progress report

New releases

On August 4, we released Tor Browser Bundle 1.2.7. It is updated primarily due to Firefox 3.0.13 with its ssl fixes.

The full changelist is:
1.2.7: Released 2009-08-04

• update Firefox to 3.0.13
• add Polish translation
• update libevent to 1.4.12

On August 19, we released Tor Browser Bundle 1.2.8. The big changes are the inclusion of statically linked openssl dlls to resolve a few geoip lookup and functionality issues with Vidalia, and the upgrade to the new Vidalia 0.2.2.

The full list of updates and fixes: read more »

• update Torbutton to 1.2.2
• update Vidalia to 0.2.2
• compile OpenSSL 0.9.8k with Visual C to make dlls
• update Pidgin to 2.6.1

New releases

On July 8th, we released Vidalia 0.1.15..

On July 8th, we updated the Tor 0.2.0.35-stable bundles with the new Vidalia to fix an ssl issue and the Firefox Torbutton extension installation for OS X users.

On July 8th, we released Tor 0.2.1.17-rc.

Tor Browser Bundle 1.2.3 was released on July 8, 2009.
TBB 1.2.3 was replaced by 1.2.4 on July 11, 2009
TBB 1.2.5 was released on July 25th. It solely included an update to Tor 0.2.1.18 . read more »

New releases

On June 20th we released Tor 0.2.1.16-rc.
On June 21st, we released Tor Browser Bundle 1.2.1.
On June 23rd, we released Tor Browser Bundle 1.2.2.
On June 24th, we released Tor 0.2.0.35-stable. We expect that this release is the last of the 0.2.0.x -stable series, soon to be replaced with the 0.2.1.x series.
On June 30th, we released Vidalia 0.1.14.

Censorship circumvention

Packaged rpms for Red Flag Linux version 6. Red Flag Linux is reported to be the new operating system for all Internet cafe's in China. So far, no one has seen this conversion actually happen, but now we're ready if it does.

Our email autoresponder, gettor , received a number of patches to deal with dkim issues, including finding a dkim bug that prevented yahoo email users from fetching Tor. This bug has been fixed. Additionally, we've whitelisted some domains where we read more »

New releases
On May 25, we released Tor 0.2.1.15-rc.
On May 17, we released Tor VM 0.0.2.
On May 25, we released Vidalia 0.1.13 containing read more »

• Remove an old warning on the relay settings page that running a bridge
  relay requires Tor 0.2.0.8-alpha or newer.
• Add a workaround for a bug that prevented Vidalia's tray icon from
  getting added to the system notification area on Gnome when Vidalia was
  run on system startup. Patch by Steve Tyree. (Ticket #247)
• Fix a bug that prevented the control panel from displaying when
  running on the Enlightenment window manager. Patch by Steve Tyree.
• Rename the CMake variables used to store the location of Qt's lupdate
  and lrelease executables. Recent versions of CMake decided to use the
  same variable name, which was stomping on mine, resulting in the wrong
  lupdate and lrelease executables being used.

New releases
On April 12, we released 0.2.1.14-rc. Read the details in the announcement.

Outreach
Roger attended an ITSG conference in Chicago.

Roger, Nick, Jacob, and Mike attended the CodeCon conference in San Francisco, http://www.codecon.org/2009/.

Andrew met with the Center for Democracy and Human Rights in Saudi Arabia to discuss using Tor for their mission, http://cdhr.info.

Roger and Andrew met with the Department of Justice CyberCrime Division to give an overview of how Tor works and how we could better work with law enforcement.

Wendy, Roger, and Andrew had a dinner with Internews Central Asia media development staff.

Andrew attended the CIMI/NED panel on World Press Freedom, http://cima.ned.org/860/world-press-freedom-day-2009.html. read more »

New releases, new hires, new funding

On March 9, we released Tor 0.2.1.13-alpha. It includes the following fixes and enhancements:

o Major bugfixes:
- Correctly update the list of which countries we exclude as exits, when the GeoIP file is loaded or reloaded. Diagnosed by lark. Bugfix on 0.2.1.6-alpha.

o Minor bugfixes (on 0.2.0.x and earlier):
- Automatically detect MacOSX versions earlier than 10.4.0, and
disable kqueue from inside Tor when running with these versions.
We previously did this from the startup script, but that was no
help to people who didn't use the startup script. Resolves bug 863.
- When we had picked an exit node for a connection, but marked it as
"optional", and it turned out we had no onion key for the exit,
stop wanting that exit and try again. This situation may not
be possible now, but will probably become feasible with proposal read more »

New releases, new hires, new funding
On February 8, we released versions 0.2.0.34-stable and 0.2.1.12-alpha.

Tor 0.2.0.34 features several more security-related fixes. You should upgrade, especially if you run an exit relay (remote crash) or a directory authority (remote infinite loop), or you're on an older (pre-XP) or not-recently-patched Windows (remote exploit).

This release marks end-of-life for Tor 0.1.2.x. Those Tor versions have many known flaws, and nobody should be using them. You should upgrade. If you're using a Linux or BSD and its packages are obsolete, stop using those packages and upgrade anyway.

Enhancements
In Tor 0.2.1.12-alpha, if we're using bridges and our network goes away, be more willing to forgive our bridges and try again when we get an application request. Bugfix on 0.2.0.x. read more »

New releases, new hires, new funding

Tor 0.2.1.10-alpha (released January 6) fixes two major bugs in bridge
relays (one that would make the bridge relay not so useful if it had
DirPort set to 0, and one that could let an attacker learn a little bit
of information about the bridge's users), and a bug that would cause your
Tor relay to ignore a circuit create request it can't decrypt (rather
than reply with an error). It also fixes a wide variety of other bugs.
http://archives.seul.org/or/talk/Jan-2009/msg00078.html

Tor 0.2.1.11-alpha (released Jan 20) finishes fixing the "if your Tor is
off for a week it will take a long time to bootstrap again" bug. It also
fixes an important security-related bug reported by Ilja van Sprundel. You
should upgrade. (We'll send out more details about the bug once people
have had some time to upgrade.)
http://archives.seul.org/or/talk/Jan-2009/msg00171.html read more »

Releases
Tor 0.2.1.8-alpha (released December 8) fixes some crash bugs in earlier alpha releases, builds better on unusual platforms like Solaris and old OS X, and fixes a variety of other issues.
http://archives.seul.org/or/talk/Dec-2008/msg00129.html

Tor Browser Bundle 1.1.6 (released December 2) and 1.1.7 (released December 12) update Tor to 0.2.1.8-alpha, include a new version of Firefox, and attempt to wrestle with the "AllowMultipleInstances=false" design that could allow us to run Tor Browser Bundle alongside a normal Firefox.
https://svn.torproject.org/svn/torbrowser/trunk/README

Tor 0.2.1.9-alpha (released December 25) fixes many more bugs, some of them security-related.
http://archives.seul.org/or/talk/Jan-2009/msg00029.html

Bug fixes
Security fixes in the Tor 0.2.1.8-alpha release: read more »

Bug Fixes

Tor 0.2.1.7-alpha (released November 8) fixes a major security problem in Debian and Ubuntu packages (and maybe other packages) noticed by Theo de Raadt, fixes a smaller security flaw that might allow an attacker to access local services, adds better defense against DNS poisoning attacks on exit relays, further improves hidden service performance, and fixes a variety of other issues.
http://archives.seul.org/or/talk/Nov-2008/msg00229.html

Tor 0.2.0.32 (released November 20) fixes a major security problem in Debian and Ubuntu packages (and maybe other packages) noticed by Theo de Raadt, fixes a smaller security flaw that might allow an attacker to access local services, further improves hidden service performance, and fixes a variety of other issues.
http://archives.seul.org/or/announce/Dec-2008/msg00000.html

Vidalia 0.1.10 (released November 2) fixes some presentation bugs and some bugs in the Windows installer. read more »