Tor 0.3.2.7-rc is released!

by nickm | December 14, 2017

Tor 0.3.2.7-rc fixes various bugs in earlier versions of Tor, including some that could affect reliability or correctness.

This is the first release candidate in the 0.3.2 series. If we find no new bugs or regression here, then the first stable 0.3.2. release will be nearly identical to this.

You can download the source from the usual place on the website. Binary packages should be available soon, with a Tor Browser alpha release likely some time next week.

Changes in version 0.3.2.7-rc - 2017-12-14

  • Major bugfixes (circuit prediction):
    • Fix circuit prediction logic so that a client doesn't treat a port as being "handled" by a circuit if that circuit already has isolation settings on it. This change should make Tor clients more responsive by improving their chances of having a pre-created circuit ready for use when a request arrives. Fixes bug 18859; bugfix on 0.2.3.3-alpha.
  • Minor features (logging):
    • Provide better warnings when the getrandom() syscall fails. Closes ticket 24500.

 

  • Minor features (portability):
    • Tor now compiles correctly on arm64 with libseccomp-dev installed. (It doesn't yet work with the sandbox enabled.) Closes ticket 24424.
  • Minor bugfixes (bridge clients, bootstrap):
    • Retry directory downloads when we get our first bridge descriptor during bootstrap or while reconnecting to the network. Keep retrying every time we get a bridge descriptor, until we have a reachable bridge. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha.
    • Stop delaying bridge descriptor fetches when we have cached bridge descriptors. Instead, only delay bridge descriptor fetches when we have at least one reachable bridge. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha.
    • Stop delaying directory fetches when we have cached bridge descriptors. Instead, only delay bridge descriptor fetches when all our bridges are definitely unreachable. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha.
  • Minor bugfixes (compilation):
    • Fix a signed/unsigned comparison warning introduced by our fix to TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
  • Minor bugfixes (correctness):
    • Fix several places in our codebase where a C compiler would be likely to eliminate a check, based on assuming that undefined behavior had not happened elsewhere in the code. These cases are usually a sign of redundant checking or dubious arithmetic. Found by Georg Koppen using the "STACK" tool from Wang, Zeldovich, Kaashoek, and Solar-Lezama. Fixes bug 24423; bugfix on various Tor versions.
  • Minor bugfixes (onion service v3):
    • Fix a race where an onion service would launch a new intro circuit after closing an old one, but fail to register it before freeing the previously closed circuit. This bug was making the service unable to find the established intro circuit and thus not upload its descriptor, thus making a service unavailable for up to 24 hours. Fixes bug 23603; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (scheduler, KIST):
    • Properly set the scheduler state of an unopened channel in the KIST scheduler main loop. This prevents a harmless but annoying log warning. Fixes bug 24502; bugfix on 0.3.2.4-alpha.
    • Avoid a possible integer overflow when computing the available space on the TCP buffer of a channel. This had no security implications; but could make KIST allow too many cells on a saturated connection. Fixes bug 24590; bugfix on 0.3.2.1-alpha.
    • Downgrade to "info" a harmless warning about the monotonic time moving backwards: This can happen on platform not supporting monotonic time. Fixes bug 23696; bugfix on 0.3.2.1-alpha.

Comments

Please note that the comment area below has been archived.

December 16, 2017

Permalink

I do wish there was a page telling us what all these different versions of TOR do?
Tor Browser 7.0.11
Tor Browser 7.5a9
Tor 0.3.2.7-rc

The first two are the current Tor Browser stable version and the current Tor Browser alpha version respectively (note the "a" in the version string of the alpha one). 0.3.2.7-rc is the release candidate for the Tor software which is responsible for sending your data to and receiving it from relays around the world. Tor is shipped with Tor Browser.

December 27, 2017

In reply to gk

Permalink

That's useful thank you, but don't you think it would be better to have a page dedicated to these explanations.

December 18, 2017

Permalink

If net neutrality ends in the United States, how can we access Tor if it is blocked? Would they not block bridges also? Can someone please recommend a method to address this? Thank you. I think this issue is very serious and could impact elections and much more.

January 17, 2018

Permalink

Am I becoming Paranoid? The date of this comment is January 17 2018

I have noticed in the last few months, especially weeks that there are more, in fact MOST IP addresses for TOR Browser from Canada, Germany, Switzerland, U.S. and Sweden, ALL Western countries with heavy but subtle CENSORSHIP and "coincidentally" my Browser becomes SLOW to not working at all, on my visited political sites ( I am very political).

When I try to change my IP. I simply get another from one of those IP address countries I cite. It requires my changing address IPS at least 5 times to get one from France, Netherlands or a small country, which, I might add, generally work much faster

See tor-relays mailing list. It is discussed issue related to DDoS attacks and increase of tor users from some Western countries. Now the time required to construct new circuit is higher than before. In worst case try to pick new set of guard nodes.

Thanks for you reply and I failed to mention the worst IP's come from Germany and when I try to change, I get another form Germany and then another etc, up to at least 5 IP's from Germany, ALL terribly slow to not working at all, until finally I can get a reasonable well-working working IP, usually in France, Netherlands or a small nondescript country

If you are familiar with Zionist-infiltration politics in Germany you will understand

I did suspect DDOS but was reluctant to say so and it is going to be a difficult tactic to prevent

After watching numerous times, now, the way IP addresses are being cycled and preventing me from viewing certain POLITICAL sites, that NOT only are DDOS attacks being used, but more importantly I believe that TOR is being flooded with CONTROLLED IP addresses and THAT is the main tactic.

Any web site can censor tor exit nodes. Most of CDNs do it (cloudflare, google, recaptcha, etc.). You need extra proxy after tor (e.g. web proxy) to bypass this censorship.