Tor 0.4.5.8 Is Released

From LinuxReviews
Jump to navigationJump to search
Tor.png

The latest Tor daemon has two minor fixes, one for compatibility with the Linux kernels seccomp sandbox and one for newer versions of GNU Autoconf. Tor relay operators who are still haven't upgraded from a Tor version prior to Tor 0.4.5.7 should upgrade to 0.4.5.8 since Tor <=0.4.5.6 has two different denial of service issues.

written by 윤채경 (Yoon Chae-kyung)  2021-05-14 - last edited 2021-05-14. © CC BY

Tor-illustration-03.jpg
Tor illustration by Nancy Mushroom Kim.

Tor is the actual network software for the Tor network. It is not the same as the Tor Browser bundle end-users use to access the Tor network, Tor is just a daemon you run to create a small part of the Tor network. The Tor Browser bundle is a bundle with web browser based on Mozilla Firefox and the Tor daemon configured to run in client mode.

The latest Tor release is a bit of a yawn. It has a tweak in Tor's support for the Linux kernels seccomp sandbox that lets Tor use seccomp correctly with Glibc 2.33 (bug 40382) and a tweak that makes GNU Authconf 2.70+ create the build script correctly (bug 40335)

The Tor 0.4.5.7 release two months ago was, unlike this release, a important release that fixed two denial of service issues in prior versions. You should upgrade to 0.4.5.7+ if you are running a Tor relay using Tor <=0.4.5.6.

The Tor project is in the process of deprecating the older v2 format for location hidden services. You can quickly tell what version of the .onion service format a location hidden Tor service is using by looking at the address length:

  • 3g2upl4pq6kufc4m.onion would be a v2 address (that's DuckDuckGo)
  • cfida4nbhkwohqnm3egmkkco2ey3tqrukt7axssuhovwfnwd6pghcyid.onion would be a v3 address (it goes nowhere, we just made one to illustrate what it looks like)

You should make sure you are providing services in the newer v3 format if you are providing Tor hidden services, and you should look around for a v3 address if you use some location hidden service by accessing a v2 address. Tor old v2 address format has already been removed from the Tor 0.4.6.x branch and the other Tor branches, like the stable 0.4.5.x branch, will stop supporting it on October 15th, 2021.

The source code for Tor 0.4.5.8 can be acquired from www.torproject.org/download/tor/. You may want to skip that link in favor of www.torproject.org/download/, where the full Tor Browser bundle can be acquired, if you want to use the Tor network for human rights work or something like that.

0.00
(0 votes)


avatar

Anonymous (d5d49756)

3 months ago
Score 0
RIP web of links that existed on tor v2. Hopefully the search engine indices, academic crawls, and the like will eventually recover with v3. But even in the best case scenario the of each individual tor onion service creating a v3 service the web between the v2 is lost forever.
Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.