Tor 0.2.8.10 is released

by nickm | December 2, 2016

There's a new stable version of Tor!

Tor 0.2.8.10 backports a fix for a bug that would sometimes make clients unusable after they left standby mode. It also backports fixes for a few portability issues and a small but problematic memory leak.

You can download the source from the usual place on the website. Packages should be available over the next several days, including a TorBrowser release around December 14. Remember to check the signatures!

Below are the changes since 0.2.8.9.

Changes in version 0.2.8.10 - 2016-12-02

Major bugfixes (client reliability, backport from 0.2.9.5-alpha):
- When Tor leaves standby because of a new application request, open circuits as needed to serve that request. Previously, we would potentially wait a very long time. Fixes part of bug 19969; bugfix on 0.2.8.1-alpha.
Major bugfixes (client performance, backport from 0.2.9.5-alpha):
- Clients now respond to new application stream requests immediately when they arrive, rather than waiting up to one second before starting to handle them. Fixes part of bug 19969; bugfix on 0.2.8.1-alpha.
Minor bugfixes (portability, backport from 0.2.9.6-rc):
- Work around a bug in the OSX 10.12 SDK that would prevent us from successfully targeting earlier versions of OSX. Resolves ticket 20235.
Minor bugfixes (portability, backport from 0.2.9.5-alpha):
- Fix implicit conversion warnings under OpenSSL 1.1. Fixes bug 20551; bugfix on 0.2.1.1-alpha.
Minor bugfixes (relay, backport from 0.2.9.5-alpha):
- Work around a memory leak in OpenSSL 1.1 when encoding public keys. Fixes bug 20553; bugfix on 0.0.2pre8.
Minor features (geoip):
- Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2 Country database.

Comments

Please note that the comment area below has been archived.

Lots of references to

Lots of references to OpenSSL 1.1 in this changelog, and I think I remember that TorBrowser v6.0.x is packaged with OpenSSL v1.0.1 (why not v1.02?).

What is the preferred version of OpenSSL for use with Tor 0.2.8.x? With Tor v0.2.9.x?

I'd suggest 1.0.2 with both.

I'd suggest 1.0.2 with both. 1.0.1 should work fine too, but it will be unsupported after 31 Dec 2016. OpenSSL 1.1 should work better with 0.2.9.

1.0.1 is still fine and was

1.0.1 is still fine and was until now as well. We are shipping 1.0.2 in the alpha series to test whether there are any issues. So far none showed up and the plan is to turn the current alpha series into the next major stable in January: Tor Browser 6.5 won't have 1.0.1 anymore.

Tor 0.2.8.10 backports a fix

Tor 0.2.8.10 backports a fix for a bug that would sometimes make clients unusable after they left standby mode.

Ah! So that's why I wouldn't be able to connect in the Tor Browser after I put my notebook on standby only after closing and then re-opening the Tor Browser? Thanks!

Yes! This one drove me nuts.

Yes! This one drove me nuts. We used to be great at recognizing that the network had come back, and then in 0.2.8.1-alpha we broke that.

See
http://bugs.torproject.org/19969
for many more details.