Tor 0.2.9.10 backports a security fix for users who build Tor with the --enable-expensive-hardening option. It also includes fixes for some major issues affecting directory authorities, LibreSSL compatibility, and IPv6 correctness. The Tor 0.2.9.x release series is now marked as a long-term-support series. We intend to backport security fixes to 0.2.9.x until at least January of 2020. You can download the source code from https://dist.torproject.org/ but most users should wait for next week's upcoming Tor Browser release, or for their upcoming system package updates.</> Changes in version 0.2.9.10 - 2017-03-01 Major bugfixes (directory authority, 0.3.0.3-alpha): During voting, when marking a relay as a probable sybil, do not clear its BadExit flag: sybils can still be bad in other ways too. (We still clear the other flags.) Fixes bug 21108; bugfix on 0.2.0.13-alpha. Major bugfixes (IPv6 Exits, backport from 0.3.0.3-alpha): Stop rejecting all IPv6 traffic on Exits whose exit policy rejects any IPv6 addresses. Instead, only reject a port over IPv6 if the exit policy rejects that port on more than an IPv6 /16 of addresses. This bug was made worse by 17027 in 0.2.8.1-alpha, which rejected a relay's own IPv6 address by default. Fixes bug 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha. Major bugfixes (parsing, also in 0.3.0.4-rc): Fix an integer underflow bug when comparing malformed Tor versions. This bug could crash Tor when built with --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with -ftrapv by default. In other cases it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix on 0.0.8pre1. Found by OSS-Fuzz. Minor features (directory authorities, also in 0.3.0.4-rc): Directory authorities now reject descriptors that claim to be malformed versions of Tor. Helps prevent exploitation of bug 21278. Reject version numbers with components that exceed INT32_MAX. Otherwise 32-bit and 64-bit platforms would behave inconsistently. Fixes bug 21450; bugfix on 0.0.8pre1. Minor features (geoip): Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 Country database. Minor features (portability, compilation, backport from 0.3.0.3-alpha): Autoconf now checks to determine if OpenSSL structures are opaque, instead of explicitly checking for OpenSSL version numbers. Part of ticket 21359. Support building with recent LibreSSL code that uses opaque structures. Closes ticket 21359. Minor bugfixes (code correctness, also in 0.3.0.4-rc): Repair a couple of (unreachable or harmless) cases of the risky comparison-by-subtraction pattern that caused bug 21278. Minor bugfixes (tor-resolve, backport from 0.3.0.3-alpha): The tor-resolve command line tool now rejects hostnames over 255 characters in length. Previously, it would silently truncate them, which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5. Patch by "junglefowl". Continue reading...
