bug fixes

This is a testing release of Tor IM Browser Bundle 1.2.1-dev. The only fix in this release so far is an updated prefs.js to fix plugin scanning. The InvalidPrefs.js file no longer appears either. I'm working on the other suggestions from this comment.

You can view the diffs to see the changes.

The bundle and associated signature and sha1 files are available too.

Changes in version 0.2.1.14-rc - 2009-04-12
Major features: read more »

• Clients replace entry guards that were chosen more than a few months ago. This change should significantly improve client performance, especially once more people upgrade, since relays that have been a guard for a long time are currently overloaded.

New releases, new hires, new funding

On March 9, we released Tor 0.2.1.13-alpha. It includes the following fixes and enhancements:

o Major bugfixes:
- Correctly update the list of which countries we exclude as exits, when the GeoIP file is loaded or reloaded. Diagnosed by lark. Bugfix on 0.2.1.6-alpha.

o Minor bugfixes (on 0.2.0.x and earlier):
- Automatically detect MacOSX versions earlier than 10.4.0, and
disable kqueue from inside Tor when running with these versions.
We previously did this from the startup script, but that was no
help to people who didn't use the startup script. Resolves bug 863.
- When we had picked an exit node for a connection, but marked it as
"optional", and it turned out we had no onion key for the exit,
stop wanting that exit and try again. This situation may not
be possible now, but will probably become feasible with proposal read more »

Tor 0.2.1.13-alpha includes another big pile of minor bugfixes and
cleanups. We're finally getting close to a release candidate.

https://www.torproject.org/download

Changes in version 0.2.1.13-alpha - 2009-03-09
Major bugfixes:

• Correctly update the list of which countries we exclude as
  exits, when the GeoIP file is loaded or reloaded. Diagnosed by
  lark. Bugfix on 0.2.1.6-alpha.

Minor bugfixes (on 0.2.0.x and earlier):

• Automatically detect MacOSX versions earlier than 10.4.0, and
  disable kqueue from inside Tor when running with these versions.
  We previously did this from the startup script, but that was no
  help to people who didn't use the startup script. Resolves bug 863.
• When we had picked an exit node for a connection, but marked it as
  "optional", and it turned out we had no onion key for the exit, read more »

New releases, new hires, new funding

Tor 0.2.1.10-alpha (released January 6) fixes two major bugs in bridge
relays (one that would make the bridge relay not so useful if it had
DirPort set to 0, and one that could let an attacker learn a little bit
of information about the bridge's users), and a bug that would cause your
Tor relay to ignore a circuit create request it can't decrypt (rather
than reply with an error). It also fixes a wide variety of other bugs.
http://archives.seul.org/or/talk/Jan-2009/msg00078.html

Tor 0.2.1.11-alpha (released Jan 20) finishes fixing the "if your Tor is
off for a week it will take a long time to bootstrap again" bug. It also
fixes an important security-related bug reported by Ilja van Sprundel. You
should upgrade. (We'll send out more details about the bug once people
have had some time to upgrade.)
http://archives.seul.org/or/talk/Jan-2009/msg00171.html read more »

Tor 0.2.1.12-alpha features several more security-related fixes. You
should upgrade, especially if you run an exit relay (remote crash) or
a directory authority (remote infinite loop), or you're on an older
(pre-XP) or not-recently-patched Windows (remote exploit). It also
includes a big pile of minor bugfixes and cleanups.

https://www.torproject.org/download.html.en

Changes in version 0.2.1.12-alpha - 2009-02-08
Security fixes:

• Fix an infinite-loop bug on handling corrupt votes under certain
  circumstances. Bugfix on 0.2.0.8-alpha.
• Fix a temporary DoS vulnerability that could be performed by
  a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
• Avoid a potential crash on exit nodes when processing malformed
  input. Remote DoS opportunity. Bugfix on 0.2.1.7-alpha.

Minor bugfixes:

• Let controllers actually ask for the "clients_seen" event for read more »

Tor 0.2.0.34 features several more security-related fixes. You
should upgrade, especially if you run an exit relay (remote crash) or
a directory authority (remote infinite loop), or you're on an older
(pre-XP) or not-recently-patched Windows (remote exploit).

This release marks end-of-life for Tor 0.1.2.x. Those Tor versions have
many known flaws, and nobody should be using them. You should upgrade. If
you're using a Linux or BSD and its packages are obsolete, stop using
those packages and upgrade anyway.

https://www.torproject.org/download.html

Changes in version 0.2.0.34 - 2009-02-08
Security fixes: read more »

• Fix an infinite-loop bug on handling corrupt votes under certain
        circumstances. Bugfix on 0.2.0.8-alpha.
• Fix a temporary DoS vulnerability that could be performed by
        a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
• Avoid a potential crash on exit nodes when processing malformed
  

Releases
Tor 0.2.1.8-alpha (released December 8) fixes some crash bugs in earlier alpha releases, builds better on unusual platforms like Solaris and old OS X, and fixes a variety of other issues.
http://archives.seul.org/or/talk/Dec-2008/msg00129.html

Tor Browser Bundle 1.1.6 (released December 2) and 1.1.7 (released December 12) update Tor to 0.2.1.8-alpha, include a new version of Firefox, and attempt to wrestle with the "AllowMultipleInstances=false" design that could allow us to run Tor Browser Bundle alongside a normal Firefox.
https://svn.torproject.org/svn/torbrowser/trunk/README

Tor 0.2.1.9-alpha (released December 25) fixes many more bugs, some of them security-related.
http://archives.seul.org/or/talk/Jan-2009/msg00029.html

Bug fixes
Security fixes in the Tor 0.2.1.8-alpha release: read more »

Tor 0.2.0.33 fixes a variety of bugs that were making relays less useful
to users. It also finally fixes a bug where a relay or client that's
been off for many days would take a long time to bootstrap.

This update also fixes an important security-related bug reported by
Ilja van Sprundel. You should upgrade. (We'll send out more details
about the bug once people have had some time to upgrade.)

https://www.torproject.org/download.html

Changes in version 0.2.0.33 - 2009-01-21
Security fixes:

• Fix a heap-corruption bug that may be remotely triggerable on
  some platforms. Reported by Ilja van Sprundel.

Major bugfixes:

• When a stream at an exit relay is in state "resolving" or
  "connecting" and it receives an "end" relay cell, the exit relay
  would silently ignore the end cell and not close the stream. If
  the client never closes the circuit, then the exit relay never read more »

Tor 0.2.1.10-alpha fixes two major bugs in bridge relays (one that would
make the bridge relay not so useful if it had DirPort set to 0, and one
that could let an attacker learn a little bit of information about the
bridge's users), and a bug that would cause your Tor relay to ignore a
circuit create request it can't decrypt (rather than reply with an error).
It also fixes a wide variety of other bugs.

https://www.torproject.org/download.html.en

Changes in version 0.2.1.10-alpha - 2009-01-06
Major bugfixes: read more »

• If the cached networkstatus consensus is more than five days old,
  discard it rather than trying to use it. In theory it could
  be useful because it lists alternate directory mirrors, but in
  practice it just means we spend many minutes trying directory
  mirrors that are long gone from the network. Helps bug 887 a bit;
  bugfix on 0.2.0.x.
• Bridge relays that had DirPort set to 0 would stop fetching
  descriptors shortly after startup, and then briefly resume
  after a new bandwidth test and/or after publishing a new bridge
  descriptor. Bridge users that try to bootstrap from them would
  get a recent networkstatus but would get descriptors from up to
  18 hours earlier, meaning most of the descriptors were obsolete
  already. Reported by Tas; bugfix on 0.2.0.13-alpha.
• Prevent bridge relays from serving their 'extrainfo' document
  to anybody who asks, now that extrainfo docs include potentially
  sensitive aggregated client geoip summaries. Bugfix on
  0.2.0.13-alpha.