[tor-qa] Tor Browser 4.5.2 is ready for testing

Wilton Gorske wilton at riseup.net
Sun Jun 7 18:20:51 UTC 2015 

Testing: TorBrowser-4.5.2-osx64_en-US.dmg
System Version: OS X 10.10.3 (14D136)
Kenel Version: Darwin 14.3.0
Processor: 2.3GHz Intel Core i7
Memory: 16 GB 1600 MHz DDR3
Graphics: Intel Iris Pro & NVIDIA GeForce GT 750M 2048 MB
Display: 15-inch (2880 x 1800 Retina)

TBB Launches successfully: yes
Connects to the Tor network: yes
Browser toolbars and menus work, tab dragging works: yes

All extensions are present and functional: yes
 - HTTPS-Everywhere 5.0.5
 - NoScript 2.6.9.26
 - TorButton 1.9.2.6
 - TorLauncher 0.2.7.4

Web browsing works as expected
 - HTTP, HTTPS, .onion browsing works (https://facebookcorewwwi.onion/)
 - HTML5 videos work on http://videojs.com/ and YouTube
 - http://ip-check.info/?lang=en - ok
 - https://panopticlick.eff.org/ - only one in 2,425 , 11.24 bits of
                                   identifying information
 - https://weakdh.org/ - Safe

SOCKS/external apps work as expected: yes (Torbirdy)

SSL client is bad according to https://www.howsmyssl.com/.
	“Session tickets are not supported in your client. Without them,
services will have a harder time making your client's connections fast.
Generally, clients with ephemeral key support get this for free.”
	“Your client supports cipher suites that are known to be insecure:
    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: This cipher use RC4 which has
insecure biases in its output.
    TLS_ECDHE_RSA_WITH_RC4_128_SHA: This cipher use RC4 which has
insecure biases in its output.
    TLS_RSA_WITH_RC4_128_MD5: This cipher use RC4 which has insecure
biases in its output.
    TLS_RSA_WITH_RC4_128_SHA: This cipher use RC4 which has insecure
biases in its output.”

No other noticeable misbehavior.

Georg Koppen:
> Hi,
> 
> Tor Browser 4.5.2-build1 is up at for testing:
> 
> https://people.torproject.org/~gk/builds/4.5.2-build1/
> 
> This release provides a fix for the Logjam attack (https://weakdh.org/)
> and updates a number of Tor Browser components: Tor to version 0.2.6.8,
> Torbutton to version 1.9.2.6, NoScript to version 2.6.9.26 and
> HTTPS-Everywhere to version 5.0.5. Moreover, it fixes a possible crash
> on Linux and avoids breaking the Add-ons page if Torbutton is disabled.
> 
> Here is the full change log:
> 
> Tor Browser 4.5.2 -- June 12 2015
>  * All Platforms
>    * Update Tor to 0.2.6.8
>    * Update HTTPS-Everywhere to 5.0.5
>    * Update NoScript to 2.6.9.26
>    * Update Torbutton to 1.9.2.6
>      * Bug 15984: Disabling Torbutton breaks the Add-ons Manager
>      * Bug 14429: Make sure the automatic resizing is disabled
>      * Translation updates
>    * Bug 16130: Defend against logjam attack
>    * Bug 15984: Disabling Torbutton breaks the Add-ons Manager
>  * Linux
>    * Bug 16026: Fix crash in GStreamer
>    * Bug 16083: Update comment in start-tor-browser
> 
> Georg
> 
> 
> 
> _______________________________________________
> tor-qa mailing list
> tor-qa at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-qa
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-qa/attachments/20150607/7d6e0870/attachment-0001.sig>

More information about the tor-qa mailing list