Tor 0.3.0.9 is released (with security update for clients)
Source code for a new Tor release (0.3.0.9) is now available on the website.
Tor 0.3.0.9 fixes a path selection bug that would allow a client to use a guard that was in the same network family as a chosen exit relay. This is a security regression; all clients running earlier versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or 0.3.1.4-alpha when packages become available. Packages should be available soon, along with a Tor Browser release early next week.
One last reminder: Tor 0.2.4, 0.2.6, and 0.2.7 will no longer be supported after 1 August of this year. Tor 0.2.8 will not be supported after 1 Jan of 2018. Tor 0.2.5 will not be supported after 1 May of 2018. If you need a release with long-term support, 0.2.9 is
what we recommend: we plan to support it until at least 1 Jan 2020.
This release also backports several other bugfixes from the 0.3.1.x series.
Changes in version 0.3.0.9 - 2017-06-29
- Major bugfixes (path selection, security, backport from 0.3.1.4-alpha):
- When choosing which guard to use for a circuit, avoid the exit's family along with the exit itself. Previously, the new guard selection logic avoided the exit, but did not consider its family. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2016- 006 and CVE-2017-0377.
- Major bugfixes (entry guards, backport from 0.3.1.1-alpha):
- Major bugfixes (entry guards, backport from 0.3.1.4-alpha):
- When starting with an old consensus, do not add new entry guards unless the consensus is "reasonably live" (under 1 day old). Fixes one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
- Minor features (geoip):
- Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2 Country database.
- Minor bugfixes (voting consistency, backport from 0.3.1.1-alpha):
- Reject version numbers with non-numeric prefixes (such as +, -, or whitespace). Disallowing whitespace prevents differential version parsing between POSIX-based and Windows platforms. Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1.
- Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.4-alpha):
- Permit the fchmod system call, to avoid crashing on startup when starting with the seccomp2 sandbox and an unexpected set of permissions on the data directory or its contents. Fixes bug 22516; bugfix on 0.2.5.4-alpha.
- Minor bugfixes (defensive programming, backport from 0.3.1.4-alpha):
- Fix a memset() off the end of an array when packing cells. This bug should be harmless in practice, since the corrupted bytes are still in the same structure, and are always padding bytes, ignored, or immediately overwritten, depending on compiler behavior. Nevertheless, because the memset()'s purpose is to make sure that any other cell-handling bugs can't expose bytes to the network, we need to fix it. Fixes bug 22737; bugfix on 0.2.4.11-alpha. Fixes CID 1401591.