commit b3f4e8e590377d74456a0b92c9400dd3c1d6fa41 Author: Georg Koppen gk@torproject.org Date: Thu Jan 19 11:20:51 2017 +0000
Release preparations for 6.5 Changelog update, version bumps, and config.yml update --- Bundle-Data/Docs/ChangeLog.txt | 94 +++++++++++++++++++++++++++++++++++++++ gitian/versions | 22 ++++----- tools/update-responses/config.yml | 13 +++--- 3 files changed, 112 insertions(+), 17 deletions(-)
diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index 92b638d..6c18afa 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -1,3 +1,97 @@ +Tor Browser 6.5 -- January 24 2017 + * All Platforms + * Update Firefox to 45.7.0esr + * Tor to 0.2.9.8 + * OpenSSL to 1.0.2j + * Update Torbutton to 1.9.6.10 + * Bug 16622: Timezone spoofing moved to tor-browser.git + * Bug 17334: Move referrer spoofing for .onion domains into tor-browser.git + * Bug 8725: Block addon resource and url fingerprinting with nsIContentPolicy + * Bug 20701: Allow the directory listing stylesheet in the content policy + * Bug 19837: Whitelist internal URLs that Firefox requires for media + * Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a tor client + * Bug 19273: Improve external app launch handling and associated warnings + * Bug 15852: Remove/synchronize Torbutton SOCKS pref logic + * Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries + IPv6 + * Bug 17767: Make "JavaScript disabled" more visible in Security Slider + * Bug 20556: Use pt-BR strings from now on + * Bug 20614: Add links to Tor Browser User Manual + * Bug 20414: Fix non-rendering arrow on OS X + * Bug 20728: Fix bad preferences.xul dimensions + * Bug 19898: Use DuckDuckGo on about:tor + * Bug 21091: Hide the update check menu entry when running under the sandbox + * Bug 19459: Move resizing code to tor-browser.git + * Bug 20264: Change security slider to 3 options + * Bug 20347: Enhance security slider's custom mode + * Bug 20123: Disable remote jar on all security levels + * Bug 20244: Move privacy checkboxes to about:preferences#privacy + * Bug 17546: Add tooltips to explain our privacy checkboxes + * Bug 17904: Allow security settings dialog to resize + * Bug 18093: Remove 'Restore Defaults' button + * Bug 20373: Prevent redundant dialogs opening + * Bug 20318: Remove helpdesk link from about:tor + * Bug 21243: Add links for pt, es, and fr Tor Browser manuals + * Bug 20753: Remove obsolete StartPage locale strings + * Bug 21131: Remove 2016 donation banner + * Bug 18980: Remove obsolete toolbar button code + * Bug 18238: Remove unused Torbutton code and strings + * Bug 20388+20399+20394: Code clean-up + * Translation updates + * Update Tor Launcher to 0.2.10.3 + * Bug 19568: Set CurProcD for Thunderbird/Instantbird + * Bug 19432: Remove special handling for Instantbird/Thunderbird + * Translation updates + * Update HTTPS-Everywhere to 5.2.9 + * Update NoScript to 2.9.5.3 + * Bug 16622: Spoof timezone with Firefox patch + * Bug 17334: Spoof referrer when leaving a .onion domain + * Bug 19273: Write C++ patch for external app launch handling + * Bug 19459: Size new windows to 1000x1000 or nearest 200x100 (Firefox patch) + * Bug 12523: Mark JIT pages as non-writable + * Bug 20123: Always block remote jar files + * Bug 19193: Reduce timing precision for AudioContext, HTMLMediaElement, and MediaStream + * Bug 19164: Remove support for SHA-1 HPKP pins + * Bug 19186: KeyboardEvents are only rounding to 100ms + * Bug 16998: Isolate preconnect requests to URL bar domain + * Bug 19478: Prevent millisecond resolution leaks in File API + * Bug 20471: Allow javascript: links from HTTPS first party pages + * Bug 20244: Move privacy checkboxes to about:preferences#privacy + * Bug 20707: Fix broken preferences tab in non-en-US alpha bundles + * Bug 20709: Fix wrong update URL in alpha bundles + * Bug 19481: Point the update URL to aus1.torproject.org + * Bug 20556: Start using pt-BR instead of pt-PT for Portuguese + * Bug 20442: Backport fix for local path disclosure after drag and drop + * Bug 20160: Backport fix for broken MP3-playback + * Bug 20043: Isolate SharedWorker script requests to first party + * Bug 18923: Add script to run all Tor Browser regression tests + * Bug 20651: DuckDuckGo does not work with JavaScript disabled + * Bug 19336+19835: Enhance about:tbupdate page + * Bug 20399+15852: Code clean-up + * Windows + * Bug 20981: On Windows, check TZ for timezone first + * Bug 18175: Maximizing window and restarting leads to non-rounded window size + * Bug 13437: Rounded inner window accidentally grows to non-rounded size + * OS X + * Bug 20590: Badly resized window due to security slider notification bar on OS X + * Bug 20439: Make the build PIE on OSX + * Linux + * Bug 20691: Updater breaks if unix domain sockets are used + * Bug 15953: Weird resizing dance on Tor Browser startup + * Build system + * All platforms + * Bug 20927: Upgrade Go to 1.7.4 + * Bug 20583: Make the downloads.json file reproducible + * Bug 20133: Don't apply OpenSSL patch anymore + * Bug 19528: Set MOZ_BUILD_DATE based on Firefox version + * Bug 18291: Remove some uses of libfaketime + * Bug 18845: Make zip and tar helpers generate reproducible archives + * OS X + * Bug 20258: Make OS X Tor archive reproducible again + * Bug 20184: Make OS X builds reproducible (use clang for compiling tor) + * Bug 19856: Make OS X builds reproducible (getting libfaketime back) + * Bug 19410: Fix incremental updates by taking signatures into account + * Bug 20210: In dmg2mar, extract old mar file to copy permissions to the new one + Tor Browser 6.5a6-hardened -- December 14 2016 * All Platforms * Update Firefox to 45.6.0esr diff --git a/gitian/versions b/gitian/versions index 81963bb..6b8d796 100755 --- a/gitian/versions +++ b/gitian/versions @@ -10,15 +10,15 @@ DATA_OUTSIDE_APP_DIR=1
VERIFY_TAGS=1
-FIREFOX_VERSION=45.2.0esr +FIREFOX_VERSION=45.7.0esr
TORBROWSER_UPDATE_CHANNEL=release
-TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-6.0-1-build1 -TOR_TAG=tor-0.2.7.6 -TORLAUNCHER_TAG=0.2.9.3 -TORBUTTON_TAG=1.9.5.4 -HTTPSE_TAG=5.1.9 +TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-6.5-1-build1 +TOR_TAG=tor-0.2.9.8 +TORLAUNCHER_TAG=0.2.10.3 +TORBUTTON_TAG=1.9.6.10 +HTTPSE_TAG=5.2.9 NSIS_TAG=v0.3.1 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.22-stable @@ -44,10 +44,10 @@ NOTOFONTS_TAG=720e34851382ee3c1ef024d8dffb68ffbfb234c2
GITIAN_TAG=tor-browser-builder-4-1
-OPENSSL_VER=1.0.1t +OPENSSL_VER=1.0.2j GMP_VER=5.1.3 FIREFOX_LANG_VER=$FIREFOX_VERSION -FIREFOX_LANG_BUILD=build2 +FIREFOX_LANG_BUILD=build1 BINUTILS_VER=2.24 GCC_VER=5.1.0 CLANG_VER=r247539 @@ -68,7 +68,7 @@ NSIS_VER=2.51 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz GMP_PACKAGE=gmp-${GMP_VER}.tar.bz2 -NOSCRIPT_PACKAGE=noscript_security_suite-2.9.0.11-fn+sm+fx.xpi +NOSCRIPT_PACKAGE=noscript_security_suite-2.9.5.3-fx+sm.xpi TOOLCHAIN4_OLD_PACKAGE=multiarch-darwin11-cctools127.2-gcc42-5666.3-llvmgcc42-2336.1-Linux-120724.tar.xz CCTOOLS_PACKAGE=cctools.tar.gz OSXSDK_PACKAGE=MacOSX10.7.sdk.tar.gz @@ -97,12 +97,12 @@ NOTOSCFONT_PACKAGE=NotoSansSC-Regular.otf NOTOTCFONT_PACKAGE=NotoSansTC-Regular.otf
# Hashes for packages with weak sigs or no sigs -OPENSSL_HASH=4a6ee491a2fdb22e519c76fdc2a628bb3cec12762cd456861d207996c8a07088 +OPENSSL_HASH=e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 GMP_HASH=752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160 OSXSDK_HASH=da77bb0003fcca5ea8c4e8cb2da8828ded750c54afdcac29ec6f3b46ad5e3adf OSXSDK_OLD_HASH=6602d8d5ddb371fbc02e2a5967d9bd0cd7358d46f9417753c8234b923f2ea6fc TOOLCHAIN4_OLD_HASH=65c1b2d302358a6b95a26c6828a66908a199276193bb0b268f2dcc1a997731e9 -NOSCRIPT_HASH=fdd965a69188ac651b08a7d3ada54821a89db10a4685aa73ba59edc0b8243390 +NOSCRIPT_HASH=ce9779a3a5a2574b958f8e4d079a99d43a8f84193bef52c587c704ed81c2fbbd CCTOOLS_HASH=e908fdebc2886ee5491ebfc7e7950af451b3c4e2439c2d7a923ed06ad05113e4 MSVCR100_HASH=1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067 PYCRYPTO_HASH=f2ce1e989b272cfcb677616763e0a2e7ec659effa67a88aa92b3a65528f60a3c diff --git a/tools/update-responses/config.yml b/tools/update-responses/config.yml index 210e707..90bc017 100644 --- a/tools/update-responses/config.yml +++ b/tools/update-responses/config.yml @@ -20,16 +20,17 @@ build_targets: osx64: Darwin_x86_64-gcc3 channels: alpha: 6.5a6 - release: 6.0.1 + release: 6.5 versions: - 6.0.1: - platformVersion: 45.2.0 - detailsURL: https://blog.torproject.org/blog/tor-browser-601-released + 6.5: + platformVersion: 45.7.0 + detailsURL: https://blog.torproject.org/blog/tor-browser-65-released incremental_from: - - 5.5.5 - - 6.0 + - 6.0.8 migrate_archs: osx32: osx64 + migrate_langs: + pt-PT: pt-BR osx32: minSupportedOSVersion: 10.8 detailsURL: https://blog.torproject.org/blog/end-life-plan-tor-browser-32-bit-macs#updat...