February 2025 - tor-announce - lists.torproject.org

New Release: Tor Browser 14.5a3 (Android, Windows, macOS, Linux)
by Morgan 11 Feb '25

11 Feb '25

Hi everyone, Tor Browser 14.5a3 has now been published for all platforms. For details please see our blog post: - https://blog.torproject.org/new-alpha-release-tor-browser-145a3/ Changelog: > Tor Browser 14.5a3 - February 10 2025 > * All Platforms > * Bug 41065: navigator.storage "best effort" + "persistent" leak partitionSize/totalSpace entropy [tor-browser] > * Bug 41921: Clean up initialisation and bridges conflict between TorSettings and TorConnect [tor-browser] > * Bug 43308: Only allow "about:" pages to have access to contentaccessible branding assets [tor-browser] > * Bug 43323: Expose a stable asset from chrome:// to identify Tor, Base, and Mullvad Browser [tor-browser] > * Bug 43449: Rebase Tor Browser alpha onto 128.7.0esr [tor-browser] > * Bug 43451: Backport security fixes from Firefox 135 [tor-browser] > * Bug 41362: Remove meek azure from the builtin bridges [tor-browser-build] > * Windows + macOS + Linux > * Updated Firefox to 128.7.0esr > * Bug 41831: Some .tor.onion sites are not displaying the underlying V3 onion address in alpha [tor-browser] > * Bug 43254: Cancel Moat requests when no longer needed [tor-browser] > * Bug 43386: Extension requests expose Firefox's minor version and custom app name [tor-browser] > * Bug 43398: tor-urlbar-button-plain hover styling is overwritten by tor-button rule [tor-browser] > * Bug 43406: 2 buttons displayed onion-available and connect when Tor daemon killed [tor-browser] > * Bug 43461: Drop our wordmark padding [tor-browser] > * Bug 43462: Use NetworkLinkService instead of Moat for the internet test [tor-browser] > * Bug 43466: Drop unnecessary CSS rules in branding aboutDialog.css [tor-browser] > * Windows > * Bug 43402: set browser.startup.blankWindow false [tor-browser] > * macOS > * Bug 43468: ScreenCaptureKit framework should be a weak link [tor-browser] > * Linux > * Bug 41297: Add video codecs dependencies (recommends) on the Debian package [tor-browser-build] > * Android > * Updated GeckoView to 128.7.0esr > * Bug 43198: Remove "Learn more" link from Android's no-internet error [tor-browser] > * Bug 43199: Bootstrapping bar needs a little TLC on Android (Part 1) [tor-browser] > * Bug 43222: All tor logs timestamps reset to current time when opening screen [tor-browser] > * Bug 43351: Don't force ALL CAPS for the fenix snackbar action button text [tor-browser] > * Bug 43359: [Android] Improper handling of TorBootstrapChangeListener with respect to system onDestroy() calls for HomeActivity [tor-browser] > * Bug 43360: [Android] Replace custom variable isBeingRecreated with built-in isFinishing function [tor-browser] > * Bug 43368: Add @Suppress for incorrect linting error "Overriding method should call super. onNewIntent" [tor-browser] > * Build System > * All Platforms > * Updated Go to 1.22.12 > * Bug 41281: Better dev defaults for fetch variable [tor-browser-build] > * Bug 41324: Improve build signing ergonomics [tor-browser-build] > * Bug 41345: Go autoupdates in 1.23 so add env var to prevent it in any step that has network access [tor-browser-build] > * Bug 41357: keyring/anti-censorship.gpg is in `GPG keybox database version 1` format [tor-browser-build] > * Bug 41358: Update sign-tag script to handle rapid-release nightly branches [tor-browser-build] > * Bug 40079: Make `fetch: if_needed` fetch existing branches [rbm] > * Windows + macOS + Linux > * Bug 41356: Add redirects to make 14.0a4 a watershed [tor-browser-build] > * macOS > * Bug 41350: Increase timeout in rcodesign-notary-submit [tor-browser-build] best, -morgan

1 0

[RELEASE] Tor 0.4.8.14 stable
by David Goulet 05 Feb '25

05 Feb '25

Greetings, We just released tor 0.4.8.14. https://forum.torproject.org/t/stable-release-0-4-8-14/17242 Here is the ChangeLog: Changes in version 0.4.8.14 - 2025-02-05 Minor release fixing a major bug affecting onion service directory cache, also known as HSDir. Furthermore, the fallbackdir list had more than 25% of its entries unreachable or gone from the consensus. As usual, we strongly recommend to update to this version as soon as possible. o Major bugfixes (onion service directory cache): - When the OOM killer kicks in, cleanup the descriptor cache of an HSDir by looking at the lowest downloaded count instead of time in cache. Fixes bug 40996; bugfix on 0.3.5.1-alpha. o Minor feature (testing): - test-network now unconditionally includes IPv6 instead of trying to detect IPv6 support. o Minor features (fallbackdir): - Regenerate fallback directories generated on February 05, 2025. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2025/02/05. o Minor bugfixes (memory): - Fix a pointer free that wasn't set to NULL afterwards which could be reused by calling back in the free all function. Fixes bug 40989; bugfix on 0.4.8.13. Cheers! David -- hH04sdDF8KiEr2kW7K1NBEXCBQNcrSHad2ksrzivfJM=

1 0

New Releases: Tor Browser 14.0.5 (Android, Windows, macOS, Linux) and 13.5.12 (Windows, macOS)
by Pier Angelo Vendrame 04 Feb '25

04 Feb '25

Hi everyone, Tor Browser 14.0.5 has now been published for all platforms. For details please see our blog post: - https://blog.torproject.org/new-release-tor-browser-1405/ Changelog: > * All Platforms > * Bug 41065: navigator.storage "best effort" + "persistent" leak > partitionSize/totalSpace entropy [tor-browser] > * Bug 43386: Extension requests expose Firefox's minor version and > custom app name [tor-browser] > * Bug 43447: Backport stable and legacy: Some .tor.onion sites are > not displaying the underlying V3 onion address in alpha [tor-browser] > * Bug 43448: Rebase Tor Browser release onto 128.7.0esr [tor-browser] > * Bug 43451: Backport security fixes from Firefox 135 [tor-browser] > * Bug 41328: Exclude tor dependencies from LD_LIBRARY_PATH > [tor-browser-build] > * Windows + macOS + Linux > * Updated Firefox to 128.7.0esr > * Bug 43312: Download popup panel progress bar overflows [tor-browser] > * Linux > * Bug 43236: High refresh rate detectable by websites when Wayland > (MOZ_ENABLE_WAYLAND=1) is used [tor-browser] > * Bug 43326: Launching tor-browser on gentoo fails with "version > `OPENSSL_3.2.0' not found" [tor-browser] > * Android > * Updated GeckoView to 128.7.0esr > * Build System > * All Platforms > * Updated Go to 1.22.11 > * Bug 41324: Improve build signing ergonomics [tor-browser-build] > * Bug 41343: Add signing step to clean some files such as test > artifacts [tor-browser-build] > * Bug 41345: Go autoupdates in 1.23 so add env var to prevent it > in any step that has network access [tor-browser-build] > * Bug 41350: Increase timeout in rcodesign-notary-submit > [tor-browser-build] > * Bug 41357: keyring/anti-censorship.gpg is in `GPG keybox > database version 1` format [tor-browser-build] In addition to that, we published Tor Browser 13.5.12 for legacy platforms (Windows 7 and 8, macOS <= 10.14): - https://blog.torproject.org/new-release-tor-browser-13512/ Changelog: > * All Platforms > * Updated Firefox to 115.20.0esr > * Bug 43447: Backport stable and legacy: Some .tor.onion sites are > not displaying the underlying V3 onion address in alpha [tor-browser] > * Bug 43450: Rebase Tor Browser legacy onto 115.20.0esr [tor-browser] > * Bug 43451: Backport security fixes from Firefox 135 [tor-browser] > * Build System > * All Platforms > * Bug 41324: Improve build signing ergonomics [tor-browser-build] > * Bug 41350: Increase timeout in rcodesign-notary-submit > [tor-browser-build] > * Bug 41357: keyring/anti-censorship.gpg is in `GPG keybox > database version 1` format [tor-browser-build] Best, Pier Angelo Vendrame

1 0