Tor 0.3.3.7 is released!

by nickm | June 12, 2018

Hello, everyone!

We have a new stable release today. If you build Tor from source, you can
download the source code for 0.3.3.7 on the website.  Packages
should be available within the next several weeks, with a new Tor Browser over the next several weeks.

 

Tor 0.3.3.7 backports several changes from the 0.3.4.x series, including fixes for bugs affecting compatibility and stability.

Changes in version 0.3.3.7 - 2018-06-12

  • Directory authority changes:
    • Add an IPv6 address for the "dannenberg" directory authority. Closes ticket 26343.
  • Minor features (geoip):
    • Update geoip and geoip6 to the June 7 2018 Maxmind GeoLite2 Country database. Closes ticket 26351.

 

  • Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha):
    • Work around a change in OpenSSL 1.1.1 where return values that would previously indicate "no password" now indicate an empty password. Without this workaround, Tor instances running with OpenSSL 1.1.1 would accept descriptors that other Tor instances would reject. Fixes bug 26116; bugfix on 0.2.5.16.
  • Minor bugfixes (compilation, backport from 0.3.4.2-alpha):
    • Silence unused-const-variable warnings in zstd.h with some GCC versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha.
  • Minor bugfixes (controller, backport from 0.3.4.2-alpha):
    • Improve accuracy of the BUILDTIMEOUT_SET control port event's TIMEOUT_RATE and CLOSE_RATE fields. (We were previously miscounting the total number of circuits for these field values.) Fixes bug 26121; bugfix on 0.3.3.1-alpha.
  • Minor bugfixes (hardening, backport from 0.3.4.2-alpha):
    • Prevent a possible out-of-bounds smartlist read in protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.
  • Minor bugfixes (path selection, backport from 0.3.4.1-alpha):
    • Only select relays when they have the descriptors we prefer to use for them. This change fixes a bug where we could select a relay because it had _some_ descriptor, but reject it later with a nonfatal assertion error because it didn't have the exact one we wanted. Fixes bugs 25691 and 25692; bugfix on 0.3.3.4-alpha.

Comments

Please note that the comment area below has been archived.

Anonymous (not verified) said:

June 12, 2018

Permalink

@nickm

What's up with the PKI certificate for blog,torproject.org? Not owned by Tor Project? "Authenticates" multiple domains including political campaigns, forensicon.com, etc?

TIA for any information you can provide.

I think this is the 3rd time that I read your demand for an explanation about this. Ever heard of shared hosting/ssl certs? If you would have checked the cert you would have seen that it belongs to a wp/drupal hosting provider.

Hosting a f***ing drupal based blog with no sensitive data on it in-house is a waste of manpower/resources when you have a rather small team and as much on your plate as the Tor guys do.

I hope you can find peace at night again now.

Anonymous (not verified) said:

June 12, 2018

Permalink

Can OONI detect blocking of Tor traffic? Everything seems slower and many news sites no longer work with Tor, since the demise of NN. Any ideas?

Anonymous (not verified) said:

June 13, 2018

Permalink

Venezuela is ramping up censorship, there is probably deep packet inspection involved to detect and block Tor. Just a couple of days ago you could still connect directly, but not anymore. It works if you switch to obfs4 bridges...

In recent days they started blocking more news/opinion media sites by using a different method than simple DNS, and at the same time normal Tor operation has been interrupted.

In venezuela only censoring with CANTV and MOVILNET, same chinesse format are the famous firewall called "the great chinesse wall" the venezuelan version called "The Great Guacaipuro Wall" or other diferent name. Go to configure "In my country censorship" then select "Bridge one builded" and select "meek-azure" same format in China.

Anonymous (not verified) said:

June 14, 2018

Permalink

We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us!

CAPTCHA

6 + 2 = Only proves that your moderation is betrayal!

Anonymous (not verified) said:

June 26, 2018

Permalink

Why is Tails 3.8 still using 0.3.2.10-1~d90.stretch+1 and not 0.3.3.7?

Is it safe to update to the current version of Tor within Tails/Synaptic?