alpha release

Tor 0.2.2.5-alpha released

phobos — Mon, 12 Oct 2009 08:04:49 -0700

On October 11, we released Tor 0.2.2.5-alpha.

It can be downloaded from https://www.torproject.org/download/.

It contains:

Major bugfixes:

Make the tarball compile again. Oops. Bugfix on 0.2.2.4-alpha.

New directory authorities:

Move dizum to an alternate IP address.

Code simplifications and refactorings

Numerous changes, bugfixes, and workarounds from Nathan Freitas
to help Tor build correctly for Android phones.

Tor 0.2.2.4-alpha released

phobos — Mon, 12 Oct 2009 07:56:02 -0700

On October 10, we released Tor version 0.2.2.4-alpha.

This release can be found at https://www.torproject.org/download/

It contains the following:
Major bugfixes:

Fix several more asserts in the circuit_build_times code, for
example one that causes Tor to fail to start once we have
accumulated 5000 build times in the state file. Bugfixes on
0.2.2.2-alpha; fixes bug 1108.

New directory authorities:

Move moria1 and Tonga to alternate IP addresses.

Minor features:

Log SSL state transitions at debug level during handshake, and
include SSL states in error messages. This may help debug future
SSL handshake issues.
Add a new "Handshake" log domain for activities that happen
during the TLS handshake.
Revert to the "June 3 2009" ip-to-country file. The September one
seems to have removed most US IP addresses.
Directory authorities now reject Tor relays with versions less than
0.1.2.14. This step cuts out four relays from the current network,
none of which are very big.

Minor bugfixes:

Fix a couple of smaller issues with gathering statistics. Bugfixes
on 0.2.2.1-alpha.
Fix two memory leaks in the error case of
circuit_build_times_parse_state. Bugfix on 0.2.2.2-alpha.
Don't count one-hop circuits when we're estimating how long it
takes circuits to build on average. Otherwise we'll set our circuit
build timeout lower than we should. Bugfix on 0.2.2.2-alpha.
Directory authorities no longer change their opinion of, or vote on,
whether a router is Running, unless they have themselves been
online long enough to have some idea. Bugfix on 0.2.0.6-alpha.
Fixes bug 1023.

Code simplifications and refactoring:

Revise our unit tests to use the "tinytest" framework, so we
can run tests in their own processes, have smarter setup/teardown
code, and so on. The unit test code has moved to its own
subdirectory, and has been split into multiple modules.

Tor 0.2.2.3-alpha released

phobos — Fri, 09 Oct 2009 20:52:34 -0700

On September 23rd, we released Tor version 0.2.2.3-alpha.

Major bugfixes:

Fix an overzealous assert in our new circuit build timeout code.
Bugfix on 0.2.2.2-alpha; fixes bug 1103.

Minor bugfixes:

If the networkstatus consensus tells us that we should use a
negative circuit package window, ignore it. Otherwise we'll
believe it and then trigger an assert. Bugfix on 0.2.2.2-alpha.

Tor 0.2.2.2-alpha released

phobos — Fri, 09 Oct 2009 20:49:19 -0700

On September 21st, we released Tor version 0.2.2.2-alpha.

Major features:

Tor now tracks how long it takes to build client-side circuits
over time, and adapts its timeout to local network performance.
Since a circuit that takes a long time to build will also provide
bad performance, we get significant latency improvements by
discarding the slowest 20% of circuits. Specifically, Tor creates
circuits more aggressively than usual until it has enough data
points for a good timeout estimate. Implements proposal 151.
We are especially looking for reports (good and bad) from users with
both EDGE and broadband connections that can move from broadband
to EDGE and find out if the build-time data in the .tor/state gets
reset without loss of Tor usability. You should also see a notice
log message telling you that Tor has reset its timeout.
Directory authorities can now vote on arbitary integer values as
part of the consensus process. This is designed to help set
network-wide parameters. Implements proposal 167.
Tor now reads the "circwindow" parameter out of the consensus,
and uses that value for its circuit package window rather than the
default of 1000 cells. Begins the implementation of proposal 168.

Major bugfixes:

Fix a remotely triggerable memory leak when a consensus document
contains more than one signature from the same voter. Bugfix on
0.2.0.3-alpha.

Minor bugfixes:

Fix an extremely rare infinite recursion bug that could occur if
we tried to log a message after shutting down the log subsystem.
Found by Matt Edman. Bugfix on 0.2.0.16-alpha.
Fix parsing for memory or time units given without a space between
the number and the unit. Bugfix on 0.2.2.1-alpha; fixes bug 1076.
A networkstatus vote must contain exactly one signature. Spec
conformance issue. Bugfix on 0.2.0.3-alpha.
Fix an obscure bug where hidden services on 64-bit big-endian
systems might mis-read the timestamp in v3 introduce cells, and
refuse to connect back to the client. Discovered by "rotor".
Bugfix on 0.2.1.6-alpha.
We were triggering a CLOCK_SKEW controller status event whenever
we connect via the v2 connection protocol to any relay that has
a wrong clock. Instead, we should only inform the controller when
it's a trusted authority that claims our clock is wrong. Bugfix
on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit.
We were telling the controller about CHECKING_REACHABILITY and
REACHABILITY_FAILED status events whenever we launch a testing
circuit or notice that one has failed. Instead, only tell the
controller when we want to inform the user of overall success or
overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported
by SwissTorExit.
Don't warn when we're using a circuit that ends with a node
excluded in ExcludeExitNodes, but the circuit is not used to access
the outside world. This should help fix bug 1090, but more problems
remain. Bugfix on 0.2.1.6-alpha.
Work around a small memory leak in some versions of OpenSSL that
stopped the memory used by the hostname TLS extension from being
freed.
Make our 'torify' script more portable; if we have only one of
'torsocks' or 'tsocks' installed, don't complain to the user;
and explain our warning about tsocks better.

Minor features:

Add a "getinfo status/accepted-server-descriptor" controller
command, which is the recommended way for controllers to learn
whether our server descriptor has been successfully received by at
least on directory authority. Un-recommend good-server-descriptor
getinfo and status events until we have a better design for them.
Update to the "September 4 2009" ip-to-country file.

Tor 0.2.2.1-alpha released

phobos — Wed, 02 Sep 2009 12:32:58 -0700

Tor 0.2.2.1-alpha disables ".exit" address notation by default, allows
Tor clients to bootstrap on networks where only port 80 is reachable,
makes it more straightforward to support hardware crypto accelerators,
and starts the groundwork for gathering stats safely at relays.

https://www.torproject.org/download

We've been improving our packages and bundles:
Packaging changes:

Upgrade Vidalia from 0.1.15 to 0.2.3 in the Windows and OS X
installer bundles. See
https://trac.vidalia-project.net/browser/vidalia/tags/vidalia-0.2.3/CHAN...
for details of what's new in Vidalia 0.2.3.
Windows Vidalia Bundle: update Privoxy from 3.0.6 to 3.0.14-beta.
OS X Vidalia Bundle: move to Polipo 1.0.4 with Tor specific
configuration file, rather than the old Privoxy.
OS X Vidalia Bundle: Vidalia, Tor, and Polipo are compiled as
x86-only for better compatibility with OS X 10.6, aka Snow Leopard.
OS X Tor Expert Bundle: Tor is compiled as x86-only for
better compatibility with OS X 10.6, aka Snow Leopard.
OS X Vidalia Bundle: The multi-package installer is now replaced
by a simple drag and drop to the /Applications folder. This change
occurred with the upgrade to Vidalia 0.2.3.

Changes in version 0.2.2.1-alpha - 2009-08-26
Security fixes:

Start the process of disabling ".exit" address notation, since it
can be used for a variety of esoteric application-level attacks
on users. To reenable it, set "AllowDotExit 1" in your torrc. Fix
on 0.0.9rc5.

New directory authorities:

Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
authority.

Major features:

New AccelName and AccelDir options add support for dynamic OpenSSL
hardware crypto acceleration engines.
Tor now supports tunneling all of its outgoing connections over
a SOCKS proxy, using the SOCKS4Proxy and/or SOCKS5Proxy
configuration options. Code by Christopher Davis.

Major bugfixes:

Send circuit or stream sendme cells when our window has decreased
by 100 cells, not when it has decreased by 101 cells. Bug uncovered
by Karsten when testing the "reduce circuit window" performance
patch. Bugfix on the 54th commit on Tor -- from July 2002,
before the release of Tor 0.0.0. This is the new winner of the
oldest-bug prize.

New options for gathering stats safely:

Directories that set "DirReqStatistics 1" write statistics on
directory request to disk every 24 hours. As compared to the
--enable-geoip-stats flag in 0.2.1.x, there are a few improvements:
1) stats are written to disk exactly every 24 hours; 2) estimated
shares of v2 and v3 requests are determined as mean values, not at
the end of a measurement period; 3) unresolved requests are listed
with country code '??'; 4) directories also measure download times.
Exit nodes that set "ExitPortStatistics 1" write statistics on the
number of exit streams and transferred bytes per port to disk every
24 hours.
Relays that set "CellStatistics 1" write statistics on how long
cells spend in their circuit queues to disk every 24 hours.
Entry nodes that set "EntryStatistics 1" write statistics on the
rough number and origins of connecting clients to disk every 24
hours.
Relays that write any of the above statistics to disk and set
"ExtraInfoStatistics 1" include the past 24 hours of statistics in
their extra-info documents.

Minor features:

New --digests command-line switch to output the digests of the
source files Tor was built with.
The "torify" script now uses torsocks where available.
The memarea code now uses a sentinel value at the end of each area
to make sure nothing writes beyond the end of an area. This might
help debug some conceivable causes of bug 930.
Time and memory units in the configuration file can now be set to
fractional units. For example, "2.5 GB" is now a valid value for
AccountingMax.
Certain Tor clients (such as those behind check.torproject.org) may
want to fetch the consensus in an extra early manner. To enable this
a user may now set FetchDirInfoExtraEarly to 1. This also depends on
setting FetchDirInfoEarly to 1. Previous behavior will stay the same
as only certain clients who must have this information sooner should
set this option.
Instead of adding the svn revision to the Tor version string, report
the git commit (when we're building from a git checkout).

Minor bugfixes:

If any the v3 certs we download are unparseable, we should actually
notice the failure so we don't retry indefinitely. Bugfix on
0.2.0.x; reported by "rotator".
If the cached cert file is unparseable, warn but don't exit.
Fix possible segmentation fault on directory authorities. Bugfix on
0.2.1.14-rc.
When Tor fails to parse a descriptor of any kind, dump it to disk.
Might help diagnosing bug 1051.

Deprecated and removed features:

The controller no longer accepts the old obsolete "addr-mappings/"
or "unregistered-servers-" GETINFO values.
Hidden services no longer publish version 0 descriptors, and clients
do not request or use version 0 descriptors. However, the old hidden
service authorities still accept and serve version 0 descriptors
when contacted by older hidden services/clients.
The EXTENDED_EVENTS and VERBOSE_NAMES controller features are now
always on; using them is necessary for correct forward-compatible
controllers.
Remove support for .noconnect style addresses. Nobody was using
them, and they provided another avenue for detecting Tor users
via application-level web tricks.

March 2009 Progress Report

phobos — Mon, 13 Apr 2009 05:56:43 -0700

New releases, new hires, new funding

On March 9, we released Tor 0.2.1.13-alpha. It includes the following fixes and enhancements:

o Major bugfixes:
- Correctly update the list of which countries we exclude as exits, when the GeoIP file is loaded or reloaded. Diagnosed by lark. Bugfix on 0.2.1.6-alpha.

o Minor bugfixes (on 0.2.0.x and earlier):
- Automatically detect MacOSX versions earlier than 10.4.0, and
disable kqueue from inside Tor when running with these versions.
We previously did this from the startup script, but that was no
help to people who didn't use the startup script. Resolves bug 863.
- When we had picked an exit node for a connection, but marked it as
"optional", and it turned out we had no onion key for the exit,
stop wanting that exit and try again. This situation may not
be possible now, but will probably become feasible with proposal
158. Spotted by rovv. Fixes another case of bug 752.
- Clients no longer cache certificates for authorities they do not
recognize. Bugfix on 0.2.0.9-alpha.
- When we can't transmit a DNS request due to a network error, retry
it after a while, and eventually transmit a failing response to
the RESOLVED cell. Bugfix on 0.1.2.5-alpha.
- If the controller claimed responsibility for a stream, but that
stream never finished making its connection, it would live
forever in circuit_wait state. Now we close it after SocksTimeout
seconds. Bugfix on 0.1.2.7-alpha; reported by Mike Perry.
- Drop begin cells to a hidden service if they come from the middle
of a circuit. Patch from lark.
- When we erroneously receive two EXTEND cells for the same circuit
ID on the same connection, drop the second. Patch from lark.
- Fix a crash that occurs on exit nodes when a nameserver request
timed out. Bugfix on 0.1.2.1-alpha; our CLEAR debugging code had
been suppressing the bug since 0.1.2.10-alpha. Partial fix for
bug 929.
- Do not assume that a stack-allocated character array will be
64-bit aligned on platforms that demand that uint64_t access is
aligned. Possible fix for bug 604.
- Parse dates and IPv4 addresses in a locale- and libc-independent
manner, to avoid platform-dependent behavior on malformed input.
- Build correctly when configured to build outside the main source
path. Patch from Michael Gold.
- We were already rejecting relay begin cells with destination port
of 0. Now also reject extend cells with destination port or address
of 0. Suggested by lark.

o Minor bugfixes (on 0.2.1.x):
- Don't re-extend introduction circuits if we ran out of RELAY_EARLY
cells. Bugfix on 0.2.1.3-alpha. Fixes more of bug 878.
- If we're an exit node, scrub the IP address to which we are exiting
in the logs. Bugfix on 0.2.1.8-alpha.

o Minor features:
- On Linux, use the prctl call to re-enable core dumps when the user
is option is set.
- New controller event NEWCONSENSUS that lists the networkstatus
lines for every recommended relay. Now controllers like Torflow
can keep up-to-date on which relays they should be using.
- Update to the "February 26 2009" ip-to-country file.
On March 10, we released Tor Browser Bundle 1.1.10. It includes:
Update Tor to 0.2.1.13-alpha
Update Firefox to 3.0.7
Update Pidgin to 2.5.5

On March 31, we released Tor Browser Bundle 1.1.11. It includes:
Update Firefox to 3.0.8
Add Italian language bundles
Update Torbutton to 1.2.1
Update Vidalia to 0.1.12

On March 21, we released Torbutton 1.2.1, it includes:
bugfix: bug 773: Fixed Noscript conflict issue.
bugfix: bug 866: Fixed conflict with ZoTero
bugfix: bug 908: Make UserAgentSwitcher's 'default' button restore Torbutton's spoofed user agent if Tor is enabled.
bugfix: bug 909: Get Torbutton to "properly" react to users changing their Firefox cookie lifetime settings as opposed to using the Torbutton interface.
bugfix: bug 834: Fix session saving and startup issues
bugfix: bug 875: Removed docShell == null popup during toggle for some users
bugfix: bug 910: fixed a locale spoofing issue in navigator.appVersion
bugfix: bug 747: Attempt to fix 'fullscreen' resizing issues.
bugfix: Stop-gap timezone spoofing fix for Linux and Mac for FF3. Requires a one-line patch to Firefox for Windows to work.
bugfix: Clear SSL Session IDs on toggle. (See FF Bug 448747)
misc: bug 931: Added a socks v4 vs v5 version choice to custom prefs.
misc: bug 836: redesign startup preference window to make it more understandable
misc: Torbutton now presents itself as Windows FF3.0.7.

On March 16, we released TorVM 0.0.1 as a testing release for user feedback and testing. More about TorVM can be read at https://www.torproject.org/torvm/

Vidalia 0.1.12 16-Mar-2009
o Fix a bug in the hidden service settings configuration class that
could lead to compile errors in Visual Studio and on IRIX.
o Fix a build error that occurred on IRIX when using the MIPSPro
compiler. Patch from Matthew Saunier.
o Remove two duplicated strings in the Spanish translation of Qt's
internal strings (qt_es.po). The duplicated strings caused build
errors when building with Qt 4.5. (Ticket #469)
o Remove the code that altered PublishServerDescriptor when becoming a
bridge, since Tor handles that itself now, and ensure that BridgeRelay
is reset when going from bridge to just-a-client mode.
o Remove an unnecessary #include from helpbrowser.cpp.
o Add an application icon based on Tor's logo to the vidalia.desktop
file.

Vidalia 0.2.0 19-Mar-2009
o Add support for changing UI languages without having to restart
Vidalia.
o Add preliminary support for using the KDE Marble widget for the
network map. It's currently a compile-time option and is disabled by
default.
o Add support for displaying Tor's plaintext port warnings. Also gives
the user the option to disable future warnings.
o Add an interface for displaying the geographic distribution of
clients who have recently used a bridge operator's relay.
o Add tooltips to tree items in the help browser's table of contents. Some
of the help topic labels are a bit long.
o Switch to a simpler About dialog and move the license information to a
separate HTML-formatted display.
o Switch to a simpler drag-and-drop installer in the OS X bundles.
o Switch to an MSI-based installer on Windows.
o Clear the list of default CA certificates used by QSslSocket before adding
the only one we care about. Suggested by coderman.
o Support building with Visual Studio again.
o Add a Debian package structure from dererk.
o Updated Albanian, Czech, Finnish, Polish, Portuguese, Romanian,
Swedish, Turkish and many other translations.

The Vidalia 0.2.0 release was also posted to the blog,
https://blog.torproject.org/blog/technology-preview-marble-and-vidalia02...

Design, develop, and implement enhancements

The Torbutton 1.2.1 update fixes a number of bugs that protect users in censored countries. Continued work on TorVM for easier and safer usage of Tor. Continued development of the secure updater client for Tor.

Architecture and technical design docs for Tor enhancements
related to blocking-resistance.

Nick wrote up a blog entry describing our current plans for making
libevent (and ultimately) Tor work well on Windows:
https://blog.torproject.org/blog/some-notes-progress-iocp-and-libevent

Grow the Tor network and user base. Outreach.

Andrew attended the LibrePlanet 2009 conference, http://www.fsf.org/associate/meetings/2009/. Discussed Tor, free network services, and free software.

Karsten, Sebastian, and others helped organize and then attended Pet-Con 2009, http://www.pet-con.org/index.php/PET_Convention_2009.1.

Nick wrote a blog post about the secure updater for Tor, codenamed Thandy, for Google's Open Source blog: http://google-opensource.blogspot.com/2009/03/thandy-secure-update-for-t...

Finished analyzing directory archives from February 2006 to February
2009. This analysis gives a slightly better picture of the Tor network
than the analysis of the 2008 data. The analysis shows that there is a
clear trend reversal in the number of German relays in 2008, , but for other countries the number of relays has continued to increase.

http://freehaven.net/~karsten/metrics/dirarch-2009-03-31.pdf

On March 17, Roger attended a hearing at the US Sentencing Commission,
where Seth Schoen from EFF was testifying in opposition to a new "if
you use a proxy when committing a crime, it's a sophisticated crime so
you get more jail-time" clause they were considering. It turned out one
of the commissioners is an avid Tor user, so they were sympathetic to
his testimony.

On March 24-25, Roger and Andrew met with the Psiphon team in Toronto.
We taught them about Tor's perspective on blocking-resistance, and about
our bridges design. We also helped review their future design plans. We
still have concerns that their closed design and implementation will
ultimately mean they are less effective than they could be, but it's
good to have alternate circumvention approaches available.

Tor (in combination with EFF) got accepted to Google Summer of Code
2009. Google will be funding roughly 5 students to work on Tor-related
development projects over this coming summer:
https://blog.torproject.org/blog/eff-and-tor-google-summer-code-2009
Our current thoughts are to focus on porting Polipo to Windows; improving
usability and features for Torbutton; working harder to get WML support
into Pootle, so people can translate our website with a browser; and
further work on Thandy to make it scale better when 100000 users all
try to upgrade in the same day.

Hal Roberts released his Berkman Center report on the "landscape of
circumvention technologies" as of 2007, which recommends Tor and Psiphon:
https://blog.torproject.org/blog/berkman-2007-circumvention-landscape-an...

Roger and Nick participated in the Codecon program committee, and helped
to choose a variety of good development projects to showcase in April. Two
of these turned out to be libevent (including the new Windows work),
and Torflow:
http://www.codecon.org/2009/program.html

Roger had lunch on March 4 with Micah Sherr, a PhD student at Penn who
is working on a new path selection algorithm for Tor, that tries to
minimize path latency rather than maximize bandwidth. Roger poked some
holes in his design, and hopefully will help him over the next few months
to fix them. You can read more about Micah's design in Section 4.3 of the
"performance.pdf" document.

We worked with Global Voices to help them update their "guide to blogging
anonymously":
https://blog.torproject.org/blog/updated-guide-blogging-anonymously
In particular, we updated it to include recommendations for using Tor
Browser Bundle, since TBB didn't exist when the guide was first written.

Preconfigured privacy (circumvention) bundles for USB or LiveCD.

On March 10, we released Tor Browser Bundle 1.1.10. It includes:
Update Tor to 0.2.1.13-alpha
Update Firefox to 3.0.7
Update Pidgin to 2.5.5

On March 31, we released Tor Browser Bundle 1.1.11. It includes:
Update Firefox to 3.0.8
Add Italian language bundles
Update Torbutton to 1.2.1
Update Vidalia to 0.1.12

Bridge relay and bridge authority work.

From the changelog item from Vidalia 0.1.12:
o Remove the code that altered PublishServerDescriptor when becoming a
bridge, since Tor handles that itself now, and ensure that BridgeRelay
is reset when going from bridge to just-a-client mode.

Scalability, load balancing, directory overhead, efficiency.

Roger and Steven wrote the Performance Roadmap as published at https://www.torproject.org/press/2009-03-12-performance-roadmap-press-re...

Footprints from Tor Browser Bundle.

March 17, updated research on traces left behind by the Tor Browser Bundle. The current document can be found at https://svn.torproject.org/svn/torbrowser/trunk/docs/traces.txt.

Translations
21 Polish website translations
20 French website translations
53 Italian website translations
25 German website translations
5 Chinese website translations
5 Updates from the translation portal for torbutton, in French, Italian, and Bokmål (Norwegian)

Tor Browser Bundle 1.1.11 Released

phobos — Tue, 31 Mar 2009 12:19:52 -0700

An updated Tor Browser Bundle is released to address the Firefox 3.0.7 security issues. It includes:

Update Firefox to 3.0.8
Add Italian language bundles
Update Torbutton to 1.2.1
Update Vidalia to 0.1.12

This updated TBB can be downloaded from https://www.torproject.org/easy-download as the "zero install bundle".

Tor 0.2.1.13-alpha released

phobos — Thu, 12 Mar 2009 22:32:59 -0700

Tor 0.2.1.13-alpha includes another big pile of minor bugfixes and
cleanups. We're finally getting close to a release candidate.

https://www.torproject.org/download

Changes in version 0.2.1.13-alpha - 2009-03-09
Major bugfixes:

Correctly update the list of which countries we exclude as
exits, when the GeoIP file is loaded or reloaded. Diagnosed by
lark. Bugfix on 0.2.1.6-alpha.

Minor bugfixes (on 0.2.0.x and earlier):

Automatically detect MacOSX versions earlier than 10.4.0, and
disable kqueue from inside Tor when running with these versions.
We previously did this from the startup script, but that was no
help to people who didn't use the startup script. Resolves bug 863.
When we had picked an exit node for a connection, but marked it as
"optional", and it turned out we had no onion key for the exit,
stop wanting that exit and try again. This situation may not
be possible now, but will probably become feasible with proposal
158. Spotted by rovv. Fixes another case of bug 752.
Clients no longer cache certificates for authorities they do not
recognize. Bugfix on 0.2.0.9-alpha.
When we can't transmit a DNS request due to a network error, retry
it after a while, and eventually transmit a failing response to
the RESOLVED cell. Bugfix on 0.1.2.5-alpha.
If the controller claimed responsibility for a stream, but that
stream never finished making its connection, it would live
forever in circuit_wait state. Now we close it after SocksTimeout
seconds. Bugfix on 0.1.2.7-alpha; reported by Mike Perry.
Drop begin cells to a hidden service if they come from the middle
of a circuit. Patch from lark.
When we erroneously receive two EXTEND cells for the same circuit
ID on the same connection, drop the second. Patch from lark.
Fix a crash that occurs on exit nodes when a nameserver request
timed out. Bugfix on 0.1.2.1-alpha; our CLEAR debugging code had
been suppressing the bug since 0.1.2.10-alpha. Partial fix for
bug 929.
Do not assume that a stack-allocated character array will be
64-bit aligned on platforms that demand that uint64_t access is
aligned. Possible fix for bug 604.
Parse dates and IPv4 addresses in a locale- and libc-independent
manner, to avoid platform-dependent behavior on malformed input.
Build correctly when configured to build outside the main source
path. Patch from Michael Gold.
We were already rejecting relay begin cells with destination port
of 0. Now also reject extend cells with destination port or address
of 0. Suggested by lark.

Minor bugfixes (on 0.2.1.x):

Don't re-extend introduction circuits if we ran out of RELAY_EARLY
cells. Bugfix on 0.2.1.3-alpha. Fixes more of bug 878.
If we're an exit node, scrub the IP address to which we are exiting
in the logs. Bugfix on 0.2.1.8-alpha.

Minor features:

On Linux, use the prctl call to re-enable core dumps when the user
is option is set.
New controller event NEWCONSENSUS that lists the networkstatus
lines for every recommended relay. Now controllers like Torflow
can keep up-to-date on which relays they should be using.
Update to the "February 26 2009" ip-to-country file.

The original notice can be found at http://archives.seul.org/or/talk/Mar-2009/msg00047.html

Tor Browser Bundle 1.1.9 Released

phobos — Wed, 18 Feb 2009 21:21:58 -0800

Tor Browser Bundle 1.1.9 is released.

It includes the following changes:

Update Tor to 0.2.1.12-alpha
Update Firefox to 3.0.6
Update Vidalia to 0.1.11

It's available at https://www.torproject.org/torbrowser/

Tor 0.2.1.12-alpha is released

phobos — Mon, 09 Feb 2009 15:29:18 -0800

Tor 0.2.1.12-alpha features several more security-related fixes. You
should upgrade, especially if you run an exit relay (remote crash) or
a directory authority (remote infinite loop), or you're on an older
(pre-XP) or not-recently-patched Windows (remote exploit). It also
includes a big pile of minor bugfixes and cleanups.

https://www.torproject.org/download.html.en

Changes in version 0.2.1.12-alpha - 2009-02-08
Security fixes:

Fix an infinite-loop bug on handling corrupt votes under certain
circumstances. Bugfix on 0.2.0.8-alpha.
Fix a temporary DoS vulnerability that could be performed by
a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
Avoid a potential crash on exit nodes when processing malformed
input. Remote DoS opportunity. Bugfix on 0.2.1.7-alpha.

Minor bugfixes:

Let controllers actually ask for the "clients_seen" event for
getting usage summaries on bridge relays. Bugfix on 0.2.1.10-alpha;
reported by Matt Edman.
Fix a compile warning on OSX Panther. Fixes bug 913; bugfix against
0.2.1.11-alpha.
Fix a bug in address parsing that was preventing bridges or hidden
service targets from being at IPv6 addresses.
Solve a bug that kept hardware crypto acceleration from getting
enabled when accounting was turned on. Fixes bug 907. Bugfix on
0.0.9pre6.
Remove a bash-ism from configure.in to build properly on non-Linux
platforms. Bugfix on 0.2.1.1-alpha.
Fix code so authorities _actually_ send back X-Descriptor-Not-New
headers. Bugfix on 0.2.0.10-alpha.
Don't consider expiring already-closed client connections. Fixes
bug 893. Bugfix on 0.0.2pre20.
Fix another interesting corner-case of bug 891 spotted by rovv:
Previously, if two hosts had different amounts of clock drift, and
one of them created a new connection with just the wrong timing,
the other might decide to deprecate the new connection erroneously.
Bugfix on 0.1.1.13-alpha.
Resolve a very rare crash bug that could occur when the user forced
a nameserver reconfiguration during the middle of a nameserver
probe. Fixes bug 526. Bugfix on 0.1.2.1-alpha.
Support changing value of ServerDNSRandomizeCase during SIGHUP.
Bugfix on 0.2.1.7-alpha.
If we're using bridges and our network goes away, be more willing
to forgive our bridges and try again when we get an application
request. Bugfix on 0.2.0.x.

Minor features:

Support platforms where time_t is 64 bits long. (Congratulations,
NetBSD!) Patch from Matthias Drochner.
Add a 'getinfo status/clients-seen' controller command, in case
controllers want to hear clients_seen events but connect late.

Build changes:

Disable GCC's strict alias optimization by default, to avoid the
likelihood of its introducing subtle bugs whenever our code violates
the letter of C99's alias rules.

The original announcement can be found at http://archives.seul.org/or/talk/Feb-2009/msg00054.html