From: Andrew Lewman, Executive Director To: the tor community Date: January 2011 This report documents progress in January 2011. # New releases, new hires, new funding ## New Releases 1. On January 4th, we released the latest in the alpha branch of torbutton, version 1.3.1. This release features a fix for the nasty pref dialog issue in 1.3.0 (bug \#2011), as well as Firefox 4.0 support. Thanks to new APIs in Firefox 3.5 and better privacy options in Firefox 4, Torbutton has now been simplified as well. While we still provide a number of XPCOM components, the number of native Firefox components we replace has shrunk from 5 to just one. However, the amount of changes involved in supporting Firefox 4 were substantial, and it is likely that these changes as well as the removal of old code has introduced new bugs. We've done our best to test out operation on Firefox 3.6 and 4.0, but we have not tested Firefox 3.0, and may have missed other issues as well. Here is the complete changelog: * bugfix: bug 1894: Amnesia is now called TAILS (patch from intrigeri) * bugfix: bug 2315: Remove reference to TorVM (patch from intrigeri) * bugfix: bug 2011: Fix preference dialog issues (patch from chrisdoble) * bugfix: Fix some incorrect log lines in RefSpoofer * new: Support Firefox 4.0 (many changes) * new: Place button in the nav-bar (FF4 killed the status-bar) * misc: No longer reimplement the session store, use new APIs instead * misc: Simplify crash detection and startup mode settings 2. On January 7th, A new release of arm was released, including enhancements targeted at performance and cross platform compatibility. In particular, this release provides... 1. Vastly Better Resolver Performance. By far the most expensive thing that arm does is ps and netstat/lsof/etc lookups. While wandering around development forums I discovered psutil, an awesome library for cross platform resolution of system and process information. For OSX and BSD they're using ps and lsof lookups just like arm. However, for Linux they had a very different approach, querying proc contents directly. I adapted the functions for arm and it cut the runtime for resource and connection resolution by 90%. Many thanks to the authors of psutil (Jay Loden, Dave Daeschler, and Giampaolo Rodola')! 2. BSD Compatibility. For a long time FreeBSD has been arm's nemesis. Its variant of netstat can't get connection pids, the ss resolving utility belongs to a spreadsheet program instead, and even pid resolution failed (breaking resource stats and numerous other things). However, thanks to patches and testing by Fabian Keil and Hans Schnehl arm now has BSD counterparts for all of these, plus autodetection for BSD Jails. 3. Expanded Distribution. Peter and I have finished revisions for the arm deb and it's now pending feedback from the Debian FTP admins. Arm is also now available on ArchLinux thanks to Spider.007 and Fabian mentioned that he might be interested in doing a FreeBSD port. 4. Volunteer Recruiting. Being the lone developer of arm is kinda lonely. I'd love to find other people interested in hacking on the code with me. To this end, and in anticipation of GSOC 2011, I've added a project to Tor's volunteer page ("Client Mode Use Cases for Arm"). Plus numerous other fixes and improvements (for details see the release notes). As always, screenshots and downloads are available from the project's homepage: 3. On January 9th, The Tor Browser Bundles were updated with some important security fixes and it is advised that all users upgrade. Geolocation has been disabled and some prefs added as a workaround for bug 2338. - Linux bundles, version 1.1.2. Update Firefox preferences to be more secure and disable geolocation to address \#2338 - OS X bundle, version 1.0.9. Update Firefox preferences to be more secure and disable geolocation to address \#2338 - Windows bundles, version 1.3.16. Update Firefox preferences to be more secure and disable geolocation to address \#2338 4. On January 10th, we updated the OS X PPC packages after a long hiatus due to failed hardware. They are now available in stable (0.2.1.28) and alpha (0.2.2.20-alpha) versions, both with the latest Vidalia (0.2.10). 5. On January 15th, we released the latest in the stable Tor series, version Tor 0.2.1.29. This continues our recent code security audit work. The main fix resolves a remote heap overflow vulnerability that can allow remote code execution. Other fixes address a variety of assert and crash bugs, most of which we think are hard to exploit remotely. All Tor users should upgrade. Changes in version 0.2.1.29: o Major bugfixes (security): - Fix a heap overflow bug where an adversary could cause heap corruption. This bug probably allows remote code execution attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on 0.1.2.10-rc. - Prevent a denial-of-service attack by disallowing any zlib-compressed data whose compression factor is implausibly high. Fixes part of bug 2324; reported by "doorss". - Zero out a few more keys in memory before freeing them. Fixes bug 2384 and part of bug 2385. These key instances found by "cypherpunks", based on Andrew Case's report about being able to find sensitive data in Tor's memory space if you have enough permissions. Bugfix on 0.0.2pre9. o Major bugfixes (crashes): - Prevent calls to Libevent from inside Libevent log handlers. This had potential to cause a nasty set of crashes, especially if running Libevent with debug logging enabled, and running Tor with a controller watching for low-severity log messages. Bugfix on 0.1.0.2-rc. Fixes bug 2190. - Add a check for SIZE_T_MAX to tor_realloc() to try to avoid underflow errors there too. Fixes the other part of bug 2324. - Fix a bug where we would assert if we ever had a cached-descriptors.new file (or another file read directly into memory) of exactly SIZE_T_CEILING bytes. Fixes bug 2326; bugfix on 0.2.1.25. Found by doorss. - Fix some potential asserts and parsing issues with grossly malformed router caches. Fixes bug 2352; bugfix on Tor 0.2.1.27. Found by doorss. o Minor bugfixes (other): - Fix a bug with handling misformed replies to reverse DNS lookup requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a bug reported by doorss. - Fix compilation on mingw when a pthreads compatibility library has been installed. (We don't want to use it, so we shouldn't be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc. - Fix a bug where we would declare that we had run out of virtual addresses when the address space was only half-exhausted. Bugfix on 0.1.2.1-alpha. - Correctly handle the case where AutomapHostsOnResolve is set but no virtual addresses are available. Fixes bug 2328; bugfix on 0.1.2.1-alpha. Bug found by doorss. - Correctly handle wrapping around when we run out of virtual address space. Found by cypherpunks, bugfix on 0.2.0.5-alpha. o Minor features: - Update to the January 1 2011 Maxmind GeoLite Country database. - Introduce output size checks on all of our decryption functions. o Build changes: - Tor does not build packages correctly with Automake 1.6 and earlier; added a check to Makefile.am to make sure that we're building with Automake 1.7 or later. - The 0.2.1.28 tarball was missing src/common/OpenBSD_malloc_Linux.c because we built it with a too-old version of automake. Thus that release broke ./configure --enable-openbsd-malloc, which is popular among really fast exit relays on Linux. 6. On January 16, we released many updated packages. - Windows expert packages (stable & alpha) - Vidalia bundles (stable & alpha for Windows, and OS X ppc & x86) - Tor Browser Bundles for Windows, Linux, and OS X (see below for other updates) - RPM packages (stable & alpha) - Debian and Ubuntu packages (stable & alpha) - Tor Browser Bundles -- Windows Bundles, version 1.3.17 Update Tor to 0.2.1.29 -- Linux Bundles, verson 1.1.3 Update Tor to 0.2.2.21-alpha Update NoScript to 2.0.9.3 -- OS X Bundles, version 1.0.10 Update Tor to 0.2.2.21-alpha Update NoScript to 2.0.9. 7. On January 15th, we released the latest in the Tor alpha series, version 0.2.2.21-alpha. It includes all the patches from Tor 0.2.1.29, which continues our recent code security audit work. The main fix resolves a remote heap overflow vulnerability that can allow remote code execution (CVE-2011-0427). Other fixes address a variety of assert and crash bugs, most of which we think are hard to exploit remotely. Changes in version 0.2.2.21-alpha o Major bugfixes (security), also included in 0.2.1.29: - Fix a heap overflow bug where an adversary could cause heap corruption. This bug probably allows remote code execution attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on 0.1.2.10-rc. - Prevent a denial-of-service attack by disallowing any zlib-compressed data whose compression factor is implausibly high. Fixes part of bug 2324; reported by "doorss". - Zero out a few more keys in memory before freeing them. Fixes bug 2384 and part of bug 2385. These key instances found by "cypherpunks", based on Andrew Case's report about being able to find sensitive data in Tor's memory space if you have enough permissions. Bugfix on 0.0.2pre9. o Major bugfixes (crashes), also included in 0.2.1.29: - Prevent calls to Libevent from inside Libevent log handlers. This had potential to cause a nasty set of crashes, especially if running Libevent with debug logging enabled, and running Tor with a controller watching for low-severity log messages. Bugfix on 0.1.0.2-rc. Fixes bug 2190. - Add a check for SIZE_T_MAX to tor_realloc() to try to avoid underflow errors there too. Fixes the other part of bug 2324. - Fix a bug where we would assert if we ever had a cached-descriptors.new file (or another file read directly into memory) of exactly SIZE_T_CEILING bytes. Fixes bug 2326; bugfix on 0.2.1.25. Found by doorss. - Fix some potential asserts and parsing issues with grossly malformed router caches. Fixes bug 2352; bugfix on Tor 0.2.1.27. Found by doorss. o Minor bugfixes (other), also included in 0.2.1.29: - Fix a bug with handling misformed replies to reverse DNS lookup requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a bug reported by doorss. - Fix compilation on mingw when a pthreads compatibility library has been installed. (We don't want to use it, so we shouldn't be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc. - Fix a bug where we would declare that we had run out of virtual addresses when the address space was only half-exhausted. Bugfix on 0.1.2.1-alpha. - Correctly handle the case where AutomapHostsOnResolve is set but no virtual addresses are available. Fixes bug 2328; bugfix on 0.1.2.1-alpha. Bug found by doorss. - Correctly handle wrapping around when we run out of virtual address space. Found by cypherpunks; bugfix on 0.2.0.5-alpha. o Minor features, also included in 0.2.1.29: - Update to the January 1 2011 Maxmind GeoLite Country database. - Introduce output size checks on all of our decryption functions. o Build changes, also included in 0.2.1.29: - Tor does not build packages correctly with Automake 1.6 and earlier; added a check to Makefile.am to make sure that we're building with Automake 1.7 or later. - The 0.2.1.28 tarball was missing src/common/OpenBSD_malloc_Linux.c because we built it with a too-old version of automake. Thus that release broke ./configure --enable-openbsd-malloc, which is popular among really fast exit relays on Linux. o Major bugfixes, new in 0.2.2.21-alpha: - Prevent crash/heap corruption when the cbtnummodes consensus parameter is set to 0 or large values. Fixes bug 2317; bugfix on 0.2.2.14-alpha. o Major features, new in 0.2.2.21-alpha: - Introduce minimum/maximum values that clients will believe from the consensus. Now we'll have a better chance to avoid crashes or worse when a consensus param has a weird value. o Minor features, new in 0.2.2.21-alpha: - Make sure to disable DirPort if running as a bridge. DirPorts aren't used on bridges, and it makes bridge scanning somewhat easier. - If writing the state file to disk fails, wait up to an hour before retrying again, rather than trying again each second. Fixes bug 2346; bugfix on Tor 0.1.1.3-alpha. - Make Libevent log messages get delivered to controllers later, and not from inside the Libevent log handler. This prevents unsafe reentrant Libevent calls while still letting the log messages get through. - Detect platforms that brokenly use a signed size_t, and refuse to build there. Found and analyzed by doorss and rransom. - Fix a bunch of compile warnings revealed by mingw with gcc 4.5. Resolves bug 2314. o Minor bugfixes, new in 0.2.2.21-alpha: - Handle SOCKS messages longer than 128 bytes long correctly, rather than waiting forever for them to finish. Fixes bug 2330; bugfix on 0.2.0.16-alpha. Found by doorss. - Add assertions to check for overflow in arguments to base32_encode() and base32_decode(); fix a signed-unsigned comparison there too. These bugs are not actually reachable in Tor, but it's good to prevent future errors too. Found by doorss. - Correctly detect failures to create DNS requests when using Libevent versions before v2. (Before Libevent 2, we used our own evdns implementation. Its return values for Libevent's evdns_resolve_*() functions are not consistent with those from Libevent.) Fixes bug 2363; bugfix on 0.2.2.6-alpha. Found by "lodger". o Documentation, new in 0.2.2.21-alpha: - Document the default socks host and port (127.0.0.1:9050) for tor-resolve. 8. On January 20th, the TAILS LiveCD/USB team released an updated version, 0.6.2. It is available at . It contains: * Tor: upgrade to 0.2.1.29 (fixes CVE-2011-0427). * Software - Upgrade Linux kernel, dpkg, libc6, NSS, OpenSSL, libxml2 (fixes various security issues). - Upgrade Claws Mail to 3.7.6 (new backport). - Install Liferea, tcpdump and tcpflow. * Seahorse: use hkp:// transport as it does not support hkps://. * FireGPG: use hkps:// to connect to the configured keyserver. * Build system: take note of the Debian Live tools versions being used to make next point-release process faster. * APT: don't ship package indices. 9. On January 25th, we released Tor 0.2.2.22-alpha. It fixes a few more less-critical security issues. The main other change is a slight tweak to Tor's TLS handshake that makes relays and bridges that run this new version reachable from Iran again. We don't expect this tweak will win the arms race long-term, but it will buy us a bit more time until we roll out a better solution. Anybody running a relay or bridge who wants it to work for Iran should upgrade. Changes in version 0.2.2.22-alpha o Major bugfixes: - Fix a bounds-checking error that could allow an attacker to remotely crash a directory authority. Bugfix on 0.2.1.5-alpha. Found by "piebeer". - Don't assert when changing from bridge to relay or vice versa via the controller. The assert happened because we didn't properly initialize our keys in this case. Bugfix on 0.2.2.18-alpha; fixes bug 2433. Reported by bastik. o Minor features: - Adjust our TLS Diffie-Hellman parameters to match those used by Apache's mod_ssl. - Provide a log message stating which geoip file we're parsing instead of just stating that we're parsing the geoip file. Implements ticket 2432. o Minor bugfixes: - Check for and reject overly long directory certificates and directory tokens before they have a chance to hit any assertions. Bugfix on 0.2.1.28 / 0.2.2.20-alpha. Found by "doorss". 10. Released new VisiTor version 0.0.4 that contains a Python version of the weblog-parsing script contributed by Kiyoto Tamura and two minor fixes. # Design, develop, and implement enhancements that make Tor a better tool for users in censored countries. - From the 0.2.2.22-alpha release notes, Adjust our TLS Diffie-Hellman parameters to match those used by Apache's mod\_ssl. This is a slight tweak to Tor's TLS handshake that makes relays and bridges that run this new version reachable from Iran again. - Started discussion of TLS normalization. The developer discussion is at - Continued discussions of pluggable transports. The draft specification can be found at . The start of the discussion can be found on the or-dev mailing list at . - Started discussion of Proposal 176 to change the version 3 handshake to not use TLS renegotiation. Proposal 176 is at . The developer discussion starts at . - Andrew and Roger documented the features in the Tor -alpha software that allow users to use a SOCKS proxy as a circumvention method should Tor be blocked in some manner. . # Architecture and technical design docs for Tor enhancements related to blocking-resistance. - Continued discussions of pluggable transports. The draft specification can be found at . The start of the discussion can be found on the or-dev mailing list at . # Hide Tor's network signature. - From the 0.2.2.22-alpha release notes, Adjust our TLS Diffie-Hellman parameters to match those used by Apache's mod\_ssl. This is a slight tweak to Tor's TLS handshake that makes relays and bridges that run this new version reachable from Iran again. - Started discussion of TLS normalization. The developer discussion is at - Continued discussions of pluggable transports. The draft specification can be found at . The start of the discussion can be found on the or-dev mailing list at . - Started discussion of Proposal 176 to change the version 3 handshake to not use TLS renegotiation. Proposal 176 is at . The developer discussion starts at . # Grow the Tor network and user base. Outreach. ## Measures of the Tor Network ![image](relayflags-Exit-2011-01-31-72-day-2011-01-01) This graph shows the total quantity of exit relays in January 2011. Due to events in Egypt, we had a marked increase in exit relays joining the network. ![image](networksize-2011-01-31-72-2011-01-01) This graph shows the total quantity of relays and the total quantity of bridges in January 2011. Due to events in Egypt, we had a marked increase in relays and bridges joining the network. ![image](torperf-all-2011-01-31-72-50kb-2011-01-01) This graphs shows how many seconds it took to complete a 50KB download from a standard Tor client. This is an average of all measurements from servers located in Illinois, Massachusetts, and Sweden. Performance remains relatively steady at 5 seconds. ![image](bandwidth-2011-01-31-72-2011-01-01) This graph shows the total available bandwidth available to clients and how much was actually used throughout the month. The influx of relays at the end of the month creates almost 1GBps (8 Gbps) of bandwidth available. * * * * * ## Outreach and Advocacy 1. Held a successful public hackfest at MIT's Center for Future Civic Media, . 2. Due to the events in Egypt, Tor usage by activists, and human rights organizations requesting our technical help, we were featured in over 30 news stories, interviews, and articles. The master list of the media highlights is at . # Preconfigured privacy (circumvention) bundles for USB or LiveCD. - See 2.0 for the updated Tor Browser Bundles for OSX, Windows, and Linux. - The TAILS live CD/USB project continued to document their security model, designs, and overall software configuration. # Bridge relay and bridge authority work. - Karsten did some work to publish sanitized bridge pool assignments. We're going to publish the information which distribution pool a bridge is assigned to. The distribution pool defines whether we're giving out bridges via HTTP, via email, or not at all (reserved pool). The plan is to remove all sensitive information from bridge pool assignments before making them available on . The discussion was started on the or-dev list at . # Scalability, load balancing, directory overhead, efficiency. - We released an updated version of Tor Weather, . Tor Weather is a web application used to allow tor relay operators to sign up for notices when their relay is offline, drops below a threshold of bandwidth served, and receive notifications when a new version of tor is released. This version of the web application was written by the Wesleyan University Humantarian Free and Open Source Software (HFOSS) team working on Tor for their summer project, . - Karsten started improving metrics-db performance, so that it can scale to five years of data with 10K relays and 5K bridges. This included a few tricks to avoid parsing the same data twice. Also changed the database schema to use SQL arrays to store bandwidth histories, which is apparently a less used part of PostgreSQL, because he found a confirmed bug in PostgreSQL 8.2 (released 2006-12-05). - Karsten found two major, if not blocking, bugs in Torouter when run on the suggested Buffalo hardware. The Excito hardware does not have these problems. The bug numbers are 2334, , and 2376, . - Karsten found and fixed a problematic bridge sanitizer bug that made us keep original IP addresses in reject lines. Updated metrics-db and sanitized all bridge descriptors since May 2008 once again. The latter kept two of our computers busy for 2.5 weeks. - Karsten started with exporting bridge pool assignments and restarted discussion about preserving hashed IP addresses in bridge descriptors. - Karsten upgraded Torperfs to output information about which circuits they used for measuring download times. Made data available on metrics website. Added new graphs combining all Torperf sources and showing the fraction of timeouts and failures. Started Torperfs with custom entry guard selection strategies. - Karsten talked to Björn Scheuermann and Florian Tschorsch about performance improvements in Tor. Working on a patch with them to be included in Tor 0.2.3.x. - Karsten improved graphs on metrics-web by adding more countries and by allowing users to customize the graph image resolution. # Incentives work. Nothing to report. # More reliable (e.g. split) download mechanism. - Sebastian and Erinn started to tackle Thandy and Hudson work. They solved the Hudson issue on Windows and made a good deal of progress on getting Thandy set up, understanding the different roles and responsibilities of each in the Thandy system. Installing files by copying into the right place works, but the packaging db that would be required for TBB is not yet working. # Footprints from Tor Browser Bundle. Nothing to report. # Translation work, ultimately a browser-based approach. - Updated translations for the following languages: af ak am arn ast be bg bn bn\_IN csb cy dz eo eu fil fur ga gl gun ha he hi ht hu is it km kn kw lb ln lo lt lv mg mi mk ml mn mr ms mt nah nap ne nn nso oc pa pap pms ps sco son sw ta te tg th ti tk uk ur ve wa zh\_HK zu.