- tor-announce - lists.torproject.org

Tor Browser 9.0.2 is released
by Nicolas Vigier 03 Dec '19

03 Dec '19

Tor Browser 9.0.2 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/9.0.2/ This release features important security updates [3] to Firefox. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/ This new stable release is picking up security fixes for Firefox 68.3.0esr and updating our external extensions (NoScript and HTTPS Everywhere) to their latest versions. Apart from backports for patches that already landed in alpha releases and fixing an error in our circuit display and improving our letterboxing support, Tor Browser 9.0.2 provides properly localized Android bundles again as well. _Reproducible Builds_ The issue with reproducible builds mentioned in the 9.0.1 blog post [4] is still present in this release. We however made progress on understanding the issue [5] and are getting closer to a fix. 4: https://blog.torproject.org/new-release-tor-browser-901 5: https://trac.torproject.org/projects/tor/ticket/32053 _ChangeLog_ The full changelog since Tor Browser 9.0.1 is: * All Platforms * Update Firefox to 68.3.0esr * Bump NoScript to 11.0.9 * Bug 32362: NoScript TRUSTED setting doesn't work * Bug 32429: Issues with about:blank and NoScript on .onion sites * Bump HTTPS Everywhere to 2019.11.7 * Bug 27268: Preferences clean-up in Torbutton code * Translations update * Windows + OS X + Linux * Bug 32125: Fix circuit display for bridge without a fingerprint * Bug 32250: Backport enhanced letterboxing support (bug 1546832 and 1556017) * Windows * Bug 31989: Backport backout of old mingw-gcc patch * Bug 32616: Disable GetSecureOutputDirectoryPath() functionality * Android * Bug 32365: Localization is broken in Tor Browser 9 on Android * Build System * All Platforms * Bug 32413: Bump Go version to 1.12.13

1 0

Tor Browser 9.0.1 is released
by Nicolas Vigier 08 Nov '19

08 Nov '19

Tor Browser 9.0.1 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/9.0.1/ Tor Browser 9.0.1 is the first bugfix release in the 9.0 series and aims to mostly fix regressions and provide small improvements related to our 9.0 release. Additionally, we are adding a banner on the starting page for our fundraising campaign Take Back the Internet with Tor [3]. 3: https://blog.torproject.org/take-back-internet-us _Known Issue_ For each new release, two members from our team are building the release separately and compare the result to make sure that it is reproducible [4]. For the 9.0 and 9.0.1 releases, however, an issue [5] that we are still investigating is making our build not completely deterministic. As a workaround for this issue, we had to do multiple builds until we got matching builds. You might need to do the same if you are trying to reproduce our build [6]. 4: https://reproducible-builds.org/ 5: https://trac.torproject.org/projects/tor/ticket/32053 6: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#Buildi… _ChangeLog_ The full changelog since Tor Browser 9.0 is: * All Platforms * Update NoScript to 11.0.4 * Bug 21004: Don't block JavaScript on onion services on medium security * Bug 27307: NoScript marks HTTP onions as not secure * Bug 30783: Fundraising banner for EOY 2019 campain * Bug 32321: Don't ping Mozilla for Man-in-the-Middle-detection * Bug 27268: Preferences clean-up * Windows + OS X + Linux * Update Tor Launcher to 0.2.20.2 * Bug 32164: Trim each received log line from tor * Translations update * Bug 31803: Replaced about:debugging logo with flat version * Bug 31764: Fix for error when navigating via 'Paste and go' * Bug 32169: Fix TB9 Wikipedia address bar search * Bug 32210: Hide the tor pane when using a system tor * Bug 31658: Use builtin --panel-disabled-color for security level text * Bug 32188: Fix localization on about:preferences#tor * Bug 32184: Red dot is shown while downloading an update * Android * Bug 32342: Crash when changing the browser locale

1 0

Tor Browser 9.0 is released
by Nicolas Vigier 24 Oct '19

24 Oct '19

Tor Browser 9.0 is now available from the Tor Browser download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/9.0/ This release features important security updates [3] to Firefox. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/ Tor Browser 9.0 is the first stable release based on Firefox 68 ESR and contains a number of updates to other components as well (including Tor to 0.4.1.6 [4] and OpenSSL to 1.1.1d for desktop versions and Tor to 0.4.1.5 [5] for Android). 4: https://blog.torproject.org/new-release-tor-0416 5: https://blog.torproject.org/new-release-tor-0415 In addition to all the needed patch rebasing and toolchain updates, we made big improvements to make Tor Browser work better for you. We want everyone in the world to be able to enjoy the privacy and freedom online Tor provides, and that's why over the past couple years, we've been working hard to boost our UX and localization efforts, with the biggest gains first visible in Tor Browser 8.0 [6]. 6: https://blog.torproject.org/new-release-tor-browser-80 In Tor Browser 9.0, we continue to build upon those efforts with sleeker integration and additional localization support. _Goodbye, Onion Button_ We want your experience using Tor to be fully integrated within the browser so how you use Tor is more intuitive. That's why now, rather than using the onion button that was in the toolbar, you can see your path through the Tor network and request a New Circuit through the Tor network in [i] on the URL bar. Circuit display: https://blog.torproject.org/sites/default/files/inline-images/tor-circuit-d… _Hello, New Identity Button_ Instead of going into the onion button to request a New Identity, we've made this important feature easier to access by giving it its own button in the toolbar. You can also request a New Identity, and a New Circuit, from within the [=] menu on the toolbar. New Identity Button: https://blog.torproject.org/sites/default/files/inline-images/toolbar%20upd… New Identity Menu: https://blog.torproject.org/sites/default/files/inline-images/tor-new-ident… _Torbutton and Tor Launcher Integration_ Now that both extensions are tightly integrated into Tor Browser, they'll no longer be found on the about:addons page. about:preferences: https://blog.torproject.org/sites/default/files/inline-images/about-prefere… We redesigned the bridge and proxy configuration dialogs and include them directly into the browser's preference settings as well. Rather than being a submenu behind the onion button, Tor Network Settings, including the ability to fetch bridges to bypass censorship where Tor is blocked, are easier to access on about:preferences#tor. _Letterboxing_ Tor Browser in its default mode is starting with a content window rounded to a multiple of 200px x 100px  to prevent fingerprinting the screen dimensions. The strategy here is to put all users in a couple of buckets to make it harder to single them out. That worked so far until users started to resize their windows (e.g. by maximizing them or going into fullscreen mode). Tor Browser 9 ships with a fingerprinting defense for those scenarios as well, which is called Letterboxing [7], a technique developed by Mozilla and presented earlier this year [8]. It works by adding white margins to a browser window so that the window is as close as possible to the desired size while users are still in a couple of screen size buckets that prevent singling them out with the help of screen dimensions. 7: https://en.wikipedia.org/wiki/Letterboxing_(filming) 8: https://www.zdnet.com/article/firefox-to-add-tor-browser-anti-fingerprintin… _Better Localization Support_ If we want all people around the world to be able to use our software, then we need to make sure it's speaking their language. Since 8.0 [9], Tor Browser has been available in 25 languages and we added 5 locales more in Tor Browser 8.5. Today, we add support for two additional languages: Macedonian (mk) and Romanian (ro), bringing the number of supported languages to 32. 9: https://blog.torproject.org/new-release-tor-browser-80 We also fixed bugs in our previously shipped localized bundles (such as ar and ko). Many thanks to everyone who helped with these, in particular to our translators [10]. 10: https://blog.torproject.org/honoring-translators _Known Issue_ As usual when preparing Tor Browser releases, we verified that the build is bit-for-bit reproducible [11]. While we managed to get two matching builds, we found that in some occasions the builds differ (we found this happening on the Linux i686 [12] and macOS [13] bundles). We are still investigating the cause of this issue to fix it. 11: https://reproducible-builds.org/ 12: https://trac.torproject.org/projects/tor/ticket/32052 13: https://trac.torproject.org/projects/tor/ticket/32053 _Give Feedback_ If you find a bug or have a suggestion for how we could improve this release, please let us know [14]. Thanks to all of the teams across Tor [15], and the many volunteers, who contributed to this release. 14: https://support.torproject.org/misc/bug-or-feedback/ 15: https://trac.torproject.org/projects/tor/wiki/org/teams _Changelog_ The full changelog since Tor Browser 8.5.6 is: * All Platforms * Update Firefox to 68.2.0esr * Bug 31740: Remove some unnecessary RemoteSettings instances * Bug 13543: Spoof smooth and powerEfficient for Media Capabilities * Bug 28196: about:preferences is not properly translated anymore * Bug 19417: Disable asmjs on safer and safest security levels * Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING * Bug 31935: Disable profile downgrade protection * Bug 16285: Disable DRM/EME on Android and drop Adobe CDM * Bug 31602: Remove Pocket indicators in UI and disable it * Bug 31914: Fix eslint linter error * Bug 30429: Rebase patches for Firefox 68 ESR * Bug 31144: Review network code changes for Firefox 68 ESR * Bug 10760: Integrate Torbutton into Tor Browser directly * Bug 25856: Remove XUL overlays from Torbutton * Bug 31322: Fix about:tor assertion failure debug builds * Bug 29430: Add support for meek_lite bridges to bridgeParser * Bug 28561: Migrate "About Tor Browser" dialog to tor-browser * Bug 30683: Prevent detection of locale via some *.properties * Bug 31298: Backport patch for #24056 * Bug 9336: Odd wyswig schemes without isolation for browserspy.dk * Bug 27601: Browser notifications are not working anymore * Bug 30845: Make sure internal extensions are enabled * Bug 28896: Enable extensions in private browsing by default * Bug 31563: Reload search extensions if extensions.enabledScopes has changed * Bug 31396: Fix communication with NoScript for security settings * Bug 31142: Fix crash of tab and messing with about:newtab * Bug 29049: Backport JS Poison Patch * Bug 25214: Canvas data extraction on locale pdf file should be allowed * Bug 30657: Locale is leaked via title of link tag on non-html page * Bug 31015: Disabling SVG hides UI icons in extensions * Bug 30681: Set security.enterprise_roots.enabled to false * Bug 30538: Unable to comment on The Independent Newspaper * Bug 31209: View PDF in Tor Browser is fuzzy * Translations update * Windows + OS X + Linux * Update Tor to 0.4.1.6 * Update OpenSSL to 1.1.1d * Bug 31844: OpenSSL 1.1.1d fails to compile for some platforms/architectures * Update Tor Launcher to 0.2.20.1 * Bug 28044: Integrate Tor Launcher into tor-browser * Bug 32154: Custom bridge field only allows one line of input * Bug 31286: New strings for about:preferences#tor * Bug 31303: Do not launch tor in browser toolbox * Bug 32112: Fix bad & escaping in translations * Bug 31491: Clean up the old meek http helper browser profiles * Bug 29197: Remove use of overlays * Bug 31300: Modify Tor Launcher so it is compatible with ESR68 * Bug 31487: Modify moat client code so it is compatible with ESR68 * Bug 31488: Moat: support a comma-separated list of transports * Bug 30468: Add mk locale * Bug 30469: Add ro locale * Bug 30319: Remove FTE bits * Translations update * Bug 32092: Fix Tor Browser Support link in preferences * Bug 32111: Fixed issue parsing user-provided bridge strings * Bug 31749: Fix security level panel spawning events * Bug 31920: Fix Security Level panel when its toolbar button moves to overflow * Bug 31748+31961: Fix 'Learn More' links in Security Level preferences and panel * Bug 28044: Integrate Tor Launcher into tor-browser * Bug 31059: Enable Letterboxing * Bug 30468: Add mk locale * Bug 30469: Add ro locale * Bug 29430: Use obfs4proxy's meek_lite with utls instead of meek * Bug 31251: Security Level button UI polish * Bug 31344: Register SecurityLevelPreference's 'unload' callback * Bug 31286: Provide network settings on about:preferences#tor * Bug 31886: Fix ko bundle bustage * Bug 31768: Update onboarding for Tor Browser 9 * Bug 27511: Add new identity button to toolbar * Bug 31778: Support dark-theme for the Circuit Display UI * Bug 31910: Replace meek_lite with meek in circuit display * Bug 30504: Deal with New Identity related browser console errors * Bug 31929: Don't escape DTD entity in ar * Bug 31747: Some onboarding UI is always shown in English * Bug 32041: Replace = with real hamburguer icon ≡ * Bug 30304: Browser locale can be obtained via DTD strings * Bug 31065: Set network.proxy.allow_hijacking_localhost to true * Bug 24653: Merge securityLevel.properties into torbutton.dtd * Bug 31164: Set up default bridge at Karlstad University * Bug 15563: Disable ServiceWorkers on all platforms * Bug 31598: Disable warning on window resize if letterboxing is enabled * Bug 31562: Fix circuit display for error pages * Bug 31575: Firefox is phoning home during start-up * Bug 31491: Clean up the old meek http helper browser profiles * Bug 26345: Hide tracking protection UI * Bug 31601: Disable recommended extensions again * Bug 30662: Don't show Firefox Home when opening new tabs * Bug 31457: Disable per-installation profiles * Bug 28822: Re-implement desktop onboarding for ESR 68 * Windows * Bug 31942: Re-enable signature check for language packs * Bug 29013: Enable stack protection for Firefox on Windows * Bug 30800: ftp:// on Windows can be used to leak the system time zone * Bug 31547: Back out patch for Mozilla's bug 1574980 * Bug 31141: Fix typo in font.system.whitelist * Bug 30319: Remove FTE bits * OS X * Bug 30126: Make Tor Browser compatible with macOS 10.15 * Bug 31607: App menu items stop working on macOS * Bug 31955: On macOS avoid throwing inside nonBrowserWindowStartup() * Bug 29818: Adapt #13379 patch for 68esr * Bug 31464: Meek and moat are broken on macOS 10.9 with Go 1.12 * Linux * Bug 31942: Re-enable signature check for language packs * Bug 31646: Update abicheck to require newer libstdc++.so.6 * Bug 31968: Don't fail if /proc/cpuinfo is not readable * Bug 24755: Stop using a heredoc in start-tor-browser * Bug 31550: Put curly quotes inside single quotes * Bug 31394: Replace "-1" with "−1" in start-tor-browser.desktop * Bug 30319: Remove FTE bits * Android * Update Tor to 0.4.1.5 * Bug 31010: Rebase mobile patches for Fennec 68 * Bug 31010: Don't use addTrustedTab() on mobile * Bug 30607: Support Tor Browser running on Android Q * Bug 31192: Support x86_64 target on Android * Bug 30380: Cancel dormant by startup * Bug 30943: Show version number on mobile * Bug 31720: Enable website suggestions in address bar * Bug 31822: Security slider is not really visible on Android anymore * Bug 24920: Only create Private tabs in permanent Private Browsing Mode * Bug 31730: Revert aarch64-workaround against JIT-related crashes * Bug 32097: Fix conflicts in mobile onboarding while rebasing to 68.2.0esr * Build System * All Platforms * Bug 30585: Provide standalone clang 8 project across all platforms * Bug 30376: Use Rust 1.34 for Tor Browser 9 * Bug 30490: Add cbindgen project for building Firefox 68 ESR/Fennec 68 * Bug 30701: Add nodejs project for building Firefox 68 ESR/Fennec 68 * Bug 31621: Fix node bug that makes large writes to stdout fail * Bug 30734: Add nasm project for building Firefox 68 ESR/Fennec 68 * Bug 31293: Make sure the lo interface inside the containers is up * Bug 27493: Clean up mozconfig options * Bug 31308: Sync mozconfig files used in tor-browser over to tor-browser-build for esr68 * Windows * Bug 29307: Use Stretch for cross-compiling for Windows * Bug 29731: Remove faketime for Windows builds * Bug 30322: Windows toolchain update for Firefox 68 ESR * Bug 28716: Create mingw-w64-clang toolchain * Bug 28238: Adapt firefox and fxc2 projects for Windows builds * Bug 28716: Optionally omit timestamp in PE header * Bug 31567: NS_tsnprintf() does not handle %s correctly on Windows * Bug 31458: Revert patch for #27503 and bump mingw-w64 revision used * Bug 9898: Provide clean fix for strcmpi issue in NSPR * Bug 29013: Enable stack protection support for Firefox on Windows * Bug 30384: Use 64bit containers to build 32bit Windows Tor Browser * Bug 31538: Windows bundles based on ESR 68 are not built reproducibly * Bug 31584: Clean up mingw-w64 project * Bug 31596: Bump mingw-w64 version to pick up fix for #31567 * Bug 29187: Bump NSIS version to 3.04 * Bug 31732: Windows nightly builds are busted due to mingw-w64 commit bump * Bug 29319: Remove FTE support for Windows * OS X * Bug 30323: MacOS toolchain update for Firefox 68 ESR * Bug 31467: Switch to clang for cctools project * Bug 31465: Adapt tor-browser-build projects for macOS notarization * Linux * Bug 31448: gold and lld break linking 32bit Linux bundles * Bug 31618: Linux32 builds of Tor Browser 9.0a6 are not matching * Bug 31450: Still use GCC for our ASan builds * Bug 30321: Linux toolchain update for Firefox ESR 68 * Bug 30736: Install yasm from wheezy-backports * Bug 31447: Don't install Python just for Mach * Bug 30448: Strip Browser/gtk2/libmozgtk.so * Android * Bug 30324: Android toolchain update for Fennec 68 * Bug 31173: Update android-toolchain project to match Firefox * Bug 31389: Update Android Firefox to build with Clang * Bug 31388: Update Rust project for Android * Bug 30665: Get Firefox 68 ESR working with latest android toolchain * Bug 30460: Update TOPL project to use Firefox 68 toolchain * Bug 30461: Update tor-android-service project to use Firefox 68 toolchain * Bug 28753: Use Gradle with --offline when building the browser part * Bug 31564: Make Android bundles based on ESR 68 reproducible * Bug 31981: Remove require-api.patch * Bug 31979: TOPL: Sort dependency list * Bug 30665: Remove unnecessary build patches for Firefox

1 0

Tor 0.4.1.6 is released
by Nick Mathewson 19 Sep '19

19 Sep '19

Hello, everyone! (If you are about to reply saying "please take me off this list", instead please follow these instructions: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/ . If you have trouble, it is probably because you subscribed using a different address than the one you are trying to unsubscribe with. You will have to enter the actual email address you used when you subscribed.) Source code for Tor 0.4.1.6 is now available; you can download the source code from the usual place on the website, at https://www.torproject.org/download/tor/ . Packages should be available within the next several weeks, with a new Tor Browser in the next week or two. Changes in version 0.4.1.6 - 2019-09-19 This release backports several bugfixes to improve stability and correctness. Anyone experiencing build problems or crashes with 0.4.1.5, or experiencing reliability issues with single onion services, should upgrade. o Major bugfixes (crash, Linux, Android, backport from 0.4.2.1-alpha): - Tolerate systems (including some Android installations) where madvise and MADV_DONTDUMP are available at build-time, but not at run time. Previously, these systems would notice a failed syscall and abort. Fixes bug 31570; bugfix on 0.4.1.1-alpha. - Tolerate systems (including some Linux installations) where madvise and/or MADV_DONTFORK are available at build-time, but not at run time. Previously, these systems would notice a failed syscall and abort. Fixes bug 31696; bugfix on 0.4.1.1-alpha. o Minor features (stem tests, backport from 0.4.2.1-alpha): - Change "make test-stem" so it only runs the stem tests that use tor. This change makes test-stem faster and more reliable. Closes ticket 31554. o Minor bugfixes (build system, backport form 0.4.2.1-alpha): - Do not include the deprecated <sys/sysctl.h> on Linux or Windows systems. Fixes bug 31673; bugfix on 0.2.5.4-alpha. o Minor bugfixes (compilation, backport from 0.4.2.1-alpha): - Add more stub functions to fix compilation on Android with link- time optimization when --disable-module-dirauth is used. Previously, these compilation settings would make the compiler look for functions that didn't exist. Fixes bug 31552; bugfix on 0.4.1.1-alpha. - Suppress spurious float-conversion warnings from GCC when calling floating-point classifier functions on FreeBSD. Fixes part of bug 31687; bugfix on 0.3.1.5-alpha. o Minor bugfixes (controller protocol): - Fix the MAPADDRESS controller command to accept one or more arguments. Previously, it required two or more arguments, and ignored the first. Fixes bug 31772; bugfix on 0.4.1.1-alpha. o Minor bugfixes (guards, backport from 0.4.2.1-alpha): - When tor is missing descriptors for some primary entry guards, make the log message less alarming. It's normal for descriptors to expire, as long as tor fetches new ones soon after. Fixes bug 31657; bugfix on 0.3.3.1-alpha. o Minor bugfixes (logging, backport from 0.4.2.1-alpha): - Change log level of message "Hash of session info was not as expected" to LOG_PROTOCOL_WARN. Fixes bug 12399; bugfix on 0.1.1.10-alpha. o Minor bugfixes (rust, backport from 0.4.2.1-alpha): - Correctly exclude a redundant rust build job in Travis. Fixes bug 31463; bugfix on 0.3.5.4-alpha. o Minor bugfixes (v2 single onion services, backport from 0.4.2.1-alpha): - Always retry v2 single onion service intro and rend circuits with a 3-hop path. Previously, v2 single onion services used a 3-hop path when rendezvous circuits were retried after a remote or delayed failure, but a 1-hop path for immediate retries. Fixes bug 23818; bugfix on 0.2.9.3-alpha. o Minor bugfixes (v3 single onion services, backport from 0.4.2.1-alpha): - Always retry v3 single onion service intro and rend circuits with a 3-hop path. Previously, v3 single onion services used a 3-hop path when rend circuits were retried after a remote or delayed failure, but a 1-hop path for immediate retries. Fixes bug 23818; bugfix on 0.3.2.1-alpha. - Make v3 single onion services fall back to a 3-hop intro, when all intro points are unreachable via a 1-hop path. Previously, v3 single onion services failed when all intro nodes were unreachable via a 1-hop path. Fixes bug 23507; bugfix on 0.3.2.1-alpha. o Documentation (backport from 0.4.2.1-alpha): - Use RFC 2397 data URL scheme to embed an image into tor-exit- notice.html so that operators no longer have to host it themselves. Closes ticket 31089.

1 0

Tor Browser 8.5.6 is released
by Nicolas Vigier 11 Sep '19

11 Sep '19

Tor Browser for Android 8.5.6 is now available from the Tor Browser Download page [1] and also from our distribution directory [2]. This version is for Android only, the latest version for Linux, macOS and Windows is still 8.5.5 [3]. 1: https://www.torproject.org/download/#android 2: https://www.torproject.org/dist/torbrowser/8.5.6/ 3: https://blog.torproject.org/new-release-tor-browser-855 This update is fixing an issue with the aarch64 version, mostly on Android 9 [4] which was causing a crash on every launch. 4: https://trac.torproject.org/projects/tor/ticket/31616 Note: Due to some issue with Google Play's new requirement for 64bit versions [5], we have not yet been able to publish the Android x86 and x86_64 versions on Google Play. We plan to fix this in the next release. In the meantime the x86 version can be downloaded from our website [6]. 5: https://developer.android.com/distribute/best-practices/develop/64-bit 6: https://www.torproject.org/download/#android The full changelog since Tor Browser 8.5.5 is: * Android * Update Torbutton to 2.1.14 * Bug 31616: Fix JIT related crashes on aarch64

1 0

Tor Browser 8.5.5 is released
by Nicolas Vigier 05 Sep '19

05 Sep '19

Tor Browser 8.5.5 is now available from the Tor Browser Download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/8.5.5/ This release features important security updates [3] to Firefox. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/ This release is updating Firefox to 60.9.0esr, Tor to 0.4.1.5 [4], and NoScript to 11.0.3. This release also includes various bug fixes. On the Windows side, we should now have support for accessibility tools [5]. On the Android side, we added support for arm64-v8a devices [6]. 4: https://blog.torproject.org/new-release-tor-0415 5: https://trac.torproject.org/projects/tor/ticket/27503 6: https://trac.torproject.org/projects/tor/ticket/28119 This is expected to be the last release in the 8.5 series: on October 22 we will switch to the 9.0 series, based on Firefox 68ESR. Note 1: Due to some issue with Google Play's new requirement for 64bit versions [7], we have not yet been able to publish the Android x86 and x86_64 versions on Google Play. We hope to be able to fix this in the next days. In the meantime the x86 version can be downloaded from our website [8]. 7: https://developer.android.com/distribute/best-practices/develop/64-bit 8: https://www.torproject.org/download/#android Note 2: There is an issue with the aarch64 version on Android 9 [9] causing a crash on every launch. We are working on a fix for this issue. 9: https://trac.torproject.org/projects/tor/ticket/31616 The full changelog since Tor Browser 8.5.4 is: * All platforms * Update Firefox to 60.9.0esr * Update Torbutton to 2.1.13 * Bug 31520: Remove monthly giving banner from Tor Browser * Bug 31140: Do not enable IonMonkey on AARCH64 * Translations update * Update NoScript to 11.0.3 * Bug 26847: NoScript pops up a full-site window for XSS warning * Bug 31287: NoScript leaks browser locale * Bug 31357: Retire Tom's default obfs4 bridge * Windows + OS X + Linux * Update Tor to 0.4.1.5 * Windows * Bug 31547: Back out patch for Mozilla's bug 1574980 * Bug 27503: Provide full support for accessibility tools * Bug 30575: Don't allow enterprise policies in Tor Browser * Bug 31141: Fix typo in font.system.whitelist * Android * Bug 28119: Tor Browser for aarch64 * Build System * All platforms * Bug 31465: Bump Go to 1.12.9

1 0

Tor 0.4.1.5 is released
by Nick Mathewson 20 Aug '19

20 Aug '19

Hello, everyone! (If you are about to reply saying "please take me off this list", instead please follow these instructions: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/ . If you have trouble, it is probably because you subscribed using a different address than the one you are trying to unsubscribe with. You will have to enter the actual email address you used when you subscribed.) After months of work, Tor 0.4.1.5 is now available! This is the first stable release in the 0.4.1 series, and we hope you find it useful. You can download the source code from the usual place on the website (https://www.torproject.org/download/tor/ ). Packages should be available within the next several weeks, with a new Tor Browser in early September. Here are all the changes since 0.4.0.5: Changes in version 0.4.1.5 - 2019-08-20 This is the first stable release in the 0.4.1.x series. This series adds experimental circuit-level padding, authenticated SENDME cells to defend against certain attacks, and several performance improvements to save on CPU consumption. It fixes bugs in bootstrapping and v3 onion services. It also includes numerous smaller features and bugfixes on earlier versions. Per our support policy, we will support the 0.4.1.x series for nine months, or until three months after the release of a stable 0.4.2.x: whichever is longer. If you need longer-term support, please stick with 0.3.5.x, which will we plan to support until Feb 2022. Below are the changes since 0.4.0.5. For a list of only the changes since 0.4.1.4-rc, see the ChangeLog file. o Directory authority changes: - The directory authority "dizum" has a new IP address. Closes ticket 31406. o Major features (circuit padding): - Onion service clients now add padding cells at the start of their INTRODUCE and RENDEZVOUS circuits, to make those circuits' traffic look more like general purpose Exit traffic. The overhead for this is 2 extra cells in each direction for RENDEZVOUS circuits, and 1 extra upstream cell and 10 downstream cells for INTRODUCE circuits. This feature is only enabled when also supported by the circuit's middle node. (Clients may specify fixed middle nodes with the MiddleNodes option, and may force-disable this feature with the CircuitPadding option.) Closes ticket 28634. o Major features (code organization): - Tor now includes a generic publish-subscribe message-passing subsystem that we can use to organize intermodule dependencies. We hope to use this to reduce dependencies between modules that don't need to be related, and to generally simplify our codebase. Closes ticket 28226. o Major features (controller protocol): - Controller commands are now parsed using a generalized parsing subsystem. Previously, each controller command was responsible for parsing its own input, which led to strange inconsistencies. Closes ticket 30091. o Major features (flow control): - Implement authenticated SENDMEs as detailed in proposal 289. A SENDME cell now includes the digest of the traffic that it acknowledges, so that once an end point receives the SENDME, it can confirm the other side's knowledge of the previous cells that were sent, and prevent certain types of denial-of-service attacks. This behavior is controlled by two new consensus parameters: see the proposal for more details. Fixes ticket 26288. o Major features (performance): - Our node selection algorithm now excludes nodes in linear time. Previously, the algorithm was quadratic, which could slow down heavily used onion services. Closes ticket 30307. o Major features (performance, RNG): - Tor now constructs a fast secure pseudorandom number generator for each thread, to use when performance is critical. This PRNG is based on AES-CTR, using a buffering construction similar to libottery and the (newer) OpenBSD arc4random() code. It outperforms OpenSSL 1.1.1a's CSPRNG by roughly a factor of 100 for small outputs. Although we believe it to be cryptographically strong, we are only using it when necessary for performance. Implements tickets 29023 and 29536. o Major bugfixes (bridges): - Consider our directory information to have changed when our list of bridges changes. Previously, Tor would not re-compute the status of its directory information when bridges changed, and therefore would not realize that it was no longer able to build circuits. Fixes part of bug 29875. - Do not count previously configured working bridges towards our total of working bridges. Previously, when Tor's list of bridges changed, it would think that the old bridges were still usable, and delay fetching router descriptors for the new ones. Fixes part of bug 29875; bugfix on 0.3.0.1-alpha. o Major bugfixes (circuit build, guard): - When considering upgrading circuits from "waiting for guard" to "open", always ignore circuits that are marked for close. Otherwise, we can end up in the situation where a subsystem is notified that a closing circuit has just opened, leading to undesirable behavior. Fixes bug 30871; bugfix on 0.3.0.1-alpha. o Major bugfixes (onion service reachability): - Properly clean up the introduction point map when circuits change purpose from onion service circuits to pathbias, measurement, or other circuit types. This should fix some service-side instances of introduction point failure. Fixes bug 29034; bugfix on 0.3.2.1-alpha. o Major bugfixes (onion service v3): - Fix an unreachable bug in which an introduction point could try to send an INTRODUCE_ACK with a status code that Trunnel would refuse to encode, leading the relay to assert(). We've consolidated the ABI values into Trunnel now. Fixes bug 30454; bugfix on 0.3.0.1-alpha. - Clients can now handle unknown status codes from INTRODUCE_ACK cells. (The NACK behavior will stay the same.) This will allow us to extend status codes in the future without breaking the normal client behavior. Fixes another part of bug 30454; bugfix on 0.3.0.1-alpha. o Minor features (authenticated SENDME): - Ensure that there is enough randomness on every circuit to prevent an attacker from successfully predicting the hashes they will need to include in authenticated SENDME cells. At a random interval, if we have not sent randomness already, we now leave some extra space at the end of a cell that we can fill with random bytes. Closes ticket 26846. o Minor features (circuit padding logging): - Demote noisy client-side warn logs about circuit padding to protocol warnings. Add additional log messages and circuit ID fields to help with bug 30992 and any other future issues. o Minor features (circuit padding): - We now use a fast PRNG when scheduling circuit padding. Part of ticket 28636. - Allow the padding machine designer to pick the edges of their histogram instead of trying to compute them automatically using an exponential formula. Resolves some undefined behavior in the case of small histograms and allows greater flexibility on machine design. Closes ticket 29298; bugfix on 0.4.0.1-alpha. - Allow circuit padding machines to hold a circuit open until they are done padding it. Closes ticket 28780. o Minor features (compile-time modules): - Add a "--list-modules" command to print a list of which compile- time modules are enabled. Closes ticket 30452. o Minor features (continuous integration): - Our Travis configuration now uses Chutney to run some network integration tests automatically. Closes ticket 29280. - When running coverage builds on Travis, we now set TOR_TEST_RNG_SEED, to avoid RNG-based coverage differences. Part of ticket 28878. - Remove sudo configuration lines from .travis.yml as they are no longer needed with current Travis build environment. Resolves issue 30213. - In Travis, show stem's tor log after failure. Closes ticket 30234. o Minor features (controller): - Add onion service version 3 support to the HSFETCH command. Previously, only version 2 onion services were supported. Closes ticket 25417. Patch by Neel Chauhan. o Minor features (debugging): - Introduce tor_assertf() and tor_assertf_nonfatal() to enable logging of additional information during assert failure. Now we can use format strings to include information for trouble shooting. Resolves ticket 29662. o Minor features (defense in depth): - In smartlist_remove_keeporder(), set unused pointers to NULL, in case a bug causes them to be used later. Closes ticket 30176. Patch from Tobias Stoeckmann. - Tor now uses a cryptographically strong PRNG even for decisions that we do not believe are security-sensitive. Previously, for performance reasons, we had used a trivially predictable linear congruential generator algorithm for certain load-balancing and statistical sampling decisions. Now we use our fast RNG in those cases. Closes ticket 29542. o Minor features (developer tools): - Tor's "practracker" test script now checks for files and functions that seem too long and complicated. Existing overlong functions and files are accepted for now, but should eventually be refactored. Closes ticket 29221. - Add some scripts used for git maintenance to scripts/git. Closes ticket 29391. - Call practracker from pre-push and pre-commit git hooks to let developers know if they made any code style violations. Closes ticket 30051. - Add a script to check that each header has a well-formed and unique guard macro. Closes ticket 29756. o Minor features (fallback directory list): - Replace the 157 fallbacks originally introduced in Tor 0.3.5.6-rc in December 2018 (of which ~122 were still functional), with a list of 148 fallbacks (70 new, 78 existing, 79 removed) generated in June 2019. Closes ticket 28795. o Minor features (geoip): - Update geoip and geoip6 to the June 10 2019 Maxmind GeoLite2 Country database. Closes ticket 30852. - Update geoip and geoip6 to the May 13 2019 Maxmind GeoLite2 Country database. Closes ticket 30522. o Minor features (HTTP tunnel): - Return an informative web page when the HTTPTunnelPort is used as an HTTP proxy. Closes ticket 27821, patch by "eighthave". o Minor features (IPv6, v3 onion services): - Make v3 onion services put IPv6 addresses in service descriptors. Before this change, service descriptors only contained IPv4 addresses. Implements 26992. o Minor features (logging): - Give a more useful assertion failure message if we think we have minherit() but we fail to make a region non-inheritable. Give a compile-time warning if our support for minherit() is incomplete. Closes ticket 30686. o Minor features (maintenance): - Add a new "make autostyle" target that developers can use to apply all automatic Tor style and consistency conversions to the codebase. Closes ticket 30539. o Minor features (modularity): - The "--disable-module-dirauth" compile-time option now disables even more dirauth-only code. Closes ticket 30345. o Minor features (performance): - Use OpenSSL's implementations of SHA3 when available (in OpenSSL 1.1.1 and later), since they tend to be faster than tiny-keccak. Closes ticket 28837. o Minor features (testing): - The circuitpadding tests now use a reproducible RNG implementation, so that if a test fails, we can learn why. Part of ticket 28878. - Tor's tests now support an environment variable, TOR_TEST_RNG_SEED, to set the RNG seed for tests that use a reproducible RNG. Part of ticket 28878. - When running tests in coverage mode, take additional care to make our coverage deterministic, so that we can accurately track changes in code coverage. Closes ticket 30519. - Tor's unit test code now contains helper functions to replace the PRNG with a deterministic or reproducible version for testing. Previously, various tests implemented this in various ways. Implements ticket 29732. - We now have a script, cov-test-determinism.sh, to identify places where our unit test coverage has become nondeterministic. Closes ticket 29436. - Check that representative subsets of values of `int` and `unsigned int` can be represented by `void *`. Resolves issue 29537. o Minor bugfixes (bridge authority): - Bridge authorities now set bridges as running or non-running when about to dump their status to a file. Previously, they set bridges as running in response to a GETINFO command, but those shouldn't modify data structures. Fixes bug 24490; bugfix on 0.2.0.13-alpha. Patch by Neel Chauhan. o Minor bugfixes (channel padding statistics): - Channel padding write totals and padding-enabled totals are now counted properly in relay extrainfo descriptors. Fixes bug 29231; bugfix on 0.3.1.1-alpha. o Minor bugfixes (circuit isolation): - Fix a logic error that prevented the SessionGroup sub-option from being accepted. Fixes bug 22619; bugfix on 0.2.7.2-alpha. o Minor bugfixes (circuit padding): - Add a "CircuitPadding" torrc option to disable circuit padding. Fixes bug 28693; bugfix on 0.4.0.1-alpha. - Allow circuit padding machines to specify that they do not contribute much overhead, and provide consensus flags and torrc options to force clients to only use these low overhead machines. Fixes bug 29203; bugfix on 0.4.0.1-alpha. - Provide a consensus parameter to fully disable circuit padding, to be used in emergency network overload situations. Fixes bug 30173; bugfix on 0.4.0.1-alpha. - The circuit padding subsystem will no longer schedule padding if dormant mode is enabled. Fixes bug 28636; bugfix on 0.4.0.1-alpha. - Inspect a circuit-level cell queue before sending padding, to avoid sending padding while too much data is already queued. Fixes bug 29204; bugfix on 0.4.0.1-alpha. - Avoid calling monotime_absolute_usec() in circuit padding machines that do not use token removal or circuit RTT estimation. Fixes bug 29085; bugfix on 0.4.0.1-alpha. o Minor bugfixes (clock skew detection): - Don't believe clock skew results from NETINFO cells that appear to arrive before we sent the VERSIONS cells they are responding to. Previously, we would accept them up to 3 minutes "in the past". Fixes bug 31343; bugfix on 0.2.4.4-alpha. o Minor bugfixes (compatibility, standards compliance): - Fix a bug that would invoke undefined behavior on certain operating systems when trying to asprintf() a string exactly INT_MAX bytes long. We don't believe this is exploitable, but it's better to fix it anyway. Fixes bug 31001; bugfix on 0.2.2.11-alpha. Found and fixed by Tobias Stoeckmann. o Minor bugfixes (compilation warning): - Fix a compilation warning on Windows about casting a function pointer for GetTickCount64(). Fixes bug 31374; bugfix on 0.2.9.1-alpha. o Minor bugfixes (compilation): - Avoid using labs() on time_t, which can cause compilation warnings on 64-bit Windows builds. Fixes bug 31343; bugfix on 0.2.4.4-alpha. o Minor bugfixes (compilation, unusual configurations): - Avoid failures when building with the ALL_BUGS_ARE_FATAL option due to missing declarations of abort(), and prevent other such failures in the future. Fixes bug 30189; bugfix on 0.3.4.1-alpha. o Minor bugfixes (configuration, proxies): - Fix a bug that prevented us from supporting SOCKS5 proxies that want authentication along with configured (but unused!) ClientTransportPlugins. Fixes bug 29670; bugfix on 0.2.6.1-alpha. o Minor bugfixes (continuous integration): - Allow the test-stem job to fail in Travis, because it sometimes hangs. Fixes bug 30744; bugfix on 0.3.5.4-alpha. - Skip test_rebind on macOS in Travis, because it is unreliable on macOS on Travis. Fixes bug 30713; bugfix on 0.3.5.1-alpha. - Skip test_rebind when the TOR_SKIP_TEST_REBIND environment variable is set. Fixes bug 30713; bugfix on 0.3.5.1-alpha. o Minor bugfixes (controller protocol): - Teach the controller parser to distinguish an object preceded by an argument list from one without. Previously, it couldn't distinguish an argument list from the first line of a multiline object. Fixes bug 29984; bugfix on 0.2.3.8-alpha. o Minor bugfixes (crash on exit): - Avoid a set of possible code paths that could try to use freed memory in routerlist_free() while Tor was exiting. Fixes bug 31003; bugfix on 0.1.2.2-alpha. o Minor bugfixes (developer tooling): - Fix pre-push hook to allow fixup and squash commits when pushing to non-upstream git remote. Fixes bug 30286; bugfix on 0.4.0.1-alpha. o Minor bugfixes (directory authorities): - Stop crashing after parsing an unknown descriptor purpose annotation. We think this bug can only be triggered by modifying a local file. Fixes bug 30781; bugfix on 0.2.0.8-alpha. - Move the "bandwidth-file-headers" line in directory authority votes so that it conforms to dir-spec.txt. Fixes bug 30316; bugfix on 0.3.5.1-alpha. - Directory authorities with IPv6 support now always mark themselves as reachable via IPv6. Fixes bug 24338; bugfix on 0.2.4.1-alpha. Patch by Neel Chauhan. o Minor bugfixes (documentation): - Improve the documentation for using MapAddress with ".exit". Fixes bug 30109; bugfix on 0.1.0.1-rc. - Improve the monotonic time module and function documentation to explain what "monotonic" actually means, and document some results that have surprised people. Fixes bug 29640; bugfix on 0.2.9.1-alpha. - Use proper formatting when providing an example on quoting options that contain whitespace. Fixes bug 29635; bugfix on 0.2.3.18-rc. o Minor bugfixes (logging): - Do not log a warning when running with an OpenSSL version other than the one Tor was compiled with, if the two versions should be compatible. Previously, we would warn whenever the version was different. Fixes bug 30190; bugfix on 0.2.4.2-alpha. - Warn operators when the MyFamily option is set but ContactInfo is missing, as the latter should be set too. Fixes bug 25110; bugfix on 0.3.3.1-alpha. o Minor bugfixes (memory leaks): - Avoid a minor memory leak that could occur on relays when failing to create a "keys" directory. Fixes bug 30148; bugfix on 0.3.3.1-alpha. - Fix a trivial memory leak when parsing an invalid value from a download schedule in the configuration. Fixes bug 30894; bugfix on 0.3.4.1-alpha. o Minor bugfixes (NetBSD): - Fix usage of minherit() on NetBSD and other platforms that define MAP_INHERIT_{ZERO,NONE} instead of INHERIT_{ZERO,NONE}. Fixes bug 30614; bugfix on 0.4.0.2-alpha. Patch from Taylor Campbell. o Minor bugfixes (onion services): - Avoid a GCC 9.1.1 warning (and possible crash depending on libc implemenation) when failing to load an onion service client authorization file. Fixes bug 30475; bugfix on 0.3.5.1-alpha. - When refusing to launch a controller's HSFETCH request because of rate-limiting, respond to the controller with a new response, "QUERY_RATE_LIMITED". Previously, we would log QUERY_NO_HSDIR for this case. Fixes bug 28269; bugfix on 0.3.1.1-alpha. Patch by Neel Chauhan. - When relaunching a circuit to a rendezvous service, mark the circuit as needing high-uptime routers as appropriate. Fixes bug 17357; bugfix on 0.1.0.1-rc. Patch by Neel Chauhan. - Stop ignoring IPv6 link specifiers sent to v3 onion services. (IPv6 support for v3 onion services is still incomplete: see ticket 23493 for details.) Fixes bug 23588; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan. o Minor bugfixes (onion services, performance): - When building circuits to onion services, call tor_addr_parse() less often. Previously, we called tor_addr_parse() in circuit_is_acceptable() even if its output wasn't used. This change should improve performance when building circuits. Fixes bug 22210; bugfix on 0.2.8.12. Patch by Neel Chauhan. o Minor bugfixes (out-of-memory handler): - When purging the DNS cache because of an out-of-memory condition, try purging just the older entries at first. Previously, we would always purge the whole thing. Fixes bug 29617; bugfix on 0.3.5.1-alpha. o Minor bugfixes (performance): - When checking whether a node is a bridge, use a fast check to make sure that its identity is set. Previously, we used a constant-time check, which is not necessary in this case. Fixes bug 30308; bugfix on 0.3.5.1-alpha. o Minor bugfixes (pluggable transports): - Tor now sets TOR_PT_EXIT_ON_STDIN_CLOSE=1 for client transports as well as servers. Fixes bug 25614; bugfix on 0.2.7.1-alpha. o Minor bugfixes (portability): - Avoid crashing in our tor_vasprintf() implementation on systems that define neither vasprintf() nor _vscprintf(). (This bug has been here long enough that we question whether people are running Tor on such systems, but we're applying the fix out of caution.) Fixes bug 30561; bugfix on 0.2.8.2-alpha. Found and fixed by Tobias Stoeckmann. o Minor bugfixes (probability distributions): - Refactor and improve parts of the probability distribution code that made Coverity complain. Fixes bug 29805; bugfix on 0.4.0.1-alpha. o Minor bugfixes (python): - Stop assuming that /usr/bin/python3 exists. For scripts that work with python2, use /usr/bin/python. Otherwise, use /usr/bin/env python3. Fixes bug 29913; bugfix on 0.2.5.3-alpha. o Minor bugfixes (relay): - When running as a relay, if IPv6Exit is set to 1 while ExitRelay is auto, act as if ExitRelay is 1. Previously, we would ignore IPv6Exit if ExitRelay was 0 or auto. Fixes bug 29613; bugfix on 0.3.5.1-alpha. Patch by Neel Chauhan. o Minor bugfixes (static analysis): - Fix several spurious Coverity warnings about the unit tests, to lower our chances of missing real warnings in the future. Fixes bug 30150; bugfix on 0.3.5.1-alpha and various other Tor versions. o Minor bugfixes (stats): - When ExtraInfoStatistics is 0, stop including bandwidth usage statistics, GeoIPFile hashes, ServerTransportPlugin lines, and bridge statistics by country in extra-info documents. Fixes bug 29018; bugfix on 0.2.4.1-alpha. o Minor bugfixes (testing): - Call setrlimit() to disable core dumps in test_bt_cl.c. Previously we used `ulimit -c` in test_bt.sh, which violates POSIX shell compatibility. Fixes bug 29061; bugfix on 0.3.5.1-alpha. - Fix some incorrect code in the v3 onion service unit tests. Fixes bug 29243; bugfix on 0.3.2.1-alpha. - In the "routerkeys/*" tests, check the return values of mkdir() for possible failures. Fixes bug 29939; bugfix on 0.2.7.2-alpha. Found by Coverity as CID 1444254. - Split test_utils_general() into several smaller test functions. This makes it easier to perform resource deallocation on assert failure, and fixes Coverity warnings CID 1444117 and CID 1444118. Fixes bug 29823; bugfix on 0.2.9.1-alpha. o Minor bugfixes (tor-resolve): - Fix a memory leak in tor-resolve that could happen if Tor gave it a malformed SOCKS response. (Memory leaks in tor-resolve don't actually matter, but it's good to fix them anyway.) Fixes bug 30151; bugfix on 0.4.0.1-alpha. o Code simplification and refactoring: - Abstract out the low-level formatting of replies on the control port. Implements ticket 30007. - Add several assertions in an attempt to fix some Coverity warnings. Closes ticket 30149. - Introduce a connection_dir_buf_add() helper function that checks for compress_state of dir_connection_t and automatically writes a string to directory connection with or without compression. Resolves issue 28816. - Make the base32_decode() API return the number of bytes written, for consistency with base64_decode(). Closes ticket 28913. - Move most relay-only periodic events out of mainloop.c into the relay subsystem. Closes ticket 30414. - Refactor and encapsulate parts of the codebase that manipulate crypt_path_t objects. Resolves issue 30236. - Refactor several places in our code that Coverity incorrectly believed might have memory leaks. Closes ticket 30147. - Remove redundant return values in crypto_format, and the associated return value checks elsewhere in the code. Make the implementations in crypto_format consistent, and remove redundant code. Resolves ticket 29660. - Rename tor_mem_is_zero() to fast_mem_is_zero(), to emphasize that it is not a constant-time function. Closes ticket 30309. - Replace hs_desc_link_specifier_t with link_specifier_t, and remove all hs_desc_link_specifier_t-specific code. Fixes bug 22781; bugfix on 0.3.2.1-alpha. - Simplify v3 onion service link specifier handling code. Fixes bug 23576; bugfix on 0.3.2.1-alpha. - Split crypto_digest.c into NSS code, OpenSSL code, and shared code. Resolves ticket 29108. - Split control.c into several submodules, in preparation for distributing its current responsibilities throughout the codebase. Closes ticket 29894. - Start to move responsibility for knowing about periodic events to the appropriate subsystems, so that the mainloop doesn't need to know all the periodic events in the rest of the codebase. Implements tickets 30293 and 30294. o Documentation: - Mention URLs for Travis/Appveyor/Jenkins in ReleasingTor.md. Closes ticket 30630. - Document how to find git commits and tags for bug fixes in CodingStandards.md. Update some file documentation. Closes ticket 30261. o Removed features: - Remove the linux-tor-prio.sh script from contrib/operator-tools directory. Resolves issue 29434. - Remove the obsolete OpenSUSE initscript. Resolves issue 30076. - Remove the obsolete script at contrib/dist/tor.sh.in. Resolves issue 30075. o Testing: - Specify torrc paths (with empty files) when launching tor in integration tests; refrain from reading user and system torrcs. Resolves issue 29702. o Code simplification and refactoring (shell scripts): - Clean up many of our shell scripts to fix shellcheck warnings. These include autogen.sh (ticket 26069), test_keygen.sh (ticket 29062), test_switch_id.sh (ticket 29065), test_rebind.sh (ticket 29063), src/test/fuzz/minimize.sh (ticket 30079), test_rust.sh (ticket 29064), torify (ticket 29070), asciidoc-helper.sh (29926), fuzz_multi.sh (30077), fuzz_static_testcases.sh (ticket 29059), nagios-check-tor-authority-cert (ticket 29071), src/test/fuzz/fixup_filenames.sh (ticket 30078), test-network.sh (ticket 29060), test_key_expiration.sh (ticket 30002), zero_length_keys.sh (ticket 29068), and test_workqueue_*.sh (ticket 29067). o Testing (chutney): - In "make test-network-all", test IPv6-only v3 single onion services, using the chutney network single-onion-v23-ipv6-md. Closes ticket 27251. o Testing (continuous integration): - In Travis, make stem log a controller trace to the console, and tail stem's tor log after failure. Closes ticket 30591. - In Travis, only run the stem tests that use a tor binary. Closes ticket 30694.

1 0

Tor Browser 8.5.4 is released
by Nicolas Vigier 10 Jul '19

10 Jul '19

Tor Browser 8.5.4 is now available from the Tor Browser Download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/8.5.4/ Tor Browser 8.5.4 contains updates to a number of its components. Above all, we include Firefox 60.8.0esr which contains important security fixes [3]. Moreover, after some testing in the alpha series, we start shipping Tor 0.4.0.5 [4] and update OpenSSL to 1.0.2s for the desktop platforms. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/ 4: https://blog.torproject.org/new-release-tor-0405 Finally, we add a fundraising banner to help us getting more donations. Please donate [5] if you can! 5: https://donate.torproject.org/ The full changelog since Tor Browser 8.5.3 is: * All platforms * Update Firefox to 60.8.0esr * Update Torbutton to 2.1.12 * Bug 30577: Add Fundraising Banner * Bug 31041: Stop syncing network.cookie.lifetimePolicy * Translations update * Update HTTPS Everywhere to 2019.6.27 * Bug 31055+31058: Remove four default bridges * Bug 30712: Backport fix for Mozilla's bug 1552993 * Bug 30849: Backport fixes for Mozilla's bug 1552627 and 1549833 * Windows + OS X + Linux * Update Tor to 0.4.0.5 * Update OpenSSL to 1.0.2s * Bug 29045: Ensure that tor does not start up in dormant mode * OS X * Bug 30631: Blurry Tor Browser icon on macOS app switcher

1 0

Tor Browser 8.5.3 is released
by Nicolas Vigier 21 Jun '19

21 Jun '19

Tor Browser 8.5.3 is now available from the Tor Browser Download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/8.5.3/ This release includes an important security update [3] in Firefox, a sandbox escape bug, which combined with additional vulnerabilities could result in executing arbitrary code on the user's computer. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/ Note: As part of our team is currently traveling to an event, we are unable to access our Android signing token, therefore the Android release is not yet available. We expect to be able to publish the Android release this weekend. In the meantime, Android users should use the safer or safest security levels. The security level on Android can be changed by going in the menu on the right of the URL bar and selecting Security Settings. The full changelog since Tor Browser 8.5.2 is: * All platforms * Pick up fix for Mozilla's bug 1560192

1 0

Tor Browser 8.5.2 is released
by Nicolas Vigier 19 Jun '19

19 Jun '19

Tor Browser 8.5.2 is now available from the Tor Browser Download page [1] and also from our distribution directory [2]. 1: https://www.torproject.org/download/ 2: https://www.torproject.org/dist/torbrowser/8.5.2/ This release is fixing a critical security update [3] in Firefox. In addition we update NoScript to 10.6.3, fixing a few issues. 3: https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/ Users of the safer and safest security levels were not affected by this security issue. Note: As part of our team is currently traveling to an event, we are unable to access our Android signing token, therefore the Android release is not yet available. We expect to be able to publish the Android release this weekend. In the meantime, Android users should use the safer or safest security levels. The security level on Android can be changed by going in the menu on the right of the URL bar and selecting Security Settings. The full changelog since Tor Browser 8.5.1 is: * All platforms * Pick up fix for Mozilla's bug 1544386 * Update NoScript to 10.6.3 * Bug 29904: NoScript blocks MP4 on higher security levels * Bug 30624+29043+29647: Prevent XSS protection from freezing the browser

1 0