April 2024 - tor-announce - lists.torproject.org

New Release: Tor Browser 13.5a7 (Android, Windows, macOS, Linux)
by Nicolas Vigier 30 Apr '24

30 Apr '24

Hi everyone, Tor Browser 13.5a7 has now been published for all platforms. For details please see our blog post: https://blog.torproject.org/new-alpha-release-tor-browser-135a7/ Changelog: * All Platforms * Updated Tor to 0.4.8.11 * Bug 40919: Consider dropping protection against line-height introduced in #23104 [tor-browser] * Bug 42315: compat: why is eventCounts undefined? [tor-browser] * Bug 42476: Only allow Lox (invites) in alpha and nightly builds [tor-browser] * Bug 42479: Switch from localized strings to error codes in TorConnect errors [tor-browser] * Bug 42512: Rebase Tor Browser alpha onto 115.10.0esr [tor-browser] * Bug 42521: Remove unused onboarding strings [tor-browser] * Bug 42529: Try not to spoof system-ui in contexts exempt from RFP [tor-browser] * Bug 42537: Move Fluent files from "browser" to "toolkit" [tor-browser] * Bug 42538: Move onion icons to toolkit [tor-browser] * Bug 41111: Use Lyrebird to provide WebTunnel PT Client [tor-browser-build] * Windows + macOS + Linux * Updated Firefox to 115.10.0esr * Bug 40843: Add a working state to the Internet test button in connection settings [tor-browser] * Bug 41622: Convert onion site errors to the new neterror template [tor-browser] * Bug 41966: Cannot remove locales from the locale alternatives list [tor-browser] * Bug 42192: Correctly round new windows when bookmarks toolbar is set to "Only Show on New Tab" [tor-browser] * Bug 42202: Fluent migration: crypto safety [tor-browser] * Bug 42206: Fluent migration: about:rulesets [tor-browser] * Bug 42207: Fluent migration: preferences [tor-browser] * Bug 42210: Fluent migration: download warning [tor-browser] * Bug 42457: Loading icon for bridge pass (Lox) invites [tor-browser] * Bug 42489: Lox module notifications [tor-browser] * Bug 42490: Install svg from branding theme to browser/chrome/icons/default [tor-browser] * Bug 42496: Moat refresh bug [tor-browser] * Bug 42500: When startup window is maximized per letterboxing.rememberSize on startup, the restore button shrinks it to its minimum size [tor-browser] * Bug 42504: TB Bookmarks: Add the Tor forum .onion to the bookmarks [tor-browser] * Bug 42510: SETCONF Tor control protocol command should not be used when system Tor is configured / TOR_SKIP_LAUNCH=1 is not honored [tor-browser] * Bug 42511: false positive message: browser tab bar shows "Not connected" even though connected in a system Tor etc. context [tor-browser] * Bug 42520: Correctly record new initial window size after auto-shrinking [tor-browser] * Bug 42532: Use the HomePage module for new identity checks [tor-browser] * Bug 42533: Add Lox notification for activeLoxId [tor-browser] * Bug 42540: Fix gNetworkStatus.deinint typo [tor-browser] * Bug 289: The Letterboxing>Content Alignment heading doesn't follow the Firefox design document capitalization [mullvad-browser] * Windows * Bug 41901: windows: FontSubstitutes can leak system locale [tor-browser] * Linux * Bug 41112: Fix indentation of projects/browser/RelativeLink/start-browser [tor-browser-build] * Android * Updated GeckoView to 115.10.0esr * Updated zstd to 1.5.6 * Bug 42017: TBA13: system/widget font tests: font-family not returned in getComputedStyle [tor-browser] * Bug 42195: Fix "What's new" URL to direct to latest version [tor-browser] * Bug 42486: firefox-android bridge settings sometimes dont save [tor-browser] * Bug 42522: The quick connect switch on Android seems too much on the right side [tor-browser] * Build System * All Platforms * Updated Go to 1.21.9 * Bug 42516: Make tb-dev worktree-compatible [tor-browser] * Bug 41122: Add release date to rbm.conf [tor-browser-build] * Windows + macOS + Linux * Bug 42501: Move `--disable-eme` to OS- and architecture-specific mozconfigs [tor-browser] * Bug 42519: Update the profile directory patch to check both for `system-install` and for `is-packaged-app` file [tor-browser] * macOS * Bug 42535: mac: app change to ja doesn't apply ja translations to most (all?) chrome [tor-browser] * Bug 41124: Since TB/MB 13.5a5 macos signed installers contain all .DS_Store [tor-browser-build] * Linux * Bug 42491: Add mozconfig-linux-aarch64 [tor-browser] * Android * Bug 40992: Updated torbrowser_version number is not enough to change firefox-android versionCode number [tor-browser-build] * Bug 41127: Android testbuilds fail because of the too early MOZ_BUILD_DATE [tor-browser-build]

1 0

[RELEASE] Onionprobe release 1.2.0
by rhatto 25 Apr '24

25 Apr '24

Greetings, We just released Onionprobe 1.2.0, a tool for testing and monitoring the status of Onion Services: https://gitlab.torproject.org/tpo/onion-services/onionprobe This release requires a database migration for those using the monitoring node: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/blob/main/doc… # ChangeLog ## v1.2.0 - 2024-04-24 ### Features * New metrics ([tpo/onion-services/onionprobe#78][]): * From the outer descriptor wrapper: * `descriptor-lifetime`. * `revision-counter`. * From the second layer of encryption: * `single-onion-service`. * `pow-params`. * HSDir latency when fetching descriptors. * Enhanced Grafana Dashboard ([tpo/onion-services/onionprobe#80][]) with the following new visualizations: * Overview: * Current failure rate of onionsites. * Total expiring certificates in the next 7 days. * List of certificate expirations up to the next 180 days. * List of unreachable instances. * Graph with the total unreachable instances. * List of invalid HTTPS certificates. * List of services with HTTPS errors. * Performance: * Total of minimum, average and maximum service connection latency. * Total of minimum, average and maximum descriptor fetch latency. * Chart of minimum, average and maximum service connection latency. * Chart of minimum, average and maximum descriptor fetch latency. * Rate of services using the single hop mode, relative to the total services monitored. * List of slow services. * Descriptors: * List of services missing a published descriptor. * Chart of the minimum, average and maximum descriptor sizes (decrypted outer layer). * Chart of the minimum, average and maximum descriptor sizes (decrypted second layer). * Introduction points: * Chart of minimum, average and maximum number of introduction points per service. * List of services and it's number of introduction points. * HSDir: * Total number of HSDirs tested. * Chart of minimum, average and maximum HSDir latency for fetching descriptors. * List of HSDirs sorted by descriptor fetch latency. * Proof of Work (PoW): * Ratio of services with PoW enabled, relative to the total services monitored. * Total number of services with PoW enabled. * Chart of minimum, average and maximum PoW v1 effort seem. * List of services with PoW enabled. * List of services with PoW enabled with effort greater than zero. * Improved log message for elapsed time. * New log messages for: * Number of introduction points. * HS_DESC events: * Descriptor reachability. * HSDir used. * Create a GitLab release at every new tag (experimental) ([tpo/onion-services/onionprobe#82][]). * Running lintian on CI to check the generated Debian package. [tpo/onion-services/onionprobe#78]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/78 [tpo/onion-services/onionprobe#80]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/80 [tpo/onion-services/onionprobe#82]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/82 ### Fixes * Manpage generation is now compatible with the Onion Services Ecosystem Portal ([tpo/onion-services/ecosystem#1][]). * Use the correct copyright line in source files. * Support for a wider range of [pyca/cryptography][] versions at `setup.cfg`. * Display Tor bootstrap messages only for the debug log level. * Disable stem logging if log level is below debug ([tpo/onion-services/onionprobe#63][]). * Exit codes now reflects reality ([tpo/onion-services/onionprobe#64][]). * Calculate the elapsed time for descriptors right after fetching. * Updated the [SecureDrop list][]. * Upgraded Grafana image to 10.4.2. * Upgraded Alertmanager image to 0.27.0. * Upgraded Prometheus image to 2.51.2. * Upgraded PostgreSQL image to 16. Please run the [needed upgrading steps](upgrading.md#major-upgrades). * Upgraded CI and container images to Debian bookworm. * Upgraded `vendors/onion-mkdocs`. [tpo/onion-services/ecosystem#1]: https://gitlab.torproject.org/tpo/onion-services/ecosystem/-/issues/1 [pyca/cryptography]: https://cryptography.io [tpo/onion-services/onionprobe#63]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/63 [tpo/onion-services/onionprobe#64]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/issues/64 [SecureDrop list]: https://gitlab.torproject.org/tpo/onion-services/onionprobe/-/blob/main/con… -- Silvio Rhatto pronouns he/him

1 0

New Release: Tor Browser 13.0.14 (Android, Windows, macOS, Linux)
by Richard Pospesel 16 Apr '24

16 Apr '24

Hi everyone, Tor Browser 13.0.14 has now been published for all platforms. For details please see our blog post: - https://blog.torproject.org/new-release-tor-browser-13014/ Changelog: > Tor Browser 13.0.14 - April 16 2024 > * All Platforms > * Updated Tor to 0.4.8.11 > * Bug 41676: Set privacy.resistFingerprinting.testing.setTZtoUTC as a defense-in-depth [tor-browser] > * Bug 42335: Do not localize the order of locales for app lang [tor-browser] > * Bug 42428: Timezone offset leak via document.lastModified [tor-browser] > * Bug 42472: Timezone may leak from XSLT Date function [tor-browser] > * Bug 42508: Rebase Tor Browser stable onto 115.10.0esr [tor-browser] > * Windows + macOS + Linux > * Updated Firefox to 115.10.0esr > * Bug 42172: browser.startup.homepage and TOR_DEFAULT_HOMEPAGE are ignored for the new window opened by New Identity [tor-browser] > * Bug 42236: Let users decide whether to load their home page on new identity. [tor-browser] > * Bug 42468: App languages not sorted correctly in stable [tor-browser] > * Linux > * Bug 41110: Avoid Fontconfig warning about "ambiguous path" [tor-browser-build] > * Android > * Updated GeckoView to 115.10.0esr > * Bug 42509: Backport Android security fixes from Firefox 125 [tor-browser] > * Build System > * All Platforms > * Updated Go to 1.21.8 > * Bug 41107: Update download-unsigned-sha256sums-gpg-signatures-from-people-tpo for new type of URL [tor-browser-build] > * Bug 41122: Add release date to rbm.conf [tor-browser-build] > * Android > * Bug 40992: Updated torbrowser_version number is not enough to change firefox-android versionCode number [tor-browser-build] best, -richard

1 0

[RELEASE] Tor 0.4.8.11
by David Goulet 11 Apr '24

11 Apr '24

Greetings, We just released tor 0.4.8.11. https://forum.torproject.org/t/stable-release-0-4-8-11/12265 Here is the ChangeLog. Changes in version 0.4.8.11 - 2024-04-10 This is a minor release mostly to upgrade the fallbackdir list. Worth noting also that directory authority running this version will now automatically reject relays running the end of life 0.4.7.x version. o Minor feature (authority): - Reject 0.4.7.x series at the authority level. Closes ticket 40896. o Minor feature (dirauth, tor26): - New IP address and keys. o Minor feature (directory authority): - Allow BandwidthFiles "node_id" KeyValue without the dollar sign at the start of the hexdigit, in order to easier database queries combining Tor documents in which the relays fingerprint does not include it. Fixes bug 40891; bugfix on 0.4.7 (all supported versions of Tor). o Minor features (fallbackdir): - Regenerate fallback directories generated on April 10, 2024. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2024/04/10. o Minor bugfixes (directory authorities): - Add a warning when publishing a vote or signatures to another directory authority fails. Fixes bug 40910; bugfix on 0.2.0.3-alpha. Cheers! David -- hGC+wGuxU8cGa7qMZ0dChtr3rKmMLXWpwr7PX8zIlP8=

1 0