Shadowsocks安卓版客户端(v4.4.5)

Assets

Minor bug fixes.

原文:https://github.com/shadowsocks/shadowsocks-android/releases/tag/v4.4.5

Advertisements

十大代理方式在常见操作系统中的支持情况

√代表系统支持,×代表系统不支持

  Windows Mac OS X iOS Android Linux Router
Shadowsocks
ShadowsocksR
V2Ray
HTTPs/2 proxy
SSH Tunnel
Brook
GFW.Press
GoFlyway ×
PipeSocks ×
LightSword ×

以上系统iOS9+,Android4+,Router以OpenWRT系统为例。

iOS可以使用免费的Potatso Lite或者收费的Shadowrocket连接ss和ssr;win可以使用V2RayN,mac可以使用V2RayX,安卓可以使用V2RayNG,ios可以使用KitsunebiShadowrocketPepi连接V2Ray;HTTP/2 proxy和HTTPS代理在桌面系统上可以直接使用Google Chrome+Proxy SwitchyOmega设置HTTPS代理协议使用,iOS上可以使用免费的Potatso Lite,安卓上可以使用Drony设置https代理,在goproxy项目停止后使用Caddy搭建http2 proxy成为了一个不错的选择;ssh代理在安卓上可以使用PosternKi4a – SSH Tunnel,在ios有个SSH Tunnel;大杀器官方ios客户端需要越狱,在不越狱的情况下ShadowrocketNetShuttle支持GFW.Press;iOS上Shadowrocket和level.4可以连接LightSword。

这里主要列举了,目前在翻墙代理中应用较多的10种代理方式,除了这十大代理方式还存在很多代理方式可以用来翻墙,比如gostGSnovaGoGoTunneluProxyhttpproxyGo HTTP tunnelChisel等。

原文:https://www.igfw.net/archives/13537

十大VPN类型在常见操作系统中的支持情况

√代表系统自带支持,〇代表系统安装程序后支持,×代表系统尚不支持

  Windows Mac OS X iOS Android Linux Router
PPTP 〇① 〇②
L2TP/IPsec
SSTP 〇③ × 〇④
IKEv2 〇⑤
IPSec 〇⑥
OpenVPN
SoftEther × 〇⑦
WireGuard ×⑧ × 〇⑨
AnyConnect
Tinc 〇⑩

Windows以Windows7和10为例,Mac OS X和iOS均指最新系统,Router以OpenWRT系统为例。

注:①新版Mac OS X移除了对PPTP的支持,可以使用收费应用Shimo解决;②新版iOS移除了对PPTP的支持,网络上有越狱后恢复PPTP支持的方法;③Mac OS X可以使用Easy SSTPsstp-client连接SSTP;④安卓可以使用收费应用SSTP VPN Client连接SSTP;⑤安卓可以安装strongSwan VPN Client连接IKEv2;⑥Windows可以安装Shrew Soft VPN、Cisco VPN client连接Cisco IPSec VPN;⑦需要root后编译;⑧WireGuard对windows系统的支持尚在计划开发中,⑨WireGuard对安卓的支持尚在试验开发阶段,需要rom支持,未来会提供对安卓的全面支持;⑩需要越狱后安装Tinc

这里主要列举了,目前在翻墙代理中应用较多的10种类型的VPN连接方式,除了这十大VPN类型还存在很多VPN类型,比如ZeroTierSigmaVPNIPOP VPNHamachiQuickTunGoVPNsshuttlekytan、StealthVPN(加强版OpenVPN)等。

原文:https://www.igfw.net/archives/13535

Tor 0.3.2.9 is released: We have a new stable series!

After months of hard work, there’s a new stable Tor release series available!  If you build Tor from source, you can now download the source code for Tor 0.3.2.9 from the usual place on the website. Packages should become available over the coming days, including (we hope) a Tor Browser release before the end of the month.

Tor 0.3.2.9 is the first stable release in the 0.3.2 series.

The 0.3.2 series includes our long-anticipated new onion service design, with numerous security features. (For more information, see our blog post at https://blog.torproject.org/fall-harvest.) We also have a new circuit scheduler algorithm for improved performance on relays everywhere (see https://blog.torproject.org/kist-and-tell), along with many smaller features and bugfixes.

Per our stable release policy, we plan to support each stable release series for at least the next nine months, or for three months after the first stable release of the next series: whichever is longer. If you need a release with long-term support, we recommend that you stay with the 0.2.9 series.

Below is a list of the changes since 0.3.1.7. For a list of all changes since 0.3.2.8-rc, see the ChangeLog file.

Changes In Version 0.3.2.9 – 2018-01-09

  • Directory authority changes:
    • Add “Bastet” as a ninth directory authority to the default list. Closes ticket 23910.
    • The directory authority “Longclaw” has changed its IP address. Closes ticket 23592.
    • Remove longclaw’s IPv6 address, as it will soon change. Authority IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves 3/8 directory authorities with IPv6 addresses, but there are also 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
    • Add an IPv6 address for the “bastet” directory authority. Closes ticket 24394.
  • Major features (next-generation onion services):
    • Tor now supports the next-generation onion services protocol for clients and services! As part of this release, the core of proposal 224 has been implemented and is available for experimentation and testing by our users. This newer version of onion services (“v3”) features many improvements over the legacy system, including:

      a) Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519)

      b) Improved directory protocol, leaking much less information to directory servers.

      c) Improved directory protocol, with smaller surface for targeted attacks.

      d) Better onion address security against impersonation.

      e) More extensible introduction/rendezvous protocol.

      f) A cleaner and more modular codebase.

      You can identify a next-generation onion address by its length: they are 56 characters long, as in “4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion”.

      In the future, we will release more options and features for v3 onion services, but we first need a testing period, so that the current codebase matures and becomes more robust. Planned features include: offline keys, advanced client authorization, improved guard algorithms, and statistics. For full details, see proposal 224.

      Legacy (“v2”) onion services will still work for the foreseeable future, and will remain the default until this new codebase gets tested and hardened. Service operators who want to experiment with the new system can use the ‘HiddenServiceVersion 3’ torrc directive along with the regular onion service configuration options. For more information, see our blog post at “https://blog.torproject.org/fall-harvest“. Enjoy!

  • Major feature (scheduler, channel):
    • Tor now uses new schedulers to decide which circuits should deliver cells first, in order to improve congestion at relays. The first type is called “KIST” (“Kernel Informed Socket Transport”), and is only available on Linux-like systems: it uses feedback from the kernel to prevent the kernel’s TCP buffers from growing too full. The second new scheduler type is called “KISTLite”: it behaves the same as KIST, but runs on systems without kernel support for inspecting TCP implementation details. The old scheduler is still available, under the name “Vanilla”. To change the default scheduler preference order, use the new “Schedulers” option. (The default preference order is “KIST,KISTLite,Vanilla”.)

      Matt Traudt implemented KIST, based on research by Rob Jansen, John Geddes, Christ Wacek, Micah Sherr, and Paul Syverson. For more information, see the design paper at http://www.robgjansen.com/publications/kist-sec2014.pdf and the followup implementation paper at https://arxiv.org/abs/1709.01044. Closes ticket 12541. For more information, see our blog post at “https://blog.torproject.org/kist-and-tell“.

  • Major bugfixes (security, general):
    • Fix a denial of service bug where an attacker could use a malformed directory object to cause a Tor instance to pause while OpenSSL would try to read a passphrase from the terminal. (Tor instances run without a terminal, which is the case for most Tor packages, are not impacted.) Fixes bug 24246; bugfix on every version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720.
  • Major bugfixes (security, directory authority):
    • Fix a denial of service issue where an attacker could crash a directory authority using a malformed router descriptor. Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010 and CVE-2017-8820.
  • Major bugfixes (security, onion service v2):
    • Fix a use-after-free error that could crash v2 Tor onion services when they failed to open circuits while expiring introduction points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is also tracked as TROVE-2017-013 and CVE-2017-8823.
    • When checking for replays in the INTRODUCE1 cell data for a (legacy) onion service, correctly detect replays in the RSA- encrypted part of the cell. We were previously checking for replays on the entire cell, but those can be circumvented due to the malleability of Tor’s legacy hybrid encryption. This fix helps prevent a traffic confirmation attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 and CVE-2017-8819.
  • Major bugfixes (security, relay):
    • When running as a relay, make sure that we never build a path through ourselves, even in the case where we have somehow lost the version of our descriptor appearing in the consensus. Fixes part of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
    • When running as a relay, make sure that we never choose ourselves as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  • Major bugfixes (bootstrapping):
    • Fetch descriptors aggressively whenever we lack enough to build circuits, regardless of how many descriptors we are missing. Previously, we would delay launching the fetch when we had fewer than 15 missing descriptors, even if some of those descriptors were blocking circuits from building. Fixes bug 23985; bugfix on 0.1.1.11-alpha. The effects of this bug became worse in 0.3.0.3-alpha, when we began treating missing descriptors from our primary guards as a reason to delay circuits.
    • Don’t try fetching microdescriptors from relays that have failed to deliver them in the past. Fixes bug 23817; bugfix on 0.3.0.1-alpha.
  • Major bugfixes (circuit prediction):
    • Fix circuit prediction logic so that a client doesn’t treat a port as being “handled” by a circuit if that circuit already has isolation settings on it. This change should make Tor clients more responsive by improving their chances of having a pre-created circuit ready for use when a request arrives. Fixes bug 18859; bugfix on 0.2.3.3-alpha.
  • Major bugfixes (exit relays, DNS):
    • Fix an issue causing DNS to fail on high-bandwidth exit nodes, making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for identifying and finding a workaround to this bug and to Moritz, Arthur Edelstein, and Roger for helping to track it down and analyze it.
  • Major bugfixes (relay, crash, assertion failure):
    • Fix a timing-based assertion failure that could occur when the circuit out-of-memory handler freed a connection’s output buffer. Fixes bug 23690; bugfix on 0.2.6.1-alpha.
  • Major bugfixes (usability, control port):
    • Report trusted clock skew indications as bootstrap errors, so controllers can more easily alert users when their clocks are wrong. Fixes bug 23506; bugfix on 0.1.2.6-alpha.
  • Minor features (bridge):
    • Bridge relays can now set the BridgeDistribution config option to add a “bridge-distribution-request” line to their bridge descriptor, which tells BridgeDB how they’d like their bridge address to be given out. (Note that as of Oct 2017, BridgeDB does not yet implement this feature.) As a side benefit, this feature provides a way to distinguish bridge descriptors from non-bridge descriptors. Implements tickets 18329.
    • When handling the USERADDR command on an ExtOrPort, warn when the transports provides a USERADDR with no port. In a future version, USERADDR commands of this format may be rejected. Detects problems related to ticket 23080.
  • Minor features (bug detection):
    • Log a warning message with a stack trace for any attempt to call get_options() during option validation. This pattern has caused subtle bugs in the past. Closes ticket 22281.
  • Minor features (build, compilation):
    • The “check-changes” feature is now part of the “make check” tests; we’ll use it to try to prevent misformed changes files from accumulating. Closes ticket 23564.
    • Tor builds should now fail if there are any mismatches between the C type representing a configuration variable and the C type the data-driven parser uses to store a value there. Previously, we needed to check these by hand, which sometimes led to mistakes. Closes ticket 23643.
  • Minor features (client):
    • You can now use Tor as a tunneled HTTP proxy: use the new HTTPTunnelPort option to open a port that accepts HTTP CONNECT requests. Closes ticket 22407.
    • Add an extra check to make sure that we always use the newer guard selection code for picking our guards. Closes ticket 22779.
    • When downloading (micro)descriptors, don’t split the list into multiple requests unless we want at least 32 descriptors. Previously, we split at 4, not 32, which led to significant overhead in HTTP request size and degradation in compression performance. Closes ticket 23220.
    • Improve log messages when missing descriptors for primary guards. Resolves ticket 23670.
  • Minor features (command line):
    • Add a new commandline option, –key-expiration, which prints when the current signing key is going to expire. Implements ticket 17639; patch by Isis Lovecruft.
  • Minor features (control port):
    • If an application tries to use the control port as an HTTP proxy, respond with a meaningful “This is the Tor control port” message, and log the event. Closes ticket 1667. Patch from Ravi Chandra Padmala.
    • Provide better error message for GETINFO desc/(id|name) when not fetching router descriptors. Closes ticket 5847. Patch by Kevin Butler.
    • Add GETINFO “{desc,md}/download-enabled”, to inform the controller whether Tor will try to download router descriptors and microdescriptors respectively. Closes ticket 22684.
    • Added new GETINFO targets “ip-to-country/{ipv4,ipv6}-available”, so controllers can tell whether the geoip databases are loaded. Closes ticket 23237.
    • Adds a timestamp field to the CIRC_BW and STREAM_BW bandwidth events. Closes ticket 19254. Patch by “DonnchaC”.
  • Minor features (development support):
    • Developers can now generate a call-graph for Tor using the “calltool” python program, which post-processes object dumps. It should work okay on many Linux and OSX platforms, and might work elsewhere too. To run it, install calltool from https://gitweb.torproject.org/user/nickm/calltool.git and run “make callgraph”. Closes ticket 19307.
  • Minor features (directory authority):
    • Make the “Exit” flag assignment only depend on whether the exit policy allows connections to ports 80 and 443. Previously relays would get the Exit flag if they allowed connections to one of these ports and also port 6667. Resolves ticket 23637.
  • Minor features (ed25519):
    • Add validation function to checks for torsion components in ed25519 public keys, used by prop224 client-side code. Closes ticket 22006. Math help by Ian Goldberg.
  • Minor features (exit relay, DNS):
    • Improve the clarity and safety of the log message from evdns when receiving an apparently spoofed DNS reply. Closes ticket 3056.
  • Minor features (fallback directory mirrors):
    • The fallback directory list has been re-generated based on the current status of the network. Tor uses fallback directories to bootstrap when it doesn’t yet have up-to-date directory information. Closes ticket 24801.
    • Make the default DirAuthorityFallbackRate 0.1, so that clients prefer to bootstrap from fallback directory mirrors. This is a follow-up to 24679, which removed weights from the default fallbacks. Implements ticket 24681.
  • Minor features (geoip):
    • Update geoip and geoip6 to the January 5 2018 Maxmind GeoLite2 Country database.
  • Minor features (integration, hardening):
    • Add a new NoExec option to prevent Tor from running other programs. When this option is set to 1, Tor will never try to run another program, regardless of the settings of PortForwardingHelper, ClientTransportPlugin, or ServerTransportPlugin. Once NoExec is set, it cannot be disabled without restarting Tor. Closes ticket 22976.
  • Minor features (linux seccomp2 sandbox):
    • Update the sandbox rules so that they should now work correctly with Glibc 2.26. Closes ticket 24315.
  • Minor features (logging):
    • Provide better warnings when the getrandom() syscall fails. Closes ticket 24500.
    • Downgrade a pair of log messages that could occur when an exit’s resolver gave us an unusual (but not forbidden) response. Closes ticket 24097.
    • Improve the message we log when re-enabling circuit build timeouts after having received a consensus. Closes ticket 20963.
    • Log more circuit information whenever we are about to try to package a relay cell on a circuit with a nonexistent n_chan. Attempt to diagnose ticket 8185.
    • Improve info-level log identification of particular circuits, to help with debugging. Closes ticket 23645.
    • Improve the warning message for specifying a relay by nickname. The previous message implied that nickname registration was still part of the Tor network design, which it isn’t. Closes ticket 20488.
    • If the sandbox filter fails to load, suggest to the user that their kernel might not support seccomp2. Closes ticket 23090.
  • Minor features (onion service, circuit, logging):
    • Improve logging of many callsite in the circuit subsystem to print the circuit identifier(s).
    • Log when we cleanup an intro point from a service so we know when and for what reason it happened. Closes ticket 23604.
  • Minor features (portability):
    • Tor now compiles correctly on arm64 with libseccomp-dev installed. (It doesn’t yet work with the sandbox enabled.) Closes ticket 24424.
    • Check at configure time whether uint8_t is the same type as unsigned char. Lots of existing code already makes this assumption, and there could be strict aliasing issues if the assumption is violated. Closes ticket 22410.
  • Minor features (relay):
    • When choosing which circuits can be expired as unused, consider circuits from clients even if those clients used regular CREATE cells to make them; and do not consider circuits from relays even if they were made with CREATE_FAST. Part of ticket 22805.
    • Reject attempts to use relative file paths when RunAsDaemon is set. Previously, Tor would accept these, but the directory- changing step of RunAsDaemon would give strange and/or confusing results. Closes ticket 22731.
  • Minor features (relay statistics):
    • Change relay bandwidth reporting stats interval from 4 hours to 24 hours in order to reduce the efficiency of guard discovery attacks. Fixes ticket 23856.
  • Minor features (reverted deprecations):
    • The ClientDNSRejectInternalAddresses flag can once again be set in non-testing Tor networks, so long as they do not use the default directory authorities. This change also removes the deprecation of this flag from 0.2.9.2-alpha. Closes ticket 21031.
  • Minor features (robustness):
    • Change several fatal assertions when flushing buffers into non- fatal assertions, to prevent any recurrence of 23690.
  • Minor features (startup, safety):
    • When configured to write a PID file, Tor now exits if it is unable to do so. Previously, it would warn and continue. Closes ticket 20119.
  • Minor features (static analysis):
    • The BUG() macro has been changed slightly so that Coverity no longer complains about dead code if the bug is impossible. Closes ticket 23054.
  • Minor features (testing):
    • Our fuzzing tests now test the encrypted portions of v3 onion service descriptors. Implements more of 21509.
    • Add a unit test to make sure that our own generated platform string will be accepted by directory authorities. Closes ticket 22109.
    • The default chutney network tests now include tests for the v3 onion service design. Make sure you have the latest version of chutney if you want to run these. Closes ticket 22437.
    • Add a unit test to verify that we can parse a hardcoded v2 onion service descriptor. Closes ticket 15554.
  • Minor bugfixes (address selection):
    • When the fascist_firewall_choose_address_ functions don’t find a reachable address, set the returned address to the null address and port. This is a precautionary measure, because some callers do not check the return value. Fixes bug 24736; bugfix on 0.2.8.2-alpha.
  • Minor bugfixes (bootstrapping):
    • When warning about state file clock skew, report the correct direction for the detected skew. Fixes bug 23606; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (bridge clients, bootstrap):
    • Retry directory downloads when we get our first bridge descriptor during bootstrap or while reconnecting to the network. Keep retrying every time we get a bridge descriptor, until we have a reachable bridge. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha.
    • Stop delaying bridge descriptor fetches when we have cached bridge descriptors. Instead, only delay bridge descriptor fetches when we have at least one reachable bridge. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha.
    • Stop delaying directory fetches when we have cached bridge descriptors. Instead, only delay bridge descriptor fetches when all our bridges are definitely unreachable. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha.
  • Minor bugfixes (bridge):
    • Overwrite the bridge address earlier in the process of retrieving its descriptor, to make sure we reach it on the configured address. Fixes bug 20532; bugfix on 0.2.0.10-alpha.
  • Minor bugfixes (build, compilation):
    • Fix a compilation warning when building with zstd support on 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found and fixed by Andreas Stieger.
    • When searching for OpenSSL, don’t accept any OpenSSL library that lacks TLSv1_1_method(): Tor doesn’t build with those versions. Additionally, look in /usr/local/opt/openssl, if it’s present. These changes together repair the default build on OSX systems with Homebrew installed. Fixes bug 23602; bugfix on 0.2.7.2-alpha.
    • Fix a signed/unsigned comparison warning introduced by our fix to TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
    • Fix a memory leak warning in one of the libevent-related configuration tests that could occur when manually specifying -fsanitize=address. Fixes bug 24279; bugfix on 0.3.0.2-alpha. Found and patched by Alex Xu.
    • Fix unused-variable warnings in donna’s Curve25519 SSE2 code. Fixes bug 22895; bugfix on 0.2.7.2-alpha.
  • Minor bugfixes (certificate handling):
    • Fix a time handling bug in Tor certificates set to expire after the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha. Found by Coverity as CID 1415728.
  • Minor bugfixes (client):
    • By default, do not enable storage of client-side DNS values. These values were unused by default previously, but they should not have been cached at all. Fixes bug 24050; bugfix on 0.2.6.3-alpha.
  • Minor bugfixes (client, usability):
    • Refrain from needlessly rejecting SOCKS5-with-hostnames and SOCKS4a requests that contain IP address strings, even when SafeSocks in enabled, as this prevents user from connecting to known IP addresses without relying on DNS for resolving. SafeSocks still rejects SOCKS connections that connect to IP addresses when those addresses are _not_ encoded as hostnames. Fixes bug 22461; bugfix on Tor 0.2.6.2-alpha.
  • Minor bugfixes (code correctness):
    • Call htons() in extend_cell_format() for encoding a 16-bit value. Previously we used ntohs(), which happens to behave the same on all the platforms we support, but which isn’t really correct. Fixes bug 23106; bugfix on 0.2.4.8-alpha.
    • For defense-in-depth, make the controller’s write_escaped_data() function robust to extremely long inputs. Fixes bug 19281; bugfix on 0.1.1.1-alpha. Reported by Guido Vranken.
    • Fix several places in our codebase where a C compiler would be likely to eliminate a check, based on assuming that undefined behavior had not happened elsewhere in the code. These cases are usually a sign of redundant checking or dubious arithmetic. Found by Georg Koppen using the “STACK” tool from Wang, Zeldovich, Kaashoek, and Solar-Lezama. Fixes bug 24423; bugfix on various Tor versions.
  • Minor bugfixes (compression):
    • Handle a pathological case when decompressing Zstandard data when the output buffer size is zero. Fixes bug 23551; bugfix on 0.3.1.1-alpha.
  • Minor bugfixes (consensus expiry):
    • Check for adequate directory information correctly. Previously, Tor would reconsider whether it had sufficient directory information every 2 minutes. Fixes bug 23091; bugfix on 0.2.0.19-alpha.
  • Minor bugfixes (control port, linux seccomp2 sandbox):
    • Avoid a crash when attempting to use the seccomp2 sandbox together with the OwningControllerProcess feature. Fixes bug 24198; bugfix on 0.2.5.1-alpha.
  • Minor bugfixes (control port, onion services):
    • Report “FAILED” instead of “UPLOAD_FAILED” “FAILED” for the HS_DESC event when a service is not able to upload a descriptor. Fixes bug 24230; bugfix on 0.2.7.1-alpha.
  • Minor bugfixes (directory cache):
    • Recover better from empty or corrupt files in the consensus cache directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
    • When a consensus diff calculation is only partially successful, only record the successful parts as having succeeded. Partial success can happen if (for example) one compression method fails but the others succeed. Previously we misrecorded all the calculations as having succeeded, which would later cause a nonfatal assertion failure. Fixes bug 24086; bugfix on 0.3.1.1-alpha.
  • Minor bugfixes (directory client):
    • On failure to download directory information, delay retry attempts by a random amount based on the “decorrelated jitter” algorithm. Our previous delay algorithm tended to produce extra-long delays too easily. Fixes bug 23816; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (directory protocol):
    • Directory servers now include a “Date:” http header for response codes other than 200. Clients starting with a skewed clock and a recent consensus were getting “304 Not modified” responses from directory authorities, so without the Date header, the client would never hear about a wrong clock. Fixes bug 23499; bugfix on 0.0.8rc1.
    • Make clients wait for 6 seconds before trying to download a consensus from an authority. Fixes bug 17750; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (documentation):
    • Document better how to read gcov, and what our gcov postprocessing scripts do. Fixes bug 23739; bugfix on 0.2.9.1-alpha.
    • Fix manpage to not refer to the obsolete (and misspelled) UseEntryGuardsAsDirectoryGuards parameter in the description of NumDirectoryGuards. Fixes bug 23611; bugfix on 0.2.4.8-alpha.
  • Minor bugfixes (DoS-resistance):
    • If future code asks if there are any running bridges, without checking if bridges are enabled, log a BUG warning rather than crashing. Fixes bug 23524; bugfix on 0.3.0.1-alpha.
  • Minor bugfixes (entry guards):
    • Tor now updates its guard state when it reads a consensus regardless of whether it’s missing descriptors. That makes tor use its primary guards to fetch descriptors in some edge cases where it would previously have used fallback directories. Fixes bug 23862; bugfix on 0.3.0.1-alpha.
  • Minor bugfixes (format strictness):
    • Restrict several data formats to decimal. Previously, the BuildTimeHistogram entries in the state file, the “bw=” entries in the bandwidth authority file, and the process IDs passed to the __OwningControllerProcess option could all be specified in hex or octal as well as in decimal. This was not an intentional feature. Fixes bug 22802; bugfixes on 0.2.2.1-alpha, 0.2.2.2-alpha, and 0.2.2.28-beta.
  • Minor bugfixes (heartbeat):
    • If we fail to write a heartbeat message, schedule a retry for the minimum heartbeat interval number of seconds in the future. Fixes bug 19476; bugfix on 0.2.3.1-alpha.
  • Minor bugfixes (logging):
    • Suppress a log notice when relay descriptors arrive. We already have a bootstrap progress for this so no need to log notice everytime tor receives relay descriptors. Microdescriptors behave the same. Fixes bug 23861; bugfix on 0.2.8.2-alpha.
    • Remove duplicate log messages regarding opening non-local SocksPorts upon parsing config and opening listeners at startup. Fixes bug 4019; bugfix on 0.2.3.3-alpha.
    • Use a more comprehensible log message when telling the user they’ve excluded every running exit node. Fixes bug 7890; bugfix on 0.2.2.25-alpha.
    • When logging the number of descriptors we intend to download per directory request, do not log a number higher than then the number of descriptors we’re fetching in total. Fixes bug 19648; bugfix on 0.1.1.8-alpha.
    • When warning about a directory owned by the wrong user, log the actual name of the user owning the directory. Previously, we’d log the name of the process owner twice. Fixes bug 23487; bugfix on 0.2.9.1-alpha.
    • Fix some messages on unexpected errors from the seccomp2 library. Fixes bug 22750; bugfix on 0.2.5.1-alpha. Patch from “cypherpunks”.
    • The tor specification says hop counts are 1-based, so fix two log messages that mistakenly logged 0-based hop counts. Fixes bug 18982; bugfix on 0.2.6.2-alpha and 0.2.4.5-alpha. Patch by teor. Credit to Xiaofan Li for reporting this issue.
  • Minor bugfixes (logging, relay shutdown, annoyance):
    • When a circuit is marked for close, do not attempt to package any cells for channels on that circuit. Previously, we would detect this condition lower in the call stack, when we noticed that the circuit had no attached channel, and log an annoying message. Fixes bug 8185; bugfix on 0.2.5.4-alpha.
  • Minor bugfixes (memory safety, defensive programming):
    • Clear the target address when node_get_prim_orport() returns early. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
  • Minor bugfixes (memory usage):
    • When queuing DESTROY cells on a channel, only queue the circuit-id and reason fields: not the entire 514-byte cell. This fix should help mitigate any bugs or attacks that fill up these queues, and free more RAM for other uses. Fixes bug 24666; bugfix on 0.2.5.1-alpha.
  • Minor bugfixes (network layer):
    • When closing a connection via close_connection_immediately(), we mark it as “not blocked on bandwidth”, to prevent later calls from trying to unblock it, and give it permission to read. This fixes a backtrace warning that can happen on relays under various circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
  • Minor bugfixes (onion services):
    • The introduction circuit was being timed out too quickly while waiting for the rendezvous circuit to complete. Keep the intro circuit around longer instead of timing out and reopening new ones constantly. Fixes bug 23681; bugfix on 0.2.4.8-alpha.
    • Rename the consensus parameter “hsdir-interval” to “hsdir_interval” so it matches dir-spec.txt. Fixes bug 24262; bugfix on 0.3.1.1-alpha.
    • When handling multiple SOCKS request for the same .onion address, only fetch the service descriptor once.
    • Avoid a possible double close of a circuit by the intro point on error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610; bugfix on 0.3.0.1-alpha.
    • When reloading configured onion services, copy all information from the old service object. Previously, some data was omitted, causing delays in descriptor upload, and other bugs. Fixes bug 23790; bugfix on 0.2.1.9-alpha.
  • Minor bugfixes (path selection):
    • When selecting relays by bandwidth, avoid a rounding error that could sometimes cause load to be imbalanced incorrectly. Previously, we would always round upwards; now, we round towards the nearest integer. This had the biggest effect when a relay’s weight adjustments should have given it weight 0, but it got weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
    • When calculating the fraction of nodes that have descriptors, and all nodes in the network have zero bandwidths, count the number of nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
    • Actually log the total bandwidth in compute_weighted_bandwidths(). Fixes bug 24170; bugfix on 0.2.4.3-alpha.
  • Minor bugfixes (portability):
    • Stop using the PATH_MAX variable, which is not defined on GNU Hurd. Fixes bug 23098; bugfix on 0.3.1.1-alpha.
    • Fix a bug in the bit-counting parts of our timing-wheel code on MSVC. (Note that MSVC is still not a supported build platform, due to cyptographic timing channel risks.) Fixes bug 24633; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (relay):
    • When uploading our descriptor for the first time after startup, report the reason for uploading as “Tor just started” rather than leaving it blank. Fixes bug 22885; bugfix on 0.2.3.4-alpha.
    • Avoid unnecessary calls to directory_fetches_from_authorities() on relays, to prevent spurious address resolutions and descriptor rebuilds. This is a mitigation for bug 21789. Fixes bug 23470; bugfix on in 0.2.8.1-alpha.
    • Avoid a crash when transitioning from client mode to bridge mode. Previously, we would launch the worker threads whenever our “public server” mode changed, but not when our “server” mode changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
  • Minor bugfixes (testing):
    • Fix a spurious fuzzing-only use of an uninitialized value. Found by Brian Carpenter. Fixes bug 24082; bugfix on 0.3.0.3-alpha.
    • Test that IPv6-only clients can use microdescriptors when running “make test-network-all”. Requires chutney master 61c28b9 or later. Closes ticket 24109.
    • Prevent scripts/test/coverage from attempting to move gcov output to the root directory. Fixes bug 23741; bugfix on 0.2.5.1-alpha.
    • Capture and detect several “Result does not fit” warnings in unit tests on platforms with 32-bit time_t. Fixes bug 21800; bugfix on 0.2.9.3-alpha.
    • Fix additional channelpadding unit test failures by using mocked time instead of actual time for all tests. Fixes bug 23608; bugfix on 0.3.1.1-alpha.
    • Fix a bug in our fuzzing mock replacement for crypto_pk_checksig(), to correctly handle cases where a caller gives it an RSA key of under 160 bits. (This is not actually a bug in Tor itself, but rather in our fuzzing code.) Fixes bug 24247; bugfix on 0.3.0.3-alpha. Found by OSS-Fuzz as issue 4177.
    • Fix a broken unit test for the OutboundAddress option: the parsing function was never returning an error on failure. Fixes bug 23366; bugfix on 0.3.0.3-alpha.
    • Fix a signed-integer overflow in the unit tests for dir/download_status_random_backoff, which was untriggered until we fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (usability, control port):
    • Stop making an unnecessary routerlist check in NETINFO clock skew detection; this was preventing clients from reporting NETINFO clock skew to controllers. Fixes bug 23532; bugfix on 0.2.4.4-alpha.
  • Code simplification and refactoring:
    • Remove various ways of testing circuits and connections for “clientness”; instead, favor channel_is_client(). Part of ticket 22805.
    • Extract the code for handling newly-open channels into a separate function from the general code to handle channel state transitions. This change simplifies our callgraph, reducing the size of the largest strongly connected component by roughly a factor of two. Closes ticket 22608.
    • Remove dead code for largely unused statistics on the number of times we’ve attempted various public key operations. Fixes bug 19871; bugfix on 0.1.2.4-alpha. Fix by Isis Lovecruft.
    • Remove several now-obsolete functions for asking about old variants directory authority status. Closes ticket 22311; patch from “huyvq”.
    • Remove some of the code that once supported “Named” and “Unnamed” routers. Authorities no longer vote for these flags. Closes ticket 22215.
    • Rename the obsolete malleable hybrid_encrypt functions used in TAP and old hidden services, to indicate that they aren’t suitable for new protocols or formats. Closes ticket 23026.
    • Replace our STRUCT_OFFSET() macro with offsetof(). Closes ticket 22521. Patch from Neel Chauhan.
    • Split the enormous circuit_send_next_onion_skin() function into multiple subfunctions. Closes ticket 22804.
    • Split the portions of the buffer.c module that handle particular protocols into separate modules. Part of ticket 23149.
    • Use our test macros more consistently, to produce more useful error messages when our unit tests fail. Add coccinelle patches to allow us to re-check for test macro uses. Closes ticket 22497.
  • Deprecated features:
    • The ReachableDirAddresses and ClientPreferIPv6DirPort options are now deprecated; they do not apply to relays, and they have had no effect on clients since 0.2.8.x. Closes ticket 19704.
    • Deprecate HTTPProxy/HTTPProxyAuthenticator config options. They only applies to direct unencrypted HTTP connections to your directory server, which your Tor probably isn’t using. Closes ticket 20575.
  • Documentation:
    • Add notes in man page regarding OS support for the various scheduler types. Attempt to use less jargon in the scheduler section. Closes ticket 24254.
    • Clarify that the Address option is entirely about setting an advertised IPv4 address. Closes ticket 18891.
    • Clarify the manpage’s use of the term “address” to clarify what kind of address is intended. Closes ticket 21405.
    • Document that onion service subdomains are allowed, and ignored. Closes ticket 18736.
    • Clarify in the manual that “Sandbox 1” is only supported on Linux kernels. Closes ticket 22677.
    • Document all values of PublishServerDescriptor in the manpage. Closes ticket 15645.
    • Improve the documentation for the directory port part of the DirAuthority line. Closes ticket 20152.
    • Restore documentation for the authorities’ “approved-routers” file. Closes ticket 21148.
  • Removed features:
    • The AllowDotExit option has been removed as unsafe. It has been deprecated since 0.2.9.2-alpha. Closes ticket 23426.
    • The ClientDNSRejectInternalAddresses flag can no longer be set on non-testing networks. It has been deprecated since 0.2.9.2-alpha. Closes ticket 21031.
    • The controller API no longer includes an AUTHDIR_NEWDESCS event: nobody was using it any longer. Closes ticket 22377.

原文:https://blog.torproject.org/tor-0329-released-we-have-new-stable-series

Tor Browser 7.5a10 is released

Tor Browser 7.5a10 is now available from the Tor Browser Project page and also from our distribution directory.

This release updates Tor to 0.3.2.7-rc and OpenSSL to 1.0.2n. The security slider has been updated, following the experience provided for mobile users. On Linux, the “Print to File” feature should be working again.

The full changelog since Tor Browser 7.5a9 is:

  • All Platforms
    • Update Tor to 0.3.2.7-rc
    • Update OpenSSL to 1.0.2n
    • Update Torbutton to 1.9.8.4
      • Bug 21847: Update copy for security slider
      • Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
      • Translations update
    • Update Tor Launcher to 0.2.14.2
      • Bug 24623: Revise “country that censors Tor” text
      • Bug 24428: Bootstrap error message sometimes lost
      • Bug 24624: tbb-logo.svg may cause network access
      • Bug 10573: Replace deprecated nsILocalFile with nsIFile (code clean-up)
      • Translations update
    • Update NoScript to 5.1.8.3
    • Bug 23104: CSS line-height reveals the platform Tor Browser is running on
    • Bug 24398: Plugin-container process exhausts memory
  • OS X
    • Bug 24566: Avoid white flashes when opening dialogs in Tor Browser
  • Linux
    • Bug 23970: Make “Print to File” work with sandboxing enabled
    • Bug 23016: “Print to File” is broken on some non-english Linux systems
  • Android

原文:https://blog.torproject.org/tor-browser-75a10-released

Tor Browser 7.5a8 is released

Tor Browser 7.5a8 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates Firefox to version 52.5.0esr and Tor to version version 0.3.2.4-alpha. The HTTPS Everywhere and NoScript extensions we ship have also been updated.

This release also includes a new Tor Launcher with an improved progress bar and configuration UI.

On Windows, users with a 64bit CPU can now download a 64bit version of Tor Browser. Users of the 32bit version won’t automatically be updated to the 64bit version yet, so a manual installation needs to be done. Due to bug 24197 the sandbox is not yet enabled in the 64bit version. We plan to fix that in the next release.

The full changelog since Tor Browser 7.5a7 (7.5a6 for Windows) is:

  • All Platforms
    • Update Firefox to 52.5.0esr
    • Update Tor to 0.3.2.4-alpha
    • Update Torbutton to 1.9.8.3
      • Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
      • Bug 23949: Fix donation banner display
      • Update locales with translated banner
      • Translations update
    • Update Tor Launcher to 0.2.14.1
      • Bug 23262: Implement integrated progress bar
      • Bug 23261: implement configuration portion of new Tor Launcher UI
      • Translations update
    • Update HTTPS-Everywhere to 2017.10.30
    • Update NoScript to 5.1.5
      • Bug 23968: NoScript icon jumps to the right after update
    • Update sandboxed-tor-browser to 0.0.15
  • Windows
    • Bug 20636+10026: Create 64bit Tor Browser for Windows
    • Bug 24052: Block file:// redirects early

原文:https://blog.torproject.org/tor-browser-75a8-released

New stable Tor releases, with security fixes: 0.3.1.9, 0.3.0.13, 0.2.9.14, 0.2.8.17, 0.2.5.16

There are new stable releases today, fixing the following security issues.  For more information about the issues, follow the links from from https://trac.torproject.org/projects/tor/wiki/TROVE

TROVE-2017-009: Replay-cache ineffective for v2 onion services
TROVE-2017-010: Remote DoS attack against directory authorities
TROVE-2017-011: An attacker can make Tor ask for a password
TROVE-2017-012: Relays can pick themselves in a circuit path
TROVE-2017-013: Use-after-free in onion service v2

You can download the source for 0.3.1.9 from the usual place on the website. For the older release series, see https://dist.torproject.org/. Binary packages should be available soon. All users should update to one of these releases, or to 0.3.2.6-alpha, also released today.

Below is the changelog for 0.3.1.9.  For the other releases, see the tor-announceme email.

Tor 0.3.1.9 backports important security and stability fixes from the 0.3.2 development series. All Tor users should upgrade to this release, or to another of the releases coming out today.

Changes In Version 0.3.1.9 – 2017-12-01:

  • Major bugfixes (security, backport from 0.3.2.6-alpha):
    • Fix a denial of service bug where an attacker could use a malformed directory object to cause a Tor instance to pause while OpenSSL would try to read a passphrase from the terminal. (Tor instances run without a terminal, which is the case for most Tor packages, are not impacted.) Fixes bug 24246; bugfix on every version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720.
    • Fix a denial of service issue where an attacker could crash a directory authority using a malformed router descriptor. Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010 and CVE-2017-8820.
    • When checking for replays in the INTRODUCE1 cell data for a (legacy) onion service, correctly detect replays in the RSA- encrypted part of the cell. We were previously checking for replays on the entire cell, but those can be circumvented due to the malleability of Tor’s legacy hybrid encryption. This fix helps prevent a traffic confirmation attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 and CVE-2017-8819.
  • Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
    • Fix a use-after-free error that could crash v2 Tor onion services when they failed to open circuits while expiring introduction points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is also tracked as TROVE-2017-013 and CVE-2017-8823.
  • Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
    • When running as a relay, make sure that we never build a path through ourselves, even in the case where we have somehow lost the version of our descriptor appearing in the consensus. Fixes part of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
    • When running as a relay, make sure that we never choose ourselves as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  • Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
    • Fix an issue causing DNS to fail on high-bandwidth exit nodes, making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for identifying and finding a workaround to this bug and to Moritz, Arthur Edelstein, and Roger for helping to track it down and analyze it.
  • Minor features (bridge):
    • Bridges now include notice in their descriptors that they are bridges, and notice of their distribution status, based on their publication settings. Implements ticket 18329. For more fine- grained control of how a bridge is distributed, upgrade to 0.3.2.x or later.
  • Minor features (directory authority, backport from 0.3.2.6-alpha):
    • Add an IPv6 address for the “bastet” directory authority. Closes ticket 24394.
  • Minor features (geoip):
    • Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2 Country database.
  • Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
    • Avoid unnecessary calls to directory_fetches_from_authorities() on relays, to prevent spurious address resolutions and descriptor rebuilds. This is a mitigation for bug 21789. Fixes bug 23470; bugfix on in 0.2.8.1-alpha.
  • Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
    • Fix unused variable warnings in donna’s Curve25519 SSE2 code. Fixes bug 22895; bugfix on 0.2.7.2-alpha.
  • Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
    • When a circuit is marked for close, do not attempt to package any cells for channels on that circuit. Previously, we would detect this condition lower in the call stack, when we noticed that the circuit had no attached channel, and log an annoying message. Fixes bug 8185; bugfix on 0.2.5.4-alpha.
  • Minor bugfixes (onion service, backport from 0.3.2.5-alpha):
    • Rename the consensus parameter “hsdir-interval” to “hsdir_interval” so it matches dir-spec.txt. Fixes bug 24262; bugfix on 0.3.1.1-alpha.
  • Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
    • Avoid a crash when transitioning from client mode to bridge mode. Previously, we would launch the worker threads whenever our “public server” mode changed, but not when our “server” mode changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.

原文:https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516

Tor 0.3.2.6-alpha is released, with security updates

This version of Tor is the latest in the 0.3.2 alpha series. It includes fixes for several important security issues. All Tor users should upgrade to this release, or to one of the other releases coming out today. (The next announcement will be about the stable releases.)

You can download the source from the usual place on the website. Binary packages should be available soon.

These releases fix the following security bugs. For more information
on each one, see the links from
https://trac.torproject.org/projects/tor/wiki/TROVE

TROVE-2017-009: Replay-cache ineffective for v2 onion services
TROVE-2017-010: Remote DoS attack against directory authorities
TROVE-2017-011: An attacker can make Tor ask for a password
TROVE-2017-012: Relays can pick themselves in a circuit path
TROVE-2017-013: Use-after-free in onion service v2

Changes In Version 0.3.2.6-Alpha – 2017-12-01

  • Major bugfixes (security):
    • Fix a denial of service bug where an attacker could use a malformed directory object to cause a Tor instance to pause while OpenSSL would try to read a passphrase from the terminal. (Tor instances run without a terminal, which is the case for most Tor packages, are not impacted.) Fixes bug 24246; bugfix on every version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720.
    • Fix a denial of service issue where an attacker could crash a directory authority using a malformed router descriptor. Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010 and CVE-2017-8820.
    • When checking for replays in the INTRODUCE1 cell data for a (legacy) onion service, correctly detect replays in the RSA- encrypted part of the cell. We were previously checking for replays on the entire cell, but those can be circumvented due to the malleability of Tor’s legacy hybrid encryption. This fix helps prevent a traffic confirmation attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 and CVE-2017-8819.
  • Major bugfixes (security, onion service v2):
    • Fix a use-after-free error that could crash v2 Tor onion services when they failed to open circuits while expiring introduction points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is also tracked as TROVE-2017-013 and CVE-2017-8823.
  • Major bugfixes (security, relay):
    • When running as a relay, make sure that we never build a path through ourselves, even in the case where we have somehow lost the version of our descriptor appearing in the consensus. Fixes part of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
    • When running as a relay, make sure that we never choose ourselves as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  • Minor feature (relay statistics):
    • Change relay bandwidth reporting stats interval from 4 hours to 24 hours in order to reduce the efficiency of guard discovery attacks. Fixes ticket 23856.
  • Minor features (directory authority):
    • Add an IPv6 address for the “bastet” directory authority. Closes ticket 24394.
  • Minor bugfixes (client):
    • By default, do not enable storage of client-side DNS values. These values were unused by default previously, but they should not have been cached at all. Fixes bug 24050; bugfix on 0.2.6.3-alpha.

原文:https://blog.torproject.org/tor-0326-alpha-released-security-updates

安卓版: 无界一点通4.1正式版(2017年11月23日)

无界一点通4.1b升级为正式版。

http://wujieliulan.com/download/um4.1.apk

sha256: 1987b974667d482fc519313771b49bac5e850393d3f365dfc1d6a7c688c5920c
md5: 9195fc772e76eb31a0e08f1f4c3a5c75

谢谢。

**********
无界一点通4.1做了以下改进:

1. 加速电视/广播启动速度;
2. 修复新唐人某些网页白屏问题;
3. 增加明慧广播;
4. 解决新平台下载许可问题;
5.增强安全性和连通能力。

**********
无界一点通”是安卓版的翻墙软件, 让您看到没有被过滤的真实讯息。适用于安卓手机/安卓机顶盒等安卓平台。

安装”无界一点通”测试版:

1。需要首先对手机进行设置: 按“菜单”键 –> settings(设置)–> Applications(应用程序), 钩选”Unknown sources”(未知源)。
注: 有的版本是: 按“菜单”键 –> settings(设置)–> security (安全) 里面, 钩选”Unknown sources”(未知源)。

2。将下载的um.apk文件拷贝到手机SD卡(或内置SD卡)上。如果下载的为压缩文件, 无须解压, 直接将文件扩展名 .zip 更改为 .apk 。
在安卓手机上点击um.apk文件便可安装。如与已经安装的无界一点通旧版有冲突,请先卸载旧版, 再安装新版。

3。详细说明见网址: 《网址》m.wujieliulan.com/userguide.html 《网址》

4。 注意事项:
建议使用无界一点通自带的浏览器。如果在VPN模式下使用其他浏览器(而不是无界一点通自带的浏览器),
a. 建议使用原装的国外的浏览器,如谷歌的Chrome或火狐等。手机自带浏览器或国内的浏览器可能对敏感网站有监控或封锁。
b.请使用其浏览器的“隐私模式”, 或退出无界一点通之后,请将浏览器的历史记录清除,否则在没有VPN的情况下无意中点击了这些历史记录,会有安全隐患。

原文:http://forums.internetfreedom.org/index.php?topic=22467.0

安卓版: 无界一点通4.1b测试版(2017年11月17日)

http://wujieliulan.com/download/um4.1b.apk

sha256: 1987b974667d482fc519313771b49bac5e850393d3f365dfc1d6a7c688c5920c
md5: 9195fc772e76eb31a0e08f1f4c3a5c75

谢谢。

**********
无界一点通4.1a测试版, 做了以下改进:

1. 加速电视/广播启动速度;
2. 修复新唐人某些网页白屏问题;
3. 增加明慧广播;
4. 解决新平台下载许可问题;
5.增强安全性和连通能力。

**********
无界一点通”是安卓版的翻墙软件, 让您看到没有被过滤的真实讯息。适用于安卓手机/安卓机顶盒等安卓平台。

安装”无界一点通”测试版:

1。需要首先对手机进行设置: 按“菜单”键 –> settings(设置)–> Applications(应用程序), 钩选”Unknown sources”(未知源)。
注: 有的版本是: 按“菜单”键 –> settings(设置)–> security (安全) 里面, 钩选”Unknown sources”(未知源)。

2。将下载的um.apk文件拷贝到手机SD卡(或内置SD卡)上。如果下载的为压缩文件, 无须解压, 直接将文件扩展名 .zip 更改为 .apk 。
在安卓手机上点击um.apk文件便可安装。如与已经安装的无界一点通旧版有冲突,请先卸载旧版, 再安装新版。

3。详细说明见网址: 《网址》m.wujieliulan.com/userguide.html 《网址》

4。 注: 如果在VPN模式下使用其他浏览器(而不是无界一点通自带的浏览器),请使用其浏览器的“隐私模式”, 或退出无界一点通之后,请将浏览器的历史记录清除,否则在没有VPN的情况下无意中点击了这些历史记录,会有安全隐患。

原文:http://forums.internetfreedom.org/index.php?topic=22452.0

Tor Browser 7.0.10 is released

Tor Browser 7.0.10 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates Firefox to version 52.5.0esr and Tor to version version 0.3.1.8, the second stable release in the 0.3.1 series. In addition to that we updated the HTTPS Everywhere and NoScript extensions we ship. For Windows users we backported patches from the alpha series that update the msvcr100.dll runtime library we include and which should make Tor Browser more robust against crashes due to misbehvaing third party software.

The full changelog since Tor Browser 7.0.9 (7.0.8 for Windows) is:

  • All Platforms
    • Update Firefox to 52.5.0esr
    • Update Tor to 0.3.1.8
    • Update Torbutton to 1.9.7.10
      • Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
      • Translations update
    • Update HTTPS-Everywhere to 2017.10.30
      • Bug 24178: Use make.sh for building HTTPS-Everywhere
    • Update NoScript to 5.1.5
      • Bug 23968: NoScript icon jumps to the right after update
  • Windows
    • Bug 23582: Enable the Windows DLL blocklist for mingw-w64 builds
    • Bug 23396: Update the msvcr100.dll we ship
    • Bug 24052: Block file:// redirects early

原文:https://blog.torproject.org/tor-browser-7010-released

Tor 0.3.2.4-alpha is released, with several stability fixes by nickm

Tor 0.3.2.4-alpha is the fourth alpha release in the 0.3.2.x series. It fixes several stability and reliability bugs, especially including a major reliability issue that has been plaguing fast exit relays in recent months.

You can download the source from the usual place on the website. Binary packages should be available soon, with an alpha Tor Browser likely in the next week or so.

Remember: This is an alpha release, and it’s likely to have more bugs than usual. We hope that people will try it out to find and report bugs, though.

Changes In Version 0.3.2.4-Alpha – 2017-11-08

  • Major bugfixes (exit relays, DNS):
    • Fix an issue causing DNS to fail on high-bandwidth exit nodes, making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for identifying and finding a workaround to this bug and to Moritz, Arthur Edelstein, and Roger for helping to track it down and analyze it.
  • Major bugfixes (scheduler, channel):
    • Stop processing scheduled channels if they closed while flushing cells. This can happen if the write on the connection fails leading to the channel being closed while in the scheduler loop. Fixes bug 23751; bugfix on 0.3.2.1-alpha.
  • Minor features (logging, scheduler):
    • Introduce a SCHED_BUG() function to log extra information about the scheduler state if we ever catch a bug in the scheduler. Closes ticket 23753.
  • Minor features (removed deprecations):
    • The ClientDNSRejectInternalAddresses flag can once again be set in non-testing Tor networks, so long as they do not use the default directory authorities. This change also removes the deprecation of this flag from 0.2.9.2-alpha. Closes ticket 21031.
  • Minor features (testing):
    • Our fuzzing tests now test the encrypted portions of v3 onion service descriptors. Implements more of 21509.
  • Minor bugfixes (directory client):
    • On failure to download directory information, delay retry attempts by a random amount based on the “decorrelated jitter” algorithm. Our previous delay algorithm tended to produce extra-long delays too easily. Fixes bug 23816; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (IPv6, v3 single onion services):
    • Remove buggy code for IPv6-only v3 single onion services, and reject attempts to configure them. This release supports IPv4, dual-stack, and IPv6-only v3 onion services; and IPv4 and dual- stack v3 single onion services. Fixes bug 23820; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (logging, relay):
    • Give only a protocol warning when the ed25519 key is not consistent between the descriptor and microdescriptor of a relay. This can happen, for instance, if the relay has been flagged NoEdConsensus. Fixes bug 24025; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (manpage, onion service):
    • Document that the HiddenServiceNumIntroductionPoints option is 0-10 for v2 services and 0-20 for v3 services. Fixes bug 24115; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (memory leaks):
    • Fix a minor memory leak at exit in the KIST scheduler. This bug should have no user-visible impact. Fixes bug 23774; bugfix on 0.3.2.1-alpha.
    • Fix a memory leak when decrypting a badly formatted v3 onion service descriptor. Fixes bug 24150; bugfix on 0.3.2.1-alpha. Found by OSS-Fuzz; this is OSS-Fuzz issue 3994.
  • Minor bugfixes (onion services):
    • Cache some needed onion service client information instead of constantly computing it over and over again. Fixes bug 23623; bugfix on 0.3.2.1-alpha.
    • Properly retry HSv3 descriptor fetches when missing required directory information. Fixes bug 23762; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (path selection):
    • When selecting relays by bandwidth, avoid a rounding error that could sometimes cause load to be imbalanced incorrectly. Previously, we would always round upwards; now, we round towards the nearest integer. This had the biggest effect when a relay’s weight adjustments should have given it weight 0, but it got weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
    • When calculating the fraction of nodes that have descriptors, and all nodes in the network have zero bandwidths, count the number of nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
    • Actually log the total bandwidth in compute_weighted_bandwidths(). Fixes bug 24170; bugfix on 0.2.4.3-alpha.
  • Minor bugfixes (relay, crash):
    • Avoid a crash when transitioning from client mode to bridge mode. Previously, we would launch the worker threads whenever our “public server” mode changed, but not when our “server” mode changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
  • Minor bugfixes (testing):
    • Fix a spurious fuzzing-only use of an uninitialized value. Found by Brian Carpenter. Fixes bug 24082; bugfix on 0.3.0.3-alpha.
    • Test that IPv6-only clients can use microdescriptors when running “make test-network-all”. Requires chutney master 61c28b9 or later. Closes ticket 24109.

原文:https://blog.torproject.org/tor-0324-alpha-released-several-stability-fixes

无界浏览17.04正式版 (2017年11月12日)

17.03发现了一些问题,请更新到17.04。

执行版:
http://wujieliulan.com/download/u1704.exe
SHA512: 9301e32dd888ed465c7d4c33fbe37ff5a2cf7b75b945fabd74e49c86d5bbd0ba9f3f230c801744778217696548250a5394b3768c7e3b22e86a354f30389493a9

压缩版:
http://wujieliulan.com/download/u1704.zip
SHA512: 85926536dee8b31255e06484b7d2bb647490f0dea823e2d236f97eaa6ffdb3f21a458add967f1a4c02e1677c5cd5347f5d13c642764e4eb4e28a94d46e91a96c

原文:http://forums.internetfreedom.org/index.php?topic=22439.0

无界浏览测17.03正式版 (2017年11月11日)

谢谢大家测试并反馈,17.03c 升级为17.03正式版。

执行版:
http://wujieliulan.com/download/u1703.exe
SHA512: 7cc4e5eda688e9de1cc7e553fa9382e9b2f55c5d18f7fb5bcb017152e5a64489e9445e84cee7a46e701be2dfe5d4b7665bc24ecedfd05aef8a376eb8e9ecb178

压缩版:
http://wujieliulan.com/download/u1703.zip
SHA512: 6064788ae6058bb1e77263083f39bd0d434fca32bf0465a1c417a7fdebf40052a446445a0b42d068219d468a29d110cbeba986467b58ee40e1aae0abafe4c594

原文:http://forums.internetfreedom.org/index.php?topic=22432.0

无界安卓手机1.0.8正式版 (2017年11月11日)

更新内容:
修复了打不开某些https网页的问题(请测试)。

http://wujieliulan.com/download/u108a.apk
SHA512: 124e2c6263707919c8b14e744ecfbe54a758b63698d8b3fd3f0e1bb5cbad2f82eb4633e2fd1a73ea8944fd24c086db4330a05c8bf9d11bd1e9121e6bf82c3fc5

安装:将下载的apk文件拷贝到手机上, 在手机上点击此文件便可安装。如出现“禁止安装”警告,点“设置”,钩选“未知源”,继续安装。

功能与使用:

1. 只支持安卓4.1以上。
2. 只支持整机VPN模式, 不支持代理模式。
3. 开启后,轻触或滑动开关,显示“正在连接 …”,同时时上面会出现一个小钥匙和闪动的无界图标,表示正在连接。
4. 连接成功后无界图标停止闪动,显示“连接成功“。此时您可以使用任何浏览器或app,都在无界加密保护下。
5. 使用时,只要无界图标和小钥匙都在,就在在无界加密保护下。
6. 如果要停止使用,轻触或滑动开关即可。关闭后,无界图标和小钥匙会消失,这时手机直接联网,不在无界加密保护下。
7. 如果问题,可重启手机再运行无界。

注意事项:
1. 建议使用浏览器的“隐私模式”浏览敏感网站,这样不会留下历史纪录。
2. 如果浏览器不支持“隐私模式”,请手动清除所有历史纪录,或使用清除所有历史纪录的工具。
3. 为安全起见,建议关闭所有浏览器和其他app,再关闭无界,以免直连敏感网站。也可以直接重启手机, 这样最安全。

请大家测试并反馈, 谢谢

原文:http://forums.internetfreedom.org/index.php?topic=22433.0

无界Linux VPN 17.03正式版 (2017年11月11日)

谢谢大家测试并反馈,17.03c 升级为17.03正式版。

http://wujieliulan.com/download/u1703
SHA512: 8e1c06b3f2631fc602e33bd77432fdd342d7840e671f1de45cc7940ab2fbe6d8dab9de76f3c09271c9e64dfe722c7b85eb316e393893716541c74084ee6b450c

使用方法:
下载后在下载的文件夹右键打开一个终端,在终端执行:chmod +x u1703,然后执行:./u1703, 终端出现以下信息:
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)
需要手动设置浏览器代理。

./u1703 -help 显示使用方法:
Usage of ./u1703:
-ConnMode string
Connect mode, 0: Auto, 1: T, 2: U, 3: P
-L string
listen address (default “127.0.0.1:9666”)
-M string
“vpn”: turn on VPN mode
-P string
http or sock proxy, example: 1.2.3.4:8080 or socks://1.2.4.4:1080 or socks5://1.2.3.4:1080 or socks=1.2.3.4:1080
-S string
“safe”: turn on VPN safe mode, when exit, do not restore routing until reboot

./u1703 -ConnMode 1 (1:“T模式” , 2 :“U模式” 3:“P模式”)

如需要监听 0.0.0.0,在终端执行: ./u1703 -L :9666
如需要通过代理, 执行: ./u1703 -P 1.2.3.4:8080 或 ./u1703 -P socks://1.2.3.4:1080

运行VPN模式,需要root或sudo, 执行:sudo ./u1703 -M vpn, 输入密码, 终端出现以下信息 (顺序可能不同):
LISTENING 130.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

如需要在VPN下分享:sudo ./u1703 -M vpn -L :9666
LISTENING 0.0.0.0:9666 (监听 0.0.0.0:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

在VPN模式下不需要设置代理,整机都通过无界加密翻墙,不会出现直连。我们还是建议设置代理以避免退出无界后直连,这样更安全。建议使用浏览器的“隐私模式”,这样不会留下历史纪录。退出无界前,最好关闭所有浏览器,以免退出后直连敏感网站。

VPN 安全模式:
为了确保安全,新增了VPN 安全模式: sudo ./u1703 -M vpn -S safe
终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN SAFE MODE (VPN 安全模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

一旦运行了 VPN 安全模式,电脑一直处于网络隔离状态,即使关闭了无界,也无法联网。这样消除了所有泄露IP的隐患,以确保安全。不过还是建议设置无界代理,进一步增加安全性,即使恢复到非网络隔离状态也不会泄露IP。也建议使用浏览器的“隐私模式”,最好使用定制版的浏览器,以避免留下历史纪录。

需要重新启动电脑才能恢复到非网络隔离状态

原文:http://forums.internetfreedom.org/index.php?topic=22430.0

无界火狐扩展17.03正式版 (2017年11月11日)

谢谢大家测试并反馈,17.03c 升级为17.03正式版。

http://wujieliulan.com/download/u1703.xpi
SHA512: 12df40fe39f0142758aa1461f1a62e141133bb5def0031c20df1016d270c948f0049b6b74d4353b90f1e91199b38bfc19fdde4cc564acbc07cf5bb405c9d7487

请将旧版卸载再安装新版以免有冲突。

自带破网功能,无需运行其他破网软件,支持Windows, Mac, Linux, 32/64 (不需要再运行wine).

安装: 可以用火狐直接下载安装,点击“允许”。如火狐禁止下载,可用其他浏览器下载后用鼠标拉到火狐浏览器,点击“安装”。

使用:点击火狐右上角的无界图标,点击开关即可开启或关闭。 连接成功后,无界图标变成彩色。

原文:http://forums.internetfreedom.org/index.php?topic=22431.0

无界火狐扩展17.03c测试版 (2017年11月9日)

更新内容:
修复了打不开所有https类的网页的问题(请再测试)

http://wujieliulan.com/download/u1703c.xpi
SHA512: 12df40fe39f0142758aa1461f1a62e141133bb5def0031c20df1016d270c948f0049b6b74d4353b90f1e91199b38bfc19fdde4cc564acbc07cf5bb405c9d7487

请将旧版卸载再安装新版以免有冲突。

自带破网功能,无需运行其他破网软件,支持Windows, Mac, Linux, 32/64 (不需要再运行wine).

安装: 可以用火狐直接下载安装,点击“允许”。如火狐禁止下载,可用其他浏览器下载后用鼠标拉到火狐浏览器,点击“安装”。

使用:点击火狐右上角的无界图标,点击开关即可开启或关闭。 连接成功后,无界图标变成彩色。

原文:http://forums.internetfreedom.org/index.php?topic=22431.0

无界Linux VPN 测试版 17.03c (2017年11月9日)

更新内容:
修复了打不开所有https类的网页的问题(请再测试)。

请大家测试并反馈:
http://wujieliulan.com/download/u1703c
SHA512: 8e1c06b3f2631fc602e33bd77432fdd342d7840e671f1de45cc7940ab2fbe6d8dab9de76f3c09271c9e64dfe722c7b85eb316e393893716541c74084ee6b450c

使用方法:
下载后在下载的文件夹右键打开一个终端,在终端执行:chmod +x u1703c,然后执行:./u1703c, 终端出现以下信息:
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)
需要手动设置浏览器代理。

./u1703c -help 显示使用方法:
Usage of ./u1703c:
-ConnMode string
Connect mode, 0: Auto, 1: T, 2: U, 3: P
-L string
listen address (default “127.0.0.1:9666”)
-M string
“vpn”: turn on VPN mode
-P string
http or sock proxy, example: 1.2.3.4:8080 or 管理员警告:禁止外部链接1.2.3.4:8080 or socks://1.2.4.4:1080 or socks5://1.2.3.4:1080 or socks=1.2.3.4:1080
-S string
“safe”: turn on VPN safe mode, when exit, do not restore routing until reboot

./u1703c -ConnMode 1 (1:“T模式” , 2 :“U模式” 3:“P模式”)

如需要监听 0.0.0.0,在终端执行: ./u1703c -L :9666
如需要通过代理, 执行: ./u1703c -P 1.2.3.4:8080 或 ./u1703c -P socks://1.2.3.4:1080

运行VPN模式,需要root或sudo, 执行:sudo ./u1703c -M vpn, 输入密码, 终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

如需要在VPN下分享:sudo ./u1703c -M vpn -L :9666
LISTENING 0.0.0.0:9666 (监听 0.0.0.0:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

在VPN模式下不需要设置代理,整机都通过无界加密翻墙,不会出现直连。我们还是建议设置代理以避免退出无界后直连,这样更安全。建议使用浏览器的“隐私模式”,这样不会留下历史纪录。退出无界前,最好关闭所有浏览器,以免退出后直连敏感网站。

VPN 安全模式:
为了确保安全,新增了VPN 安全模式: sudo ./u1703c -M vpn -S safe
终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN SAFE MODE (VPN 安全模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

一旦运行了 VPN 安全模式,电脑一直处于网络隔离状态,即使关闭了无界,也无法联网。这样消除了所有泄露IP的隐患,以确保安全。不过还是建议设置无界代理,进一步增加安全性,即使恢复到非网络隔离状态也不会泄露IP。也建议使用浏览器的“隐私模式”,最好使用定制版的浏览器,以避免留下历史纪录。

需要重新启动电脑才能恢复到非网络隔离状态

原文:http://forums.internetfreedom.org/index.php?topic=22430.0

无界安卓手机测试版 1.0.8a (2017年11月9日)

更新内容:
修复了打不开某些https网页的问题(请测试)。

http://wujieliulan.com/download/u108a.apk
SHA256: 486f2bb7b912497357e0a8a4b7db866f7c6e693d0892d2eda4606b0b47526d8b6d83ce168083c65599d06539d32c62dd12c0dc01221c834ae23b8c870ee1fa77

安装:将下载的apk文件拷贝到手机上, 在手机上点击此文件便可安装。如出现“禁止安装”警告,点“设置”,钩选“未知源”,继续安装。

功能与使用:

1. 只支持安卓4.1以上。
2. 只支持整机VPN模式, 不支持代理模式。
3. 开启后,轻触或滑动开关,显示“正在连接 …”,同时时上面会出现一个小钥匙和闪动的无界图标,表示正在连接。
4. 连接成功后无界图标停止闪动,显示“连接成功“。此时您可以使用任何浏览器或app,都在无界加密保护下。
5. 使用时,只要无界图标和小钥匙都在,就在在无界加密保护下。
6. 如果要停止使用,轻触或滑动开关即可。关闭后,无界图标和小钥匙会消失,这时手机直接联网,不在无界加密保护下。
7. 如果问题,可重启手机再运行无界。

注意事项:
1. 建议使用浏览器的“隐私模式”浏览敏感网站,这样不会留下历史纪录。
2. 如果浏览器不支持“隐私模式”,请手动清除所有历史纪录,或使用清除所有历史纪录的工具。
3. 为安全起见,建议关闭所有浏览器和其他app,再关闭无界,以免直连敏感网站。也可以直接重启手机, 这样最安全。

请大家测试并反馈, 谢谢

原文:http://forums.internetfreedom.org/index.php?topic=22433.0

无界浏览测试版17.03c (2017年11月9日)

1. 修复了打不开所有https类的网页的问题(请测试)
2. 解决了某些杀毒软件误报的问题。

执行版:
http://wujieliulan.com/download/u1703c.exe
SHA512: 7cc4e5eda688e9de1cc7e553fa9382e9b2f55c5d18f7fb5bcb017152e5a64489e9445e84cee7a46e701be2dfe5d4b7665bc24ecedfd05aef8a376eb8e9ecb178

压缩版:
http://wujieliulan.com/download/u1703c.zip
SHA512: 65ae8c3c6e4874543f4f357b6ab5e41903092dd7391956ba823109c699c4ae7a57613e6d72a4e9529bae418025fe2b9450784a91d1e7fce813a169035793b2fd

原文:http://forums.internetfreedom.org/index.php?topic=22432.0

Tor Browser 7.5a7 is released

Note: Tor Browser 7.5a7 is a security bugfix release in the alpha channel for macOS and Linux users only. Users of the alpha channel on Windows are not affected and stay on Tor Browser 7.5a6.

Tor Browser 7.5a7 is now available for our macOS and Linux users from the Tor Browser Project pageand also from our distribution directory.

This release features an important security update to Tor Browser for macOS and Linux users. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails users and users of our sandboxed-tor-browser are unaffected, though.

The bug got reported to us on Thursday, October 26, by Filippo Cavallarin. We created a workaround with the help of Mozilla engineers on the next day which, alas, fixed the leak only partially. We developed an additional fix on Tuesday, October 31, plugging all known holes. We are not aware of this vulnerability being exploited in the wild. Thanks to everyone who helped during this process!

Known issues: The fix we deployed is just a workaround stopping the leak. As a result of that navigating file:// URLs in the browser might not work as expected anymore. In particular entering file:// URLs in the URL bar and clicking on resulting links is broken. Opening those in a new tab or new window does not work either. A workaround for those issues is dragging the link into the URL bar or on a tab instead. We track this follow-up regression in bug 24136.

Here is the full changelog since 7.5a6:

  • OS X
    • Bug 24052: Streamline handling of file:// resources
  • Linux
    • Bug 24052: Streamline handling of file:// resources

原文:https://blog.torproject.org/tor-browser-75a7-released

Tor Browser 7.0.9 is released

Note: Tor Browser 7.0.9 is a security bugfix release for macOS and Linux users only. Users on Windows are not affected and stay on Tor Browser 7.0.8.

Tor Browser 7.0.9 is now available for our macOS and Linux users from the Tor Browser Project page and also from our distribution directory.

This release features an important security update to Tor Browser for macOS and Linux users. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address (note: as of Nov. 4, 2017, this link is non-public while Mozilla works on a fix for Firefox). Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails users and users of our sandboxed-tor-browser are unaffected, though.

The bug got reported to us on Thursday, October 26, by Filippo Cavallarin. We created a workaround with the help of Mozilla engineers on the next day which, alas, fixed the leak only partially. We developed an additional fix on Tuesday, October 31, plugging all known holes. We are not aware of this vulnerability being exploited in the wild. Thanks to everyone who helped during this process!

We are currently preparing updated macOS and Linux bundles for our alpha series which will be tentatively available on Monday, November 6. Meanwhile macOS and Linux users on that series are strongly encouraged to use the stable bundles or one of the above mentioned tools that are not affected by the underlying problem.
Update: Tor Browser 7.5a7 has now been released.

Known issues: The fix we deployed is just a workaround stopping the leak. As a result of that navigating file:// URLs in the browser might not work as expected anymore. In particular entering file:// URLs in the URL bar and clicking on resulting links is broken. Opening those in a new tab or new window does not work either. A workaround for those issues is dragging the link into the URL bar or on a tab instead. We track this follow-up regression in bug 24136.

Here is the full changelog since 7.0.8:

  • OS X
    • Bug 24052: Streamline handling of file:// resources
  • Linux
    • Bug 24052: Streamline handling of file:// resources

原文:https://blog.torproject.org/tor-browser-709-released

Tor 0.3.2.3-alpha is released, with small bugfixes

Tor 0.3.2.3-alpha is the third release in the 0.3.2 series. It fixes numerous small bugs in earlier versions of 0.3.2.x, and adds a new directory authority, Bastet.

You can download the source from the usual place on the website. Binary packages should be available soon, with an alpha Tor Browser likely some time in November.

Remember: This is an alpha release, and it’s likely to have more bugs than usual. We hope that people will try it out to find and report bugs, though.

Changes In Version 0.3.2.3-Alpha – 2017-10-27

  • Directory authority changes:
    • Add “Bastet” as a ninth directory authority to the default list. Closes ticket 23910.
    • The directory authority “Longclaw” has changed its IP address. Closes ticket 23592.
  • Minor features (bridge):
    • Bridge relays can now set the BridgeDistribution config option to add a “bridge-distribution-request” line to their bridge descriptor, which tells BridgeDB how they’d like their bridge address to be given out. (Note that as of Oct 2017, BridgeDB does not yet implement this feature.) As a side benefit, this feature provides a way to distinguish bridge descriptors from non-bridge descriptors. Implements tickets 18329.
  • Minor features (client, entry guards):
    • Improve log messages when missing descriptors for primary guards. Resolves ticket 23670.
  • Minor features (geoip):
    • Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 Country database.
  • Minor bugfixes (bridge):
    • Overwrite the bridge address earlier in the process of retrieving its descriptor, to make sure we reach it on the configured address. Fixes bug 20532; bugfix on 0.2.0.10-alpha.
  • Minor bugfixes (documentation):
    • Document better how to read gcov, and what our gcov postprocessing scripts do. Fixes bug 23739; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (entry guards):
    • Tor now updates its guard state when it reads a consensus regardless of whether it’s missing descriptors. That makes tor use its primary guards to fetch descriptors in some edge cases where it would previously have used fallback directories. Fixes bug 23862; bugfix on 0.3.0.1-alpha.
  • Minor bugfixes (onion service client):
    • When handling multiple SOCKS request for the same .onion address, only fetch the service descriptor once.
    • When a descriptor fetch fails with a non-recoverable error, close all pending SOCKS requests for that .onion. Fixes bug 23653; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (onion service):
    • Always regenerate missing onion service public key files. Prior to this, if the public key was deleted from disk, it wouldn’t get recreated. Fixes bug 23748; bugfix on 0.3.2.2-alpha. Patch from “cathugger”.
    • Make sure that we have a usable ed25519 key when the intro point relay supports ed25519 link authentication. Fixes bug 24002; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (onion service, v2):
    • When reloading configured onion services, copy all information from the old service object. Previously, some data was omitted, causing delays in descriptor upload, and other bugs. Fixes bug 23790; bugfix on 0.2.1.9-alpha.
  • Minor bugfixes (memory safety, defensive programming):
    • Clear the target address when node_get_prim_orport() returns early. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
  • Minor bugfixes (relay):
    • Avoid a BUG warning when receiving a dubious CREATE cell while an option transition is in progress. Fixes bug 23952; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (testing):
    • Adjust the GitLab CI configuration to more closely match that of Travis CI. Fixes bug 23757; bugfix on 0.3.2.2-alpha.
    • Prevent scripts/test/coverage from attempting to move gcov output to the root directory. Fixes bug 23741; bugfix on 0.2.5.1-alpha.
    • When running unit tests as root, skip a test that would fail because it expects a permissions error. This affects some continuous integration setups. Fixes bug 23758; bugfix on 0.3.2.2-alpha.
    • Stop unconditionally mirroring the tor repository in GitLab CI. This prevented developers from enabling GitLab CI on master. Fixes bug 23755; bugfix on 0.3.2.2-alpha.
    • Fix the onion service v3 descriptor decoding fuzzing to use the latest decoding API correctly. Fixes bug 21509; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (warnings):
    • When we get an HTTP request on a SOCKS port, tell the user about the new HTTPTunnelPort option. Previously, we would give a “Tor is not an HTTP Proxy” message, which stopped being true when HTTPTunnelPort was introduced. Fixes bug 23678; bugfix on 0.3.2.1-alpha.

原文:https://blog.torproject.org/tor-0323-alpha-released-small-bugfixes

vpngate-build-9651

  • 如何安装和使用
  • 可发布的文件
    本软件是免费的。您可以复制或分发已下载的文件。你可以把它上传到其他网站。如果你们政府的防火墙处于未知原因的故障, http://www.vpngate.net 网站不能从你的国家轻松访问,在你们国家的网站上发布 VPN Gate 程序文件,以帮助你身边的其他用户。
  • 注意
    如果可能的话,使用最新版本。有一天,如果贵国政府的防火墙导致未知错误,且 VPN Gate Client 软件有问题,更新 VPN Gate 到最新版本。如果在未来贵国政府的防火墙由于故障 http://www.vpngate.net 网站变得无法访问,建议记住 镜像站点 URL 列表。VPN Gate Client 插件包含 VPN Gate 服务。默认禁用。你可以手动激活它。

原文:http://www.vpngate.net/cn/download.aspx

Lantern4.4.0版

:red_circle:蓝灯最新版本下载地址请点这里:red_circle:

最新版本是4.4.x

Windows 版本(要求XP SP3以上) 备用地址

安卓版(要求4.1以上) 备用地址 Google Play下载

其他系统下载

请大家收藏本页面,方便日后下载新版。

蓝灯官方论坛

论坛帖子页面请点这里进入,或者点击左上方的Issues进入。

你可以在右上角“sign up” 注册账号。 通过邮件验证后,请点击 https://github.com/getlantern/forum 回到论坛。

在论坛内,可用右上角使用“New issue” 发新帖,或者在帖内使用“Comment”回复。

版规

:red_circle:使用遇到问题,请阅读蓝灯无法使用的解决办法 提问前,请先阅读蓝灯精华帖:red_circle:

本论坛可进行关于蓝灯(Lantern)翻墙软件的讨论。因为版面有限,请不要重复发帖,也请不要再开新帖发表邀请码。邀请码请发表到汇总贴或其他论坛。 禁止广告帖,包括非官方的讨论群。禁止刷版,人身攻击等恶劣行为。屡次违反版规会禁言甚至封号。

无界浏览测试版17.03b (2017年11月1日)

1.修复了打不开所有https类的网页的问题(请测试)
2.解决了某些杀毒软件误报的问题。

执行版:
http://wujieliulan.com/download/u1703b.exe
SHA512: 5282a1b9ac8a6f99f93de1592d3eabe4d3f9cf2107a5c9dec04763533b61d9525d0fab741318d4549050398b3c60ac0d94b98c13af826c6aeb46dea41507e85e

压缩版:
http://wujieliulan.com/download/u1703b.zip
SHA256: 24e254a81e9ddc7435cad94a070debf937e97171367bac84213aa2cd3b3d167f8d01a5b977b9dcb5d585c62aae2b44b2b253f6a7aabc191a4ce0e3519dc8714b

http://forums.internetfreedom.org/index.php?topic=22416.msg77273#msg77273

无界Linux VPN 测试版 17.03b (2017年11月1日)

更新内容:
修复了打不开所有https类的网页的问题(请测试)。

请大家测试并反馈:
http://wujieliulan.com/download/u1703b
SHA512: 5bf3e519658e79c67117a1474effe6094afb4d30b35f142c620100adb9770319f674826dee04c49b87ea7c80de9ead279a550ffdd159f10348b0357a99b78bee

使用方法:
下载后在下载的文件夹右键打开一个终端,在终端执行:chmod +x u1703b,然后执行:./u1703b, 终端出现以下信息:
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)
需要手动设置浏览器代理。

./u1703b -help 显示使用方法:
Usage of ./u1703b:
-ConnMode string
Connect mode, 0: Auto, 1: T, 2: U, 3: P
-L string
listen address (default “127.0.0.1:9666”)
-M string
“vpn”: turn on VPN mode
-P string
http or sock proxy, example: 1.2.3.4:8080 or 管理员警告:禁止外部链接1.2.3.4:8080 or socks://1.2.4.4:1080 or socks5://1.2.3.4:1080 or socks=1.2.3.4:1080
-S string
“safe”: turn on VPN safe mode, when exit, do not restore routing until reboot

./u1703b -ConnMode 1 (1:“T模式” , 2 :“U模式” 3:“P模式”)

如需要监听 0.0.0.0,在终端执行: ./u1703b -L :9666
如需要通过代理, 执行: ./u1703b -P 1.2.3.4:8080 或 ./u1703b -P socks://1.2.3.4:1080

运行VPN模式,需要root或sudo, 执行:sudo ./u1703b -M vpn, 输入密码, 终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

如需要在VPN下分享:sudo ./u1703b -M vpn -L :9666
LISTENING 0.0.0.0:9666 (监听 0.0.0.0:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

在VPN模式下不需要设置代理,整机都通过无界加密翻墙,不会出现直连。我们还是建议设置代理以避免退出无界后直连,这样更安全。建议使用浏览器的“隐私模式”,这样不会留下历史纪录。退出无界前,最好关闭所有浏览器,以免退出后直连敏感网站。

VPN 安全模式:
为了确保安全,新增了VPN 安全模式: sudo ./u1703b -M vpn -S safe
终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN SAFE MODE (VPN 安全模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

一旦运行了 VPN 安全模式,电脑一直处于网络隔离状态,即使关闭了无界,也无法联网。这样消除了所有泄露IP的隐患,以确保安全。不过还是建议设置无界代理,进一步增加安全性,即使恢复到非网络隔离状态也不会泄露IP。也建议使用浏览器的“隐私模式”,最好使用定制版的浏览器,以避免留下历史纪录。

需要重新启动电脑才能恢复到非网络隔离状态

原文:http://forums.internetfreedom.org/index.php?topic=22418.0

无界火狐扩展17.03b测试版 (2017年11月1日)

http://wujieliulan.com/download/u1703b.xpi
SHA512: 356509831c39053d82c667ffd5153225fba5b51fba5741f5fa4763ab88df401533c3215bf0a066d53ea06b6fcffebd1410a0826dc2eef5a285f248eb4fd46658

更新内容:
修复了打不开所有https类的网页的问题(请测试)

请将旧版卸载再安装新版以免有冲突。

自带破网功能,无需运行其他破网软件,支持Windows, Mac, Linux, 32/64 (不需要再运行wine).

安装: 可以用火狐直接下载安装,点击“允许”。如火狐禁止下载,可用其他浏览器下载后用鼠标拉到火狐浏览器,点击“安装”。

使用:点击火狐右上角的无界图标,点击开关即可开启或关闭。 连接成功后,无界图标变成彩色。

原文:http://forums.internetfreedom.org/index.php?topic=22419.0

XX-Net V3.7.9

What is new:

  • GAE check cert using POST
  • no_mess system config
  • X-tunnel status detail info
  • GAE add sni on TLS

Downloads

最新状态:

2017-11-2

提示:

原文:https://github.com/XX-net/XX-Net/releases/tag/3.7.9

宽带IP地址被屏蔽(2017年10月17日更新)

最近封锁比较严重,如果使用无界16.03,17.01,无界火狐扩展, 无界安卓手机(英文版)无法连接服务器,或连接不稳定,可能是您的宽带IP地址被屏蔽,请关闭所有翻墙软件(包括无界),10分钟后再打开无界浏览。有时可能需要反复几次,每次最好运行几分钟(即使无法链接),3-5分钟就可以了。如果能更换您的宽带IP地址,就无需等待10分钟。

可参考以下步骤更换您的宽带IP地址:
1.关闭所有翻墙软件.
2.更换您的宽带IP地址:
最简单的方法是关闭您的宽带调制解调器和路由器的电源,等待1分钟后再打开电源。
如果您是用电脑直接拨接宽带服务,只需掉宽带连接,1分钟后再重新拨接。
3.等连上宽带后再打开无界浏览。
4.如以上步骤不成功,宽带IP地址没有更新,请等待10分钟后再打开无界浏览。

目前封锁比较严重,有些翻墙软件(包括旧版无界)可能会造成您的宽带IP地址被屏蔽。

请大家分享一下效果和更换宽带IP地址的经验。

原文:http://forums.internetfreedom.org/index.php?topic=22344.0

无界浏览17.02正式版 (2017年10月28日)

谢谢大家测试并反馈,17.02a 升级为17.02正式版。

执行版:
http://wujieliulan.com/download/u1702.exe
SHA1: c6cf189a3b3c12028955b67d9fa234bf06aa5562
MD5: 2eed527a3b222303c30f34830a58a3a0

压缩版:
http://wujieliulan.com/download/u1702.zip
SHA1: 44bdc2c3b54ac7926245b6fce92d7c65052dbd0b
MD5: 920f757436f9d0e1a227d1b3d6b79122

原文:http://forums.internetfreedom.org/index.php?topic=22384.0

无界安卓手机1.0.7正式版(2017年10月28日)

1.0.7a 升级为1.0.7正式版。

http://wujieliulan.com/download/u107.apk
SHA1: 028df9edf5576d46b423025f7b5668176df51685
MD5: 8a6f9dcd87ce0d3ed846944964cb423d

安装:将下载的apk文件拷贝到手机上, 在手机上点击此文件便可安装。如出现“禁止安装”警告,点“设置”,钩选“未知源”,继续安装。

功能与使用:

1. 只支持安卓4.1以上。
2. 只支持整机VPN模式, 不支持代理模式。
3. 开启后,轻触或滑动开关,显示“正在连接 …”,同时时上面会出现一个小钥匙和闪动的无界图标,表示正在连接。
4. 连接成功后无界图标停止闪动,显示“连接成功“。此时您可以使用任何浏览器或app,都在无界加密保护下。
5. 使用时,只要无界图标和小钥匙都在,就在在无界加密保护下。
6. 如果要停止使用,轻触或滑动开关即可。关闭后,无界图标和小钥匙会消失,这时手机直接联网,不在无界加密保护下。
7. 如果问题,可重启手机再运行无界。

注意事项:
1. 建议使用浏览器的“隐私模式”浏览敏感网站,这样不会留下历史纪录。
2. 如果浏览器不支持“隐私模式”,请手动清除所有历史纪录,或使用清除所有历史纪录的工具。
3. 为安全起见,建议关闭所有浏览器和其他app,再关闭无界,以免直连敏感网站。也可以直接重启手机, 这样最安全。

请大家测试并反馈, 谢谢

原文:http://forums.internetfreedom.org/index.php?topic=22385.0

无界火狐扩展17.02正式版 (2017年10月28日)

谢谢大家测试并反馈,17.02a 升级为17.02正式版。

http://wujieliulan.com/download/u1702.xpi
SHA1: bfb67a0b3e53271d7b29191d3a3df78ed93faca3
MD5: c87aedfa64cbcbb91b064ac947d8e33c

更新内容:
1. 修复了SSL警告 (请测试)
2. 增加了HTTPS的稳定性和速度
3. 启动时自动关闭WebRTC, Java, Flash, SilverLight (Windows) 以避免泄露IP。关闭时自动恢复原来的设置。

请将旧版卸载再安装新版以免有冲突。

自带破网功能,无需运行其他破网软件,支持Windows, Mac, Linux, 32/64 (不需要再运行wine).

安装: 可以用火狐直接下载安装,点击“允许”。如火狐禁止下载,可用其他浏览器下载后用鼠标拉到火狐浏览器,点击“安装”。

使用:点击火狐右上角的无界图标,点击开关即可开启或关闭。 连接成功后,无界图标变成彩色。

原文:http://forums.internetfreedom.org/index.php?topic=22382.0

无界Linux VPN 17.02正式版 (2017年10月28日)

谢谢大家测试并反馈,17.02a 升级为17.02正式版。

更新内容:
1. 修复了SSL警告 (请测试)
2. 增加了“连接模式”
3. 修复了有时掉线的问题(更换服务器时还是会掉线,这是正常的)
4. 增加了“VPN 安全模式”
5. 启动VPN模式时自动关闭火狐浏览器,并关闭WebRTC, 以避免在不用私有IP时泄露IP。
6. VPN模式关闭时自动关闭火狐浏览器,同时回复WebRTC设定。
7. 加速https连接
8. VPN模式下显示监听地址。

请大家测试并反馈:
http://wujieliulan.com/download/u1702
SHA1: 66a10e91f07e48b71046b94471d2fca3e21ca41c
MD5: 7417407b60c813cc28be21ff958d1d70

使用方法:
下载后在下载的文件夹右键打开一个终端,在终端执行:chmod +x u1702,然后执行:./u1702, 终端出现以下信息:
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)
需要手动设置浏览器代理。

./u1702 -help 显示使用方法:
Usage of ./u1702:
-ConnMode string
Connect mode, 0: Auto, 1: T, 2: U, 3: P
-L string
listen address (default “127.0.0.1:9666”)
-M string
“vpn”: turn on VPN mode
-P string
http or sock proxy, example: 1.2.3.4:8080 or 管理员警告:禁止外部链接1.2.3.4:8080 or socks://1.2.4.4:1080 or socks5://1.2.3.4:1080 or socks=1.2.3.4:1080
-S string
“safe”: turn on VPN safe mode, when exit, do not restore routing until reboot

./u1702 -ConnMode 1 (1:“T模式” , 2 :“U模式” 3:“P模式”)

如需要监听 0.0.0.0,在终端执行: ./u1702 -L :9666
如需要通过代理, 执行: ./u1702 -P 1.2.3.4:8080 或 .u1702 -P socks://1.2.3.4:1080

运行VPN模式,需要root或sudo, 执行:sudo ./u1702 -M vpn, 输入密码, 终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

如需要在VPN下分享:sudo ./u1702 -M vpn -L :9666
LISTENING 0.0.0.0:9666 (监听 0.0.0.0:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

在VPN模式下不需要设置代理,整机都通过无界加密翻墙,不会出现直连。我们还是建议设置代理以避免退出无界后直连,这样更安全。建议使用浏览器的“隐私模式”,这样不会留下历史纪录。退出无界前,最好关闭所有浏览器,以免退出后直连敏感网站。

VPN 安全模式:
为了确保安全,新增了VPN 安全模式: sudo ./u1702 -M vpn -S safe
终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN SAFE MODE (VPN 安全模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

一旦运行了 VPN 安全模式,电脑一直处于网络隔离状态,即使关闭了无界,也无法联网。这样消除了所有泄露IP的隐患,以确保安全。不过还是建议设置无界代理,进一步增加安全性,即使恢复到非网络隔离状态也不会泄露IP。也建议使用浏览器的“隐私模式”,最好使用定制版的浏览器,以避免留下历史纪录。

需要重新启动电脑才能恢复到非网络隔离状态。

原文:http://forums.internetfreedom.org/index.php?topic=22381.0

尝试使用 IPFS 来分发 V2Ray 安装包

除了 V2Ray 的开发之外,一个非常重要的问题是分发。也就是先有鸡还是先有蛋的问题。用户需要使用 V2Ray 软件来翻墙,但是使用之前要先下载到安装包,而安装包的下载地址,比如 Github Release,通常是被墙的。

V2Ray 的终极目标是提供一个无障碍的翻墙体验,即当你只有一台全新的电脑,包括网络和浏览器,其它什么都没有的时候,你可以使用 V2Ray 来完全翻墙的第一步。

要做到这一点,需要两个条件:

  1. V2Ray 提供了一个免费的服务器,通过自带的配置文件即可连上;
  2. 用户可以自由地下载到 V2Ray 的安装包。

第一个条件已经完成了,V2Ray 的官方服务器已经稳定工作很长一段时间了。现在面临的主要问题是第二个条件。

network

想必大家都已经看到 Telegram 上的公告,我的第一个想法是通过网盘来分发,某网盘号称国际版没有审查,但在我公布下载链接的数小时内,帐号就被封锁,我也只能呵呵了。

想来想去,传统的 HTTP 道路肯定是走不通的,国内的 HTTP 都有审查,国外的都被墙,没有可用的。那么也只能 P2P 了。

目前对于文件分享,P2P 的一个主流方案是 IPFS。和 BT 类似,IPFS 没有中心服务器,你可以连接到其它的 IPFS 节点来下载所指定的文件。文件名(或目录名)就是一个字符串,有了这个字符串,你就可以下载到 V2Ray 的安装包。

当然这个方案有个缺点,也就是你需要先下载 IPFS 的程序,等于把分发的责任转移给了 IPFS。如果将来有一天,没人可以下载到 IPFS 的程序了,那也就没戏了。

所以现在只能期待 IPFS 依然存活,并且有好心人在墙内做种子。

接下来简单介绍一下 IPFS。在 IPFS 中可以发布文件或者文件夹,每个文件和文件夹都有一个唯一标识,在 IPFS 中通过这个标识可以获取这个文件。比如目前最新的 V2Ray 安装包在这里。这个路径是不可变的,也就是说,之后的版本再次传到 IPFS 之后,会有一个新的标识符。为了解决这个每次都变的问题,IPFS 项目中有个叫 IPNS 的工具用来重定向,大概就相当于域名和 IP 的关系。而 V2Ray 的 IPNS 是这个。不知道为什么 IPNS 比 IPFS 慢了很多,大概是种子不够多的原因吧。

在此希望广大翻墙同胞们一起来做种,让下载速度变得更快。做种的方式大约是,在已经配置完 IPFS 之后,运行:

ipfs pin add -r /ipns/QmdtMuAhEUPFX9NQiGhRj2zhS1oEA76SXNDnZRHqivjMwR

我也是刚刚学着使用 IPFS,如果有问题请指正。

在上述的分发渠道中你还可以找到一些主要的 V2Ray 客户端。如果还需要其它的工具,请留言,之后我会加上。

原文:https://steemit.com/cn/@v2ray/ipfs-v2ray

New stable Tor releases: 0.3.1.8, 0.3.0.12, 0.2.9.13, 0.2.8.16, 0.2.5.15 by nickm

There are new stable Tor releases available for download.  If you build Tor from source, you can find the source for the latest stable release on our Download page. You can find the older releases at https://dist.torproject.org/. Packages should be available over the coming days, including a planned TorBrowser release in November.

These releases backport stability fixes from later Tor releases, and add the key for the latest directory authority, “bastet”.

The ChangeLog for 0.3.1.8 follows below. For the changelogs for other releases, see the announcement email.

Tor 0.3.1.8 is the second stable release in the 0.3.1 series. It includes several bugfixes, including a bugfix for a crash issue that had affected relays under memory pressure. It also adds a new directory authority, Bastet.

Changes In Version 0.3.1.8 – 2017-10-25

  • Directory authority changes:
    • Add “Bastet” as a ninth directory authority to the default list. Closes ticket 23910.
    • The directory authority “Longclaw” has changed its IP address. Closes ticket 23592.
  • Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
    • Fix a timing-based assertion failure that could occur when the circuit out-of-memory handler freed a connection’s output buffer. Fixes bug 23690; bugfix on 0.2.6.1-alpha.
  • Minor features (directory authorities, backport from 0.3.2.2-alpha):
    • Remove longclaw’s IPv6 address, as it will soon change. Authority IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves 3/8 directory authorities with IPv6 addresses, but there are also 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
  • Minor features (geoip):
    • Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 Country database.
  • Minor bugfixes (compilation, backport from 0.3.2.2-alpha):
    • Fix a compilation warning when building with zstd support on 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found and fixed by Andreas Stieger.
  • Minor bugfixes (compression, backport from 0.3.2.2-alpha):
    • Handle a pathological case when decompressing Zstandard data when the output buffer size is zero. Fixes bug 23551; bugfix on 0.3.1.1-alpha.
  • Minor bugfixes (directory authority, backport from 0.3.2.1-alpha):
    • Remove the length limit on HTTP status lines that authorities can send in their replies. Fixes bug 23499; bugfix on 0.3.1.6-rc.
  • Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha):
    • Avoid a possible double close of a circuit by the intro point on error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610; bugfix on 0.3.0.1-alpha.
  • Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
    • Clear the address when node_get_prim_orport() returns early. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
  • Minor bugfixes (unit tests, backport from 0.3.2.2-alpha):
    • Fix additional channelpadding unit test failures by using mocked time instead of actual time for all tests. Fixes bug 23608; bugfix on 0.3.1.1-alpha.

原文:https://blog.torproject.org/new-stable-tor-releases-0318-03012-02913-02816-02515

Tor Browser 7.0.8 is released

Tor Browser 7.0.8 is now available from the Tor Browser Project page and also from our distribution directory.

In version 7.0.7 we added a donation banner to point to our end-of-the-year 2017 donation campaign. This new release is fixing a bug which prevented the display of the banner.

The full changelog since Tor Browser 7.0.7 is:

  • All Platforms
    • Update Torbutton to 1.9.7.9
      • Bug 23949: Fix donation banner display
      • Update locale list with translated banner
      • Translations update

原文:https://blog.torproject.org/tor-browser-708-released

Tor Browser 7.5a6 is released

Tor Browser 7.5a6 is now available from the Tor Browser Project page and also from our distribution directory.

This release updates firefox to 52.4.1esr, Tor to 0.3.2.2-alpha, HTTPS-Everywhere to 2017.10.4 and NoScript to 5.1.2. This release is also fixing some crashes and adding a donation banner starting on Oct 23 in order to point to our end-of-the-year 2017 donation campaign.

The full changelog since Tor Browser 7.5a5 is:

  • All Platforms
    • Update Firefox to 52.4.1esr
    • Update Tor to 0.3.2.2-alpha
    • Update Torbutton to 1.9.8.2
      • Bug 23887: Update banner locales and Mozilla text
      • Translations update
    • Update HTTPS-Everywhere to 2017.10.4
    • Update NoScript to 5.1.2
      • Bug 23723: Loading entities from NoScript .dtd files is blocked
      • Bug 23724: NoScript update breaks Security Slider and its icon disappears
    • Bug 23745: Tab crashes when using Tor Browser to access Google Drive
    • Bug 23694: Update the detailsURL in update responses
    • Bug 22501: Requests via javascript: violate FPI
  • OS X
    • Bug 23807: Tab crashes when playing video on High Sierra
    • Bug 23025: Add some hardening flags to macOS build

原文:https://blog.torproject.org/tor-browser-75a6-released

Tor Browser 7.0.7 is released

Tor Browser 7.0.7 is now available from the Tor Browser Project page and also from our distribution directory.

This release updates Firefox to 52.4.1esr, HTTPS-Everywhere to 2017.10.4 and NoScript to 5.1.2. On Linux the content sandboxing is now enabled. This release is also fixing some crashes and adding a donation banner starting on Oct 23 in order to point to our end-of-the-year 2017 donation campaign.

The full changelog since Tor Browser 7.0.6 is:

  • All Platforms
    • Update Firefox to 52.4.1esr
    • Update Torbutton to 1.9.7.8
      • Bug 23887: Update banner locales and Mozilla text
      • Bug 23526: Add 2017 Donation banner text
      • Bug 23483: Donation banner on about:tor for 2017 (testing mode)
      • Bug 22610: Avoid crashes when canceling external helper app related downloads
      • Bug 22472: Fix FTP downloads when external helper app dialog is shown
      • Bug 22471: Downloading pdf files via the PDF viewer download button is broken
      • Bug 22618: Downloading pdf file via file:/// is stalling
      • Translations update
    • Update HTTPS-Everywhere to 2017.10.4
    • Update NoScript to 5.1.2
      • Bug 23723: Loading entities from NoScript .dtd files is blocked
      • Bug 23724: NoScript update breaks Security Slider and its icon disappears
    • Bug 23745: Tab crashes when using Tor Browser to access Google Drive
    • Bug 22610: Avoid crashes when canceling external helper app related downloads
    • Bug 22472: Fix FTP downloads when external helper app dialog is shown
    • Bug 22471: Downloading pdf files via the PDF viewer download button is broken
    • Bug 22618: Downloading pdf file via file:/// is stalling
    • Bug 23694: Update the detailsURL in update responses
  • OS X
    • Bug 23807: Tab crashes when playing video on High Sierra
  • Linux
    • Bug 22692: Enable content sandboxing on Linux

原文:https://blog.torproject.org/tor-browser-707-released

安卓版: 无界一点通4.1a测试版(2017年10月18日)

无界一点通4.1a测试版, 做了以下改进,请帮忙测试并反馈:

1. 加速电视/广播启动速度;
2. 修复新唐人某些网页白屏问题;
3. 增加明慧广播;
4. 解决新平台下载许可问题;
5.增强安全性和连通能力。

http://wujieliulan.com/download/um4.1a.apk

sha256:5ce18ba747067320eb17935bd611a5eba98eb1ee8514c946031cd1e014923003
md5:62113edcf18d1fec0de58f37d04e43a8

谢谢!

—————–

“无界一点通”是安卓版的翻墙软件, 让您看到没有被过滤的真实讯息。适用于安卓手机/安卓机顶盒等安卓平台。

安装”无界一点通”测试版:

1。需要首先对手机进行设置: 按“菜单”键 –> settings(设置)–> Applications(应用程序), 钩选”Unknown sources”(未知源)。
注: 有的版本是: 按“菜单”键 –> settings(设置)–> security (安全) 里面, 钩选”Unknown sources”(未知源)。

2。将下载的um.apk文件拷贝到手机SD卡(或内置SD卡)上。如果下载的为压缩文件, 无须解压, 直接将文件扩展名 .zip 更改为 .apk 。
在安卓手机上点击um.apk文件便可安装。如与已经安装的无界一点通旧版有冲突,请先卸载旧版, 再安装新版。

3。详细说明见网址: 《网址》m.wujieliulan.com/userguide.html 《网址》

4。 注: 如果在VPN模式下使用其他浏览器(而不是无界一点通自带的浏览器),请使用其浏览器的“隐私模式”, 或退出无界一点通之后,请将浏览器的历史记录清除,否则在没有VPN的情况下无意中点击了这些历史记录,会有安全隐患。

原文:http://forums.internetfreedom.org/index.php?topic=22352.0