New release: Tor 0.3.4.9

We have a new stable release today. If you build Tor from source, you can download the source code for Tor 0.3.4.9 from the download page on the website. Packages should be available within the next several weeks, with a new Tor Browser by mid-December.

Tor 0.3.4.9 is the second stable release in its series; it backports numerous fixes, including a fix for a bandwidth management bug that was causing memory exhaustion on relays. Anyone running an earlier version of Tor 0.3.4.9 should upgrade.

Changes In Version 0.3.4.9 – 2018-11-02

  • Major bugfixes (compilation, backport from 0.3.5.3-alpha):
    • Fix compilation on ARM (and other less-used CPUs) when compiling with OpenSSL before 1.1. Fixes bug 27781; bugfix on 0.3.4.1-alpha.
  • Major bugfixes (mainloop, bootstrap, backport from 0.3.5.3-alpha):
    • Make sure Tor bootstraps and works properly if only the ControlPort is set. Prior to this fix, Tor would only bootstrap when a client port was set (Socks, Trans, NATD, DNS or HTTPTunnel port). Fixes bug 27849; bugfix on 0.3.4.1-alpha.
  • Major bugfixes (relay, backport from 0.3.5.3-alpha):
    • When our write bandwidth limit is exhausted, stop writing on the connection. Previously, we had a typo in the code that would make us stop reading instead, leading to relay connections being stuck indefinitely and consuming kernel RAM. Fixes bug 28089; bugfix on 0.3.4.1-alpha.
  • Major bugfixes (restart-in-process, backport from 0.3.5.1-alpha):
    • Fix a use-after-free error that could be caused by passing Tor an impossible set of options that would fail during options_act(). Fixes bug 27708; bugfix on 0.3.3.1-alpha.
  • Minor features (continuous integration, backport from 0.3.5.1-alpha):
    • Don’t do a distcheck with –disable-module-dirauth in Travis. Implements ticket 27252.
    • Only run one online rust build in Travis, to reduce network errors. Skip offline rust builds on Travis for Linux gcc, because they’re redundant. Implements ticket 27252.
    • Skip gcc on OSX in Travis CI, because it’s rarely used. Skip a duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on Linux with default settings, because all the non-default builds use gcc on Linux. Implements ticket 27252.
  • Minor features (continuous integration, backport from 0.3.5.3-alpha):
    • Use the Travis Homebrew addon to install packages on macOS during Travis CI. The package list is the same, but the Homebrew addon does not do a `brew update` by default. Implements ticket 27738.
  • Minor features (geoip):
    • Update geoip and geoip6 to the October 9 2018 Maxmind GeoLite2 Country database. Closes ticket 27991.
  • Minor bugfixes (32-bit OSX and iOS, timing, backport from 0.3.5.2-alpha):
    • Fix an integer overflow bug in our optimized 32-bit millisecond- difference algorithm for 32-bit Apple platforms. Previously, it would overflow when calculating the difference between two times more than 47 days apart. Fixes part of bug 27139; bugfix on 0.3.4.1-alpha.
    • Improve the precision of our 32-bit millisecond difference algorithm for 32-bit Apple platforms. Fixes part of bug 27139; bugfix on 0.3.4.1-alpha.
    • Relax the tolerance on the mainloop/update_time_jumps test when running on 32-bit Apple platforms. Fixes part of bug 27139; bugfix on 0.3.4.1-alpha.
  • Minor bugfixes (C correctness, to appear in 0.3.5.4-alpha):
    • Avoid undefined behavior in an end-of-string check when parsing the BEGIN line in a directory object. Fixes bug 28202; bugfix on 0.2.0.3-alpha.
  • Minor bugfixes (CI, appveyor, to appear in 0.3.5.4-alpha):
    • Only install the necessary mingw packages during our appveyor builds. This change makes the build a little faster, and prevents a conflict with a preinstalled mingw openssl that appveyor now ships. Fixes bugs 27943 and 27765; bugfix on 0.3.4.2-alpha.
  • Minor bugfixes (code safety, backport from 0.3.5.3-alpha):
    • Rewrite our assertion macros so that they no longer suppress the compiler’s -Wparentheses warnings. Fixes bug 27709; bugfix
  • Minor bugfixes (continuous integration, backport from 0.3.5.1-alpha):
    • Stop reinstalling identical packages in our Windows CI. Fixes bug 27464; bugfix on 0.3.4.1-alpha.
  • Minor bugfixes (directory authority, to appear in 0.3.5.4-alpha):
    • Log additional info when we get a relay that shares an ed25519 ID with a different relay, instead making a BUG() warning. Fixes bug 27800; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (directory connection shutdown, backport from 0.3.5.1-alpha):
    • Avoid a double-close when shutting down a stalled directory connection. Fixes bug 26896; bugfix on 0.3.4.1-alpha.
  • Minor bugfixes (HTTP tunnel, backport from 0.3.5.1-alpha):
    • Fix a bug warning when closing an HTTP tunnel connection due to an HTTP request we couldn’t handle. Fixes bug 26470; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (netflow padding, backport from 0.3.5.1-alpha):
    • Ensure circuitmux queues are empty before scheduling or sending padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha.
  • Minor bugfixes (onion service v3, backport from 0.3.5.1-alpha):
    • When the onion service directory can’t be created or has the wrong permissions, do not log a stack trace. Fixes bug 27335; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (onion service v3, backport from 0.3.5.2-alpha):
    • Close all SOCKS request (for the same .onion) if the newly fetched descriptor is unusable. Before that, we would close only the first one leaving the other hanging and let to time out by themselves. Fixes bug 27410; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (onion service v3, backport from 0.3.5.3-alpha):
    • When selecting a v3 rendezvous point, don’t only look at the protover, but also check whether the curve25519 onion key is present. This way we avoid picking a relay that supports the v3 rendezvous but for which we don’t have the microdescriptor. Fixes bug 27797; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (protover, backport from 0.3.5.3-alpha):
    • Reject protocol names containing bytes other than alphanumeric characters and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix on 0.2.9.4-alpha.
  • Minor bugfixes (rust, backport from 0.3.5.1-alpha):
    • Compute protover votes correctly in the rust version of the protover code. Previously, the protover rewrite in 24031 allowed repeated votes from the same voter for the same protocol version to be counted multiple times in protover_compute_vote(). Fixes bug 27649; bugfix on 0.3.3.5-rc.
    • Reject protover names that contain invalid characters. Fixes bug 27687; bugfix on 0.3.3.1-alpha.
  • Minor bugfixes (rust, backport from 0.3.5.2-alpha):
    • protover_all_supported() would attempt to allocate up to 16GB on some inputs, leading to a potential memory DoS. Fixes bug 27206; bugfix on 0.3.3.5-rc.
  • Minor bugfixes (rust, directory authority, to appear in 0.3.5.4-alpha):
    • Fix an API mismatch in the rust implementation of protover_compute_vote(). This bug could have caused crashes on any directory authorities running Tor with Rust (which we do not yet recommend). Fixes bug 27741; bugfix on 0.3.3.6.
  • Minor bugfixes (rust, to appear in 0.3.5.4-alpha):
    • Fix a potential null dereference in protover_all_supported(). Add a test for it. Fixes bug 27804; bugfix on 0.3.3.1-alpha.
    • Return a string that can be safely freed by C code, not one created by the rust allocator, in protover_all_supported(). Fixes bug 27740; bugfix on 0.3.3.1-alpha.
  • Minor bugfixes (testing, backport from 0.3.5.1-alpha):
    • If a unit test running in a subprocess exits abnormally or with a nonzero status code, treat the test as having failed, even if the test reported success. Without this fix, memory leaks don’t cause the tests to fail, even with LeakSanitizer. Fixes bug 27658; bugfix on 0.2.2.4-alpha.
  • Minor bugfixes (testing, backport from 0.3.5.3-alpha):
    • Make the hs_service tests use the same time source when creating the introduction point and when testing it. Now tests work better on very slow systems like ARM or Travis. Fixes bug 27810; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (testing, to appear in 0.3.5.4-alpha):
    • Treat backtrace test failures as expected on BSD-derived systems (NetBSD, OpenBSD, and macOS/Darwin) until we solve bug 17808. (FreeBSD failures have been treated as expected since 18204 in 0.2.8.) Fixes bug 27948; bugfix on 0.2.5.2-alpha.

原文:https://blog.torproject.org/new-release-tor-0349

New Release: Tor Browser for Android 1.0a3

Tor Browser for Android 1.0a3 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Moreover, we backport a defense against protocol handler enumeration developed by Mozilla engineers.

Unfortunately, in this release we are temporarily introducing a regression due to a potential proxy-bypass bug within some versions of Android. Tor Browser for Android will not download a website’s “favicon” in this release (the small image shown beside the title of the webpage in the list of tabs). From our investigation into this bug, we found Android versions before Android Oreo (Android version 7 and earlier, API level 25 and earlier) leak some information about which webpage the browser is loading. This was corrected in newer versions of Android, however this temporary regression is necessary because it is likely most users have an older version of Android, and there may be other bugs we haven’t discovered yet. One bug in the Android networking code is one bug too many. We are working on a new way of downloading these icons.

The full changelog since Tor Browser for Android 1.0a2 is:

  • Update Firefox to 60.3.0esr
  • Update Torbutton to 2.1.1
  • Update HTTPS Everywhere to 2018.9.19
  • Backport of fixes for bug 1448014, 1458905, 1441345, and 1448305
  • Bug 1623: Block protocol handler enumeration (backport of fix for #680300)
  • Bug 28125: Prevent proxy-bypass bug by Android networking library

原文:https://blog.torproject.org/new-release-tor-browser-android-10a3

New Release: Tor Browser 8.5a4

Tor Browser 8.5a4 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Highlights in Tor Browser 8.5a4 are a new Tor alpha version, 0.3.5.3-alpha, a fixed layout of our macOS installer window and Stylo (Mozilla’s new CSS engine) being enabled on macOS after fixing a reproducibility issues. Please report any problems you find with those macOS related changes as we think about backporting them for the stable series.

Moreover, we backport a defense against protocol handler enumeration developed by Mozilla engineers and provide Tor Browser on all supported platforms in four additional locales: cs, el, hu, and ka.

Note: It turned out it was a bit premature to ship the new locales as we did not catch bugs in them last minute, so we don’t make them available on our download page. Sorry for the inconvenience.

The full changelog since Tor Browser 8.5a3 is:

  • All Platforms
    • Update Firefox to 60.3.0esr
    • Update Tor to 0.3.5.3-alpha
    • Update Torbutton to 2.1.1
    • Update Tor Launcher to 0.2.17
    • Update HTTPS Everywhere to 2018.9.19
    • Update NoScript to 10.1.9.9
    • Bug 1623: Block protocol handler enumeration (backport of fix for #680300)
    • Bug 27905: Fix many occurrences of “Firefox” in about:preferences
    • Bug 28082: Add locales cs, el, hu, ka
  • Windows
    • Bug 21704: Abort install if CPU is missing SSE2 support
    • Bug 28002: Fix the precomplete file in the en-US installer
  • OS X
    • Bug 26263: App icon positioned incorrectly in macOS DMG installer window
    • Bug 26475: Fix Stylo related reproducibilitiy issue
  • Linux
    • Bug 26475: Fix Stylo related reproducibilitiy issue
    • Bug 28022: Use `/usr/bin/env bash` for bash invocation
  • Android
    • Backport of fixes for bug 1448014, 1458905, 1441345, and 1448305
  • Build System
    • All Platforms
      • Bug 27218: Generate multiple Tor Browser bundles in parallel
    • Windows
    • OS X

原文:https://blog.torproject.org/new-release-tor-browser-85a4