[tor-talk] Tor 0.3.3.2-alpha is released

Nick Mathewson nickm at torproject.org
Sat Feb 10 15:14:02 UTC 2018 

Hi, all!

There's a new alpha Tor release!  Because it's an alpha, you should
only run it if you're ready to find more bugs than usual, and report
them on trac.torproject.org.

The source code is available from the usual place on
www.torproject.org; if you build Tor from source, why not give it a
try?  And if you don't build Tor from source, packages should be ready
over the coming days, with a Tor Browser alpha release likely in a
couple of weeks.

=====

Here's what's new!

Changes in version 0.3.3.2-alpha - 2018-02-10
  Tor 0.3.3.2-alpha is the second alpha in the 0.3.3.x series. It
  introduces a mechanism to handle the high loads that many relay
  operators have been reporting recently. It also fixes several bugs in
  older releases. If this new code proves reliable, we plan to backport
  it to older supported release series.

  o Major features (denial-of-service mitigation):
    - Give relays some defenses against the recent network overload. We
      start with three defenses (default parameters in parentheses).
      First: if a single client address makes too many concurrent
      connections (>100), hang up on further connections. Second: if a
      single client address makes circuits too quickly (more than 3 per
      second, with an allowed burst of 90) while also having too many
      connections open (3), refuse new create cells for the next while
      (1-2 hours). Third: if a client asks to establish a rendezvous
      point to you directly, ignore the request. These defenses can be
      manually controlled by new torrc options, but relays will also
      take guidance from consensus parameters, so there's no need to
      configure anything manually. Implements ticket 24902.

  o Major bugfixes (netflow padding):
    - Stop adding unneeded channel padding right after we finish
      flushing to a connection that has been trying to flush for many
      seconds. Instead, treat all partial or complete flushes as
      activity on the channel, which will defer the time until we need
      to add padding. This fix should resolve confusing and scary log
      messages like "Channel padding timeout scheduled 221453ms in the
      past." Fixes bug 22212; bugfix on 0.3.1.1-alpha.

  o Major bugfixes (protocol versions):
    - Add Link protocol version 5 to the supported protocols list. Fixes
      bug 25070; bugfix on 0.3.1.1-alpha.

  o Major bugfixes (scheduler, consensus):
    - The scheduler subsystem was failing to promptly notice changes in
      consensus parameters, making it harder to switch schedulers
      network-wide. Fixes bug 24975; bugfix on 0.3.2.1-alpha.

  o Minor features (denial-of-service avoidance):
    - Make our OOM handler aware of the geoip client history cache so it
      doesn't fill up the memory. This check is important for IPv6 and
      our DoS mitigation subsystem. Closes ticket 25122.

  o Minor features (directory authority):
    - When directory authorities are unable to add signatures to a
      pending consensus, log the reason why. Closes ticket 24849.

  o Minor features (geoip):
    - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
      Country database.

  o Minor features (logging, diagnostic):
    - When logging a failure to create an onion service's descriptor,
      also log what the problem with the descriptor was. Diagnostic for
      ticket 24972.

  o Minor bugfix (channel connection):
    - Use the actual observed address of an incoming relay connection,
      not the canonical address of the relay from its descriptor, when
      making decisions about how to handle the incoming connection.
      Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".

  o Minor bugfix (directory authority):
    - Directory authorities, when refusing a descriptor from a rejected
      relay, now explicitly tell the relay (in its logs) to set a valid
      ContactInfo address and contact the bad-relays@ mailing list.
      Fixes bug 25170; bugfix on 0.2.9.1.

  o Minor bugfixes (all versions of Tor):
    - Use the "misspell" tool to detect and fix typos throughout the
      source code. Fixes bug 23650; bugfix on various versions of Tor.
      Patch from Deepesh Pathak.

  o Minor bugfixes (circuit, cannibalization):
    - Don't cannibalize preemptively-built circuits if we no longer
      recognize their first hop. This situation can happen if our Guard
      relay went off the consensus after the circuit was created. Fixes
      bug 24469; bugfix on 0.0.6.

  o Minor bugfixes (correctness):
    - Remove a nonworking, unnecessary check to see whether a circuit
      hop's identity digest was set when the circuit failed. Fixes bug
      24927; bugfix on 0.2.4.4-alpha.

  o Minor bugfixes (logging):
    - Don't treat inability to store a cached consensus object as a bug:
      it can happen normally when we are out of disk space. Fixes bug
      24859; bugfix on 0.3.1.1-alpha.
    - Fix a (mostly harmless) race condition when invoking
      LOG_PROTOCOL_WARN message from a subthread while the torrc options
      are changing. Fixes bug 23954; bugfix on 0.1.1.9-alpha.

  o Minor bugfixes (onion services):
    - Remove a BUG() statement when a client fetches an onion descriptor
      that has a lower revision counter than the one in its cache. This
      can happen in normal circumstances due to HSDir desync. Fixes bug
      24976; bugfix on 0.3.2.1-alpha.
    - If we are configured to offer a single onion service, don't log
      long-term established one hop rendezvous points in the heartbeat.
      Fixes bug 25116; bugfix on 0.2.9.6-rc.

  o Minor bugfixes (performance):
    - Avoid calling protocol_list_supports_protocol() from inside tight
      loops when running with cached routerinfo_t objects. Instead,
      summarize the relevant protocols as flags in the routerinfo_t, as
      we do for routerstatus_t objects. This change simplifies our code
      a little, and saves a large amount of short-term memory allocation
      operations. Fixes bug 25008; bugfix on 0.2.9.4-alpha.

  o Minor bugfixes (Rust FFI):
    - Fix a minor memory leak which would happen whenever the C code
      would call the Rust implementation of
      protover_get_supported_protocols(). This was due to the C version
      returning a static string, whereas the Rust version newly allocated
      a CString to pass accross the FFI boundary. Consequently, the C
      code was not expecting to need to free() what it was given. Fixes
      bug 25127; bugfix on 0.3.2.1-alpha.

  o Minor bugfixes (scheduler, KIST):
    - Avoid adding the same channel twice in the KIST scheduler pending
      list, which would waste CPU cycles. Fixes bug 24700; bugfix
      on 0.3.2.1-alpha.

  o Minor bugfixes (unit test, monotonic time):
    - Increase a constant (1msec to 10msec) in the monotonic time test
      that makes sure the nsec/usec/msec times read are synchronized.
      This change was needed to accommodate slow systems like armel or
      when the clock_gettime() is not a VDSO on the running kernel.
      Fixes bug 25113; bugfix on 0.2.9.1.

  o Minor bugfixes (v3 onion services):
    - Look at the "HSRend" protocol version, not the "HSDir" protocol
      version, when deciding whether a consensus entry can support the
      v3 onion service protocol as a rendezvous point. Fixes bug 25105;
      bugfix on 0.3.2.1-alpha.

  o Code simplification and refactoring:
    - Remove the unused nodelist_recompute_all_hsdir_indices(). Closes
      ticket 25108.
    - Remove a series of counters used to track circuit extend attempts
      and connection status but that in reality we aren't using for
      anything other than stats logged by a SIGUSR1 signal. Closes
      ticket 25163.

  o Documentation (man page):
    - The HiddenServiceVersion torrc option accepts only one number:
      either version 2 or 3. Closes ticket 25026; bugfix
      on 0.3.2.2-alpha.

More information about the tor-talk mailing list