tor-announce December 2022

tor-announce@lists.torproject.org

3 participants
5 discussions

New Alpha Release: Tor Browser 12.5a1 (Android, Windows, macOS, Linux)
by Richard Pospesel 21 Dec '22

21 Dec '22

Hi everyone, Tor Browser 12.5a1 has now been published for all platforms. For details please see our blog post: - https://blog.torproject.org/new-alpha-release-tor-browser-125a1/ best, -Richard

1 0

New Release: Tor Browser 12.0.1 (Android, Windows, macOS, Linux)
by Giorgio Maone 17 Dec '22

17 Dec '22

Hello everyone, Tor Browser 12.0.1 is now available from the Tor Browser download page <https://www.torproject.org/download/> and also from our distribution directory <https://dist.torproject.org/torbrowser/12.0.1/>. This release updates Firefox to 102.6, including bug fixes, stability improvements and important security updates <https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/>. We've fixed a regression in our drag and drop protection, whose hardening disrupted some interface interactions, and most notably rearranging bookmarks by dragging them around. We'd like to thank poncho for fixing another regression causing the |TOR_SOCKS_IPC_PATH| environment variable to be ignored. Blog post with changelog here <https://blog.torproject.org/new-release-tor-browser-1201/>. Have a nice weekend and a happy holiday season :) -- ma1

1 0

New Release: Tor Browser 12.0 (Android, Windows, macOS, Linux)
by Richard Pospesel 07 Dec '22

07 Dec '22

Hi Everyone, We've just enabled updates for Tor Browser 12.0. Please see our blog post for all the details about this release: - https://blog.torproject.org/new-release-tor-browser-120/ best, -Richard

1 0

[RELEASE] 0.4.5.15 and 0.4.7.12
by David Goulet 06 Dec '22

06 Dec '22

Greetings, We just released two stable releases: https://forum.torproject.net/t/stable-release-0-4-5-15-and-0-4-7-12/5800 The ChangeLog for both is attached below. Cheers! David Changes in version 0.4.7.12 - 2022-12-06 This version contains a major change that is a new key for moria1. Also, new metrics are exported on the MetricsPort for the congestion control subsystem. o Directory authority changes (moria1): - Rotate the relay identity key and v3 identity key for moria1. They have been online for more than a decade and refreshing keys periodically is good practice. Advertise new ports too, to avoid confusion. Closes ticket 40722. o Minor feature (Congestion control metrics): - Add additional metricsport relay metrics for congestion control. Closes ticket 40724. o Minor features (fallbackdir): - Regenerate fallback directories generated on December 06, 2022. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2022/12/06. o Minor bugfixes (cpuworker, relay): - Fix an off by one overload calculation on the number of CPUs being used by our thread pool. Fixes bug 40719; bugfix on 0.3.5.1-alpha. Changes in version 0.4.5.15 - 2022-12-06 This version has several major changes for directory authorities. And a major bugfix on OSX. Again, we strongly recommend to upgrade to our 0.4.7.x series latest stable. This series is EOL on February 15th, 2023. o Directory authority changes (dizum): - Change dizum IP address. Closes ticket 40687. o Directory authority changes (Faravahar): - Remove Faravahar until its operator, Sina, set it back up online outside of Team Cymru network. Closes ticket 40688. o Directory authority changes (moria1): - Rotate the relay identity key and v3 identity key for moria1. They have been online for more than a decade and refreshing keys periodically is good practice. Advertise new ports too, to avoid confusion. Closes ticket 40722. o Major bugfixes (OSX): - Fix coarse-time computation on Apple platforms (like Mac M1) where the Mach absolute time ticks do not correspond directly to nanoseconds. Previously, we computed our shift value wrong, which led us to give incorrect timing results. Fixes bug 40684; bugfix on 0.3.3.1-alpha. o Major bugfixes (relay): - Improve security of our DNS cache by randomly clipping the TTL value. TROVE-2021-009. Fixes bug 40674; bugfix on 0.3.5.1-alpha. o Minor features (fallbackdir): - Regenerate fallback directories generated on December 06, 2022. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2022/12/06. -- sSW4eiPIDeZwMMhfPCejDwsC8ypVacQQywYo36Dgc4w=

1 0

New Alpha Release: Tor Browser 12.0a5 (Android, Windows, macOS, Linux)
by Richard Pospesel 01 Dec '22

01 Dec '22

Tor Browser 12.0a5 is now available from the Tor Browser download page and also from our distribution directory: - https://www.torproject.org/dist/torbrowser/12.0a5/ Tor Browser 12.0a5 updates Firefox on Android, Windows, macOS, and Linux to 102.5.0esr. This version includes important security updates to Firefox and GeckoView. Tor Browser 12.0a5 backports the following security updates from Firefox 107 to Firefox ESR 102.5 on Android: CVE-2022-45413: SameSite=Strict cookies could have been sent cross-site via intent URLs # Major Changes since 11.5 This is the final planned alpha release before 12.0 stable. We have made a lot of changes over the past several months both large and small, and would like to encourage alpha users to test the following features and report any issues you discover. ## Universal macOS packages This is the first universal package release of Tor Browser for macOS. Now Tor Browser should run natively for macOS users, regardless of whether they are running on older x86_64 devices or on newer Apple M1 aarch64 devices. **What to test:** Users with existing x86_64 macOS installs should receive an automatic update to the new universal package without any loss of functionality. The universal dmg downloaded from the Tor Project website should continue to work for macOS users on both x86_64 and aarch64 platforms. We would also appreciate if macOS users attempted a build-to-build upgrade from an older version of Tor Browser Alpha to help us validate this update path. Once installed, macOS users using aarch64-based Macs (i.e. those with Apple Silicon) can verify whether Tor Browser is running natively by following these steps: 1. Open the Activity Monitor 2. Search for "Tor Browser" within the CPU tab. 3. Should Tor Browser read "Apple" under the Kind column, you are successfully running the native Apple Silicon build. ## Multi-locale bundles (Desktop) As of Tor Browser 12.0a4, all supported languages are now included in a single bundle, and can be changed without requiring additional downloads via the Language menu in General settings on the about:preferences page. **What to test:** Tor Browser Alpha should default to your system language on first launch if it matches a language we support. Alpha testers are also encouraged to test changing language within about:preferences#general, and to report any new bugs with localization in general (in particular instances of 'Firefox' appearing instead of 'Tor Browser' or other similar branding issues). We would also appreciate if users on all our Desktop platforms attempted a build-to-build upgrade from an older version of Tor Browser Alpha to help us validate the update path. ## Unified Español locale (Desktop and Android) Previous versions of Tor Browser Alpha were available in both "es" and "es-AR" (Español Argentina) locales. As of Tor Browser, 12.0a4 these have been unified into a single Spanish locale instead. **What to test:** Alpha testers who use the "es-AR" locale should be automatically switched to "es-ES" after updating. ## New supported locales (Ukranian and Albanian) We have added support for both Ukranian and Albanian languages. **What to test:** Alpha testers who use the "uk" and "sq" locales should try them on both Desktop (using the language picker in about:preferences#general) and Android (using the options in Settings > Language). ## tor-launcher migration (Desktop) Parts of the code that power tor-launcher – which starts tor within Tor Browser – have been refactored. Although this work doesn't include any changes to the user experience, those who run non-standard Tor Browser setups are encouraged to test 12.0a5 on their systems. **What to test:** Alpha testers who run non-standard Tor Browser setups (including, but not limited to, those who use system tor in conjunction with Tor Browser and those with specific network and bridge settings) should test starting and connecting to Tor, and report any unexpected error messages they encounter. All of the previously supported environment variables should still behave the same way as in the stable series. ## Onion Auth fixes (Desktop) Tor Browser 12.0a4 included two fixes to Onion Service client authorization: 1. A fix to the auth window itself, which was broken in Alpha due to a regression caused by the esr102 transition: tor-browser#41344 2. Another fix to a longstanding issue with Onion Auth failing on subdomains, which has also been backported to 11.5.5: tor-browser#40465 **What to test:** Accessing client authorized Onion Services on both top-level and subdomains. ## Always prioritize .onion sites (Android) Android users can now enable automatic Onion-Location redirects by switching "Prioritize .onion sites" within Privacy and Security settings. However, we have not yet implemented the url bar UI which we have in Tor Browser for Desktop. **What to test:** Enable "Prioritize .onion sites" within settings, visit a website that supports Onion-Location, and verify that you were redirected to the website's .onion address. The full changelog since Tor Browser 12.0a4 is: All Platforms Update Translations Update OpenSSL to 1.1.1s Update NoScript to 11.4.13 Update tor to 0.4.7.11 Update zlib to 1.2.13 Bug tor-browser#17228: Consideration for disabling/trimming referrers within TBB Bug tor-browser#27258: font whitelist means we don't have to set gfx.downloadable_fonts.fallback_delay Bug tor-browser#40183: Consider disabling TLS ciphersuites containing SHA-1 Bug tor-browser-build#40622: Update obfs4proxy to 0.0.14 in Tor Browser Bug tor-browser-build#40674: Add Secondary Snowflake Bridge Bug tor-browser#40783: Review 000-tor-browser.js and 001-base-profile.js for 102 Bug tor-browser#41406: Do not define --without-wasm-sandboxed-libraries if WASI_SYSROOT is defined Bug tor-browser#41420: Remove brand.dtd customization on nightly Bug tor-browser#41457: Remove more Mozilla permissions Bug tor-browser#41460: Migrate new identity and security level preferences in 11.5.8 Bug tor-browser#41473: Add support for Albanian (sq) Windows + macOS + Linux Update Firefox to 102.5.0esr Bug tor-browser#31064: Letterboxing is enabled in priviledged contexts too Bug tor-browser#31821: reapply window.open() clamping Bug tor-browser#32411: Consider adding about:tor and others to the list of pages that do not need letterboxing Bug tor-browser#40081: Letterboxing since 32220 affected by layout.css.devPixelsPerPx Bug tor-browser#40767: 1px white border visible on fullscreen video playback Bug tor-browser#41293: Incomplete branding in German with 12.0a2 Bug tor-browser#41378: Inform users when Tor Browser sets their language automatically Bug tor-browser#41409: Circuit display is broken on Tails Bug tor-browser#41410: Opening and closing HTTPS-Only settings make the identity panel shrink Bug tor-browser#41412: New Identity shows "Tor Browser" instead of "Restart Tor Browser" in unstranslated locales Bug tor-browser#41417: Prompt users to restart after changing language Bug tor-browser#41429: TorConnect and TorSettings are initialized twice Bug tor-browser#41433: Should letterboxing take in account optional components' heights? Bug tor-browser#41434: Letterboxing bypass through secondary tab (popup/popunder...) Bug tor-browser#41436: The new tor-launcher handles arrays in the wrong way Bug tor-browser#41437: Use the new media query for dark theme for the "Connected" pill in bridges Bug tor-browser#41449: Onion authentication's learn more should link to the offline manual Bug tor-browser#41451: Still using requestedLocales in torbutton Bug tor-browser#41455: Tor Browser dev build cannot launch tor Bug tor-browser#41458: Prevent mach package-multi-locale from actually creating a package Bug tor-browser#41462: Add anchors to bridge-moji and onion authentication entries Bug tor-browser#41498: The Help panel is empty in 12.0a4 Windows Bug tor-browser#41426: base-browser nightly fails to build for windows-i686 macOS Bug tor-browser#23451: Adapt font whitelist to changes on macOS (zh locales) Bug tor-browser-build#40687: macOS nightly builds with packaged locales fail Android Update GeckoView to 102.5.0esr Bug tor-browser#40014: Check which of our mobile prefs and configuration changes are still valid for GeckoView Bug tor-browser#41471: Update targetSdkVersion to 31 Bug tor-browser#41481: Tor Browser 11.5.9 for Android crashes on launch on Android 12+ after targetSdkVersion update Build System All Platforms Update Go to 1.19.3 Bug tor-browser-build#40675: Update tb_builders list in set-config Bug tor-browser-build#40667: Update Node.js to 12.22.12 Bug tor-browser-build#40690: Revert fix for zlib build break Bug tor-browser#41446: Multi-lingual alpha bundles break make fetch Windows + macOS + Linux Bug tor-browser-build#40503: Update Release Prep issue template with base-browser and privacy browser changes Bug tor-browser-build#40641: Fetch Firefox locales from l10n-central Bug tor-browser-build#40685: Remove targets/nightly/var/mar_locales from rbm.conf Bug tor-browser-build#40686: Add a temporary project to fetch Fluent tranlations for base-browser Bug tor-browser-build#40691: Update firefox config to point to base-browser branch rather than a particular tag in nightly Bug tor-browser-build#40699: Fix input_files in projects/firefox-l10n/config Windows Bug tor-browser-build#40666: Fix compiler depedencies for Firefox on Windows macOS Bug tor-browser-build#40067: Rename "OS X" to "macOS" Bug tor-browser-build#40439: Create universal x86-64/arm64 mac builds

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-announce December 2022