Abaphuhlisi benethiwekhi yeTor engaziwa bapapashe iziphumo zophicotho lweTor Browser kunye ne-OONI Probe, rdsys, BridgeDB kunye nezixhobo zeConjure eziphuhliswe yiprojekthi, ezisetyenziselwa ukudlula ukulawulwa. Uphicotho lwenziwe yiCure53 ukusuka ngoNovemba 2022 ukuya kuAprili 2023.
Ngethuba lophicotho-zincwadi, ubuthathaka obu-9 bachongwa, ababini kubo bachazwa njengengozi, enye yabelwa inqanaba eliphakathi lengozi, kwaye i-6 yahlelwa njengeengxaki ezinobungozi obuncinane. Kwakhona kwisiseko sekhowudi, iingxaki ezili-10 zafunyanwa eziye zahlelwa njengeziphene ezingahambelani nokhuseleko. Ngokubanzi, ikhowudi yeProjekthi yeTor iqatshelwa ukuthobela iinkqubo ezikhuselekileyo zokucwangcisa.
Umngcipheko wokuqala onobungozi wawukhona kwi-backend ye-rdsys inkqubo esasazwayo, eqinisekisa ukuhanjiswa kwezixhobo ezifana noluhlu lwe-proxy kunye nokukhuphela amakhonkco kubasebenzisi abahloliweyo. Ubuthathaka bubangelwa kukunqongophala kobuqinisekiso xa ufikelela kumphathi wobhaliso kwaye uvumele umhlaseli ukuba abhalise ubutyebi bakhe obukhohlakeleyo ukuze buhanjiswe kubasebenzisi. Umsebenzi ubila phantsi ekuthumeleni isicelo seHTTP kumphathi werdsys.
Umngcipheko wesibini onobungozi ufunyenwe kwi-Tor Browser kwaye yabangelwa ukungabikho kokuqinisekiswa kwesignesha yedijithali xa kufunyanwa kwakhona uluhlu lweendawo zebhulorho nge-rdsys kunye ne-BridgeDB. Ekubeni uluhlu lulayishwe kwisikhangeli kwinqanaba ngaphambi kokuxhuma kwinethiwekhi yeTor engaziwa, ukungabikho kokuqinisekiswa kwesignesha yedijithali ye-cryptographic kuvumela umhlaseli ukuba atshintshe imixholo yoluhlu, umzekelo, ngokunqanda uxhulumaniso okanye ngokugqekeza umncedisi. olusasazwa ngalo uluhlu. Kwimeko yohlaselo oluyimpumelelo, umhlaseli unokulungiselela ukuba abasebenzisi baqhagamshelane ngendawo yabo yebhulorho ephazamisekileyo.
Ubuthathaka obuphakathi bubekhona kwi-rdsys subsystem kwi-script yokusasazwa kwendibano kwaye yavumela umhlaseli ukuba aphakamise amalungelo akhe ukusuka kumsebenzisi ongekho kumsebenzisi we-rdsys, ukuba unofikelelo kumncedisi kunye nokukwazi ukubhala kuluhlu lwexeshana. iifayile. Ukusebenzisa ubuthathaka kubandakanya ukubuyisela ifayile ephunyezwayo ebekwe kwi/tmp directory. Ukufumana amalungelo omsebenzisi we-rdsys kuvumela umhlaseli ukuba enze utshintsho kwiifayile eziphunyeziweyo eziqaliswe nge-rdsys.
Ubuthathaka obuphantsi bubangelwa ikakhulu kusetyenziso lwezixhomekeko eziphelelwe lixesha eziqulathe ukuba semngciphekweni okwaziwayo okanye ukubanakho ukwaliwa kwenkonzo. Ubuthathaka obuncinci kwiSikhangeli seTor kubandakanya ukukwazi ukudlula iJavaScript xa inqanaba lokhuseleko libekwe kwinqanaba eliphezulu, ukungabikho kwezithintelo ekukhutshelweni kweefayile, kunye nokuvuza kolwazi olunokwenzeka ngephepha lasekhaya lomsebenzisi, okuvumela abasebenzisi ukuba balandelelwe phakathi kokuqaliswa kwakhona.
Okwangoku, bonke ubuthathaka bulungisiwe; phakathi kwezinye izinto, ungqinisiso luphunyeziwe kubo bonke abaphathi be-rdsys kunye nokujongwa koluhlu olulayishwe kwiSikhangeli seTor ngokusayinwa kwedijithali yongeziwe.
Ukongeza, sinokuqaphela ukukhutshwa kweTor Browser 13.0.1. Ukukhululwa kulungelelaniswa ne-Firefox 115.4.0 ESR codebase, elungisa ubuthathaka be-19 (i-13 ithathwa njengeyingozi). Ukulungiswa kobuthathaka ukusuka kwiFirefox yesebe 13.0.1 iye yatshintshelwa kwiTor Browser 119 ye-Android.
umthombo: opennet.ru