug 9927.
Update to the October 2 2013 Maxmind GeoLite Country database.
Documentation fixes:
Clarify the usage and risks of setting the ContactInfo torrc line for your relay or bridge. Resolves ticket 9854.
Add anchors to the manpage so we can link to the html version of the documentation for specific options. Resolves ticket 9866.
Replace remaining references to DirServer in man page and log entries. Resolves ticket 10124.

New in Tor 0.2.5.1 Alpha (Oct 10, 2013)

New in Tor 0.2.4.16 RC (Aug 14, 2013)

New in Tor 0.2.4.11 Alpha (Mar 13, 2013)

New in Tor 2.2.4.3 Alpha (Sep 27, 2012)

New in Tor 2.2.35-11 (May 4, 2012)

New in Tor 0.2.3.15 Alpha (May 1, 2012)

New in Tor 0.2.3.14 Alpha (Apr 25, 2012)

New in Tor 0.2.3.12 Alpha (Feb 15, 2012)

New in Tor 0.2.3.8 Alpha (Nov 26, 2011)

New in Tor 0.2.3.3 Alpha (Sep 13, 2011)

New in Tor 0.2.2.25 Alpha (May 2, 2011)

New in Tor 0.2.2.22 Alpha (Feb 4, 2011)

New in Tor 0.2.2.21 Alpha (Jan 18, 2011)

New in Tor 0.2.2.18 Alpha (Nov 18, 2010)

New in Tor 0.2.1.25 (Apr 1, 2010)

New in Tor 0.2.1.13 Alpha (Mar 13, 2009)

New in Tor 0.2.0.34 (Feb 10, 2009)

New in Tor 0.2.0.33 (Jan 22, 2009)

New in Tor 0.2.1.9 Alpha (Jan 5, 2009)

New in Tor 0.2.1.8 Alpha (Dec 10, 2008)

New in Tor 0.2.0.32 (Dec 5, 2008)

New in Tor 0.2.1.7 Alpha (Nov 21, 2008)

New in Tor 0.2.1.6 Alpha (Oct 13, 2008)

New in Tor 0.2.0.31 (Sep 10, 2008)

New in Tor 0.2.0.30 (Aug 28, 2008)