XX-Net V3.8.1

What is new:

  • LAN proxy setting move to system menu.
    support X-Tunnel
  • check LAN proxy before save.
  • Improve X-Tunnel performance

新特性:

  • 前置代理,移动到系统菜单中,以支持X-tunnel
  • 保存前置代理前,检查代理有效性
  • 提升X-Tunnel性能

Downloads

原文:https://github.com/XX-net/XX-Net/releases/tag/3.8.1

Advertisements

安卓版: 无界一点通4.1b测试版(2017年11月17日)

http://wujieliulan.com/download/um4.1b.apk

sha256: 1987b974667d482fc519313771b49bac5e850393d3f365dfc1d6a7c688c5920c
md5: 9195fc772e76eb31a0e08f1f4c3a5c75

谢谢。

**********
无界一点通4.1a测试版, 做了以下改进:

1. 加速电视/广播启动速度;
2. 修复新唐人某些网页白屏问题;
3. 增加明慧广播;
4. 解决新平台下载许可问题;
5.增强安全性和连通能力。

**********
无界一点通”是安卓版的翻墙软件, 让您看到没有被过滤的真实讯息。适用于安卓手机/安卓机顶盒等安卓平台。

安装”无界一点通”测试版:

1。需要首先对手机进行设置: 按“菜单”键 –> settings(设置)–> Applications(应用程序), 钩选”Unknown sources”(未知源)。
注: 有的版本是: 按“菜单”键 –> settings(设置)–> security (安全) 里面, 钩选”Unknown sources”(未知源)。

2。将下载的um.apk文件拷贝到手机SD卡(或内置SD卡)上。如果下载的为压缩文件, 无须解压, 直接将文件扩展名 .zip 更改为 .apk 。
在安卓手机上点击um.apk文件便可安装。如与已经安装的无界一点通旧版有冲突,请先卸载旧版, 再安装新版。

3。详细说明见网址: 《网址》m.wujieliulan.com/userguide.html 《网址》

4。 注: 如果在VPN模式下使用其他浏览器(而不是无界一点通自带的浏览器),请使用其浏览器的“隐私模式”, 或退出无界一点通之后,请将浏览器的历史记录清除,否则在没有VPN的情况下无意中点击了这些历史记录,会有安全隐患。

原文:http://forums.internetfreedom.org/index.php?topic=22452.0

Tor Browser 7.0.10 is released

Tor Browser 7.0.10 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates Firefox to version 52.5.0esr and Tor to version version 0.3.1.8, the second stable release in the 0.3.1 series. In addition to that we updated the HTTPS Everywhere and NoScript extensions we ship. For Windows users we backported patches from the alpha series that update the msvcr100.dll runtime library we include and which should make Tor Browser more robust against crashes due to misbehvaing third party software.

The full changelog since Tor Browser 7.0.9 (7.0.8 for Windows) is:

  • All Platforms
    • Update Firefox to 52.5.0esr
    • Update Tor to 0.3.1.8
    • Update Torbutton to 1.9.7.10
      • Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
      • Translations update
    • Update HTTPS-Everywhere to 2017.10.30
      • Bug 24178: Use make.sh for building HTTPS-Everywhere
    • Update NoScript to 5.1.5
      • Bug 23968: NoScript icon jumps to the right after update
  • Windows
    • Bug 23582: Enable the Windows DLL blocklist for mingw-w64 builds
    • Bug 23396: Update the msvcr100.dll we ship
    • Bug 24052: Block file:// redirects early

原文:https://blog.torproject.org/tor-browser-7010-released

Tor 0.3.2.4-alpha is released, with several stability fixes by nickm

Tor 0.3.2.4-alpha is the fourth alpha release in the 0.3.2.x series. It fixes several stability and reliability bugs, especially including a major reliability issue that has been plaguing fast exit relays in recent months.

You can download the source from the usual place on the website. Binary packages should be available soon, with an alpha Tor Browser likely in the next week or so.

Remember: This is an alpha release, and it’s likely to have more bugs than usual. We hope that people will try it out to find and report bugs, though.

Changes In Version 0.3.2.4-Alpha – 2017-11-08

  • Major bugfixes (exit relays, DNS):
    • Fix an issue causing DNS to fail on high-bandwidth exit nodes, making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for identifying and finding a workaround to this bug and to Moritz, Arthur Edelstein, and Roger for helping to track it down and analyze it.
  • Major bugfixes (scheduler, channel):
    • Stop processing scheduled channels if they closed while flushing cells. This can happen if the write on the connection fails leading to the channel being closed while in the scheduler loop. Fixes bug 23751; bugfix on 0.3.2.1-alpha.
  • Minor features (logging, scheduler):
    • Introduce a SCHED_BUG() function to log extra information about the scheduler state if we ever catch a bug in the scheduler. Closes ticket 23753.
  • Minor features (removed deprecations):
    • The ClientDNSRejectInternalAddresses flag can once again be set in non-testing Tor networks, so long as they do not use the default directory authorities. This change also removes the deprecation of this flag from 0.2.9.2-alpha. Closes ticket 21031.
  • Minor features (testing):
    • Our fuzzing tests now test the encrypted portions of v3 onion service descriptors. Implements more of 21509.
  • Minor bugfixes (directory client):
    • On failure to download directory information, delay retry attempts by a random amount based on the “decorrelated jitter” algorithm. Our previous delay algorithm tended to produce extra-long delays too easily. Fixes bug 23816; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (IPv6, v3 single onion services):
    • Remove buggy code for IPv6-only v3 single onion services, and reject attempts to configure them. This release supports IPv4, dual-stack, and IPv6-only v3 onion services; and IPv4 and dual- stack v3 single onion services. Fixes bug 23820; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (logging, relay):
    • Give only a protocol warning when the ed25519 key is not consistent between the descriptor and microdescriptor of a relay. This can happen, for instance, if the relay has been flagged NoEdConsensus. Fixes bug 24025; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (manpage, onion service):
    • Document that the HiddenServiceNumIntroductionPoints option is 0-10 for v2 services and 0-20 for v3 services. Fixes bug 24115; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (memory leaks):
    • Fix a minor memory leak at exit in the KIST scheduler. This bug should have no user-visible impact. Fixes bug 23774; bugfix on 0.3.2.1-alpha.
    • Fix a memory leak when decrypting a badly formatted v3 onion service descriptor. Fixes bug 24150; bugfix on 0.3.2.1-alpha. Found by OSS-Fuzz; this is OSS-Fuzz issue 3994.
  • Minor bugfixes (onion services):
    • Cache some needed onion service client information instead of constantly computing it over and over again. Fixes bug 23623; bugfix on 0.3.2.1-alpha.
    • Properly retry HSv3 descriptor fetches when missing required directory information. Fixes bug 23762; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (path selection):
    • When selecting relays by bandwidth, avoid a rounding error that could sometimes cause load to be imbalanced incorrectly. Previously, we would always round upwards; now, we round towards the nearest integer. This had the biggest effect when a relay’s weight adjustments should have given it weight 0, but it got weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
    • When calculating the fraction of nodes that have descriptors, and all nodes in the network have zero bandwidths, count the number of nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
    • Actually log the total bandwidth in compute_weighted_bandwidths(). Fixes bug 24170; bugfix on 0.2.4.3-alpha.
  • Minor bugfixes (relay, crash):
    • Avoid a crash when transitioning from client mode to bridge mode. Previously, we would launch the worker threads whenever our “public server” mode changed, but not when our “server” mode changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
  • Minor bugfixes (testing):
    • Fix a spurious fuzzing-only use of an uninitialized value. Found by Brian Carpenter. Fixes bug 24082; bugfix on 0.3.0.3-alpha.
    • Test that IPv6-only clients can use microdescriptors when running “make test-network-all”. Requires chutney master 61c28b9 or later. Closes ticket 24109.

原文:https://blog.torproject.org/tor-0324-alpha-released-several-stability-fixes

无界浏览17.04正式版 (2017年11月12日)

17.03发现了一些问题,请更新到17.04。

执行版:
http://wujieliulan.com/download/u1704.exe
SHA512: 9301e32dd888ed465c7d4c33fbe37ff5a2cf7b75b945fabd74e49c86d5bbd0ba9f3f230c801744778217696548250a5394b3768c7e3b22e86a354f30389493a9

压缩版:
http://wujieliulan.com/download/u1704.zip
SHA512: 85926536dee8b31255e06484b7d2bb647490f0dea823e2d236f97eaa6ffdb3f21a458add967f1a4c02e1677c5cd5347f5d13c642764e4eb4e28a94d46e91a96c

原文:http://forums.internetfreedom.org/index.php?topic=22439.0

无界浏览测17.03正式版 (2017年11月11日)

谢谢大家测试并反馈,17.03c 升级为17.03正式版。

执行版:
http://wujieliulan.com/download/u1703.exe
SHA512: 7cc4e5eda688e9de1cc7e553fa9382e9b2f55c5d18f7fb5bcb017152e5a64489e9445e84cee7a46e701be2dfe5d4b7665bc24ecedfd05aef8a376eb8e9ecb178

压缩版:
http://wujieliulan.com/download/u1703.zip
SHA512: 6064788ae6058bb1e77263083f39bd0d434fca32bf0465a1c417a7fdebf40052a446445a0b42d068219d468a29d110cbeba986467b58ee40e1aae0abafe4c594

原文:http://forums.internetfreedom.org/index.php?topic=22432.0

无界安卓手机1.0.8正式版 (2017年11月11日)

更新内容:
修复了打不开某些https网页的问题(请测试)。

http://wujieliulan.com/download/u108a.apk
SHA512: 124e2c6263707919c8b14e744ecfbe54a758b63698d8b3fd3f0e1bb5cbad2f82eb4633e2fd1a73ea8944fd24c086db4330a05c8bf9d11bd1e9121e6bf82c3fc5

安装:将下载的apk文件拷贝到手机上, 在手机上点击此文件便可安装。如出现“禁止安装”警告,点“设置”,钩选“未知源”,继续安装。

功能与使用:

1. 只支持安卓4.1以上。
2. 只支持整机VPN模式, 不支持代理模式。
3. 开启后,轻触或滑动开关,显示“正在连接 …”,同时时上面会出现一个小钥匙和闪动的无界图标,表示正在连接。
4. 连接成功后无界图标停止闪动,显示“连接成功“。此时您可以使用任何浏览器或app,都在无界加密保护下。
5. 使用时,只要无界图标和小钥匙都在,就在在无界加密保护下。
6. 如果要停止使用,轻触或滑动开关即可。关闭后,无界图标和小钥匙会消失,这时手机直接联网,不在无界加密保护下。
7. 如果问题,可重启手机再运行无界。

注意事项:
1. 建议使用浏览器的“隐私模式”浏览敏感网站,这样不会留下历史纪录。
2. 如果浏览器不支持“隐私模式”,请手动清除所有历史纪录,或使用清除所有历史纪录的工具。
3. 为安全起见,建议关闭所有浏览器和其他app,再关闭无界,以免直连敏感网站。也可以直接重启手机, 这样最安全。

请大家测试并反馈, 谢谢

原文:http://forums.internetfreedom.org/index.php?topic=22433.0

无界Linux VPN 17.03正式版 (2017年11月11日)

谢谢大家测试并反馈,17.03c 升级为17.03正式版。

http://wujieliulan.com/download/u1703
SHA512: 8e1c06b3f2631fc602e33bd77432fdd342d7840e671f1de45cc7940ab2fbe6d8dab9de76f3c09271c9e64dfe722c7b85eb316e393893716541c74084ee6b450c

使用方法:
下载后在下载的文件夹右键打开一个终端,在终端执行:chmod +x u1703,然后执行:./u1703, 终端出现以下信息:
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)
需要手动设置浏览器代理。

./u1703 -help 显示使用方法:
Usage of ./u1703:
-ConnMode string
Connect mode, 0: Auto, 1: T, 2: U, 3: P
-L string
listen address (default “127.0.0.1:9666”)
-M string
“vpn”: turn on VPN mode
-P string
http or sock proxy, example: 1.2.3.4:8080 or socks://1.2.4.4:1080 or socks5://1.2.3.4:1080 or socks=1.2.3.4:1080
-S string
“safe”: turn on VPN safe mode, when exit, do not restore routing until reboot

./u1703 -ConnMode 1 (1:“T模式” , 2 :“U模式” 3:“P模式”)

如需要监听 0.0.0.0,在终端执行: ./u1703 -L :9666
如需要通过代理, 执行: ./u1703 -P 1.2.3.4:8080 或 ./u1703 -P socks://1.2.3.4:1080

运行VPN模式,需要root或sudo, 执行:sudo ./u1703 -M vpn, 输入密码, 终端出现以下信息 (顺序可能不同):
LISTENING 130.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

如需要在VPN下分享:sudo ./u1703 -M vpn -L :9666
LISTENING 0.0.0.0:9666 (监听 0.0.0.0:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

在VPN模式下不需要设置代理,整机都通过无界加密翻墙,不会出现直连。我们还是建议设置代理以避免退出无界后直连,这样更安全。建议使用浏览器的“隐私模式”,这样不会留下历史纪录。退出无界前,最好关闭所有浏览器,以免退出后直连敏感网站。

VPN 安全模式:
为了确保安全,新增了VPN 安全模式: sudo ./u1703 -M vpn -S safe
终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN SAFE MODE (VPN 安全模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

一旦运行了 VPN 安全模式,电脑一直处于网络隔离状态,即使关闭了无界,也无法联网。这样消除了所有泄露IP的隐患,以确保安全。不过还是建议设置无界代理,进一步增加安全性,即使恢复到非网络隔离状态也不会泄露IP。也建议使用浏览器的“隐私模式”,最好使用定制版的浏览器,以避免留下历史纪录。

需要重新启动电脑才能恢复到非网络隔离状态

原文:http://forums.internetfreedom.org/index.php?topic=22430.0

无界火狐扩展17.03正式版 (2017年11月11日)

谢谢大家测试并反馈,17.03c 升级为17.03正式版。

http://wujieliulan.com/download/u1703.xpi
SHA512: 12df40fe39f0142758aa1461f1a62e141133bb5def0031c20df1016d270c948f0049b6b74d4353b90f1e91199b38bfc19fdde4cc564acbc07cf5bb405c9d7487

请将旧版卸载再安装新版以免有冲突。

自带破网功能,无需运行其他破网软件,支持Windows, Mac, Linux, 32/64 (不需要再运行wine).

安装: 可以用火狐直接下载安装,点击“允许”。如火狐禁止下载,可用其他浏览器下载后用鼠标拉到火狐浏览器,点击“安装”。

使用:点击火狐右上角的无界图标,点击开关即可开启或关闭。 连接成功后,无界图标变成彩色。

原文:http://forums.internetfreedom.org/index.php?topic=22431.0

无界火狐扩展17.03c测试版 (2017年11月9日)

更新内容:
修复了打不开所有https类的网页的问题(请再测试)

http://wujieliulan.com/download/u1703c.xpi
SHA512: 12df40fe39f0142758aa1461f1a62e141133bb5def0031c20df1016d270c948f0049b6b74d4353b90f1e91199b38bfc19fdde4cc564acbc07cf5bb405c9d7487

请将旧版卸载再安装新版以免有冲突。

自带破网功能,无需运行其他破网软件,支持Windows, Mac, Linux, 32/64 (不需要再运行wine).

安装: 可以用火狐直接下载安装,点击“允许”。如火狐禁止下载,可用其他浏览器下载后用鼠标拉到火狐浏览器,点击“安装”。

使用:点击火狐右上角的无界图标,点击开关即可开启或关闭。 连接成功后,无界图标变成彩色。

原文:http://forums.internetfreedom.org/index.php?topic=22431.0

无界Linux VPN 测试版 17.03c (2017年11月9日)

更新内容:
修复了打不开所有https类的网页的问题(请再测试)。

请大家测试并反馈:
http://wujieliulan.com/download/u1703c
SHA512: 8e1c06b3f2631fc602e33bd77432fdd342d7840e671f1de45cc7940ab2fbe6d8dab9de76f3c09271c9e64dfe722c7b85eb316e393893716541c74084ee6b450c

使用方法:
下载后在下载的文件夹右键打开一个终端,在终端执行:chmod +x u1703c,然后执行:./u1703c, 终端出现以下信息:
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)
需要手动设置浏览器代理。

./u1703c -help 显示使用方法:
Usage of ./u1703c:
-ConnMode string
Connect mode, 0: Auto, 1: T, 2: U, 3: P
-L string
listen address (default “127.0.0.1:9666”)
-M string
“vpn”: turn on VPN mode
-P string
http or sock proxy, example: 1.2.3.4:8080 or 管理员警告:禁止外部链接1.2.3.4:8080 or socks://1.2.4.4:1080 or socks5://1.2.3.4:1080 or socks=1.2.3.4:1080
-S string
“safe”: turn on VPN safe mode, when exit, do not restore routing until reboot

./u1703c -ConnMode 1 (1:“T模式” , 2 :“U模式” 3:“P模式”)

如需要监听 0.0.0.0,在终端执行: ./u1703c -L :9666
如需要通过代理, 执行: ./u1703c -P 1.2.3.4:8080 或 ./u1703c -P socks://1.2.3.4:1080

运行VPN模式,需要root或sudo, 执行:sudo ./u1703c -M vpn, 输入密码, 终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

如需要在VPN下分享:sudo ./u1703c -M vpn -L :9666
LISTENING 0.0.0.0:9666 (监听 0.0.0.0:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

在VPN模式下不需要设置代理,整机都通过无界加密翻墙,不会出现直连。我们还是建议设置代理以避免退出无界后直连,这样更安全。建议使用浏览器的“隐私模式”,这样不会留下历史纪录。退出无界前,最好关闭所有浏览器,以免退出后直连敏感网站。

VPN 安全模式:
为了确保安全,新增了VPN 安全模式: sudo ./u1703c -M vpn -S safe
终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN SAFE MODE (VPN 安全模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

一旦运行了 VPN 安全模式,电脑一直处于网络隔离状态,即使关闭了无界,也无法联网。这样消除了所有泄露IP的隐患,以确保安全。不过还是建议设置无界代理,进一步增加安全性,即使恢复到非网络隔离状态也不会泄露IP。也建议使用浏览器的“隐私模式”,最好使用定制版的浏览器,以避免留下历史纪录。

需要重新启动电脑才能恢复到非网络隔离状态

原文:http://forums.internetfreedom.org/index.php?topic=22430.0

无界安卓手机测试版 1.0.8a (2017年11月9日)

更新内容:
修复了打不开某些https网页的问题(请测试)。

http://wujieliulan.com/download/u108a.apk
SHA256: 486f2bb7b912497357e0a8a4b7db866f7c6e693d0892d2eda4606b0b47526d8b6d83ce168083c65599d06539d32c62dd12c0dc01221c834ae23b8c870ee1fa77

安装:将下载的apk文件拷贝到手机上, 在手机上点击此文件便可安装。如出现“禁止安装”警告,点“设置”,钩选“未知源”,继续安装。

功能与使用:

1. 只支持安卓4.1以上。
2. 只支持整机VPN模式, 不支持代理模式。
3. 开启后,轻触或滑动开关,显示“正在连接 …”,同时时上面会出现一个小钥匙和闪动的无界图标,表示正在连接。
4. 连接成功后无界图标停止闪动,显示“连接成功“。此时您可以使用任何浏览器或app,都在无界加密保护下。
5. 使用时,只要无界图标和小钥匙都在,就在在无界加密保护下。
6. 如果要停止使用,轻触或滑动开关即可。关闭后,无界图标和小钥匙会消失,这时手机直接联网,不在无界加密保护下。
7. 如果问题,可重启手机再运行无界。

注意事项:
1. 建议使用浏览器的“隐私模式”浏览敏感网站,这样不会留下历史纪录。
2. 如果浏览器不支持“隐私模式”,请手动清除所有历史纪录,或使用清除所有历史纪录的工具。
3. 为安全起见,建议关闭所有浏览器和其他app,再关闭无界,以免直连敏感网站。也可以直接重启手机, 这样最安全。

请大家测试并反馈, 谢谢

原文:http://forums.internetfreedom.org/index.php?topic=22433.0

无界浏览测试版17.03c (2017年11月9日)

1. 修复了打不开所有https类的网页的问题(请测试)
2. 解决了某些杀毒软件误报的问题。

执行版:
http://wujieliulan.com/download/u1703c.exe
SHA512: 7cc4e5eda688e9de1cc7e553fa9382e9b2f55c5d18f7fb5bcb017152e5a64489e9445e84cee7a46e701be2dfe5d4b7665bc24ecedfd05aef8a376eb8e9ecb178

压缩版:
http://wujieliulan.com/download/u1703c.zip
SHA512: 65ae8c3c6e4874543f4f357b6ab5e41903092dd7391956ba823109c699c4ae7a57613e6d72a4e9529bae418025fe2b9450784a91d1e7fce813a169035793b2fd

原文:http://forums.internetfreedom.org/index.php?topic=22432.0

Tor Browser 7.5a7 is released

Note: Tor Browser 7.5a7 is a security bugfix release in the alpha channel for macOS and Linux users only. Users of the alpha channel on Windows are not affected and stay on Tor Browser 7.5a6.

Tor Browser 7.5a7 is now available for our macOS and Linux users from the Tor Browser Project pageand also from our distribution directory.

This release features an important security update to Tor Browser for macOS and Linux users. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails users and users of our sandboxed-tor-browser are unaffected, though.

The bug got reported to us on Thursday, October 26, by Filippo Cavallarin. We created a workaround with the help of Mozilla engineers on the next day which, alas, fixed the leak only partially. We developed an additional fix on Tuesday, October 31, plugging all known holes. We are not aware of this vulnerability being exploited in the wild. Thanks to everyone who helped during this process!

Known issues: The fix we deployed is just a workaround stopping the leak. As a result of that navigating file:// URLs in the browser might not work as expected anymore. In particular entering file:// URLs in the URL bar and clicking on resulting links is broken. Opening those in a new tab or new window does not work either. A workaround for those issues is dragging the link into the URL bar or on a tab instead. We track this follow-up regression in bug 24136.

Here is the full changelog since 7.5a6:

  • OS X
    • Bug 24052: Streamline handling of file:// resources
  • Linux
    • Bug 24052: Streamline handling of file:// resources

原文:https://blog.torproject.org/tor-browser-75a7-released

Tor Browser 7.0.9 is released

Note: Tor Browser 7.0.9 is a security bugfix release for macOS and Linux users only. Users on Windows are not affected and stay on Tor Browser 7.0.8.

Tor Browser 7.0.9 is now available for our macOS and Linux users from the Tor Browser Project page and also from our distribution directory.

This release features an important security update to Tor Browser for macOS and Linux users. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address (note: as of Nov. 4, 2017, this link is non-public while Mozilla works on a fix for Firefox). Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails users and users of our sandboxed-tor-browser are unaffected, though.

The bug got reported to us on Thursday, October 26, by Filippo Cavallarin. We created a workaround with the help of Mozilla engineers on the next day which, alas, fixed the leak only partially. We developed an additional fix on Tuesday, October 31, plugging all known holes. We are not aware of this vulnerability being exploited in the wild. Thanks to everyone who helped during this process!

We are currently preparing updated macOS and Linux bundles for our alpha series which will be tentatively available on Monday, November 6. Meanwhile macOS and Linux users on that series are strongly encouraged to use the stable bundles or one of the above mentioned tools that are not affected by the underlying problem.
Update: Tor Browser 7.5a7 has now been released.

Known issues: The fix we deployed is just a workaround stopping the leak. As a result of that navigating file:// URLs in the browser might not work as expected anymore. In particular entering file:// URLs in the URL bar and clicking on resulting links is broken. Opening those in a new tab or new window does not work either. A workaround for those issues is dragging the link into the URL bar or on a tab instead. We track this follow-up regression in bug 24136.

Here is the full changelog since 7.0.8:

  • OS X
    • Bug 24052: Streamline handling of file:// resources
  • Linux
    • Bug 24052: Streamline handling of file:// resources

原文:https://blog.torproject.org/tor-browser-709-released

Tor 0.3.2.3-alpha is released, with small bugfixes

Tor 0.3.2.3-alpha is the third release in the 0.3.2 series. It fixes numerous small bugs in earlier versions of 0.3.2.x, and adds a new directory authority, Bastet.

You can download the source from the usual place on the website. Binary packages should be available soon, with an alpha Tor Browser likely some time in November.

Remember: This is an alpha release, and it’s likely to have more bugs than usual. We hope that people will try it out to find and report bugs, though.

Changes In Version 0.3.2.3-Alpha – 2017-10-27

  • Directory authority changes:
    • Add “Bastet” as a ninth directory authority to the default list. Closes ticket 23910.
    • The directory authority “Longclaw” has changed its IP address. Closes ticket 23592.
  • Minor features (bridge):
    • Bridge relays can now set the BridgeDistribution config option to add a “bridge-distribution-request” line to their bridge descriptor, which tells BridgeDB how they’d like their bridge address to be given out. (Note that as of Oct 2017, BridgeDB does not yet implement this feature.) As a side benefit, this feature provides a way to distinguish bridge descriptors from non-bridge descriptors. Implements tickets 18329.
  • Minor features (client, entry guards):
    • Improve log messages when missing descriptors for primary guards. Resolves ticket 23670.
  • Minor features (geoip):
    • Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 Country database.
  • Minor bugfixes (bridge):
    • Overwrite the bridge address earlier in the process of retrieving its descriptor, to make sure we reach it on the configured address. Fixes bug 20532; bugfix on 0.2.0.10-alpha.
  • Minor bugfixes (documentation):
    • Document better how to read gcov, and what our gcov postprocessing scripts do. Fixes bug 23739; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (entry guards):
    • Tor now updates its guard state when it reads a consensus regardless of whether it’s missing descriptors. That makes tor use its primary guards to fetch descriptors in some edge cases where it would previously have used fallback directories. Fixes bug 23862; bugfix on 0.3.0.1-alpha.
  • Minor bugfixes (onion service client):
    • When handling multiple SOCKS request for the same .onion address, only fetch the service descriptor once.
    • When a descriptor fetch fails with a non-recoverable error, close all pending SOCKS requests for that .onion. Fixes bug 23653; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (onion service):
    • Always regenerate missing onion service public key files. Prior to this, if the public key was deleted from disk, it wouldn’t get recreated. Fixes bug 23748; bugfix on 0.3.2.2-alpha. Patch from “cathugger”.
    • Make sure that we have a usable ed25519 key when the intro point relay supports ed25519 link authentication. Fixes bug 24002; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (onion service, v2):
    • When reloading configured onion services, copy all information from the old service object. Previously, some data was omitted, causing delays in descriptor upload, and other bugs. Fixes bug 23790; bugfix on 0.2.1.9-alpha.
  • Minor bugfixes (memory safety, defensive programming):
    • Clear the target address when node_get_prim_orport() returns early. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
  • Minor bugfixes (relay):
    • Avoid a BUG warning when receiving a dubious CREATE cell while an option transition is in progress. Fixes bug 23952; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (testing):
    • Adjust the GitLab CI configuration to more closely match that of Travis CI. Fixes bug 23757; bugfix on 0.3.2.2-alpha.
    • Prevent scripts/test/coverage from attempting to move gcov output to the root directory. Fixes bug 23741; bugfix on 0.2.5.1-alpha.
    • When running unit tests as root, skip a test that would fail because it expects a permissions error. This affects some continuous integration setups. Fixes bug 23758; bugfix on 0.3.2.2-alpha.
    • Stop unconditionally mirroring the tor repository in GitLab CI. This prevented developers from enabling GitLab CI on master. Fixes bug 23755; bugfix on 0.3.2.2-alpha.
    • Fix the onion service v3 descriptor decoding fuzzing to use the latest decoding API correctly. Fixes bug 21509; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (warnings):
    • When we get an HTTP request on a SOCKS port, tell the user about the new HTTPTunnelPort option. Previously, we would give a “Tor is not an HTTP Proxy” message, which stopped being true when HTTPTunnelPort was introduced. Fixes bug 23678; bugfix on 0.3.2.1-alpha.

原文:https://blog.torproject.org/tor-0323-alpha-released-small-bugfixes

vpngate-build-9651

  • 如何安装和使用
  • 可发布的文件
    本软件是免费的。您可以复制或分发已下载的文件。你可以把它上传到其他网站。如果你们政府的防火墙处于未知原因的故障, http://www.vpngate.net 网站不能从你的国家轻松访问,在你们国家的网站上发布 VPN Gate 程序文件,以帮助你身边的其他用户。
  • 注意
    如果可能的话,使用最新版本。有一天,如果贵国政府的防火墙导致未知错误,且 VPN Gate Client 软件有问题,更新 VPN Gate 到最新版本。如果在未来贵国政府的防火墙由于故障 http://www.vpngate.net 网站变得无法访问,建议记住 镜像站点 URL 列表。VPN Gate Client 插件包含 VPN Gate 服务。默认禁用。你可以手动激活它。

原文:http://www.vpngate.net/cn/download.aspx

Lantern4.4.0版

:red_circle:蓝灯最新版本下载地址请点这里:red_circle:

最新版本是4.4.x

Windows 版本(要求XP SP3以上) 备用地址

安卓版(要求4.1以上) 备用地址 Google Play下载

其他系统下载

请大家收藏本页面,方便日后下载新版。

蓝灯官方论坛

论坛帖子页面请点这里进入,或者点击左上方的Issues进入。

你可以在右上角“sign up” 注册账号。 通过邮件验证后,请点击 https://github.com/getlantern/forum 回到论坛。

在论坛内,可用右上角使用“New issue” 发新帖,或者在帖内使用“Comment”回复。

版规

:red_circle:使用遇到问题,请阅读蓝灯无法使用的解决办法 提问前,请先阅读蓝灯精华帖:red_circle:

本论坛可进行关于蓝灯(Lantern)翻墙软件的讨论。因为版面有限,请不要重复发帖,也请不要再开新帖发表邀请码。邀请码请发表到汇总贴或其他论坛。 禁止广告帖,包括非官方的讨论群。禁止刷版,人身攻击等恶劣行为。屡次违反版规会禁言甚至封号。

无界浏览测试版17.03b (2017年11月1日)

1.修复了打不开所有https类的网页的问题(请测试)
2.解决了某些杀毒软件误报的问题。

执行版:
http://wujieliulan.com/download/u1703b.exe
SHA512: 5282a1b9ac8a6f99f93de1592d3eabe4d3f9cf2107a5c9dec04763533b61d9525d0fab741318d4549050398b3c60ac0d94b98c13af826c6aeb46dea41507e85e

压缩版:
http://wujieliulan.com/download/u1703b.zip
SHA256: 24e254a81e9ddc7435cad94a070debf937e97171367bac84213aa2cd3b3d167f8d01a5b977b9dcb5d585c62aae2b44b2b253f6a7aabc191a4ce0e3519dc8714b

http://forums.internetfreedom.org/index.php?topic=22416.msg77273#msg77273

无界Linux VPN 测试版 17.03b (2017年11月1日)

更新内容:
修复了打不开所有https类的网页的问题(请测试)。

请大家测试并反馈:
http://wujieliulan.com/download/u1703b
SHA512: 5bf3e519658e79c67117a1474effe6094afb4d30b35f142c620100adb9770319f674826dee04c49b87ea7c80de9ead279a550ffdd159f10348b0357a99b78bee

使用方法:
下载后在下载的文件夹右键打开一个终端,在终端执行:chmod +x u1703b,然后执行:./u1703b, 终端出现以下信息:
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)
需要手动设置浏览器代理。

./u1703b -help 显示使用方法:
Usage of ./u1703b:
-ConnMode string
Connect mode, 0: Auto, 1: T, 2: U, 3: P
-L string
listen address (default “127.0.0.1:9666”)
-M string
“vpn”: turn on VPN mode
-P string
http or sock proxy, example: 1.2.3.4:8080 or 管理员警告:禁止外部链接1.2.3.4:8080 or socks://1.2.4.4:1080 or socks5://1.2.3.4:1080 or socks=1.2.3.4:1080
-S string
“safe”: turn on VPN safe mode, when exit, do not restore routing until reboot

./u1703b -ConnMode 1 (1:“T模式” , 2 :“U模式” 3:“P模式”)

如需要监听 0.0.0.0,在终端执行: ./u1703b -L :9666
如需要通过代理, 执行: ./u1703b -P 1.2.3.4:8080 或 ./u1703b -P socks://1.2.3.4:1080

运行VPN模式,需要root或sudo, 执行:sudo ./u1703b -M vpn, 输入密码, 终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

如需要在VPN下分享:sudo ./u1703b -M vpn -L :9666
LISTENING 0.0.0.0:9666 (监听 0.0.0.0:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

在VPN模式下不需要设置代理,整机都通过无界加密翻墙,不会出现直连。我们还是建议设置代理以避免退出无界后直连,这样更安全。建议使用浏览器的“隐私模式”,这样不会留下历史纪录。退出无界前,最好关闭所有浏览器,以免退出后直连敏感网站。

VPN 安全模式:
为了确保安全,新增了VPN 安全模式: sudo ./u1703b -M vpn -S safe
终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN SAFE MODE (VPN 安全模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

一旦运行了 VPN 安全模式,电脑一直处于网络隔离状态,即使关闭了无界,也无法联网。这样消除了所有泄露IP的隐患,以确保安全。不过还是建议设置无界代理,进一步增加安全性,即使恢复到非网络隔离状态也不会泄露IP。也建议使用浏览器的“隐私模式”,最好使用定制版的浏览器,以避免留下历史纪录。

需要重新启动电脑才能恢复到非网络隔离状态

原文:http://forums.internetfreedom.org/index.php?topic=22418.0

无界火狐扩展17.03b测试版 (2017年11月1日)

http://wujieliulan.com/download/u1703b.xpi
SHA512: 356509831c39053d82c667ffd5153225fba5b51fba5741f5fa4763ab88df401533c3215bf0a066d53ea06b6fcffebd1410a0826dc2eef5a285f248eb4fd46658

更新内容:
修复了打不开所有https类的网页的问题(请测试)

请将旧版卸载再安装新版以免有冲突。

自带破网功能,无需运行其他破网软件,支持Windows, Mac, Linux, 32/64 (不需要再运行wine).

安装: 可以用火狐直接下载安装,点击“允许”。如火狐禁止下载,可用其他浏览器下载后用鼠标拉到火狐浏览器,点击“安装”。

使用:点击火狐右上角的无界图标,点击开关即可开启或关闭。 连接成功后,无界图标变成彩色。

原文:http://forums.internetfreedom.org/index.php?topic=22419.0

XX-Net V3.7.9

What is new:

  • GAE check cert using POST
  • no_mess system config
  • X-tunnel status detail info
  • GAE add sni on TLS

Downloads

最新状态:

2017-11-2

提示:

原文:https://github.com/XX-net/XX-Net/releases/tag/3.7.9

宽带IP地址被屏蔽(2017年10月17日更新)

最近封锁比较严重,如果使用无界16.03,17.01,无界火狐扩展, 无界安卓手机(英文版)无法连接服务器,或连接不稳定,可能是您的宽带IP地址被屏蔽,请关闭所有翻墙软件(包括无界),10分钟后再打开无界浏览。有时可能需要反复几次,每次最好运行几分钟(即使无法链接),3-5分钟就可以了。如果能更换您的宽带IP地址,就无需等待10分钟。

可参考以下步骤更换您的宽带IP地址:
1.关闭所有翻墙软件.
2.更换您的宽带IP地址:
最简单的方法是关闭您的宽带调制解调器和路由器的电源,等待1分钟后再打开电源。
如果您是用电脑直接拨接宽带服务,只需掉宽带连接,1分钟后再重新拨接。
3.等连上宽带后再打开无界浏览。
4.如以上步骤不成功,宽带IP地址没有更新,请等待10分钟后再打开无界浏览。

目前封锁比较严重,有些翻墙软件(包括旧版无界)可能会造成您的宽带IP地址被屏蔽。

请大家分享一下效果和更换宽带IP地址的经验。

原文:http://forums.internetfreedom.org/index.php?topic=22344.0

无界浏览17.02正式版 (2017年10月28日)

谢谢大家测试并反馈,17.02a 升级为17.02正式版。

执行版:
http://wujieliulan.com/download/u1702.exe
SHA1: c6cf189a3b3c12028955b67d9fa234bf06aa5562
MD5: 2eed527a3b222303c30f34830a58a3a0

压缩版:
http://wujieliulan.com/download/u1702.zip
SHA1: 44bdc2c3b54ac7926245b6fce92d7c65052dbd0b
MD5: 920f757436f9d0e1a227d1b3d6b79122

原文:http://forums.internetfreedom.org/index.php?topic=22384.0

无界安卓手机1.0.7正式版(2017年10月28日)

1.0.7a 升级为1.0.7正式版。

http://wujieliulan.com/download/u107.apk
SHA1: 028df9edf5576d46b423025f7b5668176df51685
MD5: 8a6f9dcd87ce0d3ed846944964cb423d

安装:将下载的apk文件拷贝到手机上, 在手机上点击此文件便可安装。如出现“禁止安装”警告,点“设置”,钩选“未知源”,继续安装。

功能与使用:

1. 只支持安卓4.1以上。
2. 只支持整机VPN模式, 不支持代理模式。
3. 开启后,轻触或滑动开关,显示“正在连接 …”,同时时上面会出现一个小钥匙和闪动的无界图标,表示正在连接。
4. 连接成功后无界图标停止闪动,显示“连接成功“。此时您可以使用任何浏览器或app,都在无界加密保护下。
5. 使用时,只要无界图标和小钥匙都在,就在在无界加密保护下。
6. 如果要停止使用,轻触或滑动开关即可。关闭后,无界图标和小钥匙会消失,这时手机直接联网,不在无界加密保护下。
7. 如果问题,可重启手机再运行无界。

注意事项:
1. 建议使用浏览器的“隐私模式”浏览敏感网站,这样不会留下历史纪录。
2. 如果浏览器不支持“隐私模式”,请手动清除所有历史纪录,或使用清除所有历史纪录的工具。
3. 为安全起见,建议关闭所有浏览器和其他app,再关闭无界,以免直连敏感网站。也可以直接重启手机, 这样最安全。

请大家测试并反馈, 谢谢

原文:http://forums.internetfreedom.org/index.php?topic=22385.0

无界火狐扩展17.02正式版 (2017年10月28日)

谢谢大家测试并反馈,17.02a 升级为17.02正式版。

http://wujieliulan.com/download/u1702.xpi
SHA1: bfb67a0b3e53271d7b29191d3a3df78ed93faca3
MD5: c87aedfa64cbcbb91b064ac947d8e33c

更新内容:
1. 修复了SSL警告 (请测试)
2. 增加了HTTPS的稳定性和速度
3. 启动时自动关闭WebRTC, Java, Flash, SilverLight (Windows) 以避免泄露IP。关闭时自动恢复原来的设置。

请将旧版卸载再安装新版以免有冲突。

自带破网功能,无需运行其他破网软件,支持Windows, Mac, Linux, 32/64 (不需要再运行wine).

安装: 可以用火狐直接下载安装,点击“允许”。如火狐禁止下载,可用其他浏览器下载后用鼠标拉到火狐浏览器,点击“安装”。

使用:点击火狐右上角的无界图标,点击开关即可开启或关闭。 连接成功后,无界图标变成彩色。

原文:http://forums.internetfreedom.org/index.php?topic=22382.0

无界Linux VPN 17.02正式版 (2017年10月28日)

谢谢大家测试并反馈,17.02a 升级为17.02正式版。

更新内容:
1. 修复了SSL警告 (请测试)
2. 增加了“连接模式”
3. 修复了有时掉线的问题(更换服务器时还是会掉线,这是正常的)
4. 增加了“VPN 安全模式”
5. 启动VPN模式时自动关闭火狐浏览器,并关闭WebRTC, 以避免在不用私有IP时泄露IP。
6. VPN模式关闭时自动关闭火狐浏览器,同时回复WebRTC设定。
7. 加速https连接
8. VPN模式下显示监听地址。

请大家测试并反馈:
http://wujieliulan.com/download/u1702
SHA1: 66a10e91f07e48b71046b94471d2fca3e21ca41c
MD5: 7417407b60c813cc28be21ff958d1d70

使用方法:
下载后在下载的文件夹右键打开一个终端,在终端执行:chmod +x u1702,然后执行:./u1702, 终端出现以下信息:
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)
需要手动设置浏览器代理。

./u1702 -help 显示使用方法:
Usage of ./u1702:
-ConnMode string
Connect mode, 0: Auto, 1: T, 2: U, 3: P
-L string
listen address (default “127.0.0.1:9666”)
-M string
“vpn”: turn on VPN mode
-P string
http or sock proxy, example: 1.2.3.4:8080 or 管理员警告:禁止外部链接1.2.3.4:8080 or socks://1.2.4.4:1080 or socks5://1.2.3.4:1080 or socks=1.2.3.4:1080
-S string
“safe”: turn on VPN safe mode, when exit, do not restore routing until reboot

./u1702 -ConnMode 1 (1:“T模式” , 2 :“U模式” 3:“P模式”)

如需要监听 0.0.0.0,在终端执行: ./u1702 -L :9666
如需要通过代理, 执行: ./u1702 -P 1.2.3.4:8080 或 .u1702 -P socks://1.2.3.4:1080

运行VPN模式,需要root或sudo, 执行:sudo ./u1702 -M vpn, 输入密码, 终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

如需要在VPN下分享:sudo ./u1702 -M vpn -L :9666
LISTENING 0.0.0.0:9666 (监听 0.0.0.0:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

在VPN模式下不需要设置代理,整机都通过无界加密翻墙,不会出现直连。我们还是建议设置代理以避免退出无界后直连,这样更安全。建议使用浏览器的“隐私模式”,这样不会留下历史纪录。退出无界前,最好关闭所有浏览器,以免退出后直连敏感网站。

VPN 安全模式:
为了确保安全,新增了VPN 安全模式: sudo ./u1702 -M vpn -S safe
终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN SAFE MODE (VPN 安全模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

一旦运行了 VPN 安全模式,电脑一直处于网络隔离状态,即使关闭了无界,也无法联网。这样消除了所有泄露IP的隐患,以确保安全。不过还是建议设置无界代理,进一步增加安全性,即使恢复到非网络隔离状态也不会泄露IP。也建议使用浏览器的“隐私模式”,最好使用定制版的浏览器,以避免留下历史纪录。

需要重新启动电脑才能恢复到非网络隔离状态。

原文:http://forums.internetfreedom.org/index.php?topic=22381.0

尝试使用 IPFS 来分发 V2Ray 安装包

除了 V2Ray 的开发之外,一个非常重要的问题是分发。也就是先有鸡还是先有蛋的问题。用户需要使用 V2Ray 软件来翻墙,但是使用之前要先下载到安装包,而安装包的下载地址,比如 Github Release,通常是被墙的。

V2Ray 的终极目标是提供一个无障碍的翻墙体验,即当你只有一台全新的电脑,包括网络和浏览器,其它什么都没有的时候,你可以使用 V2Ray 来完全翻墙的第一步。

要做到这一点,需要两个条件:

  1. V2Ray 提供了一个免费的服务器,通过自带的配置文件即可连上;
  2. 用户可以自由地下载到 V2Ray 的安装包。

第一个条件已经完成了,V2Ray 的官方服务器已经稳定工作很长一段时间了。现在面临的主要问题是第二个条件。

network

想必大家都已经看到 Telegram 上的公告,我的第一个想法是通过网盘来分发,某网盘号称国际版没有审查,但在我公布下载链接的数小时内,帐号就被封锁,我也只能呵呵了。

想来想去,传统的 HTTP 道路肯定是走不通的,国内的 HTTP 都有审查,国外的都被墙,没有可用的。那么也只能 P2P 了。

目前对于文件分享,P2P 的一个主流方案是 IPFS。和 BT 类似,IPFS 没有中心服务器,你可以连接到其它的 IPFS 节点来下载所指定的文件。文件名(或目录名)就是一个字符串,有了这个字符串,你就可以下载到 V2Ray 的安装包。

当然这个方案有个缺点,也就是你需要先下载 IPFS 的程序,等于把分发的责任转移给了 IPFS。如果将来有一天,没人可以下载到 IPFS 的程序了,那也就没戏了。

所以现在只能期待 IPFS 依然存活,并且有好心人在墙内做种子。

接下来简单介绍一下 IPFS。在 IPFS 中可以发布文件或者文件夹,每个文件和文件夹都有一个唯一标识,在 IPFS 中通过这个标识可以获取这个文件。比如目前最新的 V2Ray 安装包在这里。这个路径是不可变的,也就是说,之后的版本再次传到 IPFS 之后,会有一个新的标识符。为了解决这个每次都变的问题,IPFS 项目中有个叫 IPNS 的工具用来重定向,大概就相当于域名和 IP 的关系。而 V2Ray 的 IPNS 是这个。不知道为什么 IPNS 比 IPFS 慢了很多,大概是种子不够多的原因吧。

在此希望广大翻墙同胞们一起来做种,让下载速度变得更快。做种的方式大约是,在已经配置完 IPFS 之后,运行:

ipfs pin add -r /ipns/QmdtMuAhEUPFX9NQiGhRj2zhS1oEA76SXNDnZRHqivjMwR

我也是刚刚学着使用 IPFS,如果有问题请指正。

在上述的分发渠道中你还可以找到一些主要的 V2Ray 客户端。如果还需要其它的工具,请留言,之后我会加上。

原文:https://steemit.com/cn/@v2ray/ipfs-v2ray

New stable Tor releases: 0.3.1.8, 0.3.0.12, 0.2.9.13, 0.2.8.16, 0.2.5.15 by nickm

There are new stable Tor releases available for download.  If you build Tor from source, you can find the source for the latest stable release on our Download page. You can find the older releases at https://dist.torproject.org/. Packages should be available over the coming days, including a planned TorBrowser release in November.

These releases backport stability fixes from later Tor releases, and add the key for the latest directory authority, “bastet”.

The ChangeLog for 0.3.1.8 follows below. For the changelogs for other releases, see the announcement email.

Tor 0.3.1.8 is the second stable release in the 0.3.1 series. It includes several bugfixes, including a bugfix for a crash issue that had affected relays under memory pressure. It also adds a new directory authority, Bastet.

Changes In Version 0.3.1.8 – 2017-10-25

  • Directory authority changes:
    • Add “Bastet” as a ninth directory authority to the default list. Closes ticket 23910.
    • The directory authority “Longclaw” has changed its IP address. Closes ticket 23592.
  • Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
    • Fix a timing-based assertion failure that could occur when the circuit out-of-memory handler freed a connection’s output buffer. Fixes bug 23690; bugfix on 0.2.6.1-alpha.
  • Minor features (directory authorities, backport from 0.3.2.2-alpha):
    • Remove longclaw’s IPv6 address, as it will soon change. Authority IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves 3/8 directory authorities with IPv6 addresses, but there are also 52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
  • Minor features (geoip):
    • Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 Country database.
  • Minor bugfixes (compilation, backport from 0.3.2.2-alpha):
    • Fix a compilation warning when building with zstd support on 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found and fixed by Andreas Stieger.
  • Minor bugfixes (compression, backport from 0.3.2.2-alpha):
    • Handle a pathological case when decompressing Zstandard data when the output buffer size is zero. Fixes bug 23551; bugfix on 0.3.1.1-alpha.
  • Minor bugfixes (directory authority, backport from 0.3.2.1-alpha):
    • Remove the length limit on HTTP status lines that authorities can send in their replies. Fixes bug 23499; bugfix on 0.3.1.6-rc.
  • Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha):
    • Avoid a possible double close of a circuit by the intro point on error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610; bugfix on 0.3.0.1-alpha.
  • Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
    • Clear the address when node_get_prim_orport() returns early. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
  • Minor bugfixes (unit tests, backport from 0.3.2.2-alpha):
    • Fix additional channelpadding unit test failures by using mocked time instead of actual time for all tests. Fixes bug 23608; bugfix on 0.3.1.1-alpha.

原文:https://blog.torproject.org/new-stable-tor-releases-0318-03012-02913-02816-02515

Tor Browser 7.0.8 is released

Tor Browser 7.0.8 is now available from the Tor Browser Project page and also from our distribution directory.

In version 7.0.7 we added a donation banner to point to our end-of-the-year 2017 donation campaign. This new release is fixing a bug which prevented the display of the banner.

The full changelog since Tor Browser 7.0.7 is:

  • All Platforms
    • Update Torbutton to 1.9.7.9
      • Bug 23949: Fix donation banner display
      • Update locale list with translated banner
      • Translations update

原文:https://blog.torproject.org/tor-browser-708-released

Tor Browser 7.5a6 is released

Tor Browser 7.5a6 is now available from the Tor Browser Project page and also from our distribution directory.

This release updates firefox to 52.4.1esr, Tor to 0.3.2.2-alpha, HTTPS-Everywhere to 2017.10.4 and NoScript to 5.1.2. This release is also fixing some crashes and adding a donation banner starting on Oct 23 in order to point to our end-of-the-year 2017 donation campaign.

The full changelog since Tor Browser 7.5a5 is:

  • All Platforms
    • Update Firefox to 52.4.1esr
    • Update Tor to 0.3.2.2-alpha
    • Update Torbutton to 1.9.8.2
      • Bug 23887: Update banner locales and Mozilla text
      • Translations update
    • Update HTTPS-Everywhere to 2017.10.4
    • Update NoScript to 5.1.2
      • Bug 23723: Loading entities from NoScript .dtd files is blocked
      • Bug 23724: NoScript update breaks Security Slider and its icon disappears
    • Bug 23745: Tab crashes when using Tor Browser to access Google Drive
    • Bug 23694: Update the detailsURL in update responses
    • Bug 22501: Requests via javascript: violate FPI
  • OS X
    • Bug 23807: Tab crashes when playing video on High Sierra
    • Bug 23025: Add some hardening flags to macOS build

原文:https://blog.torproject.org/tor-browser-75a6-released

Tor Browser 7.0.7 is released

Tor Browser 7.0.7 is now available from the Tor Browser Project page and also from our distribution directory.

This release updates Firefox to 52.4.1esr, HTTPS-Everywhere to 2017.10.4 and NoScript to 5.1.2. On Linux the content sandboxing is now enabled. This release is also fixing some crashes and adding a donation banner starting on Oct 23 in order to point to our end-of-the-year 2017 donation campaign.

The full changelog since Tor Browser 7.0.6 is:

  • All Platforms
    • Update Firefox to 52.4.1esr
    • Update Torbutton to 1.9.7.8
      • Bug 23887: Update banner locales and Mozilla text
      • Bug 23526: Add 2017 Donation banner text
      • Bug 23483: Donation banner on about:tor for 2017 (testing mode)
      • Bug 22610: Avoid crashes when canceling external helper app related downloads
      • Bug 22472: Fix FTP downloads when external helper app dialog is shown
      • Bug 22471: Downloading pdf files via the PDF viewer download button is broken
      • Bug 22618: Downloading pdf file via file:/// is stalling
      • Translations update
    • Update HTTPS-Everywhere to 2017.10.4
    • Update NoScript to 5.1.2
      • Bug 23723: Loading entities from NoScript .dtd files is blocked
      • Bug 23724: NoScript update breaks Security Slider and its icon disappears
    • Bug 23745: Tab crashes when using Tor Browser to access Google Drive
    • Bug 22610: Avoid crashes when canceling external helper app related downloads
    • Bug 22472: Fix FTP downloads when external helper app dialog is shown
    • Bug 22471: Downloading pdf files via the PDF viewer download button is broken
    • Bug 22618: Downloading pdf file via file:/// is stalling
    • Bug 23694: Update the detailsURL in update responses
  • OS X
    • Bug 23807: Tab crashes when playing video on High Sierra
  • Linux
    • Bug 22692: Enable content sandboxing on Linux

原文:https://blog.torproject.org/tor-browser-707-released

安卓版: 无界一点通4.1a测试版(2017年10月18日)

无界一点通4.1a测试版, 做了以下改进,请帮忙测试并反馈:

1. 加速电视/广播启动速度;
2. 修复新唐人某些网页白屏问题;
3. 增加明慧广播;
4. 解决新平台下载许可问题;
5.增强安全性和连通能力。

http://wujieliulan.com/download/um4.1a.apk

sha256:5ce18ba747067320eb17935bd611a5eba98eb1ee8514c946031cd1e014923003
md5:62113edcf18d1fec0de58f37d04e43a8

谢谢!

—————–

“无界一点通”是安卓版的翻墙软件, 让您看到没有被过滤的真实讯息。适用于安卓手机/安卓机顶盒等安卓平台。

安装”无界一点通”测试版:

1。需要首先对手机进行设置: 按“菜单”键 –> settings(设置)–> Applications(应用程序), 钩选”Unknown sources”(未知源)。
注: 有的版本是: 按“菜单”键 –> settings(设置)–> security (安全) 里面, 钩选”Unknown sources”(未知源)。

2。将下载的um.apk文件拷贝到手机SD卡(或内置SD卡)上。如果下载的为压缩文件, 无须解压, 直接将文件扩展名 .zip 更改为 .apk 。
在安卓手机上点击um.apk文件便可安装。如与已经安装的无界一点通旧版有冲突,请先卸载旧版, 再安装新版。

3。详细说明见网址: 《网址》m.wujieliulan.com/userguide.html 《网址》

4。 注: 如果在VPN模式下使用其他浏览器(而不是无界一点通自带的浏览器),请使用其浏览器的“隐私模式”, 或退出无界一点通之后,请将浏览器的历史记录清除,否则在没有VPN的情况下无意中点击了这些历史记录,会有安全隐患。

原文:http://forums.internetfreedom.org/index.php?topic=22352.0

2017年10月翻墙快报(兼谈用 I2P 突破封锁)

文章目录

★近期翻墙动态
★常见翻墙工具的状况
★非常时期,关于翻墙的注意事项
★关于【分布式】的重要性
★翻墙教程汇总

★近期翻墙动态

  很久没有发过《翻墙快报》了。细心的读者会发现:前一篇还是《2015年8月翻墙快报》,距今超过【两年】。
  为啥隔了这么久捏?主要是因为最近两年,翻墙形势喜人,常用的那几款梯子,一直都很稳定。因此,俺就没有动力去写《翻墙快报》了(请原谅俺的懒惰)。

  最近捏,因为朝廷要开【十九大】,按照惯例,GFW
又要加大封锁力度了。本来俺以为会从“十一”长假开始加强封锁。但不知为何,GFW 一直到10月9日才开始发飙。想来是因为 GFW
的研发人员也在欢度长假,所以等到节后第一个工作日才开始动手。
  下面俺给大伙儿介绍一下:几款常见翻墙工具的状况(形势不太妙哦)

★常见翻墙工具的状况

  俺测试了几款常用翻墙工具,情况如下。
  根据这几年的经验,不同省份或者不同
ISP,翻墙工具的效果可能会有差异。所以俺个人的测试,仅供参考。也欢迎列位看官反馈自己的翻墙情况。

◇VPN Gate

  经俺本人测试,从10月9日开始,VPN
gate 就很难找到可用的 server;从10月10日开始,连 server list 的更新机制也失效了。
  比较奇怪的是:俺访问 VPN gate
的官网,发现天朝(china)在“国别排名”中依然排在第二名,而且总流量还在继续增加。这说明某些墙内的网民依然可以使用 VPN gate 翻墙。如果你手头的
VPNgate(在10月9日之后)依然可用,欢迎在俺博客留言,反馈一下。反馈的时候顺便说一下你所在的省份以及你的宽带使用哪个
ISP。

    以下是热心读者的反馈:

广东翻墙简报:
广州电信,VPNgate,国庆中秋长假期间开始渐渐大部分IP无法正常连接上,到了长假结束翻墙形势更加严峻,基本大部分IP连接1整天都练不上,有的即使连上了,很快就被阻断,但VPN还是显示连上的。

He Huang
VPNgate今天還能用,福州電信

◇蓝灯(lantern)

  蓝灯在10月8日发布了
4.1.2 版本。当 GFW
在10月9日开始加强封锁的时候,这个版本还可以用;但是在昨天(10月11日)已经失效了。
  另外,蓝灯官方在10月10日还连发了两个版本(4.1.3 和
4.1.4),可惜在昨天(11日)也都失效了。蓝灯官方这么密集地发布新版本,肯定是为了应对这几天 GFW
的封锁。
  蓝灯最新的两个版本刚推出就失效,让俺有点意外(从另一个角度也反映出——GFW
近期的封锁比较彻底,大伙儿要小心

    以下是热心读者的反馈:

挪威森林猫:
(广东联通)
蓝灯:
不论是无流量限制的2.x版本还是有流量限制的3.x版本不仅每次都连得上,而且还超快(720p Youtube
竟然不卡)。。。;手机版也是如此

萩原悠介:
常用工具是GAE的XX-NET和蓝灯,坐标魔都,观察到虽然都是电信ISP但是翻墙工具貌似会因为公网IP网段的不同出现不同效果,比如家庭宽带拨号获得最多的114段IP基本都走掉了,少数非114段IP的封锁相对比较缓和,不知道其他地区的运营商是否有类似的情况

◇赛风(psiphon)

  最近一年,(俺个人感觉)赛风不如蓝灯。所以,赛风最新版本
3.129 失效,俺倒没觉得太意外。
  (赛风的 3.129
版本于10月9日发布,也是刚推出就失效)

    以下是热心读者的反馈:

匿名:
我检查其他免费的轮子的工具基本沦陷,赛风3偶尔可以用!
四川联通的网络哈

匿名:
广东,手机版赛风还可以。。。,第一次留言哈哈!

匿名:
本人用赛风3加四维翻出来的,其他VPN不管用了,电脑小白!

匿名:
过去赛风条件下,油管视频下载速度常超过1M,自从殇日过完,就只能对付在线看了,表示欲哭无泪,为了防止悲伤过度发生更可怕的后果,决心偷偷准备好I2P

◇无界

  经俺本人测试,无界最新的 16.03
版本【依然可用】,但是从10月9日开始就【很不稳定】。
  如果你手头的无界用了一段时间后突然断线,你可以【切换一下自己的公网
IP】,然后再重新运行无界,【运气好的话】就又能联网了。
  (对于家用宽带,只需要关闭一下宽带拨号设备,隔一会儿再开,就可以切换自己的“公网
IP”)

◇自由门

  经俺本人测试,自由门最新的 7.6.1 版本,从10月9日开始就失效了。

◇TOR + meek

  TOR
在七八年前就被 GFW 封杀了。不过后来 TOR 官方提供了一个 meek 插件,可以让 TOR 客户端通过国外的计算平台间接连入 TOR
网络。
  根据读者反馈,“TOR + meek”的方式【依然可用】。
  关于 TOR + Meek 的使用教程,请参见:《“如何翻墙”系列:TOR
已复活——meek 流量混淆插件的安装、优化、原理

  以下是热心读者的反馈:

挪威森林猫:
(广东联通)
TOR + meek:
有时候连得上,有时候不行;看网页还行,看Youtube基本不行。

匿名:
Tor+meek可以翻出去,tor+obfs4國殤日之前就已經掛掉

◇I2P

  (从来没用过 I2P 的同学,请先看这篇《简单扫盲 I2P
的使用
》)
  前些年,每当 GFW 发飙,翻墙工具倒下一大片,I2P
通常都能屹立不倒。(就比如5年前开“十八大”的那次,当时各种工具纷纷失效,也是 I2P 一枝独秀)
  这次也不例外,【I2P
依然坚挺】,实在可喜可贺!(经俺本人测试,一直可用!)
  I2P
虽然坚挺,但是速度慢。所以它适合于:【在封锁很严重的时期进行应急】。

  如果你是第一次运行
I2P,需要先进行【补种】(洋文叫做“reseed”)。补种之后,I2P 才能够接入 P2P
网络。现在封锁很严重,【如何补种】是一门艺术。下面俺会单独聊。

◇SS(ShadowSocks)及其衍生工具

  俺一直没有购买
VPS 用于翻墙(主要是出于【隐匿性】的考虑),所以就没法亲自测试 SS 的情况。
  前几天看到一则新闻《中国研究人员利用机器学习识别 Tor 和
Shadowsocks 流量 @ Solidot》。所以俺猜测:SS 的情况也不乐观 😦
  如果你近期使用过 SS,欢迎在俺博客留言,反馈一下 SS
的情况。

  以下是热心读者的反馈:

Benny
Think.:
一部分SS/SSR先是连不上,换端口能连上,还有一部分IP被墙彻底挂了。
现在SS/SSR也是苟活,速度稳定性比以前差一些。

匿名:
广东移动,GCP搭建的SS相对稳定,使用东亚的节点,延迟基本上保持在两位数。

i Vanilla:
Shadowsocks 等工具目前是受到了一定的影响,如果用 obfs
混淆效果可能会好些,当然这跟加密算法有关。
V2Ray 应该是比较好用的,大家可以尝试一下。
GFW 最近是封了一批 VPS 的 IP
段,所以无论这些 VPS 运行什么代理工具,都会无法连接。

Unknown:
安徽电信,晚上连vultr的ss,无法连接,切换到移动走流量正常,速度奇快。白天连vultr,一切正常,速度忽快忽慢。

匿名:
SS目前无问题。自己搭的梯子,从早期低版本到近期高版本的,还都可用

匿名:
SS可用,目前5个vps有一个出问题,原因应该是网段被封了。

匿名:
ss,va2y, SSR也是一片哀嚎

◇V2Ray

  V2Ray 依赖于 VPS,基于前面提到原因,俺没有尝试过“基于 VPS 的翻墙”,因此也就没有亲自测试
V2Ray 的情况。

  以下是热心读者的反馈:

匿名:
這段時間v2ray採用http混淆或者kcp模式爬牆均無大礙,psiphon變形版本也可以翻出去
gfw.press只要及時更新節點,爬牆亦沒有問題

◇关于 VPS(Virtual Private
Server)的补充说明

  除了
SS,还有其它一些翻墙方法(比如自建 SSH)也依赖 VPS,所以再顺便提一下 VPS。
  据俺了解到的情况,这次 GFW 加强封锁,把很多 VPS
提供商的网段都封杀了。
  假如你付费的 VPS 提供商,其网段已经被 GFW 加入“IP 黑名单”,那你的 VPS
就废了(无论怎么折腾都没戏)。

  以下是热心读者的反馈:

cirno
scarlet:
我用韩国的蘑菇云自建ss,原版SS,没有混淆,无任何影响;
大杀器昨天是激烈的IP攻防战,石斑鱼换了N多的IP地址,貌似是守下来了;
搬瓦工听说挂掉的极多;
感觉这次所谓GFW升级,实为人海战术,只要流量集中,就把相关IP墙掉。

Unknown:
根据我的观察,挂掉的SS集中于搬瓦工,阿里云等知名VPS;我自己用的是新加坡的一个小众VPS,自己建的shadowsocks-liev,没开obfs,用TCP
BBR加速,一直都没事。

匿名:
手上3个VPS均是SS,每个IP用几小时就会ping不通,然后换个IP继续用,ping不通的IP过一段时间也会复活,没死绝。这段时间就是这么换来换去。

Chaos;Code
(・_・;)辽宁联通,目前用的自搭酸酸乳,搬瓦工vps,混淆开的很高,速度还算较快,偶尔有ping不通的情况(大概一周一次?),应该是日常抽风吧(*>_<*)ノ,没什么大碍(・∀・),就酱。

匿名:
Goproxy-php,xxnet-php,https目录加密的php-web代理都正常使用,需要一个虚拟主机空间。

noneme:
我的两个vps 都同时挂了ss ssr v2ray, 有一个被封ip了.
另一个没有问题. 都是美帝的服务器

◇热心读者的其它反馈

  有些热心人的反馈,不方便归入某个类别,就统一放到这里。

Bingyu
Pan
现在电脑里也只有I2P坚挺,tor如果连的上,问题也不大(因为难以切断)。石斑鱼的大杀器也坚持了下来。
不可用的:lantern,xx
net,freegate,VPN
gate,psiphon,无界.
运营商:河南联通,安徽移动,福建电信。

★非常时期,关于翻墙的注意事项

  下面是一些经验介绍,供大伙儿参考。

◇【不要】在一棵树上吊死

  在严重封锁的非常时期,你手头要多准备几个翻墙的梯子。
  有些缺乏经验的同学只依赖一个梯子,万一这个仅有的梯子失效了,就傻逼了。

◇确保有一个【可用的】I2P

  考虑到
I2P 比较坚挺,可以在非常时期用来【救急】。当 GFW 加大封锁导致很多翻墙工具失效,这些翻墙工具也会更频繁地发布新版本,尝试突破封锁。而 I2P
的【救急】作用就体现在——用来下载其它翻墙工具的新版本。
  如果你是第一次运行 I2P,或者你很久没有运行 I2P,要先进行【补种】。I2P
的补种大致有三招,分别如下:

  第1招:用其它翻墙工具给 I2P 补种
  I2P
内置了一批“补种服务器”(洋文叫“reseed server”)。很显然,这些“补种服务器”早就被 GFW 封杀了。要想通过这些“种子服务器”进行补种,需要让
I2P 通过其它翻墙工具联网。假如你手头有其它的翻墙工具,【并且还能用】,赶紧用这个工具给 I2P 补种。
  启动 I2P
之后,用浏览器中访问如下网址,就可以进入【I2P 的补种界面】。

http://127.0.0.1:7657/configreseed
  在这个界面上勾选“Enable HTTP Proxy”,并填写相应的“Proxy
Host”和“Proxy Port”(具体填啥,取决于另一个翻墙工具提供的代理)。填写完记得点保存按钮,然后 I2P
就可以通过其它翻墙工具联网并补种。
  补种完成之后,当 I2P 已经找到其它节点(界面上的 Peers 大于零),你就可以把“Enable HTTP
Proxy”选项去掉——让 I2P【独立联网】。

  第2招:找其它人帮忙获取 I2P
的【种子文件】

  假设你有一个朋友手头有【可用的】I2P,那么你让这个朋友生成 I2P 的种子文件,并把种子文件发给你;然后你在自己的 I2P
补种界面上,导入这个种子文件,就可以成功补种。
  【生成种子文件】的方法如下:
  进入“I2P 的补种界面”,界面上有一项是【Create
reseed file】。如果 I2P 已经联网,就可以通过这个功能,创建一个种子文件(文件中会包含可用的 I2P 节点的信息)。这个种子文件可以分享给其他
I2P 的使用者。
  【导入种子文件】的方法如下:
  进入“I2P 的补种界面”,界面上有一项是【Reseed from
file】,用来导入种子文件。只要导入的种子文件【足够新鲜】,就可以让无法联网的 I2P
重新联网。

  补充说明:
  种子文件是有【时效性】滴。越久以前创建的种子文件,时效性越差。因为 I2P
网络的节点是在不断变化的——很早以前创建的种子文件,其中包含的节点信息可能已经过时了。一般来说,一两天之内的种子文件,是“新鲜”的;而超过一周的种子文件,就“不新鲜”了。

  第3招:通过
BT sync(Resilio Sync)获得 I2P
的【种子文件】

  如果你既没有其它可用的翻墙工具,也没有其它朋友可以帮你生成种子文件,那么你还有第三个选择——利用俺提供的
BTsync(Resilio Sync)网盘获取种子文件。
  熟悉俺博客的读者应该都知道:俺提供了一个 BTsync
网盘用来分享翻墙工具。该网盘的【同步密钥】如下:

BTLZ4A4UD3PEWKPLLWEOKH3W7OQJKFPLG
  上个月,俺已经在这个网盘上放了 I2P
的最新版本(0.9.31),位于 I2P 目录下。从昨天(10月11日)开始,俺又在上面放了几个“种子文件”(位于 I2P 目录下的 seeds 子目录)。种子文件的“文件名”是俺下载种子文件的
reseed server
的域名;种子文件的“扩展名”是 su3
  在翻墙困难的时期,俺会尽量多更新网盘上的这批种子文件。

  补充说明:
  如果俺从自己的
I2P
界面上创建种子文件,这些种子文件可能会包含一些跟俺本人的网络环境相关的信息。
  所以,【为了保护自己的隐匿性】,俺分享的“种子文件”是从一些【公开的】“补种服务器”下载的。为了确保种子文件的可靠性,俺使用了
I2P 界面【内置的】“补种服务器”(在“I2P 补种界面”上有这些 server 的列表)。

◇经常运行 I2P 和 BTsync

  I2P
和 BT sync(Resilio Sync)都是基于 Kad(Kademlia)技术进行 P2P
联网。它们的客户端会缓存当前联网的节点信息。如果你只是【短暂关闭】它们的客户端,下次运行时,它们的客户端依然可以根据缓存的节点信息,找到互联网上的其它节点,于是就可以正常联网。
  但如果你【长时间没有运行】I2P

BTsync,那么它们客户端缓存的节点信息就过时了(不够新鲜了),于是下次再运行时,客户端就找不到其它节点。这种情况下,就需要【重新补种】!
  那么,怎样才算【长时间不运行】?根据经验,超过一周就算“长时间”。为了保险起见,至少一两天就得运行一次,以便让
I2P 或 BTsync 的客户端更新 P2P 网络的节点信息。如果有条件的话,可以让 I2P 或 BTsync
的客户端一直运行着。

◇电脑上保留一份【本博客的离线浏览】

  多年前,俺就通过
BT sync
网盘分享博客的离线浏览。
  在封锁很严重的时期,如果你手头保留一份【博客的离线浏览】,那么你【无需联网】就可以看俺写的那些【翻墙教程】。
  要获取【本博客的离线浏览】,请使用如下【同步密钥】:
B7P64IMWOCXWEYOXIMBX6HN5MHEULFS4V

★关于【分布式】的重要性

  关于【分布式】的重要性,俺已经唠叨过很多次了,比如这篇:《“对抗专制、捍卫自由”的
N 种技术力量

  这次 GFW 加强封锁,很多翻墙工具失效,而 I2P 和 BTsync 依然可用——再次体现出【彻底无中心的
P2P】是何等重要。而且这2款工具都是基于 Kad 网络,这也说明了——“Kad
网络”是久经考验滴!

  如果你对网络技术比较感兴趣,想知道 Kad 的原理,可以看俺前几周的博文:《聊聊分布式散列表(DHT)的原理——以
Kademlia(Kad) 和 Chord 为例

★翻墙教程汇总

  下面这些教程都在俺博客上(需翻墙)。
  再次唠叨:如果你已经用
BT sync(Resilio Sync)自动同步了【本博客的离线浏览】,无需联网就可以看这些教程。

◇基础教程

如何翻墙(传说中的全方位扫盲教程,定期更新)
获取翻墙软件方法大全(教你在无法翻墙的情况下拿到翻墙软件)
多台电脑如何共享翻墙通道
聊聊
GFW 如何封杀 Resilio Sync(BTSync)?以及如何【免翻墙】继续使用?

扫盲 BT Sync——不仅是同步利器,而且是【分布式】网盘

◇各种翻墙软件使用教程

简单扫盲
I2P 的使用

关于 TOR
的常见问题解答

扫盲
VPN Gate——分布式的 VPN 服务器

新版本无界——赛风3失效后的另一个选择
双管齐下的赛风3
“如何翻墙”系列:TOR
已复活——meek 流量混淆插件的安装、优化、原理

fqrouter——安卓系统翻墙利器(免
ROOT)

自由門——TOR
被封之后的另一个选择

戴“套”翻墻的方法
扫盲 VPN 翻墙——以 Hotspot Shield 为例
原文:https://program-think.blogspot.com/2017/10/gfw-news.html

教程:搬瓦工VPS搭建v2Ray 服务器,配合ShadowRay,v2Ray等客户端翻墙攻略

写在前面,因为小火箭的作者出了ShadowRay这个App,然后我又是个好奇心很强的人,之前的SS,包括现在这个博客站点,也是自己一边Google一边摸索着搭建,所以就Google和琢磨v2Ray这个翻墙方式,然后开始在搬瓦工上面使劲造,各种尝试,失败,尝试,失败之旅,一气之下撂下不干了,太闹心了,但过了一天后平静下心来想,这尼玛太窝囊了!我就不信了,必须得搞会这个东西,从小就是个倔驴没办法,然后就有了这篇文章的诞生,废话不多说,下面列出详细的过程,各位看官不喜勿喷,我是纯技术小白,不懂代码不懂各种学术描述,只有一颗倔强的心,觉得本文有用的,可以转给身边的朋友。

随后我又在另外一台搬瓦工和自用的vultr上尝试搭建,均已成功。搭建以后试用了一天(Mac上和iOS上),不知大是心理作用还是怎么的,速度居然相当快。下面还是说方法

时间线:2017-10-12更新

在VPS上同时搭建好shadowsocks和v2Ray后,可能出现SS可以用,但是v2Ray用不了的情况,我也遇到了,解决方法是需要打开防火墙(ubuntu1.6系统)

操作方法:1.
执行:apt-get install
ufw 回车,等待自动安装

2.
执行: ufw
enable
  回车

(如果出现以下提示

Command
may disrupt existing ssh connections. Proceed with operation (y|n)?
y)

选择 y 回车

3. ufw allow
22
 回车

4. ufw allow
xxx
 (xxx代表你的v2Ray客户端配置的端口)回车

5.
如果VPS上面也搭建Shadowsocks,执行同样的命令,把XX换成shadowsocks的端口,回车。

5. ufw allow
status
 回车,查看防火墙状态,应该都是allow和开通的

这样在同一个VPS上,Shadowsocks和v2Ray都可以翻墙了

我在安卓设备上,使用的是v2RayNG,速度快的起飞    

时间线:2017-10-11更新

1.
搬瓦工使用Centos 7没问题, Vultr且不行,后来换成了 Ubuntu 1.6

2.
记得要把防火墙打开,不然搭建好了也无法链接


准备材料

1. VPS
,知道IP,SSH端口,和root密码,搬瓦工的root密码是每次都要生成,vultr的是固定的

2. https://www.uuidgenerator.net/ 这个网站提前申请一个密码

3. SSH链接工具,用来远程登陆,windows可与用putty,Mac用自带的终端,顺便推一个,在Mac上面喜欢用Windows终端格式的,可以在Mac上下载一个Shuttle

4. 提前在网站上下载好v2Ray客户端(Windows/Mac)https://github.com/v2ray/v2ray-core/releases/tag/v2.40 根据自己的设备选择下载,下载完以后解压出来

以上这些东西准备好以后,可以开工了

服务器配置

首先登陆终端,我用的是Mac,所以在主要讲的是Mac,但是也会有windows的方法,VPS的当然是最适合练手又耐操的搬瓦工主机,系统是 centos
7

输入ssh  -p 端口 root@IP 地址,回车,会提示要输入密码。复制密码,粘贴,回车,就会登陆。注:粘贴密码后不会显示出来,直接回车就可以

登陆成功以后,可以输入相应的指令开始安装服务器了。

一:自动安装脚本支持所有主流系统,只需一行命令即可完成安装过程,复制下列命令,粘贴,回车

bash <(curl -L -s https://install.direct/go.sh)

该脚本会自动安装unzipdeamon,并自动安装以下两个文件:

/usr/bin/v2ray/v2ray:V2Ray
程序;

/etc/v2ray/config.json:配置文件;

脚本安装完成无误后,会提示安装成功,然后进行如下操作(看不懂英文的,出现v2Ray
v.x.x.x is installed表示成功了

二:输入 vi
/etc/v2ray/config.json
指令,回车,进入vi编辑状态,这个时候开始配置服务器

要改的地方就是文字标注的地方,改完记得要记录下来,修改完以后保存退出
(估计对于很多人来说,最难的是在JSON里面的编辑吧,具体的操作快捷键,请点击这里参照里面的介绍,其它的请Google

三:输入 service
v2ray start
  回车,来启动 V2Ray ,会提示启动成功。(之后可以使用 service v2ray
start|stop|status|reload|restart|force-reload
控制 V2Ray
的运行。)到这里,服务器就已经搭建好了

客户端配置

Mac端

先说Mac,打开准备工作中第4步里下载好,并解压出来的客户端文件夹,打开文件夹,里面有个config.json文件,双击打开

打开以后,下面截图里面,汉字标注的地方进行修改,修改完以后保存,如何保存,请搜索vi快捷操作方法,(有功夫的时候我把这里能用到的vi操作方法写一个吧)

保存以后,右击文件夹里面的“v2Ray”,选择用终端打开

然后打开v2ray客户端,填入相应的信息就可以翻墙了(Mac要另外下载好客户端,点这里下载)

Windows端

windows端的话,也是一样,先找到config.json文件,修改IP,端口,密码等信息(必须和第一步中配置好的信息相对应),修改后保存,然后双击打开v2Ray,按照上图的方法填写相应信息,保存就可以

iOS端

iOS端目前用的是小火箭Shadowrocket的作者写的
ShadowRay,目前在测试阶段,我也加入了测试,ShadowRay(Twitter:@ShadowRayApp)购买地址:请点击这里

图1

图2

配置方式的话大同小异,填入IP,端口,密码,加密方式等,和服务器配置里面的相对应就可以了。

以上就是我自己配置成功以后,马上根据记忆和我保存的东西写的一篇步骤,写的很乱也很糙,后续还会修改,一来给各位一个借鉴,二来到时候自己也可以复习,在搭建成功之前,我试过很多次,都败下阵来了,都是因为细节原因和概念错误所以没搞明白,最大的困难我相信大部分都是在输入vi
进入JSON的编辑模式以后不知道怎么编辑,所以特地补了下课,学习如何使用vi这个功能,建议各位,这个环节上不来,信我的没错。但依然跟以前搭建SS一样,因为各种原因出错,好在是没放弃,不断试错+Google+适当的求助=
增加成功概率。

网络上关于此类介绍的文章很多,但是好像都是写给程序员看的,小白看不太懂或者无法全懂,我是一个小白,就按照小白的笨的步骤写的,希望看到的人都能按着步骤搭建成功,也希望各位老司机看后勿喷,多提意见

好吧,暂时就这些了,一切为了世界和平!

原文:http://www.liyonge.com/2017/10/11/v2ray/

『干货福利』手把手教你如何“搭梯子”

中国工信部新禁令,2017 年 1 月 22 日至 2018 年 3 月 31 日将对网络接入服务市场进行 14 个月的清理,大批量 VPN 服务近期将面临整改下架。

如果你想享受一个自由且不受限制的互联网,想使用谷歌学术搜索写论文,想无障碍使用全球顶尖互联网公司的优秀产品与服务,想去 instagramfacebooktwitter 等社交网络追踪自己爱豆的最新动态,该怎么办?
授人以鱼不如授人以渔,跟着本教程,教你如何自己动手搭建一个稳定、高速、流量管够的自用“梯子”。

前期准备:
1、一张 VISA 标志的信用卡,注册 
PayPal 绑定该信用卡,用于支付购买 VPS 费用。
2、大致了解最基础的 SS 知识《
SS指导篇(总结归类)——从无到有,境无止尽!
》最好把文章内容链接多看几遍,不要求熟知,了解大概即可。

搭梯子教程:
一、VPS 购买,SSH 登录服务器 
1、点击
链接注册 http://www.vultr.com/?ref=7122815 (使用此链接你我都将获得额外的10美元优惠),选择适合自己需求的套餐。点击链接图文教程
个人使用建议流量需求不大的朋友,选择最低配 2.5 美元/月,每月 500 G 流量,多余流量可提供给身边的朋友使用。
2、简单学习 Linux 文本編輯器 Vim 
教程
3、创建 VPS 以及进入 SSH 教程(电脑+手机教程
4、登录 VPS 的 SSH 
教程

二、 安装配置 SS 服务
方案二选一:
1⃣『图文详解』
手动搭建SS和锐速 教程作者 @VVFGV
2⃣ 一键搭建脚本 脚本作者 @toyo13140010096
该脚本已开源
『视频教程』ShadowsocksR 服务端安装+客户端使用
新手小白视频教程

启动并永久运行 SS 服务端功能

三、优化 SS 性能
给梯子加速,教程见第二步搭建 SS 服务链接,使用一键搭建脚本可以直接选择安装。笔者 vultr 日本 SS 节点在安装 TCP-BBR 后任意时段看 YouTube 720P 高清视频无压力,但在网络高峰时段看 1080P 超清会稍有卡顿。

四、下载客户端并使用 SS 服务
1⃣ 下载客户端
SSR客户端的Windows 、iOS、Android 
客户端下载
网页右上角 LAYOUTS 里面找到 SSR 客户端下载
SSR
官方客户端下载 (需梯子)
2⃣ 使用 SS 服务
将搭建成功后获得的服务器 IP 地址,远程端口,密码,加密方式,依次填入客户端中。如有生成 SS 二维码可直接扫描添加节点。
参考
教程 文末第 7 部分:配置 Shadowsocks Windows 
客户端

五、享受自由无墙的互联网。
维基百科:
中华人民共和国被封锁网站列表
翻墙后看什么

六、常见错误的解决办法
以上教程包含图文详解、视频教程、一键搭建脚本,了解 SS 基础知识后按照教程上手很简单,但是总会碰到一些错误和问题,这里列出几个错误问题的解决办法,供大家参考。

SS 无法使用后的简单排除方法
SS 端口已被占用的错误解决办法
拨号上网用户无法使用 SS 的解决办法
关于 SS 的小白常见问题总结篇
SS 关闭后浏览器无法上网
QQ
正常的解决办法

原文:https://murongxun.wordpress.com/2017/07/25/第一篇博文/

XX-Net 3.6.8

Fix small bugs:

  • remove WebUI x-tunnel Charge but not buy traffic link
  • fix x-tunnel check_ip bug
  • auto disable dump_cert link if OpenSSL lib not support this api.

Downloads

最新状态:

2017-10-06

  • GAE封锁严重,请更新到3.6.7以上,若无法扫到ip,可以考虑启用ipv6或使用X-tunnel,具体请到Issues区看前面的讨论。
  • X-Tunnel 干扰严重. (使用教程
    X-Tunnel 数据库出问题,部分用户套餐流量丢失,请给xxnet.dev@gmail.com 发邮件。

原文:https://github.com/XX-net/XX-Net/releases/tag/3.6.8

Tor Browser 7.5a5 is released

Tor Browser 7.5a5 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Besides the usual Firefox security and extensions updates this alpha contains a bunch of long-awaited features:

  1. We include Tor 0.3.2.1-alpha, the first alpha release in the 0.3.2 series, with support for next generation onion services and a new circuit scheduler, KIST.
  2. Thanks to the work of Jed Davis we are able to ship a content sandbox for Linux users. While the content sandbox is disabled in Firefox 52 ESR versions, which Tor Browser is based on, backported patches allow us to protect our Linux users with the same mechanisms that are provided to regular Firefox users.
  3. The content sandbox is enabled for Windows users as well. While we still need to clean up our workarounds to get the sandboxing code to work with our mingw-w64 compiler, we think the enabled sandbox is ready for a wider testing in our alpha series. Please give it a try if you can.
  4. Although this change should be invisible to users, we switched our build system from gitian/tor-browser-bundleto rbm/tor-browser-build. The build should continue to be reproducible and if you want to do a build yourself the README file in the tor-browser-build repository has some informations.

Update: Tor Browser 7.5a5 is broken when using the sandboxed-tor-browser version 0.0.13, due to bug 23692. Version 0.0.14 of the sandboxed-tor-browser has been released to fix that issue.

Note: The release date in the changelog displayed after the update is incorrect. The actual release date is September 28.

The full changelog since Tor Browser 7.5a4 is:

  • All Platforms
    • Update Firefox to 52.4.0esr
    • Update Tor to 0.3.2.1-alpha
    • Update Torbutton to 1.9.8.1
      • Bug 20375: Warn users after entering fullscreen mode
      • Bug 22989: Fix dimensions of new windows on macOS
      • Bug 23526: Add 2017 Donation banner text
      • Bug 23483: Donation banner on about:tor for 2017 (testing mode)
      • Translations update
    • Update Tor Launcher to 0.2.13
      • Bug 23240: Retrieve current bootstrap progress before showing progress bar
      • Bug 22232: Add README on use of bootstrap status messages
      • Translations update
    • Update HTTPS-Everywhere to 2017.9.12
    • Update NoScript to 5.0.10
    • Update sandboxed-tor-browser to 0.0.13
    • Bug 23393: Don’t crash all tabs when closing one tab
    • Bug 23166: Add new obfs4 bridge to the built-in ones
    • Bug 23258: Fix broken HTTPS-Everywhere on higher security levels
    • Bug 21270: NoScript settings break WebExtensions add-ons
    • Bug 23104: CSS line-height reveals the platform Tor Browser is running on
  • Windows
    • Bug 16010: Enable content sandboxing on Windows
    • Bug 23582: Enable the Windows DLL blocklist for mingw-w64 builds
    • Bug 23396: Update the msvcr100.dll we ship
    • Bug 23230: Fix build error on Windows 64
  • OS X
    • Bug 23404: Add missing Noto Sans Buginese font to the macOS whitelist
  • Linux
    • Bug 10089: Set middlemouse.contentLoadURL to false by default
    • Bug 22692: Enable content sandboxing on Linux
    • Bug 18101: Suppress upload file dialog proxy bypass (linux part)
  • Build System
    • All Platforms
      • Switch from gitian/tor-browser-bundle to rbm/tor-browser-build

原文:https://blog.torproject.org/tor-browser-75a5-released

Tor Browser 7.0.6 is released

Tor Browser 7.0.6 is now available from the Tor Browser Project page and also from our distribution directory.

[UPDATE: the dist server was temporarily messed up, but it should be better now. Sorry for the troubles!]

This release features important security updates to Firefox.

This release includes security updates for Firefox (52.4.0esr) and a new Tor stable version (0.3.1.7), the first one in the 0.3.1 series. In addition to that we updated the HTTPS Everywhere and NoScript extensions we ship. Moreover, we fixed minor usability issues and a bug which, under particular circumstances, caused all tabs to crash after closing single one.

Note: The release date in the changelog displayed after the update is incorrect. The actual release date is September 28.

The full changelog since Tor Browser 7.0.6 is:

  • All Platforms
    • Update Firefox to 52.4.0esr
    • Update Tor to 0.3.1.7
    • Update Torbutton to 1.9.7.7
      • Bug 22542: Security Settings window too small on macOS 10.12 (fixup)
      • Bug 20375: Warn users after entering fullscreen mode
    • Update HTTPS-Everywhere to 2017.9.12
    • Update NoScript to 5.0.10
    • Bug 21830: Copying large text from web console leaks to /tmp
    • Bug 23393: Don’t crash all tabs when closing one tab
  • OS X
    • Bug 23404: Add missing Noto Sans Buginese font to the macOS whitelist

原文:https://blog.torproject.org/tor-browser-706-released

Tor Messenger 0.5.0b1 is released

Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including XMPP, IRC, Twitter, and others; enables ​Off-the-Record (OTR) Messaging automatically; has an easy-to-use graphical user interface; and a secure automatic updater.

We are pleased to announce another public beta release of Tor Messenger that features important improvements to its stability and security. All users are encouraged to upgrade.

Mozilla ESR52

This release of Tor Messenger is based on Firefox ESR52, specifically tor-browser-52.3.0esr-7.0-1-build1 and THUNDERBIRD_52_3_0_RELEASE on comm-central.

Deterministic Builds

Tor Messenger builds are now reproducible for Windows and macOS as well; earlier, only Linux builds were reproducible (#10942). This means that anyone building Tor Messenger from source should end up with identical byte-for-byte binaries to the ones we release. To get started with building Tor Messenger (something we encourage!), please refer to the instructions in the README.md file. Since this is a fairly involved process, talk to us on IRC or the comments section below if you need help.

XMPP Improvements

This version of Tor Messenger introduces temporary XMPP accounts (a feature inspired by ChatSecure) that creates an XMPP account automatically with a random username and password (#16606). This helps you to quickly set up an account and get a conversation started without requiring you to bother with the registration or account details. These accounts don’t expire automatically but the intent is that you can use them as throwaway accounts and quickly create new ones when required. (Note: Currently, some data remains after deleting an account. See #23675)

Starting with this release, Tor Messenger will attempt to automatically use the onion service for known XMPP servers which helps improve the security of your connection (#13855). The current list includes onion addresses for riseup.net, jabber.ccc.de, jabber.otr.im, and jabber.calyxinstitute.org. We plan to add more servers in the subsequent releases. (Note: Existing accounts remain unchanged. This setting is only applied during new account setup.)

Other Notable Changes

Tor Messenger for Linux is now built with Selfrando for hardened builds (#22229). For more information on Selfrando, please refer to the Q and A with Georg.

This release also fixes the Tor Messenger crash on Windows XP that prevented it from starting (#17469).

Downloads

Please note that Tor Messenger is still in beta. The purpose of this release is to help test the application and provide feedback. At-risk users should not depend on it for their privacy and safety.

Linux (32-bit)

Linux (64-bit)

Windows

macOS

sha256sums-signed-build.txt

sha256sums-signed-build.txt.asc

The sha256sums-signed-build.txt file containing hashes of the bundles is signed with the key 0xB01C8B006DA77FAA(fingerprint: E4AC D397 5427 A5BA 8450 A1BE B01C 8B00 6DA7 7FAA). Please verify the fingerprint from the signing keys page on Tor Project’s website.

Changelog

Tor Messenger 0.5.0b1 — September 28, 2017

  • All Platforms
    • Use the tor-browser-52.3.0esr-7.0-1-build1 tag on tor-browser
    • Use the THUNDERBIRD_52_3_0_RELEASE tag on comm-esr52
    • Update tor-browser to 7.0.5
    • Update tor-launcher to 0.2.12.3
    • Trac 22005: Move to ESR 52
    • Trac 16606: Temporary XMPP accounts
    • Trac 13855: Use known onions for XMPP servers
  • Linux
  • Mac
  • Windows
    • Trac 17469: Tor Messenger is not working on Windows XP
    • Trac 10942: Deterministic builds for Instantbird
       

Tor 0.3.2.1-alpha is released, with support for next-gen onion services and KIST scheduler

And as if all those other releases today were not enough, this is also the time for a new alpha release series!

Tor 0.3.2.1-alpha is the first release in the 0.3.2.x series. It includes support for our next-generation (“v3”) onion service protocol, and adds a new circuit scheduler for more responsive forwarding decisions from relays. There are also numerous other small features and bugfixes here.

You can download the source from the usual place on the website. Binary packages should be available soon, with an alpha Tor Browser likely by the end of the month.

Remember: This is an alpha release, and it’s likely to have more bugs than usual. We hope that people will try it out to find and report bugs, though.

Below are the changes since Tor 0.3.1.7.

Changes In Version 0.3.2.1-Alpha – 2017-09-18

  • Major feature (scheduler, channel):
    • Tor now uses new schedulers to decide which circuits should deliver cells first, in order to improve congestion at relays. The first type is called “KIST” (“Kernel Informed Socket Transport”), and is only available on Linux-like systems: it uses feedback from the kernel to prevent the kernel’s TCP buffers from growing too full. The second new scheduler type is called “KISTLite”: it behaves the same as KIST, but runs on systems without kernel support for inspecting TCP implementation details. The old scheduler is still available, under the name “Vanilla”. To change the default scheduler preference order, use the new “Schedulers” option. (The default preference order is “KIST,KISTLite,Vanilla”.)

      Matt Traudt implemented KIST, based on research by Rob Jansen, John Geddes, Christ Wacek, Micah Sherr, and Paul Syverson. For more information, see the design paper at http://www.robgjansen.com/publications/kist-sec2014.pdf and the followup implementation paper at https://arxiv.org/abs/1709.01044. Closes ticket 12541.

  • Major features (next-generation onion services):
    • Tor now supports the next-generation onion services protocol for clients and services! As part of this release, the core of proposal 224 has been implemented and is available for experimentation and testing by our users. This newer version of onion services (“v3”) features many improvements over the legacy system, including:

      a) Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519)

      b) Improved directory protocol, leaking much less information to directory servers.

      c) Improved directory protocol, with smaller surface for targeted attacks.

      d) Better onion address security against impersonation.

      e) More extensible introduction/rendezvous protocol.

      f) A cleaner and more modular codebase.

      You can identify a next-generation onion address by its length: they are 56 characters long, as in “4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion”.

      In the future, we will release more options and features for v3 onion services, but we first need a testing period, so that the current codebase matures and becomes more robust. Planned features include: offline keys, advanced client authorization, improved guard algorithms, and statistics. For full details, see proposal 224.

      Legacy (“v2”) onion services will still work for the foreseeable future, and will remain the default until this new codebase gets tested and hardened. Service operators who want to experiment with the new system can use the ‘HiddenServiceVersion 3’ torrc directive along with the regular onion service configuration options. We will publish a blog post about this new feature soon! Enjoy!

 

  • Major bugfixes (usability, control port):
    • Report trusted clock skew indications as bootstrap errors, so controllers can more easily alert users when their clocks are wrong. Fixes bug 23506; bugfix on 0.1.2.6-alpha.
  • Minor features (bug detection):
    • Log a warning message with a stack trace for any attempt to call get_options() during option validation. This pattern has caused subtle bugs in the past. Closes ticket 22281.
  • Minor features (client):
    • You can now use Tor as a tunneled HTTP proxy: use the new HTTPTunnelPort option to open a port that accepts HTTP CONNECT requests. Closes ticket 22407.
    • Add an extra check to make sure that we always use the newer guard selection code for picking our guards. Closes ticket 22779.
    • When downloading (micro)descriptors, don’t split the list into multiple requests unless we want at least 32 descriptors. Previously, we split at 4, not 32, which led to significant overhead in HTTP request size and degradation in compression performance. Closes ticket 23220.
  • Minor features (command line):
    • Add a new commandline option, –key-expiration, which prints when the current signing key is going to expire. Implements ticket 17639; patch by Isis Lovecruft.
  • Minor features (control port):
    • If an application tries to use the control port as an HTTP proxy, respond with a meaningful “This is the Tor control port” message, and log the event. Closes ticket 1667. Patch from Ravi Chandra Padmala.
    • Provide better error message for GETINFO desc/(id|name) when not fetching router descriptors. Closes ticket 5847. Patch by Kevin Butler.
    • Add GETINFO “{desc,md}/download-enabled”, to inform the controller whether Tor will try to download router descriptors and microdescriptors respectively. Closes ticket 22684.
    • Added new GETINFO targets “ip-to-country/{ipv4,ipv6}-available”, so controllers can tell whether the geoip databases are loaded. Closes ticket 23237.
    • Adds a timestamp field to the CIRC_BW and STREAM_BW bandwidth events. Closes ticket 19254. Patch by “DonnchaC”.
  • Minor features (development support):
    • Developers can now generate a call-graph for Tor using the “calltool” python program, which post-processes object dumps. It should work okay on many Linux and OSX platforms, and might work elsewhere too. To run it, install calltool from https://gitweb.torproject.org/user/nickm/calltool.git and run “make callgraph”. Closes ticket 19307.
  • Minor features (ed25519):
    • Add validation function to checks for torsion components in ed25519 public keys, used by prop224 client-side code. Closes ticket 22006. Math help by Ian Goldberg.
  • Minor features (exit relay, DNS):
    • Improve the clarity and safety of the log message from evdns when receiving an apparently spoofed DNS reply. Closes ticket 3056.
  • Minor features (integration, hardening):
    • Add a new NoExec option to prevent Tor from running other programs. When this option is set to 1, Tor will never try to run another program, regardless of the settings of PortForwardingHelper, ClientTransportPlugin, or ServerTransportPlugin. Once NoExec is set, it cannot be disabled without restarting Tor. Closes ticket 22976.
  • Minor features (logging):
    • Improve the warning message for specifying a relay by nickname. The previous message implied that nickname registration was still part of the Tor network design, which it isn’t. Closes ticket 20488.
    • If the sandbox filter fails to load, suggest to the user that their kernel might not support seccomp2. Closes ticket 23090.
  • Minor features (portability):
    • Check at configure time whether uint8_t is the same type as unsigned char. Lots of existing code already makes this assumption, and there could be strict aliasing issues if the assumption is violated. Closes ticket 22410.
  • Minor features (relay, configuration):
    • Reject attempts to use relative file paths when RunAsDaemon is set. Previously, Tor would accept these, but the directory- changing step of RunAsDaemon would give strange and/or confusing results. Closes ticket 22731.
  • Minor features (startup, safety):
    • When configured to write a PID file, Tor now exits if it is unable to do so. Previously, it would warn and continue. Closes ticket 20119.
  • Minor features (static analysis):
    • The BUG() macro has been changed slightly so that Coverity no longer complains about dead code if the bug is impossible. Closes ticket 23054.
  • Minor features (testing):
    • The default chutney network tests now include tests for the v3 hidden service design. Make sure you have the latest version of chutney if you want to run these. Closes ticket 22437.
    • Add a unit test to verify that we can parse a hardcoded v2 hidden service descriptor. Closes ticket 15554.
  • Minor bugfixes (certificate handling):
    • Fix a time handling bug in Tor certificates set to expire after the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha. Found by Coverity as CID 1415728.
  • Minor bugfixes (client, usability):
    • Refrain from needlessly rejecting SOCKS5-with-hostnames and SOCKS4a requests that contain IP address strings, even when SafeSocks in enabled, as this prevents user from connecting to known IP addresses without relying on DNS for resolving. SafeSocks still rejects SOCKS connections that connect to IP addresses when those addresses are _not_ encoded as hostnames. Fixes bug 22461; bugfix on Tor 0.2.6.2-alpha.
  • Minor bugfixes (code correctness):
    • Call htons() in extend_cell_format() for encoding a 16-bit value. Previously we used ntohs(), which happens to behave the same on all the platforms we support, but which isn’t really correct. Fixes bug 23106; bugfix on 0.2.4.8-alpha.
    • For defense-in-depth, make the controller’s write_escaped_data() function robust to extremely long inputs. Fixes bug 19281; bugfix on 0.1.1.1-alpha. Reported by Guido Vranken.
  • Minor bugfixes (compilation):
    • Fix unused-variable warnings in donna’s Curve25519 SSE2 code. Fixes bug 22895; bugfix on 0.2.7.2-alpha.
  • Minor bugfixes (consensus expiry):
    • Check for adequate directory information correctly. Previously, Tor would reconsider whether it had sufficient directory information every 2 minutes. Fixes bug 23091; bugfix on 0.2.0.19-alpha.
  • Minor bugfixes (directory protocol):
    • Directory servers now include a “Date:” http header for response codes other than 200. Clients starting with a skewed clock and a recent consensus were getting “304 Not modified” responses from directory authorities, so without the Date header, the client would never hear about a wrong clock. Fixes bug 23499; bugfix on 0.0.8rc1.
    • Make clients wait for 6 seconds before trying to download a consensus from an authority. Fixes bug 17750; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (DoS-resistance):
    • If future code asks if there are any running bridges, without checking if bridges are enabled, log a BUG warning rather than crashing. Fixes bug 23524; bugfix on 0.3.0.1-alpha.
  • Minor bugfixes (format strictness):
    • Restrict several data formats to decimal. Previously, the BuildTimeHistogram entries in the state file, the “bw=” entries in the bandwidth authority file, and the process IDs passed to the __OwningControllerProcess option could all be specified in hex or octal as well as in decimal. This was not an intentional feature. Fixes bug 22802; bugfixes on 0.2.2.1-alpha, 0.2.2.2-alpha, and 0.2.2.28-beta.
  • Minor bugfixes (heartbeat):
    • If we fail to write a heartbeat message, schedule a retry for the minimum heartbeat interval number of seconds in the future. Fixes bug 19476; bugfix on 0.2.3.1-alpha.
  • Minor bugfixes (linux seccomp2 sandbox, logging):
    • Fix some messages on unexpected errors from the seccomp2 library. Fixes bug 22750; bugfix on 0.2.5.1-alpha. Patch from “cypherpunks”.
  • Minor bugfixes (logging):
    • Remove duplicate log messages regarding opening non-local SocksPorts upon parsing config and opening listeners at startup. Fixes bug 4019; bugfix on 0.2.3.3-alpha.
    • Use a more comprehensible log message when telling the user they’ve excluded every running exit node. Fixes bug 7890; bugfix on 0.2.2.25-alpha.
    • When logging the number of descriptors we intend to download per directory request, do not log a number higher than then the number of descriptors we’re fetching in total. Fixes bug 19648; bugfix on 0.1.1.8-alpha.
    • When warning about a directory owned by the wrong user, log the actual name of the user owning the directory. Previously, we’d log the name of the process owner twice. Fixes bug 23487; bugfix on 0.2.9.1-alpha.
    • The tor specification says hop counts are 1-based, so fix two log messages that mistakenly logged 0-based hop counts. Fixes bug 18982; bugfix on 0.2.6.2-alpha and 0.2.4.5-alpha. Patch by teor. Credit to Xiaofan Li for reporting this issue.
  • Minor bugfixes (portability):
    • Stop using the PATH_MAX variable, which is not defined on GNU Hurd. Fixes bug 23098; bugfix on 0.3.1.1-alpha.
  • Minor bugfixes (relay):
    • When uploading our descriptor for the first time after startup, report the reason for uploading as “Tor just started” rather than leaving it blank. Fixes bug 22885; bugfix on 0.2.3.4-alpha.
    • Avoid unnecessary calls to directory_fetches_from_authorities() on relays, to prevent spurious address resolutions and descriptor rebuilds. This is a mitigation for bug 21789. Fixes bug 23470; bugfix on in 0.2.8.1-alpha.
  • Minor bugfixes (tests):
    • Fix a broken unit test for the OutboundAddress option: the parsing function was never returning an error on failure. Fixes bug 23366; bugfix on 0.3.0.3-alpha.
    • Fix a signed-integer overflow in the unit tests for dir/download_status_random_backoff, which was untriggered until we fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (usability, control port):
    • Stop making an unnecessary routerlist check in NETINFO clock skew detection; this was preventing clients from reporting NETINFO clock skew to controllers. Fixes bug 23532; bugfix on 0.2.4.4-alpha.
  • Code simplification and refactoring:
    • Extract the code for handling newly-open channels into a separate function from the general code to handle channel state transitions. This change simplifies our callgraph, reducing the size of the largest strongly connected component by roughly a factor of two. Closes ticket 22608.
    • Remove dead code for largely unused statistics on the number of times we’ve attempted various public key operations. Fixes bug 19871; bugfix on 0.1.2.4-alpha. Fix by Isis Lovecruft.
    • Remove several now-obsolete functions for asking about old variants directory authority status. Closes ticket 22311; patch from “huyvq”.
    • Remove some of the code that once supported “Named” and “Unnamed” routers. Authorities no longer vote for these flags. Closes ticket 22215.
    • Rename the obsolete malleable hybrid_encrypt functions used in TAP and old hidden services, to indicate that they aren’t suitable for new protocols or formats. Closes ticket 23026.
    • Replace our STRUCT_OFFSET() macro with offsetof(). Closes ticket 22521. Patch from Neel Chauhan.
    • Split the enormous circuit_send_next_onion_skin() function into multiple subfunctions. Closes ticket 22804.
    • Split the portions of the buffer.c module that handle particular protocols into separate modules. Part of ticket 23149.
    • Use our test macros more consistently, to produce more useful error messages when our unit tests fail. Add coccinelle patches to allow us to re-check for test macro uses. Closes ticket 22497.
  • Deprecated features:
    • Deprecate HTTPProxy/HTTPProxyAuthenticator config options. They only applies to direct unencrypted HTTP connections to your directory server, which your Tor probably isn’t using. Closes ticket 20575.
  • Documentation:
    • Clarify in the manual that “Sandbox 1” is only supported on Linux kernels. Closes ticket 22677.
    • Document all values of PublishServerDescriptor in the manpage. Closes ticket 15645.
    • Improve the documentation for the directory port part of the DirAuthority line. Closes ticket 20152.
    • Restore documentation for the authorities’ “approved-routers” file. Closes ticket 21148.
  • Removed features:
    • The AllowDotExit option has been removed as unsafe. It has been deprecated since 0.2.9.2-alpha. Closes ticket 23426.
    • The ClientDNSRejectInternalAddresses flag can no longer be set on non-testing networks. It has been deprecated since 0.2.9.2-alpha. Closes ticket 21031.
    • The controller API no longer includes an AUTHDIR_NEWDESCS event: nobody was using it any longer. Closes ticket 22377.

原文:https://blog.torproject.org/tor-0321-alpha-released-support-next-gen-onion-services-and-kist-scheduler

Tor 0.3.1.7 is now released!

There’s a new stable Tor release series available!  After months of work, you can now download the source code for Tor 0.3.1.7 from the usual place on the website. Packages should become available over the coming days, including (we hope) a Tor Browser release before the end of the month.

Tor 0.3.1.7 is the first stable release in the 0.3.1 series.

With the 0.3.1 series, Tor now serves and downloads directory information in more compact formats, to save on bandwidth overhead. It also contains a new padding system to resist netflow-based traffic analysis, and experimental support for building parts of Tor in Rust (though no parts of Tor are in Rust yet). There are also numerous small features, bugfixes on earlier release series, and groundwork for the onion services revamp of 0.3.2.

This release also includes a fix for TROVE-2017-008, a security bug that affects onion services running with the SafeLogging option disabled. For more information, see https://trac.torproject.org/projects/tor/ticket/23490

Per our stable release policy, we plan to support each stable release series for at least the next nine months, or for three months after the first stable release of the next series: whichever is longer. If you need a release with long-term support, we recommend that you stay with the 0.2.9 series.

Below is a list of the changes since 0.3.0. For a list of all changes since 0.3.1.6-rc, see the ChangeLog file.

Changes In Version 0.3.1.7 – 2017-09-18

  • New dependencies:
    • To build with zstd and lzma support, Tor now requires the pkg-config tool at build time.
  • Major bugfixes (security, onion services, loggging):
    • Fix a bug where we could log uninitialized stack when a certain onion service error occurred while SafeLogging was disabled. Fixes bug #23490; bugfix on 0.2.7.2-alpha. This is also tracked as TROVE-2017-008 and CVE-2017-0380.
  • Major features (build system, continuous integration):
    • Tor’s repository now includes a Travis Continuous Integration (CI) configuration file (.travis.yml). This is meant to help new developers and contributors who fork Tor to a Github repository be better able to test their changes, and understand what we expect to pass. To use this new build feature, you must fork Tor to your Github account, then go into the “Integrations” menu in the repository settings for your fork and enable Travis, then push your changes. Closes ticket 22636.
  • Major features (directory protocol):
    • Tor relays and authorities can now serve clients an abbreviated version of the consensus document, containing only the changes since an older consensus document that the client holds. Clients now request these documents when available. When both client and server use this new protocol, they will use far less bandwidth (up to 94% less) to keep the client’s consensus up-to-date. Implements proposal 140; closes ticket 13339. Based on work by Daniel Martí.
    • Tor can now compress directory traffic with lzma or with zstd compression algorithms, which can deliver better bandwidth performance. Because lzma is computationally expensive, it’s only used for documents that can be compressed once and served many times. Support for these algorithms requires that tor is built with the libzstd and/or liblzma libraries available. Implements proposal 278; closes ticket 21662.
    • Relays now perform the more expensive compression operations, and consensus diff generation, in worker threads. This separation avoids delaying the main thread when a new consensus arrives.
  • Major features (experimental):
    • Tor can now build modules written in Rust. To turn this on, pass the “–enable-rust” flag to the configure script. It’s not time to get excited yet: currently, there is no actual Rust functionality beyond some simple glue code, and a notice at startup to tell you that Rust is running. Still, we hope that programmers and packagers will try building Tor with Rust support, so that we can find issues and solve portability problems. Closes ticket 22106.
  • Major features (traffic analysis resistance):
    • Connections between clients and relays now send a padding cell in each direction every 1.5 to 9.5 seconds (tunable via consensus parameters). This padding will not resist specialized eavesdroppers, but it should be enough to make many ISPs’ routine network flow logging less useful in traffic analysis against Tor users.

      Padding is negotiated using Tor’s link protocol, so both relays and clients must upgrade for this to take effect. Clients may still send padding despite the relay’s version by setting ConnectionPadding 1 in torrc, and may disable padding by setting ConnectionPadding 0 in torrc. Padding may be minimized for mobile users with the torrc option ReducedConnectionPadding. Implements Proposal 251 and Section 2 of Proposal 254; closes ticket 16861.

    • Relays will publish 24 hour totals of padding and non-padding cell counts to their extra-info descriptors, unless PaddingStatistics 0 is set in torrc. These 24 hour totals are also rounded to multiples of 10000.
  • Major bugfixes (onion service, relay, security):
    • Fix a remotely triggerable assertion failure when a onion service handles a malformed BEGIN cell. Fixes bug 22493, tracked as TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
    • Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a onion service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
  • Major bugfixes (path selection, security):
    • When choosing which guard to use for a circuit, avoid the exit’s family along with the exit itself. Previously, the new guard selection logic avoided the exit, but did not consider its family. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2017- 006 and CVE-2017-0377.
  • Major bugfixes (connection usage):
    • We use NETINFO cells to try to determine if both relays involved in a connection will agree on the canonical status of that connection. We prefer the connections where this is the case for extend cells, and try to close connections where relays disagree on their canonical status early. Also, we now prefer the oldest valid connection for extend cells. These two changes should reduce the number of long-term connections that are kept open between relays. Fixes bug 17604; bugfix on 0.2.5.5-alpha.
    • Relays now log hourly statistics (look for “channel_check_for_duplicates” lines) on the total number of connections to other relays. If the number of connections per relay is unexpectedly large, this log message is at notice level. Otherwise it is at info.
  • Major bugfixes (entry guards):
    • When starting with an old consensus, do not add new entry guards unless the consensus is “reasonably live” (under 1 day old). Fixes one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
    • Don’t block bootstrapping when a primary bridge is offline and we can’t get its descriptor. Fixes bug 22325; fixes one case of bug 21969; bugfix on 0.3.0.3-alpha.
  • Major bugfixes (linux TPROXY support):
    • Fix a typo that had prevented TPROXY-based transparent proxying from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. Patch from “d4fq0fQAgoJ”.
  • Major bugfixes (openbsd, denial-of-service):
    • Avoid an assertion failure bug affecting our implementation of inet_pton(AF_INET6) on certain OpenBSD systems whose strtol() handling of “0xx” differs from what we had expected. Fixes bug 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
  • Major bugfixes (relay, link handshake):
    • When performing the v3 link handshake on a TLS connection, report that we have the x509 certificate that we actually used on that connection, even if we have changed certificates since that connection was first opened. Previously, we would claim to have used our most recent x509 link certificate, which would sometimes make the link handshake fail. Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha.
  • Major bugfixes (relays, key management):
    • Regenerate link and authentication certificates whenever the key that signs them changes; also, regenerate link certificates whenever the signed key changes. Previously, these processes were only weakly coupled, and we relays could (for minutes to hours) wind up with an inconsistent set of keys and certificates, which other relays would not accept. Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
    • When sending an Ed25519 signing->link certificate in a CERTS cell, send the certificate that matches the x509 certificate that we used on the TLS connection. Previously, there was a race condition if the TLS context rotated after we began the TLS handshake but before we sent the CERTS cell. Fixes a case of bug 22460; bugfix on 0.3.0.1-alpha.
  • Minor features (security, windows):
    • Enable a couple of pieces of Windows hardening: one (HeapEnableTerminationOnCorruption) that has been on-by-default since Windows 8, and unavailable before Windows 7; and one (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn’t affect us, but shouldn’t do any harm. Closes ticket 21953.
  • Minor features (bridge authority):
    • Add “fingerprint” lines to the networkstatus-bridges file produced by bridge authorities. Closes ticket 22207.
  • Minor features (code style):
    • Add “Falls through” comments to our codebase, in order to silence GCC 7’s -Wimplicit-fallthrough warnings. Patch from Andreas Stieger. Closes ticket 22446.
  • Minor features (config options):
    • Allow “%include” directives in torrc configuration files. These directives import the settings from other files, or from all the files in a directory. Closes ticket 1922. Code by Daniel Pinto.
    • Make SAVECONF return an error when overwriting a torrc that has includes. Using SAVECONF with the FORCE option will allow it to overwrite torrc even if includes are used. Related to ticket 1922.
    • Add “GETINFO config-can-saveconf” to tell controllers if SAVECONF will work without the FORCE option. Related to ticket 1922.
  • Minor features (controller):
    • Warn the first time that a controller requests data in the long- deprecated ‘GETINFO network-status’ format. Closes ticket 21703.
  • Minor features (defaults):
    • The default value for UseCreateFast is now 0: clients which haven’t yet received a consensus document will now use a proper ntor handshake to talk to their directory servers whenever they can. Closes ticket 21407.
    • Onion key rotation and expiry intervals are now defined as a network consensus parameter, per proposal 274. The default lifetime of an onion key is increased from 7 to 28 days. Old onion keys will expire after 7 days by default. This change will make consensus diffs much smaller, and save significant bandwidth. Closes ticket 21641.
  • Minor features (defensive programming):
    • Create a pair of consensus parameters, nf_pad_tor2web and nf_pad_single_onion, to disable netflow padding in the consensus for non-anonymous connections in case the overhead is high. Closes ticket 17857.
  • Minor features (diagnostic):
    • Add a stack trace to the bug warnings that can be logged when trying to send an outgoing relay cell with n_chan == 0. Diagnostic attempt for bug 23105.
    • Add logging messages to try to diagnose a rare bug that seems to generate RSA->Ed25519 cross-certificates dated in the 1970s. We think this is happening because of incorrect system clocks, but we’d like to know for certain. Diagnostic for bug 22466.
    • Avoid an assertion failure, and log a better error message, when unable to remove a file from the consensus cache on Windows. Attempts to mitigate and diagnose bug 22752.
  • Minor features (directory authority):
    • Improve the message that authorities report to relays that present RSA/Ed25519 keypairs that conflict with previously pinned keys. Closes ticket 22348.
  • Minor features (directory cache, consensus diff):
    • Add a new MaxConsensusAgeForDiffs option to allow directory cache operators with low-resource environments to adjust the number of consensuses they’ll store and generate diffs from. Most cache operators should leave it unchanged. Helps to work around bug 22883.
  • Minor features (fallback directory list):
    • Update the fallback directory mirror whitelist and blacklist based on operator emails. Closes task 21121.
    • Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in December 2016 (of which ~126 were still functional) with a list of 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May 2017. Resolves ticket 21564.
  • Minor features (geoip):
    • Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2 Country database.
  • Minor features (onion services, logging):
    • Log a message when an onion service descriptor has fewer introduction points than specified in HiddenServiceNumIntroductionPoints. Closes tickets 21598.
    • Log a message when an onion service reaches its introduction point circuit limit, and when that limit is reset. Follow up to ticket 21594; closes ticket 21622.
    • Warn user if multiple entries in EntryNodes and at least one HiddenService are used together. Pinning EntryNodes along with an onion service can be possibly harmful; for instance see ticket 14917 or 21155. Closes ticket 21155.
  • Minor features (linux seccomp2 sandbox):
    • We now have a document storage backend compatible with the Linux seccomp2 sandbox. This backend is used for consensus documents and diffs between them; in the long term, we’d like to use it for unparseable directory material too. Closes ticket 21645
    • Increase the maximum allowed size passed to mprotect(PROT_WRITE) from 1MB to 16MB. This was necessary with the glibc allocator in order to allow worker threads to allocate more memory — which in turn is necessary because of our new use of worker threads for compression. Closes ticket 22096.
  • Minor features (logging):
    • Log files are no longer created world-readable by default. (Previously, most distributors would store the logs in a non- world-readable location to prevent inappropriate access. This change is an extra precaution.) Closes ticket 21729; patch from toralf.
  • Minor features (performance):
    • Our Keccak (SHA-3) implementation now accesses memory more efficiently, especially on little-endian systems. Closes ticket 21737.
    • Add an O(1) implementation of channel_find_by_global_id(), to speed some controller functions.
  • Minor features (relay, configuration):
    • The MyFamily option may now be repeated as many times as desired, for relays that want to configure large families. Closes ticket 4998; patch by Daniel Pinto.
  • Minor features (relay, performance):
    • Always start relays with at least two worker threads, to prevent priority inversion on slow tasks. Part of the fix for bug 22883.
    • Allow background work to be queued with different priorities, so that a big pile of slow low-priority jobs will not starve out higher priority jobs. This lays the groundwork for a fix for bug 22883.
  • Minor features (safety):
    • Add an explicit check to extrainfo_parse_entry_from_string() for NULL inputs. We don’t believe this can actually happen, but it may help silence a warning from the Clang analyzer. Closes ticket 21496.
  • Minor features (testing):
    • Add more tests for compression backend initialization. Closes ticket 22286.
    • Add a “–disable-memory-sentinels” feature to help with fuzzing. When Tor is compiled with this option, we disable a number of redundant memory-safety failsafes that are intended to stop bugs from becoming security issues. This makes it easier to hunt for bugs that would be security issues without the failsafes turned on. Closes ticket 21439.
    • Add a general event-tracing instrumentation support to Tor. This subsystem will enable developers and researchers to add fine- grained instrumentation to their Tor instances, for use when examining Tor network performance issues. There are no trace events yet, and event-tracing is off by default unless enabled at compile time. Implements ticket 13802.
    • Improve our version parsing tests: add tests for typical version components, add tests for invalid versions, including numeric range and non-numeric prefixes. Unit tests 21278, 21450, and 21507. Partially implements 21470.
  • Minor bugfixes (bandwidth accounting):
    • Roll over monthly accounting at the configured hour and minute, rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1. Found by Andrey Karpov with PVS-Studio.
  • Minor bugfixes (code correctness):
    • Accurately identify client connections by their lack of peer authentication. This means that we bail out earlier if asked to extend to a client. Follow-up to 21407. Fixes bug 21406; bugfix on 0.2.4.23.
  • Minor bugfixes (compilation warnings):
    • Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915; bugfix on 0.2.8.1-alpha.
    • Fix warnings when building with libscrypt and openssl scrypt support on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
    • When building with certain versions of the mingw C header files, avoid float-conversion warnings when calling the C functions isfinite(), isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (compilation):
    • Avoid compiler warnings in the unit tests for calling tor_sscanf() with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
  • Minor bugfixes (compression):
    • When spooling compressed data to an output buffer, don’t try to spool more data when there is no more data to spool and we are not trying to flush the input. Previously, we would sometimes launch compression requests with nothing to do, which interferes with our 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha.
  • Minor bugfixes (configuration):
    • Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes bug 22252; bugfix on 0.2.9.3-alpha.
  • Minor bugfixes (connection lifespan):
    • Allow more control over how long TLS connections are kept open: unify CircuitIdleTimeout and PredictedPortsRelevanceTime into a single option called CircuitsAvailableTimeout. Also, allow the consensus to control the default values for both this preference and the lifespan of relay-to-relay connections. Fixes bug 17592; bugfix on 0.2.5.5-alpha.
    • Increase the initial circuit build timeout testing frequency, to help ensure that ReducedConnectionPadding clients finish learning a timeout before their orconn would expire. The initial testing rate was set back in the days of TAP and before the Tor Browser updater, when we had to be much more careful about new clients making lots of circuits. With this change, a circuit build timeout is learned in about 15-20 minutes, instead of 100-120 minutes.
  • Minor bugfixes (controller):
    • Do not crash when receiving a HSPOST command with an empty body. Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
    • Do not crash when receiving a POSTDESCRIPTOR command with an empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
    • GETINFO onions/current and onions/detached no longer respond with 551 on empty lists. Fixes bug 21329; bugfix on 0.2.7.1-alpha.
    • Trigger HS descriptor events on the control port when the client fails to pick an onion service directory for an onion service. This can happen if all the hidden service directories are in ExcludeNodes, or they have all been queried within the last 15 minutes. Fixes bug 22042; bugfix on 0.2.5.2-alpha.
  • Minor bugfixes (correctness):
    • Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
  • Minor bugfixes (coverity build support):
    • Avoid Coverity build warnings related to our BUG() macro. By default, Coverity treats BUG() as the Linux kernel does: an instant abort(). We need to override that so our BUG() macro doesn’t prevent Coverity from analyzing functions that use it. Fixes bug 23030; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (defensive programming):
    • Detect and break out of infinite loops in our compression code. We don’t think that any such loops exist now, but it’s best to be safe. Closes ticket 22672.
    • Fix a memset() off the end of an array when packing cells. This bug should be harmless in practice, since the corrupted bytes are still in the same structure, and are always padding bytes, ignored, or immediately overwritten, depending on compiler behavior. Nevertheless, because the memset()’s purpose is to make sure that any other cell-handling bugs can’t expose bytes to the network, we need to fix it. Fixes bug 22737; bugfix on 0.2.4.11-alpha. Fixes CID 1401591.
  • Minor bugfixes (directory authority):
    • When a directory authority rejects a descriptor or extrainfo with a given digest, mark that digest as undownloadable, so that we do not attempt to download it again over and over. We previously tried to avoid downloading such descriptors by other means, but we didn’t notice if we accidentally downloaded one anyway. This behavior became problematic in 0.2.7.2-alpha, when authorities began pinning Ed25519 keys. Fixes bug 22349; bugfix on 0.2.1.19-alpha.
    • When rejecting a router descriptor for running an obsolete version of Tor without ntor support, warn about the obsolete tor version, not the missing ntor key. Fixes bug 20270; bugfix on 0.2.9.3-alpha.
    • Prevent the shared randomness subsystem from asserting when initialized by a bridge authority with an incomplete configuration file. Fixes bug 21586; bugfix on 0.2.9.8.
  • Minor bugfixes (error reporting, windows):
    • When formatting Windows error messages, use the English format to avoid codepage issues. Fixes bug 22520; bugfix on 0.1.2.8-alpha. Patch from “Vort”.
  • Minor bugfixes (exit-side DNS):
    • Fix an untriggerable assertion that checked the output of a libevent DNS error, so that the assertion actually behaves as expected. Fixes bug 22244; bugfix on 0.2.0.20-rc. Found by Andrey Karpov using PVS-Studio.
  • Minor bugfixes (fallback directories):
    • Make the usage example in updateFallbackDirs.py actually work, and explain what it does. Fixes bug 22270; bugfix on 0.3.0.3-alpha.
    • Decrease the guard flag average required to be a fallback. This allows us to keep relays that have their guard flag removed when they restart. Fixes bug 20913; bugfix on 0.2.8.1-alpha.
    • Decrease the minimum number of fallbacks to 100. Fixes bug 20913; bugfix on 0.2.8.1-alpha.
    • Make sure fallback directory mirrors have the same address, port, and relay identity key for at least 30 days before they are selected. Fixes bug 20913; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (file limits, osx):
    • When setting the maximum number of connections allowed by the OS, always allow some extra file descriptors for other files. Fixes bug 22797; bugfix on 0.2.0.10-alpha.
  • Minor bugfixes (onion services):
    • Increase the number of circuits that a service is allowed to open over a specific period of time. The value was lower than it should be (8 vs 12) in the normal case of 3 introduction points. Fixes bug 22159; bugfix on 0.3.0.5-rc.
    • Fix a BUG warning during HSv3 descriptor decoding that could be cause by a specially crafted descriptor. Fixes bug 23233; bugfix on 0.3.0.1-alpha. Bug found by “haxxpop”.
    • Stop printing a cryptic warning when an onion service gets a request to connect to a virtual port that it hasn’t configured. Fixes bug 16706; bugfix on 0.2.6.3-alpha.
    • Simplify onion service descriptor creation by using an existing flag to check if an introduction point is established. Fixes bug 21599; bugfix on 0.2.7.2-alpha.
  • Minor bugfixes (link handshake):
    • Lower the lifetime of the RSA->Ed25519 cross-certificate to six months, and regenerate it when it is within one month of expiring. Previously, we had generated this certificate at startup with a ten-year lifetime, but that could lead to weird behavior when Tor was started with a grossly inaccurate clock. Mitigates bug 22466; mitigation on 0.3.0.1-alpha.
  • Minor bugfixes (linux seccomp2 sandbox):
    • Avoid a sandbox failure when trying to re-bind to a socket and mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
    • Permit the fchmod system call, to avoid crashing on startup when starting with the seccomp2 sandbox and an unexpected set of permissions on the data directory or its contents. Fixes bug 22516; bugfix on 0.2.5.4-alpha.
  • Minor bugfixes (logging):
    • When decompressing, do not warn if we fail to decompress using a compression method that we merely guessed. Fixes part of bug 22670; bugfix on 0.1.1.14-alpha.
    • When decompressing, treat mismatch between content-encoding and actual compression type as a protocol warning. Fixes part of bug 22670; bugfix on 0.1.1.9-alpha.
    • Downgrade “assigned_to_cpuworker failed” message to info-level severity. In every case that can reach it, either a better warning has already been logged, or no warning is warranted. Fixes bug 22356; bugfix on 0.2.6.3-alpha.
    • Log a better message when a directory authority replies to an upload with an unexpected status code. Fixes bug 11121; bugfix on 0.1.0.1-rc.
    • Downgrade a log statement about unexpected relay cells from “bug” to “protocol warning”, because there is at least one use case where it can be triggered by a buggy tor implementation. Fixes bug 21293; bugfix on 0.1.1.14-alpha.
  • Minor bugfixes (logging, relay):
    • Remove a forgotten debugging message when an introduction point successfully establishes an onion service prop224 circuit with a client.
    • Change three other log_warn() for an introduction point to protocol warnings, because they can be failure from the network and are not relevant to the operator. Fixes bug 23078; bugfix on 0.3.0.1-alpha and 0.3.0.2-alpha.
  • Minor bugfixes (relay):
    • Inform the geoip and rephist modules about all requests, even on relays that are only fetching microdescriptors. Fixes a bug related to 21585; bugfix on 0.3.0.1-alpha.
  • Minor bugfixes (memory leaks):
    • Fix a small memory leak at exit from the backtrace handler code. Fixes bug 21788; bugfix on 0.2.5.2-alpha. Patch from Daniel Pinto.
    • When directory authorities reject a router descriptor due to keypinning, free the router descriptor rather than leaking the memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
    • Fix a small memory leak when validating a configuration that uses two or more AF_UNIX sockets for the same port type. Fixes bug 23053; bugfix on 0.2.6.3-alpha. This is CID 1415725.
  • Minor bugfixes (process behavior):
    • When exiting because of an error, always exit with a nonzero exit status. Previously, we would fail to report an error in our exit status in cases related to __OwningControllerProcess failure, lockfile contention, and Ed25519 key initialization. Fixes bug 22720; bugfix on versions 0.2.1.6-alpha, 0.2.2.28-beta, and 0.2.7.2-alpha respectively. Reported by “f55jwk4f”; patch from “huyvq”.
  • Minor bugfixes (robustness, error handling):
    • Improve our handling of the cases where OpenSSL encounters a memory error while encoding keys and certificates. We haven’t observed these errors in the wild, but if they do happen, we now detect and respond better. Fixes bug 19418; bugfix on all versions of Tor. Reported by Guido Vranken.
  • Minor bugfixes (testing):
    • Fix an undersized buffer in test-memwipe.c. Fixes bug 23291; bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
    • Use unbuffered I/O for utility functions around the process_handle_t type. This fixes unit test failures reported on OpenBSD and FreeBSD. Fixes bug 21654; bugfix on 0.2.3.1-alpha.
    • Make display of captured unit test log messages consistent. Fixes bug 21510; bugfix on 0.2.9.3-alpha.
    • Make test-network.sh always call chutney’s test-network.sh. Previously, this only worked on systems which had bash installed, due to some bash-specific code in the script. Fixes bug 19699; bugfix on 0.3.0.4-rc. Follow-up to ticket 21581.
    • Fix a memory leak in the link-handshake/certs_ok_ed25519 test. Fixes bug 22803; bugfix on 0.3.0.1-alpha.
    • The unit tests now pass on systems where localhost is misconfigured to some IPv4 address other than 127.0.0.1. Fixes bug 6298; bugfix on 0.0.9pre2.
  • Minor bugfixes (voting consistency):
    • Reject version numbers with non-numeric prefixes (such as +, -, or whitespace). Disallowing whitespace prevents differential version parsing between POSIX-based and Windows platforms. Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1.
  • Minor bugfixes (Windows service):
    • When running as a Windows service, set the ID of the main thread correctly. Failure to do so made us fail to send log messages to the controller in 0.2.1.16-rc, slowed down controller event delivery in 0.2.7.3-rc and later, and crash with an assertion failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha. Patch and diagnosis from “Vort”.
  • Minor bugfixes (windows, relay):
    • Resolve “Failure from drain_fd: No error” warnings on Windows relays. Fixes bug 21540; bugfix on 0.2.6.3-alpha.
  • Code simplification and refactoring:
    • Break up the 630-line function connection_dir_client_reached_eof() into a dozen smaller functions. This change should help maintainability and readability of the client directory code.
    • Isolate our use of the openssl headers so that they are only included from our crypto wrapper modules, and from tests that examine those modules’ internals. Closes ticket 21841.
    • Simplify our API to launch directory requests, making it more extensible and less error-prone. Now it’s easier to add extra headers to directory requests. Closes ticket 21646.
    • Our base64 decoding functions no longer overestimate the output space that they need when parsing unpadded inputs. Closes ticket 17868.
    • Remove unused “ROUTER_ADDED_NOTIFY_GENERATOR” internal value. Resolves ticket 22213.
    • The logic that directory caches use to spool request to clients, serving them one part at a time so as not to allocate too much memory, has been refactored for consistency. Previously there was a separate spooling implementation per type of spoolable data. Now there is one common spooling implementation, with extensible data types. Closes ticket 21651.
    • Tor’s compression module now supports multiple backends. Part of the implementation for proposal 278; closes ticket 21663.
  • Documentation:
    • Add a manpage description for the key-pinning-journal file. Closes ticket 22347.
    • Correctly note that bandwidth accounting values are stored in the state file, and the bw_accounting file is now obsolete. Closes ticket 16082.
    • Document more of the files in the Tor data directory, including cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats, approved-routers, sr-random, and diff-cache. Found while fixing ticket 22347.
    • Clarify the manpage for the (deprecated) torify script. Closes ticket 6892.
    • Clarify the behavior of the KeepAliveIsolateSOCKSAuth sub-option. Closes ticket 21873.
    • Correct documentation about the default DataDirectory value. Closes ticket 21151.
    • Document the default behavior of NumEntryGuards and NumDirectoryGuards correctly. Fixes bug 21715; bugfix on 0.3.0.1-alpha.
    • Document key=value pluggable transport arguments for Bridge lines in torrc. Fixes bug 20341; bugfix on 0.2.5.1-alpha.
    • Note that bandwidth-limiting options don’t affect TCP headers or DNS. Closes ticket 17170.
  • Removed features (configuration options, all in ticket 22060):
    • These configuration options are now marked Obsolete, and no longer have any effect: AllowInvalidNodes, AllowSingleHopCircuits, AllowSingleHopExits, ExcludeSingleHopRelays, FastFirstHopPK, TLSECGroup, WarnUnsafeSocks. They were first marked as deprecated in 0.2.9.2-alpha and have now been removed. The previous default behavior is now always chosen; the previous (less secure) non- default behavior is now unavailable.
    • CloseHSClientCircuitsImmediatelyOnTimeout and CloseHSServiceRendCircuitsImmediatelyOnTimeout were deprecated in 0.2.9.2-alpha and now have been removed. HS circuits never close on circuit build timeout; they have a longer timeout period.
    • {Control,DNS,Dir,Socks,Trans,NATD,OR}ListenAddress were deprecated in 0.2.9.2-alpha and now have been removed. Use the ORPort option (and others) to configure listen-only and advertise-only addresses.
  • Removed features (tools):
    • We’ve removed the tor-checkkey tool from src/tools. Long ago, we used it to help people detect RSA keys that were generated by versions of Debian affected by CVE-2008-0166. But those keys have been out of circulation for ages, and this tool is no longer required. Closes ticket 21842.

原文:https://blog.torproject.org/tor-0317-now-released

XX-Net V3.6.5

What is new:

  • Improve x-tunnel performance.

Downloads

模块 GAE_proxy X-Tunnel
稳定性 部分地区扫不到ip 无干扰
速度 流畅 下载快速,偶尔卡顿
安全性 Google可看到通信内容 完全加密
易用 需部署服务端 简单
兼容性 部分网站不支持 无问题
收费 免费 付费


最新状态:

2017-09-30

  • 近期有活动,GAE封锁严重,请更新到3.6.3以上版本,扫描线程不要开太高,慢慢等待扫描ip,个别地区无法扫到ip。
  • X-Tunnel新版3.6.5 稳定流畅,不受GAE封锁影响 (使用教程

原文:https://github.com/XX-net/XX-Net/releases/tag/3.6.5