commit b100beafb50cf4ae85b67250699ac6d0c83a0bba
Author: David Fifield <david(a)bamsoftware.com>
Date: Sat Dec 14 12:17:25 2013 -0800
fmt.
---
websocket/websocket.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/websocket/websocket.go b/websocket/websocket.go
index dc228d1..5786fdf 100644
--- a/websocket/websocket.go
+++ b/websocket/websocket.go
@@ -313,7 +313,7 @@ func httpError(w http.ResponseWriter, bufrw *bufio.ReadWriter, code int) {
// An implementation of http.Handler with a Config. The ServeHTTP function calls
// Callback assuming WebSocket HTTP negotiation is successful.
type HTTPHandler struct {
- Config *Config
+ Config *Config
Callback func(*WebSocket)
}
1
0
[torbrowser/maint-2.4] fix changelog and README versions in build scripts
by erinn@torproject.org 14 Dec '13
by erinn@torproject.org 14 Dec '13
14 Dec '13
commit 92c2a816caa72ae4e3cdc09abcef43f3fc085e84
Author: Erinn Clark <erinn(a)torproject.org>
Date: Sat Dec 14 17:46:26 2013 -0200
fix changelog and README versions in build scripts
---
build-scripts/linux-alpha.mk | 4 ++--
build-scripts/linux.mk | 4 ++--
build-scripts/osx-alpha.mk | 4 ++--
build-scripts/osx.mk | 4 ++--
build-scripts/windows-alpha.mk | 4 ++--
build-scripts/windows.mk | 4 ++--
6 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/build-scripts/linux-alpha.mk b/build-scripts/linux-alpha.mk
index 3f831dd..72d4b0a 100644
--- a/build-scripts/linux-alpha.mk
+++ b/build-scripts/linux-alpha.mk
@@ -289,9 +289,9 @@ install-docs:
cp $(VIDALIA_DIR)/LICENSE* $(VIDALIA_DIR)/CREDITS $(DOCSDIR)/Vidalia
cp $(TOR_DIR)/LICENSE $(TOR_DIR)/README $(DOCSDIR)/Tor
cp $(QT_DIR)/LICENSE.GPL* $(QT_DIR)/LICENSE.LGPL $(DOCSDIR)/Qt
- cp ../changelog.linux-2.4 $(DOCSDIR)/changelog
+ cp ../changelog.linux-2.5 $(DOCSDIR)/changelog
# This should be updated to be more generic (version-wise) and more Linux specific
- cp ../README.LINUX-2.4 $(DOCSDIR)/README-TorBrowserBundle
+ cp ../README.LINUX-2.5 $(DOCSDIR)/README-TorBrowserBundle
ifeq ($(USE_OBFSPROXY),1)
mkdir -p $(DOCSDIR)/Obfsproxy
cp $(OBFSPROXY_DIR)/LICENSE $(DOCSDIR)/Obfsproxy
diff --git a/build-scripts/linux.mk b/build-scripts/linux.mk
index 300357f..d5e82b0 100644
--- a/build-scripts/linux.mk
+++ b/build-scripts/linux.mk
@@ -268,9 +268,9 @@ install-docs:
cp $(VIDALIA_DIR)/LICENSE* $(VIDALIA_DIR)/CREDITS $(DOCSDIR)/Vidalia
cp $(TOR_DIR)/LICENSE $(TOR_DIR)/README $(DOCSDIR)/Tor
cp $(QT_DIR)/LICENSE.GPL* $(QT_DIR)/LICENSE.LGPL $(DOCSDIR)/Qt
- cp ../changelog.linux-2.3 $(DOCSDIR)/changelog
+ cp ../changelog.linux-2.4 $(DOCSDIR)/changelog
# This should be updated to be more generic (version-wise) and more Linux specific
- cp ../README.LINUX-2.3 $(DOCSDIR)/README-TorBrowserBundle
+ cp ../README.LINUX-2.4 $(DOCSDIR)/README-TorBrowserBundle
## Copy over Firefox
install-firefox:
diff --git a/build-scripts/osx-alpha.mk b/build-scripts/osx-alpha.mk
index 00bc7aa..b9d2cce 100644
--- a/build-scripts/osx-alpha.mk
+++ b/build-scripts/osx-alpha.mk
@@ -310,9 +310,9 @@ install-docs:
cp $(VIDALIA_DIR)/LICENSE* $(VIDALIA_DIR)/CREDITS $(DOCSDIR)/Vidalia
cp $(TOR_DIR)/LICENSE $(TOR_DIR)/README $(DOCSDIR)/Tor
cp $(QT_DIR)/LICENSE.GPL* $(QT_DIR)/LICENSE.LGPL $(DOCSDIR)/Qt
- cp ../changelog.osx-2.4 $(DOCSDIR)/changelog
+ cp ../changelog.osx-2.5 $(DOCSDIR)/changelog
cp ../LICENSE $(DEST)
- cp ../README.OSX-2.4 $(DEST)/README-TorBrowserBundle
+ cp ../README.OSX-2.5 $(DEST)/README-TorBrowserBundle
## Copy over Firefox
install-firefox:
diff --git a/build-scripts/osx.mk b/build-scripts/osx.mk
index 4246dc3..36120ae 100644
--- a/build-scripts/osx.mk
+++ b/build-scripts/osx.mk
@@ -264,9 +264,9 @@ install-docs:
cp $(VIDALIA_DIR)/LICENSE* $(VIDALIA_DIR)/CREDITS $(DOCSDIR)/Vidalia
cp $(TOR_DIR)/LICENSE $(TOR_DIR)/README $(DOCSDIR)/Tor
cp $(QT_DIR)/LICENSE.GPL* $(QT_DIR)/LICENSE.LGPL $(DOCSDIR)/Qt
- cp ../changelog.osx-2.3 $(DOCSDIR)/changelog
+ cp ../changelog.osx-2.4 $(DOCSDIR)/changelog
cp ../LICENSE $(DEST)
- cp ../README.OSX-2.3 $(DEST)/README-TorBrowserBundle
+ cp ../README.OSX-2.4 $(DEST)/README-TorBrowserBundle
## Copy over Firefox
install-firefox:
diff --git a/build-scripts/windows-alpha.mk b/build-scripts/windows-alpha.mk
index da4af92..d087ac2 100644
--- a/build-scripts/windows-alpha.mk
+++ b/build-scripts/windows-alpha.mk
@@ -294,8 +294,8 @@ install-docs:
cp $(TOR)/LICENSE $(TOR)/README $(DOCSDIR)/Tor
cp $(QT_LIB)/../LICENSE.GPL* $(QT_LIB)/../LICENSE.LGPL $(DOCSDIR)/Qt
cp $(MING)/../msys/1.0/share/doc/MSYS/COPYING $(DOCSDIR)/MinGW
- cp ../changelog.windows-2.4 $(DOCSDIR)/changelog
- cp ../README.WIN-2.4 $(DOCSDIR)/README-TorBrowserBundle
+ cp ../changelog.windows-2.5 $(DOCSDIR)/changelog
+ cp ../README.WIN-2.5 $(DOCSDIR)/README-TorBrowserBundle
ifeq ($(USE_OBFSPROXY),1)
mkdir -p $(DOCSDIR)/Obfsproxy
cp $(OBFSPROXY_DIR)/LICENSE $(DOCSDIR)/Obfsproxy
diff --git a/build-scripts/windows.mk b/build-scripts/windows.mk
index 9b4a557..d7ff4d3 100644
--- a/build-scripts/windows.mk
+++ b/build-scripts/windows.mk
@@ -265,8 +265,8 @@ install-docs:
cp $(TOR)/LICENSE $(TOR)/README $(DOCSDIR)/Tor
cp $(QT_LIB)/../LICENSE.GPL* $(QT_LIB)/../LICENSE.LGPL $(DOCSDIR)/Qt
cp $(MING)/../msys/1.0/share/doc/MSYS/COPYING $(DOCSDIR)/MinGW
- cp ../changelog.windows-2.3 $(DOCSDIR)/changelog
- cp ../README.WIN-2.3 $(DOCSDIR)/README-TorBrowserBundle
+ cp ../changelog.windows-2.4 $(DOCSDIR)/changelog
+ cp ../README.WIN-2.4 $(DOCSDIR)/README-TorBrowserBundle
## Copy over FirefoxPortable
install-firefoxportable:
1
0
14 Dec '13
commit fe590cd926e2aee77b31c1084b63cb1fd99f67dc
Author: Karsten Loesing <karsten.loesing(a)gmx.net>
Date: Sat Dec 14 17:25:21 2013 +0100
Update tools diagram and page once more.
---
web/WEB-INF/tools.jsp | 40 ++++++++++++++++++++---------------
web/images/tor-metrics-overview.png | Bin 252686 -> 309306 bytes
2 files changed, 23 insertions(+), 17 deletions(-)
diff --git a/web/WEB-INF/tools.jsp b/web/WEB-INF/tools.jsp
index dc56751..8929d74 100644
--- a/web/WEB-INF/tools.jsp
+++ b/web/WEB-INF/tools.jsp
@@ -24,13 +24,13 @@
<br>
<p>Tor network data is measured at various places:
<ul>
+ <li><a href="https://gitweb.torproject.org/torperf.git">Torperf</a>
+ is a set of utilities for testing Tor performance from a client
+ perspective.</li>
<li><a href="https://gitweb.torproject.org/tor.git">tor</a>
relays and bridges gather aggregate usage statistics and publish
descriptors containing data about Tor network structure and
usage.</li>
- <li><a href="https://gitweb.torproject.org/torperf.git">Torperf</a>
- is a set of utilities for testing Tor performance from a client
- perspective.</li>
<li><a href="https://gitweb.torproject.org/tordnsel.git">TorDNSEL</a>
is a Tor DNS-based exit list that runs periodic checks whether
relays use different IP addresses for exiting to the Internet
@@ -59,9 +59,20 @@
<br>
<p>In some cases, processing and presenting Tor network data is
separated for maximum flexibility.
- In particular, there is currently one tool that processes but does
- not present Tor network data:</p>
+ In particular, there are currently two main tools that process Tor
+ network data and write an intermediate data format, but don't
+ directly present results:</p>
<ul>
+ <li><a href="https://gitweb.torproject.org/metrics-web.git">metrics-web</a>
+ is the software behind this website, including aggregation code
+ that produces statistics files.</li>
+ <li><a href="https://gitweb.torproject.org/metrics-tasks.git/tree/HEAD:/task-6498">task-6498</a>
+ is a submodule of metric-web that
+ aggregates data to visualize fast exits in the Tor network.</li>
+ <li><a href="https://gitweb.torproject.org/metrics-tasks.git/tree/HEAD:/task-8462">task-8462</a>
+ is another submodule of metric-web that
+ estimates daily users from reported directory request
+ statistics.</li>
<li><a href="https://gitweb.torproject.org/onionoo.git">Onionoo</a>
provides Tor network status information in JSON format via a
RESTful web service.</li>
@@ -75,22 +86,17 @@
network data:
<ul>
<li><a href="https://gitweb.torproject.org/metrics-web.git">metrics-web</a>
- is the software behind this website, including aggregation code
- for the presented statistics.</li>
- <li><a href="https://gitweb.torproject.org/metrics-tasks.git/tree/HEAD:/task-6498">task-6498</a>
- aggregates data to visualize fast exits in the Tor network.</li>
- <li><a href="https://gitweb.torproject.org/metrics-tasks.git/tree/HEAD:/task-8462">task-8462</a>
- estimates daily users from reported directory request
- statistics.</li>
+ also contains the code that presents aggregate statistics on
+ this website.</li>
<li><a href="https://gitweb.torproject.org/exonerator.git">ExoneraTor</a>
is a website that tells you whether a given IP address was a Tor
relay.</li>
- <li><a href="https://gitweb.torproject.org/doctor.git">DocTor</a>
- is a service that periodically checks the Tor network for
- consensus conflicts and other hiccups.</li>
<li><a href="https://gitweb.torproject.org/atlas.git">Atlas</a>
- is a web application to discover relays and bridges that uses
- Onionoo as its data back-end.</li>
+ is a web application to discover relays that uses Onionoo as its
+ data back-end.</li>
+ <li><a href="https://gitweb.torproject.org/globe.git">Globe</a>
+ is a Tor relay and bridge explorer that also uses Onionoo as its
+ data back-end.</li>
<li><a href="https://gitweb.torproject.org/compass.git">Compass</a>
is a web application that uses Onionoo's data to display
information about fast exits in the Tor network.</li>
diff --git a/web/images/tor-metrics-overview.png b/web/images/tor-metrics-overview.png
index 4a7c33a..ee2bc07 100644
Binary files a/web/images/tor-metrics-overview.png and b/web/images/tor-metrics-overview.png differ
1
0
commit 6100d4c179b25efaba9cdcb7d7ec264e61e2e436
Merge: 4809165 fb7238f
Author: Erinn Clark <erinn(a)torproject.org>
Date: Sat Dec 14 16:45:41 2013 -0200
Merge branch 'maint-2.4'
README.LINUX-2.4 | 6 +-
README.LINUX-2.5 | 29 ++
README.OSX-2.4 | 6 +-
README.OSX-2.5 | 23 ++
README.WIN-2.4 | 6 +-
README.WIN-2.5 | 27 ++
build-scripts/config/Info.plist | 6 +-
build-scripts/config/Info.plist-stable | 6 +-
build-scripts/edit-changelog.sh | 4 +-
build-scripts/linux-alpha.mk | 2 +-
build-scripts/linux.mk | 2 +-
build-scripts/osx.mk | 2 +-
build-scripts/versions-alpha.mk | 8 +-
build-scripts/versions.mk | 8 +-
build-scripts/windows.mk | 2 +-
changelog.linux-2.4 | 319 +++++++++++++++++
changelog.linux-2.5 | 592 ++++++++++++++++++++++++++++++++
changelog.osx-2.4 | 299 ++++++++++++++++
changelog.osx-2.5 | 561 ++++++++++++++++++++++++++++++
changelog.windows-2.4 | 297 ++++++++++++++++
changelog.windows-2.5 | 557 ++++++++++++++++++++++++++++++
21 files changed, 2733 insertions(+), 29 deletions(-)
1
0
[torbrowser/master] bump all versions of stable and alpha (0.2.5.1-alpha) TBBs
by erinn@torproject.org 14 Dec '13
by erinn@torproject.org 14 Dec '13
14 Dec '13
commit fb7238f449bd8e990222ba8e8a693b4d12ee7e67
Author: Erinn Clark <erinn(a)torproject.org>
Date: Sat Dec 14 16:45:06 2013 -0200
bump all versions of stable and alpha (0.2.5.1-alpha) TBBs
---
README.LINUX-2.4 | 6 +-
README.LINUX-2.5 | 29 ++
README.OSX-2.4 | 6 +-
README.OSX-2.5 | 23 ++
README.WIN-2.4 | 6 +-
README.WIN-2.5 | 27 ++
build-scripts/config/Info.plist | 6 +-
build-scripts/config/Info.plist-stable | 6 +-
build-scripts/edit-changelog.sh | 4 +-
build-scripts/linux-alpha.mk | 2 +-
build-scripts/linux.mk | 2 +-
build-scripts/osx.mk | 2 +-
build-scripts/versions-alpha.mk | 8 +-
build-scripts/versions.mk | 8 +-
build-scripts/windows.mk | 2 +-
changelog.linux-2.4 | 319 +++++++++++++++++
changelog.linux-2.5 | 592 ++++++++++++++++++++++++++++++++
changelog.osx-2.4 | 299 ++++++++++++++++
changelog.osx-2.5 | 561 ++++++++++++++++++++++++++++++
changelog.windows-2.4 | 297 ++++++++++++++++
changelog.windows-2.5 | 557 ++++++++++++++++++++++++++++++
21 files changed, 2733 insertions(+), 29 deletions(-)
diff --git a/README.LINUX-2.4 b/README.LINUX-2.4
index e03ab99..97ae4d9 100644
--- a/README.LINUX-2.4
+++ b/README.LINUX-2.4
@@ -5,11 +5,11 @@ Included applications
---------------------
Vidalia 0.2.21 (with Qt 4.8.1)
-Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
Firefox 17.0.11esr
\_ Torbutton 1.5.2
- |_ NoScript 2.6.8.5
- |_ HTTPS-Everywhere 3.4.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
Usage
-----
diff --git a/README.LINUX-2.5 b/README.LINUX-2.5
new file mode 100644
index 0000000..a21f5be
--- /dev/null
+++ b/README.LINUX-2.5
@@ -0,0 +1,29 @@
+Tor Browser Bundle for GNU/Linux (beta)
+===============
+
+Included applications
+---------------------
+
+Vidalia 0.2.21 (with Qt 4.8.1)
+Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Firefox 17.0.11esr
+ \_ Torbutton 1.5.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
+
+Usage
+-----
+
+Extract the bundle with:
+
+tar -xvzf tor-browser-gnu-linux*.tar.gz
+
+This will create a directory named tor-browser_LANG. Click on this directory or
+cd into it and execute the 'start-tor-browser' script. This will start Vidalia.
+Once Tor has successfully opened a circuit, Firefox will automatically be
+opened.
+
+To exit, close Firefox. Vidalia will automatically clean up and exit.
+
+For more information about bugfixes and other package changes, see the
+changelog in tor-browser_LANG/Docs/changelog.
diff --git a/README.OSX-2.4 b/README.OSX-2.4
index 52ba0f0..6eed409 100644
--- a/README.OSX-2.4
+++ b/README.OSX-2.4
@@ -5,11 +5,11 @@ Included applications
---------------------
Vidalia 0.2.21 (with Qt 4.8.1)
-Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
Firefox 17.0.11esr
\_ Torbutton 1.5.2
- |_ NoScript 2.6.8.5
- |_ HTTPS-Everywhere 3.4.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
Usage
-----
diff --git a/README.OSX-2.5 b/README.OSX-2.5
new file mode 100644
index 0000000..3f073ac
--- /dev/null
+++ b/README.OSX-2.5
@@ -0,0 +1,23 @@
+Tor Browser Bundle for Mac OS X (beta)
+===============
+
+Included applications
+---------------------
+
+Vidalia 0.2.21 (with Qt 4.8.1)
+Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Firefox 17.0.11esr
+ \_ Torbutton 1.5.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
+
+Usage
+-----
+
+Unzip the TorBrowser zip file that you downloaded. Click on the
+TorBrowser_LANG.app which will launch Vidalia and then Firefox.
+
+To exit, close Firefox and Vidalia.
+
+For more information about bugfixes and other package changes, see the
+changelog in TorBrowser_LANG.app/Contents/Resources/changelog.
diff --git a/README.WIN-2.4 b/README.WIN-2.4
index 51925e9..a0aff79 100644
--- a/README.WIN-2.4
+++ b/README.WIN-2.4
@@ -5,11 +5,11 @@ Included applications
---------------------
Vidalia 0.2.21 (with Qt 4.8.1)
-Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
Firefox 17.0.11esr
\_ Torbutton 1.5.2
- |_ NoScript 2.6.8.5
- |_ HTTPS-Everywhere 3.4.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
Usage
-----
diff --git a/README.WIN-2.5 b/README.WIN-2.5
new file mode 100644
index 0000000..17c9b03
--- /dev/null
+++ b/README.WIN-2.5
@@ -0,0 +1,27 @@
+Tor Browser Bundle for Windows (beta)
+===============
+
+Included applications
+---------------------
+
+Vidalia 0.2.21 (with Qt 4.8.1)
+Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Firefox 17.0.11esr
+ \_ Torbutton 1.5.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
+
+Usage
+-----
+
+Tor Browser.exe is a 7zip self extracting archive. To extract the bundle, run
+this and point it to the install location. It will create a folder called "Tor
+Browser". This may be the hard disk, but is more likely the currently mounted
+USB drive. The install process needs only be performed once.
+
+Once the bundle is extracted, open the newly created folder and click
+"Start Tor Browser.bat" (may appear as simply "Start Tor Browser").
+This will start Vidalia. Once Tor has successfully opened a circuit,
+Firefox will automatically be opened.
+
+To exit, close Firefox. Vidalia will automatically clean up and exit.
diff --git a/build-scripts/config/Info.plist b/build-scripts/config/Info.plist
index 8b626a7..4870df7 100644
--- a/build-scripts/config/Info.plist
+++ b/build-scripts/config/Info.plist
@@ -9,7 +9,7 @@
<key>CFBundleExecutable</key>
<string>TorBrowserBundle</string>
<key>CFBundleGetInfoString</key>
- <string>Tor Browser Bundle 2.4.18-rc-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
+ <string>Tor Browser Bundle 2.5.1-alpha-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
<key>CFBundleIconFile</key>
<string>vidalia.icns</string>
<key>CFBundleIdentifier</key>
@@ -21,7 +21,7 @@
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
- <string>2.4.18-rc-1</string>
+ <string>2.5.1-alpha-1</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>LSEnvironment</key>
@@ -35,7 +35,7 @@
<key>NSAppleScriptEnabled</key>
<false/>
<key>NSHumanReadableCopyright</key>
- <string>Tor Browser Bundle 2.4.18-rc-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
+ <string>Tor Browser Bundle 2.5.1-alpha-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
<key>NSMainNibFile</key>
<string>MainMenu</string>
<key>NSPrincipalClass</key>
diff --git a/build-scripts/config/Info.plist-stable b/build-scripts/config/Info.plist-stable
index f1648cf..0e50fc0 100644
--- a/build-scripts/config/Info.plist-stable
+++ b/build-scripts/config/Info.plist-stable
@@ -9,7 +9,7 @@
<key>CFBundleExecutable</key>
<string>TorBrowserBundle</string>
<key>CFBundleGetInfoString</key>
- <string>Tor Browser Bundle 2.3.25-15 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
+ <string>Tor Browser Bundle 2.4.19-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
<key>CFBundleIconFile</key>
<string>vidalia.icns</string>
<key>CFBundleIdentifier</key>
@@ -21,7 +21,7 @@
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
- <string>2.3.25-15</string>
+ <string>2.4.19-1</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>LSEnvironment</key>
@@ -35,7 +35,7 @@
<key>NSAppleScriptEnabled</key>
<false/>
<key>NSHumanReadableCopyright</key>
- <string>Tor Browser Bundle 2.3.25-15 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
+ <string>Tor Browser Bundle 2.4.19-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
<key>NSMainNibFile</key>
<string>MainMenu</string>
<key>NSPrincipalClass</key>
diff --git a/build-scripts/edit-changelog.sh b/build-scripts/edit-changelog.sh
index 4369d33..b8bded4 100755
--- a/build-scripts/edit-changelog.sh
+++ b/build-scripts/edit-changelog.sh
@@ -23,6 +23,6 @@ Tor Browser Bundle ($VERSION); suite=$1
EOF
-mv ../changelog.$1-2.3 ../changelog.$1-2.3-old
-cat ../tmp.changelog.$1 ../changelog.$1-2.3-old >> ../changelog.$1-2.3
+mv ../changelog.$1-2.4 ../changelog.$1-2.4-old
+cat ../tmp.changelog.$1 ../changelog.$1-2.4-old >> ../changelog.$1-2.4
diff --git a/build-scripts/linux-alpha.mk b/build-scripts/linux-alpha.mk
index 349d512..3f831dd 100644
--- a/build-scripts/linux-alpha.mk
+++ b/build-scripts/linux-alpha.mk
@@ -15,7 +15,7 @@
## Architecture
ARCH_TYPE=$(shell uname -m)
-BUILD_NUM=2
+BUILD_NUM=1
PLATFORM=Linux
## Build machine specific settings
diff --git a/build-scripts/linux.mk b/build-scripts/linux.mk
index 9edc7ac..300357f 100644
--- a/build-scripts/linux.mk
+++ b/build-scripts/linux.mk
@@ -15,7 +15,7 @@
## Architecture
ARCH_TYPE=$(shell uname -m)
-BUILD_NUM=16
+BUILD_NUM=1
PLATFORM=Linux
## Build machine specific settings
diff --git a/build-scripts/osx.mk b/build-scripts/osx.mk
index 349e908..4246dc3 100644
--- a/build-scripts/osx.mk
+++ b/build-scripts/osx.mk
@@ -15,7 +15,7 @@
## Architecture
ARCH_TYPE=x86_64
-BUILD_NUM=15
+BUILD_NUM=1
PLATFORM=MacOS
## Set OSX-specific backwards compatibility options
diff --git a/build-scripts/versions-alpha.mk b/build-scripts/versions-alpha.mk
index 0410f41..bc27020 100644
--- a/build-scripts/versions-alpha.mk
+++ b/build-scripts/versions-alpha.mk
@@ -1,6 +1,6 @@
#!/usr/bin/make
-RELEASE_VER=2.4.18-rc
+RELEASE_VER=2.5.1-alpha
ZLIB_VER=1.2.8
OPENSSL_VER=1.0.0k
@@ -8,13 +8,13 @@ LIBPNG_VER=1.6.6
QT_VER=4.8.1
VIDALIA_VER=0.2.21
LIBEVENT_VER=2.0.21-stable
-TOR_VER=0.2.4.18-rc
+TOR_VER=0.2.5.1-alpha
PIDGIN_VER=2.6.4
FIREFOX_VER=17.0.11esr
MOZBUILD_VER=1.5.1
TORBUTTON_VER=1.5.2
-NOSCRIPT_VER=2.6.8.5
-HTTPSEVERYWHERE_VER=3.4.2
+NOSCRIPT_VER=2.6.8.7
+HTTPSEVERYWHERE_VER=3.4.3
PDFJS_VER=0.8.298
OBFSPROXY_VER=0.1.4
OTR_VER=3.2.0
diff --git a/build-scripts/versions.mk b/build-scripts/versions.mk
index 77275b8..2c2add0 100644
--- a/build-scripts/versions.mk
+++ b/build-scripts/versions.mk
@@ -1,6 +1,6 @@
#!/usr/bin/make
-RELEASE_VER=2.3.25
+RELEASE_VER=2.4.19
ZLIB_VER=1.2.8
OPENSSL_VER=1.0.0k
@@ -8,13 +8,13 @@ LIBPNG_VER=1.6.6
QT_VER=4.8.1
VIDALIA_VER=0.2.21
LIBEVENT_VER=2.0.21-stable
-TOR_VER=0.2.3.25
+TOR_VER=0.2.4.19
PIDGIN_VER=2.6.4
FIREFOX_VER=17.0.11esr
MOZBUILD_VER=1.5.1
TORBUTTON_VER=1.5.2
-NOSCRIPT_VER=2.6.8.5
-HTTPSEVERYWHERE_VER=3.4.2
+NOSCRIPT_VER=2.6.8.7
+HTTPSEVERYWHERE_VER=3.4.3
OTR_VER=3.2.0
OBFSPROXY_VER=0.1.4
diff --git a/build-scripts/windows.mk b/build-scripts/windows.mk
index f0174b3..9b4a557 100644
--- a/build-scripts/windows.mk
+++ b/build-scripts/windows.mk
@@ -13,7 +13,7 @@
### Configuration ###
#####################
-BUILD_NUM=15
+BUILD_NUM=1
PLATFORM=Windows
## Location of required libraries
diff --git a/changelog.linux-2.4 b/changelog.linux-2.4
index f3623e4..77b27f7 100644
--- a/changelog.linux-2.4
+++ b/changelog.linux-2.4
@@ -1,3 +1,12 @@
+Tor Browser Bundle (2.4.19-1); suite=linux
+
+ * New stable release
+ * Update Tor to 0.2.4.19
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:26 BRST 2013
+
Tor Browser Bundle (2.4.18-rc-2); suite=linux
* Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
@@ -271,3 +280,313 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=linux
-- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:21 GMT 2012
+Tor Browser Bundle (2.3.25-16); suite=linux
+
+ * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
+ stop crashing (closes: #10195)
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Nov 20 17:46:24 BRST 2013
+
+Tor Browser Bundle (2.3.25-15); suite=linux
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:05 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=linux
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update LibPNG to 1.6.6
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=linux
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=linux
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:21 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=linux
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.7
+ * Update LibPNG to 1.6.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=linux
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update libpng 1.5.16
+ * Update NoScript 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-9); suite=linux
+
+ * Rebuild 64-bit bundles with Firefox optimizations disabled in order to
+ prevent browser crashes. (closes: #8970)
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Jun 12 18:42:24 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=linux
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:55 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=linux
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:56:58 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=linux
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:16 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=linux
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:43 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=linux
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:24 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=linux
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:43 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=linux
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:05 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=linux
+
+ * Update Tor to 0.2.3.25-rc
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:59 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+ * Update libpng to 1.5.13
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:09 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.22-rc
+ * Temporarily use fixed Control and SOCKS ports as a workaround for #6803
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Sep 12 14:02:57 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:38 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.20-rc
+ * Update libpng to 1.5.12
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:30 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+ * Update libpng to 1.5.12
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:37 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=linux
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Don't attempt to load the default KDE 4 theme from Vidalia, because that
+ fails when the Qt versions don't match (closes: #5214)
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=linux
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012
diff --git a/changelog.linux-2.5 b/changelog.linux-2.5
new file mode 100644
index 0000000..154d69f
--- /dev/null
+++ b/changelog.linux-2.5
@@ -0,0 +1,592 @@
+Tor Browser Bundle (2.5.1-alpha-1); suite=linux
+
+ * New alpha release
+ * Update Tor to 0.2.5.1-alpha
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:44 BRST 2013
+
+Tor Browser Bundle (2.4.18-rc-2); suite=linux
+
+ * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
+ stop crashing (closes: #10195)
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Nov 20 17:46:24 BRST 2013
+
+Tor Browser Bundle (2.4.18-rc-1); suite=linux
+
+ * Update Tor to 0.2.4.18-rc
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+ * Remove PDF.js since it is no longer supported in Firefox 17
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Nov 17 16:41:32 BRST 2013
+
+Tor Browser Bundle (2.4.17-rc-1); suite=linux
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update LibPNG to 1.6.6
+ * Update NoScript to 2.6.8.4
+ * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this
+ becoming the stable bundle
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.4.17-beta-2); suite=linux
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update LibPNG to 1.6.3
+ * Update HTTPS Everywhere to 4.0development.12
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+ * Add missing geoip file
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.4.17-beta-1); suite=linux
+
+ * Update Tor to 0.2.4.17-rc
+ * Update NoScript to 2.6.7.1
+ * Update HTTPS Everywhere to 4.0development.11
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 5 14:26:06 CEST 2013
+
+Tor Browser Bundle (2.4.16-beta-1); suite=linux
+
+ * Update Tor to 0.2.4.16-rc
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:39 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-2); suite=linux
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * HTTPS Everywhere to 4.0development.9
+ * Update PDF.js to 0.8.298
+ * Update NoScript to 2.6.6.9
+ * Update LibPNG to 1.6.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-1); suite=linux
+
+ * Update Tor to 0.2.4.15-rc
+ * Update NoScript to 2.6.6.7
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jul 7 18:38:52 BRT 2013
+
+Tor Browser Bundle (2.4.14-alpha-1); suite=linux
+
+ * Update Tor to 0.2.4.14-alpha
+ * Update Firefox 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update libpng to 1.5.16
+ * Update HTTPS Everywhere to 4.0development.8
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-2); suite=linux
+
+ * Update Firefox to 17.0.6esr
+ * Update NoScript to 2.6.6.1
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:06:23 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-1); suite=linux
+
+ * Update Tor to 0.2.4.12-alpha
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6
+ * Update PDF.js to 0.8.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Apr 25 21:15:37 BRT 2013
+
+Tor Browser Bundle (2.4.11-alpha-2); suite=linux
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:37 EDT 2013
+
+Tor Browser Bundle (2.4.10-alpha-3); suite=linux
+
+ * Update Firefox to 17.0.4esr
+ * Update Tor to 0.2.4.11-alpha
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 4.0development.6
+ * Update PDF.js to 0.7.236
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Mar 12 12:06:00 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-2); suite=linux
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:47 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-1); suite=linux
+
+ * Update Tor to 0.2.4.10-alpha
+ * Update OpenSSL to 1.0.1d
+ * Update NoScript to 2.6.4.4
+ * Add PDF Viewer (PDF.js) to README
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:13:28 CET 2013
+
+Tor Browser Bundle (2.4.9-alpha-1); suite=linux
+
+ * Update Firefox to 17.0.2esr
+ * Update Tor to 0.2.4.9-alpha
+ * Update Torbutton to 1.5.0pre-alpha
+ * Update NoScript to 2.6.4.3
+ * Update HTTPS-Everywhere to 4.0development.5
+ * Add Mozilla's PDF.js extension to give people the ability to read PDFs in
+ TBB
+ * Prevent TBB from trying to access the X session manager (closes: #5261)
+ * Firefox patch changes:
+ - Isolate image cache to url bar domain (closes: #5742 and #6539)
+ - Enable DOM storage and isolate it to url bar domain (closes: #6564)
+ - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
+ * Misc preference changes:
+ - Disable DOM performance timers (dom.enable_performance) (closes: #6204)
+ - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
+ - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
+ - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 25 15:31:35 CET 2013
+
+Tor Browser Bundle (2.4.7-alpha-1); suite=linux
+
+ * Update Firefox to 10.0.12esr
+ * Update Tor to 0.2.4.7-alpha
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 4.0development.4
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:55:05 CET 2013
+
+Tor Browser Bundle (2.4.6-alpha-2); suite=linux
+
+ * Update Makefiles to use the right changelogs and READMEs
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Dec 3 16:13:47 GMT 2012
+
+Tor Browser Bundle (2.4.6-alpha-1); suite=linux
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:21 GMT 2012
+
+Tor Browser Bundle (2.3.25-16); suite=linux
+
+ * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
+ stop crashing (closes: #10195)
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Nov 20 17:46:24 BRST 2013
+
+Tor Browser Bundle (2.3.25-15); suite=linux
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:05 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=linux
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update LibPNG to 1.6.6
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=linux
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=linux
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:21 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=linux
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.7
+ * Update LibPNG to 1.6.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=linux
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update libpng 1.5.16
+ * Update NoScript 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-9); suite=linux
+
+ * Rebuild 64-bit bundles with Firefox optimizations disabled in order to
+ prevent browser crashes. (closes: #8970)
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Jun 12 18:42:24 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=linux
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:55 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=linux
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:56:58 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=linux
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:16 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=linux
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:43 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=linux
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:24 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=linux
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:43 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=linux
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:05 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=linux
+
+ * Update Tor to 0.2.3.25-rc
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:59 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+ * Update libpng to 1.5.13
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:09 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.22-rc
+ * Temporarily use fixed Control and SOCKS ports as a workaround for #6803
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Sep 12 14:02:57 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:38 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.20-rc
+ * Update libpng to 1.5.12
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:30 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+ * Update libpng to 1.5.12
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:37 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=linux
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Don't attempt to load the default KDE 4 theme from Vidalia, because that
+ fails when the Qt versions don't match (closes: #5214)
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=linux
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012
diff --git a/changelog.osx-2.4 b/changelog.osx-2.4
index d8c0b4a..6fcd6d2 100644
--- a/changelog.osx-2.4
+++ b/changelog.osx-2.4
@@ -1,3 +1,12 @@
+Tor Browser Bundle (2.4.19-1); suite=osx
+
+ * New stable release
+ * Update Tor to 0.2.4.19
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:22 BRST 2013
+
Tor Browser Bundle (2.4.18-rc-1); suite=linux
* Update Tor to 0.2.4.18-rc
@@ -260,3 +269,293 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=osx
* Initial release
-- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:11 GMT 2012
+Tor Browser Bundle (2.3.25-15); suite=osx
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+ * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield.
+ (closes: #10092)
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:00 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=osx
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=osx
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=osx
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:19 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=osx
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=osx
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=osx
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:50 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=osx
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:56:56 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=osx
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:11 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=osx
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:38 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=osx
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:21 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=osx
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:39 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=osx
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:03 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=osx
+
+ * Update Tor to 0.2.3.25
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:55 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:03 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.22-rc
+ * Temporarily use fixed Control and SOCKS ports as a workaround for #6803
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Sep 12 14:02:57 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:33 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.20-rc
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:27 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:26 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=osx
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Give OS X users below 10.5 an incompatibility message (closes: #4356)
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=osx
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012
diff --git a/changelog.osx-2.5 b/changelog.osx-2.5
new file mode 100644
index 0000000..83de71c
--- /dev/null
+++ b/changelog.osx-2.5
@@ -0,0 +1,561 @@
+Tor Browser Bundle (2.5.1-alpha-1); suite=osx
+
+ * New alpha release
+ * Update Tor to 0.2.5.1-alpha
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:31:01 BRST 2013
+
+Tor Browser Bundle (2.4.18-rc-1); suite=linux
+
+ * Update Tor to 0.2.4.18-rc
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+ * Remove PDF.js since it is no longer supported in Firefox 17
+ * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield.
+ (closes: #10092)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Nov 17 16:41:32 BRST 2013
+
+Tor Browser Bundle (2.4.17-rc-1); suite=osx
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update NoScript to 2.6.8.4
+ * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this
+ becoming the stable bundle
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.4.17-beta-2); suite=osx
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 4.0development.12
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.4.17-beta-1); suite=osx
+
+ * Update Tor to 0.2.4.17-rc
+ * Update NoScript to 2.6.7.1
+ * Update HTTPS Everywhere to 4.0development.11
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 5 14:26:04 CEST 2013
+
+Tor Browser Bundle (2.4.16-beta-1); suite=osx
+
+ * Update Tor to 0.2.4.16-rc
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:41 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-2); suite=osx
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * HTTPS Everywhere to 4.0development.9
+ * Update PDF.js to 0.8.298
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-1); suite=osx
+
+ * Update Tor to 0.2.4.15-rc
+ * Update NoScript to 2.6.6.7
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jul 7 18:38:48 BRT 2013
+
+Tor Browser Bundle (2.4.14-alpha-1); suite=osx
+
+ * Update Tor to 0.2.4.14-alpha
+ * Update Firefox 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update libpng to 1.5.16
+ * Update HTTPS Everywhere to 4.0development.8
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-2); suite=osx
+
+ * Update Firefox to 17.0.6esr
+ * Update NoScript to 2.6.6.1
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:06:20 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-1); suite=osx
+
+ * Update Tor to 0.2.4.12-alpha
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6
+ * Update PDF.js to 0.8.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Apr 25 21:15:32 BRT 2013
+
+Tor Browser Bundle (2.4.11-alpha-2); suite=osx
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:42 EDT 2013
+
+Tor Browser Bundle (2.4.10-alpha-3); suite=osx
+
+ * Update Firefox to 17.0.4esr
+ * Update Tor to 0.2.4.11-alpha
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 4.0development.6
+ * Update PDF.js to 0.7.236
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Mar 12 12:06:00 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-2); suite=osx
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:45 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-1); suite=osx
+
+ * Update Tor to 0.2.4.10-alpha
+ * Update OpenSSL to 1.0.1d
+ * Update NoScript to 2.6.4.4
+ * Add PDF Viewer (PDF.js) to README
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:13:28 CET 2013
+
+Tor Browser Bundle (2.4.9-alpha-1); suite=osx
+
+ * Update Firefox to 17.0.2esr
+ * Update Tor to 0.2.4.9-alpha
+ * Update Torbutton to 1.5.0pre-alpha
+ * Update NoScript to 2.6.4.3
+ * Update HTTPS-Everywhere to 4.0development.5
+ * Add Mozilla's PDF.js extension to give people the ability to read PDFs in
+ TBB
+ * Firefox patch changes:
+ - Isolate image cache to url bar domain (closes: #5742 and #6539)
+ - Enable DOM storage and isolate it to url bar domain (closes: #6564)
+ - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
+ * Misc preference changes:
+ - Disable DOM performance timers (dom.enable_performance) (closes: #6204)
+ - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
+ - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
+ - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 25 15:31:35 CET 2013
+
+Tor Browser Bundle (2.4.7-alpha-1); suite=osx
+
+ * Update Firefox to 10.0.12esr
+ * Update Tor to 0.2.4.7-alpha
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 4.0development.4
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:55:00 CET 2013
+
+Tor Browser Bundle (2.4.6-alpha-2); suite=osx
+
+ * Update Makefiles to use the right changelogs and READMEs
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Dec 3 16:13:43 GMT 2012
+
+Tor Browser Bundle (2.4.6-alpha-1); suite=osx
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:11 GMT 2012
+Tor Browser Bundle (2.3.25-15); suite=osx
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+ * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield.
+ (closes: #10092)
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:00 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=osx
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=osx
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=osx
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:19 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=osx
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=osx
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=osx
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:50 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=osx
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:56:56 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=osx
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:11 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=osx
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:38 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=osx
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:21 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=osx
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:39 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=osx
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:03 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=osx
+
+ * Update Tor to 0.2.3.25
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:55 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:03 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.22-rc
+ * Temporarily use fixed Control and SOCKS ports as a workaround for #6803
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Sep 12 14:02:57 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:33 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.20-rc
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:27 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:26 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=osx
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Give OS X users below 10.5 an incompatibility message (closes: #4356)
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=osx
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012
diff --git a/changelog.windows-2.4 b/changelog.windows-2.4
index 8282c4a..15f3bb3 100644
--- a/changelog.windows-2.4
+++ b/changelog.windows-2.4
@@ -1,3 +1,12 @@
+Tor Browser Bundle (2.4.19-1); suite=windows
+
+ * New stable release
+ * Update Tor to 0.2.4.19
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:24 BRST 2013
+
Tor Browser Bundle (2.4.18-rc-1); suite=linux
* Update Tor to 0.2.4.18-rc
@@ -258,3 +267,291 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=windows
* Initial release
-- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:17 GMT 2012
+Tor Browser Bundle (2.3.25-15); suite=windows
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:02 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=windows
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=windows
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=windows
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:23 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=windows
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=windows
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=windows
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:52 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=windows
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+ - Re-enable --enable-optimize for Windows builds
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:57:00 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=windows
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:14 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=windows
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:41 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=windows
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:26 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=windows
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:41 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=windows
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:07 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=windows
+
+ * Update Tor to 0.2.3.25
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:57 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:05 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.22-rc
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Sep 11 19:49:08 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:35 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.20-rc
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:32 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:41 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=windows
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Remove tor-resolve from the Windows bundle (closes: #5403)
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=windows
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012
diff --git a/changelog.windows-2.5 b/changelog.windows-2.5
new file mode 100644
index 0000000..d84e74d
--- /dev/null
+++ b/changelog.windows-2.5
@@ -0,0 +1,557 @@
+Tor Browser Bundle (2.5.1-alpha-1); suite=windows
+
+ * New alpha release
+ * Update Tor to 0.2.5.1-alpha
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:59 BRST 2013
+
+Tor Browser Bundle (2.4.18-rc-1); suite=linux
+
+ * Update Tor to 0.2.4.18-rc
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+ * Remove PDF.js since it is no longer supported in Firefox 17
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Nov 17 16:41:32 BRST 2013
+
+Tor Browser Bundle (2.4.17-rc-1); suite=windows
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update NoScript to 2.6.8.4
+ * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this
+ becoming the stable bundle
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.4.17-beta-2); suite=windows
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 4.0development.12
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.4.17-beta-1); suite=windows
+
+ * Update Tor to 0.2.4.17-rc
+ * Update NoScript to 2.6.7.1
+ * Update HTTPS Everywhere to 4.0development.11
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 5 14:26:09 CEST 2013
+
+Tor Browser Bundle (2.4.16-beta-1); suite=windows
+
+ * Update Tor to 0.2.4.16-rc
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:37 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-2); suite=windows
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * HTTPS Everywhere to 4.0development.9
+ * Update PDF.js to 0.8.298
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-1); suite=windows
+
+ * Update Tor to 0.2.4.15-rc
+ * Update NoScript to 2.6.6.7
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jul 7 18:38:50 BRT 2013
+
+Tor Browser Bundle (2.4.14-alpha-1); suite=windows
+
+ * Update Tor to 0.2.4.14-alpha
+ * Update Firefox 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update libpng to 1.5.16
+ * Update HTTPS Everywhere to 4.0development.8
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-2); suite=windows
+
+ * Update Firefox to 17.0.6esr
+ * Update NoScript to 2.6.6.1
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:06:25 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-1); suite=windows
+
+ * Update Tor to 0.2.4.12-alpha
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6
+ * Update PDF.js to 0.8.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Apr 25 21:15:34 BRT 2013
+
+Tor Browser Bundle (2.4.11-alpha-2); suite=windows
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:39 EDT 2013
+
+Tor Browser Bundle (2.4.10-alpha-3); suite=windows
+
+ * Update Firefox to 17.0.4esr
+ * Update Tor to 0.2.4.11-alpha
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 4.0development.6
+ * Update PDF.js to 0.7.236
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Mar 12 12:06:00 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-2); suite=windows
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:49 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-1); suite=windows
+
+ * Update Tor to 0.2.4.10-alpha
+ * Update OpenSSL to 1.0.1d
+ * Update NoScript to 2.6.4.4
+ * Add PDF Viewer (PDF.js) to README
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:13:28 CET 2013
+
+Tor Browser Bundle (2.4.9-alpha-test-1); suite=windows
+
+ * Update Firefox to 17.0.2esr
+ * Update Tor to 0.2.4.9-alpha
+ * Update Torbutton to 1.5.0pre-alpha
+ * Update NoScript to 2.6.4.3
+ * Update HTTPS-Everywhere to 4.0development.5
+ * Add Mozilla's PDF.js extension to give people the ability to read PDFs in
+ TBB
+ * Firefox patch changes:
+ - Isolate image cache to url bar domain (closes: #5742 and #6539)
+ - Enable DOM storage and isolate it to url bar domain (closes: #6564)
+ - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
+ * Misc preference changes:
+ - Disable DOM performance timers (dom.enable_performance) (closes: #6204)
+ - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
+ - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
+ - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 25 15:31:35 CET 2013
+
+Tor Browser Bundle (2.4.7-alpha-1); suite=windows
+
+ * Update Firefox to 10.0.12esr
+ * Update Tor to 0.2.4.7-alpha
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 4.0development.4
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:55:02 CET 2013
+
+Tor Browser Bundle (2.4.6-alpha-2); suite=windows
+
+ * Update Makefiles to use the right changelogs and READMEs
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Dec 3 16:13:45 GMT 2012
+
+Tor Browser Bundle (2.4.6-alpha-1); suite=windows
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:17 GMT 2012
+Tor Browser Bundle (2.3.25-15); suite=windows
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:02 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=windows
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=windows
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=windows
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:23 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=windows
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=windows
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=windows
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:52 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=windows
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+ - Re-enable --enable-optimize for Windows builds
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:57:00 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=windows
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:14 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=windows
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:41 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=windows
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:26 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=windows
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:41 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=windows
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:07 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=windows
+
+ * Update Tor to 0.2.3.25
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:57 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:05 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.22-rc
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Sep 11 19:49:08 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:35 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.20-rc
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:32 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:41 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=windows
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Remove tor-resolve from the Windows bundle (closes: #5403)
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=windows
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012
1
0
[torbrowser/maint-2.4] bump all versions of stable and alpha (0.2.5.1-alpha) TBBs
by erinn@torproject.org 14 Dec '13
by erinn@torproject.org 14 Dec '13
14 Dec '13
commit fb7238f449bd8e990222ba8e8a693b4d12ee7e67
Author: Erinn Clark <erinn(a)torproject.org>
Date: Sat Dec 14 16:45:06 2013 -0200
bump all versions of stable and alpha (0.2.5.1-alpha) TBBs
---
README.LINUX-2.4 | 6 +-
README.LINUX-2.5 | 29 ++
README.OSX-2.4 | 6 +-
README.OSX-2.5 | 23 ++
README.WIN-2.4 | 6 +-
README.WIN-2.5 | 27 ++
build-scripts/config/Info.plist | 6 +-
build-scripts/config/Info.plist-stable | 6 +-
build-scripts/edit-changelog.sh | 4 +-
build-scripts/linux-alpha.mk | 2 +-
build-scripts/linux.mk | 2 +-
build-scripts/osx.mk | 2 +-
build-scripts/versions-alpha.mk | 8 +-
build-scripts/versions.mk | 8 +-
build-scripts/windows.mk | 2 +-
changelog.linux-2.4 | 319 +++++++++++++++++
changelog.linux-2.5 | 592 ++++++++++++++++++++++++++++++++
changelog.osx-2.4 | 299 ++++++++++++++++
changelog.osx-2.5 | 561 ++++++++++++++++++++++++++++++
changelog.windows-2.4 | 297 ++++++++++++++++
changelog.windows-2.5 | 557 ++++++++++++++++++++++++++++++
21 files changed, 2733 insertions(+), 29 deletions(-)
diff --git a/README.LINUX-2.4 b/README.LINUX-2.4
index e03ab99..97ae4d9 100644
--- a/README.LINUX-2.4
+++ b/README.LINUX-2.4
@@ -5,11 +5,11 @@ Included applications
---------------------
Vidalia 0.2.21 (with Qt 4.8.1)
-Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
Firefox 17.0.11esr
\_ Torbutton 1.5.2
- |_ NoScript 2.6.8.5
- |_ HTTPS-Everywhere 3.4.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
Usage
-----
diff --git a/README.LINUX-2.5 b/README.LINUX-2.5
new file mode 100644
index 0000000..a21f5be
--- /dev/null
+++ b/README.LINUX-2.5
@@ -0,0 +1,29 @@
+Tor Browser Bundle for GNU/Linux (beta)
+===============
+
+Included applications
+---------------------
+
+Vidalia 0.2.21 (with Qt 4.8.1)
+Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Firefox 17.0.11esr
+ \_ Torbutton 1.5.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
+
+Usage
+-----
+
+Extract the bundle with:
+
+tar -xvzf tor-browser-gnu-linux*.tar.gz
+
+This will create a directory named tor-browser_LANG. Click on this directory or
+cd into it and execute the 'start-tor-browser' script. This will start Vidalia.
+Once Tor has successfully opened a circuit, Firefox will automatically be
+opened.
+
+To exit, close Firefox. Vidalia will automatically clean up and exit.
+
+For more information about bugfixes and other package changes, see the
+changelog in tor-browser_LANG/Docs/changelog.
diff --git a/README.OSX-2.4 b/README.OSX-2.4
index 52ba0f0..6eed409 100644
--- a/README.OSX-2.4
+++ b/README.OSX-2.4
@@ -5,11 +5,11 @@ Included applications
---------------------
Vidalia 0.2.21 (with Qt 4.8.1)
-Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
Firefox 17.0.11esr
\_ Torbutton 1.5.2
- |_ NoScript 2.6.8.5
- |_ HTTPS-Everywhere 3.4.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
Usage
-----
diff --git a/README.OSX-2.5 b/README.OSX-2.5
new file mode 100644
index 0000000..3f073ac
--- /dev/null
+++ b/README.OSX-2.5
@@ -0,0 +1,23 @@
+Tor Browser Bundle for Mac OS X (beta)
+===============
+
+Included applications
+---------------------
+
+Vidalia 0.2.21 (with Qt 4.8.1)
+Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Firefox 17.0.11esr
+ \_ Torbutton 1.5.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
+
+Usage
+-----
+
+Unzip the TorBrowser zip file that you downloaded. Click on the
+TorBrowser_LANG.app which will launch Vidalia and then Firefox.
+
+To exit, close Firefox and Vidalia.
+
+For more information about bugfixes and other package changes, see the
+changelog in TorBrowser_LANG.app/Contents/Resources/changelog.
diff --git a/README.WIN-2.4 b/README.WIN-2.4
index 51925e9..a0aff79 100644
--- a/README.WIN-2.4
+++ b/README.WIN-2.4
@@ -5,11 +5,11 @@ Included applications
---------------------
Vidalia 0.2.21 (with Qt 4.8.1)
-Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
Firefox 17.0.11esr
\_ Torbutton 1.5.2
- |_ NoScript 2.6.8.5
- |_ HTTPS-Everywhere 3.4.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
Usage
-----
diff --git a/README.WIN-2.5 b/README.WIN-2.5
new file mode 100644
index 0000000..17c9b03
--- /dev/null
+++ b/README.WIN-2.5
@@ -0,0 +1,27 @@
+Tor Browser Bundle for Windows (beta)
+===============
+
+Included applications
+---------------------
+
+Vidalia 0.2.21 (with Qt 4.8.1)
+Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Firefox 17.0.11esr
+ \_ Torbutton 1.5.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
+
+Usage
+-----
+
+Tor Browser.exe is a 7zip self extracting archive. To extract the bundle, run
+this and point it to the install location. It will create a folder called "Tor
+Browser". This may be the hard disk, but is more likely the currently mounted
+USB drive. The install process needs only be performed once.
+
+Once the bundle is extracted, open the newly created folder and click
+"Start Tor Browser.bat" (may appear as simply "Start Tor Browser").
+This will start Vidalia. Once Tor has successfully opened a circuit,
+Firefox will automatically be opened.
+
+To exit, close Firefox. Vidalia will automatically clean up and exit.
diff --git a/build-scripts/config/Info.plist b/build-scripts/config/Info.plist
index 8b626a7..4870df7 100644
--- a/build-scripts/config/Info.plist
+++ b/build-scripts/config/Info.plist
@@ -9,7 +9,7 @@
<key>CFBundleExecutable</key>
<string>TorBrowserBundle</string>
<key>CFBundleGetInfoString</key>
- <string>Tor Browser Bundle 2.4.18-rc-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
+ <string>Tor Browser Bundle 2.5.1-alpha-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
<key>CFBundleIconFile</key>
<string>vidalia.icns</string>
<key>CFBundleIdentifier</key>
@@ -21,7 +21,7 @@
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
- <string>2.4.18-rc-1</string>
+ <string>2.5.1-alpha-1</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>LSEnvironment</key>
@@ -35,7 +35,7 @@
<key>NSAppleScriptEnabled</key>
<false/>
<key>NSHumanReadableCopyright</key>
- <string>Tor Browser Bundle 2.4.18-rc-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
+ <string>Tor Browser Bundle 2.5.1-alpha-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
<key>NSMainNibFile</key>
<string>MainMenu</string>
<key>NSPrincipalClass</key>
diff --git a/build-scripts/config/Info.plist-stable b/build-scripts/config/Info.plist-stable
index f1648cf..0e50fc0 100644
--- a/build-scripts/config/Info.plist-stable
+++ b/build-scripts/config/Info.plist-stable
@@ -9,7 +9,7 @@
<key>CFBundleExecutable</key>
<string>TorBrowserBundle</string>
<key>CFBundleGetInfoString</key>
- <string>Tor Browser Bundle 2.3.25-15 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
+ <string>Tor Browser Bundle 2.4.19-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
<key>CFBundleIconFile</key>
<string>vidalia.icns</string>
<key>CFBundleIdentifier</key>
@@ -21,7 +21,7 @@
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
- <string>2.3.25-15</string>
+ <string>2.4.19-1</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>LSEnvironment</key>
@@ -35,7 +35,7 @@
<key>NSAppleScriptEnabled</key>
<false/>
<key>NSHumanReadableCopyright</key>
- <string>Tor Browser Bundle 2.3.25-15 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
+ <string>Tor Browser Bundle 2.4.19-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
<key>NSMainNibFile</key>
<string>MainMenu</string>
<key>NSPrincipalClass</key>
diff --git a/build-scripts/edit-changelog.sh b/build-scripts/edit-changelog.sh
index 4369d33..b8bded4 100755
--- a/build-scripts/edit-changelog.sh
+++ b/build-scripts/edit-changelog.sh
@@ -23,6 +23,6 @@ Tor Browser Bundle ($VERSION); suite=$1
EOF
-mv ../changelog.$1-2.3 ../changelog.$1-2.3-old
-cat ../tmp.changelog.$1 ../changelog.$1-2.3-old >> ../changelog.$1-2.3
+mv ../changelog.$1-2.4 ../changelog.$1-2.4-old
+cat ../tmp.changelog.$1 ../changelog.$1-2.4-old >> ../changelog.$1-2.4
diff --git a/build-scripts/linux-alpha.mk b/build-scripts/linux-alpha.mk
index 349d512..3f831dd 100644
--- a/build-scripts/linux-alpha.mk
+++ b/build-scripts/linux-alpha.mk
@@ -15,7 +15,7 @@
## Architecture
ARCH_TYPE=$(shell uname -m)
-BUILD_NUM=2
+BUILD_NUM=1
PLATFORM=Linux
## Build machine specific settings
diff --git a/build-scripts/linux.mk b/build-scripts/linux.mk
index 9edc7ac..300357f 100644
--- a/build-scripts/linux.mk
+++ b/build-scripts/linux.mk
@@ -15,7 +15,7 @@
## Architecture
ARCH_TYPE=$(shell uname -m)
-BUILD_NUM=16
+BUILD_NUM=1
PLATFORM=Linux
## Build machine specific settings
diff --git a/build-scripts/osx.mk b/build-scripts/osx.mk
index 349e908..4246dc3 100644
--- a/build-scripts/osx.mk
+++ b/build-scripts/osx.mk
@@ -15,7 +15,7 @@
## Architecture
ARCH_TYPE=x86_64
-BUILD_NUM=15
+BUILD_NUM=1
PLATFORM=MacOS
## Set OSX-specific backwards compatibility options
diff --git a/build-scripts/versions-alpha.mk b/build-scripts/versions-alpha.mk
index 0410f41..bc27020 100644
--- a/build-scripts/versions-alpha.mk
+++ b/build-scripts/versions-alpha.mk
@@ -1,6 +1,6 @@
#!/usr/bin/make
-RELEASE_VER=2.4.18-rc
+RELEASE_VER=2.5.1-alpha
ZLIB_VER=1.2.8
OPENSSL_VER=1.0.0k
@@ -8,13 +8,13 @@ LIBPNG_VER=1.6.6
QT_VER=4.8.1
VIDALIA_VER=0.2.21
LIBEVENT_VER=2.0.21-stable
-TOR_VER=0.2.4.18-rc
+TOR_VER=0.2.5.1-alpha
PIDGIN_VER=2.6.4
FIREFOX_VER=17.0.11esr
MOZBUILD_VER=1.5.1
TORBUTTON_VER=1.5.2
-NOSCRIPT_VER=2.6.8.5
-HTTPSEVERYWHERE_VER=3.4.2
+NOSCRIPT_VER=2.6.8.7
+HTTPSEVERYWHERE_VER=3.4.3
PDFJS_VER=0.8.298
OBFSPROXY_VER=0.1.4
OTR_VER=3.2.0
diff --git a/build-scripts/versions.mk b/build-scripts/versions.mk
index 77275b8..2c2add0 100644
--- a/build-scripts/versions.mk
+++ b/build-scripts/versions.mk
@@ -1,6 +1,6 @@
#!/usr/bin/make
-RELEASE_VER=2.3.25
+RELEASE_VER=2.4.19
ZLIB_VER=1.2.8
OPENSSL_VER=1.0.0k
@@ -8,13 +8,13 @@ LIBPNG_VER=1.6.6
QT_VER=4.8.1
VIDALIA_VER=0.2.21
LIBEVENT_VER=2.0.21-stable
-TOR_VER=0.2.3.25
+TOR_VER=0.2.4.19
PIDGIN_VER=2.6.4
FIREFOX_VER=17.0.11esr
MOZBUILD_VER=1.5.1
TORBUTTON_VER=1.5.2
-NOSCRIPT_VER=2.6.8.5
-HTTPSEVERYWHERE_VER=3.4.2
+NOSCRIPT_VER=2.6.8.7
+HTTPSEVERYWHERE_VER=3.4.3
OTR_VER=3.2.0
OBFSPROXY_VER=0.1.4
diff --git a/build-scripts/windows.mk b/build-scripts/windows.mk
index f0174b3..9b4a557 100644
--- a/build-scripts/windows.mk
+++ b/build-scripts/windows.mk
@@ -13,7 +13,7 @@
### Configuration ###
#####################
-BUILD_NUM=15
+BUILD_NUM=1
PLATFORM=Windows
## Location of required libraries
diff --git a/changelog.linux-2.4 b/changelog.linux-2.4
index f3623e4..77b27f7 100644
--- a/changelog.linux-2.4
+++ b/changelog.linux-2.4
@@ -1,3 +1,12 @@
+Tor Browser Bundle (2.4.19-1); suite=linux
+
+ * New stable release
+ * Update Tor to 0.2.4.19
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:26 BRST 2013
+
Tor Browser Bundle (2.4.18-rc-2); suite=linux
* Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
@@ -271,3 +280,313 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=linux
-- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:21 GMT 2012
+Tor Browser Bundle (2.3.25-16); suite=linux
+
+ * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
+ stop crashing (closes: #10195)
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Nov 20 17:46:24 BRST 2013
+
+Tor Browser Bundle (2.3.25-15); suite=linux
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:05 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=linux
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update LibPNG to 1.6.6
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=linux
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=linux
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:21 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=linux
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.7
+ * Update LibPNG to 1.6.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=linux
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update libpng 1.5.16
+ * Update NoScript 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-9); suite=linux
+
+ * Rebuild 64-bit bundles with Firefox optimizations disabled in order to
+ prevent browser crashes. (closes: #8970)
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Jun 12 18:42:24 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=linux
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:55 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=linux
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:56:58 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=linux
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:16 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=linux
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:43 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=linux
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:24 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=linux
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:43 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=linux
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:05 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=linux
+
+ * Update Tor to 0.2.3.25-rc
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:59 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+ * Update libpng to 1.5.13
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:09 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.22-rc
+ * Temporarily use fixed Control and SOCKS ports as a workaround for #6803
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Sep 12 14:02:57 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:38 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.20-rc
+ * Update libpng to 1.5.12
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:30 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+ * Update libpng to 1.5.12
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:37 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=linux
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Don't attempt to load the default KDE 4 theme from Vidalia, because that
+ fails when the Qt versions don't match (closes: #5214)
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=linux
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012
diff --git a/changelog.linux-2.5 b/changelog.linux-2.5
new file mode 100644
index 0000000..154d69f
--- /dev/null
+++ b/changelog.linux-2.5
@@ -0,0 +1,592 @@
+Tor Browser Bundle (2.5.1-alpha-1); suite=linux
+
+ * New alpha release
+ * Update Tor to 0.2.5.1-alpha
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:44 BRST 2013
+
+Tor Browser Bundle (2.4.18-rc-2); suite=linux
+
+ * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
+ stop crashing (closes: #10195)
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Nov 20 17:46:24 BRST 2013
+
+Tor Browser Bundle (2.4.18-rc-1); suite=linux
+
+ * Update Tor to 0.2.4.18-rc
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+ * Remove PDF.js since it is no longer supported in Firefox 17
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Nov 17 16:41:32 BRST 2013
+
+Tor Browser Bundle (2.4.17-rc-1); suite=linux
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update LibPNG to 1.6.6
+ * Update NoScript to 2.6.8.4
+ * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this
+ becoming the stable bundle
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.4.17-beta-2); suite=linux
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update LibPNG to 1.6.3
+ * Update HTTPS Everywhere to 4.0development.12
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+ * Add missing geoip file
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.4.17-beta-1); suite=linux
+
+ * Update Tor to 0.2.4.17-rc
+ * Update NoScript to 2.6.7.1
+ * Update HTTPS Everywhere to 4.0development.11
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 5 14:26:06 CEST 2013
+
+Tor Browser Bundle (2.4.16-beta-1); suite=linux
+
+ * Update Tor to 0.2.4.16-rc
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:39 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-2); suite=linux
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * HTTPS Everywhere to 4.0development.9
+ * Update PDF.js to 0.8.298
+ * Update NoScript to 2.6.6.9
+ * Update LibPNG to 1.6.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-1); suite=linux
+
+ * Update Tor to 0.2.4.15-rc
+ * Update NoScript to 2.6.6.7
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jul 7 18:38:52 BRT 2013
+
+Tor Browser Bundle (2.4.14-alpha-1); suite=linux
+
+ * Update Tor to 0.2.4.14-alpha
+ * Update Firefox 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update libpng to 1.5.16
+ * Update HTTPS Everywhere to 4.0development.8
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-2); suite=linux
+
+ * Update Firefox to 17.0.6esr
+ * Update NoScript to 2.6.6.1
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:06:23 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-1); suite=linux
+
+ * Update Tor to 0.2.4.12-alpha
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6
+ * Update PDF.js to 0.8.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Apr 25 21:15:37 BRT 2013
+
+Tor Browser Bundle (2.4.11-alpha-2); suite=linux
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:37 EDT 2013
+
+Tor Browser Bundle (2.4.10-alpha-3); suite=linux
+
+ * Update Firefox to 17.0.4esr
+ * Update Tor to 0.2.4.11-alpha
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 4.0development.6
+ * Update PDF.js to 0.7.236
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Mar 12 12:06:00 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-2); suite=linux
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:47 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-1); suite=linux
+
+ * Update Tor to 0.2.4.10-alpha
+ * Update OpenSSL to 1.0.1d
+ * Update NoScript to 2.6.4.4
+ * Add PDF Viewer (PDF.js) to README
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:13:28 CET 2013
+
+Tor Browser Bundle (2.4.9-alpha-1); suite=linux
+
+ * Update Firefox to 17.0.2esr
+ * Update Tor to 0.2.4.9-alpha
+ * Update Torbutton to 1.5.0pre-alpha
+ * Update NoScript to 2.6.4.3
+ * Update HTTPS-Everywhere to 4.0development.5
+ * Add Mozilla's PDF.js extension to give people the ability to read PDFs in
+ TBB
+ * Prevent TBB from trying to access the X session manager (closes: #5261)
+ * Firefox patch changes:
+ - Isolate image cache to url bar domain (closes: #5742 and #6539)
+ - Enable DOM storage and isolate it to url bar domain (closes: #6564)
+ - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
+ * Misc preference changes:
+ - Disable DOM performance timers (dom.enable_performance) (closes: #6204)
+ - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
+ - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
+ - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 25 15:31:35 CET 2013
+
+Tor Browser Bundle (2.4.7-alpha-1); suite=linux
+
+ * Update Firefox to 10.0.12esr
+ * Update Tor to 0.2.4.7-alpha
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 4.0development.4
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:55:05 CET 2013
+
+Tor Browser Bundle (2.4.6-alpha-2); suite=linux
+
+ * Update Makefiles to use the right changelogs and READMEs
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Dec 3 16:13:47 GMT 2012
+
+Tor Browser Bundle (2.4.6-alpha-1); suite=linux
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:21 GMT 2012
+
+Tor Browser Bundle (2.3.25-16); suite=linux
+
+ * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
+ stop crashing (closes: #10195)
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Nov 20 17:46:24 BRST 2013
+
+Tor Browser Bundle (2.3.25-15); suite=linux
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:05 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=linux
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update LibPNG to 1.6.6
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=linux
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=linux
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:21 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=linux
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.7
+ * Update LibPNG to 1.6.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=linux
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update libpng 1.5.16
+ * Update NoScript 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-9); suite=linux
+
+ * Rebuild 64-bit bundles with Firefox optimizations disabled in order to
+ prevent browser crashes. (closes: #8970)
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Jun 12 18:42:24 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=linux
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:55 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=linux
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:56:58 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=linux
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:16 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=linux
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:43 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=linux
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:24 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=linux
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:43 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=linux
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:05 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=linux
+
+ * Update Tor to 0.2.3.25-rc
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:59 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+ * Update libpng to 1.5.13
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:09 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.22-rc
+ * Temporarily use fixed Control and SOCKS ports as a workaround for #6803
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Sep 12 14:02:57 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:38 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.20-rc
+ * Update libpng to 1.5.12
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:30 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+ * Update libpng to 1.5.12
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:37 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=linux
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Don't attempt to load the default KDE 4 theme from Vidalia, because that
+ fails when the Qt versions don't match (closes: #5214)
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=linux
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012
diff --git a/changelog.osx-2.4 b/changelog.osx-2.4
index d8c0b4a..6fcd6d2 100644
--- a/changelog.osx-2.4
+++ b/changelog.osx-2.4
@@ -1,3 +1,12 @@
+Tor Browser Bundle (2.4.19-1); suite=osx
+
+ * New stable release
+ * Update Tor to 0.2.4.19
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:22 BRST 2013
+
Tor Browser Bundle (2.4.18-rc-1); suite=linux
* Update Tor to 0.2.4.18-rc
@@ -260,3 +269,293 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=osx
* Initial release
-- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:11 GMT 2012
+Tor Browser Bundle (2.3.25-15); suite=osx
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+ * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield.
+ (closes: #10092)
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:00 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=osx
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=osx
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=osx
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:19 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=osx
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=osx
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=osx
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:50 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=osx
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:56:56 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=osx
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:11 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=osx
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:38 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=osx
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:21 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=osx
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:39 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=osx
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:03 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=osx
+
+ * Update Tor to 0.2.3.25
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:55 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:03 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.22-rc
+ * Temporarily use fixed Control and SOCKS ports as a workaround for #6803
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Sep 12 14:02:57 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:33 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.20-rc
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:27 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:26 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=osx
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Give OS X users below 10.5 an incompatibility message (closes: #4356)
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=osx
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012
diff --git a/changelog.osx-2.5 b/changelog.osx-2.5
new file mode 100644
index 0000000..83de71c
--- /dev/null
+++ b/changelog.osx-2.5
@@ -0,0 +1,561 @@
+Tor Browser Bundle (2.5.1-alpha-1); suite=osx
+
+ * New alpha release
+ * Update Tor to 0.2.5.1-alpha
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:31:01 BRST 2013
+
+Tor Browser Bundle (2.4.18-rc-1); suite=linux
+
+ * Update Tor to 0.2.4.18-rc
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+ * Remove PDF.js since it is no longer supported in Firefox 17
+ * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield.
+ (closes: #10092)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Nov 17 16:41:32 BRST 2013
+
+Tor Browser Bundle (2.4.17-rc-1); suite=osx
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update NoScript to 2.6.8.4
+ * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this
+ becoming the stable bundle
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.4.17-beta-2); suite=osx
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 4.0development.12
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.4.17-beta-1); suite=osx
+
+ * Update Tor to 0.2.4.17-rc
+ * Update NoScript to 2.6.7.1
+ * Update HTTPS Everywhere to 4.0development.11
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 5 14:26:04 CEST 2013
+
+Tor Browser Bundle (2.4.16-beta-1); suite=osx
+
+ * Update Tor to 0.2.4.16-rc
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:41 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-2); suite=osx
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * HTTPS Everywhere to 4.0development.9
+ * Update PDF.js to 0.8.298
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-1); suite=osx
+
+ * Update Tor to 0.2.4.15-rc
+ * Update NoScript to 2.6.6.7
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jul 7 18:38:48 BRT 2013
+
+Tor Browser Bundle (2.4.14-alpha-1); suite=osx
+
+ * Update Tor to 0.2.4.14-alpha
+ * Update Firefox 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update libpng to 1.5.16
+ * Update HTTPS Everywhere to 4.0development.8
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-2); suite=osx
+
+ * Update Firefox to 17.0.6esr
+ * Update NoScript to 2.6.6.1
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:06:20 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-1); suite=osx
+
+ * Update Tor to 0.2.4.12-alpha
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6
+ * Update PDF.js to 0.8.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Apr 25 21:15:32 BRT 2013
+
+Tor Browser Bundle (2.4.11-alpha-2); suite=osx
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:42 EDT 2013
+
+Tor Browser Bundle (2.4.10-alpha-3); suite=osx
+
+ * Update Firefox to 17.0.4esr
+ * Update Tor to 0.2.4.11-alpha
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 4.0development.6
+ * Update PDF.js to 0.7.236
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Mar 12 12:06:00 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-2); suite=osx
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:45 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-1); suite=osx
+
+ * Update Tor to 0.2.4.10-alpha
+ * Update OpenSSL to 1.0.1d
+ * Update NoScript to 2.6.4.4
+ * Add PDF Viewer (PDF.js) to README
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:13:28 CET 2013
+
+Tor Browser Bundle (2.4.9-alpha-1); suite=osx
+
+ * Update Firefox to 17.0.2esr
+ * Update Tor to 0.2.4.9-alpha
+ * Update Torbutton to 1.5.0pre-alpha
+ * Update NoScript to 2.6.4.3
+ * Update HTTPS-Everywhere to 4.0development.5
+ * Add Mozilla's PDF.js extension to give people the ability to read PDFs in
+ TBB
+ * Firefox patch changes:
+ - Isolate image cache to url bar domain (closes: #5742 and #6539)
+ - Enable DOM storage and isolate it to url bar domain (closes: #6564)
+ - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
+ * Misc preference changes:
+ - Disable DOM performance timers (dom.enable_performance) (closes: #6204)
+ - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
+ - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
+ - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 25 15:31:35 CET 2013
+
+Tor Browser Bundle (2.4.7-alpha-1); suite=osx
+
+ * Update Firefox to 10.0.12esr
+ * Update Tor to 0.2.4.7-alpha
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 4.0development.4
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:55:00 CET 2013
+
+Tor Browser Bundle (2.4.6-alpha-2); suite=osx
+
+ * Update Makefiles to use the right changelogs and READMEs
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Dec 3 16:13:43 GMT 2012
+
+Tor Browser Bundle (2.4.6-alpha-1); suite=osx
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:11 GMT 2012
+Tor Browser Bundle (2.3.25-15); suite=osx
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+ * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield.
+ (closes: #10092)
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:00 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=osx
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=osx
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=osx
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:19 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=osx
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=osx
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=osx
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:50 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=osx
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:56:56 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=osx
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:11 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=osx
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:38 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=osx
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:21 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=osx
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:39 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=osx
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:03 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=osx
+
+ * Update Tor to 0.2.3.25
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:55 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:03 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.22-rc
+ * Temporarily use fixed Control and SOCKS ports as a workaround for #6803
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Sep 12 14:02:57 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:33 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.20-rc
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:27 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:26 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=osx
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Give OS X users below 10.5 an incompatibility message (closes: #4356)
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=osx
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012
diff --git a/changelog.windows-2.4 b/changelog.windows-2.4
index 8282c4a..15f3bb3 100644
--- a/changelog.windows-2.4
+++ b/changelog.windows-2.4
@@ -1,3 +1,12 @@
+Tor Browser Bundle (2.4.19-1); suite=windows
+
+ * New stable release
+ * Update Tor to 0.2.4.19
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:24 BRST 2013
+
Tor Browser Bundle (2.4.18-rc-1); suite=linux
* Update Tor to 0.2.4.18-rc
@@ -258,3 +267,291 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=windows
* Initial release
-- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:17 GMT 2012
+Tor Browser Bundle (2.3.25-15); suite=windows
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:02 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=windows
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=windows
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=windows
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:23 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=windows
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=windows
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=windows
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:52 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=windows
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+ - Re-enable --enable-optimize for Windows builds
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:57:00 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=windows
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:14 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=windows
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:41 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=windows
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:26 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=windows
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:41 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=windows
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:07 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=windows
+
+ * Update Tor to 0.2.3.25
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:57 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:05 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.22-rc
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Sep 11 19:49:08 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:35 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.20-rc
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:32 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:41 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=windows
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Remove tor-resolve from the Windows bundle (closes: #5403)
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=windows
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012
diff --git a/changelog.windows-2.5 b/changelog.windows-2.5
new file mode 100644
index 0000000..d84e74d
--- /dev/null
+++ b/changelog.windows-2.5
@@ -0,0 +1,557 @@
+Tor Browser Bundle (2.5.1-alpha-1); suite=windows
+
+ * New alpha release
+ * Update Tor to 0.2.5.1-alpha
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:59 BRST 2013
+
+Tor Browser Bundle (2.4.18-rc-1); suite=linux
+
+ * Update Tor to 0.2.4.18-rc
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+ * Remove PDF.js since it is no longer supported in Firefox 17
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Nov 17 16:41:32 BRST 2013
+
+Tor Browser Bundle (2.4.17-rc-1); suite=windows
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update NoScript to 2.6.8.4
+ * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this
+ becoming the stable bundle
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.4.17-beta-2); suite=windows
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 4.0development.12
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.4.17-beta-1); suite=windows
+
+ * Update Tor to 0.2.4.17-rc
+ * Update NoScript to 2.6.7.1
+ * Update HTTPS Everywhere to 4.0development.11
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 5 14:26:09 CEST 2013
+
+Tor Browser Bundle (2.4.16-beta-1); suite=windows
+
+ * Update Tor to 0.2.4.16-rc
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:37 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-2); suite=windows
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * HTTPS Everywhere to 4.0development.9
+ * Update PDF.js to 0.8.298
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-1); suite=windows
+
+ * Update Tor to 0.2.4.15-rc
+ * Update NoScript to 2.6.6.7
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jul 7 18:38:50 BRT 2013
+
+Tor Browser Bundle (2.4.14-alpha-1); suite=windows
+
+ * Update Tor to 0.2.4.14-alpha
+ * Update Firefox 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update libpng to 1.5.16
+ * Update HTTPS Everywhere to 4.0development.8
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-2); suite=windows
+
+ * Update Firefox to 17.0.6esr
+ * Update NoScript to 2.6.6.1
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:06:25 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-1); suite=windows
+
+ * Update Tor to 0.2.4.12-alpha
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6
+ * Update PDF.js to 0.8.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Apr 25 21:15:34 BRT 2013
+
+Tor Browser Bundle (2.4.11-alpha-2); suite=windows
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:39 EDT 2013
+
+Tor Browser Bundle (2.4.10-alpha-3); suite=windows
+
+ * Update Firefox to 17.0.4esr
+ * Update Tor to 0.2.4.11-alpha
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 4.0development.6
+ * Update PDF.js to 0.7.236
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Mar 12 12:06:00 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-2); suite=windows
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:49 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-1); suite=windows
+
+ * Update Tor to 0.2.4.10-alpha
+ * Update OpenSSL to 1.0.1d
+ * Update NoScript to 2.6.4.4
+ * Add PDF Viewer (PDF.js) to README
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:13:28 CET 2013
+
+Tor Browser Bundle (2.4.9-alpha-test-1); suite=windows
+
+ * Update Firefox to 17.0.2esr
+ * Update Tor to 0.2.4.9-alpha
+ * Update Torbutton to 1.5.0pre-alpha
+ * Update NoScript to 2.6.4.3
+ * Update HTTPS-Everywhere to 4.0development.5
+ * Add Mozilla's PDF.js extension to give people the ability to read PDFs in
+ TBB
+ * Firefox patch changes:
+ - Isolate image cache to url bar domain (closes: #5742 and #6539)
+ - Enable DOM storage and isolate it to url bar domain (closes: #6564)
+ - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
+ * Misc preference changes:
+ - Disable DOM performance timers (dom.enable_performance) (closes: #6204)
+ - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
+ - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
+ - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 25 15:31:35 CET 2013
+
+Tor Browser Bundle (2.4.7-alpha-1); suite=windows
+
+ * Update Firefox to 10.0.12esr
+ * Update Tor to 0.2.4.7-alpha
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 4.0development.4
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:55:02 CET 2013
+
+Tor Browser Bundle (2.4.6-alpha-2); suite=windows
+
+ * Update Makefiles to use the right changelogs and READMEs
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Dec 3 16:13:45 GMT 2012
+
+Tor Browser Bundle (2.4.6-alpha-1); suite=windows
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:17 GMT 2012
+Tor Browser Bundle (2.3.25-15); suite=windows
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:02 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=windows
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=windows
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=windows
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:23 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=windows
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire…
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=windows
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=windows
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:52 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=windows
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+ - Re-enable --enable-optimize for Windows builds
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:57:00 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=windows
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:14 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=windows
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:41 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=windows
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:26 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=windows
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:41 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=windows
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:07 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=windows
+
+ * Update Tor to 0.2.3.25
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:57 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:05 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.22-rc
+
+ -- Erinn Clark <erinn(a)torproject.org> Tue Sep 11 19:49:08 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:35 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.20-rc
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:32 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+
+ -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:41 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=windows
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Remove tor-resolve from the Windows bundle (closes: #5403)
+
+ -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=windows
+
+ * Initial release
+
+ -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012
1
0
r26479: {website} Removed EL5 listing from RPMs packages page. EL5 is no longe (website/trunk/docs/en)
by Ondrej Mikle 14 Dec '13
by Ondrej Mikle 14 Dec '13
14 Dec '13
Author: hiviah
Date: 2013-12-14 16:01:16 +0000 (Sat, 14 Dec 2013)
New Revision: 26479
Modified:
website/trunk/docs/en/rpms.wml
Log:
Removed EL5 listing from RPMs packages page. EL5 is no longer supported.
Modified: website/trunk/docs/en/rpms.wml
===================================================================
--- website/trunk/docs/en/rpms.wml 2013-12-13 20:12:11 UTC (rev 26478)
+++ website/trunk/docs/en/rpms.wml 2013-12-14 16:01:16 UTC (rev 26479)
@@ -55,32 +55,6 @@
</p>
<pre>3B9E EEB9 7B1E 827B CF0A 0D96 8AF5 653C 5AC0 01F1</pre>
- <h3>EL5 packages</h3>
-
- <p>Packages for RHEL 5 (and clones) are signed with different key due to
- old rpm limitations, put this repo file in /etc/yum.repos.d/ directory:
- </p>
-
-<pre>[tor]
-name=Tor experimental repo
-enabled=1
-baseurl=http://deb.torproject.org/torproject.org/rpm/el/5/$basearch/
-gpgcheck=1
-gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.EL5.asc
-
-[tor-source]
-name=Tor experimental source repo
-enabled=1
-autorefresh=0
-baseurl=http://deb.torproject.org/torproject.org/rpm/el/5/SRPMS
-gpgcheck=1
-gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.EL5.asc
-</pre>
- <p>
- Fingerprint of RPM-GPG-KEY-torproject.org.EL5.asc key above should be:
- </p>
-<pre>9D27 0E2A 351C B4CB 6D95 78AF F8E7 95F8 B4D4 03EA</pre>
-
<h3>Package installation and running</h3>
<p>
1
0
[translation/abouttor-homepage_completed] Update translations for abouttor-homepage_completed
by translation@torproject.org 14 Dec '13
by translation@torproject.org 14 Dec '13
14 Dec '13
commit db3155374c0b57d65a7c72ffc23c8b61476be8bf
Author: Translation commit bot <translation(a)torproject.org>
Date: Sat Dec 14 00:46:38 2013 +0000
Update translations for abouttor-homepage_completed
---
fr/aboutTor.dtd | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/fr/aboutTor.dtd b/fr/aboutTor.dtd
index b43c4ff..a0b041b 100644
--- a/fr/aboutTor.dtd
+++ b/fr/aboutTor.dtd
@@ -34,16 +34,16 @@
-->
<!ENTITY aboutTor.searchSPPost.link "https://startpage.com/rth/search">
<!ENTITY aboutTor.searchDDGPost.link "https://duckduckgo.com/html/">
-<!ENTITY aboutTor.searchSP.privacy.beforeLink.label "Rechercher">
-<!ENTITY aboutTor.searchDDG.privacy.beforeLink.label "Rechercher">
+<!ENTITY aboutTor.searchSP.privacy.beforeLink.label "Rechercher ">
+<!ENTITY aboutTor.searchDDG.privacy.beforeLink.label "Rechercher ">
<!ENTITY aboutTor.searchSP.privacy.label "en toute sécurité">
<!ENTITY aboutTor.searchDDG.privacy.label "en toute sécurité">
<!ENTITY aboutTor.searchSP.privacy.link "https://startpage.com/eng/protect-privacy.html">
<!ENTITY aboutTor.searchDDG.privacy.link "https://duckduckgo.com/privacy.html">
<!ENTITY aboutTor.searchSP.privacy.afterLink.label "&nbsp;">
<!ENTITY aboutTor.searchDDG.privacy.afterLink.label "&nbsp;">
-<!ENTITY aboutTor.searchSP.search.beforeLink.label "avec">
-<!ENTITY aboutTor.searchDDG.search.beforeLink.label "avec">
+<!ENTITY aboutTor.searchSP.search.beforeLink.label "avec ">
+<!ENTITY aboutTor.searchDDG.search.beforeLink.label "avec ">
<!ENTITY aboutTor.searchSP.search.label "Startpage">
<!ENTITY aboutTor.searchDDG.search.label "DuckDuckGo">
<!ENTITY aboutTor.searchSP.search.link "https://startpage.com/">
1
0
[translation/abouttor-homepage] Update translations for abouttor-homepage
by translation@torproject.org 14 Dec '13
by translation@torproject.org 14 Dec '13
14 Dec '13
commit 58eac069368f8af0a1249ad144ef80876950467c
Author: Translation commit bot <translation(a)torproject.org>
Date: Sat Dec 14 00:46:35 2013 +0000
Update translations for abouttor-homepage
---
fr/aboutTor.dtd | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/fr/aboutTor.dtd b/fr/aboutTor.dtd
index b43c4ff..a0b041b 100644
--- a/fr/aboutTor.dtd
+++ b/fr/aboutTor.dtd
@@ -34,16 +34,16 @@
-->
<!ENTITY aboutTor.searchSPPost.link "https://startpage.com/rth/search">
<!ENTITY aboutTor.searchDDGPost.link "https://duckduckgo.com/html/">
-<!ENTITY aboutTor.searchSP.privacy.beforeLink.label "Rechercher">
-<!ENTITY aboutTor.searchDDG.privacy.beforeLink.label "Rechercher">
+<!ENTITY aboutTor.searchSP.privacy.beforeLink.label "Rechercher ">
+<!ENTITY aboutTor.searchDDG.privacy.beforeLink.label "Rechercher ">
<!ENTITY aboutTor.searchSP.privacy.label "en toute sécurité">
<!ENTITY aboutTor.searchDDG.privacy.label "en toute sécurité">
<!ENTITY aboutTor.searchSP.privacy.link "https://startpage.com/eng/protect-privacy.html">
<!ENTITY aboutTor.searchDDG.privacy.link "https://duckduckgo.com/privacy.html">
<!ENTITY aboutTor.searchSP.privacy.afterLink.label "&nbsp;">
<!ENTITY aboutTor.searchDDG.privacy.afterLink.label "&nbsp;">
-<!ENTITY aboutTor.searchSP.search.beforeLink.label "avec">
-<!ENTITY aboutTor.searchDDG.search.beforeLink.label "avec">
+<!ENTITY aboutTor.searchSP.search.beforeLink.label "avec ">
+<!ENTITY aboutTor.searchDDG.search.beforeLink.label "avec ">
<!ENTITY aboutTor.searchSP.search.label "Startpage">
<!ENTITY aboutTor.searchDDG.search.label "DuckDuckGo">
<!ENTITY aboutTor.searchSP.search.link "https://startpage.com/">
1
0
[translation/vidalia_alpha_completed] Update translations for vidalia_alpha_completed
by translation@torproject.org 14 Dec '13
by translation@torproject.org 14 Dec '13
14 Dec '13
commit bc23590babda8cfd47b2d76d66f19d45bf2f4bf8
Author: Translation commit bot <translation(a)torproject.org>
Date: Sat Dec 14 00:45:26 2013 +0000
Update translations for vidalia_alpha_completed
---
fr/vidalia_fr.po | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fr/vidalia_fr.po b/fr/vidalia_fr.po
index 76c5627..66aeb39 100644
--- a/fr/vidalia_fr.po
+++ b/fr/vidalia_fr.po
@@ -12,7 +12,7 @@ msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: translations(a)vidalia-project.net\n"
"POT-Creation-Date: 2012-03-21 17:46+0000\n"
-"PO-Revision-Date: 2013-11-12 09:41+0000\n"
+"PO-Revision-Date: 2013-12-14 00:30+0000\n"
"Last-Translator: runasand <runa.sandvik(a)gmail.com>\n"
"Language-Team: French (http://www.transifex.com/projects/p/torproject/language/fr/)\n"
"MIME-Version: 1.0\n"
1
0