Tor 0.3.0.8 is released, with a fix for hidden services! (Also As are 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, and 0.2.9.11)
Hello!
Source code for a new Tor release (0.3.0.8) is now available on the
website. Among other things, it fixes two issues in earlier versions
of the hidden service code that would allow an attacker to cause a
hidden service to exit with an assertion failure.
If you're running a hidden service, you should upgrade to this
release, or one of the other versions released today. Source is
available on the website now; packages should be available over the
next several days.
Concurrently with 0.3.0.8, the following versions are also now
available: 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, and
0.2.9.11. You can find them all at https://utuhewzcso.oedi.net/
One last reminder: Tor 0.2.4, 0.2.6, and 0.2.7 will no longer be
supported after 1 August of this year. Tor 0.2.8 will not be
supported after 1 Jan of 2018. Tor 0.2.5 will not be supported after
1 May of 2018. If you need a release with long-term support, 0.2.9 is
what we recommend: we plan to support it until at least 1 Jan 2020.
Below are the changelogs for the new stable releases:
Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-004 and TROVE-2017-005.
Tor 0.3.0.8 also includes fixes for several key management bugs that sometimes made relays unreliable, as well as several other bugfixes described below.
Changes in version 0.3.0.8 - 2017-06-08
- Major bugfixes (hidden service, relay, security, backport from 0.3.1.3-alpha):
- Fix a remotely triggerable assertion failure when a hidden service handles a malformed BEGIN cell. Fixes bug 22493, tracked as TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
- Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
- Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
- When performing the v3 link handshake on a TLS connection, report that we have the x509 certificate that we actually used on that connection, even if we have changed certificates since that connection was first opened. Previously, we would claim to have used our most recent x509 link certificate, which would sometimes make the link handshake fail. Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha.
- Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
- Regenerate link and authentication certificates whenever the key that signs them changes; also, regenerate link certificates whenever the signed key changes. Previously, these processes were only weakly coupled, and we relays could (for minutes to hours) wind up with an inconsistent set of keys and certificates, which other relays would not accept. Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
- When sending an Ed25519 signing->link certificate in a CERTS cell, send the certificate that matches the x509 certificate that we used on the TLS connection. Previously, there was a race condition if the TLS context rotated after we began the TLS handshake but before we sent the CERTS cell. Fixes a case of bug 22460; bugfix on 0.3.0.1-alpha.
- Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
- Stop rejecting v3 hidden service descriptors because their size did not match an old padding rule. Fixes bug 22447; bugfix on tor-0.3.0.1-alpha.
- Minor features (fallback directory list, backport from 0.3.1.3-alpha):
- Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in December 2016 (of which ~126 were still functional) with a list of 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May 2017. Resolves ticket 21564.
- Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
- Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes bug 22252; bugfix on 0.2.9.3-alpha.
- Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
- Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
- Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
- Lower the lifetime of the RSA->Ed25519 cross-certificate to six months, and regenerate it when it is within one month of expiring. Previously, we had generated this certificate at startup with a ten-year lifetime, but that could lead to weird behavior when Tor was started with a grossly inaccurate clock. Mitigates bug 22466; mitigation on 0.3.0.1-alpha.
- Minor bugfixes (memory leak, directory authority, backport from 0.3.1.2-alpha):
- When directory authorities reject a router descriptor due to keypinning, free the router descriptor rather than leaking the memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
Tor 0.2.9.11 backports a fix for a bug that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-005. (Versions before 0.3.0 are not affected by TROVE-2017-004.)
Tor 0.2.9.11 also backports fixes for several key management bugs that sometimes made relays unreliable, as well as several other bugfixes described below.from 0.3.1.2-alpha):
Changes in version 0.2.9.11 - 2017-06-08
- Major bugfixes (hidden service, relay, security, backport from 0.3.1.3-alpha):
- Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
- Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
- When performing the v3 link handshake on a TLS connection, report that we have the x509 certificate that we actually used on that connection, even if we have changed certificates since that connection was first opened. Previously, we would claim to have used our most recent x509 link certificate, which would sometimes make the link handshake fail. Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha.
- Minor features (fallback directory list, backport from 0.3.1.3-alpha):
- Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in December 2016 (of which ~126 were still functional) with a list of 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May 2017. Resolves ticket 21564.
- Minor features (future-proofing, backport from 0.3.0.7):
- Tor no longer refuses to download microdescriptors or descriptors if they are listed as "published in the future". This change will eventually allow us to stop listing meaningful "published" dates in microdescriptor consensuses, and thereby allow us to reduce the resources required to download consensus diffs by over 50%. Implements part of ticket 21642; implements part of proposal 275.
- Minor features (directory authorities, backport from 0.3.0.4-rc):
- Minor features (geoip):
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database.
- Minor bugfixes (control port, backport from 0.3.0.6):
- The GETINFO extra-info/digest/<digest> command was broken because of a wrong base16 decode return value check, introduced when refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha.
- Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
- Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
- Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.0.7):
- The getpid() system call is now permitted under the Linux seccomp2 sandbox, to avoid crashing with versions of OpenSSL (and other libraries) that attempt to learn the process's PID by using the syscall rather than the VDSO code. Fixes bug 21943; bugfix on 0.2.5.1-alpha.
- Minor bugfixes (memory leak, directory authority, backport:
- When directory authorities reject a router descriptor due to keypinning, free the router descriptor rather than leaking the memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-005. (Versions before 0.3.0 are not affected by TROVE-2017-004.)
Changes in version 0.2.8.14 - 2017-06-08
- Major bugfixes (hidden service, relay, security):
- Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
- Minor features (geoip):
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database.
- Minor features (fallback directory list, backport from 0.3.1.3-alpha):
- Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in December 2016 (of which ~126 were still functional) with a list of 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May 2017. Resolves ticket 21564.
- Minor bugfixes (correctness):
- Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-005. (Versions before 0.3.0 are not affected by TROVE-2017-004.)
Changes in version 0.2.7.8 - 2017-06-08
- Major bugfixes (hidden service, relay, security):
- Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
- Minor features (geoip):
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database.
- Minor bugfixes (correctness):
- Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
Tor 0.2.6.12 backports a fix for a bug that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-005. (Versions before 0.3.0 are not affected by TROVE-2017-004.)
Changes in version 0.2.6.12 - 2017-06-08
- Major bugfixes (hidden service, relay, security):
- Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
- Minor features (geoip):
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database.
- Minor bugfixes (correctness):
- Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
Tor 0.2.5.14 backports a fix for a bug that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-005. (Versions before 0.3.0 are not affected by TROVE-2017-004.)
Changes in version 0.2.5.14 - 2017-06-08
- Major bugfixes (hidden service, relay, security):
- Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
- Minor features (geoip):
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database.
- Minor bugfixes (correctness):
- Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
Tor 0.2.4.29 backports a fix for a bug that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-005. (Versions before 0.3.0 are not affected by TROVE-2017-004.)
Changes in version 0.2.4.29 - 2017-06-08
- Major bugfixes (hidden service, relay, security):
- Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
- Minor features (geoip):
- Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database.
- Minor bugfixes (correctness):
- Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
Comments
Please note that the comment area below has been archived.
Estou seriamente pensando em…
Estou seriamente pensando em instalar o Tor e experimentá-lo, mas a minha dúvida é ele vem em "Português?"
There is a Portuguese…
There is a Portuguese version of Tor Browser.
You can fetch it from https://decvnxytmk.oedi.net/download/download-easy by changing the 'english' to 'portugues'. Or you can find it in the table on https://decvnxytmk.oedi.net/projects/torbrowser.html.en
I'm afraid it is pt-BR, not pt-PT, so I hope you can understand people from Brazil. :)
The new version of Tor…
The new version of Tor Browser introduce an alarm message when the site is not in https.
Thi is very anoying for hidden services.
The message is very intrusif and make the site suspitious for visitor, using a self signed certificate make the site more supitious for visitors and using a centralised certficate is not an acceptable choice for an hidden service
We are thinking about good…
We are thinking about good solutions to this problem in https://trac.torproject.org/projects/tor/ticket/21321. Please drop by if you have suggestions.
The new update have crashed…
The new update have crashed my Tor 6.5. It`s stopped worked at all.
I am reinstall Tor 7.0, but it not show graphical passwords at file-shiring sites. Now Tor became useless program for me, yet. I hope You will fix these problems.
Thank You!
The graphical passwords (I…
The graphical passwords (I assume you mean things like "Select all the cars"-style puzzles) are provided by Cloudflare. They are working on a fix for this problem. It should be ready next week if all goes well. Not sure how long it will take to get it rolled out globally, though.
Please update your apt…
Please update your apt repository before posting this to public!!
apt-get update yields none!
apt-get update yields none!…
It's apt-get upgrade ;)
Yeah hey guys, what's up…
Yeah hey guys, what's up with the debian repos?
I mean the packages are built and available here so they can be installed manually with wget & dpkg -i. But the repo metadata isn't updated so getting the packages with apt doesn't work.
http://deb.torproject.org/torproject.org/pool/main/t/tor/
But even for the users who can be bothered to do this, this is far from a good idea unless checksums are looked into manually.
The deb repos have failed to announce new packages for months now. If this doesn't improve, the best case scenario is that people tune out of the Tor Project repos and use (hopefully) patched old versions provided with distros. Worst case: there's a critical security issue that doesn't get fixed because apt upgrade doesn't do anything ven though people use the Tor repos -> false sense of security.
TBB just updated itself…
TBB just updated itself...
Prior to the update, Cloudflare almost never reared it's ugly head.
Now, every site that uses Cloudflare, generates that BS "Attention Required!" "Please complete the security check to access"
Doesn't matter how many times you change the circuit.
What changed? More importantly, is there a TBB config to fix this?
Apparently Cloudflare had…
Apparently Cloudflare had done some hack on their side to handle Tor Browser better (i.e. trigger fewer false positives), but they haven't updated it for Tor Browser 7.0. We hear they're in the process of updating it. Soon I hope!
Thank you for update. Only…
Thank you for update. Only thing not working correctly is it has scrambled my bookmarks by adding twice instead of on a separate bar.
Re screen size. For the…
Re screen size. For the first time in years this version is expanding to 90% of my screen size. Is this OK in view of past comments on the screen size issues?
Depends. What results do you…
Depends. What results do you get when using a test on the Internet like https://browserleaks.com/javascript? (If your dimensions are a multiple of 200 (for width) and a multiple of 100 (for height) then this should be good.)
using linux browserleaks…
using linux browserleaks gave
Screen Resolution 1000×400 24-bit TrueColor (working area: 985×400)
width 1000
height 400
availWidth 1000
availHeight 400
colorDepth 24
pixelDepth 24
top 0
left 0
availTop 0
availLeft 0
mozOrientation landscape-primary
orientation.type landscape-primary
orientation.angle 0
window.innerWidth 1000
window.innerHeight 400
div.clientWidth 985
div.clientHeight 400
Thanks, I just used that…
Thanks, I just used that link and as I have javascript disabled it gave no screen size. I was just concerned as there was a lot of talk in the recent past about the restricted window size and how it was essential not to change it.
about:preferences#advanced…
about:preferences#advanced and in the Data Choices tab, there are no
boxes or anything here like there usually is, it's just blank! Is this the new
normal? - - TBB 7.0, Linux 64-bit
That's the page where one…
That's the page where one can send Mozilla performance data, telemetry data, and crash reports which we don't want. I guess we might just want to hide this pane if it is left blank anyway. I've opened https://trac.torproject.org/projects/tor/ticket/22574, thanks!
Great, I can't connect to…
Great, I can't connect to rarbg.to and can't add an exception, yet this is the only reason I used Tor. Lame.
Works for me on my Linux box…
Works for me on my Linux box with a 64bit 7.0.1 release candidate. What error do you get?
hi, i need help with tor i…
hi, i need help with tor i cant enter its stay in loadin network status
Every time i hit an onion…
Every time i hit an onion site the security icon top right is saying the site is not secure with a line through the red icon. Tried several sites and all the same. Running win xp v 3.
I have security setting at maximum and javascript disabled.
Yes, see: https://trac…
Yes, see: https://trac.torproject.org/projects/tor/ticket/21321. This is a new Firefox feature. We think about how we should deal with it in Tor Browser right now.
Hi. I using tor browser…
Hi. I using tor browser version from 2013. is it still safe?
No, you should upgrade to…
No, you should upgrade to the latest version as soon as possible.
This version of tor is…
This version of tor is terrible. Now it is not decoding images on tumblr.com. As well other other bugs such as when going to clear the history on the privacy tab as soon as you tick the box for deleting the last two items you loose the 'clear all' button. Also, when going to onion sites it keeps giving you the "insecure connection" icon.
Back to the drawing board developers.
Could you give us an example…
Could you give us an example for the image decoding issue? And regarding the problem on the privacy tab: clearing history is greyed out in a default Tor Browser, how are you trying to clear it?
The latter issue is known and we track it in: https://trac.torproject.org/projects/tor/ticket/21321.
and please don't take my…
and please don't take my comments to mean I don't value the work of tor developers. It just made me annoyed when I found these glitches in a new version.
As to the tumblr images issue, I can't send details because all that happens is the text shows up but not the images. I have gone back to version: torbrowser-install-7.0a2_en-US.exe
And that works OK again with images.
Could you give us a link…
Could you give us a link where images are not working in Tor Browser 7? And this happens with a clean, new Tor Browser 7 as well?
what is the one-liner for…
what is the one-liner for linux to check which version my tor stuff is running on ? thanks in advance
linkshrink no longer works…
linkshrink no longer works.It appears to be blocked or something.The continue on link in the top right corner, no longer appears.And an "anonymous proxy detected" message appears.
Debian 8 amd64, apt-get…
Debian 8 amd64 with apt-get update thru hidden service on Tor Network gave me this warning:
W: GPG error: tor+http://sdscoq7snqtznauu.onion jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKE Y 74A941BA219EC810
I dug around and found this solution: # apt-key adv --recv-keys --keyserver keys.gnupg.net 74A941BA219EC810
Then, later, crashed into this error with the keys.gnupg.net server:
?: keys.gnupg.net: Host not found
gpgkeys: HTTP fetch error 7: couldn't connect to host
gpg: no valid OpenPGP data found.
pg: Total number processed: 0
As far as I know, someone blocked my connection to the key server, so I had to torify the original command to pass the obstacle:
# torify apt-key adv --recv-keys --keyserver keys.gnupg.net 74A941BA219EC810
My comment is: perhaps, tor can do something so that other people will not crash into these issues any more?! Like, somehow, make the key to be retrieved right from the command # apt-get update??
Is it safe to often issue…
Is it safe to often issue Tor command GETINFO/ns/id/${FINGERPRINT} for all IPs in my circuits? I cannot find more simple way to learn IP for particular FINGERPRINT. I hope, only local Tor DB is queried when this command is issued, so info is not leaked.
How can I map IP to country in my script? I use geoiplookup from geoip-bin package, but I'ld like to use tor-geoipdb instead. Is there any tools/commands for ControlPort to find country for any Tor node IP? I mean, some simple commands which I could add to my shell script and not solutions like tor-arm.
I have become curious when…
I am curious about youtube which started to show me that my location is UA (Ukraine). It started to happen disproportionally often (capacity of UA exit nodes is small in comparison to whole bandwidth of exit nodes).
I decided to investigate my circuits. I had the idea that either youtube is broken or exit nodes redirect all traffic through UA servers. Finally, I found that, e.g., the following 3 exit nodes are detected as UA nodes by youtube, you can check it:
176.126.252.12 379fb450010d17078b3766c2273303c358c3a442
216.218.222.12 09fa8b4f665ad65d2c2a49870f1aa3ba8811e449
185.170.41.8 29c92c854e0f6652a77f3a8b231d6932993969e8
Actually, according to many GeoIP services, none of these exits is in UA zone. To check it you can write it as ExitNode and check the circuits with GETINFO circuit-status. What's wrong with youtube? OK, there is still small probablity that these nodes redirect only youtube exit traffic through UA servers, but I found it less probable.
Interesting question!…
Interesting question!
I have posted a theory to tor-talk:
https://lists.torproject.org/pipermail/tor-talk/2017-June/043269.html
Thank you, Roger!…
Thank you, Roger!
P.S. I've also replied to your question concerning mail.ru: https://trac.torproject.org/projects/tor/ticket/22369#comment:14
Hi all, …
Hi all,
Help! ever since i downloaded the update for TOR yesterday from my PC it has stopped working. I click 'start browser' to launch the app and nothing happens. Would be much appreciated if some one could help me find a solution to this problem.
Which operating system are…
Which operating system are you on? Assuming Windows, try uninstalling your firewall/antivirus software. It is often preventing Tor Browser from starting once a new major tor version is coming out. Disabling it might not be enough.
I'm using Windows 7 pro sp1…
I'm using Windows 7 pro sp1. I have neither a firewall or anti-virus. I downloaded an older browser and it worked but it stopped working again once I downloaded the latest version.
Do you get any error…
Do you get any error messages or any crash reports? Does it start working if you install Tor Browser to a different location?
I get no error messages or…
I get no error messages or any crash reports. When it was previously working the files were stored on my desktop. I've tried to save them to program files but my PC doesn't allow me to add the files to that location.
Does it work if you install…
Does it work if you install a clean Tor Browser 7.0.1 to a different location on your Desktop? If not could you change to the Browser directory where the firefox.exe is on the command line and start Tor Browser with
firefox.exe -console
and report back if you get any output. Sorry, if that's hard for you but we don't have ways to reproduce your problem and getting output so early in the start process is not easy. There are some guides on how one changes directories if you are not familiar with, e.g. https://www.lifewire.com/how-to-open-command-prompt-2618089 and http://www.digitalcitizen.life/command-prompt-how-use-basic-commands. Thanks for your help.Hi,…
Hi,
I have tried Tor Portable 0.3.0.8 with SSTap 1.0.6.7 and I have created on this one a new proxy profile with:
- Socks5
- Server IP = 127.0.0.1 (localhost)
- Port: 9050
but Tor (during connection) gives an error:
[warn] socks5: command 3 not recognized. Rejecting.
Tor works equally.
why this error?
There is no "Tor Portable"…
There is no "Tor Portable" that is officially created and supported by the Tor Project. Could you explain where you got "Tor Portable"?