Hi,
Tor Browser 4.5.2-build1 is up at for testing:
https://people.torproject.org/~gk/builds/4.5.2-build1/
This release provides a fix for the Logjam attack (https://weakdh.org/) and updates a number of Tor Browser components: Tor to version 0.2.6.8, Torbutton to version 1.9.2.6, NoScript to version 2.6.9.26 and HTTPS-Everywhere to version 5.0.5. Moreover, it fixes a possible crash on Linux and avoids breaking the Add-ons page if Torbutton is disabled.
Here is the full change log:
Tor Browser 4.5.2 -- June 12 2015 * All Platforms * Update Tor to 0.2.6.8 * Update HTTPS-Everywhere to 5.0.5 * Update NoScript to 2.6.9.26 * Update Torbutton to 1.9.2.6 * Bug 15984: Disabling Torbutton breaks the Add-ons Manager * Bug 14429: Make sure the automatic resizing is disabled * Translation updates * Bug 16130: Defend against logjam attack * Bug 15984: Disabling Torbutton breaks the Add-ons Manager * Linux * Bug 16026: Fix crash in GStreamer * Bug 16083: Update comment in start-tor-browser
Georg
Testing: TorBrowser-4.5.2-osx64_en-US.dmg System Version: OS X 10.10.3 (14D136) Kenel Version: Darwin 14.3.0 Processor: 2.3GHz Intel Core i7 Memory: 16 GB 1600 MHz DDR3 Graphics: Intel Iris Pro & NVIDIA GeForce GT 750M 2048 MB Display: 15-inch (2880 x 1800 Retina)
TBB Launches successfully: yes Connects to the Tor network: yes Browser toolbars and menus work, tab dragging works: yes
All extensions are present and functional: yes - HTTPS-Everywhere 5.0.5 - NoScript 2.6.9.26 - TorButton 1.9.2.6 - TorLauncher 0.2.7.4
Web browsing works as expected - HTTP, HTTPS, .onion browsing works (https://facebookcorewwwi.onion/) - HTML5 videos work on http://videojs.com/ and YouTube - http://ip-check.info/?lang=en - ok - https://panopticlick.eff.org/ - only one in 2,425 , 11.24 bits of identifying information - https://weakdh.org/ - Safe
SOCKS/external apps work as expected: yes (Torbirdy)
SSL client is bad according to https://www.howsmyssl.com/. “Session tickets are not supported in your client. Without them, services will have a harder time making your client's connections fast. Generally, clients with ephemeral key support get this for free.” “Your client supports cipher suites that are known to be insecure: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: This cipher use RC4 which has insecure biases in its output. TLS_ECDHE_RSA_WITH_RC4_128_SHA: This cipher use RC4 which has insecure biases in its output. TLS_RSA_WITH_RC4_128_MD5: This cipher use RC4 which has insecure biases in its output. TLS_RSA_WITH_RC4_128_SHA: This cipher use RC4 which has insecure biases in its output.”
No other noticeable misbehavior.
Georg Koppen:
Hi,
Tor Browser 4.5.2-build1 is up at for testing:
https://people.torproject.org/~gk/builds/4.5.2-build1/
This release provides a fix for the Logjam attack (https://weakdh.org/) and updates a number of Tor Browser components: Tor to version 0.2.6.8, Torbutton to version 1.9.2.6, NoScript to version 2.6.9.26 and HTTPS-Everywhere to version 5.0.5. Moreover, it fixes a possible crash on Linux and avoids breaking the Add-ons page if Torbutton is disabled.
Here is the full change log:
Tor Browser 4.5.2 -- June 12 2015
- All Platforms
- Update Tor to 0.2.6.8
- Update HTTPS-Everywhere to 5.0.5
- Update NoScript to 2.6.9.26
- Update Torbutton to 1.9.2.6
- Bug 15984: Disabling Torbutton breaks the Add-ons Manager
- Bug 14429: Make sure the automatic resizing is disabled
- Translation updates
- Bug 16130: Defend against logjam attack
- Bug 15984: Disabling Torbutton breaks the Add-ons Manager
- Linux
- Bug 16026: Fix crash in GStreamer
- Bug 16083: Update comment in start-tor-browser
Georg
tor-qa mailing list tor-qa@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-qa
Georg Koppen:
Hi,
Tor Browser 4.5.2-build1 is up at for testing:
We actually rebuilt parts of the 4.5.2 bundles mentioned above to include the latest Tor (0.2.6.9) and above all a fixed OpenSSL (1.0.1n). We plan to release 4.5.2 on Monday, June 15. If you have the time, please give it a round of testing. The new bundles can be found on:
https://people.torproject.org/~gk/builds/4.5.2-build2/
Georg
This release provides a fix for the Logjam attack (https://weakdh.org/) and updates a number of Tor Browser components: Tor to version 0.2.6.8, Torbutton to version 1.9.2.6, NoScript to version 2.6.9.26 and HTTPS-Everywhere to version 5.0.5. Moreover, it fixes a possible crash on Linux and avoids breaking the Add-ons page if Torbutton is disabled.
Here is the full change log:
Tor Browser 4.5.2 -- June 12 2015
- All Platforms
- Update Tor to 0.2.6.8
- Update HTTPS-Everywhere to 5.0.5
- Update NoScript to 2.6.9.26
- Update Torbutton to 1.9.2.6
- Bug 15984: Disabling Torbutton breaks the Add-ons Manager
- Bug 14429: Make sure the automatic resizing is disabled
- Translation updates
- Bug 16130: Defend against logjam attack
- Bug 15984: Disabling Torbutton breaks the Add-ons Manager
- Linux
- Bug 16026: Fix crash in GStreamer
- Bug 16083: Update comment in start-tor-browser
Georg
tor-qa mailing list tor-qa@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-qa
-
Georg Koppen -
Wilton Gorske