Tor 0.2.9.7-rc is released: almost stable!

by nickm | December 12, 2016

There's a new development release of Tor!
Tor 0.2.9.7-rc fixes a few small bugs remaining in Tor 0.2.9.6-rc, including a few that had prevented tests from passing on some platforms.
The source code for this release is now available from the download page on our website. Packages should be available soon. I expect that this Tor release will probably go into the hardened TorBrowser package series coming out in the next couple of days. (I hear that 0.2.9.6-rc will be in the regular TorBrowser alphas, since those froze a little before I finished this Tor release.)
We're rapidly running out of serious bugs to fix in 0.2.9.x, so this is probably the last release candidate before stable ... unless you find bugs while testing! Please try these releases, and let us know if anything breaks. Testing either 0.2.9.6-rc or 0.2.9.7-rc would be helpful.

Changes in version 0.2.9.7-rc - 2016-12-12

  • Minor features (geoip):
    • Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 Country database.
  • Minor bugfix (build):
    • The current Git revision when building from a local repository is now detected correctly when using git worktrees. Fixes bug 20492; bugfix on 0.2.3.9-alpha.

 

  • Minor bugfixes (directory authority):
    • When computing old Tor protocol line version in protover, we were looking at 0.2.7.5 twice instead of a specific case for 0.2.9.1-alpha. Fixes bug 20810; bugfix on tor-0.2.9.4-alpha.
  • Minor bugfixes (download scheduling):
    • Resolve a "bug" warning when considering a download schedule whose delay had approached INT_MAX. Fixes 20875; bugfix on 0.2.9.5-alpha.
  • Minor bugfixes (logging):
    • Downgrade a harmless log message about the pending_entry_connections list from "warn" to "info". Mitigates bug 19926.
  • Minor bugfixes (memory leak):
    • Fix a small memory leak when receiving AF_UNIX connections on a SocksPort. Fixes bug 20716; bugfix on 0.2.6.3-alpha.
    • When moving a signed descriptor object from a source to an existing destination, free the allocated memory inside that destination object. Fixes bug 20715; bugfix on tor-0.2.8.3-alpha.
  • Minor bugfixes (memory leak, use-after-free, linux seccomp2 sandbox):
    • Fix a memory leak and use-after-free error when removing entries from the sandbox's getaddrinfo() cache. Fixes bug 20710; bugfix on 0.2.5.5-alpha. Patch from "cypherpunks".
  • Minor bugfixes (portability):
    • Use the correct spelling of MAC_OS_X_VERSION_10_12 on configure.ac Fixes bug 20935; bugfix on 0.2.9.6-rc.
  • Minor bugfixes (unit tests):
    • Stop expecting NetBSD unit tests to report success for ipfw. Part of a fix for bug 19960; bugfix on 0.2.9.5-alpha.
    • Fix tolerances in unit tests for monotonic time comparisons between nanoseconds and microseconds. Previously, we accepted a 10 us difference only, which is not realistic on every platform's clock_gettime(). Fixes bug 19974; bugfix on 0.2.9.1-alpha.
    • Remove a double-free in the single onion service unit test. Stop ignoring a return value. Make future changes less error-prone. Fixes bug 20864; bugfix on 0.2.9.6-rc.

Comments

Please note that the comment area below has been archived.

December 12, 2016

Permalink

When we are going to have an official Tor browser for Ios? And until then what is the best option available right now for free(the most secure and trustfull). i just want to use tor for normal browsing(Im not interested in onion sites and bad things) i just want a secure and private browsing experience. In 2015 i heard about project Icepa...an official tor browser that is also a vpn but we are in 2016 and it not released yet. When is going to be available? If i use tor just for normal browsing it is possible to get hacked or get viruses ?To finish everything i want to add that i think what you are doing is very good for the human rights of privacy and it sad that some people use this rights for doing bad things. Sorry if i miss spelled something , im not very good at english

December 12, 2016

Permalink

What's the summary of what is new and exciting in 0.2.9.x? There is the secure random number generation ability, right?

We'll be doing new blog posts on that as we put out a stable release. For now, I'm most impressed with the shared-random stuff; with the hidden service (and non-hidden service) performance improvements; with improved support for other implementations of the tor protocols; and with all our various performace and security improvements.

You can see a draft summary over here, but it needs more editing to put the important stuff first.

December 13, 2016

Permalink

could you check if Turkey started blocking connections to Tor? since yesterday i am only able to use Tor with bridges. the error message is "* connections died in state handshaking (TLS) with SSL state SSLv2/v3 read server hello A in HANDSHAKE"

December 13, 2016

Permalink

Hi,

Are the official downloads time-stamped correctly?
I have just had to rebuild a system, so was re-loading the Tor Browser and noticed the 01Jan 2000 time-stamp. Is that correct? Is this an anonymity thing?

December 13, 2016

Permalink

Tor Messenger will have option to run himself as server for XMPP?

Will there be a Tor IRC Client too?

What about a Tor hidden service bitcoin miner?

That depends on what people find when they're testing the alpha torbrowser releases that just came out! Unless there are new major bugs discovered, I'd expect to put out 0.2.9 stable some time towards the end of next week. (No promises though)

December 14, 2016

Permalink

Is exit node IP ever planned to be hidden from public?

If website know you is use Tor and ISP.. is not really privacy.