Hello!
Tor Browser 10.5.5 is now available from the Tor Browser
download page [1] and also from our distribution directory [2].
1: https://www.torproject.org/download/
2: https://www.torproject.org/dist/torbrowser/10.5.5/
This version updates Tor to 0.4.5.10 [3] that includes a fix for a
security issue. On Android, this version updates Firefox to 91.2.0 and
includes important security updates [4]. Please see the blog post [5]
for more details about this version.
3: https://blog.torproject.org/node/2062
4: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/
5: https://blog.torproject.org/new-release-tor-browser-1055
The full changelog since Tor Browser 10.5.4 is:
* All Platforms
* Update Tor to 0.4.5.10
* Linux
* Bug 40582: Tor Browser 10.5.2 tabs always crash on Fedora Xfce Rawhide [tor-browser]
* Android
* Update Fenix to 91.2.0
* Update NoScript to 11.2.11
* Bug 40063: Move custom search providers [android-components]
* Bug 40176: TBA: sometimes I only see the banner and can't tap on the address bar [fenix]
* Bug 40181: Remove V2 Deprecation banner on about:tor for Android [fenix]
* Bug 40184: Rebase fenix patches to fenix v91.0.0-beta.5 [fenix]
* Bug 40185: Use NimbusDisabled [fenix]
* Bug 40186: Hide Credit Cards in Settings [fenix]
* Build System
* Android
* Update Go to 1.15.15
* Bug 40331: Update components for mozilla91 [tor-browser-build]
Hello, everyone!
(If you are about to reply saying "please take me off this list",
instead please follow these instructions:
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/
If you have trouble, it is probably because you subscribed using a
different address than the one you are trying to unsubscribe with. You
will have to enter the actual email address you used when you
subscribed.)
Source code for Tor 0.4.6.7 is now available; you can download the
source code from the download page at
https://www.torproject.org/download/tor/. Packages should be available
within the next several weeks, with a new Tor Browser later this week.
Changes in version 0.4.6.7 - 2021-08-16
This version fixes several bugs from earlier versions of Tor, including one
that could lead to a denial-of-service attack. Everyone running an earlier
version, whether as a client, a relay, or an onion service, should upgrade
to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7.
o Major bugfixes (cryptography, security):
- Resolve an assertion failure caused by a behavior mismatch between our
batch-signature verification code and our single-signature verification
code. This assertion failure could be triggered remotely, leading to a
denial of service attack. We fix this issue by disabling batch
verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is
also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de
Valence.
o Minor feature (fallbackdir):
- Regenerate fallback directories list. Close ticket 40447.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database,
as retrieved on 2021/08/12.
o Minor bugfix (crypto):
- Disable the unused batch verification feature of ed25519-donna. Fixes
bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence.
o Minor bugfixes (onion service):
- Send back the extended SOCKS error 0xF6 (Onion Service Invalid Address)
for a v2 onion address. Fixes bug 40421; bugfix on 0.4.6.2-alpha.
o Minor bugfixes (relay):
- Reduce the compression level for data streaming from HIGH to LOW in
order to reduce CPU load on the directory relays. Fixes bug 40301;
bugfix on 0.3.5.1-alpha.
o Minor bugfixes (timekeeping):
- Calculate the time of day correctly on systems where the time_t
type includes leap seconds. (This is not the case on most
operating systems, but on those where it occurs, our tor_timegm
function did not correctly invert the system's gmtime function,
which could result in assertion failures when calculating
voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha.
--
Alexander Færøy
Hello!
Tor Browser 10.5.4 is now available from the Tor Browser
download page [1] and also from our distribution directory [2].
1: https://www.torproject.org/download/
2: https://www.torproject.org/dist/torbrowser/10.5.4/
This version updates Firefox to 78.13.0esr. This version includes
important security updates [3] to Firefox. Please see the blog post [4] for
more details about this version.
3: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/
4: https://blog.torproject.org/new-release-tor-browser-1054
The full changelog since Tor Browser 10.5.2 is:
* Windows + OS X + Linux
* Update Firefox to 78.13.0esr
* Update NoScript to 11.2.11
* Bug 40041: Remove V2 Deprecation banner on about:tor for desktop [torbutton]
* Bug 40506: Saved Logins not available in 10.5 [tor-browser]
* Bug 40524: Update DuckDuckGo onion site URL in search preferences and onboarding [tor-browser]
* Build System
* Windows + OS X + Linux
* Update Go to 1.15.14
