alpha release
Tor Project infrastructure updates
Posted January 22nd, 2010 by phobosYou should upgrade to Tor 0.2.1.22 or 0.2.2.7-alpha:
https://www.torproject.org/easy-download.html.en
In early January we discovered that two of the seven servers that run directory
authorities were compromised (moria1 and gabelmoo), along with
metrics.torproject.org, a new server we'd recently set up to serve
metrics data and graphs. The three servers have since been reinstalled
with service migrated to other servers.
We made fresh identity keys for the two directory authorities, which is
why you need to upgrade.
Moria also hosted our git repository and svn repository. We took the
services offline as soon as we learned of the breach. It appears the
attackers didn't realize what they broke into -- just that they had
found some servers with lots of bandwidth. The attackers set up some ssh
keys and proceeded to use the three servers for launching other attacks.
We've done some preliminary comparisons, and it looks like git and svn
were not touched in any way. read more »
Tor 0.2.2.6-alpha released
Posted December 2nd, 2009 by phobosOn November 19, we released the latest in the Tor alpha series, version 0.2.2.6-alpha. This release lays the groundwork for many upcoming features:
support for the new lower-footprint "microdescriptor" directory design,
future-proofing our consensus format against new hash functions or
other changes, and an Android port. It also makes Tor compatible with
the upcoming OpenSSL 0.9.8l release, and fixes a variety of bugs.
It can be downloaded at https://www.torproject.org/download.html.en
Major features:
- Directory authorities can now create, vote on, and serve multiple
parallel formats of directory data as part of their voting process.
Partially implements Proposal 162: "Publish the consensus in
multiple flavors". - Directory authorities can now agree on and publish small summaries
of router information that clients can use in place of regular
server descriptors. This transition will eventually allow clients read more »
Tor 0.2.2.5-alpha released
Posted October 12th, 2009 by phobosOn October 11, we released Tor 0.2.2.5-alpha.
It can be downloaded from https://www.torproject.org/download/.
It contains:
Major bugfixes:
- Make the tarball compile again. Oops. Bugfix on 0.2.2.4-alpha.
New directory authorities:
- Move dizum to an alternate IP address.
Code simplifications and refactorings
- Numerous changes, bugfixes, and workarounds from Nathan Freitas
to help Tor build correctly for Android phones.
Tor 0.2.2.4-alpha released
Posted October 12th, 2009 by phobosOn October 10, we released Tor version 0.2.2.4-alpha.
This release can be found at https://www.torproject.org/download/
It contains the following:
Major bugfixes:
- Fix several more asserts in the circuit_build_times code, for
example one that causes Tor to fail to start once we have
accumulated 5000 build times in the state file. Bugfixes on
0.2.2.2-alpha; fixes bug 1108.
New directory authorities:
- Move moria1 and Tonga to alternate IP addresses.
Minor features: read more »
- Log SSL state transitions at debug level during handshake, and
include SSL states in error messages. This may help debug future
SSL handshake issues. - Add a new "Handshake" log domain for activities that happen
during the TLS handshake. - Revert to the "June 3 2009" ip-to-country file. The September one
Tor 0.2.2.3-alpha released
Posted October 9th, 2009 by phobosOn September 23rd, we released Tor version 0.2.2.3-alpha.
Major bugfixes:
- Fix an overzealous assert in our new circuit build timeout code.
Bugfix on 0.2.2.2-alpha; fixes bug 1103.
Minor bugfixes:
- If the networkstatus consensus tells us that we should use a
negative circuit package window, ignore it. Otherwise we'll
believe it and then trigger an assert. Bugfix on 0.2.2.2-alpha.
Tor 0.2.2.2-alpha released
Posted October 9th, 2009 by phobosOn September 21st, we released Tor version 0.2.2.2-alpha.
Major features: read more »
- Tor now tracks how long it takes to build client-side circuits
over time, and adapts its timeout to local network performance.
Since a circuit that takes a long time to build will also provide
bad performance, we get significant latency improvements by
discarding the slowest 20% of circuits. Specifically, Tor creates
circuits more aggressively than usual until it has enough data
points for a good timeout estimate. Implements proposal 151.
We are especially looking for reports (good and bad) from users with
both EDGE and broadband connections that can move from broadband
to EDGE and find out if the build-time data in the .tor/state gets
reset without loss of Tor usability. You should also see a notice
log message telling you that Tor has reset its timeout.
Tor 0.2.2.1-alpha released
Posted September 2nd, 2009 by phobosTor 0.2.2.1-alpha disables ".exit" address notation by default, allows
Tor clients to bootstrap on networks where only port 80 is reachable,
makes it more straightforward to support hardware crypto accelerators,
and starts the groundwork for gathering stats safely at relays.
https://www.torproject.org/download
We've been improving our packages and bundles:
Packaging changes: read more »
- Upgrade Vidalia from 0.1.15 to 0.2.3 in the Windows and OS X
installer bundles. See
https://trac.vidalia-project.net/browser/vidalia/tags/vidalia-0.2.3/CHAN...
for details of what's new in Vidalia 0.2.3. - Windows Vidalia Bundle: update Privoxy from 3.0.6 to 3.0.14-beta.
- OS X Vidalia Bundle: move to Polipo 1.0.4 with Tor specific
configuration file, rather than the old Privoxy. - OS X Vidalia Bundle: Vidalia, Tor, and Polipo are compiled as
x86-only for better compatibility with OS X 10.6, aka Snow Leopard.
March 2009 Progress Report
Posted April 13th, 2009 by phobosNew releases, new hires, new funding
On March 9, we released Tor 0.2.1.13-alpha. It includes the following fixes and enhancements:
o Major bugfixes:
- Correctly update the list of which countries we exclude as exits, when the GeoIP file is loaded or reloaded. Diagnosed by lark. Bugfix on 0.2.1.6-alpha.
o Minor bugfixes (on 0.2.0.x and earlier):
- Automatically detect MacOSX versions earlier than 10.4.0, and
disable kqueue from inside Tor when running with these versions.
We previously did this from the startup script, but that was no
help to people who didn't use the startup script. Resolves bug 863.
- When we had picked an exit node for a connection, but marked it as
"optional", and it turned out we had no onion key for the exit,
stop wanting that exit and try again. This situation may not
be possible now, but will probably become feasible with proposal read more »
Tor Browser Bundle 1.1.11 Released
Posted March 31st, 2009 by phobosAn updated Tor Browser Bundle is released to address the Firefox 3.0.7 security issues. It includes:
- Update Firefox to 3.0.8
- Add Italian language bundles
- Update Torbutton to 1.2.1
- Update Vidalia to 0.1.12
This updated TBB can be downloaded from https://www.torproject.org/easy-download as the "zero install bundle".
Tor 0.2.1.13-alpha released
Posted March 12th, 2009 by phobosTor 0.2.1.13-alpha includes another big pile of minor bugfixes and
cleanups. We're finally getting close to a release candidate.
https://www.torproject.org/download
Changes in version 0.2.1.13-alpha - 2009-03-09
Major bugfixes:
- Correctly update the list of which countries we exclude as
exits, when the GeoIP file is loaded or reloaded. Diagnosed by
lark. Bugfix on 0.2.1.6-alpha.
Minor bugfixes (on 0.2.0.x and earlier):
- Automatically detect MacOSX versions earlier than 10.4.0, and
disable kqueue from inside Tor when running with these versions.
We previously did this from the startup script, but that was no
help to people who didn't use the startup script. Resolves bug 863. - When we had picked an exit node for a connection, but marked it as
"optional", and it turned out we had no onion key for the exit, read more »
