Skip to content

1.5.12
Compare
Choose a tag to compare
@mtigas mtigas released this 20 Mar 21:49
· 1439 commits to 3.X since this release
v1.5.12
This tag was signed with the committer’s verified signature.
mtigas Mike Tigas
GPG key ID: 641D4E3AA7F9FB72
Learn about vigilant mode.
4f26b63
This commit was signed with the committer’s verified signature.
mtigas Mike Tigas
GPG key ID: 641D4E3AA7F9FB72
Learn about vigilant mode.

Changes:

Verification:

You can check that your version of Onion Browser matches a known copy of the app. This is helpful for safety reasons, if you are not confident that your copy of Onion Browser has been tampered with.

You'll need to have this version of Onion Browser (1.5.12) downloaded and available in iTunes. Go into iTunes and make sure that Onion Browser appears in the "My Apps" tab. Since this is the most recent version of Onion Browser, ensure that the app is updated. (If it has an "Update" flag, you can right-click the app and select "Update App" to download 1.5.12.)

If you don't have Onion Browser on your computer, you can retrieve this version by syncing your iPhone/iPad to your computer or by searching for Onion Browser in iTunes with the same Apple account that you used to buy it on your iPhone/iPad.

If you get a hash that's different than cc31dad8ec3aa4f72b1de09557d5840b2039c585328098973b3cb1a7ad3205d521c95a21288443dd8eef86028800db0895b1e47b20e131054947685c5161fc44, please report it in this thread immediately, or e-mail me.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

If you have installed Onion Browser via the App Store, you can
double-check the authenticity of your copy of Onion Browser by doing
something like the following and ensuring that the resultant SHA512
hash is identical. 

Sync your phone (& sync the apps over to your computer) or download
Onion Browser via the App Store in iTunes on your computer. Then:

$ mkdir /tmp/ob1512
$ cd /tmp/ob1512
$ unzip -o "$HOME/Music/iTunes/iTunes Media/Mobile Applications/Onion Browser 1.5.12.ipa"
$ rm -fr "Payload/OnionBrowser.app/SC_Info"
$ find Payload -type f -print0 | xargs -0 shasum -a512 | shasum -a512
cc31dad8ec3aa4f72b1de09557d5840b2039c585328098973b3cb1a7ad3205d521c95a21288443dd8eef86028800db0895b1e47b20e131054947685c5161fc44  -

It'll tell you that your copy of the Onion Browser app package is
the same as everyone else's. (But of course that doesn't help if
there's fishiness in Xcode or in the App Store submission process.)

Per [1][2], although the App Store-hosted ".ipa" bundle of the app
changes from user-to-user (because the ".ipa" zip file contains
user-specific SC_Info), the remainder of the app contents should be
the same from user to user. See [3] & [4] for further work on this.

[1]: https://github.com/WhisperSystems/Signal-iOS/issues/641#issuecomment-77376731
[2]: https://github.com/WhisperSystems/Signal-iOS/issues/641#issuecomment-78202740
[3]: https://github.com/OnionBrowser/iOS-OnionBrowser/issues/58
[4]: https://github.com/WhisperSystems/Signal-iOS/issues/641
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJWKYVjAAoJEGQdTjqn+ftyZXoIAJI0iCd0Ok3zy5w5YMtLlYOn
Ii9RQ0p9DGQPOeMrvjK4TmcKapniP43VSIxsxYvSvlezVjBwx8LLkHQ7aC5NK7JA
jJglZUukdbX/5FhFof9SSRwCCVhC7jrJGNMzpB+sNP54WVsT8/sVsxSSvGEQdtvO
yqb/B7Ipv6eOMUGDUP/JsQzHExzN82eF90+8UZ2QS29WUq0esHl8zLB0D00WdLlo
oSkGtSPeNi+m3R5/hQ/MxD9hWkGRYn1hKm6rlT6yS9/tFt1jGyXsjOKhYD2Lo8ql
1+fvhObM999nVBgf9/PcOcaS5oi4zLBMFc+nuUcvrGGaJ/gAN56qtSjFRv4hwg4=
=w6XH
-----END PGP SIGNATURE-----
Assets 2