Hello again! This post announces the second alpha in the 0.3.1.x series, which I just released today. And since the blog was down when the first alpha came out, I'm posting the changelog for 0.3.1.1-alpha below too.
Tor 0.3.1.2-alpha is the second release in the 0.3.1.x series. It fixes a few bugs found while testing 0.3.1.1-alpha, including a memory corruption bug that affected relay stability.
Since this is an alpha release, you can expect more bugs than usual.
If you build Tor from source, you can find Tor 0.3.1.2-alpha at the usual place at the Download page on our website. Otherwise, you'll probably want to wait until packages are available. The next Tor Browser alpha release with this version of Tor will likely come out in mid-June.
Changes in version 0.3.1.2-alpha - 2017-05-26
- Major bugfixes (crash, relay):
- Fix a memory-corruption bug in relays that set MyFamily. Previously, they would double-free MyFamily elements when making the next descriptor or when changing their configuration. Fixes bug 22368; bugfix on 0.3.1.1-alpha.
- Minor bugfixes (logging):
- Log a better message when a directory authority replies to an upload with an unexpected status code. Fixes bug 11121; bugfix on 0.1.0.1-rc.
- Minor bugfixes (memory leak, directory authority):
- When directory authorities reject a router descriptor due to keypinning, free the router descriptor rather than leaking the memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
Changes in version 0.3.1.1-alpha - 2017-05-22
Tor 0.3.1.1-alpha is the first release in the 0.3.1.x series. It reduces the bandwidth usage for Tor's directory protocol, adds some basic padding to resist netflow-based traffic analysis and to serve as the basis of other padding in the future, and adds rust support to the build system.
It also contains numerous other small features and improvements to security, correctness, and performance.
Below are the changes since 0.3.0.7.
- Major features (directory protocol):
- Tor relays and authorities can now serve clients an abbreviated version of the consensus document, containing only the changes since an older consensus document that the client holds. Clients now request these documents when available. When both client and server use this new protocol, they will use far less bandwidth (up to 94% less) to keep the client's consensus up-to-date. Implements proposal 140; closes ticket 13339. Based on work by Daniel Martí.
- Tor can now compress directory traffic with lzma or with zstd compression algorithms, which can deliver better bandwidth performance. Because lzma is computationally expensive, it's only used for documents that can be compressed once and served many times. Support for these algorithms requires that tor is built with the libzstd and/or liblzma libraries available. Implements proposal 278; closes ticket 21662.
- Relays now perform the more expensive compression operations, and consensus diff generation, in worker threads. This separation avoids delaying the main thread when a new consensus arrives.
- Major features (experimental):
- Tor can now build modules written in Rust. To turn this on, pass the "--enable-rust" flag to the configure script. It's not time to get excited yet: currently, there is no actual Rust functionality beyond some simple glue code, and a notice at startup to tell you that Rust is running. Still, we hope that programmers and packagers will try building Tor with Rust support, so that we can find issues and solve portability problems. Closes ticket 22106.
Hello! This release came out 11 days ago, but since the blog was down at the time, I was only able to announce on the tor-announce@ mailing list.
Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series.
Tor 0.3.0.5-rc fixes a few remaining bugs, large and small, in the 0.3.0 release series.
Hi! We've just tagged and uploaded new versions for the older 0.2.4 through 0.2.8 release series, to backport important patches and extend the useful life of these versions.
Tor 0.3.0.4-rc fixes some remaining bugs, large and small, in the 0.3.0 release series, and introduces a few reliability features to keep them from coming back.
Tor 0.2.9.10 backports a security fix for users who build Tor with the --enable-expensive-hardening option.
Tor 0.3.0.3-alpha fixes a few significant bugs introduced over the 0.3.0.x development series, including some that could cause authorities to behave badly.
Tor 0.3.0.2-alpha fixes a denial-of-service bug where an attacker could cause relays and clients to crash, even if they were not built with the --enable-expensive-hardening option.