The Tor Browser Bundles have been updated with a very important security fix. As explained in the previous blog post, a user discovered a severe security bug in Firefox related to websockets bypassing the SOCKS proxy DNS configuration. This is now fixed and we strongly encourage all users to update. There are a few other bugfixes in this release, including really fixing (for real this time!) the problem with the Mac OS X bundles crashing.
We recently switched our build machine to Lion (OS X 10.7) which had some unintended effects on the Firefox/TorBrowser build. After consulting with Mozilla developers, Sebastian Hahn was able to nail down the problem and provide a fix. The Mac OS X Tor Browser Bundles have been updated so they should stop crashing for everyone now. Thanks for your patience!
We're aware that the Tor Browser version 2.2.35-8 doesn't work on OS X 10.5.8. Ticket 4263 is open to track the issue. We just purchased a Mac Mini as the new build machine. It is in process of being setup and configured for builds. We should have more progress on solving the issue in the next week or so. Thanks for your patience.
We have some more new Tor Browser Bundles out. This is an upgrade to Firefox 3.6.12 which fixes a critical bug and OS X users' Torbutton will now show up.
1.3.12: Release 2010-10-28
- Update Firefox to 3.6.12
1.0.4: Released 2010-10-28
Vidalia 0.2.10 changed the way we deal with the geoip databases by dropping the remote geoip lookups. This caused a lot of headaches for OS X users because of the layout of the package, but it's fixed in this version. You can download the new version here.
Please let us know if you have further problems by reporting a bug.
We have some new Tor Browser Bundles out. The main notable upgrades for these are Firefox 3.6.11 and Pidgin 2.7.4 in the Windows IM bundle.
1.3.11: Release 2010-10-25
- Update Firefox to 3.6.11
- Update Pidgin to 2.7.4
1.0.3: Released 2010-10-25
Apple responded to my bug report about a broken openssl. I've since built test packages for OS X 10.5 and 10.6 users. Their response is:
Thank you for your report of this issue with Tor.
The issue you're seeing is because the current versions of the development tools were created before the OpenSSL security fix, and so do not include the "SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION" definition in the OpenSSL headers.
You can work around this issue by supplying the definition to Tor directly, for example by compiling Tor using
It appears Qt-4.3.3 has a bug that is causing Vidalia to crash when the list of Tor nodes refreshes and is sorted. The current 0.1.2.19-stable and 0.2.0.17-alpha bundles for OSX are built against Qt-4.3.3.
I've downgraded the build hosts to Qt-4.3.2. The rebuilt OSX vidalia-bundle packages for both 0.1.2.19-stable and 0.2.0.17-alpha are available as: