1.5.11
Changes:
See onionbrowser.com and onionbrowser.com/security for official announcements and notes.
- Fix issue where bridges with 5-digit port numbers were not allowed
in the bridge configuration. Issue reported by Andrew Auerbach. - Improve connection error handling and alert user if Tor client has
stopped working. - Tor updated to 0.2.6.4-rc.
https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.2.6.4-rc - OpenSSL updated to 1.0.2.
https://openssl.org/news/openssl-1.0.2-notes.html - Libevent updated to 2.0.22-stable.
https://raw.githubusercontent.com/libevent/libevent/release-2.0.22-stable/ChangeLog
Verification:
You can check that your version of Onion Browser matches a known copy of the app. This is helpful for safety reasons, if you are not confident that your copy of Onion Browser has been tampered with.
You'll need to have this version of Onion Browser (1.5.11) downloaded and available in iTunes. Go into iTunes and make sure that Onion Browser appears in the "My Apps" tab. Since this is the most recent version of Onion Browser, ensure that the app is updated. (If it has an "Update" flag, you can right-click the app and select "Update App" to download 1.5.11.)
If you don't have Onion Browser on your computer, you can retrieve this version by syncing your iPhone/iPad to your computer or by searching for Onion Browser in iTunes with the same Apple account that you used to buy it on your iPhone/iPad.
If you get a hash that's different than 349964b828d8c47c570d7e25a6457829173f85f5ba6437c8962c6926c866a6e4668995b892eb03f617bb3c78cfde6a10cc3579924a035715d7b99c8b8fca84ef, please report it in this thread immediately, or e-mail me.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
If you have installed Onion Browser via the App Store, you can
double-check the authenticity of your copy of Onion Browser by doing
something like the following and ensuring that the resultant SHA512
hash is identical.
$ mkdir /tmp/ob1511
$ cd /tmp/ob1511
$ unzip -o "$HOME/Music/iTunes/iTunes Media/Mobile Applications/Onion Browser 1.5.11.ipa"
$ rm -fr "Payload/OnionBrowser.app/SC_Info"
$ find Payload -type f -print0 | xargs -0 shasum -a512 | shasum -a512
349964b828d8c47c570d7e25a6457829173f85f5ba6437c8962c6926c866a6e4668995b892eb03f617bb3c78cfde6a10cc3579924a035715d7b99c8b8fca84ef -
It'll tell you that your copy of the Onion Browser app package is
the same as everyone else's. (But of course that doesn't help if
there's fishiness in Xcode or in the App Store submission process.)
Per [1][2], although the App Store-hosted ".ipa" bundle of the app
changes from user-to-user (because the ".ipa" zip file contains
user-specific SC_Info), the remainder of the app contents should be
the same from user to user. See [3] & [4] for further work on this.
[1]: https://github.com/WhisperSystems/Signal-iOS/issues/641#issuecomment-77376731
[2]: https://github.com/WhisperSystems/Signal-iOS/issues/641#issuecomment-78202740
[3]: https://github.com/OnionBrowser/iOS-OnionBrowser/issues/58
[4]: https://github.com/WhisperSystems/Signal-iOS/issues/641
-----BEGIN PGP SIGNATURE-----
Charset: utf-8
iQEcBAEBCgAGBQJVDJRuAAoJEGQdTjqn+fty/joH/2Rfq9BSsqcj1BIqn6mpvMo2
f1dt5dv01nYkS1eqNKPmrDXKUH1TtkEI9wXIZPBuGvkRHBKpSxJnb3AphfDnhecG
7vkxYyWmCtmGTAdxcbzycMDqxJUAtPeoya6w7SYly/o1NnsdVgdtgZOSNS+14cYE
7rj2x+cAFVhpg9PpS2h2tzf1PsJjLX9G6wc1D7AaqFLuCH++KbpSuN3v0bq6z5OB
BNQfo7sdOk6+mdvXrZ1GqrvNE413AdzVwIZ/5LTwcW3JuYMALiwLdbqgdWBJ8aht
IN0DgdTSs/PpGYIjLfPzzWaE42MVz94drZwX6EkWOXJWpTQmpN7GCBD07noB6gI=
=XGfe
-----END PGP SIGNATURE-----