Thema: Neue Tor-Version: sicherer und anonymer

[SiLæncer]

Tor Browser Bundle (2.2.39-3); suite=linux

  * Update Firefox to 10.0.9esr

http://sourceforge.net/projects/advtor/

[SiLæncer]

Advanced Onion Router is a client for OR network and is intended to be an improved alternative for Tor+Vidalia+Privoxy bundle for Windows users. It is able to "force" a program and its plugins to use the Tor proxy regardless of its configured proxy.

License: Open Source

Whats new: >>

- [tor-0.2.2.39] Fix an assertion failure in tor_timegm() that could be triggered by a badly formatted directory object. Bug found by fuzzing with Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
- [tor-0.2.2.39] Do not crash when comparing an address with port value 0 to an address policy. This bug could have been used to cause a remote assertion failure by or against directory authorities, or to allow some applications to crash clients. Fixes bug 6690; bugfix on 0.2.1.10-alpha.
- corrected: buffer overflow when showing intercepted processes in the system tray menus
- corrected: a huge list of command line parameters for an intercepted process could had caused a buffer overflow in AdvOR.dll
- address map registrations are now scheduled when they are changed from the "Associate addresses" page
- new configuration option: SocksAuthenticator
- new option on the "Proxy" page: "User:password" (SocksAuthenticator) that allows restricting the access to the local proxy with an username:password combination (all proxy protocols are supported)
- if a prefix is entered for the .onion address when registering a new hidden service, an address name generator will try to find an address that starts with that prefix; the address generator shows a progress and it can be stopped anytime
- geoip_c.h was updated with GeoIPCountryWhois.csv released on October 2nd
- updated language strings: 1248, 3222, 3223, 3224, 3225, 3226, 3227, 3228, 3229, 3230, 3231

http://sourceforge.net/projects/advtor/

[SiLæncer]

2012-10-17 Advanced Onion Router 0.3.0.12a

- corrected: the function start_of_month() was not updated to use tor_timegm() with its new syntax (thanks to anonymous for reporting this error on sf.net)
- corrected: the original address of a socks request was not always set for requests made by intercepted programs that were also configured to use AdvOR as a proxy

http://sourceforge.net/projects/advtor/

[SiLæncer]

2012-10-19 Advanced Onion Router 0.3.0.12b

- corrected: buffer overflow in dir_split_resource_into_fingerprints() (thanks to anonymous for reporting this error on sf.net)
- corrected: when the entry "No exit" was selected, AdvOR tried to use a country from GeoIP when changing the identity
- added extra memory checks in addressmap_ent_free() and in aes_free_cipher() to get better error reports for 2 bugs reported on sf.net forums

http://sourceforge.net/projects/advtor/

[SiLæncer]

Tor Browser Bundle (2.2.39-4)

    Update Firefox patches to prevent crashing (closes: #7128)
    Update HTTPS Everywhere to 3.0.2
    Update NoScript to 2.5.8

http://sourceforge.net/projects/advtor/

[SiLæncer]

Tor Browser Bundle (2.2.39-5)

    Update Firefox to 10.0.10esr
    Update NoScript to 2.5.9

https://www.torproject.org/

[SiLæncer]

2012-11-03 Advanced Onion Router 0.3.0.13

- corrected: when remapping an address, if a plugin exported AdvTor_TranslateAddress(), the new_address part of an addressmap_entry_t structure was freed without undating it with the new remapped address; this error caused random crashes when a plugin that exported AdvTor_TranslateAddress() (like the Blacklist plugin) was loaded (thanks to anonymous for reporting this error on sf.net)
- the value for the source code file name pointer is written to AdvOR-crash.txt instead of the file name pointed by it
- AdvOR.dll increases the reference count for WS2_32.dll to prevent an intercepted application from unloading it
- if more plugins export TranslateAddress and have the right to translate addresses, the address that was remapped by plugins is rewritten only once, after all plugins events handlers are called
- AdvOR no longer formats useless controller messages if no controller is connected
- updated libraries: libevent-2.0.20-stable, openssl-1.0.1c
- geoip_c.h was updated with GeoIPCountryWhois.csv released on October 30th

http://sourceforge.net/projects/advtor/

[SiLæncer]

Wie Code-Experte Andrey Karpov bei einer Analyse des TOR-Quellcodes herausfand, verwendet die Anonymisierungssoftware eine Funktion namens memset() zum Löschen von Cache-Daten, welche nicht von allen Compilern unterstützt wird. Das kann unter Umständen dazu führen, dass der TOR-Client vertrauliche Daten wie etwa Passwörter im Speicher zurück lässt, wenn er beendet wird.

Der ganze Artikel

Quelle : www.heise.de

[SiLæncer]

2012-11-17 Advanced Onion Router 0.3.0.14

- corrected: when changing server descriptor types, AdvOR could try to free a buffer that was already freed (thanks to anonymous for reporting this error on sf.net)
- the csv2asm program now approximates GeoIP's "A1" fake country to a neighboring IP range's country that has the same AS path as the blacklisted IP range
- the "A1" country that has IP ranges blacklisted by MaxMind is shown using the approximated country followed by an asterisk in node selection dialogs and in the "OR network" dialog
- country bans and the restriction to build circuits with IPs from different countries are verified using the approximated country instead of GeoIP's fake "A1" country (this solves a security problem where a circuit like US-DE-A1 where A1=US could had been built)
- router selection dialogs no longer display "Anonymous Proxy" as a valid country
- new option on the "Banned routers" page: "Do not use exits that were blacklisted by MaxMind's GeoIP" that can be enabled when country restrictions enforced by some websites can't be bypassed because the website is using a GeoIP having blacklisted IP ranges
- geoip_c.h was updated with GeoIPCountryWhois.csv released on November 7th; there are 105478 IP ranges having 368 ranges in the fake "A1" country; 366 ranges were approximated to real countries
- updated language strings: 3232, 3233

http://sourceforge.net/projects/advtor/

[SiLæncer]

Tor Browser Bundle (2.3.25-1)

    Update Tor to 0.2.3.25
    Update Firefox 10.0.11esr
    Update Vidalia to 0.2.21
    Update NoScript to 2.6.2

https://www.torproject.org/

[SiLæncer]

2012-12-12 Advanced Onion Router 0.3.0.15

- corrected: if no hibernation interval is set, hibernation state is no longer changed (thanks to anonymous for reporting this error on sf.net)
- corrected: init_keys() could had been called twice, when the OR port number was changed (thanks to anonymous for reporting this error on sf.net)
- corrected: fast hibernation state changes could had caused the main thread to be created twice (thanks to anonymous for reporting this error on sf.net)
- corrected a memory leak in parse_request_headers()
- corrected an infinite loop that could had been caused by using "--select-exit" without specifying an exit node
- when updating the OR network, a failure to update the circuit tree due to insufficient system resources will cause a warning message to be shown, recommending a system restart (thanks to anonymous for reporting this problem on sf.net; language string: 3234)
- the host banlist is now also checked when parsing HTTP headers to prevent a banned host from being used in an HTTP request sent to a server that is not banned
- the welcome message now displays 2 available download locations for AdvOR, SourceForge and SoftPedia (language string: 1248)
- new command line parameter: "--exec" that can be used to execute and intercept at startup a program that was not added to the "Quick Start" list; if another instance of AdvOR is already started from the same location, this parameter is passed to that instance (language string: 46)
- the license for the Csv2Asm program was changed from *unspecified* to Creative Commons NonCommercial
- geoip_c.h was updated with GeoIPCountryWhois.csv released on December 4th; there are 105985 IP ranges having 369 ranges in the fake "A1" country; 367 ranges were approximated to real countries
- updated language strings: 46, 1248, 3234

http://sourceforge.net/projects/advtor/

[SiLæncer]

Tor Browser Bundle (2.3.25-2)

  * Update Firefox to 10.0.12esr
  * Update Libevent to 2.0.21-stable
  * Update HTTPS Everywhere to 3.1.2
  * Update NoScript to 2.6.4.2

https://www.torproject.org/

[SiLæncer]

Whats new: >>

Code: [Auswählen]

    Update Firefox to 17.0.3esr
    Downgrade OpenSSL to 1.0.0k
    Update libpng to 1.5.14
    Update NoScript to 2.6.5.7
    Firefox patch changes:
        Exempt remote @font-face fonts from font limits (and prefer them).
        (closes: #8270)
            Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
            they should not count towards our CSS font count limits. Moreover,
            if a CSS font-family rule lists any remote fonts, those fonts are
            preferred over the local fonts, so we do not reduce the font count
            for that rule.
            This vastly improves rendering and typography for many websites.
        Disable WebRTC in Firefox build options. (closes: #8178)
            WebRTC isn't slated to be enabled until Firefox 18, but the code
            was getting compiled in already and is capable of creating UDP Sockets
            and bypassing Tor. We disable it from build as a safety measure.
        Move prefs.js into omni.ja and extension-overrides. (closes: #3944)
            This causes our browser pref changes to appear as defaults. It also
            means that future updates of TBB should preserve user pref settings.
        Fix a use-after-free that caused crashing on MacOS (closes: #8234)
        Eliminate several redundant, useless, and deprecated Firefox pref settings
        Report Firefox 17.0 as the Tor Browser user agent
        Use Firefox's click-to-play barrier for plugins instead of NoScript
        Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
            This fixes a SOCKS race condition with our SOCKS autoport configuration
            and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
            settings per URL now, which resulted in a proxy error for
            check.torproject.org if we lost the race.
    Torbutton was updated to 1.5.0. The following issues were fixed:
        Remove old toggle observers and related code (closes: #5279)
        Simplify Security Preference UI and associated pref updates (closes: #3100)
        Eliminate redundancy in our Flash/plugin disabling code (closes: #7470)
        Leave most preferences under Tor Browser's control (closes: #3944)
        Disable toggle-on-startup and crash detection logic (closes: #7974)
        Disable/remove toggle-mode code and related observers (closes: #5379)
        Add menu hint to Torbutton icon (closes: #6431)
        Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
        Perform version check every time there's a new tab. (closes: #6096)
        Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
        misc: Allow WebGL and DOM storage.
        misc: Disable independent Torbutton updates
        misc: Change the recommended SOCKSPort to 9150 (to match TBB)

The following Firefox patch changes are also included in this release:

    Isolate image cache to url bar domain (closes: #5742 and #6539)
    Enable DOM storage and isolate it to url bar domain (closes: #6564)
    Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
    Misc preference changes:
        Disable DOM performance timers (dom.enable_performance) (closes: #6204)
        Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
        Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
        Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)
https://www.torproject.org/

[SiLæncer]

Whats new: >>

   

Code: [Auswählen]

Update Firefox to 17.0.4esr
    Update NoScript to 2.6.5.8
    Update HTTPS Everywhere to 3.1.4
    Fix non-English language bundles to have the correct branding (closes: #8302)
    Firefox patch changes:
        Remove "This plugin is disabled" barrier
            This improves the user experience for HTML5 Youtube videos:
            They "silently" attempt to load flash first, which was not so silent
            with this barrier in place. (closes: #8312)
        Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
        Fix a New Identity hang and/or crash condition (closes: #6386)
        Fix crash with Drag + Drop on Windows (closes: #8324)
    Torbutton changes:
        Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
        Fix XML/E4X errors with Cookie Protections (closes: #6202)
        Don't clear cookies at shutdown if user wants disk history (closes: #8423)
        Leave IndexedDB and Offline Storage disabled. (closes: #8382)
        Clear DOM localStorage on New Identity. (closes: #8422)
        Don't strip "third party" HTTP auth from favicons (closes: #8335)
        Localize the "Spoof english" button strings (closes: #5183)
        Ask user for confirmation before enabling plugins (closes: #8313)
        Emit private browsing session clearing event on "New Identity"
https://www.torproject.org/

[SiLæncer]

2013-03-15 Advanced Onion Router 0.3.0.16

- corrected: the list with directory authorities was initialized with values from a read-only location (thanks to anonymous for reporting this error on sf.net)
- corrected: address map association updates required a program restart (thanks to anonymous for reporting this problem on sf.net)
- corrected: when re-connecting to the OR network, listeners were sometimes delayed, causing ports to stay closed for up to 60 seconds
- corrected: the procedures that disconnect AdvOR from the OR network are now scheduled (thanks to anonymous for reporting this problem on sf.net)
- the procedures related to the "Associated addresses" page were moved to a separate file, dlg_addrmaps.c
- added the option to use browser's original User-Agent string; the option is available on the "HTTP headers" page as "Don't anonymize browser type" (requested by anonymous on sf.net)
- new option on the exit selection dialog: "Use only recent exits that are probably not blacklisted yet" (requested by anonymous on sf.net); this option sets a filter for recent nodes that are not in blacklists that were not updated recently
- new page: "Bypass Tor blacklists" with options related to bypassing bans on websites that use blacklists to ban Tor and other proxies (dlg_bypassbl.c)
- geoip_c.h was updated with GeoIPCountryWhois.csv released on March 3rd; there are 179875 IP ranges having 375 ranges in the fake "A1" country; 372 ranges were approximated to real countries
- updated language strings: 3235, 3236, 3237, 3238, 3239, 3240, 3241, 3242, 3243, 3244, 3245, 3246

http://sourceforge.net/projects/advtor/