bug fixes

New releases read more »

• On July 4th, we released Tor Browser Bundle 1.3.7 for Microsoft Windows. This is a security update for Firefox and Pidgin. The changes are: update to Firefox 3.5.10 and Pidgin Instant Messenger 2.7.1r2 to fix some security issues.
• On July 6th, we released Tor Browser Bundle 1.0.8 for GNU/Linux distributions. This fixes a number of security issues with included software. The updates include:
  • Update libpng to 1.4.3 (see CVE-2010-1205)
  • Update Firefox to 3.5.10
  • Update HTTPS Everywhere to 0.2.1

On May 26, Tor Browser Bundle for Microsoft Windows is updated to include the newer Vidalia 0.2.9. This fixes some issues with character set handling, and adds Vietnamese as a new language.

On May 31, we released Tor Browser Bundle for Linux 1.0.6. It contains the following updates:

• Add arch to tarball name so there's no collision
• Add libpng for Arch Linux
• Add HTTPS Everywhere extension
• Update Qt to 4.6.2
• Update Vidalia to 0.2.9
• Update NoScript to 1.9.9.80

On June 1st, we released Tor Browser Bundle for Linux 1.0.7. It uses an older glibc for better compatibility with older linux distributions.

On May 20, we released Vidalia 0.2.9. Fixes include Qt 4.6.2 compatibility, new cert, and some new translations.

You can download it at https://www.torproject.org/vidalia/. Packages are slowly being updated to include this version of Vidalia.

The full changelog is: read more »

• Remove the GoDaddy CA certificate bundle since we changed the certificate used to authenticate connections to geoips.vidalia-project.net for downloading GeoIP information from a commercial GoDaddy certificate to a free CACert certificate.
• Define -D_WIN32_WINNT=0x0501 on Windows builds so that MiniUPnPc will build with the latest versions of MinGW.
• Modify miniupnpc.c from MiniUPnPc's source so that it will build on Mac OS X 10.4.
• Work around Qt's new behavior for the QT_WA macro so that Vidalia will
  work correctly again on Windows with Qt >= 4.6.

New releases

• On April 24, we released Tor 0.2.2.13-alpha. This version addresses the recent connection and memory overload problems we’ve been seeing on relays, especially relays with their DirPort open. If your relay has been crashing, or you turned it off because it used too many resources, give this release a try.

  o Major bugfixes:
  - Teach relays to defend themselves from connection overload. Relays
  now close idle circuits early if it looks like they were intended
  for directory fetches. Relays are also more aggressive about closing
  TLS connections that have no circuits on them. Such circuits are
  unlikely to be re-used, and tens of thousands of them were piling
  up at the fast relays, causing the relays to run out of sockets
  and memory. Bugfix on 0.2.0.22-rc (where clients started tunneling
  their directory fetches over TLS).

  o Minor features: read more »

Tor 0.2.2.12-alpha fixes a critical bug in how directory authorities
handle and vote on descriptors. It was causing relays to drop out of
the consensus.

Tor 0.2.2.11-alpha fixes yet another instance of broken OpenSSL libraries
that was causing some relays to drop out of the consensus.

(Windows bundles will be available whenever Andrew gets around to making
them; we're trying to stick to a policy of announcing alphas on time
rather than waiting for every package.)

https://www.torproject.org/download.html.en

Original announcement is at http://archives.seul.org/or/talk/Apr-2010/msg00174.html

Changes in version 0.2.2.12-alpha - 2010-04-20
o Major bugfixes:
- Many relays have been falling out of the consensus lately because
not enough authorities know about their descriptor for them to get
a majority of votes. When we deprecated the v2 directory protocol,
we got rid of the only way that v3 authorities can hear from each read more »

Tor 0.2.1.23 fixes a huge client-side performance bug, makes Tor work again on the latest OS X, and updates the location of a directory authority.

Tor 0.2.1.24 makes Tor work again on the latest OS X -- this time for sure!

The Windows and OS X bundles also come with a newer version of Polipo that fixes some stability and security problems.

People using Tor as a client should upgrade:
https://www.torproject.org/easy-download

Changes in version 0.2.1.23 - 2010-02-13
Major bugfixes (performance): read more »

• We were selecting our guards uniformly at random, and then weighting which of our guards we'd use uniformly at random. This imbalance meant that Tor clients were severely limited on throughput (and probably latency too) by the first hop in their circuit. Now we select guards weighted by currently advertised bandwidth. We also automatically discard guards picked using the old algorithm. Fixes bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry.

New releases, new hires, new funding
On January 19, 2010 we released the latest in the -stable series, Tor 0.2.1.22-stable.
Tor 0.2.1.22 fixes a critical privacy problem in bridge directory authorities -- it would tell you its whole history of bridge descriptors if you make the right directory request. This stable update also rotates two of the seven v3 directory authority keys and locations. read more »

New releases, new hires, new funding
Erinn Clark joins Tor to develop, enhance, and upgrade our package build system. Her initial goals are to configure, maintain, and automate builds of tor and vidalia for Windows, OS X, ubuntu, debian, centos, fedora, and opensuse systems. Secondary goals are to develop a builtbot system that includes as many disparate operating systems as possible, including Apple OS X and Microsoft
Windows flavors. read more »

alpha fixes a huge client-side performance bug, as well
as laying the groundwork for further relay-side performance fixes. It
also starts cleaning up client behavior with respect to the EntryNodes,
ExitNodes, and StrictNodes config options.

This release also rotates two directory authority keys, due to a security
breach of some of the Torproject servers:
http://archives.seul.org/or/talk/Jan-2010/msg00161.html

Everybody should upgrade:
https://www.torproject.org/download.html.en

Changes in version 0.2.2.7-alpha - 2010-01-19
o Directory authority changes:
- Rotate keys (both v3 identity and relay identity) for moria1
and gabelmoo.

o Major features (performance):
- We were selecting our guards uniformly at random, and then weighting
which of our guards we'd use uniformly at random. This imbalance
meant that Tor clients were severely limited on throughput (and
probably latency too) by the first hop in their circuit. Now we read more »

Tor 0.2.1.22 rotates two of the seven v3 directory authority keys and
locations, due to a security breach of some of the Torproject servers:
http://archives.seul.org/or/talk/Jan-2010/msg00161.html

It also fixes a privacy problem in bridge directory authorities -- it
would tell you its whole history of bridge descriptors if you make the
right directory request.

Everybody should upgrade:
https://www.torproject.org/easy-download

Changes in version 0.2.1.22 - 2010-01-19
o Directory authority changes:
- Rotate keys (both v3 identity and relay identity) for moria1
and gabelmoo.

o Major bugfixes:
- Stop bridge directory authorities from answering dbg-stability.txt
directory queries, which would let people fetch a list of all
bridge identities they track. Bugfix on 0.2.1.6-alpha.