Tor 0.3.0.3-alpha is released:

Tor 0.3.0.3-alpha fixes a few significant bugs introduced over the 0.3.0.x development series, including some that could cause authorities to behave badly. There is also a fix for a longstanding bug that could prevent IPv6 exits from working. Tor 0.3.0.3-alpha also includes some smaller features and bugfixes.

The Tor 0.3.0.x release series is now in patch-freeze: no additional features will be considered for inclusion in 0.3.0.x. We suspect that some bugs will probably remain, however, and we encourage people to test this release.

You can download the source code from the usual place on the website, but most users should wait for packages to become available over the upcoming weeks.

Please note: This is an alpha release. Please expect more bugs than usual. If you want a stable experience, please stick to the stable releases.

Below are the changes since 0.3.0.2-alpha:

Changes in version 0.3.0.3-alpha - 2017-02-03

• Major bugfixes (directory authority):
  • During voting, when marking a relay as a probable sybil, do not clear its BadExit flag: sybils can still be bad in other ways too. (We still clear the other flags.) Fixes bug 21108; bugfix on 0.2.0.13-alpha.
  • When deciding whether we have just found a router to be reachable, do not penalize it for not having performed an Ed25519 link handshake if it does not claim to support an Ed25519 handshake. Previously, we would treat such relays as non-running. Fixes bug 21107; bugfix on 0.3.0.1-alpha.
• Major bugfixes (entry guards):
  • Stop trying to build circuits through entry guards for which we have no descriptor. Also, stop crashing in the case that we *do* accidentally try to build a circuit in such a state. Fixes bug 21242; bugfix on 0.3.0.1-alpha.

• Major bugfixes (IPv6 Exits):
  • Stop rejecting all IPv6 traffic on Exits whose exit policy rejects any IPv6 addresses. Instead, only reject a port over IPv6 if the exit policy rejects that port on more than an IPv6 /16 of addresses. This bug was made worse by 17027 in 0.2.8.1-alpha, which rejected a relay's own IPv6 address by default. Fixes bug 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
• Minor feature (client):
  • Enable IPv6 traffic on the SocksPort by default. To disable this, a user will have to specify "NoIPv6Traffic". Closes ticket 21269.
• Minor feature (fallback scripts):
  • Add a check_existing mode to updateFallbackDirs.py, which checks if fallbacks in the hard-coded list are working. Closes ticket 20174. Patch by haxxpop.
• Minor features (ciphersuite selection):
  • Clients now advertise a list of ciphersuites closer to the ones preferred by Firefox. Closes part of ticket 15426.
  • Allow relays to accept a wider range of ciphersuites, including chacha20-poly1305 and AES-CCM. Closes the other part of 15426.
• Minor features (controller, configuration):
  • Each of the *Port options, such as SocksPort, ORPort, ControlPort, and so on, now comes with a __*Port variant that will not be saved to the torrc file by the controller's SAVECONF command. This change allows TorBrowser to set up a single-use domain socket for each time it launches Tor. Closes ticket 20956.
  • The GETCONF command can now query options that may only be meaningful in context-sensitive lists. This allows the controller to query the mixed SocksPort/__SocksPort style options introduced in feature 20956. Implements ticket 21300.
• Minor features (portability, compilation):
  • Autoconf now checks to determine if OpenSSL structures are opaque, instead of explicitly checking for OpenSSL version numbers. Part of ticket 21359.
  • Support building with recent LibreSSL code that uses opaque structures. Closes ticket 21359.
• Minor features (relay):
  • We now allow separation of exit and relay traffic to different source IP addresses, using the OutboundBindAddressExit and OutboundBindAddressOR options respectively. Closes ticket 17975. Written by Michael Sonntag.
• Minor bugfix (logging):
  • Don't recommend the use of Tor2web in non-anonymous mode. Recommending Tor2web is a bad idea because the client loses all anonymity. Tor2web should only be used in specific cases by users who *know* and understand the issues. Fixes bug 21294; bugfix on 0.2.9.3-alpha.
• Minor bugfixes (client):
  • Always recover from failures in extend_info_from_node(), in an attempt to prevent any recurrence of bug 21242. Fixes bug 21372; bugfix on 0.2.3.1-alpha.
• Minor bugfixes (client, entry guards):
  • Fix a bug warning (with backtrace) when we fail a channel that circuits to fallback directories on it. Fixes bug 21128; bugfix on 0.3.0.1-alpha.
  • Fix a spurious bug warning (with backtrace) when removing an expired entry guard. Fixes bug 21129; bugfix on 0.3.0.1-alpha.
  • Fix a bug of the new guard algorithm where tor could stall for up to 10 minutes before retrying a guard after a long period of no network. Fixes bug 21052; bugfix on 0.3.0.1-alpha.
  • Do not try to build circuits until we have descriptors for our primary entry guards. Related to fix for bug 21242.
• Minor bugfixes (configure, autoconf):
  • Rename the configure option --enable-expensive-hardening to --enable-fragile-hardening. Expensive hardening makes the tor daemon abort when some kinds of issues are detected. Thus, it makes tor more at risk of remote crashes but safer against RCE or heartbleed bug category. We now try to explain this issue in a message from the configure script. Fixes bug 21290; bugfix on 0.2.5.4-alpha.
• Minor bugfixes (controller):
  • Restore the (deprecated) DROPGUARDS controller command. Fixes bug 20824; bugfix on 0.3.0.1-alpha.
• Minor bugfixes (hidden service):
  • Clean up the code for expiring intro points with no associated circuits. It was causing, rarely, a service with some expiring introduction points to not open enough additional introduction points. Fixes part of bug 21302; bugfix on 0.2.7.2-alpha.
  • Stop setting the torrc option HiddenServiceStatistics to "0" just because we're not a bridge or relay. Instead, we preserve whatever value the user set (or didn't set). Fixes bug 21150; bugfix on 0.2.6.2-alpha.
  • Resolve two possible underflows which could lead to creating and closing a lot of introduction point circuits in a non-stop loop. Fixes bug 21302; bugfix on 0.2.7.2-alpha.
• Minor bugfixes (portability):
  • Use "OpenBSD" compiler macro instead of "OPENBSD" or "__OpenBSD__". It is supported by OpenBSD itself, and also by most OpenBSD variants (such as Bitrig). Fixes bug 20980; bugfix on 0.1.2.1-alpha.
  • When mapping a file of length greater than SIZE_MAX, do not silently truncate its contents. This issue could occur on 32 bit systems with large file support and files which are larger than 4 GB. Fixes bug 21134; bugfix on 0.3.0.1-alpha.
• Minor bugfixes (tor-resolve):
  • The tor-resolve command line tool now rejects hostnames over 255 characters in length. Previously, it would silently truncate them, which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5. Patch by "junglefowl".
• Minor bugfixes (Windows services):
  • Be sure to initialize the monotonic time subsystem before using it, even when running as an NT service. Fixes bug 21356; bugfix on 0.2.9.1-alpha.