- tbb-commits - lists.torproject.org

[Git][tpo/applications/mullvad-browser][mullvad-browser-115.4.0esr-13.0-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 06 Nov '23

06 Nov '23

ma1 pushed to branch mullvad-browser-115.4.0esr-13.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 38f96edf by hackademix at 2023-11-06T23:28:52+01:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42154: empty clipboard content from private windows on exit. - - - - - 2 changed files: - browser/app/profile/001-base-profile.js - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -87,6 +87,9 @@ pref("browser.sessionstore.resume_from_crash", false); // Also not needed in PBM at the moment. pref("browser.pagethumbnails.capturing_disabled", true); +// Empty clipboard content from private windows on exit (tor-browser#42154) +pref("browser.privatebrowsing.preserveClipboard", false); + // Enable HTTPS-Only mode (tor-browser#19850) pref("dom.security.https_only_mode", true); // The previous pref automatically sets this to true (see StaticPrefList.yaml), ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -148,6 +148,119 @@ const PRIVATE_BROWSING_EXE_ICON_INDEX = 1; const PREF_PRIVATE_BROWSING_SHORTCUT_CREATED = "browser.privacySegmentation.createdShortcut"; +// Empty clipboard content from private windows on exit +// (tor-browser#42154) +const ClipboardPrivacy = { + _lastClipboardHash: null, + _globalActivation: false, + _isPrivateClipboard: false, + _hasher: null, + + _computeClipboardHash(win = Services.ww.activeWindow) { + const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( + Ci.nsITransferable + ); + trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); + try { + Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); + const clipboardContent = {}; + trans.getAnyTransferData({}, clipboardContent); + const { data } = clipboardContent.value.QueryInterface( + Ci.nsISupportsString + ); + const bytes = new TextEncoder().encode(data); + const hasher = (this._hasher ||= Cc[ + "@mozilla.org/security/hash;1" + ].createInstance(Ci.nsICryptoHash)); + hasher.init(hasher.SHA256); + hasher.update(bytes, bytes.length); + return hasher.finish(true); + } catch (e) {} + return null; + }, + + startup() { + this._lastClipboardHash = this._computeClipboardHash(); + + // Here we track changes in active window / application, + // by filtering focus events and window closures. + const handleActivation = (win, activation) => { + if (activation) { + if (!this._globalActivation) { + // focus changed within this window, bail out. + return; + } + this._globalActivation = false; + } else if (!Services.focus.activeWindow) { + // focus is leaving this window: + // let's track whether it remains within the browser. + lazy.setTimeout(() => { + this._globalActivation = !Services.focus.activeWindow; + }, 100); + } + const clipboardHash = this._computeClipboardHash(win); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + const focusListener = e => + e.isTrusted && handleActivation(e.currentTarget, e.type === "focusin"); + const initWindow = win => { + for (const e of ["focusin", "focusout"]) { + win.addEventListener(e, focusListener); + } + }; + for (const w of Services.ww.getWindowEnumerator()) { + initWindow(w); + } + Services.ww.registerNotification((win, event) => { + switch (event) { + case "domwindowopened": + initWindow(win); + break; + case "domwindowclosed": + handleActivation(win, false); + if ( + this._isPrivateClipboard && + lazy.PrivateBrowsingUtils.isWindowPrivate(win) && + !( + lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + Array.from(Services.ww.getWindowEnumerator()).find(w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) + ) + ) + ) { + // no more private windows, empty private content if needed + this.emptyPrivate(); + } + } + }); + }, + emptyPrivate() { + if ( + this._isPrivateClipboard && + !Services.prefs.getBoolPref( + "browser.privatebrowsing.preserveClipboard", + false + ) && + this._lastClipboardHash === this._computeClipboardHash() + ) { + Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + this._lastClipboardHash = null; + this._isPrivateClipboard = false; + console.log("Private clipboard emptied."); + } + }, +}; + /** * Fission-compatible JSProcess implementations. * Each actor options object takes the form of a ProcessActorOptions dictionary. @@ -1619,6 +1732,8 @@ BrowserGlue.prototype = { lazy.DoHController.init(); + ClipboardPrivacy.startup(); + this._firstWindowTelemetry(aWindow); this._firstWindowLoaded(); @@ -1879,7 +1994,7 @@ BrowserGlue.prototype = { lazy.UpdateListener.reset(); } }, - () => Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard), // tor-browser#42019 + () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/38f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/38f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-115.4.0esr-13.0-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 06 Nov '23

06 Nov '23

ma1 pushed to branch base-browser-115.4.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 5779ddfe by hackademix at 2023-11-06T23:23:03+01:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42154: empty clipboard content from private windows on exit. - - - - - 2 changed files: - browser/app/profile/001-base-profile.js - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -87,6 +87,9 @@ pref("browser.sessionstore.resume_from_crash", false); // Also not needed in PBM at the moment. pref("browser.pagethumbnails.capturing_disabled", true); +// Empty clipboard content from private windows on exit (tor-browser#42154) +pref("browser.privatebrowsing.preserveClipboard", false); + // Enable HTTPS-Only mode (tor-browser#19850) pref("dom.security.https_only_mode", true); // The previous pref automatically sets this to true (see StaticPrefList.yaml), ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -148,6 +148,119 @@ const PRIVATE_BROWSING_EXE_ICON_INDEX = 1; const PREF_PRIVATE_BROWSING_SHORTCUT_CREATED = "browser.privacySegmentation.createdShortcut"; +// Empty clipboard content from private windows on exit +// (tor-browser#42154) +const ClipboardPrivacy = { + _lastClipboardHash: null, + _globalActivation: false, + _isPrivateClipboard: false, + _hasher: null, + + _computeClipboardHash(win = Services.ww.activeWindow) { + const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( + Ci.nsITransferable + ); + trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); + try { + Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); + const clipboardContent = {}; + trans.getAnyTransferData({}, clipboardContent); + const { data } = clipboardContent.value.QueryInterface( + Ci.nsISupportsString + ); + const bytes = new TextEncoder().encode(data); + const hasher = (this._hasher ||= Cc[ + "@mozilla.org/security/hash;1" + ].createInstance(Ci.nsICryptoHash)); + hasher.init(hasher.SHA256); + hasher.update(bytes, bytes.length); + return hasher.finish(true); + } catch (e) {} + return null; + }, + + startup() { + this._lastClipboardHash = this._computeClipboardHash(); + + // Here we track changes in active window / application, + // by filtering focus events and window closures. + const handleActivation = (win, activation) => { + if (activation) { + if (!this._globalActivation) { + // focus changed within this window, bail out. + return; + } + this._globalActivation = false; + } else if (!Services.focus.activeWindow) { + // focus is leaving this window: + // let's track whether it remains within the browser. + lazy.setTimeout(() => { + this._globalActivation = !Services.focus.activeWindow; + }, 100); + } + const clipboardHash = this._computeClipboardHash(win); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + const focusListener = e => + e.isTrusted && handleActivation(e.currentTarget, e.type === "focusin"); + const initWindow = win => { + for (const e of ["focusin", "focusout"]) { + win.addEventListener(e, focusListener); + } + }; + for (const w of Services.ww.getWindowEnumerator()) { + initWindow(w); + } + Services.ww.registerNotification((win, event) => { + switch (event) { + case "domwindowopened": + initWindow(win); + break; + case "domwindowclosed": + handleActivation(win, false); + if ( + this._isPrivateClipboard && + lazy.PrivateBrowsingUtils.isWindowPrivate(win) && + !( + lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + Array.from(Services.ww.getWindowEnumerator()).find(w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) + ) + ) + ) { + // no more private windows, empty private content if needed + this.emptyPrivate(); + } + } + }); + }, + emptyPrivate() { + if ( + this._isPrivateClipboard && + !Services.prefs.getBoolPref( + "browser.privatebrowsing.preserveClipboard", + false + ) && + this._lastClipboardHash === this._computeClipboardHash() + ) { + Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + this._lastClipboardHash = null; + this._isPrivateClipboard = false; + console.log("Private clipboard emptied."); + } + }, +}; + /** * Fission-compatible JSProcess implementations. * Each actor options object takes the form of a ProcessActorOptions dictionary. @@ -1652,6 +1765,8 @@ BrowserGlue.prototype = { lazy.DoHController.init(); + ClipboardPrivacy.startup(); + this._firstWindowTelemetry(aWindow); this._firstWindowLoaded(); @@ -1912,7 +2027,7 @@ BrowserGlue.prototype = { lazy.UpdateListener.reset(); } }, - () => Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard), // tor-browser#42019 + () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5779ddf… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5779ddf… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.0-1] fixup! Bug 42019: Empty browser's clipboard on browser shutdown
by ma1 (＠ma1) 06 Nov '23

06 Nov '23

ma1 pushed to branch tor-browser-115.4.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 2b8d06d6 by hackademix at 2023-11-06T23:14:33+01:00 fixup! Bug 42019: Empty browser's clipboard on browser shutdown Bug 42154: empty clipboard content from private windows on exit. - - - - - 2 changed files: - browser/app/profile/001-base-profile.js - browser/components/BrowserGlue.sys.mjs Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -87,6 +87,9 @@ pref("browser.sessionstore.resume_from_crash", false); // Also not needed in PBM at the moment. pref("browser.pagethumbnails.capturing_disabled", true); +// Empty clipboard content from private windows on exit (tor-browser#42154) +pref("browser.privatebrowsing.preserveClipboard", false); + // Enable HTTPS-Only mode (tor-browser#19850) pref("dom.security.https_only_mode", true); // The previous pref automatically sets this to true (see StaticPrefList.yaml), ===================================== browser/components/BrowserGlue.sys.mjs ===================================== @@ -150,6 +150,119 @@ const PRIVATE_BROWSING_EXE_ICON_INDEX = 1; const PREF_PRIVATE_BROWSING_SHORTCUT_CREATED = "browser.privacySegmentation.createdShortcut"; +// Empty clipboard content from private windows on exit +// (tor-browser#42154) +const ClipboardPrivacy = { + _lastClipboardHash: null, + _globalActivation: false, + _isPrivateClipboard: false, + _hasher: null, + + _computeClipboardHash(win = Services.ww.activeWindow) { + const trans = Cc["@mozilla.org/widget/transferable;1"].createInstance( + Ci.nsITransferable + ); + trans.init(win?.docShell?.QueryInterface(Ci.nsILoadContext) || null); + ["text/x-moz-url", "text/plain"].forEach(trans.addDataFlavor); + try { + Services.clipboard.getData(trans, Ci.nsIClipboard.kGlobalClipboard); + const clipboardContent = {}; + trans.getAnyTransferData({}, clipboardContent); + const { data } = clipboardContent.value.QueryInterface( + Ci.nsISupportsString + ); + const bytes = new TextEncoder().encode(data); + const hasher = (this._hasher ||= Cc[ + "@mozilla.org/security/hash;1" + ].createInstance(Ci.nsICryptoHash)); + hasher.init(hasher.SHA256); + hasher.update(bytes, bytes.length); + return hasher.finish(true); + } catch (e) {} + return null; + }, + + startup() { + this._lastClipboardHash = this._computeClipboardHash(); + + // Here we track changes in active window / application, + // by filtering focus events and window closures. + const handleActivation = (win, activation) => { + if (activation) { + if (!this._globalActivation) { + // focus changed within this window, bail out. + return; + } + this._globalActivation = false; + } else if (!Services.focus.activeWindow) { + // focus is leaving this window: + // let's track whether it remains within the browser. + lazy.setTimeout(() => { + this._globalActivation = !Services.focus.activeWindow; + }, 100); + } + const clipboardHash = this._computeClipboardHash(win); + if (clipboardHash !== this._lastClipboardHash) { + this._isPrivateClipboard = + !activation && + (lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + lazy.PrivateBrowsingUtils.isWindowPrivate(win)); + this._lastClipboardHash = clipboardHash; + console.log( + `Clipboard changed: private ${this._isPrivateClipboard}, hash ${clipboardHash}.` + ); + } + }; + const focusListener = e => + e.isTrusted && handleActivation(e.currentTarget, e.type === "focusin"); + const initWindow = win => { + for (const e of ["focusin", "focusout"]) { + win.addEventListener(e, focusListener); + } + }; + for (const w of Services.ww.getWindowEnumerator()) { + initWindow(w); + } + Services.ww.registerNotification((win, event) => { + switch (event) { + case "domwindowopened": + initWindow(win); + break; + case "domwindowclosed": + handleActivation(win, false); + if ( + this._isPrivateClipboard && + lazy.PrivateBrowsingUtils.isWindowPrivate(win) && + !( + lazy.PrivateBrowsingUtils.permanentPrivateBrowsing || + Array.from(Services.ww.getWindowEnumerator()).find(w => + lazy.PrivateBrowsingUtils.isWindowPrivate(w) + ) + ) + ) { + // no more private windows, empty private content if needed + this.emptyPrivate(); + } + } + }); + }, + emptyPrivate() { + if ( + this._isPrivateClipboard && + !Services.prefs.getBoolPref( + "browser.privatebrowsing.preserveClipboard", + false + ) && + this._lastClipboardHash === this._computeClipboardHash() + ) { + Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard); + this._lastClipboardHash = null; + this._isPrivateClipboard = false; + console.log("Private clipboard emptied."); + } + }, +}; + /** * Fission-compatible JSProcess implementations. * Each actor options object takes the form of a ProcessActorOptions dictionary. @@ -1753,6 +1866,8 @@ BrowserGlue.prototype = { lazy.TorProviderBuilder.firstWindowLoaded(); + ClipboardPrivacy.startup(); + this._firstWindowTelemetry(aWindow); this._firstWindowLoaded(); @@ -2013,8 +2128,8 @@ BrowserGlue.prototype = { lazy.UpdateListener.reset(); } }, - () => Services.clipboard.emptyClipboard(Ci.nsIClipboard.kGlobalClipboard), // tor-browser#42019 () => lazy.OnionAliasStore.uninit(), + () => ClipboardPrivacy.emptyPrivate(), // tor-browser#42019 ]; for (let task of tasks) { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/2b8d06d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/2b8d06d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.5-1] fixup! Bug 23247: Communicating security expectations for .onion
by ma1 (＠ma1) 06 Nov '23

06 Nov '23

ma1 pushed to branch tor-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 8627f8e1 by cypherpunks1 at 2023-11-06T21:22:17+00:00 fixup! Bug 23247: Communicating security expectations for .onion Bug 42231: Improve the network monitor patch for http onion resources - - - - - 2 changed files: - devtools/client/netmonitor/src/components/SecurityState.js - devtools/shared/network-observer/NetworkHelper.sys.mjs Changes: ===================================== devtools/client/netmonitor/src/components/SecurityState.js ===================================== @@ -41,7 +41,7 @@ class SecurityState extends Component { const { securityState, - urlDetails: { isLocal }, + urlDetails: { host, isLocal }, } = item; const iconClassList = ["requests-security-state-icon"]; @@ -50,7 +50,11 @@ class SecurityState extends Component { // Locally delivered files such as http://localhost and file:// paths // are considered to have been delivered securely. - if (isLocal) { + if ( + isLocal || + (host?.endsWith(".onion") && + Services.prefs.getBoolPref("dom.securecontext.allowlist_onions", false)) + ) { realSecurityState = "secure"; } ===================================== devtools/shared/network-observer/NetworkHelper.sys.mjs ===================================== @@ -596,9 +596,6 @@ export var NetworkHelper = { // The request did not contain any security info. if (!securityInfo) { - if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) { - info.state = "secure"; - } return info; } @@ -650,11 +647,7 @@ export var NetworkHelper = { // schemes other than https and wss are subject to // downgrade/etc at the scheme level and should always be // considered insecure - if (httpActivity.hostname && httpActivity.hostname.endsWith(".onion")) { - info.state = "secure"; - } else { - info.state = "insecure"; - } + info.state = "insecure"; } else if (state & wpl.STATE_IS_SECURE) { // The connection is secure if the scheme is sufficient info.state = "secure"; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8627f8e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8627f8e… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] 10 commits: Bug 40934: Remove $bundle_locales from signing scripts
by richard (＠richard) 06 Nov '23

06 Nov '23

richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 5dc73a09 by Nicolas Vigier at 2023-11-06T17:14:04+00:00 Bug 40934: Remove $bundle_locales from signing scripts IN macos-signer-* we don't remove the loop, since those scripts are going away soon. - - - - - 99ac1364 by Nicolas Vigier at 2023-11-06T17:14:04+00:00 Bug 29815: Add rcodesign build - - - - - 3e924790 by Nicolas Vigier at 2023-11-06T17:14:04+00:00 Bug 29815: Set up signing machines for rcodesign - - - - - b696b79e by Nicolas Vigier at 2023-11-06T17:14:04+00:00 Bug 29815: Update signing scripts for rcodesign - - - - - d9e3782e by Nicolas Vigier at 2023-11-06T17:14:04+00:00 Bug 40982: Fix logging in tools/signing/do-all-signing - - - - - c46f3c86 by Nicolas Vigier at 2023-11-06T17:14:04+00:00 Bug 29815: Update macos signing entitlements files Taken from Firefox tree in security/mac/hardenedruntime/production.entitlements.xml in esr115 branch. - - - - - eb210afc by Nicolas Vigier at 2023-11-06T17:14:04+00:00 Bug 29815: Update issue templates for macos signing changes - - - - - 79cbf73c by Richard Pospesel at 2023-11-06T17:14:04+00:00 Bug 41005: Unpack macOS bundle to /var/tmp instead of /tmp in rcodesign-notary-submit step - - - - - f0a129ea by Richard Pospesel at 2023-11-06T17:14:04+00:00 Bug 41006: Fix typo in finished-signing-clean-linux signer - - - - - 954d5aac by Richard Pospesel at 2023-11-06T17:14:04+00:00 Bug 41007: gatekeeper-bundling.sh refers to old .tar.gz archive - - - - - 30 changed files: - .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md - .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md - .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md - .gitlab/issue_templates/Release Prep - Tor Browser Stable.md - Makefile - + projects/rcodesign/build - + projects/rcodesign/config - tools/.gitignore - tools/signing/alpha.entitlements.xml - tools/signing/dmg2mar - tools/signing/do-all-signing - tools/signing/finished-signing-clean-linux-signer - tools/signing/gatekeeper-bundling.sh - + tools/signing/linux-signer-rcodesign-sign - + tools/signing/linux-signer-rcodesign-sign.mullvadbrowser - + tools/signing/linux-signer-rcodesign-sign.torbrowser - tools/signing/machines-setup/setup-signing-machine - + tools/signing/machines-setup/sudoers.d/sign-rcodesign - tools/signing/machines-setup/upload-tbb-to-signing-machine - tools/signing/macos-signer-gatekeeper-signing - tools/signing/macos-signer-notarization - tools/signing/macos-signer-stapler - + tools/signing/rcodesign-notary-submit - tools/signing/release.entitlements.xml - tools/signing/set-config - + tools/signing/set-config.rcodesign - + tools/signing/set-config.rcodesign-appstoreconnect - + tools/signing/setup-rcodesign - + tools/signing/sync-linux-signer-macos-signed-tar-to-local - + tools/signing/sync-linux-signer-macos-signed-tar-to-local.mullvadbrowser The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-13.0.3-build1
by richard (＠richard) 06 Nov '23

06 Nov '23

richard pushed new tag tbb-13.0.3-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 41008: Prepare Tor Browser 13.0.3
by richard (＠richard) 06 Nov '23

06 Nov '23

richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: 1fec4c32 by Richard Pospesel at 2023-11-06T17:12:13+00:00 Bug 41008: Prepare Tor Browser 13.0.3 - - - - - 6 changed files: - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/allowed_addons.json - projects/firefox-android/config - projects/geckoview/config - projects/manual/config - rbm.conf Changes: ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,43 @@ +Tor Browser 13.0.3 - November 06 2023 + * Android + * Bug 42222: Fix TorDomainIsolator initialization on Android [tor-browser] + +Tor Browser 13.5a1 - November 01 2023 + * All Platforms + * Updated OpenSSL to 3.0.12 + * Updated NoScript to 11.4.28 + * Bug 42191: Backport security fixes (Android & wontfix) from Firefox 119 to 115.4 - based Tor Browser [tor-browser] + * Bug 42204: Drop unused aboutTor.dtd [tor-browser] + * Bug 40975: libstdc++.so.6 is included twice in tor-browser [tor-browser-build] + * Windows + macOS + Linux + * Updated Firefox to 115.4.0esr + * Bug 41341: Fix style and position of "Always Prioritize Onions" wingpanel [tor-browser] + * Bug 42108: Tor Circuit button not shown if TLS handshake fails [tor-browser] + * Bug 42182: Default Search Engine Does Not Persist Through Shift to New Identity [tor-browser] + * Bug 42184: Setting "Homepage and new windows" ignores "Blank Page" value [tor-browser] + * Windows + macOS + * Bug 42154: Empty the clipboard on browser shutdown only if content comes from private browsing windows [tor-browser] + * Android + * Updated GeckoView to 115.4.0esr + * Bug 42201: Make the script sign all the channels for local builds [tor-browser] + * Bug 42222: Fix TorDomainIsolator initialization on Android [tor-browser] + * Build System + * All Platforms + * Update Go to 1.21.3 + * Bug 40852: Reproducible build of the the lox client library to wasm [tor-browser-build] + * Bug 40934: Remove $bundle_locales from signing scripts now that we're on ALL for everything [tor-browser-build] + * Bug 40976: Update download-unsigned-sha256sums-gpg-signatures-from-people-tpo to fetch from tb-build-02 and tb-build-03 [tor-browser-build] + * Bug 40982: Fix logging in tools/signing/do-all-signing [tor-browser-build] + * Bug 40983: Bump the various branches to 13.5 on main [tor-browser-build] + * Bug 40989: Add .nobackup files to reproducible and disposable directores [tor-browser-build] + * Bug 40062: Copy input directories to containers recursively [rbm] + * Windows + * Bug 40984: The PDBs for .exe are not included [tor-browser-build] + * macOS + * Bug 29815: Sign our macOS bundles on Linux [tor-browser-build] + * Linux + * Bug 40979: Add redirects from old Linux bundle filename to the new one [tor-browser-build] + Tor Browser 13.0.2 - October 26 2023 * Android * Bump firefox-android commit to generate new version code to allow uploading to Google Play (see tor-browser-build#40992) ===================================== projects/browser/allowed_addons.json ===================================== @@ -17,7 +17,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/34/9734/13299734/13299734.pn…" } ], - "average_daily_users": 1045779, + "average_daily_users": 1047950, "categories": { "android": [ "experimental", @@ -221,10 +221,10 @@ "category": "recommended" }, "ratings": { - "average": 4.556, - "bayesian_average": 4.554850109055476, - "count": 5200, - "text_count": 1632 + "average": 4.5563, + "bayesian_average": 4.555166332139257, + "count": 5222, + "text_count": 1636 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/reviews/", "requires_payment": false, @@ -321,7 +321,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/versions/", - "weekly_downloads": 30788 + "weekly_downloads": 32054 }, "notes": null }, @@ -337,7 +337,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/56/7656/6937656/6937656.png?…" } ], - "average_daily_users": 260965, + "average_daily_users": 258996, "categories": { "android": [ "security-privacy" @@ -553,10 +553,10 @@ "category": "recommended" }, "ratings": { - "average": 4.8133, - "bayesian_average": 4.80862905917694, - "count": 1366, - "text_count": 241 + "average": 4.8121, + "bayesian_average": 4.80748856406892, + "count": 1368, + "text_count": 242 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/reviews/", "requires_payment": false, @@ -641,7 +641,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/versions/", - "weekly_downloads": 4245 + "weekly_downloads": 3695 }, "notes": null }, @@ -657,7 +657,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/73/4073/5474073/5474073.png?…" } ], - "average_daily_users": 1155791, + "average_daily_users": 1161828, "categories": { "android": [ "security-privacy" @@ -669,18 +669,18 @@ "contributions_url": "https://paypal.me/SupportEFF?utm_content=product-page-contribute&utm_medium…", "created": "2014-05-01T18:23:16Z", "current_version": { - "id": 5622730, + "id": 5644330, "compatibility": { "firefox": { - "min": "60.0", + "min": "78.0", "max": "*" }, "android": { - "min": "60.0", + "min": "113.0", "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/privacy-badger17/versions…", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/privacy-badger17/versions…", "is_strict_compatibility_enabled": false, "license": { "id": 6, @@ -691,22 +691,22 @@ "url": "http://www.gnu.org/licenses/gpl-3.0.html" }, "release_notes": { - "en-US": "<ul><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/07ac27a67ad814cdf74ed5…" rel=\"nofollow\">Improved link tracking protection</a> (\"link unwrapping\") on Google sites. With this update Privacy Badger removes tracking from links in Google Docs, Gmail, Google Maps, and Google Images results. Privacy Badger now also removes tracking from links added after scrolling through Google Search results.</li><li>Fixed various site breakages</li><li>Added Malay and restored Serbian translations</li><li>Improved Traditional Chinese translations</li></ul>" + "en-US": "<ul><li>Added widget replacement for embedded Tweets. Privacy Badger replaces potentially useful widgets with placeholders. These replacements protect privacy while letting you restore the original widget whenever you want it or need it for the page to function.</li><li>Fixed various site breakages</li><li>Improved Brazilian Portuguese and Swedish translations</li></ul>" }, - "reviewed": "2023-09-15T11:48:09Z", - "version": "2023.9.12", + "reviewed": "2023-11-02T08:16:06Z", + "version": "2023.10.31", "files": [ { - "id": 4167070, - "created": "2023-09-12T19:42:38Z", - "hash": "sha256:eae97d9d3df3350476901ca412505cb4a43d0e7fa79bd9516584935158f82095", + "id": 4188670, + "created": "2023-10-31T21:43:07Z", + "hash": "sha256:37e96cbd257b73d7350605ed20494a82b578f25a2cefc3de2dab019e5ff6ced1", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 1986265, + "size": 1882955, "status": "public", - "url": "https://addons.mozilla.org/firefox/downloads/file/4167070/privacy_badger17-…", + "url": "https://addons.mozilla.org/firefox/downloads/file/4188670/privacy_badger17-…", "permissions": [ "alarms", "tabs", @@ -1135,7 +1135,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-09-15T11:48:09Z", + "last_updated": "2023-11-02T08:16:06Z", "name": { "en-US": "Privacy Badger" }, @@ -1181,10 +1181,10 @@ "category": "recommended" }, "ratings": { - "average": 4.7969, - "bayesian_average": 4.794146592865077, - "count": 2309, - "text_count": 440 + "average": 4.794, + "bayesian_average": 4.791288988997076, + "count": 2320, + "text_count": 441 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/reviews/", "requires_payment": false, @@ -1208,7 +1208,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/versions/", - "weekly_downloads": 27720 + "weekly_downloads": 24811 }, "notes": null }, @@ -1224,7 +1224,7 @@ "picture_url": null } ], - "average_daily_users": 6840315, + "average_daily_users": 6892995, "categories": { "android": [ "security-privacy" @@ -1236,18 +1236,18 @@ "contributions_url": "", "created": "2015-04-25T07:26:22Z", "current_version": { - "id": 5626680, + "id": 5644148, "compatibility": { "firefox": { "min": "78.0", "max": "*" }, "android": { - "min": "79.0", + "min": "113.0", "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/ublock-origin/versions/56…", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/ublock-origin/versions/56…", "is_strict_compatibility_enabled": false, "license": { "id": 6, @@ -1258,22 +1258,22 @@ "url": "http://www.gnu.org/licenses/gpl-3.0.html" }, "release_notes": { - "en-US": "See complete release notes for <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/e38b38b24e46f55b7c57f8…" rel=\"nofollow\">1.52.2</a>.\n\nFixes / changes\n\n<ul><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/c8600567c8c689e1622572…" rel=\"nofollow\">Fix XHR hook partial response handling</a> (fix by @ephemeralViolette)</li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/086a07ab99860699ff92c9…" rel=\"nofollow\">Fix regression in <code>:is()</code> operator</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/70ff1de4e99376d9ec6147…" rel=\"nofollow\">Do not assume set viewport for popup panel when using portrait mode in descktop</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/bbe0786f040f57b52d6ee7…" rel=\"nofollow\">Fix removal of <code>:scope</code> prefix in <code>:has()</code> operator</a></li></ul>\n<a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/3851922ac2114338a1a10a…" rel=\"nofollow\">Commits history since last version</a>." + "en-US": "See complete release notes for <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/8e97e4fad4a9080cacd692…" rel=\"nofollow\">1.53.0</a>.\n\nFixes / changes\n\n<ul><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/04dc7add7ba2b97b2c9b89…" rel=\"nofollow\">Improve google-ima shim script</a> (by @kzar)</li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/b4a71c78d84ca82dd6abd1…" rel=\"nofollow\">Match <code>type</code> exactly in <code>prevent-addEventListener</code> scriptlet</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/ff70ef00dfe5f67a6928e7…" rel=\"nofollow\">Add filtering expressions for logger output</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/02bf9ee4e085caa28d989f…" rel=\"nofollow\">Add warning against adding custom filters from untrusted sources</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/6c4da5a1939b3db01c9ee3…" rel=\"nofollow\">Consider My filters an untrusted source by default</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/ca1700dc2ee0250b8cf6d8…" rel=\"nofollow\">Add <code>trusted-prune-inbound-object</code> scriptlet</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/ba6f6721dda39f05a31f17…" rel=\"nofollow\">Add <code>dontOverwrite</code> vararg to <code>(trusted-)set-cookie</code> scriptlets</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/35c49cd46c6ee8f6de39a9…" rel=\"nofollow\">Add \"on\" and \"off\" values to set-cookie</a> (by @peace2000)</li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/4927397ea80a4a61cc940c…" rel=\"nofollow\">Fine tune <code>set-local-storage-item</code> as per feedback</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/7fa8961d810dcba3ee585c…" rel=\"nofollow\">Support AdGuard's <code>[trusted-]set-cookie-reload</code> scriptlets</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/349cef9dc278896ca7daa7…" rel=\"nofollow\">Ignore assets older than cached version when fetching from CDNs</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/b0dea07b330af0f97e32e2…" rel=\"nofollow\">Support quoting scriptlet parameters with backticks</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/5d764bfef4a34dddcc078f…" rel=\"nofollow\">Add new static network filter option: <code>urltransform</code></a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/5169835229aef5279e13d7…" rel=\"nofollow\">Support pane: mark lists as obsolete only when update button is clicked</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/3f93ea8084165631352752…" rel=\"nofollow\">Bring <code>header=</code> filter option out of experimental status</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/6f0c547fbe7e39c23f4e0d…" rel=\"nofollow\">Add <code>trusted-click-element</code> scriptlet</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/396bbf79d31a089d9396f0…" rel=\"nofollow\">Add ability to update lists through links with specifically crafted URLs</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/da3831d0dd386383b7c063…" rel=\"nofollow\">Fix overzealous matching in <code>(remove|replace)-node-text</code> scriptlets</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/106e2566988d1f7f89ef4a…" rel=\"nofollow\">Fix <code>no-xhr-if</code> scriptlet for Firefox</a></li><li>[More ...]\n\n<a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/d8295679b79e096909c47f…" rel=\"nofollow\">Commits history since last version</a>.</li></ul>" }, - "reviewed": "2023-09-25T15:47:17Z", - "version": "1.52.2", + "reviewed": "2023-11-02T12:31:33Z", + "version": "1.53.0", "files": [ { - "id": 4171020, - "created": "2023-09-21T17:09:35Z", - "hash": "sha256:e8ee3f9d597a6d42db9d73fe87c1d521de340755fd8bfdd69e41623edfe096d6", + "id": 4188488, + "created": "2023-10-31T12:35:52Z", + "hash": "sha256:5403474101f753b5d38c09135e40d82a115afcd01310d78133a4af363462194b", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 3578876, + "size": 3593021, "status": "public", - "url": "https://addons.mozilla.org/firefox/downloads/file/4171020/ublock_origin-1.5…", + "url": "https://addons.mozilla.org/firefox/downloads/file/4188488/ublock_origin-1.5…", "permissions": [ "dns", "menus", @@ -1294,7 +1294,10 @@ "https://forums.lanik.us/*", "https://github.com/*", "https://*.github.io/*", - "https://*.letsblock.it/*" + "https://*.letsblock.it/*", + "https://github.com/uBlockOrigin/*", + "https://ublockorigin.github.io/*", + "https://*.reddit.com/r/uBlockOrigin/*" ], "optional_permissions": [], "host_permissions": [] @@ -1309,7 +1312,7 @@ "ca": "Un bloquejador eficient: el consum de memòria i de processador és baix però, no obstant això, pot carregar i aplicar milers de filtres més que altres bloquejadors coneguts.\n\nGràfic de l'eficiència: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/407a22e7e017297705e927…" rel=\"nofollow\">https://github.com/gorhill/uBlock/wiki/uBlock-vs.-ABP:-efficiency-compared</a>\n\nÚs: El gran botó d'engegada de la finestra emergent serveix per a desactivar/activar permanentment el uBlock per al lloc web actual. No és un botó d'engegada general de l'extensió.\n\n***\n\nFlexible, és més que un \"bloquejador d'anuncis\": també pot llegir i crear filtres a partir de fitxers hosts.\n\nPer defecte, es carreguen i s'apliquen aquestes llistes de filtres:\n\n- EasyList\n- Peter Lowe’s Ad server list\n- EasyPrivacy\n- Dominis de malware\n\nSi voleu, podeu seleccionar altres llistes disponibles:\n\n- Fanboy’s Enhanced Tracking List\n- Dan Pollock’s hosts file\n- hpHosts’s Ad and tracking servers\n- MVPS HOSTS\n- Spam404\n- I altres\n\nÒbviament, com més filtres activeu, més gran serà el consum de memòria. Però fins i tot després d'afegir dues llistes extra de Fanboy, hpHosts’s Ad and tracking servers, el uBlock₀ encara té un consum de memòria inferior al d'altres bloquejadors coneguts.\n\nTambé heu de ser conscient que seleccionant algunes d'aquestes llistes extra és més probable trobar-se amb llocs webs inservibles -- especialment aquelles llistes que s'utilitzen normalment com a fitxer de hosts.\n\n***\n\nSense les llistes predefinides de filtres, aquesta extensió no és res. Així que, si en cap moment voleu fer una aportació, penseu en les persones que treballen durament per a mantenir les llistes de filtres que utilitzeu, a disposició de tothom de manera gratuïta.\n\n***\n\nLliure.\nCodi obert amb llicència pública (GPLv3)\nPer usuaris per a usuaris.\n\nCol·laboradors a Github: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/9bfaba4f3fe3310ae0a318…" rel=\"nofollow\">https://github.com/gorhill/uBlock/graphs/contributors</a>\nCol·laboradors a Crowdin: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/6a44868e1580018df8d4d8…" rel=\"nofollow\">https://crowdin.net/project/ublock</a>\n\n***\n\nAquesta és, en certa manera, una versió primitiva. Tingueu-ho en compte quan en doneu la vostra opinió.\n\nRegistre de canvis del projecte:\n<a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/de148deb19b52874eb4c57…" rel=\"nofollow\">https://github.com/gorhill/uBlock/releases</a>", "cs": "Efektivní blokovač: nezanechává velké stopy, nezatěžuje paměť a CPU, a přesto může načítat a využívat o několik tisíc filtrů více, než jiné populární blockery.\n\nGrafický přehled jeho účinnosti: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/407a22e7e017297705e927…" rel=\"nofollow\">https://github.com/gorhill/uBlock/wiki/uBlock-vs.-ABP:-efficiency-compared</a>\n\nPoužití: Velký vypínač ve vyskakovacím okně trvale povolí/zakáže uBlock pro otevřenou stránku. Funguje pouze pro aktivní webovou stránku, není to obecný vypínač.\n\n***\n\nFlexibilní, více než jen \"blokovač reklam\": umí také číst a vytvářet filtry z hosts souborů.\n\nPo instalaci jsou načteny a použity tyto filtry:\n\n- EasyList\n- Peter Lowe’s Ad server list\n- EasyPrivacy\n- Malware domains\n\nPokud chcete, můžete si vybrat tyto další filtry:\n\n- Fanboy’s Enhanced Tracking List\n- Dan Pollock’s hosts file\n- hpHosts’s Ad and tracking servers\n- MVPS HOSTS\n- Spam404\n- A mnoho dalších\n\nČím více filtrů je povoleno, tím je samozřejmě větší stopa v paměti. I přesto má ale uBlock₀ i po přidání dvou dalších seznamů od Fanboye a \"hpHosts’s Ad and tracking servers\" menší vliv na paměť než mnohé další velmi populární blockery.\n\nDále mějte na paměti, že vybírání více filtrů zvyšuje šanci chybného zobrazení webů -- především u seznamů, které se normálně používají jako hosts soubory.\n\n***\n\nBez předvolených seznamů filtrů by toto rozšíření bylo k ničemu. Pokud tedy opravdu budete chtít něčím přispět, myslete na lidi, kteří spravují Vámi používané seznamy filtrů a uvolňují je pro všechny zdarma.\n\n***\n\nSvobodný software.\nOpen source s veřejnou licencí (GPLv3)\nOd uživatelů pro uživatele.\n\nPřispěvatelé na Githubu: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/9bfaba4f3fe3310ae0a318…" rel=\"nofollow\">https://github.com/gorhill/uBlock/graphs/contributors</a>\nPřispěvatelé na Crowdinu: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/6a44868e1580018df8d4d8…" rel=\"nofollow\">https://crowdin.net/project/ublock</a>\n\n***\n\nJde o poměrně ranou verzi, mějte to na paměti při recenzování.\n\nChange log projektu:\n<a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/de148deb19b52874eb4c57…" rel=\"nofollow\">https://github.com/gorhill/uBlock/releases</a>", "da": "En effektiv blocker: let på hukommelse og CPU forbrug,. Kan indlæse og anvende tusindvis af flere filtre end andre populære blockere derude.\n\nIllustreret oversigt over effektiviteten: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/54af2c2b64bc518ff8c7fb…" rel=\"nofollow\">https://github.com/gorhill/uBlock/wiki/uBlock-vs.-ABP</a> :-Efficiency-compared\n\nAnvendelse: Den Store power knap i pop-up-vinduet kan permanent deaktivere/aktivere uBlock på det aktuelle websted. Dette gælder kun for det aktuelle websted, det er ikke en global afbryderknap.\n\n***\n\nFleksibel, det er mere end en \"ad blocker\": den kan også læse og oprette filtre fra hosts-filer.\n\nFra starten af er disse lister over filtre indlæst og anvendt:\n\n- EasyList\n- Peter Lowe’s Ad server list\n- EasyPrivacy\n- Malware domains\n\nFlere lister er tilgængelige hvis du ønsker det:\n\n- Fanboy’s Enhanced Tracking List\n- Dan Pollock’s hosts file\n- hpHosts’s Ad and tracking servers\n- MVPS HOSTS\n- Spam404\n- Osv.\n\nSelvfølgelig vil flere aktive filtre betyde højere hukommelsesforbrug. Selv efter tilføjelse af Fanboys to ekstra lister, og hpHosts’s Ad and tracking server, har uBlock₀ stadig et lavere hukommelsesforbrug end andre blockere derude.\n\nVær desuden opmærksom på, at hvis du vælger nogle af disse ekstra lister kan det føre til højere sandsynlighed for, at webstedet bliver vist forkert - især de lister der normalt anvendes som hosts-fil.\n\n***\n\nUden de forudindstillede lister med filtre er denne udvidelse intet. Hvis du nogensinde virkelig ønsker at bidrage med noget, så tænk på de mennesker der arbejder hårdt for at vedligeholde de filterlister du bruger, som alle blev stillet gratis til rådighed for alle.\n\n***\n\nGratis.\nOpen source med offentlig licens (GPLv3)\nFor brugere, af brugere.\n\nBidragydere @ Github: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/9bfaba4f3fe3310ae0a318…" rel=\"nofollow\">https://github.com/gorhill/uBlock/graphs/contributors</a>\nBidragydere @ Crowdin: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/6a44868e1580018df8d4d8…" rel=\"nofollow\">https://crowdin.net/project/ublock</a>\n\n***\n\nDette er en tidlig version. Hav dette i tankerne når du skriver en anmeldelse.\n\nProjekt changelog:\n<a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/de148deb19b52874eb4c57…" rel=\"nofollow\">https://github.com/gorhill/uBlock/releases</a>", - "de": "Ein effizienter Blocker: Geringer Speicherbedarf und niedrige CPU-Belastung - und dennoch werden Tausende an Filtern mehr angewendet als bei anderen populären Blockern.\n\nEin illustrierter Überblick über seine Effizienz: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/407a22e7e017297705e927…" rel=\"nofollow\">https://github.com/gorhill/uBlock/wiki/uBlock-vs.-ABP:-efficiency-compared</a>\n\nBenutzung: Der An-/Ausschaltknopf beim Klicken des Erweiterungssymbols dient zum An-/Ausschalten von uBlock auf der aktuellen Webseite. Dies wirkt sich also nur auf die aktuelle Webseite aus und nicht global.\n\n***\n\nuBlock ist flexibel, denn es ist mehr als ein \"Werbeblocker\": Es verarbeitet auch Filter aus mehreren hosts-Dateien.\n\nStandardmäßig werden folgende Filterlisten geladen und angewandt:\n\n- EasyList\n- Peter Lowe’s Ad server list\n- EasyPrivacy\n- Malware domains\n\nAuf Wunsch können zusätzliche Listen ausgewählt werden:\n\n- Fanboy’s Enhanced Tracking List\n- Dan Pollock’s hosts file\n- hpHosts’s Ad and tracking servers\n- MVPS HOSTS\n- Spam404\n- etc.\n\nNatürlich ist der Speicherbedarf umso höher, desto mehr Filter angewandt werden. Aber selbst mit den zwei zusätzlichen Listen von Fanboy und hpHosts’s Ad and tracking servers ist der Speicherbedarf von uBlock₀ geringer als bei anderen sehr populären Blockern.\n\nBedenke allerdings, dass durch die Wahl zusätzlicher Listen die Wahrscheinlichkeit größer wird, dass bestimmte Webseiten nicht richtig geladen werden - vor allem bei Listen, die normalerweise als hosts-Dateien verwendet werden.\n\n***\n\nOhne die vorgegebenen Filterlisten ist diese Erweiterung nichts. Wenn du also etwas beitragen möchtest, dann denke an die Menschen, die hart dafür arbeiten, die von dir benutzten Filterlisten zu pflegen, und diese für uns alle frei verfügbar gemacht haben.\n\n***\n\nKostenlos.\nOpen source mit Public License (GPLv3)\nFür Benutzer von Benutzern.\n\nMitwirkende @ Github: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/9bfaba4f3fe3310ae0a318…" rel=\"nofollow\">https://github.com/gorhill/uBlock/graphs/contributors</a>\nMitwirkende @ Crowdin: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/6a44868e1580018df8d4d8…" rel=\"nofollow\">https://crowdin.net/project/ublock</a>\n\n***\n\nDies ist eine ziemlich frühe Version - bitte denke daran, wenn du sie bewertest.\n\nChange log des Projekts:\n<a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/de148deb19b52874eb4c57…" rel=\"nofollow\">https://github.com/gorhill/uBlock/releases</a>", + "de": "Ein effizienter Blocker: Geringer Speicherbedarf und niedrige CPU-Belastung - und dennoch werden Tausende an Filtern mehr angewendet als bei anderen populären Blockern.\n\nBenutzung: Der An-/Ausschaltknopf beim Klicken des Erweiterungssymbols dient zum An-/Ausschalten von uBlock auf der aktuellen Webseite. Dies wirkt sich also nur auf die aktuelle Webseite aus und nicht global.\n\n***\n\nuBlock ist flexibel, denn es ist mehr als ein \"Werbeblocker\": Es verarbeitet auch Filter aus mehreren hosts-Dateien.\n\nStandardmäßig werden folgende Filterlisten geladen und angewandt:\n\n- EasyList (Werbung)\n- EasyPrivacy (Tracking)\n- Peter Lowe’s Ad server list (Werbung und Tracking)\n- Online Malicious URL Blocklist\n- uBO's eigene Filterlisten\n\nAuf Wunsch können zusätzliche Listen ausgewählt werden:\n\n- EasyList Cookie\n- Fanboy Annoyances\n- AdGuard Annoyances\n- Dan Pollock’s hosts file\n- Und viele weitere\n\n***\n\nOhne die vorgegebenen Filterlisten ist diese Erweiterung nichts. Wenn du also etwas beitragen möchtest, dann denke an die Menschen, die hart dafür arbeiten, die von dir benutzten Filterlisten zu pflegen, und diese für uns alle frei verfügbar gemacht haben.\n\n***\n\nKostenlos.\nOpen source mit Public License (GPLv3)\nFür Benutzer von Benutzern.\n\nMitwirkende @ Github: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/9bfaba4f3fe3310ae0a318…" rel=\"nofollow\">https://github.com/gorhill/uBlock/graphs/contributors</a>\nMitwirkende @ Crowdin: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/6a44868e1580018df8d4d8…" rel=\"nofollow\">https://crowdin.net/project/ublock</a>\n\n***\n\nChange log des Projekts:\n<a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/de148deb19b52874eb4c57…" rel=\"nofollow\">https://github.com/gorhill/uBlock/releases</a>", "el": "Ένας αποτελεσματικός αναστολέας διαφημίσεων: παρόλο το ελαφρύ του αποτύπωμα στη μνήμη και τον επεξεργαστή μπορεί να εφαρμόσει χιλιάδες περισσότερα φίλτρα σε σχέση με άλλους δημοφιλείς blockers.\n\nΑπεικονιζόμενη επισκόπηση της αποτελεσματικότητάς του: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/407a22e7e017297705e927…" rel=\"nofollow\">https://github.com/gorhill/uBlock/wiki/uBlock-vs.-ABP:-efficiency-compared</a>\n\nΧρήση: Το μεγάλο πλήκτρο απενεργοποίησης/ενεργοποίησης στο αναδυόμενο παράθυρο, χρησιμεύει στην εναλλαγή κατάστασης του uBlock για τον τρέχοντα ιστότοπο. Η εφαρμογή της ρύθμισης αυτής γίνεται μόνο για τον τρέχοντα ιστότοπο και δεν επιβάλλεται καθολικά.\n\n***\n\nΕυέλικτος, είναι πολλά περισσότερα από ένας απλός \"ad blocker\": μπορεί επιπλέον να διαβάζει και να δημιουργεί φίλτρα από αρχεία hosts.\n\nΚατά προεπιλογή, οι λίστες φίλτρων που φορτώνονται και επιβάλλονται είναι οι εξής:\n\n- EasyList\n- Λίστα διακομιστών διαφημίσεων του Peter Lowe\n- EasyPrivacy\n- Κακόβουλοι τομείς\n\nΕπιπλέον λίστες είναι διαθέσιμες για να επιλέξετε εάν το επιθυμείτε:\n\n- Ενισχυμένη Ιχνωσική Λίστα του Fanboy\n- Αρχείο hosts του Dan Pollock\n- Διαφημίσεις και διακομιστές ίχνωσης hpHosts\n- MVPS HOSTS\n- Spam404\n- και πολλές άλλες\n\nΦυσικά, όσο περισσότερα φίλτρα ενεργοποιούνται, τόσο αυξάνεται το αποτύπωμα της μνήμης. Ωστόσο, ακόμη και μετά από την προσθήκη δυο επιπλέον λιστών, του Fanboy και της λίστας διαφημίσεων και διακομιστών ίχνωσης hpHosts, το uBlock₀ συνεχίζει να έχει χαμηλότερο αποτύπωμα μνήμης από άλλους δημοφιλείς αναστολείς.\n\nΕπίσης, έχετε υπ'όψην ότι διαλέγοντας μερικές από τις έξτρα λίστες μπορεί να οδηγήσει σε πιθανό σφάλμα στην ιστοσελίδα -- ειδικά εκείνες που κανονικά χρησιμοποιούνται σαν host αρχεία.\n\n***\n\nΧωρίς τις υπάρχουσες λίστες φίλτρων, αυτή η επέκταση δεν έχει καμία αξία. Εάν ποτέ λοιπόν θελήσετε πραγματικά να συνεισφέρετε κάτι, αναλογιστείτε τους ανθρώπους που εργάζονται σκληρά για να διατηρήσουν τις λίστες φίλτρων που χρησιμοποιείτε, οι οποίες διατέθηκαν προς χρήση σε όλους, δωρεάν.\n\n***\n\nΔωρεάν.\nΑνοιχτού κώδικα με άδεια δημόσιας χρήσης (GPLv3)\nΑπό τους χρήστες για τους χρήστες.\n\nΣυνεισφέροντες @ Github: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/9bfaba4f3fe3310ae0a318…" rel=\"nofollow\">https://github.com/gorhill/uBlock/graphs/contributors</a>\nΣυνεισφέροντες @ Crowdin: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/6a44868e1580018df8d4d8…" rel=\"nofollow\">https://crowdin.net/project/ublock</a>\n\n***\n\nΕίναι μια αρκετά πρόωρη έκδοση, κρατήστε το υπόψη κατά την αξιολόγηση.\n\nΑρχείο αλλαγών του έργου:\n<a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/de148deb19b52874eb4c57…" rel=\"nofollow\">https://github.com/gorhill/uBlock/releases</a>", "en-US": "uBlock Origin is not an \"ad blocker\", it's a wide-spectrum content blocker with CPU and memory efficiency as a primary feature.\n\n***\n\nOut of the box, uBO blocks ads, trackers, coin miners, popups, etc. through the following lists of filters, enabled by default:\n\n- EasyList (ads)\n- EasyPrivacy (tracking)\n- Peter Lowe’s Ad server list (ads and tracking)\n- Online Malicious URL Blocklist\n- uBO's own lists\n\nMore lists are available for you to select if you wish:\n\n- EasyList Cookie\n- Fanboy Annoyances\n- AdGuard Annoyances\n- Dan Pollock’s hosts file\n- And many others\n\nAdditionally, you can point-and-click to block JavaScript locally or globally, create your own global or local rules to override entries from filter lists, and many more advanced features.\n\n***\n\nFree.\nOpen source with public license (GPLv3)\nFor users by users.\n\nIf ever you really do want to contribute something, think about the people working hard to maintain the filter lists you are using, which were made available to use by all for free.\n\n***\n\n<ul><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/788d66e7299bdfb1da0583…" rel=\"nofollow\">Documentation</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/de148deb19b52874eb4c57…" rel=\"nofollow\">Release notes</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/32c3d6819f5263e56c2650…" rel=\"nofollow\">Community support @ Reddit</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/9bfaba4f3fe3310ae0a318…" rel=\"nofollow\">Contributors @ GitHub</a></li><li><a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/6a44868e1580018df8d4d8…" rel=\"nofollow\">Contributors @ Crowdin</a></li></ul>", "es": "Un bloqueador eficiente: capaz de cargar y aplicar miles más de filtros en comparación con otros populares bloqueadores, manteniendo un mínimo consumo de memoria y CPU.\n\nEjemplo con imágenes ilustrando su eficiencia (en inglés): <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/407a22e7e017297705e927…" rel=\"nofollow\">https://github.com/gorhill/uBlock/wiki/uBlock-vs.-ABP:-efficiency-compared</a>\n\nUso: El botón grande de apagado/encendido en la ventana emergente de la extensión, es para deshabilitar/habilitar uBlock₀ permanentemente en el sitio web actual. Aplica solo al sitio web actual, no activa o desactiva la extensión de forma general.\n\n***\n\nFlexible, es más que un \"bloqueador de anuncios\": también puede leer y crear filtros desde archivos hosts.\n\nPor defecto ya trae configuradas las siguientes listas de filtros:\n\n- EasyList\n- Peter Lowe’s Ad server list\n- EasyPrivacy\n- Malware domains\n\nOtras listas disponibles pueden ser seleccionadas, si se desea:\n\n- Fanboy’s Enhanced Tracking List\n- Dan Pollock’s hosts file\n- hpHosts’s Ad and tracking servers\n- MVPS HOSTS\n- Spam404\n- Y muchas más\n\nPor supuesto, mientras más filtros se activen, mayor será el consumo de memoria. No obstante, incluso después de agregar las dos listas adicionales de \"Fanboy's\" y la \"hpHosts’s Ad and tracking servers\", uBlock₀ consume menos memoria que otros bloqueadores similares.\n\nTambién tenga en cuenta que seleccionar algunas de estas listas adicionales puede conducir a una mayor probabilidad de aparición de problemas al mostrar un sitio web -- especialmente las listas utilizadas normalmente como archivo hosts.\n\n***\n\nSin las listas preestablecidas de filtros, esta extensión no sería nada. Así que si alguna vez realmente quieres aportar algo, piensa en las personas que trabajan duro para mantener estas listas de filtros, disponibles de forma gratuita para todos.\n\n***\n\nLibre.\nCódigo abierto con licencia pública (GPLv3)\nHecho para usuarios por los usuarios.\n\nColaboradores @ Github: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/9bfaba4f3fe3310ae0a318…" rel=\"nofollow\">https://github.com/gorhill/uBlock/graphs/contributors</a>\nColaboradores @ Crowdin: <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/7bae4395c4e5926bb237c1…" rel=\"nofollow\">https://crowdin.com/project/ublock</a>\n\n***\n\nRegistro de cambios del proyecto:\n<a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/de148deb19b52874eb4c57…" rel=\"nofollow\">https://github.com/gorhill/uBlock/releases</a>", @@ -1389,7 +1392,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-10-22T22:40:35Z", + "last_updated": "2023-11-06T01:50:32Z", "name": { "ar": "uBlock Origin", "bg": "uBlock Origin", @@ -1534,10 +1537,10 @@ "category": "recommended" }, "ratings": { - "average": 4.7828, - "bayesian_average": 4.7824108134916, - "count": 16288, - "text_count": 4231 + "average": 4.784, + "bayesian_average": 4.783619011833919, + "count": 16477, + "text_count": 4290 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/reviews/", "requires_payment": false, @@ -1584,6 +1587,7 @@ }, "support_email": null, "support_url": { + "de": "https://old.reddit.com/r/uBlockOrigin/", "en-US": "https://old.reddit.com/r/uBlockOrigin/", "ka": "https://old.reddit.com/r/uBlockOrigin/", "ur": "https://old.reddit.com/r/uBlockOrigin/" @@ -1599,7 +1603,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/versions/", - "weekly_downloads": 284546 + "weekly_downloads": 259499 }, "notes": null }, @@ -1615,7 +1619,7 @@ "picture_url": null } ], - "average_daily_users": 171634, + "average_daily_users": 172615, "categories": { "android": [ "photos-media" @@ -1714,10 +1718,10 @@ "category": "recommended" }, "ratings": { - "average": 4.4908, - "bayesian_average": 4.485671359198481, - "count": 1143, - "text_count": 427 + "average": 4.49, + "bayesian_average": 4.484869455864706, + "count": 1145, + "text_count": 428 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/re…", "requires_payment": false, @@ -1739,7 +1743,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/ve…", - "weekly_downloads": 393 + "weekly_downloads": 433 }, "notes": null }, @@ -1755,7 +1759,7 @@ "picture_url": null } ], - "average_daily_users": 88504, + "average_daily_users": 87057, "categories": { "android": [ "experimental", @@ -1893,7 +1897,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/versions/", - "weekly_downloads": 2256 + "weekly_downloads": 2013 }, "notes": null }, @@ -1909,7 +1913,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/64/9064/12929064/12929064.pn…" } ], - "average_daily_users": 276219, + "average_daily_users": 277163, "categories": { "android": [ "photos-media", @@ -2128,10 +2132,10 @@ "category": "recommended" }, "ratings": { - "average": 4.6509, - "bayesian_average": 4.646312748713676, - "count": 1335, - "text_count": 256 + "average": 4.6543, + "bayesian_average": 4.649791403978484, + "count": 1345, + "text_count": 257 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/reviews/", "requires_payment": false, @@ -2152,7 +2156,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/versions/", - "weekly_downloads": 5690 + "weekly_downloads": 5764 }, "notes": null }, @@ -2175,7 +2179,7 @@ "picture_url": null } ], - "average_daily_users": 113785, + "average_daily_users": 115047, "categories": { "android": [ "other" @@ -2458,9 +2462,9 @@ "category": "recommended" }, "ratings": { - "average": 4.3672, - "bayesian_average": 4.3627273427174105, - "count": 1269, + "average": 4.3666, + "bayesian_average": 4.362179866443754, + "count": 1271, "text_count": 356 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/reviews/", @@ -2481,7 +2485,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/versions/", - "weekly_downloads": 36 + "weekly_downloads": 35 }, "notes": null }, @@ -2497,7 +2501,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/43/0143/143/143.png?modified…" } ], - "average_daily_users": 311914, + "average_daily_users": 310140, "categories": { "android": [ "performance", @@ -2687,10 +2691,10 @@ "category": "recommended" }, "ratings": { - "average": 4.3995, - "bayesian_average": 4.3968053215576, - "count": 2125, - "text_count": 821 + "average": 4.3994, + "bayesian_average": 4.396743494333709, + "count": 2133, + "text_count": 825 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/reviews/", "requires_payment": false, @@ -2734,7 +2738,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/", - "weekly_downloads": 9346 + "weekly_downloads": 9017 }, "notes": null }, @@ -2750,7 +2754,7 @@ "picture_url": null } ], - "average_daily_users": 154597, + "average_daily_users": 155003, "categories": { "android": [ "performance", @@ -2862,10 +2866,10 @@ "category": "recommended" }, "ratings": { - "average": 3.8689, - "bayesian_average": 3.8647664217835884, - "count": 1182, - "text_count": 428 + "average": 3.866, + "bayesian_average": 3.861926627269856, + "count": 1187, + "text_count": 430 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/revi…", "requires_payment": false, @@ -2884,7 +2888,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/vers…", - "weekly_downloads": 2037 + "weekly_downloads": 2510 }, "notes": null } ===================================== projects/firefox-android/config ===================================== @@ -16,7 +16,7 @@ container: var: fenix_version: 115.2.1 browser_branch: 13.0-1 - browser_build: 7 + browser_build: 8 variant: Beta # This should be updated when the list of gradle dependencies is changed. gradle_dependencies_version: 1 ===================================== projects/geckoview/config ===================================== @@ -16,7 +16,7 @@ container: var: geckoview_version: 115.4.0esr browser_branch: 13.0-1 - browser_build: 2 + browser_build: 3 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse HEAD") %]' ===================================== projects/manual/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 # To update, see doc/how-to-update-the-manual.txt # Remember to update also the package's hash, with the version! -version: 112141 +version: 112775 filename: 'manual-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -23,6 +23,6 @@ input_files: - project: container-image - URL: 'https://build-sources.tbb.torproject.org/manual_[% c("version") %].zip' name: manual - sha256sum: f767bc5f655f1263623b7af588cfb045d3e41ee019dc7ecd713decc5c1a0ea9b + sha256sum: 57c9c02f5209fdbcb333d902b7ec4bbec3bb08baf34cb97845cf55bc5bdcb744 - filename: packagemanual.py name: package_script ===================================== rbm.conf ===================================== @@ -81,7 +81,7 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '13.0.2' + torbrowser_version: '13.0.3' torbrowser_build: 'build1' torbrowser_incremental_from: - '13.0' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/1… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/firefox-android] Pushed new tag firefox-android-115.2.1-13.0-1-build8
by richard (＠richard) 06 Nov '23

06 Nov '23

richard pushed new tag firefox-android-115.2.1-13.0-1-build8 at The Tor Project / Applications / firefox-android -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/tree/firef… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.4.0esr-13.0-1-build3
by richard (＠richard) 06 Nov '23

06 Nov '23

richard pushed new tag tor-browser-115.4.0esr-13.0-1-build3 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 3 commits: Bug 41005: Unpack macOS bundle to /var/tmp instead of /tmp in rcodesign-notary-submit step
by richard (＠richard) 06 Nov '23

06 Nov '23

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: a9429aa5 by Richard Pospesel at 2023-11-03T15:22:37+00:00 Bug 41005: Unpack macOS bundle to /var/tmp instead of /tmp in rcodesign-notary-submit step - - - - - 8ebcb6f6 by Richard Pospesel at 2023-11-03T15:24:19+00:00 Bug 41006: Fix typo in finished-signing-clean-linux signer - - - - - a565b18a by Richard Pospesel at 2023-11-03T15:25:24+00:00 Bug 41007: gatekeeper-bundling.sh refers to old .tar.gz archive - - - - - 3 changed files: - tools/signing/finished-signing-clean-linux-signer - tools/signing/gatekeeper-bundling.sh - tools/signing/rcodesign-notary-submit Changes: ===================================== tools/signing/finished-signing-clean-linux-signer ===================================== @@ -10,5 +10,5 @@ source "$script_dir/functions" var_is_defined ssh_host_linux_signer tbb_version ssh "$ssh_host_linux_signer" 'bash -s' << EOF - test -n "$tbb_version" && rm -Rfv ~/"$SIGNING_PROJECTNAME-$tbb_version ~/"$SIGNING_PROJECTNAME-$tbb_version-macos-signed" + test -n "$tbb_version" && rm -Rfv ~/"$SIGNING_PROJECTNAME-$tbb_version" ~/"$SIGNING_PROJECTNAME-$tbb_version-macos-signed" EOF ===================================== tools/signing/gatekeeper-bundling.sh ===================================== @@ -45,7 +45,7 @@ test -f "$libdmg_file" || \ "You can build it with:" \ " ./rbm/rbm build --target no_containers libdmg-hfsplus" \ "See var/deps in projects/libdmg-hfsplus/config for the list of build dependencies" -hfstools_file="$script_dir/../../out/hfsplus-tools/hfsplus-tools-540.1.linux3-81ff5b.tar.gz" +hfstools_file="$script_dir/../../out/hfsplus-tools/hfsplus-tools-540.1.linux3-2acaa4.tar.zst" test -f "$hfstools_file" || \ exit_error "$hfstools_file is missing." \ "You can build it with:" \ ===================================== tools/signing/rcodesign-notary-submit ===================================== @@ -14,7 +14,7 @@ test -f "$appstoreconnect_api_key_path" || \ "$script_dir/setup-rcodesign" -tmpdir=$(mktemp -d) +tmpdir=$(mktemp -d -p /var/tmp) trap "rm -Rf $tmpdir" EXIT Proj_Name=$(Project_Name) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.5-1] fixup! Add TorStrings module for localization
by Pier Angelo Vendrame (＠pierov) 06 Nov '23

06 Nov '23

Pier Angelo Vendrame pushed to branch tor-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 377d3eca by Henry Wilkes at 2023-11-02T12:18:32+00:00 fixup! Add TorStrings module for localization Bug 42221: Remove unused strings now that 13.0 is stable. - - - - - 6 changed files: - toolkit/torbutton/chrome/locale/en-US/aboutTBUpdate.dtd - toolkit/torbutton/chrome/locale/en-US/settings.properties - toolkit/torbutton/chrome/locale/en-US/torConnect.properties - toolkit/torbutton/chrome/locale/en-US/torbutton.dtd - toolkit/torbutton/chrome/locale/en-US/torbutton.properties - toolkit/torbutton/chrome/locale/en-US/torlauncher.properties Changes: ===================================== toolkit/torbutton/chrome/locale/en-US/aboutTBUpdate.dtd ===================================== @@ -7,9 +7,6 @@ <!ENTITY aboutTBUpdate.version "Version"> <!ENTITY aboutTBUpdate.releaseDate "Release Date"> <!ENTITY aboutTBUpdate.releaseNotes "Release Notes"> - - -<!ENTITY aboutTBUpdate.updated "Tor Browser has been updated.">  -<!ENTITY torbutton.circuit_display.new_circuit "New Circuit for this Site">  <!ENTITY torbutton.onionServices.authPrompt.tooltip "Open onion service client authentication prompt"> ===================================== toolkit/torbutton/chrome/locale/en-US/torbutton.properties ===================================== @@ -22,25 +22,6 @@ torbutton.circuit_display.region-guard-node = %S (guard) torbutton.circuit_display.new-circuit-guard-description = Your guard node may not change torbutton.circuit_display.new-circuit-bridge-description = Your bridge may not change -# Old circuit display strings used up to 12.0 - remove when 12.5 becomes stable: -torbutton.circuit_display.relay = Relay -torbutton.circuit_display.unknown_country = Unknown country -torbutton.circuit_display.guard = Guard -torbutton.circuit_display.guard_note = Your [Guard] node may not change. -torbutton.circuit_display.learn_more = Learn more -torbutton.circuit_display.click_to_copy = Click to Copy -torbutton.circuit_display.copied = Copied! -# end - -# External app blocker strings used up to 12.0 - TODO: remove when 12.5 becomes stable: -torbutton.popup.external.title = Download an external file type? -torbutton.popup.external.app = Tor Browser cannot display this file. You will need to open it with another application.\n\n -torbutton.popup.external.note = Some types of files can cause applications to connect to the Internet without using Tor.\n\n -torbutton.popup.external.suggest = To be safe, you should only open downloaded files while offline, or use a Tor Live CD such as Tails.\n -torbutton.popup.launch = Download file -torbutton.popup.cancel = Cancel -torbutton.popup.dontask = Automatically download files from now on - # Download pane warning torbutton.download.warning.title = Be careful opening downloads # %S will be a link to the Tails operating system website. With the content given by torbutton.download.warning.tails_brand_name @@ -131,18 +112,3 @@ profileProblemTitle=%S Profile Problem profileReadOnly=You cannot run %S from a read-only file system. Please copy %S to another location before trying to use it. profileReadOnlyMac=You cannot run %S from a read-only file system. Please copy %S to your Desktop or Applications folder before trying to use it. profileAccessDenied=%S does not have permission to access the profile. Please adjust your file system permissions and try again. - -# New identity warning -torbutton.popup.no_newnym = Torbutton cannot safely give you a new identity. It does not have access to the Tor Control Port.\n\nAre you running Tor Browser Bundle? - - -## Legacy - -# Preferences for mobile: these strings are still referenced, but we should -# check whether this feature is still used -torbutton.security_settings.menu.title = Security Settings - -# The notification that appears when maximizing the browser with letterboxing disabled -# TODO: This string is not needed as of 12.5a5, and has a replacement in Base Browser! -# To be removed when 12.0 will not need new updates. -torbutton.maximize_warning = Maximizing Tor Browser can allow websites to determine your monitor size, which can be used to track you. We recommend that you leave Tor Browser windows in their original default size. ===================================== toolkit/torbutton/chrome/locale/en-US/torlauncher.properties ===================================== @@ -59,7 +59,3 @@ torlauncher.bootstrapWarning.pt_missing=missing pluggable transport torlauncher.nsresult.NS_ERROR_NET_RESET=The connection to the server was lost. torlauncher.nsresult.NS_ERROR_CONNECTION_REFUSED=Could not connect to the server. torlauncher.nsresult.NS_ERROR_PROXY_CONNECTION_REFUSED=Could not connect to the proxy. - -## 12.5-only strings that can be removed once it goes EOL. - -torlauncher.tor_controlconn_failed=Could not connect to Tor control port. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/377d3ec… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/377d3ec… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-update-responses][main] alpha: new version, 13.5a1
by richard (＠richard) 02 Nov '23

02 Nov '23

richard pushed to branch main at The Tor Project / Applications / Tor Browser update responses Commits: f716473f by Richard Pospesel at 2023-11-02T19:52:51+00:00 alpha: new version, 13.5a1 - - - - - 30 changed files: - update_3/alpha/.htaccess - − update_3/alpha/13.0a3-13.0a6-linux-i686-ALL.xml - − update_3/alpha/13.0a3-13.0a6-linux-x86_64-ALL.xml - − update_3/alpha/13.0a3-13.0a6-macos-ALL.xml - − update_3/alpha/13.0a3-13.0a6-windows-i686-ALL.xml - − update_3/alpha/13.0a3-13.0a6-windows-x86_64-ALL.xml - − update_3/alpha/13.0a4-13.0a6-linux-i686-ALL.xml - − update_3/alpha/13.0a4-13.0a6-linux-x86_64-ALL.xml - − update_3/alpha/13.0a4-13.0a6-macos-ALL.xml - − update_3/alpha/13.0a4-13.0a6-windows-i686-ALL.xml - − update_3/alpha/13.0a4-13.0a6-windows-x86_64-ALL.xml - + update_3/alpha/13.0a4-13.5a1-linux-i686-ALL.xml - + update_3/alpha/13.0a4-13.5a1-linux-x86_64-ALL.xml - + update_3/alpha/13.0a4-13.5a1-macos-ALL.xml - + update_3/alpha/13.0a4-13.5a1-windows-i686-ALL.xml - + update_3/alpha/13.0a4-13.5a1-windows-x86_64-ALL.xml - − update_3/alpha/13.0a5-13.0a6-linux-i686-ALL.xml - − update_3/alpha/13.0a5-13.0a6-linux-x86_64-ALL.xml - − update_3/alpha/13.0a5-13.0a6-macos-ALL.xml - − update_3/alpha/13.0a5-13.0a6-windows-i686-ALL.xml - − update_3/alpha/13.0a5-13.0a6-windows-x86_64-ALL.xml - + update_3/alpha/13.0a5-13.5a1-linux-i686-ALL.xml - + update_3/alpha/13.0a5-13.5a1-linux-x86_64-ALL.xml - + update_3/alpha/13.0a5-13.5a1-macos-ALL.xml - + update_3/alpha/13.0a5-13.5a1-windows-i686-ALL.xml - + update_3/alpha/13.0a5-13.5a1-windows-x86_64-ALL.xml - + update_3/alpha/13.0a6-13.5a1-linux-i686-ALL.xml - + update_3/alpha/13.0a6-13.5a1-linux-x86_64-ALL.xml - + update_3/alpha/13.0a6-13.5a1-macos-ALL.xml - + update_3/alpha/13.0a6-13.5a1-windows-i686-ALL.xml The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-update-responses… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag mb-13.5a1-build1
by richard (＠richard) 02 Nov '23

02 Nov '23

richard pushed new tag mb-13.5a1-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/mb-… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-13.5a1-build1
by richard (＠richard) 02 Nov '23

02 Nov '23

richard pushed new tag tbb-13.5a1-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher][AsciiWolf-metainfo-fix] Use a proper rDNS ID in AppStream metainfo
by asciiwolf (＠asciiwolf) 02 Nov '23

02 Nov '23

asciiwolf pushed to branch AsciiWolf-metainfo-fix at The Tor Project / Applications / torbrowser-launcher Commits: 34bdd4d0 by AsciiWolf at 2023-11-02T18:12:06+01:00 Use a proper rDNS ID in AppStream metainfo - - - - - 1 changed file: - share/metainfo/torbrowser.appdata.xml → share/metainfo/org.torproject.torbrowser-launcher.metainfo.xml Changes: ===================================== share/metainfo/torbrowser.appdata.xml → share/metainfo/org.torproject.torbrowser-launcher.metainfo.xml ===================================== @@ -1,7 +1,8 @@ <?xml version="1.0" encoding="UTF-8"?>  <component type="desktop-application"> - <id>torbrowser.desktop</id> + <id>org.torproject.torbrowser-launcher</id> + <launchable type="desktop-id">torbrowser.desktop</launchable> <metadata_license>CC0-1.0</metadata_license> <project_license>MIT</project_license> <name>Tor Browser Launcher</name> View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/commit… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] Bug 40978, 40981: Prepare Tor+Mullvad Browser Alpha 13.5a1
by richard (＠richard) 02 Nov '23

02 Nov '23

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 9b98e5ac by Richard Pospesel at 2023-11-01T17:42:56+00:00 Bug 40978,40981: Prepare Tor+Mullvad Browser Alpha 13.5a1 - - - - - 10 changed files: - projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/allowed_addons.json - projects/browser/config - projects/firefox/config - projects/geckoview/config - projects/go/config - projects/manual/config - projects/openssl/config - projects/translation/config Changes: ===================================== projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt ===================================== @@ -1,3 +1,202 @@ +Mullvad Browser 13.5a1 - November 01 2023 + * All Platforms + * Updated Firefox to 115.4.0esr + * Updated NoScript to 11.4.28 + * Bug 246: Add the last Mullvad Browser Extension (0.8.4) to 13.0 [mullvad-browser] + * Bug 42182: Default Search Engine Does Not Persist Through Shift to New Identity [tor-browser] + * Bug 42191: Backport security fixes (Android & wontfix) from Firefox 119 to 115.4 - based Tor Browser [tor-browser] + * Windows + macOS + * Bug 42154: Empty the clipboard on browser shutdown only if content comes from private browsing windows [tor-browser] + * Build System + * All Platforms + * Bug 40934: Remove $bundle_locales from signing scripts now that we're on ALL for everything [tor-browser-build] + * Bug 40982: Fix logging in tools/signing/do-all-signing [tor-browser-build] + * Bug 40983: Bump the various branches to 13.5 on main [tor-browser-build] + * Bug 40989: Add .nobackup files to reproducible and disposable directores [tor-browser-build] + * Windows + * Bug 40984: The PDBs for .exe are not included [tor-browser-build] + * macOS + * Bug 29815: Sign our macOS bundles on Linux [tor-browser-build] + +Mullvad Browser 13.0.1 - October 24 2023 + * All Platforms + * Updated Firefox to 115.4.0esr + * Bug 42182: Default Search Engine Does Not Persist Through Shift to New Identity [tor-browser] + * Bug 42185: Rebase stable browsers on top of 115.4.0esr [tor-browser] + * Bug 42191: Backport security fixes (Android & wontfix) from Firefox 119 to 115.4 - based Tor Browser [tor-browser] + * Build System + * Windows + Linux + * Bug 40991: Fix creation of downloads-windows-x86_64.json and downloads-linux-x86_64.json [tor-browser-build] + * Windows + * Bug 40984: The PDBs for .exe are not included [tor-browser-build] + +Mullvad Browser 13.0 - October 12 2023 + * All Platforms + * Updated Firefox to 115.3.1esr + * Bug 40050: FF103 Audit [tor-browser-spec] + * Bug 40051: FF104 Audit [tor-browser-spec] + * Bug 40052: FF105 Audit [tor-browser-spec] + * Bug 40053: FF106 Audit [tor-browser-spec] + * Bug 40054: FF107 Audit [tor-browser-spec] + * Bug 40055: FF108 Audit [tor-browser-spec] + * Bug 40056: FF109 Audit [tor-browser-spec] + * Bug 40057: FF110 Audit [tor-browser-spec] + * Bug 40058: FF111 Audit [tor-browser-spec] + * Bug 40059: FF112 Audit [tor-browser-spec] + * Bug 40060: FF113 Audit [tor-browser-spec] + * Bug 40061: FF114 Audit [tor-browser-spec] + * Bug 40062: FF115 Audit [tor-browser-spec] + * Bug 66: Localize Mullvad Browser [mullvad-browser] + * Bug 166: Enable built-in URL anti-tracking query parameters stripping [mullvad-browser] + * Bug 175: Change the default start window size from 1000x1000 [mullvad-browser] + * Bug 177: Change help links in `about:preferences` and menu [mullvad-browser] + * Bug 183: Rebase Mullvad Browser to Firefox 115 [mullvad-browser] + * Bug 195: Choose which locales to translate Mullvad Browser to [mullvad-browser] + * Bug 196: Enumerate Mullvad Browser-specific strings for localization [mullvad-browser] + * Bug 199: Mullvad Browser changes required to use Mullvad Browser-specific localization strings [mullvad-browser] + * Bug 208: Improve letterboxing's dimensions [mullvad-browser] + * Bug 211: Change "Mullvad Browser Home" to "New tab" [mullvad-browser] + * Bug 213: Add search engines to the default list [mullvad-browser] + * Bug 214: Enable cross-tab identity leak protection in "quiet" mode [mullvad-browser] + * Bug 215: Update re-adds manually removed default toolbar buttons [mullvad-browser] + * Bug 218: uBO and Mullvad Browser Extension hidden in unified extensions panel [mullvad-browser] + * Bug 220: "Firefox Suggest" string appears when search matches a bookmark [mullvad-browser] + * Bug 223: Trademarks in the about popup are not translated [mullvad-browser] + * Bug 226: First window after update should go to the user-friendly release page on GitHub [mullvad-browser] + * Bug 228: Remove popup asking for preferred language on websites [mullvad-browser] + * Bug 231: Fix the Security Level "read more" link in popup/settings panel [mullvad-browser] + * Bug 243: Make sure about:mullvadbrowser is treated as a new tab page [mullvad-browser] + * Bug 26277: When "Safest" setting is enabled searching using duckduckgo should always use the Non-Javascript site for searches [tor-browser] + * Bug 30556: Re-evaluate letterboxing dimension choices [tor-browser] + * Bug 33282: Increase the max width of new windows [tor-browser] + * Bug 33955: Selecting "Copy image" from menu leaks the source URL to the clipboard. This data is often dereferenced by other applications. [tor-browser] + * Bug 41327: Disable UrlbarProviderInterventions [tor-browser] + * Bug 41477: Review some extensions.* preferences [tor-browser] + * Bug 41496: Review 000-tor-browser.js and 001-base-profile.js for 115 [tor-browser] + * Bug 41528: Hard-coded English "based on Mozilla Firefox" appears in version in "About" dialog [tor-browser] + * Bug 41576: ESR115: ensure no remote calls for weather & addon suggestions [tor-browser] + * Bug 41581: ESR115: figure out extension pinning / unified Extensions [tor-browser] + * Bug 41642: Do not hide new PBM in the hamburger menu if auto PBM is not enabled [tor-browser] + * Bug 41675: Remove javascript.options.large_arraybuffers [tor-browser] + * Bug 41691: "Firefox Suggest" text appearing in UI [tor-browser] + * Bug 41727: WebRTC privacy-hardening settings [tor-browser] + * Bug 41739: Remove "Website appearance" [tor-browser] + * Bug 41740: ESR115: change devicePixelRatio spoof to 2 in alpha for testing [tor-browser] + * Bug 41752: Review changes done by Bug 41565 [tor-browser] + * Bug 41765: TTP-02-006 WP1: Information leaks via custom homepage (Low) [tor-browser] + * Bug 41774: Hide the new "Switching to a new device" help menu item [tor-browser] + * Bug 41791: Copying page contents also puts the source URL on the clipboard [tor-browser] + * Bug 41797: Lock RFP in release builds [tor-browser] + * Bug 41833: Reload extensions on new identity [tor-browser] + * Bug 41834: Hide "Can't Be Removed - learn more" menu line for uninstallable add-ons [tor-browser] + * Bug 41874: Visual & A11 regressions in add-on badges [tor-browser] + * Bug 41876: Remove Firefox View from title bar [tor-browser] + * Bug 41877: NoScript seems to be blocking by default in the first 115-based testbuild [tor-browser] + * Bug 41881: Developer tools/Network/New Request remembers requests [tor-browser] + * Bug 41903: The info icon on the language change prompt is not shown [tor-browser] + * Bug 41936: Review Mozilla 1770158: Use double-conversion library instead of dtoa for string-to-double conversion [tor-browser] + * Bug 41937: Review Mozilla 1780014: Add specific telemetry for conservative and first-try handshakes [tor-browser] + * Bug 41938: Review Mozilla 1769994: On systems with IPv6 preferred DNS resolution clients will fail to connect when "localhost" is used as host for the WebSocket server [tor-browser] + * Bug 41939: Review Mozilla 1728871: Support fetching data from Remote Setting [tor-browser] + * Bug 41940: Review Mozilla 1739348: When a filetype is set to "always ask" and the user makes a save/open choice in the dialog, we should not also open the downloads panel [tor-browser] + * Bug 41941: Review Mozilla 1775254: Improve Math.pow accuracy for large exponents [tor-browser] + * Bug 41943: Lock javascript.options.spectre.disable_for_isolated_content to false [tor-browser] + * Bug 41945: Review Mozilla 1783019: Add a cookie banner service to automatically handle website cookie banners [tor-browser] + * Bug 41946: Review Mozilla 1782579: Add a locale parameter to the text recognition API [tor-browser] + * Bug 41947: Review Mozilla 1779005: Broken since Firefox 102.0: no instant fallback to direct connection when proxy became unreachable while runtime [tor-browser] + * Bug 41949: Review Mozilla 1782578: Implement a context menu modal for text recognition [tor-browser] + * Bug 41950: Review Mozilla 1788668: Add the possibility to check that the clipboard contains some pdfjs stuff [tor-browser] + * Bug 41951: Review Mozilla 1790681: Enable separatePrivateDefault by default [tor-browser] + * Bug 41959: Review Mozilla 1795944: Remove descriptionheightworkaround [tor-browser] + * Bug 41961: Review Mozilla 1798868: Hide cookie banner handling UI by default [tor-browser] + * Bug 41969: Review Mozilla 1746983: Re-enable pingsender2 [tor-browser] + * Bug 41970: Review Mozilla 17909270: WebRTC bypasses Network settings & proxy.onRequest [tor-browser] + * Bug 41973: Custom wingpanels don't line up with their toolbar icons in 13.0 alpha [tor-browser] + * Bug 41981: Review Mozilla 1800675: Add about:preferences entry for cookie banner handling [tor-browser] + * Bug 41983: Review Mozilla 1770447: Create a reusable "support-link" widget [tor-browser] + * Bug 41984: Rename languageNotification.ftl to base-browser.ftl [tor-browser] + * Bug 42013: Review Mozilla 1834374: Do not call EmptyClipboard() in nsBaseClipboard destructor [tor-browser] + * Bug 42014: Review Mozilla 1832791: Implement a Remote Settings for the Quarantined Domains pref [tor-browser] + * Bug 42015: Review Mozilla 1830890: Keep a history window of WebRTC stats for about:webrtc [tor-browser] + * Bug 42019: Empty browser's clipboard on browser shutdown [tor-browser] + * Bug 42022: Prevent extension search engines from breaking the whole search system [tor-browser] + * Bug 42026: Disable cookie banner service and UI. [tor-browser] + * Bug 42027: Create a Base Browser version of migrateUI [tor-browser] + * Bug 42029: Defense-in-depth: disable non-proxied UDP WebRTC [tor-browser] + * Bug 42037: Disable about:firefoxview [tor-browser] + * Bug 42043: Disable gUM: media.devices.enumerate.legacy.enabled [tor-browser] + * Bug 42046: Remove XUL layout hacks from base browser [tor-browser] + * Bug 42050: Bring back Save As... dialog as default [tor-browser] + * Bug 42061: Move the alpha update channel creation to a commit on its own [tor-browser] + * Bug 42083: RemoteSecuritySettings.init throws error in console [tor-browser] + * Bug 42084: Race condition with language preferences may make spoof_english ineffective [tor-browser] + * Bug 42094: Disable `media.aboutwebrtc.hist.enabled` as security in-depth [tor-browser] + * Bug 42138: Disable apz.overscroll.enabled pref [tor-browser] + * Bug 42159: Responsive Design Mode not working correctly [tor-browser] + * Bug 42166: New identity dialog missing accessible name [tor-browser] + * Bug 42167: Make the preference auto-focus more reliable [tor-browser] + * Bug 40893: Update (Noto) fonts for 13.0 [tor-browser-build] + * Bug 40924: Customize MOZ_APP_REMOTINGNAME instead of passing --name and --class [tor-browser-build] + * Bug 40937: First window after update should go to the user-friendly release page on GitHub [tor-browser-build] + * Windows + * Bug 40737: Revert backout of Mozilla's fix for bug 1724777 [tor-browser] + * Bug 41798: Stop building private_browsing.exe on Windows [tor-browser] + * Bug 41806: Prevent Private Browsing start menu item to be added automatically [tor-browser] + * Bug 41942: Review Mozilla 1682520: Use the WER runtime exception module to catch early crashes [tor-browser] + * Bug 41944: Review Mozilla 1774083: Add Surrogate COM Server to handle native Windows notifications when Firefox is closed. [tor-browser] + * Bug 42008: Review Mozilla 1808146: Copying images from Pixiv and pasting them in certain programs is broken [tor-browser] + * Bug 42010: Review Mozilla 1810641: Enable overscroll on Windows on all channels [tor-browser] + * Bug 40930: Upate zlib to 1.3 after 13.0a3 [tor-browser-build] + * macOS + * Bug 41948: Review Mozilla 1782981: Hide the text recognition context menu if the macOS version doesn't support APIs [tor-browser] + * Bug 41982: Review Mozilla 1762392: Add Cocoa platform support for paste files [tor-browser] + * Bug 42057: Disable Platform text-recognition functionality [tor-browser] + * Bug 42147: Add browser.helperApps.deleteTempFileOnExit to our profile [tor-browser] + * Linux + * Bug 225: Right Click -> New Tab on link does nothing [mullvad-browser] + * Bug 41884: Linux: set browser.tabs.searchclipboardfor.middleclick to false [tor-browser] + * Bug 40576: Fontconfig warning: remove 'blank' configuration [tor-browser-build] + * Build System + * All Platforms + * Bug 180: Change the naming scheme of the installers at build time [mullvad-browser] + * Bug 197: Develop Crowdin to Gitlab translations repo pipeline [mullvad-browser] + * Bug 198: Enable localization for Mullvad Browser builds [mullvad-browser] + * Bug 31588: Be smarter about vendoring for Rust projects [tor-browser-build] + * Bug 40089: Clean up usage of get-moz-build-date script [tor-browser-build] + * Bug 40149: Remove patching of nightly update URL [tor-browser-build] + * Bug 40410: Get rid of python2 [tor-browser-build] + * Bug 40487: Bump Python version [tor-browser-build] + * Bug 40615: Consider adding a readme to the fonts directory [tor-browser-build] + * Bug 40802: Drop the patch for making WASI reproducible [tor-browser-build] + * Bug 40829: Review and standardize naming scheme for browser installer/package artifacts [tor-browser-build] + * Bug 40855: Update toolchains for Mozilla 115 [tor-browser-build] + * Bug 40868: Bump Rust to 1.69.0 [tor-browser-build] + * Bug 40880: The README doesn't include some dependencies needed for building incrementals [tor-browser-build] + * Bug 40886: Update README with instructions for Arch linux [tor-browser-build] + * Bug 40898: Add doc from tor-browser-spec/processes/ReleaseProcess to gitlab issue templates [tor-browser-build] + * Bug 40907: Sometimes debug information are not deterministic with Clang 16.0.4 [tor-browser-build] + * Bug 40916: Update updated_responses_config.yml to pull Mullvad incrementals from archive.torproject.org [tor-browser-build] + * Bug 40922: Use base-browser.ftl instead of languageNotification.ftl [tor-browser-build] + * Bug 40931: Fix incrementals after tor-browser-build#40829 [tor-browser-build] + * Bug 40932: Remove appname_bundle_android, appname_bundle_macos, appname_bundle_linux, appname_bundle_win32, appname_bundle_win64 from projects/release/update_responses_config.yml [tor-browser-build] + * Bug 40933: Fix generating incrementals between 12.5.x and 13.0 [tor-browser-build] + * Bug 40935: Fix fallout from build target rename in signing scripts [tor-browser-build] + * Bug 40942: Use the branch to build Base Browser [tor-browser-build] + * Bug 40944: After #40931, updates_responses is using incremental.mar files as if they were non-incremental mar files [tor-browser-build] + * Bug 40946: override_updater_url does not work for Mullvad Browser [tor-browser-build] + * Bug 40947: Remove migrate_langs from tools/signing/nightly/update-responses-base-config.yml [tor-browser-build] + * Bug 40956: Allow testing the updater also with release and alpha channel [tor-browser-build] + * Bug 40957: Expired subkey warning on Tor Browser GPG verification [tor-browser-build] + * Bug 40972: Handle Mullvad Browser in the changelog script and group entries by project [tor-browser-build] + * Windows + * Bug 41995: Generated headers on Windows aren't reproducible [tor-browser] + * Bug 40832: Unify mingw-w64-clang 32+64 bits [tor-browser-build] + * Bug 40940: Change position of the `install|portable` in the builds filenames [tor-browser-build] + * macOS + * Bug 40943: Update libdmg-hfsplus to include our uplifted patch [tor-browser-build] + * Linux + * Bug 40102: Move from Debian Jessie to Debian Stretch for our Linux builds [tor-browser-build] + Mullvadd Browser 13.0a6 - September 29 2023 * All Platforms * Updated uBlock Origin to 1.52.2 ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,357 @@ +Tor Browser 13.5a1 - November 01 2023 + * All Platforms + * Updated OpenSSL to 3.0.12 + * Updated NoScript to 11.4.28 + * Bug 42191: Backport security fixes (Android & wontfix) from Firefox 119 to 115.4 - based Tor Browser [tor-browser] + * Bug 42204: Drop unused aboutTor.dtd [tor-browser] + * Bug 40975: libstdc++.so.6 is included twice in tor-browser [tor-browser-build] + * Windows + macOS + Linux + * Updated Firefox to 115.4.0esr + * Bug 41341: Fix style and position of "Always Prioritize Onions" wingpanel [tor-browser] + * Bug 42108: Tor Circuit button not shown if TLS handshake fails [tor-browser] + * Bug 42182: Default Search Engine Does Not Persist Through Shift to New Identity [tor-browser] + * Bug 42184: Setting "Homepage and new windows" ignores "Blank Page" value [tor-browser] + * Windows + macOS + * Bug 42154: Empty the clipboard on browser shutdown only if content comes from private browsing windows [tor-browser] + * Android + * Updated GeckoView to 115.4.0esr + * Bug 42201: Make the script sign all the channels for local builds [tor-browser] + * Bug 42222: Fix TorDomainIsolator initialization on Android [tor-browser] + * Build System + * All Platforms + * Update Go to 1.21.3 + * Bug 40852: Reproducible build of the the lox client library to wasm [tor-browser-build] + * Bug 40934: Remove $bundle_locales from signing scripts now that we're on ALL for everything [tor-browser-build] + * Bug 40976: Update download-unsigned-sha256sums-gpg-signatures-from-people-tpo to fetch from tb-build-02 and tb-build-03 [tor-browser-build] + * Bug 40982: Fix logging in tools/signing/do-all-signing [tor-browser-build] + * Bug 40983: Bump the various branches to 13.5 on main [tor-browser-build] + * Bug 40989: Add .nobackup files to reproducible and disposable directores [tor-browser-build] + * Bug 40062: Copy input directories to containers recursively [rbm] + * Windows + * Bug 40984: The PDBs for .exe are not included [tor-browser-build] + * macOS + * Bug 29815: Sign our macOS bundles on Linux [tor-browser-build] + * Linux + * Bug 40979: Add redirects from old Linux bundle filename to the new one [tor-browser-build] + +Tor Browser 13.0.2 - October 26 2023 + * Android + * Bump firefox-android commit to generate new version code to allow uploading to Google Play (see tor-browser-build#40992) + +Tor Browser 13.0.1 - October 24 2023 + * All Platforms + * Bug 42185: Rebase stable browsers on top of 115.4.0esr [tor-browser] + * Bug 42191: Backport security fixes (Android & wontfix) from Firefox 119 to 115.4 - based Tor Browser [tor-browser] + * Bug 40975: libstdc++.so.6 is included twice in tor-browser [tor-browser-build] + * Windows + macOS + Linux + * Updated Firefox to 115.4.0esr + * Bug 42182: Default Search Engine Does Not Persist Through Shift to New Identity [tor-browser] + * Android + * Updated GeckoView to 115.4.0esr + * Build System + * All Platforms + * Updated Go to 1.21.3 + * Bug 40976: Update download-unsigned-sha256sums-gpg-signatures-from-people-tpo to fetch from tb-build-02 and tb-build-03 [tor-browser-build] + * Bug 40062: Copy input directories to containers recursively [rbm] + * Windows + Linux + * Bug 40991: Fix creation of downloads-windows-x86_64.json and downloads-linux-x86_64.json [tor-browser-build] + * Windows + * Bug 40984: The PDBs for .exe are not included [tor-browser-build] + * Linux + * Bug 40979: Add redirects from old Linux bundle filename to the new one [tor-browser-build] + +Tor Browser 13.0 - October 12 2023 + * All Platforms + * Updated tor to 0.4.8.7 + * Updated OpenSSL to 3.0.11 + * Bug 40050: FF103 Audit [tor-browser-spec] + * Bug 40051: FF104 Audit [tor-browser-spec] + * Bug 40052: FF105 Audit [tor-browser-spec] + * Bug 40053: FF106 Audit [tor-browser-spec] + * Bug 40054: FF107 Audit [tor-browser-spec] + * Bug 40055: FF108 Audit [tor-browser-spec] + * Bug 40056: FF109 Audit [tor-browser-spec] + * Bug 40057: FF110 Audit [tor-browser-spec] + * Bug 40058: FF111 Audit [tor-browser-spec] + * Bug 40059: FF112 Audit [tor-browser-spec] + * Bug 40060: FF113 Audit [tor-browser-spec] + * Bug 40061: FF114 Audit [tor-browser-spec] + * Bug 40062: FF115 Audit [tor-browser-spec] + * Bug 26277: When "Safest" setting is enabled searching using duckduckgo should always use the Non-Javascript site for searches [tor-browser] + * Bug 40577: Add "suggest url" in DDG onion's manifest [tor-browser] + * Bug 40938: Migrate remaining torbutton functionality to tor-browser [tor-browser] + * Bug 41092: Enable tracking query parameters stripping [tor-browser] + * Bug 41327: Disable UrlbarProviderInterventions [tor-browser] + * Bug 41399: Update Mozilla's patch for Bug 1675054 to enable brotli encoding for HTTP onions as well [tor-browser] + * Bug 41477: Review some extensions.* preferences [tor-browser] + * Bug 41496: Review 000-tor-browser.js and 001-base-profile.js for 115 [tor-browser] + * Bug 41576: ESR115: ensure no remote calls for weather & addon suggestions [tor-browser] + * Bug 41605: Remove unused assets from torbutton (preferences-mobile.css) [tor-browser] + * Bug 41675: Remove javascript.options.large_arraybuffers [tor-browser] + * Bug 41727: WebRTC privacy-hardening settings [tor-browser] + * Bug 41740: ESR115: change devicePixelRatio spoof to 2 in alpha for testing [tor-browser] + * Bug 41752: Review changes done by Bug 41565 [tor-browser] + * Bug 41796: Rebase Tor Browser to Firefox 115 [tor-browser] + * Bug 41797: Lock RFP in release builds [tor-browser] + * Bug 41934: Websocket raises DOMException on http onions in 13.0a1 [tor-browser] + * Bug 41936: Review Mozilla 1770158: Use double-conversion library instead of dtoa for string-to-double conversion [tor-browser] + * Bug 41937: Review Mozilla 1780014: Add specific telemetry for conservative and first-try handshakes [tor-browser] + * Bug 41938: Review Mozilla 1769994: On systems with IPv6 preferred DNS resolution clients will fail to connect when "localhost" is used as host for the WebSocket server [tor-browser] + * Bug 41939: Review Mozilla 1728871: Support fetching data from Remote Setting [tor-browser] + * Bug 41941: Review Mozilla 1775254: Improve Math.pow accuracy for large exponents [tor-browser] + * Bug 41943: Lock javascript.options.spectre.disable_for_isolated_content to false [tor-browser] + * Bug 41945: Review Mozilla 1783019: Add a cookie banner service to automatically handle website cookie banners [tor-browser] + * Bug 41946: Review Mozilla 1782579: Add a locale parameter to the text recognition API [tor-browser] + * Bug 41947: Review Mozilla 1779005: Broken since Firefox 102.0: no instant fallback to direct connection when proxy became unreachable while runtime [tor-browser] + * Bug 41950: Review Mozilla 1788668: Add the possibility to check that the clipboard contains some pdfjs stuff [tor-browser] + * Bug 41951: Review Mozilla 1790681: Enable separatePrivateDefault by default [tor-browser] + * Bug 41959: Review Mozilla 1795944: Remove descriptionheightworkaround [tor-browser] + * Bug 41960: Review Mozilla 1797896: Proxy environment variables should be upper case / case insensitive [tor-browser] + * Bug 41961: Review Mozilla 1798868: Hide cookie banner handling UI by default [tor-browser] + * Bug 41969: Review Mozilla 1746983: Re-enable pingsender2 [tor-browser] + * Bug 41970: Review Mozilla 17909270: WebRTC bypasses Network settings & proxy.onRequest [tor-browser] + * Bug 41984: Rename languageNotification.ftl to base-browser.ftl [tor-browser] + * Bug 42013: Review Mozilla 1834374: Do not call EmptyClipboard() in nsBaseClipboard destructor [tor-browser] + * Bug 42014: Review Mozilla 1832791: Implement a Remote Settings for the Quarantined Domains pref [tor-browser] + * Bug 42015: Review Mozilla 1830890: Keep a history window of WebRTC stats for about:webrtc [tor-browser] + * Bug 42019: Empty browser's clipboard on browser shutdown [tor-browser] + * Bug 42026: Disable cookie banner service and UI. [tor-browser] + * Bug 42029: Defense-in-depth: disable non-proxied UDP WebRTC [tor-browser] + * Bug 42034: aboutTBUpdate.dtd is duplicated [tor-browser] + * Bug 42043: Disable gUM: media.devices.enumerate.legacy.enabled [tor-browser] + * Bug 42061: Move the alpha update channel creation to a commit on its own [tor-browser] + * Bug 42084: Race condition with language preferences may make spoof_english ineffective [tor-browser] + * Bug 42085: NEWNYM signal missing on Whonix [tor-browser] + * Bug 42094: Disable `media.aboutwebrtc.hist.enabled` as security in-depth [tor-browser] + * Bug 42120: Use foursquare as domain front for snowflake [tor-browser] + * Bug 40887: Update Webtunnel version to 38eb5505 [tor-browser-build] + * Windows + macOS + Linux + * Updated Firefox to 115.3.1esr + * Bug 30556: Re-evaluate letterboxing dimension choices [tor-browser] + * Bug 32328: Improve error recovery from the red screen of death [tor-browser] + * Bug 33282: Increase the max width of new windows [tor-browser] + * Bug 33955: Selecting "Copy image" from menu leaks the source URL to the clipboard. This data is often dereferenced by other applications. [tor-browser] + * Bug 40175: Connections in reader mode are not FPI [tor-browser] + * Bug 40982: Cleanup maps in tor-circuit-display [tor-browser] + * Bug 40983: Move not UI-related torbutton.js code to modules [tor-browser] + * Bug 41165: Crash with debug assertions enabled [tor-browser] + * Bug 41333: Modernize Tor Browser's new-tab page (about:tor) [tor-browser] + * Bug 41423: about:tor semantic and accessibility problems [tor-browser] + * Bug 41528: Hard-coded English "based on Mozilla Firefox" appears in version in "About" dialog [tor-browser] + * Bug 41581: ESR115: figure out extension pinning / unified Extensions [tor-browser] + * Bug 41639: Fix the wordmark (title and background) of the "About Tor Browser" window [tor-browser] + * Bug 41642: Do not hide new PBM in the hamburger menu if auto PBM is not enabled [tor-browser] + * Bug 41651: Use moz-toggle in connection preferences [tor-browser] + * Bug 41691: "Firefox Suggest" text appearing in UI [tor-browser] + * Bug 41717: Bookmark toolbar visibility on new tabs is not honored when new tab page is not about:blank [tor-browser] + * Bug 41739: Remove "Website appearance" [tor-browser] + * Bug 41741: Refactor the domain isolator and new circuit [tor-browser] + * Bug 41765: TTP-02-006 WP1: Information leaks via custom homepage (Low) [tor-browser] + * Bug 41766: TTP-02-001 WP1: XSS in TorConnect's captive portal (Info) [tor-browser] + * Bug 41771: Decide what to do for firefoxview [tor-browser] + * Bug 41774: Hide the new "Switching to a new device" help menu item [tor-browser] + * Bug 41791: Copying page contents also puts the source URL on the clipboard [tor-browser] + * Bug 41812: Review layout for XUL elements [tor-browser] + * Bug 41813: Look out for links missing underlines in ESR 115-based alphas [tor-browser] + * Bug 41821: Fix the proxy type in the proxy modal of about:preferences in 13.0 [tor-browser] + * Bug 41822: The default browser button came back on 115 [tor-browser] + * Bug 41833: Reload extensions on new identity [tor-browser] + * Bug 41834: Hide "Can't Be Removed - learn more" menu line for uninstallable add-ons [tor-browser] + * Bug 41842: Remove the old removal logics from Torbutton [tor-browser] + * Bug 41844: Stop using the control port directly [tor-browser] + * Bug 41845: Stop forcing (bad) pref values for non-PBM users [tor-browser] + * Bug 41852: Review the Tor Check Service UX [tor-browser] + * Bug 41864: TOR_CONTROL_HOST and TOR_SOCKS_HOST do not work as expected when the browser launches tor [tor-browser] + * Bug 41865: Use --text-color-deemphasized rather than --panel-description-color [tor-browser] + * Bug 41874: Visual & A11 regressions in add-on badges [tor-browser] + * Bug 41876: Remove Firefox View from title bar [tor-browser] + * Bug 41877: NoScript seems to be blocking by default in the first 115-based testbuild [tor-browser] + * Bug 41881: Developer tools/Network/New Request remembers requests [tor-browser] + * Bug 41886: Downloads drop-down panel has new-line/line-break between every word in the 'Be careful opening downloads' warning [tor-browser] + * Bug 41904: The log textarea doesn't resize anymore [tor-browser] + * Bug 41906: Hide about:preferences#privacy > DNS over HTTPS section [tor-browser] + * Bug 41907: The bootstrap is interrupted without any errors if the process becomes ready when already bootstrapping [tor-browser] + * Bug 41912: "Use Current Bridges" is shown for users even when there aren't any current bridges [tor-browser] + * Bug 41922: Unify the bridge line parsers [tor-browser] + * Bug 41923: The path normalization results in warnings [tor-browser] + * Bug 41924: Small refactors for TorProcess [tor-browser] + * Bug 41925: Remove the torbutton startup observer [tor-browser] + * Bug 41926: Refactor the control port client implementation [tor-browser] + * Bug 41931: Regression: new window leaks outer window [tor-browser] + * Bug 41935: Improve new window & letterboxing dimensions [tor-browser] + * Bug 41940: Review Mozilla 1739348: When a filetype is set to "always ask" and the user makes a save/open choice in the dialog, we should not also open the downloads panel [tor-browser] + * Bug 41949: Review Mozilla 1782578: Implement a context menu modal for text recognition [tor-browser] + * Bug 41954: Inputs in the request a bridge dialog are cut-off in 13.0 alpha [tor-browser] + * Bug 41957: Revert to Fx's default identity block style for internal pages [tor-browser] + * Bug 41958: Console error when closing tor browser with about:preferences open [tor-browser] + * Bug 41964: `emojiAnnotations` not defined in time in connection preferences [tor-browser] + * Bug 41965: TorConnect error when opening browser tools [tor-browser] + * Bug 41971: Update Tails URL in downloads warning [tor-browser] + * Bug 41973: Custom wingpanels don't line up with their toolbar icons in 13.0 alpha [tor-browser] + * Bug 41974: De-emphasized text in custom components is no longer gray in 13.0 alpha [tor-browser] + * Bug 41975: Downloads warning text too narrow in 13.0 alpha [tor-browser] + * Bug 41976: Bottom padding on collapsed bridge cards has increased in 13.0 alpha [tor-browser] + * Bug 41977: Hide the "Learn more" link in bridge cards [tor-browser] + * Bug 41980: Circuit display headline is misaligned in 13.0 alpha [tor-browser] + * Bug 41981: Review Mozilla 1800675: Add about:preferences entry for cookie banner handling [tor-browser] + * Bug 41983: Review Mozilla 1770447: Create a reusable "support-link" widget [tor-browser] + * Bug 41986: Fix the control port password handling [tor-browser] + * Bug 41994: CSS (and other assets) of some websites blocked in 13.0 alpha [tor-browser] + * Bug 42022: Prevent extension search engines from breaking the whole search system [tor-browser] + * Bug 42027: Create a Base Browser version of migrateUI [tor-browser] + * Bug 42037: Disable about:firefoxview [tor-browser] + * Bug 42041: TBB --allow-remote mixes up with plain Firefox [tor-browser] + * Bug 42045: Circuit panel overflows with long ipv6 addresses [tor-browser] + * Bug 42046: Remove XUL layout hacks from base browser [tor-browser] + * Bug 42047: Remove layout hacks from tor browser preferences [tor-browser] + * Bug 42050: Bring back Save As... dialog as default [tor-browser] + * Bug 42073: Add simplified onion pattern to the new homepage [tor-browser] + * Bug 42075: Fix link spacing and underline on new homepage [tor-browser] + * Bug 42079: TorConnect: handle switching from Bootstrapped to Configuring state [tor-browser] + * Bug 42083: RemoteSecuritySettings.init throws error in console [tor-browser] + * Bug 42091: Onion authorization prompt overflows [tor-browser] + * Bug 42092: Onion services key table display problems. [tor-browser] + * Bug 42098: Implement Windows installer icons [tor-browser] + * Bug 42100: Connect Assist dropdown text not centered [tor-browser] + * Bug 42102: TorProcess says the SOCKS port is not valid even though it is [tor-browser] + * Bug 42109: Onion services keys table has empty column headers. [tor-browser] + * Bug 42110: Add a utility module for shared UI methods needed for several tor browser components [tor-browser] + * Bug 42126: moat and connect assist broken for people who can't reach domain front [tor-browser] + * Bug 42129: Disable the Tor restart prompt if shouldStartAndOwnTor is false [tor-browser] + * Bug 42131: Tor Browser 13.0a5 does not track circuits created before Tor Browser started [tor-browser] + * Bug 42132: The new control port handling in Tor Browser 13 breaks a Tails security feature [tor-browser] + * Bug 42138: Disable apz.overscroll.enabled pref [tor-browser] + * Bug 42155: Drop the unused code for the old bridge removal warning [tor-browser] + * Bug 42159: Responsive Design Mode not working correctly [tor-browser] + * Bug 42160: Allow specifying a TOR_PROVIDER=none to configure only the proxy settings during the TorProviderBuilder initialization [tor-browser] + * Bug 42166: New identity dialog missing accessible name [tor-browser] + * Bug 42167: Make the preference auto-focus more reliable [tor-browser] + * Bug 40821: The update details URL is wrong in alphas [tor-browser-build] + * Bug 40893: Update (Noto) fonts for 13.0 [tor-browser-build] + * Bug 40924: Customize MOZ_APP_REMOTINGNAME instead of passing --name and --class [tor-browser-build] + * Bug 40938: Copy the new tor-browser.ftl file to the appropriate directory [tor-browser-build] + * Windows + Android + * Bug 40930: Upate zlib to 1.3 after 13.0a3 [tor-browser-build] + * Windows + * Bug 40737: Revert backout of Mozilla's fix for bug 1724777 [tor-browser] + * Bug 41658: Create new installer icons for Windows [tor-browser] + * Bug 41798: Stop building private_browsing.exe on Windows [tor-browser] + * Bug 41806: Prevent Private Browsing start menu item to be added automatically [tor-browser] + * Bug 41942: Review Mozilla 1682520: Use the WER runtime exception module to catch early crashes [tor-browser] + * Bug 41944: Review Mozilla 1774083: Add Surrogate COM Server to handle native Windows notifications when Firefox is closed. [tor-browser] + * Bug 42008: Review Mozilla 1808146: Copying images from Pixiv and pasting them in certain programs is broken [tor-browser] + * Bug 42010: Review Mozilla 1810641: Enable overscroll on Windows on all channels [tor-browser] + * Bug 42087: Implement Windows application icons [tor-browser] + * Bug 40954: Implement Windows installer icons [tor-browser-build] + * macOS + * Bug 41948: Review Mozilla 1782981: Hide the text recognition context menu if the macOS version doesn't support APIs [tor-browser] + * Bug 41955: Update macOS volume window background [tor-browser] + * Bug 41982: Review Mozilla 1762392: Add Cocoa platform support for paste files [tor-browser] + * Bug 42057: Disable Platform text-recognition functionality [tor-browser] + * Bug 42078: Implement MacOS application icons [tor-browser] + * Bug 42147: Add browser.helperApps.deleteTempFileOnExit to our profile [tor-browser] + * Linux + * Bug 41509: After update, KDE Plasma identifies Tor Browser Nightly window group as "firefox-nightly" [tor-browser] + * Bug 41884: Linux: set browser.tabs.searchclipboardfor.middleclick to false [tor-browser] + * Bug 42088: Implement Linux application icons [tor-browser] + * Bug 40576: Fontconfig warning: remove 'blank' configuration [tor-browser-build] + * Android + * Updated GeckoView to 115.3.1esr + * Bug 41878: firefox-mobile: refactor tor bootstrap off deleted onboarding path [tor-browser] + * Bug 41882: Update DuckDuckGo icons [tor-browser] + * Bug 41911: Firefox-Android tor bootstrap connect button css broken [tor-browser] + * Bug 41928: Backport Android-specific security fixes from Firefox 116 to ESR 102.14 / 115.1 - based Tor Browser [tor-browser] + * Bug 41972: Disable Firefox onboarding in 13.0 [tor-browser] + * Bug 41990: Review Mozilla 1811531: Add 'site' query parameter to Pocket sponsored stories request [tor-browser] + * Bug 41991: Review Mozilla 1812518: Allow a custom View for 3rd party downloads [tor-browser] + * Bug 41993: Review Mozilla 1810761: Add API for saving a PDF [tor-browser] + * Bug 41996: App includes com.google.android.gms.permission.AD_ID permission [tor-browser] + * Bug 41997: com.adjust.sdk.Adjust library enables AD_ID permission even though we aren't using it [tor-browser] + * Bug 41999: TB13.0a2 android: center text on connect button [tor-browser] + * Bug 42001: Hide 'Open links in external app' settings option and force defaults [tor-browser] + * Bug 42002: Review Mozilla 1809305: Allow user to copy an image to the clipboard [tor-browser] + * Bug 42003: Review Mozilla 1819431: Reimplement default browser notification with Nimbus Messaging equivalent [tor-browser] + * Bug 42004: Review Mozilla 1818015: Use a custom tab or the view we use for Sync onboarding for the Privacy button [tor-browser] + * Bug 42005: Review Mozilla 1816932: Add Maps to app links common sub domains [tor-browser] + * Bug 42006: Review Mozilla 1817726: Allow sharing current tab URL from Android's Recents (App Overview) screen. [tor-browser] + * Bug 42007: Review Mozilla 1805450: Allow users to submit site support requests in Fenix [tor-browser] + * Bug 42012: Review Mozilla 1810629: add an Android shortcut to go straight to the login and passwords page [tor-browser] + * Bug 42016: Review Mozilla 1832069: Implement Google Play Referrer Library to fetch referrer URL [tor-browser] + * Bug 42018: Rebase Firefox for Android to 115.2.1 [tor-browser] + * Bug 42023: Remove FF what's new from Android [tor-browser] + * Bug 42038: TBA Alpha - inscriptions Tor Browser Alpha and FireFox Browser simultaneously on the start screen [tor-browser] + * Bug 42074: YEC 2023 Takeover for Android Stable [tor-browser] + * Bug 42076: Theme is visible in options, but shouldn't be [tor-browser] + * Bug 42089: Disable the Cookie Banner Reduction site support requests (Mozilla 1805450) [tor-browser] + * Bug 42114: Disable Allow sharing current tab URL from Android's Recents screen in private browsing mode [tor-browser] + * Bug 42115: Enhanced Tracking Protection can still be enabled [tor-browser] + * Bug 42122: playstore console crashes: java.lang.NoSuchMethodError [tor-browser] + * Bug 42133: Remove "Total Cookie Protection" popup [tor-browser] + * Bug 42134: Remove Android icon shortcuts [tor-browser] + * Bug 42156: Screenshot allowing still blocks homescreen (android) [tor-browser] + * Bug 42157: Fix Help button URL [tor-browser] + * Bug 42165: Remove "Add to shortcuts" and "Remove from shortcuts" buttons [tor-browser] + * Bug 42158: Remove "Customize Homepage" button [tor-browser] + * Bug 40740: Tor Browser for Android's snowflake ClientTransportPlugin seems to be out of date [tor-browser-build] + * Bug 40919: Fix nimbus-fml reproducibility of 13.0a2-build1 [tor-browser-build] + * Bug 40941: Remove PT process options on Android [tor-browser-build] + * Build System + * All Platforms + * Updated Go to 1.21.1 + * Bug 42130: Add support for specifying the branch in `tb-dev rebase-on-default` [tor-browser] + * Bug 31588: Be smarter about vendoring for Rust projects [tor-browser-build] + * Bug 40089: Clean up usage of get-moz-build-date script [tor-browser-build] + * Bug 40410: Get rid of python2 [tor-browser-build] + * Bug 40487: Bump Python version [tor-browser-build] + * Bug 40741: Update browser and tor-android-service projects to pull data from pt_config.json [tor-browser-build] + * Bug 40802: Drop the patch for making WASI reproducible [tor-browser-build] + * Bug 40829: Review and standardize naming scheme for browser installer/package artifacts [tor-browser-build] + * Bug 40854: Update to OpenSSL 3.0 [tor-browser-build] + * Bug 40855: Update toolchains for Mozilla 115 [tor-browser-build] + * Bug 40868: Bump Rust to 1.69.0 [tor-browser-build] + * Bug 40880: The README doesn't include some dependencies needed for building incrementals [tor-browser-build] + * Bug 40886: Update README with instructions for Arch linux [tor-browser-build] + * Bug 40898: Add doc from tor-browser-spec/processes/ReleaseProcess to gitlab issue templates [tor-browser-build] + * Bug 40908: Enable the --enable-gpl config flag in tor to bring in PoW functionality [tor-browser-build] + * Bug 40929: Update go to 1.21 series after 13.0a3 [tor-browser-build] + * Bug 40932: Remove appname_bundle_android, appname_bundle_macos, appname_bundle_linux, appname_bundle_win32, appname_bundle_win64 from projects/release/update_responses_config.yml [tor-browser-build] + * Bug 40935: Fix fallout from build target rename in signing scripts [tor-browser-build] + * Bug 40948: Remove lyrebird-vendor sha256sum in nightly [tor-browser-build] + * Bug 40957: Expired subkey warning on Tor Browser GPG verification [tor-browser-build] + * Bug 40972: Handle Mullvad Browser in the changelog script and group entries by project [tor-browser-build] + * Windows + macOS + Linux + * Bug 41967: Add a Makefile recipe to create multi-lingual dev builds [tor-browser] + * Bug 40149: Remove patching of nightly update URL [tor-browser-build] + * Bug 40615: Consider adding a readme to the fonts directory [tor-browser-build] + * Bug 40907: Sometimes debug information are not deterministic with Clang 16.0.4 [tor-browser-build] + * Bug 40922: Use base-browser.ftl instead of languageNotification.ftl [tor-browser-build] + * Bug 40931: Fix incrementals after tor-browser-build#40829 [tor-browser-build] + * Bug 40933: Fix generating incrementals between 12.5.x and 13.0 [tor-browser-build] + * Bug 40942: Use the branch to build Base Browser [tor-browser-build] + * Bug 40944: After #40931, updates_responses is using incremental.mar files as if they were non-incremental mar files [tor-browser-build] + * Bug 40947: Remove migrate_langs from tools/signing/nightly/update-responses-base-config.yml [tor-browser-build] + * Bug 40956: Allow testing the updater also with release and alpha channel [tor-browser-build] + * Windows + * Bug 41995: Generated headers on Windows aren't reproducible [tor-browser] + * Bug 40832: Unify mingw-w64-clang 32+64 bits [tor-browser-build] + * Bug 40940: Change position of the `install|portable` in the builds filenames [tor-browser-build] + * macOS + * Bug 42035: Update tools/torbrowser/ scripts to support macOS dev environment [tor-browser] + * Bug 40943: Update libdmg-hfsplus to include our uplifted patch [tor-browser-build] + * Bug 40951: Firefox fails to build for macOS after tor-browser-build#40938 [tor-browser-build] + * Linux + * Bug 42071: tor-browser deployed format changed breaking fetch.sh [tor-browser] + * Bug 40102: Move from Debian Jessie to Debian Stretch for our Linux builds [tor-browser-build] + * Bug 40971: Stop shipping Linux i686 debug archive until we actually produce the symbols [tor-browser-build] + * Android + * Bug 41899: Use LLD for Android [tor-browser] + * Bug 40867: Create a RBM project for the unified Android repository [tor-browser-build] + * Bug 40917: Remove the uniffi-rs project [tor-browser-build] + * Bug 40918: The commit hash is still not displayed about:buildconfig on Android [tor-browser-build] + * Bug 40920: Non-deterministic generation of baseline.profm file in Android apks [tor-browser-build] + * Bug 40963: Tor Browesr 13.0 torbrowser-testbuild-android* targets fail to build [tor-browser-build] + * Bug 40974: firefox-android fails to build in release [tor-browser-build] + Tor Browser 13.0a6 - September 29 2023 * All Platforms * Updated tor to 0.4.8.7 ===================================== projects/browser/allowed_addons.json ===================================== @@ -17,7 +17,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/34/9734/13299734/13299734.pn…" } ], - "average_daily_users": 1015730, + "average_daily_users": 1041726, "categories": { "android": [ "experimental", @@ -31,7 +31,7 @@ "contributions_url": "https://opencollective.com/darkreader?utm_content=product-page-contribute&u…", "created": "2017-09-19T07:03:00Z", "current_version": { - "id": 5628331, + "id": 5631046, "compatibility": { "firefox": { "min": "54.0", @@ -42,7 +42,7 @@ "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/darkreader/versions/56283…", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/darkreader/versions/56310…", "is_strict_compatibility_enabled": false, "license": { "id": 22, @@ -53,22 +53,22 @@ "url": "http://www.opensource.org/license/mit" }, "release_notes": { - "en-US": "- UI improvements.\n- Users' fixes for websites." + "en-US": "- Fixed Site List (when some URL had a port).\n- Users' fixes for websites." }, - "reviewed": "2023-09-27T06:58:45Z", - "version": "4.9.66", + "reviewed": "2023-10-03T12:42:56Z", + "version": "4.9.67", "files": [ { - "id": 4172671, - "created": "2023-09-25T18:47:59Z", - "hash": "sha256:20b53356c36b0c76df614e2cb84e7ff3e1ab75b4fe2fd2bbca039026d018813f", + "id": 4175386, + "created": "2023-10-01T20:00:40Z", + "hash": "sha256:128a151f04af774463448fe1cdb944f6c5095fb17991f82d9aec3c8c4513308e", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 675035, + "size": 675277, "status": "public", - "url": "https://addons.mozilla.org/firefox/downloads/file/4172671/darkreader-4.9.66…", + "url": "https://addons.mozilla.org/firefox/downloads/file/4175386/darkreader-4.9.67…", "permissions": [ "alarms", "contextMenus", @@ -146,7 +146,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-09-27T06:58:45Z", + "last_updated": "2023-10-03T12:42:56Z", "name": { "ar": "Dark Reader", "bn": "Dark Reader", @@ -221,10 +221,10 @@ "category": "recommended" }, "ratings": { - "average": 4.5529, - "bayesian_average": 4.551750086132407, - "count": 5167, - "text_count": 1630 + "average": 4.5559, + "bayesian_average": 4.554766761229173, + "count": 5217, + "text_count": 1637 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/reviews/", "requires_payment": false, @@ -321,7 +321,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/darkreader/versions/", - "weekly_downloads": 26198 + "weekly_downloads": 30232 }, "notes": null }, @@ -337,7 +337,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/56/7656/6937656/6937656.png?…" } ], - "average_daily_users": 257049, + "average_daily_users": 258282, "categories": { "android": [ "security-privacy" @@ -346,7 +346,7 @@ "privacy-security" ] }, - "contributions_url": "", + "contributions_url": "https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=decentraleyes…", "created": "2014-06-10T05:46:02Z", "current_version": { "id": 5613891, @@ -554,9 +554,9 @@ }, "ratings": { "average": 4.8129, - "bayesian_average": 4.808245170153086, - "count": 1363, - "text_count": 241 + "bayesian_average": 4.808231824095256, + "count": 1368, + "text_count": 242 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/reviews/", "requires_payment": false, @@ -641,7 +641,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/versions/", - "weekly_downloads": 3111 + "weekly_downloads": 4065 }, "notes": null }, @@ -657,7 +657,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/73/4073/5474073/5474073.png?…" } ], - "average_daily_users": 1118348, + "average_daily_users": 1153485, "categories": { "android": [ "security-privacy" @@ -1181,10 +1181,10 @@ "category": "recommended" }, "ratings": { - "average": 4.8005, - "bayesian_average": 4.797737875525005, - "count": 2291, - "text_count": 436 + "average": 4.7947, + "bayesian_average": 4.79198426686003, + "count": 2314, + "text_count": 440 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/reviews/", "requires_payment": false, @@ -1208,7 +1208,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/versions/", - "weekly_downloads": 18647 + "weekly_downloads": 31933 }, "notes": null }, @@ -1224,7 +1224,7 @@ "picture_url": null } ], - "average_daily_users": 6595621, + "average_daily_users": 6836836, "categories": { "android": [ "security-privacy" @@ -1389,7 +1389,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-09-25T15:47:17Z", + "last_updated": "2023-10-31T20:40:30Z", "name": { "ar": "uBlock Origin", "bg": "uBlock Origin", @@ -1534,10 +1534,10 @@ "category": "recommended" }, "ratings": { - "average": 4.783, - "bayesian_average": 4.782607382532181, - "count": 16057, - "text_count": 4165 + "average": 4.7832, + "bayesian_average": 4.782818039785372, + "count": 16415, + "text_count": 4271 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/reviews/", "requires_payment": false, @@ -1599,7 +1599,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/versions/", - "weekly_downloads": 144531 + "weekly_downloads": 263053 }, "notes": null }, @@ -1615,7 +1615,7 @@ "picture_url": null } ], - "average_daily_users": 170729, + "average_daily_users": 171309, "categories": { "android": [ "photos-media" @@ -1714,10 +1714,10 @@ "category": "recommended" }, "ratings": { - "average": 4.4899, - "bayesian_average": 4.484788968165164, - "count": 1141, - "text_count": 425 + "average": 4.49, + "bayesian_average": 4.484869455864706, + "count": 1145, + "text_count": 428 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/re…", "requires_payment": false, @@ -1739,7 +1739,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/video-background-play-fix/ve…", - "weekly_downloads": 320 + "weekly_downloads": 448 }, "notes": null }, @@ -1755,7 +1755,7 @@ "picture_url": null } ], - "average_daily_users": 86942, + "average_daily_users": 87055, "categories": { "android": [ "experimental", @@ -1893,7 +1893,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/privacy-possum/versions/", - "weekly_downloads": 2292 + "weekly_downloads": 1989 }, "notes": null }, @@ -1909,7 +1909,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/64/9064/12929064/12929064.pn…" } ], - "average_daily_users": 268632, + "average_daily_users": 275348, "categories": { "android": [ "photos-media", @@ -1923,18 +1923,18 @@ "contributions_url": "https://www.paypal.com/donate?hosted_button_id=GLL4UNSNU6SQN&utm_content=pr…", "created": "2017-06-17T15:23:33Z", "current_version": { - "id": 5588477, + "id": 5634958, "compatibility": { "firefox": { "min": "91.0", "max": "*" }, "android": { - "min": "91.0", + "min": "113.0", "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/search_by_image/versions/…", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/search_by_image/versions/…", "is_strict_compatibility_enabled": false, "license": { "id": 6, @@ -1947,20 +1947,20 @@ "release_notes": { "en-US": "Learn more about this release from the <a href=\"https://prod.outgoing.prod.webservices.mozgcp.net/v1/d50855f24f77fa6f2614b9…" rel=\"nofollow\">changelog</a>." }, - "reviewed": "2023-07-06T11:07:12Z", - "version": "5.7.0", + "reviewed": "2023-10-11T19:12:27Z", + "version": "5.8.1", "files": [ { - "id": 4132819, - "created": "2023-07-02T12:35:20Z", - "hash": "sha256:9149335f16762c6d4f33ce39f036db763b8c4a3250f5e04e915b827da22a0eb1", + "id": 4179298, + "created": "2023-10-10T10:43:18Z", + "hash": "sha256:ce8b510ba1df4bb941a5a82001ec85e92b6a265701ae141a7e9c63df0155e7db", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 1198456, + "size": 1205732, "status": "public", - "url": "https://addons.mozilla.org/firefox/downloads/file/4132819/search_by_image-5…", + "url": "https://addons.mozilla.org/firefox/downloads/file/4179298/search_by_image-5…", "permissions": [ "alarms", "clipboardRead", @@ -2002,7 +2002,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-07-06T11:07:12Z", + "last_updated": "2023-10-11T19:12:27Z", "name": { "en-US": "Search by Image" }, @@ -2128,10 +2128,10 @@ "category": "recommended" }, "ratings": { - "average": 4.6533, - "bayesian_average": 4.648688441384268, - "count": 1321, - "text_count": 255 + "average": 4.6525, + "bayesian_average": 4.647982629568954, + "count": 1341, + "text_count": 257 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/reviews/", "requires_payment": false, @@ -2152,7 +2152,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/search_by_image/versions/", - "weekly_downloads": 4242 + "weekly_downloads": 6201 }, "notes": null }, @@ -2175,7 +2175,7 @@ "picture_url": null } ], - "average_daily_users": 112240, + "average_daily_users": 114064, "categories": { "android": [ "other" @@ -2458,10 +2458,10 @@ "category": "recommended" }, "ratings": { - "average": 4.3746, - "bayesian_average": 4.370112364351098, - "count": 1260, - "text_count": 351 + "average": 4.3672, + "bayesian_average": 4.3627273427174105, + "count": 1269, + "text_count": 356 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/reviews/", "requires_payment": false, @@ -2481,7 +2481,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/google-search-fixer/versions/", - "weekly_downloads": 60 + "weekly_downloads": 34 }, "notes": null }, @@ -2497,7 +2497,7 @@ "picture_url": "https://addons.mozilla.org/user-media/userpics/43/0143/143/143.png?modified…" } ], - "average_daily_users": 306445, + "average_daily_users": 309249, "categories": { "android": [ "performance", @@ -2511,7 +2511,7 @@ "contributions_url": "https://www.paypal.com/donate/?hosted_button_id=9ERKTU5MBH4EW&utm_content=p…", "created": "2005-05-13T10:51:32Z", "current_version": { - "id": 5620645, + "id": 5634098, "compatibility": { "firefox": { "min": "59.0", @@ -2522,7 +2522,7 @@ "max": "*" } }, - "edit_url": "https://addons.mozilla.org/en-US/developers/addon/noscript/versions/5620645", + "edit_url": "https://addons.mozilla.org/en-US/developers/addon/noscript/versions/5634098", "is_strict_compatibility_enabled": false, "license": { "id": 13, @@ -2533,22 +2533,22 @@ "url": "http://www.gnu.org/licenses/gpl-2.0.html" }, "release_notes": { - "en-US": "v 11.4.27\n============================================================\nx [XSS] Better specificity of HTML elements preliminary\n checks\nx [XSS] Better specificity of potential fragmented injection\n through framework syntax detection (thanks Rom623, barbaz\n et al)\nx [nscl] RegExp.combo(): RegExp creation by combination for\n better readability and comments\nx [nscl] Replaced lib/sha256.js with web platform native\n implementation (thanks Martin for suggested patch)\nx [nscl] Fixed property/function mismatch (thanks Alex)\nx Fixed operators precedence issue #312 (thanks Alex)\nx [nscl] Prevent dead object access on BF cache (thanks\n jamhubub and mriehm)" + "en-US": "v 11.4.28\n============================================================\nx Prevent URL leaks from media placeholders (thanks NDevTK\n for report)\nx [nscl] Support for in-tree TLDs updates" }, - "reviewed": "2023-09-13T06:54:08Z", - "version": "11.4.27", + "reviewed": "2023-10-10T11:09:38Z", + "version": "11.4.28", "files": [ { - "id": 4164985, - "created": "2023-09-08T14:50:57Z", - "hash": "sha256:6b57d9afce663f801177b7492fe7f00967ee3e66b6351b2cf3ff2a6c3ca99637", + "id": 4178438, + "created": "2023-10-08T20:33:10Z", + "hash": "sha256:54d076b3226d454216117547f6441d2f95af3057d20f726e55d94b0f22573c14", "is_restart_required": false, "is_webextension": true, "is_mozilla_signed_extension": false, "platform": "all", - "size": 950105, + "size": 950895, "status": "public", - "url": "https://addons.mozilla.org/firefox/downloads/file/4164985/noscript-11.4.27.…", + "url": "https://addons.mozilla.org/firefox/downloads/file/4178438/noscript-11.4.28.…", "permissions": [ "contextMenus", "storage", @@ -2615,7 +2615,7 @@ }, "is_disabled": false, "is_experimental": false, - "last_updated": "2023-09-13T06:54:08Z", + "last_updated": "2023-10-19T21:15:36Z", "name": { "de": "NoScript", "el": "NoScript", @@ -2687,10 +2687,10 @@ "category": "recommended" }, "ratings": { - "average": 4.3975, - "bayesian_average": 4.39481198926411, - "count": 2118, - "text_count": 819 + "average": 4.3989, + "bayesian_average": 4.396241929512946, + "count": 2131, + "text_count": 825 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/reviews/", "requires_payment": false, @@ -2734,7 +2734,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/noscript/versions/", - "weekly_downloads": 7499 + "weekly_downloads": 11099 }, "notes": null }, @@ -2750,7 +2750,7 @@ "picture_url": null } ], - "average_daily_users": 153737, + "average_daily_users": 154031, "categories": { "android": [ "performance", @@ -2862,10 +2862,10 @@ "category": "recommended" }, "ratings": { - "average": 3.8896, - "bayesian_average": 3.8854127838445747, - "count": 1169, - "text_count": 420 + "average": 3.869, + "bayesian_average": 3.864863430682611, + "count": 1183, + "text_count": 428 }, "ratings_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/revi…", "requires_payment": false, @@ -2884,7 +2884,7 @@ "type": "extension", "url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/", "versions_url": "https://addons.mozilla.org/en-US/firefox/addon/youtube-high-definition/vers…", - "weekly_downloads": 1730 + "weekly_downloads": 2838 }, "notes": null } ===================================== projects/browser/config ===================================== @@ -88,9 +88,9 @@ input_files: enable: '[% ! c("var/android") %]' - filename: Bundle-Data enable: '[% ! c("var/android") %]' - - URL: https://addons.mozilla.org/firefox/downloads/file/4164985/noscript-11.4.27.… + - URL: https://addons.mozilla.org/firefox/downloads/file/4178438/noscript-11.4.28.… name: noscript - sha256sum: 6b57d9afce663f801177b7492fe7f00967ee3e66b6351b2cf3ff2a6c3ca99637 + sha256sum: 54d076b3226d454216117547f6441d2f95af3057d20f726e55d94b0f22573c14 - URL: https://addons.mozilla.org/firefox/downloads/file/4171020/ublock_origin-1.5… name: ublock-origin sha256sum: e8ee3f9d597a6d42db9d73fe87c1d521de340755fd8bfdd69e41623edfe096d6 ===================================== projects/firefox/config ===================================== @@ -18,7 +18,7 @@ var: firefox_version: '[% c("var/firefox_platform_version") %]esr' browser_series: '13.5' browser_branch: '[% c("var/browser_series") %]-1' - browser_build: 1 + browser_build: 2 branding_directory_prefix: 'tb' copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' @@ -86,7 +86,6 @@ targets: mullvadbrowser: git_url: https://gitlab.torproject.org/tpo/applications/mullvad-browser.git var: - browser_build: 4 branding_directory_prefix: 'mb' gitlab_project: https://gitlab.torproject.org/tpo/applications/mullvad-browser updater_url: 'https://cdn.mullvad.net/browser/update_responses/update_1/' ===================================== projects/geckoview/config ===================================== @@ -16,7 +16,7 @@ container: var: geckoview_version: 115.4.0esr browser_branch: 13.5-1 - browser_build: 1 + browser_build: 2 copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse HEAD") %]' ===================================== projects/go/config ===================================== @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 1.21.1 +version: 1.21.3 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -119,7 +119,7 @@ input_files: enable: '[% ! c("var/linux") %]' - URL: 'https://golang.org/dl/go[% c("version") %].src.tar.gz' name: go - sha256sum: bfa36bf75e9a1e9cbbdb9abcf9d1707e479bd3a07880a8ae3564caee5711cb99 + sha256sum: 186f2b6f8c8b704e696821b09ab2041a5c1ee13dcbc3156a13adcf75931ee488 - project: go-bootstrap name: go-bootstrap target_replace: ===================================== projects/manual/config ===================================== @@ -1,7 +1,7 @@ # vim: filetype=yaml sw=2 # To update, see doc/how-to-update-the-manual.txt # Remember to update also the package's hash, with the version! -version: 102408 +version: 112775 filename: 'manual-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -21,8 +21,8 @@ var: input_files: - project: container-image - - URL: 'https://people.torproject.org/~richard/tbb_files/manual_[% c("version") %].zip' + - URL: 'https://build-sources.tbb.torproject.org/manual_[% c("version") %].zip' name: manual - sha256sum: f9c24f300f188276ee6ec7b8eb2f7e000ec49c9bb3651b4bd4468075885a9eef + sha256sum: 57c9c02f5209fdbcb333d902b7ec4bbec3bb08baf34cb97845cf55bc5bdcb744 - filename: packagemanual.py name: package_script ===================================== projects/openssl/config ===================================== @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 3.0.11 +version: 3.0.12 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -33,4 +33,4 @@ input_files: - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - URL: 'https://www.openssl.org/source/openssl-[% c("version") %].tar.gz' - sha256sum: b3425d3bb4a2218d0697eb41f7fc0cdede016ed19ca49d168b78e8d947887f55 + sha256sum: f93c9e8edde5e9166119de31755fc87b4aa34863662f67ddfcba14d0b6b69b61 ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: 066d24af02663ecfbf181541acd4ebd0988499ef + git_hash: 8795469632fe36606cfdd89a4ff90dc4e94b7a83 targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: 99856dfcaf4538a76980bb2e4666658ef2040cb0 + git_hash: 791740ded992dea01065a483d761225c30c93ecf targets: nightly: git_hash: 'tor-browser' @@ -32,7 +32,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: 51045186952e0eab228e4c887914beceaff76583 + git_hash: 546c1131528ab3af0c2300ac9b7ae2c6ca15a4f8 compress_tar: 'zst' targets: nightly: View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/torbrowser-launcher] Pushed new branch AsciiWolf-metainfo-fix
by asciiwolf (＠asciiwolf) 02 Nov '23

02 Nov '23

asciiwolf pushed new branch AsciiWolf-metainfo-fix at The Tor Project / Applications / torbrowser-launcher -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/torbrowser-launcher/-/tree/A… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-115.4.0esr-13.5-1-build2
by Pier Angelo Vendrame (＠pierov) 01 Nov '23

01 Nov '23

Pier Angelo Vendrame pushed new tag mullvad-browser-115.4.0esr-13.5-1-build2 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.4.0esr-13.5-1-build2
by richard (＠richard) 01 Nov '23

01 Nov '23

richard pushed new tag tor-browser-115.4.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.0-1] fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.
by richard (＠richard) 01 Nov '23

01 Nov '23

richard pushed to branch tor-browser-115.4.0esr-13.0-1 at The Tor Project / Applications / Tor Browser Commits: 444e340c by Pier Angelo Vendrame at 2023-11-01T15:36:40+00:00 fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain. TorStartupService is not launched on Android, so initialize FPI in another script that is used by GV (and only once, if I understand correctly). - - - - - 1 changed file: - mobile/android/components/geckoview/GeckoViewStartup.jsm Changes: ===================================== mobile/android/components/geckoview/GeckoViewStartup.jsm ===================================== @@ -17,6 +17,7 @@ ChromeUtils.defineESModuleGetters(lazy, { PdfJs: "resource://pdf.js/PdfJs.sys.mjs", Preferences: "resource://gre/modules/Preferences.sys.mjs", RFPHelper: "resource://gre/modules/RFPHelper.sys.mjs", + TorDomainIsolator: "resource://gre/modules/TorDomainIsolator.sys.mjs", }); const { XPCOMUtils } = ChromeUtils.importESModule( @@ -258,6 +259,8 @@ class GeckoViewStartup { "GeckoView:SetLocale", ]); + lazy.TorDomainIsolator.init(); + Services.obs.addObserver(this, "browser-idle-startup-tasks-finished"); Services.obs.addObserver(this, "handlersvc-store-initialized"); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/444e340… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/444e340… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.5-1] fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain.
by richard (＠richard) 01 Nov '23

01 Nov '23

richard pushed to branch tor-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 693c5fb9 by Pier Angelo Vendrame at 2023-11-01T11:04:45+01:00 fixup! Bug 3455: Add DomainIsolator, for isolating circuit by domain. TorStartupService is not launched on Android, so initialize FPI in another script that is used by GV (and only once, if I understand correctly). - - - - - 1 changed file: - mobile/android/components/geckoview/GeckoViewStartup.jsm Changes: ===================================== mobile/android/components/geckoview/GeckoViewStartup.jsm ===================================== @@ -17,6 +17,7 @@ ChromeUtils.defineESModuleGetters(lazy, { PdfJs: "resource://pdf.js/PdfJs.sys.mjs", Preferences: "resource://gre/modules/Preferences.sys.mjs", RFPHelper: "resource://gre/modules/RFPHelper.sys.mjs", + TorDomainIsolator: "resource://gre/modules/TorDomainIsolator.sys.mjs", }); const { XPCOMUtils } = ChromeUtils.importESModule( @@ -258,6 +259,8 @@ class GeckoViewStartup { "GeckoView:SetLocale", ]); + lazy.TorDomainIsolator.init(); + Services.obs.addObserver(this, "browser-idle-startup-tasks-finished"); Services.obs.addObserver(this, "handlersvc-store-initialized"); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/693c5fb… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/693c5fb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/firefox-android] Pushed new tag firefox-android-115.2.1-13.5-1-build1
by Pier Angelo Vendrame (＠pierov) 01 Nov '23

01 Nov '23

Pier Angelo Vendrame pushed new tag firefox-android-115.2.1-13.5-1-build1 at The Tor Project / Applications / firefox-android -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/firefox-android/-/tree/firef… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.4.0esr-13.5-1] fixup! Tor Browser localization migration scripts.
by Pier Angelo Vendrame (＠pierov) 01 Nov '23

01 Nov '23

Pier Angelo Vendrame pushed to branch tor-browser-115.4.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 54828940 by Henry Wilkes at 2023-11-01T09:45:33+00:00 fixup! Tor Browser localization migration scripts. Bug 42219: Use URLs returned by weblate API rather than constructing them ourself. The weblate structure has changed since tor-browser's components have been grouped together under hosted.weblate.org/projects/tor/tor-browser/ - - - - - 1 changed file: - tools/torbrowser/migrate_l10n.py Changes: ===================================== tools/torbrowser/migrate_l10n.py ===================================== @@ -103,10 +103,10 @@ class WeblateMetadata: # Expect the final structure to be: # { # template: { - # "component-name": str, # Used for API translations query. + # "translations-url": str, # Used for API translations query. # "translations": { # filename: { - # "language-code": str, # Used for API units query. + # "units-url": str, # Used for API units query. # "units": { # context: { # "translated": bool, @@ -130,9 +130,8 @@ class WeblateMetadata: with urllib.request.urlopen(weblate_request, timeout=20) as response: return json.load(response) - def _get_from_weblate(self, request): + def _get_from_weblate(self, url): ret = [] - url = "https://hosted.weblate.org/api/" + request while url: response = self._get_weblate_response(url) # Continue to fetch the next page, if it is present. @@ -146,10 +145,12 @@ class WeblateMetadata: if self._components is None: self._components = { comp["template"]: { - "name": comp["slug"], "translations": None, + "translations-url": comp["translations_url"], } - for comp in self._get_from_weblate("projects/tor/components/") + for comp in self._get_from_weblate( + "https://hosted.weblate.org/api/projects/tor/components/" + ) if comp["template"] } return self._components @@ -160,16 +161,12 @@ class WeblateMetadata: self.logger.warning(f"No component in weblate for {template}.") return None if component["translations"] is None: - comp_name = component["name"] component["translations"] = { trans["filename"]: { - "component-name": comp_name, - "language-code": trans["language"]["code"], "units": None, + "units-url": trans["units_list_url"], } - for trans in self._get_from_weblate( - f"components/tor/{comp_name}/translations/" - ) + for trans in self._get_from_weblate(component["translations-url"]) } return component["translations"] @@ -182,15 +179,11 @@ class WeblateMetadata: self.logger.warning(f"No translation in weblate for {file}.") return None if translation["units"] is None: - comp_name = translation["component-name"] - lang_code = translation["language-code"] translation["units"] = { unit["context"]: { "translated": unit["translated"], } - for unit in self._get_from_weblate( - f"translations/tor/{comp_name}/{lang_code}/units/" - ) + for unit in self._get_from_weblate(translation["units-url"]) } return translation["units"] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5482894… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5482894… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][main] 7 commits: Bug 40934: Remove $bundle_locales from signing scripts
by richard (＠richard) 31 Oct '23

31 Oct '23

richard pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 462e362c by Nicolas Vigier at 2023-10-31T18:44:13+00:00 Bug 40934: Remove $bundle_locales from signing scripts IN macos-signer-* we don't remove the loop, since those scripts are going away soon. - - - - - 21b3e176 by Nicolas Vigier at 2023-10-31T18:54:13+00:00 Bug 29815: Add rcodesign build - - - - - db589fc3 by Nicolas Vigier at 2023-10-31T18:54:13+00:00 Bug 29815: Set up signing machines for rcodesign - - - - - 819afa1d by Nicolas Vigier at 2023-10-31T18:54:13+00:00 Bug 29815: Update signing scripts for rcodesign - - - - - 1e47cd1a by Nicolas Vigier at 2023-10-31T18:54:13+00:00 Bug 40982: Fix logging in tools/signing/do-all-signing - - - - - 223e1eda by Nicolas Vigier at 2023-10-31T18:54:13+00:00 Bug 29815: Update macos signing entitlements files Taken from Firefox tree in security/mac/hardenedruntime/production.entitlements.xml in esr115 branch. - - - - - af80e8c1 by Nicolas Vigier at 2023-10-31T18:54:13+00:00 Bug 29815: Update issue templates for macos signing changes - - - - - 30 changed files: - .gitlab/issue_templates/Release Prep - Mullvad Browser Alpha.md - .gitlab/issue_templates/Release Prep - Mullvad Browser Stable.md - .gitlab/issue_templates/Release Prep - Tor Browser Alpha.md - .gitlab/issue_templates/Release Prep - Tor Browser Stable.md - Makefile - + projects/rcodesign/build - + projects/rcodesign/config - tools/.gitignore - tools/signing/alpha.entitlements.xml - tools/signing/dmg2mar - tools/signing/do-all-signing - tools/signing/finished-signing-clean-linux-signer - tools/signing/gatekeeper-bundling.sh - + tools/signing/linux-signer-rcodesign-sign - + tools/signing/linux-signer-rcodesign-sign.mullvadbrowser - + tools/signing/linux-signer-rcodesign-sign.torbrowser - tools/signing/machines-setup/setup-signing-machine - + tools/signing/machines-setup/sudoers.d/sign-rcodesign - tools/signing/machines-setup/upload-tbb-to-signing-machine - tools/signing/macos-signer-gatekeeper-signing - tools/signing/macos-signer-notarization - tools/signing/macos-signer-stapler - + tools/signing/rcodesign-notary-submit - tools/signing/release.entitlements.xml - tools/signing/set-config - + tools/signing/set-config.rcodesign - + tools/signing/set-config.rcodesign-appstoreconnect - + tools/signing/setup-rcodesign - + tools/signing/sync-linux-signer-macos-signed-tar-to-local - + tools/signing/sync-linux-signer-macos-signed-tar-to-local.mullvadbrowser The diff was not included because it is too large. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-13.0] Bug 40979: Add redirects from old linux filenames in .htaccess, part 2
by richard (＠richard) 31 Oct '23

31 Oct '23

richard pushed to branch maint-13.0 at The Tor Project / Applications / tor-browser-build Commits: e893fe92 by Nicolas Vigier at 2023-10-31T18:07:31+00:00 Bug 40979: Add redirects from old linux filenames in .htaccess, part 2 In a previous commit we already updated projects/release/build for that, however we re-generate the .htaccess file during the signing process, in tools/signing/staticiforme-prepare-cdn-dist-upload. - - - - - 1 changed file: - tools/signing/staticiforme-prepare-cdn-dist-upload Changes: ===================================== tools/signing/staticiforme-prepare-cdn-dist-upload ===================================== @@ -11,6 +11,17 @@ RewriteRule ^sha256sums.txt.asc$ sha256sums-unsigned-build.txt.asc RewriteRule ^sha256sums.incrementals.txt$ sha256sums-unsigned-build.incrementals.txt RewriteRule ^sha256sums.incrementals.txt.asc$ sha256sums-unsigned-build.incrementals.txt.asc EOF + +# Adding redirects for tor-browser-build#40979 +if is_project torbrowser; then + cat >> "$dist_dir/.htaccess" << 'EOF' +RewriteRule ^tor-browser-linux64-(.*)_ALL.tar.xz.asc$ tor-browser-linux-x86_64-$1.tar.xz.asc +RewriteRule ^tor-browser-linux64-(.*)_ALL.tar.xz$ tor-browser-linux-x86_64-$1.tar.xz +RewriteRule ^tor-browser-linux32-(.*)_ALL.tar.xz.asc$ tor-browser-linux-i686-$1.tar.xz.asc +RewriteRule ^tor-browser-linux32-(.*)_ALL.tar.xz$ tor-browser-linux-i686-$1.tar.xz +EOF +fi + chgrp -R tb-release "$dist_dir" chmod 775 "$dist_dir" chmod 664 "$dist_dir"/* View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/e… You're receiving this email because of your account on gitlab.torproject.org.

1 0