alpha release

On October 11, we released Tor 0.2.2.5-alpha.

It can be downloaded from https://www.torproject.org/download/.

It contains:

Major bugfixes:

• Make the tarball compile again. Oops. Bugfix on 0.2.2.4-alpha.

New directory authorities:

• Move dizum to an alternate IP address.

Code simplifications and refactorings

• Numerous changes, bugfixes, and workarounds from Nathan Freitas
  to help Tor build correctly for Android phones.

On October 10, we released Tor version 0.2.2.4-alpha.

This release can be found at https://www.torproject.org/download/

It contains the following:
Major bugfixes:

• Fix several more asserts in the circuit_build_times code, for
  example one that causes Tor to fail to start once we have
  accumulated 5000 build times in the state file. Bugfixes on
  0.2.2.2-alpha; fixes bug 1108.

New directory authorities:

• Move moria1 and Tonga to alternate IP addresses.

Minor features: read more »

• Log SSL state transitions at debug level during handshake, and
  include SSL states in error messages. This may help debug future
  SSL handshake issues.
• Add a new "Handshake" log domain for activities that happen
  during the TLS handshake.
• Revert to the "June 3 2009" ip-to-country file. The September one
  

On September 23rd, we released Tor version 0.2.2.3-alpha.

Major bugfixes:

• Fix an overzealous assert in our new circuit build timeout code.
  Bugfix on 0.2.2.2-alpha; fixes bug 1103.

Minor bugfixes:

• If the networkstatus consensus tells us that we should use a
  negative circuit package window, ignore it. Otherwise we'll
  believe it and then trigger an assert. Bugfix on 0.2.2.2-alpha.

On September 21st, we released Tor version 0.2.2.2-alpha.

Major features: read more »

• Tor now tracks how long it takes to build client-side circuits
  over time, and adapts its timeout to local network performance.
  Since a circuit that takes a long time to build will also provide
  bad performance, we get significant latency improvements by
  discarding the slowest 20% of circuits. Specifically, Tor creates
  circuits more aggressively than usual until it has enough data
  points for a good timeout estimate. Implements proposal 151.
  We are especially looking for reports (good and bad) from users with
  both EDGE and broadband connections that can move from broadband
  to EDGE and find out if the build-time data in the .tor/state gets
  reset without loss of Tor usability. You should also see a notice
  log message telling you that Tor has reset its timeout.

Tor 0.2.2.1-alpha disables ".exit" address notation by default, allows
Tor clients to bootstrap on networks where only port 80 is reachable,
makes it more straightforward to support hardware crypto accelerators,
and starts the groundwork for gathering stats safely at relays.

https://www.torproject.org/download

We've been improving our packages and bundles:
Packaging changes: read more »

• Upgrade Vidalia from 0.1.15 to 0.2.3 in the Windows and OS X
  installer bundles. See
  https://trac.vidalia-project.net/browser/vidalia/tags/vidalia-0.2.3/CHAN...
  for details of what's new in Vidalia 0.2.3.
• Windows Vidalia Bundle: update Privoxy from 3.0.6 to 3.0.14-beta.
• OS X Vidalia Bundle: move to Polipo 1.0.4 with Tor specific
  configuration file, rather than the old Privoxy.
• OS X Vidalia Bundle: Vidalia, Tor, and Polipo are compiled as
  x86-only for better compatibility with OS X 10.6, aka Snow Leopard.

New releases, new hires, new funding

On March 9, we released Tor 0.2.1.13-alpha. It includes the following fixes and enhancements:

o Major bugfixes:
- Correctly update the list of which countries we exclude as exits, when the GeoIP file is loaded or reloaded. Diagnosed by lark. Bugfix on 0.2.1.6-alpha.

o Minor bugfixes (on 0.2.0.x and earlier):
- Automatically detect MacOSX versions earlier than 10.4.0, and
disable kqueue from inside Tor when running with these versions.
We previously did this from the startup script, but that was no
help to people who didn't use the startup script. Resolves bug 863.
- When we had picked an exit node for a connection, but marked it as
"optional", and it turned out we had no onion key for the exit,
stop wanting that exit and try again. This situation may not
be possible now, but will probably become feasible with proposal read more »

An updated Tor Browser Bundle is released to address the Firefox 3.0.7 security issues. It includes:

• Update Firefox to 3.0.8
• Add Italian language bundles
• Update Torbutton to 1.2.1
• Update Vidalia to 0.1.12

This updated TBB can be downloaded from https://www.torproject.org/easy-download as the "zero install bundle".

Tor 0.2.1.13-alpha includes another big pile of minor bugfixes and
cleanups. We're finally getting close to a release candidate.

https://www.torproject.org/download

Changes in version 0.2.1.13-alpha - 2009-03-09
Major bugfixes:

• Correctly update the list of which countries we exclude as
  exits, when the GeoIP file is loaded or reloaded. Diagnosed by
  lark. Bugfix on 0.2.1.6-alpha.

Minor bugfixes (on 0.2.0.x and earlier):

• Automatically detect MacOSX versions earlier than 10.4.0, and
  disable kqueue from inside Tor when running with these versions.
  We previously did this from the startup script, but that was no
  help to people who didn't use the startup script. Resolves bug 863.
• When we had picked an exit node for a connection, but marked it as
  "optional", and it turned out we had no onion key for the exit, read more »

Tor Browser Bundle 1.1.9 is released.

It includes the following changes:

Update Tor to 0.2.1.12-alpha
Update Firefox to 3.0.6
Update Vidalia to 0.1.11

It's available at https://www.torproject.org/torbrowser/

Tor 0.2.1.12-alpha features several more security-related fixes. You
should upgrade, especially if you run an exit relay (remote crash) or
a directory authority (remote infinite loop), or you're on an older
(pre-XP) or not-recently-patched Windows (remote exploit). It also
includes a big pile of minor bugfixes and cleanups.

https://www.torproject.org/download.html.en

Changes in version 0.2.1.12-alpha - 2009-02-08
Security fixes:

• Fix an infinite-loop bug on handling corrupt votes under certain
  circumstances. Bugfix on 0.2.0.8-alpha.
• Fix a temporary DoS vulnerability that could be performed by
  a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
• Avoid a potential crash on exit nodes when processing malformed
  input. Remote DoS opportunity. Bugfix on 0.2.1.7-alpha.

Minor bugfixes:

• Let controllers actually ask for the "clients_seen" event for read more »