New Releases: Tor 0.3.5.7, 0.3.4.10, and 0.3.3.11

by nickm | January 8, 2019

Tor 0.3.5.7 is the first stable release in its series; it includes compilation and portability fixes, and a fix for a severe problem affecting directory caches. Tor 0.3.4.10 and 0.3.3.11 are also released today; please see the official announcements for those releases if you are tracking older stable versions.

The Tor 0.3.5 series includes several new features and performance improvements, including client authorization for v3 onion services, cleanups to bootstrap reporting, support for improved bandwidth- measurement tools, experimental support for NSS in place of OpenSSL, and much more. It also begins a full reorganization of Tor's code layout, for improved modularity and maintainability in the future. Finally, there is the usual set of performance improvements and bugfixes that we try to do in every release series.

There are a couple of changes in the 0.3.5 that may affect compatibility. First, the default version for newly created onion services is now v3. Use the HiddenServiceVersion option if you want to override this. Second, some log messages related to bootstrapping have changed; if you use stem, you may need to update to the latest version so it will recognize them.

We have designated 0.3.5 as a "long-term support" (LTS) series: we will continue to patch major bugs in typical configurations of 0.3.5 until at least 1 Feb 2022. (We do not plan to provide long-term support for embedding, Rust support, NSS support, running a directory authority, or unsupported platforms. For these, you will need to stick with the latest stable release.)

Below are the changes since 0.3.5.6-rc. For a complete list of changes since 0.3.4.9, see the ReleaseNotes file.

Changes in version 0.3.5.7 - 2019-01-07

  • Major bugfixes (relay, directory):
    • Always reactivate linked connections in the main loop so long as any linked connection has been active. Previously, connections serving directory information wouldn't get reactivated after the first chunk of data was sent (usually 32KB), which would prevent clients from bootstrapping. Fixes bug 28912; bugfix on 0.3.4.1-alpha. Patch by "cypherpunks3".
  • Minor features (compilation):
    • When possible, place our warning flags in a separate file, to avoid flooding verbose build logs. Closes ticket 28924.

 

  • Minor features (geoip):
    • Update geoip and geoip6 to the January 3 2019 Maxmind GeoLite2 Country database. Closes ticket 29012.
  • Minor features (OpenSSL bug workaround):
    • Work around a bug in OpenSSL 1.1.1a, which prevented the TLS 1.3 key export function from handling long labels. When this bug is detected, Tor will disable TLS 1.3. We recommend upgrading to a version of OpenSSL without this bug when it becomes available. Closes ticket 28973.
  • Minor features (performance):
    • Remove about 96% of the work from the function that we run at startup to test our curve25519_basepoint implementation. Since this function has yet to find an actual failure, we now only run it for 8 iterations instead of 200. Based on our profile information, this change should save around 8% of our startup time on typical desktops, and may have a similar effect on other platforms. Closes ticket 28838.
    • Stop re-validating our hardcoded Diffie-Hellman parameters on every startup. Doing this wasted time and cycles, especially on low-powered devices. Closes ticket 28851.
  • Minor bugfixes (compilation):
    • Fix compilation for Android by adding a missing header to freespace.c. Fixes bug 28974; bugfix on 0.3.5.1-alpha.
  • Minor bugfixes (correctness):
    • Fix an unreached code path where we checked the value of "hostname" inside send_resolved_hostname_cell(). Previously, we used it before checking it; now we check it first. Fixes bug 28879; bugfix on 0.1.2.7-alpha.
  • Minor bugfixes (testing):
    • Make sure that test_rebind.py actually obeys its timeout, even when it receives a large number of log messages. Fixes bug 28883; bugfix on 0.3.5.4-alpha.
    • Stop running stem's unit tests as part of "make test-stem", but continue to run stem's unit and online tests during "make test- stem-full". Fixes bug 28568; bugfix on 0.2.6.3-alpha.
  • Minor bugfixes (windows services):
    • Make Tor start correctly as an NT service again: previously it was broken by refactoring. Fixes bug 28612; bugfix on 0.3.5.3-alpha.
  • Code simplification and refactoring:
    • When parsing a port configuration, make it more obvious to static analyzer tools that we always initialize the address. Closes ticket 28881.

Comments

Please note that the comment area below has been archived.

Anonymous (not verified) said:

January 07, 2019

Permalink

First, the default version for newly created onion services is now v3.

Now we can call v3 onion services stable and worth deploying! Congratulations!

John (not verified) said:

January 09, 2019

Permalink

It would be nice to include a GUI (Graphical User Interface) in the Windows version (0.3.5.x), since us (Windows Users) like graphical everything possible (otherwise we would be using other OS's).

Should be easy to configure all in the same graphical Window for example or easy menus, and have options to download updates/ upgrades automatically (on by default) and/ or manually.

Everything should include deep explanations with pictures so that users understand exactly what is/ will happen.

Should include tools to check if Ports are correctly open.

Should include tool to check if Windows Time is correct and offer to correct right there, and maybe allow user to have it update it every day or so (should work even in special Internet connections like satellite where NTP normally is blocked).

If possible should show visually how much bandwidth it used, how was the traffic over time, so that users understand it better.

Users like things to detect has much parameters as possible, so make sure the GUI does as much detection as possible to make it easy, but allow expert mode to set/ correct parameters.

These should allow user to use it more... to host Onion web sites (with the appropriated web server software), to create Onion Bridges, to create Onion Relays, or to create Onion Exit's.

Since there are a ton of Windows users out there I think these will help make them use it more.
Should also be included with TorBrowser bundle to make them test and maybe use it.

So all of these to make onion network grow.