Sun. Feb 23rd, 2020

Tor releases, free software for anonymous communications

3 min read

Tor has been released. It introduces improved features for power and bandwidth conservation, more accurate reporting of bootstrap progress for user interfaces, and an experimental backend for an exciting new adaptive padding feature. There is also the usual assortment of bugfixes and minor features, all described below.



  • Major bugfixes (onion service client, authorization):
    • On a NEWNYM signal, purge entries from the ephemeral client authorization cache. The permanent ones are kept. Fixes bug 33139; bugfix on
  • Minor features (best practices tracker):
    • Practracker now supports a –regen-overbroad option to regenerate the exceptions file, but only to revise exceptions to be _less_ tolerant of best-practices violations. Closes ticket 32372.


  • Minor features (continuous integration):
    • Run Doxygen Makefile target on Travis, so we can learn about regressions in our internal documentation. Closes ticket 32455.
    • Stop allowing failures on the Travis CI stem tests job. It looks like all the stem hangs we were seeing before are now fixed. Closes ticket 33075.
  • Minor bugfixes (build system):
    • Revise configure options that were either missing or incorrect in the configure summary. Fixes bug 32230; bugfix on
  • Minor bugfixes (controller protocol):
    • Fix a memory leak introduced by refactoring of control reply formatting code. Fixes bug 33039; bugfix on
    • Fix a memory leak in GETINFO responses. Fixes bug 33103; bugfix on
    • When receiving “ACTIVE” or “DORMANT” signals on the control port, report them as SIGNAL events. Previously we would log a bug warning. Fixes bug 33104; bugfix on
  • Minor bugfixes (logging):
    • If we encounter a bug when flushing a buffer to a TLS connection, only log the bug once per invocation of the Tor process. Previously we would log with every occurrence, which could cause us to run out of disk space. Fixes bug 33093; bugfix on
    • When logging a bug, do not say “Future instances of this warning will be silenced” unless we are actually going to silence them. Previously we would say this whenever a BUG() check failed in the code. Fixes bug 33095; bugfix on
  • Minor bugfixes (onion service v2):
    • Move a series of v2 onion service warnings to protocol-warning level because they can all be triggered remotely by a malformed request. Fixes bug 32706; bugfix on
  • Minor bugfixes (onion service v3, client authorization):
    • When removing client authorization credentials using the control port, also remove the associated descriptor, so the onion service can no longer be contacted. Fixes bug 33148; bugfix on
  • Minor bugfixes (pluggable transports):
    • When receiving a message on standard error from a pluggable transport, log it at info level, rather than as a warning. Fixes bug 33005; bugfix on
  • Minor bugfixes (rust, build):
    • Fix a syntax warning given by newer versions of Rust that was creating problems for our continuous integration. Fixes bug 33212; bugfix on
  • Minor bugfixes (TLS bug handling):
    • When encountering a bug in buf_read_from_tls(), return a “MISC” error code rather than “WANTWRITE”. This change might help avoid some CPU-wasting loops if the bug is ever triggered. Bug reported by opara. Fixes bug 32673; bugfix on
  • Code simplification and refactoring (mainloop):
    • Simplify the ip_address_changed() function by removing redundant checks. Closes ticket 33091.
  • Documentation (manpage):
    • Split “Circuit Timeout” options and “Node Selection” options into their own sections of the tor manpage. Closes tickets 32928 and 32929. Work by Swati Thacker as part of Google Season of Docs.