Tor is released!

Tor is the fifth alpha release in the 0.3.2.x series. It fixes several stability and reliability bugs, including a fix for intermittent bootstrapping failures that some people have been seeing since the 0.3.0.x series.

You can download the source from the usual place on the website. Binary packages should be available soon. Tor Browser is likely to skip this alpha, and pick up the next one, which should be out in early November.

Remember: This is an alpha release, and it's likely to have more bugs than usual. We hope that people will try it out to find and report bugs, though.

Please test this alpha out -- many of these fixes will soon be backported to stable Tor versions if no additional bugs are found in them.

Changes in version - 2017-11-22

  • Major bugfixes (bootstrapping):
    • Fetch descriptors aggressively whenever we lack enough to build circuits, regardless of how many descriptors we are missing. Previously, we would delay launching the fetch when we had fewer than 15 missing descriptors, even if some of those descriptors were blocking circuits from building. Fixes bug 23985; bugfix on The effects of this bug became worse in, when we began treating missing descriptors from our primary guards as a reason to delay circuits.
    • Don't try fetching microdescriptors from relays that have failed to deliver them in the past. Fixes bug 23817; bugfix on
  • Minor features (directory authority):
    • Make the "Exit" flag assignment only depend on whether the exit policy allows connections to ports 80 and 443. Previously relays would get the Exit flag if they allowed connections to one of these ports and also port 6667. Resolves ticket 23637.


  • Minor features (geoip):
    • Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2 Country database.
  • Minor features (linux seccomp2 sandbox):
    • Update the sandbox rules so that they should now work correctly with Glibc 2.26. Closes ticket 24315.
  • Minor features (logging):
    • Downgrade a pair of log messages that could occur when an exit's resolver gave us an unusual (but not forbidden) response. Closes ticket 24097.
    • Improve the message we log when re-enabling circuit build timeouts after having received a consensus. Closes ticket 20963.
  • Minor bugfixes (compilation):
    • Fix a memory leak warning in one of the libevent-related configuration tests that could occur when manually specifying -fsanitize=address. Fixes bug 24279; bugfix on Found and patched by Alex Xu.
    • When detecting OpenSSL on Windows from our configure script, make sure to try linking with the ws2_32 library. Fixes bug 23783; bugfix on
  • Minor bugfixes (control port, linux seccomp2 sandbox):
    • Avoid a crash when attempting to use the seccomp2 sandbox together with the OwningControllerProcess feature. Fixes bug 24198; bugfix on
  • Minor bugfixes (control port, onion services):
    • Report "FAILED" instead of "UPLOAD_FAILED" "FAILED" for the HS_DESC event when a service is not able to upload a descriptor. Fixes bug 24230; bugfix on
  • Minor bugfixes (directory cache):
    • Recover better from empty or corrupt files in the consensus cache directory. Fixes bug 24099; bugfix on
    • When a consensus diff calculation is only partially successful, only record the successful parts as having succeeded. Partial success can happen if (for example) one compression method fails but the others succeed. Previously we misrecorded all the calculations as having succeeded, which would later cause a nonfatal assertion failure. Fixes bug 24086; bugfix on
  • Minor bugfixes (logging):
    • Only log once if we notice that KIST support is gone. Fixes bug 24158; bugfix on
    • Suppress a log notice when relay descriptors arrive. We already have a bootstrap progress for this so no need to log notice everytime tor receives relay descriptors. Microdescriptors behave the same. Fixes bug 23861; bugfix on
  • Minor bugfixes (network layer):
    • When closing a connection via close_connection_immediately(), we mark it as "not blocked on bandwidth", to prevent later calls from trying to unblock it, and give it permission to read. This fixes a backtrace warning that can happen on relays under various circumstances. Fixes bug 24167; bugfix on
  • Minor bugfixes (onion services):
    • The introduction circuit was being timed out too quickly while waiting for the rendezvous circuit to complete. Keep the intro circuit around longer instead of timing out and reopening new ones constantly. Fixes bug 23681; bugfix on
    • Rename the consensus parameter "hsdir-interval" to "hsdir_interval" so it matches dir-spec.txt. Fixes bug 24262; bugfix on
    • Silence a warning about failed v3 onion descriptor uploads that can happen naturally under certain edge cases. Fixes part of bug 23662; bugfix on
  • Minor bugfixes (tests):
    • Fix a memory leak in one of the bridge-distribution test cases. Fixes bug 24345; bugfix on
    • Fix a bug in our fuzzing mock replacement for crypto_pk_checksig(), to correctly handle cases where a caller gives it an RSA key of under 160 bits. (This is not actually a bug in Tor itself, but rather in our fuzzing code.) Fixes bug 24247; bugfix on Found by OSS-Fuzz as issue 4177.
  • Documentation:
    • Add notes in man page regarding OS support for the various scheduler types. Attempt to use less jargon in the scheduler section. Closes ticket 24254.