[tor-talk] Tor 0.3.5.2-alpha is released

Nick Mathewson nickm at torproject.org
Fri Sep 21 16:07:04 UTC 2018 

Hello!

There's a new alpha Tor release! Because it's an alpha, you should
only run it if you're ready to find more bugs than usual, and report
them on trac.torproject.org.

The source code is available from the usual place on
www.torproject.org; if you build Tor from source, why not give it a
try? And if you don't build Tor from source, packages should be ready
over the coming days, with a Tor Browser alpha release very soon.

Here's what's new:

Changes in version 0.3.5.2-alpha - 2018-09-21
  Tor 0.3.5.2-alpha fixes several bugs in 0.3.5.1-alpha, including one
  that made Tor think it had run out of sockets. Anybody running a relay
  or an onion service on 0.3.5.1-alpha should upgrade.

  o Major bugfixes (relay bandwidth statistics):
    - When we close relayed circuits, report the data in the circuit
      queues as being written in our relay bandwidth stats. This
      mitigates guard discovery and other attacks that close circuits
      for the explicit purpose of noticing this discrepancy in
      statistics. Fixes bug 23512; bugfix on 0.0.8pre3.

  o Major bugfixes (socket accounting):
    - In our socket accounting code, count a socket as closed even when
      it is closed indirectly by the TLS layer. Previously, we would
      count these sockets as still in use, and incorrectly believe that
      we had run out of sockets. Fixes bug 27795; bugfix
      on 0.3.5.1-alpha.

  o Minor bugfixes (32-bit OSX and iOS, timing):
    - Fix an integer overflow bug in our optimized 32-bit millisecond-
      difference algorithm for 32-bit Apple platforms. Previously, it
      would overflow when calculating the difference between two times
      more than 47 days apart. Fixes part of bug 27139; bugfix
      on 0.3.4.1-alpha.
    - Improve the precision of our 32-bit millisecond difference
      algorithm for 32-bit Apple platforms. Fixes part of bug 27139;
      bugfix on 0.3.4.1-alpha.
    - Relax the tolerance on the mainloop/update_time_jumps test when
      running on 32-bit Apple platforms. Fixes part of bug 27139; bugfix
      on 0.3.4.1-alpha.

  o Minor bugfixes (onion service v3):
    - Close all SOCKS request (for the same .onion) if the newly fetched
      descriptor is unusable. Before that, we would close only the first
      one leaving the other hanging and let to time out by themselves.
      Fixes bug 27410; bugfix on 0.3.2.1-alpha.

  o Minor bugfixes (memory leak):
    - Fix an unlikely memory leak when trying to read a private key from
      a ridiculously large file. Fixes bug 27764; bugfix on
      0.3.5.1-alpha. This is CID 1439488.

  o Minor bugfixes (NSS):
    - Correctly detect failure to open a dummy TCP socket when stealing
      ownership of an fd from the NSS layer. Fixes bug 27782; bugfix
      on 0.3.5.1-alpha.

  o Minor bugfixes (rust):
    - protover_all_supported() would attempt to allocate up to 16GB on
      some inputs, leading to a potential memory DoS. Fixes bug 27206;
      bugfix on 0.3.3.5-rc.

  o Minor bugfixes (testing):
    - Revise the "conditionvar_timeout" test so that it succeeds even on
      heavily loaded systems where the test threads are not scheduled
      within 200 msec. Fixes bug 27073; bugfix on 0.2.6.3-alpha.

  o Code simplification and refactoring:
    - Divide the routerlist.c and dirserv.c modules into smaller parts.
      Closes ticket 27799.

More information about the tor-talk mailing list