Tor 0.3.0.8 is released, with a fix for hidden services! (Also As are 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, and 0.2.9.11)

by nickm | June 8, 2017

Hello!
Source code for a new Tor release (0.3.0.8) is now available on the
website. Among other things, it fixes two issues in earlier versions
of the hidden service code that would allow an attacker to cause a
hidden service to exit with an assertion failure.

If you're running a hidden service, you should upgrade to this
release, or one of the other versions released today.  Source is
available on the website now; packages should be available over the
next several days.

Concurrently with 0.3.0.8, the following versions are also now
available: 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, and
0.2.9.11.  You can find them all at https://dist.torproject.org/

One last reminder: Tor 0.2.4, 0.2.6, and 0.2.7 will no longer be
supported after 1 August of this year.  Tor 0.2.8 will not be
supported after 1 Jan of 2018.  Tor 0.2.5 will not be supported after
1 May of 2018.  If you need a release with long-term support, 0.2.9 is
what we recommend: we plan to support it until at least 1 Jan 2020.

Below are the changelogs for the new stable releases:


Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-004 and TROVE-2017-005.

Tor 0.3.0.8 also includes fixes for several key management bugs that sometimes made relays unreliable, as well as several other bugfixes described below.

Changes in version 0.3.0.8 - 2017-06-08

  • Major bugfixes (hidden service, relay, security, backport from 0.3.1.3-alpha):
    • Fix a remotely triggerable assertion failure when a hidden service handles a malformed BEGIN cell. Fixes bug 22493, tracked as TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
    • Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
  • Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
    • When performing the v3 link handshake on a TLS connection, report that we have the x509 certificate that we actually used on that connection, even if we have changed certificates since that connection was first opened. Previously, we would claim to have used our most recent x509 link certificate, which would sometimes make the link handshake fail. Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha.
  • Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
    • Regenerate link and authentication certificates whenever the key that signs them changes; also, regenerate link certificates whenever the signed key changes. Previously, these processes were only weakly coupled, and we relays could (for minutes to hours) wind up with an inconsistent set of keys and certificates, which other relays would not accept. Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
    • When sending an Ed25519 signing->link certificate in a CERTS cell, send the certificate that matches the x509 certificate that we used on the TLS connection. Previously, there was a race condition if the TLS context rotated after we began the TLS handshake but before we sent the CERTS cell. Fixes a case of bug 22460; bugfix on 0.3.0.1-alpha.
  • Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
    • Stop rejecting v3 hidden service descriptors because their size did not match an old padding rule. Fixes bug 22447; bugfix on tor-0.3.0.1-alpha.
  • Minor features (fallback directory list, backport from 0.3.1.3-alpha):
    • Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in December 2016 (of which ~126 were still functional) with a list of 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May 2017. Resolves ticket 21564.
  • Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
    • Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes bug 22252; bugfix on 0.2.9.3-alpha.
  • Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
    • Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
  • Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
    • Lower the lifetime of the RSA->Ed25519 cross-certificate to six months, and regenerate it when it is within one month of expiring. Previously, we had generated this certificate at startup with a ten-year lifetime, but that could lead to weird behavior when Tor was started with a grossly inaccurate clock. Mitigates bug 22466; mitigation on 0.3.0.1-alpha.
  • Minor bugfixes (memory leak, directory authority, backport from 0.3.1.2-alpha):
    • When directory authorities reject a router descriptor due to keypinning, free the router descriptor rather than leaking the memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.

Tor 0.2.9.11 backports a fix for a bug that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-005. (Versions before 0.3.0 are not affected by TROVE-2017-004.)

Tor 0.2.9.11 also backports fixes for several key management bugs that sometimes made relays unreliable, as well as several other bugfixes described below.from 0.3.1.2-alpha):

Changes in version 0.2.9.11 - 2017-06-08

  • Major bugfixes (hidden service, relay, security, backport from 0.3.1.3-alpha):
    • Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
  • Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
    • When performing the v3 link handshake on a TLS connection, report that we have the x509 certificate that we actually used on that connection, even if we have changed certificates since that connection was first opened. Previously, we would claim to have used our most recent x509 link certificate, which would sometimes make the link handshake fail. Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha.
  • Minor features (fallback directory list, backport from 0.3.1.3-alpha):
    • Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in December 2016 (of which ~126 were still functional) with a list of 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May 2017. Resolves ticket 21564.
  • Minor features (future-proofing, backport from 0.3.0.7):
    • Tor no longer refuses to download microdescriptors or descriptors if they are listed as "published in the future". This change will eventually allow us to stop listing meaningful "published" dates in microdescriptor consensuses, and thereby allow us to reduce the resources required to download consensus diffs by over 50%. Implements part of ticket 21642; implements part of proposal 275.
  • Minor features (directory authorities, backport from 0.3.0.4-rc):
    • Directory authorities now reject relays running versions 0.2.9.1-alpha through 0.2.9.4-alpha, because those relays suffer from bug 20499 and don't keep their consensus cache up-to-date. Resolves ticket 20509.
  • Minor features (geoip):
    • Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database.
  • Minor bugfixes (control port, backport from 0.3.0.6):
    • The GETINFO extra-info/digest/<digest> command was broken because of a wrong base16 decode return value check, introduced when refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
    • Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
  • Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.0.7):
    • The getpid() system call is now permitted under the Linux seccomp2 sandbox, to avoid crashing with versions of OpenSSL (and other libraries) that attempt to learn the process's PID by using the syscall rather than the VDSO code. Fixes bug 21943; bugfix on 0.2.5.1-alpha.
  • Minor bugfixes (memory leak, directory authority, backport:
    • When directory authorities reject a router descriptor due to keypinning, free the router descriptor rather than leaking the memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.

Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-005. (Versions before 0.3.0 are not affected by TROVE-2017-004.)

Changes in version 0.2.8.14 - 2017-06-08

  • Major bugfixes (hidden service, relay, security):
    • Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
  • Minor features (geoip):
    • Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database.
  • Minor features (fallback directory list, backport from 0.3.1.3-alpha):
    • Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in December 2016 (of which ~126 were still functional) with a list of 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May 2017. Resolves ticket 21564.
  • Minor bugfixes (correctness):
    • Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-005. (Versions before 0.3.0 are not affected by TROVE-2017-004.)

Changes in version 0.2.7.8 - 2017-06-08

  • Major bugfixes (hidden service, relay, security):
    • Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
  • Minor features (geoip):
    • Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database.
  • Minor bugfixes (correctness):
    • Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

Tor 0.2.6.12 backports a fix for a bug that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-005. (Versions before 0.3.0 are not affected by TROVE-2017-004.)

Changes in version 0.2.6.12 - 2017-06-08

  • Major bugfixes (hidden service, relay, security):
    • Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
  • Minor features (geoip):
    • Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database.
  • Minor bugfixes (correctness):
    • Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

Tor 0.2.5.14 backports a fix for a bug that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-005. (Versions before 0.3.0 are not affected by TROVE-2017-004.)

Changes in version 0.2.5.14 - 2017-06-08

  • Major bugfixes (hidden service, relay, security):
    • Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
  • Minor features (geoip):
    • Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database.
  • Minor bugfixes (correctness):
    • Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

Tor 0.2.4.29 backports a fix for a bug that would allow an attacker to remotely crash a hidden service with an assertion failure. Anyone running a hidden service should upgrade to this version, or to some other version with fixes for TROVE-2017-005. (Versions before 0.3.0 are not affected by TROVE-2017-004.)

Changes in version 0.2.4.29 - 2017-06-08

  • Major bugfixes (hidden service, relay, security):
    • Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
  • Minor features (geoip):
    • Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 Country database.
  • Minor bugfixes (correctness):
    • Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

Comments

Please note that the comment area below has been archived.

June 08, 2017

Permalink

Estou seriamente pensando em instalar o Tor e experimentá-lo, mas a minha dúvida é ele vem em "Português?"

June 09, 2017

Permalink

The new version of Tor Browser introduce an alarm message when the site is not in https.
Thi is very anoying for hidden services.
The message is very intrusif and make the site suspitious for visitor, using a self signed certificate make the site more supitious for visitors and using a centralised certficate is not an acceptable choice for an hidden service

June 09, 2017

Permalink

The new update have crashed my Tor 6.5. It`s stopped worked at all.
I am reinstall Tor 7.0, but it not show graphical passwords at file-shiring sites. Now Tor became useless program for me, yet. I hope You will fix these problems.
Thank You!

The graphical passwords (I assume you mean things like "Select all the cars"-style puzzles) are provided by Cloudflare. They are working on a fix for this problem. It should be ready next week if all goes well. Not sure how long it will take to get it rolled out globally, though.

June 09, 2017

Permalink

Please update your apt repository before posting this to public!!

apt-get update yields none!

Yeah hey guys, what's up with the debian repos?

I mean the packages are built and available here so they can be installed manually with wget & dpkg -i. But the repo metadata isn't updated so getting the packages with apt doesn't work.

http://deb.torproject.org/torproject.org/pool/main/t/tor/

But even for the users who can be bothered to do this, this is far from a good idea unless checksums are looked into manually.

The deb repos have failed to announce new packages for months now. If this doesn't improve, the best case scenario is that people tune out of the Tor Project repos and use (hopefully) patched old versions provided with distros. Worst case: there's a critical security issue that doesn't get fixed because apt upgrade doesn't do anything ven though people use the Tor repos -> false sense of security.

June 09, 2017

Permalink

TBB just updated itself...

Prior to the update, Cloudflare almost never reared it's ugly head.

Now, every site that uses Cloudflare, generates that BS "Attention Required!" "Please complete the security check to access"

Doesn't matter how many times you change the circuit.

What changed? More importantly, is there a TBB config to fix this?

Apparently Cloudflare had done some hack on their side to handle Tor Browser better (i.e. trigger fewer false positives), but they haven't updated it for Tor Browser 7.0. We hear they're in the process of updating it. Soon I hope!

June 09, 2017

Permalink

Thank you for update. Only thing not working correctly is it has scrambled my bookmarks by adding twice instead of on a separate bar.

June 09, 2017

Permalink

Re screen size. For the first time in years this version is expanding to 90% of my screen size. Is this OK in view of past comments on the screen size issues?

June 09, 2017

In reply to gk

Permalink

using linux browserleaks gave

Screen Resolution 1000×400 24-bit TrueColor (working area: 985×400)
width 1000
height 400
availWidth 1000
availHeight 400
colorDepth 24
pixelDepth 24
top 0
left 0
availTop 0
availLeft 0
mozOrientation landscape-primary
orientation.type landscape-primary
orientation.angle 0
window.innerWidth 1000
window.innerHeight 400
div.clientWidth 985
div.clientHeight 400

June 10, 2017

In reply to gk

Permalink

Thanks, I just used that link and as I have javascript disabled it gave no screen size. I was just concerned as there was a lot of talk in the recent past about the restricted window size and how it was essential not to change it.

June 10, 2017

Permalink

about:preferences#advanced and in the Data Choices tab, there are no
boxes or anything here like there usually is, it's just blank! Is this the new
normal? - - TBB 7.0, Linux 64-bit

June 10, 2017

Permalink

Great, I can't connect to rarbg.to and can't add an exception, yet this is the only reason I used Tor. Lame.

June 10, 2017

Permalink

Every time i hit an onion site the security icon top right is saying the site is not secure with a line through the red icon. Tried several sites and all the same. Running win xp v 3.
I have security setting at maximum and javascript disabled.

June 11, 2017

Permalink

This version of tor is terrible. Now it is not decoding images on tumblr.com. As well other other bugs such as when going to clear the history on the privacy tab as soon as you tick the box for deleting the last two items you loose the 'clear all' button. Also, when going to onion sites it keeps giving you the "insecure connection" icon.
Back to the drawing board developers.

June 12, 2017

In reply to gk

Permalink

and please don't take my comments to mean I don't value the work of tor developers. It just made me annoyed when I found these glitches in a new version.

As to the tumblr images issue, I can't send details because all that happens is the text shows up but not the images. I have gone back to version: torbrowser-install-7.0a2_en-US.exe
And that works OK again with images.

June 12, 2017

Permalink

what is the one-liner for linux to check which version my tor stuff is running on ? thanks in advance

June 12, 2017

Permalink

linkshrink no longer works.It appears to be blocked or something.The continue on link in the top right corner, no longer appears.And an "anonymous proxy detected" message appears.

June 13, 2017

Permalink

Debian 8 amd64 with apt-get update thru hidden service on Tor Network gave me this warning:

W: GPG error: tor+http://sdscoq7snqtznauu.onion jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKE Y 74A941BA219EC810

I dug around and found this solution: # apt-key adv --recv-keys --keyserver keys.gnupg.net 74A941BA219EC810

Then, later, crashed into this error with the keys.gnupg.net server:

?: keys.gnupg.net: Host not found
gpgkeys: HTTP fetch error 7: couldn't connect to host
gpg: no valid OpenPGP data found.
pg: Total number processed: 0

As far as I know, someone blocked my connection to the key server, so I had to torify the original command to pass the obstacle:

# torify apt-key adv --recv-keys --keyserver keys.gnupg.net 74A941BA219EC810

My comment is: perhaps, tor can do something so that other people will not crash into these issues any more?! Like, somehow, make the key to be retrieved right from the command # apt-get update??

June 13, 2017

Permalink

Is it safe to often issue Tor command GETINFO/ns/id/${FINGERPRINT} for all IPs in my circuits? I cannot find more simple way to learn IP for particular FINGERPRINT. I hope, only local Tor DB is queried when this command is issued, so info is not leaked.

How can I map IP to country in my script? I use geoiplookup from geoip-bin package, but I'ld like to use tor-geoipdb instead. Is there any tools/commands for ControlPort to find country for any Tor node IP? I mean, some simple commands which I could add to my shell script and not solutions like tor-arm.

June 16, 2017

Permalink

I am curious about youtube which started to show me that my location is UA (Ukraine). It started to happen disproportionally often (capacity of UA exit nodes is small in comparison to whole bandwidth of exit nodes).

I decided to investigate my circuits. I had the idea that either youtube is broken or exit nodes redirect all traffic through UA servers. Finally, I found that, e.g., the following 3 exit nodes are detected as UA nodes by youtube, you can check it:

176.126.252.12 379fb450010d17078b3766c2273303c358c3a442
216.218.222.12 09fa8b4f665ad65d2c2a49870f1aa3ba8811e449
185.170.41.8 29c92c854e0f6652a77f3a8b231d6932993969e8

Actually, according to many GeoIP services, none of these exits is in UA zone. To check it you can write it as ExitNode and check the circuits with GETINFO circuit-status. What's wrong with youtube? OK, there is still small probablity that these nodes redirect only youtube exit traffic through UA servers, but I found it less probable.

June 17, 2017

Permalink

Hi all,

Help! ever since i downloaded the update for TOR yesterday from my PC it has stopped working. I click 'start browser' to launch the app and nothing happens. Would be much appreciated if some one could help me find a solution to this problem.

Which operating system are you on? Assuming Windows, try uninstalling your firewall/antivirus software. It is often preventing Tor Browser from starting once a new major tor version is coming out. Disabling it might not be enough.

June 19, 2017

In reply to gk

Permalink

I'm using Windows 7 pro sp1. I have neither a firewall or anti-virus. I downloaded an older browser and it worked but it stopped working again once I downloaded the latest version.

June 21, 2017

In reply to gk

Permalink

I get no error messages or any crash reports. When it was previously working the files were stored on my desktop. I've tried to save them to program files but my PC doesn't allow me to add the files to that location.

Does it work if you install a clean Tor Browser 7.0.1 to a different location on your Desktop? If not could you change to the Browser directory where the firefox.exe is on the command line and start Tor Browser with firefox.exe -console and report back if you get any output. Sorry, if that's hard for you but we don't have ways to reproduce your problem and getting output so early in the start process is not easy. There are some guides on how one changes directories if you are not familiar with, e.g. https://www.lifewire.com/how-to-open-command-prompt-2618089 and http://www.digitalcitizen.life/command-prompt-how-use-basic-commands. Thanks for your help.

June 22, 2017

Permalink

Hi,
I have tried Tor Portable 0.3.0.8 with SSTap 1.0.6.7 and I have created on this one a new proxy profile with:
- Socks5
- Server IP = 127.0.0.1 (localhost)
- Port: 9050
but Tor (during connection) gives an error:
[warn] socks5: command 3 not recognized. Rejecting.
Tor works equally.
why this error?

pastly

June 22, 2017

In reply to by sherpa (not verified)

Permalink

There is no "Tor Portable" that is officially created and supported by the Tor Project. Could you explain where you got "Tor Portable"?