release candidate
Tor 0.2.6.4-rc is released
Posted March 9th, 2015 by nickmTor 0.2.6.4-rc fixes an issue in the directory code that an attacker might be able to use in order to crash certain Tor directories. It also resolves some minor issues left over from, or introduced in, Tor 0.2.6.3-alpha or earlier.
If no serious issues are found in this release, the next 0.2.6 release will make 0.2.6 the officially stable branch of Tor.
You can download the source from the usual place on the website. Packages should be up in a few days.
NOTE: This is an alpha release. Please expect bugs.
Changes in version 0.2.6.4-rc - 2015-03-09- Major bugfixes (crash, OSX, security):
- Fix a remote denial-of-service opportunity caused by a bug in OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared in OSX 10.9.
- Major bugfixes (relay, stability, possible security):
- Fix a bug that could lead to a relay crashing with an assertion failure if a buffer of exactly the wrong layout is passed to buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on 0.2.0.10-alpha. Patch from "cypherpunks".
- Do not assert if the 'data' pointer on a buffer is advanced to the very end of the buffer; log a BUG message instead. Only assert if it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
New Tor Browser Bundles with Firefox 17.0.11esr and Tor 0.2.4.18-rc
Posted November 19th, 2013 by erinnFirefox 17.0.11esr has been released with several security fixes and the stable and RC Tor Browser Bundles have been updated
There is also a new Tor 0.2.4.18-rc release and the RC bundles have been updated to include that as well.
https://www.torproject.org/projects/torbrowser.html.en#downloads
Tor Browser Bundle (2.3.25-15)
- Update Firefox to 17.0.11esr
- Update NoScript to 2.6.8.5
- Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield.
(closes: #10092)
Tor Browser Bundle (2.4.18-rc-1)
- Update Tor to 0.2.4.18-rc
- Update Firefox to 17.0.11esr
- Update NoScript to 2.6.8.5
- Remove PDF.js since it is no longer supported in Firefox 17
- Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield.
(closes: #10092)
New Tor 0.2.4.16-rc packages and updated stable Tor Browser Bundles
Posted August 13th, 2013 by erinnThere's a new Tor 0.2.4.16-rc out and all packages, including the beta Tor Browser Bundles, have been updated. The stable Tor Browser Bundles have also been updated to fix a bug in the last release which prevented the language packs from working (which resulted in all of the bundles being in English!). We're very sorry about this.
https://www.torproject.org/projects/torbrowser.html.en#downloads
Tor Browser Bundle (2.3.25-12)
- Re-add the locale pref to the Firefox prefs file to allow for localization
of bundles again (closes: #9436)
Tor Browser Bundle (2.4.16-beta-1)
- Update Tor to 0.2.4.16-rc
- Re-add the locale pref to the Firefox prefs file to allow for localization
of bundles again (closes: #9436)
New Tor Browser Bundles and alpha bundles
Posted October 29th, 2012 by erinnAll of the Tor Browser Bundles have been updated with the latest Firefox 10.0.10esr release and all of the alpha packages, including the alpha Tor Browser Bundles, have been updated with the latest release of Tor 0.2.3.24-rc.
https://www.torproject.org/download
Further notes about Tor Browser Bundle updates:
Tor Browser Bundle (2.2.39-5)
- Update Firefox to 10.0.10esr
- Update NoScript to 2.5.9
Tor Browser Bundle (2.3.24-alpha-1)
- Update Tor to 0.2.3.24-rc
- Update Firefox to 10.0.10esr
- Update NoScript to 2.5.9
- Update HTTPS Everywhere to 4.0development.2
New Tor Browser Bundles and alpha bundles
Posted October 23rd, 2012 by erinnThe stable Tor Browser Bundles have been updated to fix a crash bug that existed in the previous version. If you were experiencing problems, please update and let us know if you have any further problems.
All alpha bundles have also been updated to Tor 0.2.3.23-rc. We've downgraded the Firefox version in the alpha Tor Browser Bundles to 10.0.9esr and will continue to keep the same version of Firefox in both bundles for the foreseeable future. In addition to that, the Linux and OS X versions have automatic port selection re-enabled, so those of you who were experiencing trouble running a concurrent system Tor on those systems should no longer have any issues.
All users who were using Tor 0.2.3.22-rc are strongly encouraged to upgrade.
https://www.torproject.org/download
Further notes about Tor Browser Bundle updates:
Tor Browser Bundle (2.2.39-4)
- Update Firefox patches to prevent crashing (closes: #7128)
- Update HTTPS Everywhere to 3.0.2
- Update NoScript to 2.5.8
Tor Browser Bundle (2.3.23-alpha-1)
- Update Tor to 0.2.3.23-rc
- Update Firefox to 10.0.9esr
- Update HTTPS Everywhere to 4.0development.1
- Update NoScript to 2.5.8
- Re-enable automatic Control and SOCKS port selection on Linux and OSX
New bundles (security release)
Posted September 12th, 2012 by erinnNew Bundles (security release)
All of the available bundles of Tor have been updated for the latest stable Tor 0.2.2.39 release and the 0.2.3.22-rc release. These releases fix a remote crash bug found in Tor and all users and relays are STRONGLY encouraged to update immediately.
https://www.torproject.org/download
Further notes about Tor Browser Bundle updates:
The random port selection has been temporarily disabled in the Linux and Mac OS X alpha bundles. Most of you probably didn't notice any random port selection happpening at all, but if you encounter a problem running a system Tor and your Tor Browser Bundle at the same time, you can switch to the stable bundles for now. The next update should have a fix that allows us to re-enable automatic port selection.
Tor Browser Bundle (2.2.39-1)
- Update Tor to 0.2.2.39
- Update NoScript to 2.5.4
Tor Browser Bundle (2.3.22-alpha-1)
- Update Tor to 0.2.3.22-rc
- Temporarily use fixed Control and SOCKS ports as a workaround for #6803
New Tor Browser and Obfsproxy Bundles
Posted August 12th, 2012 by erinnThe alpha Tor Browser Bundles have all been updated to the latest Tor 0.2.3.20-rc release candidate as well as being updated with some bugfixes. We're getting closer and closer to releasing the 0.2.3.x series as stable, so please give these bundles a lot of testing and help us shake out all of the remaining bugs! The regular bundles have also been updated.
https://www.torproject.org/download
The Tor Obfsproxy Browser Bundles have also been brought up to date with all of the same software as the regular alpha Tor Browser Bundles. These are still a work in progress, so please remember to report bugs! You can download them from the obfsproxy page.
Tor Browser Bundle (2.3.20-alpha-1)
- Update Tor to 0.2.3.20-rc
- Update NoScript to 2.5
- Change the urlbar search engine to Startpage (closes: #5925)
- Firefox patch updates:
- Fix the Tor Browser SIGFPE crash bug (closes: #6492)
- Add a redirect API for HTTPS-Everywhere (closes: #5477)
- Enable WebGL (as click-to-play only) (closes: #6370)
New Tor Browser Bundles
Posted July 14th, 2011 by erinnAll of the alpha Tor Browser Bundles have been updated to the latest Tor
0.2.2.30-rc, and the Windows stable bundle has been updated with the latest
Firefox 3.6.19.
The experimental bundles also now contain Firefox 5 and Polipo has been removed
from all of them.
https://torproject.org/download/download
Firefox 3.6 Tor Browser Bundles
Windows bundle
1.3.26: Released 2011-07-13
- Update Firefox to 3.6.19
- Update HTTPS-Everywhere to 1.0.0development.4
- Update Libevent to 2.0.12-stable
OS X bundle
1.1.22: Released 2011-07-13
- Update Tor to 0.2.2.30-rc
- Update Firefox to 3.6.19
- Update HTTPS-Everywhere to 1.0.0development.4
- Update NoScript to 2.1.1.2
Linux bundles
1.1.12: Released 2011-07-13
- Update Tor to 0.2.2.30-rc
- Update Firefox to 3.6.19
- Update HTTPS-Everywhere to 1.0.0development.4
- Update NoScript to 2.1.1.2
Firefox 4 Tor Browser Bundles
Tor Browser Bundle (2.2.30-1)
- Update Tor to 0.2.2.30-rc
- Update Firefox to 5.0.1
- Update Torbutton to 1.4.0
- Update Libevent to 2.0.12-stable
- Update HTTPS-Everywhere to 1.0.0development.4
- Update NoScript to 2.1.1.2
Temporary direct download links for Firefox 5 bundles:
Tor 0.2.2.30-rc is out
Posted July 14th, 2011 by erinnTor 0.2.2.30-rc is the first release candidate for the Tor 0.2.2.x
series. It fixes a few smaller bugs, but generally appears stable.
Please test it and let us know whether it is!
https://www.torproject.org/download
Changes in version 0.2.2.30-rc - 2011-07-07
Minor bugfixes:
- Send a SUCCEEDED stream event to the controller when a reverse
resolve succeeded. Fixes bug 3536; bugfix on 0.0.8pre1. Issue
discovered by katmagic. - Always NUL-terminate the sun_path field of a sockaddr_un before
passing it to the kernel. (Not a security issue: kernels are
smart enough to reject bad sockaddr_uns.) Found by Coverity;
CID #428. Bugfix on Tor 0.2.0.3-alpha. - Don't stack-allocate the list of supplementary GIDs when we're
about to log them. Stack-allocating NGROUPS_MAX gid_t elements
could take up to 256K, which is way too much stack. Found by
Coverity; CID #450. Bugfix on 0.2.1.7-alpha. - Add BUILDTIMEOUT_SET to the list returned by the 'GETINFO
events/names' control-port command. Bugfix on 0.2.2.9-alpha;
fixes part of bug 3465. - Fix a memory leak when receiving a descriptor for a hidden
service we didn't ask for. Found by Coverity; CID #30. Bugfix
on 0.2.2.26-beta.
Minor features:
- Update to the July 1 2011 Maxmind GeoLite Country database.
Tor Browser Bundle 1.2.3 and 1.2.4 Released
Posted July 12th, 2009 by phobosTor Browser Bundle 1.2.3 was released on July 8, 2009. It contains the following changes:
- Update Vidalia to 0.1.14
- Update Tor to 0.2.1.17-rc
- Update Pidgin to 2.5.8
TBB 1.2.3 was replaced by 1.2.4 on July 11, 2009 to include:
- Include libeay32.dll from OpenSSL 0.9.8k to make QT happy
- Update Vidalia to 0.1.15
TBB 1.2.4 is available at https://torproject.org/torbrowser.
