December 2023 - tor-announce - lists.torproject.org

New Release: Tor Browser 13.5a3 (Android, Windows, macOS, Linux)
by Richard Pospesel 22 Dec '23

22 Dec '23

Hi everyone, Tor Browser 13.5a3 has now been published for all platforms. For details please see our blog post: - https://blog.torproject.org/new-alpha-release-tor-browser-135a3/ changelog: > Tor Browser 13.5a3 - December 22 2023 > * All Platforms > * Updated Tor to 0.4.8.10 > * Updated NoScript to 11.4.29 > * Bug 42042: view-source:http://ip-address does not work because of HTTPS Only [tor-browser] > * Bug 42308: Update README for tor browser [tor-browser] > * Bug 42332: Rebase Tor Browser alpha onto 115.6.0esr [tor-browser] > * Bug 42334: Keep returning ERROR_ONION_WITH_SELF_SIGNED_CERT only for .onion sites whose cert throws ERROR_UNKNOWN_ISSUER [tor-browser] > * Bug 42335: Do not localize the order of locales for app lang [tor-browser] > * Bug 42340: TorBridgeChanged notification sends out "[object Object]" as its data. [tor-browser] > * Windows + macOS + Linux > * Updated Firefox to 115.6.0esr > * Bug 40856: Add a default for preferences in TorSettings [tor-browser] > * Bug 42099: Blind cross-origin requests to .tor.onion domains [tor-browser] > * Bug 42189: Assertion failure: the value of mPrivateBrowsingId in the loadContext and in the loadInfo are not the same! [tor-browser] > * Bug 42283: Tor Browser shouldn't ship blockchair by default [tor-browser] > * Bug 42299: After adding incorrect bridge addres on user cannot go back to the Connection page [tor-browser] > * Bug 42303: Remove unused "help" button logic in tor dialogs [tor-browser] > * Bug 42319: Make all the wordmark of the same size [tor-browser] > * Windows > * Bug 42163: Make the 3rd party DLL blocklist obey portable mode [tor-browser] > * Bug 42179: PTs on Tor Browser 13 do not work with Windows 7 [tor-browser] > * Linux > * Bug 41050: Improve the disk leak sanitization on start-$browser [tor-browser-build] > * Android > * Updated GeckoView to 115.6.0esr > * Bug 42248: Allow GeckoView to launch tor [tor-browser] > * Bug 42249: Allow GeckoView to launch lyrebird [tor-browser] > * Bug 42250: Allow Moat.sys.mjs to invoke lyrebird on Android [tor-browser] > * Bug 42301: Make TorSettings interact with the old Android Settings [tor-browser] > * Bug 42313: Enable One UI Sans KR as a possible font for Korean (MozBug 1865238) [tor-browser] > * Bug 42323: Add a checkbox to enable the connect assist experiments on alpha [tor-browser] > * Bug 42324: Onion Location on Android is ignored [tor-browser] > * Bug 42339: Backport Android security fixes from Firefox 121 to 115.6 - based Tor Browser [tor-browser] > * Build System > * All Platforms > * Updated Go to 1.21.5 > * Bug 42331: tb-dev fetch command is missing repository argument [tor-browser] > * Bug 40995: Use cdn.stagemole.eu instead of cdn.devmole.eu in download-unsigned-sha256sums-gpg-signatures-from-people-tpo [tor-browser-build] > * Bug 41026: Do not use ~ when uploading the signed hashes [tor-browser-build] > * Bug 41027: Remove tb-build-04 and tb-build-05 from tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo [tor-browser-build] > * Bug 41036: Remove go_vendor-lyrebird-nightly makefile target, and rename go_vendor-$project-alpha makefile targets to go_vendor-$project [tor-browser-build] > * Bug 41039: Update tools/signing/upload-update_responses-to-staticiforme to keep download-*json files from previous release when new release does not include them [tor-browser-build] > * Bug 41042: Add options to include updates in the changelog scripts [tor-browser-build] > * Bug 41043: Create script to push build requests to Mullvad build servers [tor-browser-build] > * Bug 41045: Dump more information about build times on Firefox [tor-browser-build] > * Bug 41048: Drop the kcp-go project [tor-browser-build] > * Windows + macOS + Linux > * Bug 41031: Add command to unsign .mar files and compare with sha256sums-unsigned-build.txt [tor-browser-build] > * Bug 41056: Make it possible to use templates in var/torbrowser_incremental_from [tor-browser-build] > * Bug 41057: make fetch is not fetching mullvad repo [tor-browser-build] > * Windows + macOS > * Bug 41016: Switch from bullseye to bookworm for desktop platforms [tor-browser-build] > * Windows > * Bug 41015: Enable std::filesystem on libc++ on Windows [tor-browser-build] > * Bug 41030: Add command to unsign .exe files and compare with sha256sums-unsigned-build.txt [tor-browser-build] > * macOS > * Bug 40990: Remove old macos signing scripts [tor-browser-build] > * Linux > * Bug 41046: Use the final path for Linux debug symbols [tor-browser-build] best, -richard

1 0

Tor Browser 13.0.8 (Windows, macOS, Linux)
by Richard Pospesel 21 Dec '23

21 Dec '23

Hi everyone, Tor Browser 13.0.8 has now been published for all desktop platforms. This is an emergency release specifically for Windows 7 and 8 users to deal with crashing pluggable transports. For details please see our blog post: - https://blog.torproject.org/new-release-tor-browser-1308/ Changelog: > Tor Browser 13.0.8 - December 20 2023 > * Windows > * Bug 41053: All PT's crash instantly in 13.0.7 [tor-browser-build] > * Bug 42179: PTs on Tor Browser 13 do not work with Windows 7 [tor-browser] > * Linux > * Bug 41050: Improve the disk leak sanitization on start-$browser [tor-browser-build] > * Build System > * All Platforms > * Bug 41042: Add options to include updates in the changelog scripts [tor-browser-build] > * Bug 41043: Create script to push build requests to Mullvad build servers [tor-browser-build] best, -richard

1 0

New Release: Tor Browser 13.0.7 (Android, Windows, macOS, Linux)
by Richard Pospesel 20 Dec '23

20 Dec '23

Hi everyone, Tor Browser 13.0.7 has now been published for all platforms. For details please see our blog post: - https://blog.torproject.org/new-release-tor-browser-1307/ Changelog: > Tor Browser 13.0.7 - December 19 2023 > * All Platforms > * Updated tor to 0.4.8.10 > * Updated NoScript to 11.4.29 > * Bug 42042: view-source:http://ip-address does not work because of HTTPS Only [tor-browser] > * Bug 42261: Update the icon of Startpage search engine [tor-browser] > * Bug 42330: Rebase stable browsers to 115.6.0esr [tor-browser] > * Bug 42334: Keep returning ERROR_ONION_WITH_SELF_SIGNED_CERT only for .onion sites whose cert throws ERROR_UNKNOWN_ISSUER [tor-browser] > * Windows + macOS + Linux > * Updated Firefox to 115.6.0esr > * Bug 42283: Tor Browser shouldn't ship blockchair by default [tor-browser] > * Android > * Updated GekcoView to 115.6.0esr > * Bug 42285: Update the gitignore to use the correct paths for tor stuff [tor-browser] > * Bug 42339: Backport Android security fixes from Firefox 121 to 115.6 - based Tor Browser [tor-browser] > * Build System > * All Platforms > * Update Go to 1.21.5 > * Bug 40884: Script to automate uploading sha256s and signatures to location signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo expects them to be [tor-browser-build] > * Bug 41026: Do not use ~ when uploading the signed hashes [tor-browser-build] > * Bug 41036: Remove go_vendor-lyrebird-nightly makefile target, and rename go_vendor-$project-alpha makefile targets to go_vendor-$project [tor-browser-build] > * Bug 41039: Update tools/signing/upload-update_responses-to-staticiforme to keep download-*json files from previous release when new release does not include them [tor-browser-build] > * macOS > * Bug 40990: Remove old macos signing scripts [tor-browser-build] best, -richard

1 0

[RELEASE] Tor security release 0.4.8.10
by David Goulet 08 Dec '23

08 Dec '23

Greetings, We just released 0.4.8.10 fixing a high severity security bug. https://forum.torproject.org/t/security-release-0-4-8-10/10536 Please upgrade as soon as possible! ChangeLog is below. Cheers! David Changes in version 0.4.8.10 - 2023-12-08 This is a security release fixing a high severity bug (TROVE-2023-007) affecting Exit relays supporting Conflux. We strongly recommend to update as soon as possible. o Major bugfixes (TROVE-2023-007, exit): - Improper error propagation from a safety check in conflux leg linking lead to a desynchronization of which legs were part of a conflux set, ultimately causing a UAF and NULL pointer dereference crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha. o Minor features (fallbackdir): - Regenerate fallback directories generated on December 08, 2023. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2023/12/08. o Minor bugfixes (bridges, statistics): - Correctly report statistics for client count over Pluggable transport. Fixes bug 40871; bugfix on 0.4.8.4 -- KoiYV0r+s/gBA1mtD5BF4cLB+oko0QSvpdfwKThv3Ko=

1 0

New Release: Tor Browser 13.0.6 (Windows, macOS, Linux)
by Richard Pospesel 05 Dec '23

05 Dec '23

Hi everyone, Tor Browser 13.0.6 has now been published for all platforms. This is an unscheduled release intended to fix a crash bug for Tor Browser users on systems using Wayland. For details please see our blog post: - https://blog.torproject.org/new-release-tor-browser-1306/ Changelog: > Tor Browser 13.0.6 - December 04 2023 > * All Platforms > * Bug 42288: Allow language spoofing in status messages [tor-browser] > * Windows + macOS + Linux > * Bug 42302: The allowed ports string contains a typo [tor-browser] > * Bug 42231: Improve the network monitor patch for http onion resources [tor-browser] > * Bug 42299: After adding incorrect bridge addres on user cannot go back to the Connection page [tor-browser] > * Linux > * Bug 17560: Downloaded URLs disk leak on Linux [tor-browser] > * Bug 42306: Tor Browser crashes when extensions popups are opened with Wayland enabled [tor-browser] > * Bug 41017: Disable Nvidia shader cache [tor-browser-build] > * Build System > * All Platforms > * Bug 41027: Remove tb-build-04 and tb-build-05 from tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo [tor-browser-build] > * Bug 40936: Revert tor-browser-build#40933 [tor-browser-build] > * Bug 40995: Use cdn.stagemole.eu instead of cdn.devmole.eu in download-unsigned-sha256sums-gpg-signatures-from-people-tpo [tor-browser-build] > * Bug 40064: Using exec on project with no git_url/hg_url is causing warning [rbm] > * Windows + macOS + Linux > * Bug 41031: Add command to unsign .mar files and compare with sha256sums-unsigned-build.txt [tor-browser-build] > * Windows > * Bug 41030: Add command to unsign .exe files and compare with sha256sums-unsigned-build.txt [tor-browser-build] > * Android > * Bug 41024: Fix android filenames in Release Prep issue templates [tor-browser-build] best, -richard

1 0