December 2013 - tor-commits - lists.torproject.org

[websocket/master] fmt.
by dcf＠torproject.org 14 Dec '13

14 Dec '13

commit b100beafb50cf4ae85b67250699ac6d0c83a0bba Author: David Fifield <david(a)bamsoftware.com> Date: Sat Dec 14 12:17:25 2013 -0800 fmt. --- websocket/websocket.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/websocket/websocket.go b/websocket/websocket.go index dc228d1..5786fdf 100644 --- a/websocket/websocket.go +++ b/websocket/websocket.go @@ -313,7 +313,7 @@ func httpError(w http.ResponseWriter, bufrw *bufio.ReadWriter, code int) { // An implementation of http.Handler with a Config. The ServeHTTP function calls // Callback assuming WebSocket HTTP negotiation is successful. type HTTPHandler struct { - Config *Config + Config *Config Callback func(*WebSocket) }

1 0

[torbrowser/maint-2.4] fix changelog and README versions in build scripts
by erinn＠torproject.org 14 Dec '13

14 Dec '13

commit 92c2a816caa72ae4e3cdc09abcef43f3fc085e84 Author: Erinn Clark <erinn(a)torproject.org> Date: Sat Dec 14 17:46:26 2013 -0200 fix changelog and README versions in build scripts --- build-scripts/linux-alpha.mk | 4 ++-- build-scripts/linux.mk | 4 ++-- build-scripts/osx-alpha.mk | 4 ++-- build-scripts/osx.mk | 4 ++-- build-scripts/windows-alpha.mk | 4 ++-- build-scripts/windows.mk | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/build-scripts/linux-alpha.mk b/build-scripts/linux-alpha.mk index 3f831dd..72d4b0a 100644 --- a/build-scripts/linux-alpha.mk +++ b/build-scripts/linux-alpha.mk @@ -289,9 +289,9 @@ install-docs: cp $(VIDALIA_DIR)/LICENSE* $(VIDALIA_DIR)/CREDITS $(DOCSDIR)/Vidalia cp $(TOR_DIR)/LICENSE $(TOR_DIR)/README $(DOCSDIR)/Tor cp $(QT_DIR)/LICENSE.GPL* $(QT_DIR)/LICENSE.LGPL $(DOCSDIR)/Qt - cp ../changelog.linux-2.4 $(DOCSDIR)/changelog + cp ../changelog.linux-2.5 $(DOCSDIR)/changelog # This should be updated to be more generic (version-wise) and more Linux specific - cp ../README.LINUX-2.4 $(DOCSDIR)/README-TorBrowserBundle + cp ../README.LINUX-2.5 $(DOCSDIR)/README-TorBrowserBundle ifeq ($(USE_OBFSPROXY),1) mkdir -p $(DOCSDIR)/Obfsproxy cp $(OBFSPROXY_DIR)/LICENSE $(DOCSDIR)/Obfsproxy diff --git a/build-scripts/linux.mk b/build-scripts/linux.mk index 300357f..d5e82b0 100644 --- a/build-scripts/linux.mk +++ b/build-scripts/linux.mk @@ -268,9 +268,9 @@ install-docs: cp $(VIDALIA_DIR)/LICENSE* $(VIDALIA_DIR)/CREDITS $(DOCSDIR)/Vidalia cp $(TOR_DIR)/LICENSE $(TOR_DIR)/README $(DOCSDIR)/Tor cp $(QT_DIR)/LICENSE.GPL* $(QT_DIR)/LICENSE.LGPL $(DOCSDIR)/Qt - cp ../changelog.linux-2.3 $(DOCSDIR)/changelog + cp ../changelog.linux-2.4 $(DOCSDIR)/changelog # This should be updated to be more generic (version-wise) and more Linux specific - cp ../README.LINUX-2.3 $(DOCSDIR)/README-TorBrowserBundle + cp ../README.LINUX-2.4 $(DOCSDIR)/README-TorBrowserBundle ## Copy over Firefox install-firefox: diff --git a/build-scripts/osx-alpha.mk b/build-scripts/osx-alpha.mk index 00bc7aa..b9d2cce 100644 --- a/build-scripts/osx-alpha.mk +++ b/build-scripts/osx-alpha.mk @@ -310,9 +310,9 @@ install-docs: cp $(VIDALIA_DIR)/LICENSE* $(VIDALIA_DIR)/CREDITS $(DOCSDIR)/Vidalia cp $(TOR_DIR)/LICENSE $(TOR_DIR)/README $(DOCSDIR)/Tor cp $(QT_DIR)/LICENSE.GPL* $(QT_DIR)/LICENSE.LGPL $(DOCSDIR)/Qt - cp ../changelog.osx-2.4 $(DOCSDIR)/changelog + cp ../changelog.osx-2.5 $(DOCSDIR)/changelog cp ../LICENSE $(DEST) - cp ../README.OSX-2.4 $(DEST)/README-TorBrowserBundle + cp ../README.OSX-2.5 $(DEST)/README-TorBrowserBundle ## Copy over Firefox install-firefox: diff --git a/build-scripts/osx.mk b/build-scripts/osx.mk index 4246dc3..36120ae 100644 --- a/build-scripts/osx.mk +++ b/build-scripts/osx.mk @@ -264,9 +264,9 @@ install-docs: cp $(VIDALIA_DIR)/LICENSE* $(VIDALIA_DIR)/CREDITS $(DOCSDIR)/Vidalia cp $(TOR_DIR)/LICENSE $(TOR_DIR)/README $(DOCSDIR)/Tor cp $(QT_DIR)/LICENSE.GPL* $(QT_DIR)/LICENSE.LGPL $(DOCSDIR)/Qt - cp ../changelog.osx-2.3 $(DOCSDIR)/changelog + cp ../changelog.osx-2.4 $(DOCSDIR)/changelog cp ../LICENSE $(DEST) - cp ../README.OSX-2.3 $(DEST)/README-TorBrowserBundle + cp ../README.OSX-2.4 $(DEST)/README-TorBrowserBundle ## Copy over Firefox install-firefox: diff --git a/build-scripts/windows-alpha.mk b/build-scripts/windows-alpha.mk index da4af92..d087ac2 100644 --- a/build-scripts/windows-alpha.mk +++ b/build-scripts/windows-alpha.mk @@ -294,8 +294,8 @@ install-docs: cp $(TOR)/LICENSE $(TOR)/README $(DOCSDIR)/Tor cp $(QT_LIB)/../LICENSE.GPL* $(QT_LIB)/../LICENSE.LGPL $(DOCSDIR)/Qt cp $(MING)/../msys/1.0/share/doc/MSYS/COPYING $(DOCSDIR)/MinGW - cp ../changelog.windows-2.4 $(DOCSDIR)/changelog - cp ../README.WIN-2.4 $(DOCSDIR)/README-TorBrowserBundle + cp ../changelog.windows-2.5 $(DOCSDIR)/changelog + cp ../README.WIN-2.5 $(DOCSDIR)/README-TorBrowserBundle ifeq ($(USE_OBFSPROXY),1) mkdir -p $(DOCSDIR)/Obfsproxy cp $(OBFSPROXY_DIR)/LICENSE $(DOCSDIR)/Obfsproxy diff --git a/build-scripts/windows.mk b/build-scripts/windows.mk index 9b4a557..d7ff4d3 100644 --- a/build-scripts/windows.mk +++ b/build-scripts/windows.mk @@ -265,8 +265,8 @@ install-docs: cp $(TOR)/LICENSE $(TOR)/README $(DOCSDIR)/Tor cp $(QT_LIB)/../LICENSE.GPL* $(QT_LIB)/../LICENSE.LGPL $(DOCSDIR)/Qt cp $(MING)/../msys/1.0/share/doc/MSYS/COPYING $(DOCSDIR)/MinGW - cp ../changelog.windows-2.3 $(DOCSDIR)/changelog - cp ../README.WIN-2.3 $(DOCSDIR)/README-TorBrowserBundle + cp ../changelog.windows-2.4 $(DOCSDIR)/changelog + cp ../README.WIN-2.4 $(DOCSDIR)/README-TorBrowserBundle ## Copy over FirefoxPortable install-firefoxportable:

1 0

[metrics-web/master] Update tools diagram and page once more.
by karsten＠torproject.org 14 Dec '13

14 Dec '13

commit fe590cd926e2aee77b31c1084b63cb1fd99f67dc Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Sat Dec 14 17:25:21 2013 +0100 Update tools diagram and page once more. --- web/WEB-INF/tools.jsp | 40 ++++++++++++++++++++--------------- web/images/tor-metrics-overview.png | Bin 252686 -> 309306 bytes 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/web/WEB-INF/tools.jsp b/web/WEB-INF/tools.jsp index dc56751..8929d74 100644 --- a/web/WEB-INF/tools.jsp +++ b/web/WEB-INF/tools.jsp @@ -24,13 +24,13 @@ <br> <p>Tor network data is measured at various places: <ul> + <li><a href="https://gitweb.torproject.org/torperf.git">Torperf</a> + is a set of utilities for testing Tor performance from a client + perspective.</li> <li><a href="https://gitweb.torproject.org/tor.git">tor</a> relays and bridges gather aggregate usage statistics and publish descriptors containing data about Tor network structure and usage.</li> - <li><a href="https://gitweb.torproject.org/torperf.git">Torperf</a> - is a set of utilities for testing Tor performance from a client - perspective.</li> <li><a href="https://gitweb.torproject.org/tordnsel.git">TorDNSEL</a> is a Tor DNS-based exit list that runs periodic checks whether relays use different IP addresses for exiting to the Internet @@ -59,9 +59,20 @@ <br> <p>In some cases, processing and presenting Tor network data is separated for maximum flexibility. - In particular, there is currently one tool that processes but does - not present Tor network data:</p> + In particular, there are currently two main tools that process Tor + network data and write an intermediate data format, but don't + directly present results:</p> <ul> + <li><a href="https://gitweb.torproject.org/metrics-web.git">metrics-web</a> + is the software behind this website, including aggregation code + that produces statistics files.</li> + <li><a href="https://gitweb.torproject.org/metrics-tasks.git/tree/HEAD:/task-6498">task-6498</a> + is a submodule of metric-web that + aggregates data to visualize fast exits in the Tor network.</li> + <li><a href="https://gitweb.torproject.org/metrics-tasks.git/tree/HEAD:/task-8462">task-8462</a> + is another submodule of metric-web that + estimates daily users from reported directory request + statistics.</li> <li><a href="https://gitweb.torproject.org/onionoo.git">Onionoo</a> provides Tor network status information in JSON format via a RESTful web service.</li> @@ -75,22 +86,17 @@ network data: <ul> <li><a href="https://gitweb.torproject.org/metrics-web.git">metrics-web</a> - is the software behind this website, including aggregation code - for the presented statistics.</li> - <li><a href="https://gitweb.torproject.org/metrics-tasks.git/tree/HEAD:/task-6498">task-6498</a> - aggregates data to visualize fast exits in the Tor network.</li> - <li><a href="https://gitweb.torproject.org/metrics-tasks.git/tree/HEAD:/task-8462">task-8462</a> - estimates daily users from reported directory request - statistics.</li> + also contains the code that presents aggregate statistics on + this website.</li> <li><a href="https://gitweb.torproject.org/exonerator.git">ExoneraTor</a> is a website that tells you whether a given IP address was a Tor relay.</li> - <li><a href="https://gitweb.torproject.org/doctor.git">DocTor</a> - is a service that periodically checks the Tor network for - consensus conflicts and other hiccups.</li> <li><a href="https://gitweb.torproject.org/atlas.git">Atlas</a> - is a web application to discover relays and bridges that uses - Onionoo as its data back-end.</li> + is a web application to discover relays that uses Onionoo as its + data back-end.</li> + <li><a href="https://gitweb.torproject.org/globe.git">Globe</a> + is a Tor relay and bridge explorer that also uses Onionoo as its + data back-end.</li> <li><a href="https://gitweb.torproject.org/compass.git">Compass</a> is a web application that uses Onionoo's data to display information about fast exits in the Tor network.</li> diff --git a/web/images/tor-metrics-overview.png b/web/images/tor-metrics-overview.png index 4a7c33a..ee2bc07 100644 Binary files a/web/images/tor-metrics-overview.png and b/web/images/tor-metrics-overview.png differ

1 0

[torbrowser/master] Merge branch 'maint-2.4'
by erinn＠torproject.org 14 Dec '13

14 Dec '13

commit 6100d4c179b25efaba9cdcb7d7ec264e61e2e436 Merge: 4809165 fb7238f Author: Erinn Clark <erinn(a)torproject.org> Date: Sat Dec 14 16:45:41 2013 -0200 Merge branch 'maint-2.4' README.LINUX-2.4 | 6 +- README.LINUX-2.5 | 29 ++ README.OSX-2.4 | 6 +- README.OSX-2.5 | 23 ++ README.WIN-2.4 | 6 +- README.WIN-2.5 | 27 ++ build-scripts/config/Info.plist | 6 +- build-scripts/config/Info.plist-stable | 6 +- build-scripts/edit-changelog.sh | 4 +- build-scripts/linux-alpha.mk | 2 +- build-scripts/linux.mk | 2 +- build-scripts/osx.mk | 2 +- build-scripts/versions-alpha.mk | 8 +- build-scripts/versions.mk | 8 +- build-scripts/windows.mk | 2 +- changelog.linux-2.4 | 319 +++++++++++++++++ changelog.linux-2.5 | 592 ++++++++++++++++++++++++++++++++ changelog.osx-2.4 | 299 ++++++++++++++++ changelog.osx-2.5 | 561 ++++++++++++++++++++++++++++++ changelog.windows-2.4 | 297 ++++++++++++++++ changelog.windows-2.5 | 557 ++++++++++++++++++++++++++++++ 21 files changed, 2733 insertions(+), 29 deletions(-)

1 0

[torbrowser/master] bump all versions of stable and alpha (0.2.5.1-alpha) TBBs
by erinn＠torproject.org 14 Dec '13

14 Dec '13

commit fb7238f449bd8e990222ba8e8a693b4d12ee7e67 Author: Erinn Clark <erinn(a)torproject.org> Date: Sat Dec 14 16:45:06 2013 -0200 bump all versions of stable and alpha (0.2.5.1-alpha) TBBs --- README.LINUX-2.4 | 6 +- README.LINUX-2.5 | 29 ++ README.OSX-2.4 | 6 +- README.OSX-2.5 | 23 ++ README.WIN-2.4 | 6 +- README.WIN-2.5 | 27 ++ build-scripts/config/Info.plist | 6 +- build-scripts/config/Info.plist-stable | 6 +- build-scripts/edit-changelog.sh | 4 +- build-scripts/linux-alpha.mk | 2 +- build-scripts/linux.mk | 2 +- build-scripts/osx.mk | 2 +- build-scripts/versions-alpha.mk | 8 +- build-scripts/versions.mk | 8 +- build-scripts/windows.mk | 2 +- changelog.linux-2.4 | 319 +++++++++++++++++ changelog.linux-2.5 | 592 ++++++++++++++++++++++++++++++++ changelog.osx-2.4 | 299 ++++++++++++++++ changelog.osx-2.5 | 561 ++++++++++++++++++++++++++++++ changelog.windows-2.4 | 297 ++++++++++++++++ changelog.windows-2.5 | 557 ++++++++++++++++++++++++++++++ 21 files changed, 2733 insertions(+), 29 deletions(-) diff --git a/README.LINUX-2.4 b/README.LINUX-2.4 index e03ab99..97ae4d9 100644 --- a/README.LINUX-2.4 +++ b/README.LINUX-2.4 @@ -5,11 +5,11 @@ Included applications --------------------- Vidalia 0.2.21 (with Qt 4.8.1) -Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) +Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) Firefox 17.0.11esr \_ Torbutton 1.5.2 - |_ NoScript 2.6.8.5 - |_ HTTPS-Everywhere 3.4.2 + |_ NoScript 2.6.8.7 + |_ HTTPS-Everywhere 3.4.3 Usage ----- diff --git a/README.LINUX-2.5 b/README.LINUX-2.5 new file mode 100644 index 0000000..a21f5be --- /dev/null +++ b/README.LINUX-2.5 @@ -0,0 +1,29 @@ +Tor Browser Bundle for GNU/Linux (beta) +=============== + +Included applications +--------------------- + +Vidalia 0.2.21 (with Qt 4.8.1) +Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) +Firefox 17.0.11esr + \_ Torbutton 1.5.2 + |_ NoScript 2.6.8.7 + |_ HTTPS-Everywhere 3.4.3 + +Usage +----- + +Extract the bundle with: + +tar -xvzf tor-browser-gnu-linux*.tar.gz + +This will create a directory named tor-browser_LANG. Click on this directory or +cd into it and execute the 'start-tor-browser' script. This will start Vidalia. +Once Tor has successfully opened a circuit, Firefox will automatically be +opened. + +To exit, close Firefox. Vidalia will automatically clean up and exit. + +For more information about bugfixes and other package changes, see the +changelog in tor-browser_LANG/Docs/changelog. diff --git a/README.OSX-2.4 b/README.OSX-2.4 index 52ba0f0..6eed409 100644 --- a/README.OSX-2.4 +++ b/README.OSX-2.4 @@ -5,11 +5,11 @@ Included applications --------------------- Vidalia 0.2.21 (with Qt 4.8.1) -Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) +Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) Firefox 17.0.11esr \_ Torbutton 1.5.2 - |_ NoScript 2.6.8.5 - |_ HTTPS-Everywhere 3.4.2 + |_ NoScript 2.6.8.7 + |_ HTTPS-Everywhere 3.4.3 Usage ----- diff --git a/README.OSX-2.5 b/README.OSX-2.5 new file mode 100644 index 0000000..3f073ac --- /dev/null +++ b/README.OSX-2.5 @@ -0,0 +1,23 @@ +Tor Browser Bundle for Mac OS X (beta) +=============== + +Included applications +--------------------- + +Vidalia 0.2.21 (with Qt 4.8.1) +Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) +Firefox 17.0.11esr + \_ Torbutton 1.5.2 + |_ NoScript 2.6.8.7 + |_ HTTPS-Everywhere 3.4.3 + +Usage +----- + +Unzip the TorBrowser zip file that you downloaded. Click on the +TorBrowser_LANG.app which will launch Vidalia and then Firefox. + +To exit, close Firefox and Vidalia. + +For more information about bugfixes and other package changes, see the +changelog in TorBrowser_LANG.app/Contents/Resources/changelog. diff --git a/README.WIN-2.4 b/README.WIN-2.4 index 51925e9..a0aff79 100644 --- a/README.WIN-2.4 +++ b/README.WIN-2.4 @@ -5,11 +5,11 @@ Included applications --------------------- Vidalia 0.2.21 (with Qt 4.8.1) -Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) +Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) Firefox 17.0.11esr \_ Torbutton 1.5.2 - |_ NoScript 2.6.8.5 - |_ HTTPS-Everywhere 3.4.2 + |_ NoScript 2.6.8.7 + |_ HTTPS-Everywhere 3.4.3 Usage ----- diff --git a/README.WIN-2.5 b/README.WIN-2.5 new file mode 100644 index 0000000..17c9b03 --- /dev/null +++ b/README.WIN-2.5 @@ -0,0 +1,27 @@ +Tor Browser Bundle for Windows (beta) +=============== + +Included applications +--------------------- + +Vidalia 0.2.21 (with Qt 4.8.1) +Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) +Firefox 17.0.11esr + \_ Torbutton 1.5.2 + |_ NoScript 2.6.8.7 + |_ HTTPS-Everywhere 3.4.3 + +Usage +----- + +Tor Browser.exe is a 7zip self extracting archive. To extract the bundle, run +this and point it to the install location. It will create a folder called "Tor +Browser". This may be the hard disk, but is more likely the currently mounted +USB drive. The install process needs only be performed once. + +Once the bundle is extracted, open the newly created folder and click +"Start Tor Browser.bat" (may appear as simply "Start Tor Browser"). +This will start Vidalia. Once Tor has successfully opened a circuit, +Firefox will automatically be opened. + +To exit, close Firefox. Vidalia will automatically clean up and exit. diff --git a/build-scripts/config/Info.plist b/build-scripts/config/Info.plist index 8b626a7..4870df7 100644 --- a/build-scripts/config/Info.plist +++ b/build-scripts/config/Info.plist @@ -9,7 +9,7 @@ <key>CFBundleExecutable</key> <string>TorBrowserBundle</string> <key>CFBundleGetInfoString</key> - <string>Tor Browser Bundle 2.4.18-rc-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string> + <string>Tor Browser Bundle 2.5.1-alpha-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string> <key>CFBundleIconFile</key> <string>vidalia.icns</string> <key>CFBundleIdentifier</key> @@ -21,7 +21,7 @@ <key>CFBundlePackageType</key> <string>APPL</string> <key>CFBundleShortVersionString</key> - <string>2.4.18-rc-1</string> + <string>2.5.1-alpha-1</string> <key>CFBundleSignature</key> <string>????</string> <key>LSEnvironment</key> @@ -35,7 +35,7 @@ <key>NSAppleScriptEnabled</key> <false/> <key>NSHumanReadableCopyright</key> - <string>Tor Browser Bundle 2.4.18-rc-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string> + <string>Tor Browser Bundle 2.5.1-alpha-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string> <key>NSMainNibFile</key> <string>MainMenu</string> <key>NSPrincipalClass</key> diff --git a/build-scripts/config/Info.plist-stable b/build-scripts/config/Info.plist-stable index f1648cf..0e50fc0 100644 --- a/build-scripts/config/Info.plist-stable +++ b/build-scripts/config/Info.plist-stable @@ -9,7 +9,7 @@ <key>CFBundleExecutable</key> <string>TorBrowserBundle</string> <key>CFBundleGetInfoString</key> - <string>Tor Browser Bundle 2.3.25-15 Copyright 2010, 2011, 2012, 2013 The Tor Project</string> + <string>Tor Browser Bundle 2.4.19-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string> <key>CFBundleIconFile</key> <string>vidalia.icns</string> <key>CFBundleIdentifier</key> @@ -21,7 +21,7 @@ <key>CFBundlePackageType</key> <string>APPL</string> <key>CFBundleShortVersionString</key> - <string>2.3.25-15</string> + <string>2.4.19-1</string> <key>CFBundleSignature</key> <string>????</string> <key>LSEnvironment</key> @@ -35,7 +35,7 @@ <key>NSAppleScriptEnabled</key> <false/> <key>NSHumanReadableCopyright</key> - <string>Tor Browser Bundle 2.3.25-15 Copyright 2010, 2011, 2012, 2013 The Tor Project</string> + <string>Tor Browser Bundle 2.4.19-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string> <key>NSMainNibFile</key> <string>MainMenu</string> <key>NSPrincipalClass</key> diff --git a/build-scripts/edit-changelog.sh b/build-scripts/edit-changelog.sh index 4369d33..b8bded4 100755 --- a/build-scripts/edit-changelog.sh +++ b/build-scripts/edit-changelog.sh @@ -23,6 +23,6 @@ Tor Browser Bundle ($VERSION); suite=$1 EOF -mv ../changelog.$1-2.3 ../changelog.$1-2.3-old -cat ../tmp.changelog.$1 ../changelog.$1-2.3-old >> ../changelog.$1-2.3 +mv ../changelog.$1-2.4 ../changelog.$1-2.4-old +cat ../tmp.changelog.$1 ../changelog.$1-2.4-old >> ../changelog.$1-2.4 diff --git a/build-scripts/linux-alpha.mk b/build-scripts/linux-alpha.mk index 349d512..3f831dd 100644 --- a/build-scripts/linux-alpha.mk +++ b/build-scripts/linux-alpha.mk @@ -15,7 +15,7 @@ ## Architecture ARCH_TYPE=$(shell uname -m) -BUILD_NUM=2 +BUILD_NUM=1 PLATFORM=Linux ## Build machine specific settings diff --git a/build-scripts/linux.mk b/build-scripts/linux.mk index 9edc7ac..300357f 100644 --- a/build-scripts/linux.mk +++ b/build-scripts/linux.mk @@ -15,7 +15,7 @@ ## Architecture ARCH_TYPE=$(shell uname -m) -BUILD_NUM=16 +BUILD_NUM=1 PLATFORM=Linux ## Build machine specific settings diff --git a/build-scripts/osx.mk b/build-scripts/osx.mk index 349e908..4246dc3 100644 --- a/build-scripts/osx.mk +++ b/build-scripts/osx.mk @@ -15,7 +15,7 @@ ## Architecture ARCH_TYPE=x86_64 -BUILD_NUM=15 +BUILD_NUM=1 PLATFORM=MacOS ## Set OSX-specific backwards compatibility options diff --git a/build-scripts/versions-alpha.mk b/build-scripts/versions-alpha.mk index 0410f41..bc27020 100644 --- a/build-scripts/versions-alpha.mk +++ b/build-scripts/versions-alpha.mk @@ -1,6 +1,6 @@ #!/usr/bin/make -RELEASE_VER=2.4.18-rc +RELEASE_VER=2.5.1-alpha ZLIB_VER=1.2.8 OPENSSL_VER=1.0.0k @@ -8,13 +8,13 @@ LIBPNG_VER=1.6.6 QT_VER=4.8.1 VIDALIA_VER=0.2.21 LIBEVENT_VER=2.0.21-stable -TOR_VER=0.2.4.18-rc +TOR_VER=0.2.5.1-alpha PIDGIN_VER=2.6.4 FIREFOX_VER=17.0.11esr MOZBUILD_VER=1.5.1 TORBUTTON_VER=1.5.2 -NOSCRIPT_VER=2.6.8.5 -HTTPSEVERYWHERE_VER=3.4.2 +NOSCRIPT_VER=2.6.8.7 +HTTPSEVERYWHERE_VER=3.4.3 PDFJS_VER=0.8.298 OBFSPROXY_VER=0.1.4 OTR_VER=3.2.0 diff --git a/build-scripts/versions.mk b/build-scripts/versions.mk index 77275b8..2c2add0 100644 --- a/build-scripts/versions.mk +++ b/build-scripts/versions.mk @@ -1,6 +1,6 @@ #!/usr/bin/make -RELEASE_VER=2.3.25 +RELEASE_VER=2.4.19 ZLIB_VER=1.2.8 OPENSSL_VER=1.0.0k @@ -8,13 +8,13 @@ LIBPNG_VER=1.6.6 QT_VER=4.8.1 VIDALIA_VER=0.2.21 LIBEVENT_VER=2.0.21-stable -TOR_VER=0.2.3.25 +TOR_VER=0.2.4.19 PIDGIN_VER=2.6.4 FIREFOX_VER=17.0.11esr MOZBUILD_VER=1.5.1 TORBUTTON_VER=1.5.2 -NOSCRIPT_VER=2.6.8.5 -HTTPSEVERYWHERE_VER=3.4.2 +NOSCRIPT_VER=2.6.8.7 +HTTPSEVERYWHERE_VER=3.4.3 OTR_VER=3.2.0 OBFSPROXY_VER=0.1.4 diff --git a/build-scripts/windows.mk b/build-scripts/windows.mk index f0174b3..9b4a557 100644 --- a/build-scripts/windows.mk +++ b/build-scripts/windows.mk @@ -13,7 +13,7 @@ ### Configuration ### ##################### -BUILD_NUM=15 +BUILD_NUM=1 PLATFORM=Windows ## Location of required libraries diff --git a/changelog.linux-2.4 b/changelog.linux-2.4 index f3623e4..77b27f7 100644 --- a/changelog.linux-2.4 +++ b/changelog.linux-2.4 @@ -1,3 +1,12 @@ +Tor Browser Bundle (2.4.19-1); suite=linux + + * New stable release + * Update Tor to 0.2.4.19 + * Update NoScript to 2.6.8.7 + * Update HTTPS Everywhere to 3.4.3 + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:26 BRST 2013 + Tor Browser Bundle (2.4.18-rc-2); suite=linux * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will @@ -271,3 +280,313 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=linux -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:21 GMT 2012 +Tor Browser Bundle (2.3.25-16); suite=linux + + * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will + stop crashing (closes: #10195) + + -- Erinn Clark <erinn(a)torproject.org> Wed Nov 20 17:46:24 BRST 2013 + +Tor Browser Bundle (2.3.25-15); suite=linux + + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + + -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:05 BRST 2013 + +Tor Browser Bundle (2.3.25-14); suite=linux + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update LibPNG to 1.6.6 + * Update NoScript to 2.6.8.4 + * Update HTTPS-Everywhere to 3.4.2 + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.3.25-13); suite=linux + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.4.1 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.3.25-12); suite=linux + + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:21 CEST 2013 + +Tor Browser Bundle (2.3.25-11); suite=linux + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.3.1 + * Update NoScript to 2.6.7 + * Update LibPNG to 1.6.3 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.3.25-10); suite=linux + + * Update Firefox to 17.0.7esr + * Update zlib to 1.2.8 + * Update libpng 1.5.16 + * Update NoScript 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.3.25-9); suite=linux + + * Rebuild 64-bit bundles with Firefox optimizations disabled in order to + prevent browser crashes. (closes: #8970) + * Update HTTPS Everywhere to 3.2.2 + * Update NoScript to 2.6.6.2 + + -- Erinn Clark <erinn(a)torproject.org> Wed Jun 12 18:42:24 BRT 2013 + +Tor Browser Bundle (2.3.25-8); suite=linux + + * Update Firefox to 17.0.6esr + * Update HTTPS Everywhere to 3.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:55 BRT 2013 + +Tor Browser Bundle (2.3.25-7); suite=linux + + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + + -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:56:58 BRT 2013 + +Tor Browser Bundle (2.3.25-6); suite=linux + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:16 EDT 2013 + +Tor Browser Bundle (2.3.25-5); suite=linux + + * Update Firefox to 17.0.4esr + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 3.1.4 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:43 CET 2013 + +Tor Browser Bundle (2.3.25-4); suite=linux + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:24 CET 2013 + +Tor Browser Bundle (2.3.25-3); suite=linux + + * Update OpenSSL to 1.0.1d + * Update HTTPS Everywhere to 3.1.3 + * Update NoScript to 2.6.4.4 + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:43 CET 2013 + +Tor Browser Bundle (2.3.25-2); suite=linux + + * Update Firefox to 10.0.12esr + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 3.1.2 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:05 CET 2013 + +Tor Browser Bundle (2.3.25-1); suite=linux + + * Update Tor to 0.2.3.25-rc + * Update Firefox 10.0.11esr + * Update Vidalia to 0.2.21 + * Update NoScript to 2.6.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012 + +Tor Browser Bundle (2.3.24-alpha-1); suite=linux + + * Update Tor to 0.2.3.24-rc + * Update Firefox to 10.0.10esr + * Update NoScript to 2.5.9 + * Update HTTPS Everywhere to 4.0development.2 + + -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:59 BST 2012 + +Tor Browser Bundle (2.3.23-alpha-1); suite=linux + + * Update Tor to 0.2.3.23-rc + * Update Firefox to 10.0.9esr + * Update HTTPS Everywhere to 4.0development.1 + * Update NoScript to 2.5.8 + * Re-enable automatic Control and SOCKS port selection on Linux and OSX + * Update libpng to 1.5.13 + + -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:09 BST 2012 + +Tor Browser Bundle (2.3.22-alpha-1); suite=linux + + * Update Tor to 0.2.3.22-rc + * Temporarily use fixed Control and SOCKS ports as a workaround for #6803 + + -- Erinn Clark <erinn(a)torproject.org> Wed Sep 12 14:02:57 BST 2012 + +Tor Browser Bundle (2.3.21-alpha-1); suite=linux + + * Update Tor to 0.2.3.21-rc + * Update Firefox to 15.0.1 + * Update Libevent to 2.0.20-stable + * Update Torbutton to 1.4.6.1 + * Update HTTPS Everywhere to 3.0development.6 + * Update NoScript to 2.5.4 + + -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:38 BST 2012 + +Tor Browser Bundle (2.3.20-alpha-1); suite=linux + + * Update Tor to 0.2.3.20-rc + * Update libpng to 1.5.12 + * Update NoScript to 2.5 + * Change the urlbar search engine to Startpage (closes: #5925) + * Firefox patch updates: + - Fix the Tor Browser SIGFPE crash bug (closes: #6492) + - Add a redirect API for HTTPS-Everywhere (closes: #5477) + - Enable WebGL (as click-to-play only) (closes: #6370) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:30 BST 2012 + +Tor Browser Bundle (2.3.19-alpha-1); suite=linux + + * Update Tor to 0.2.3.19-rc + * Update Firefox to 14.0.1 + * Update libevent to 2.0.19-stable + * Update OpenSSL to 1.0.1c + * Update zlib to 1.2.7 + * Update Torbutton to 1.4.6 + * Update NoScript to 2.4.9 + * Update HTTPS Everywhere to 3.0development.5 + * Downgrade Vidalia to 0.2.20 + * Update libpng to 1.5.12 + + -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:37 BST 2012 + +Tor Browser Bundle (2.3.12-alpha-2); suite=linux + + * Update Firefox to 11.0 + * Update NoScript to 2.3.4 + * Update HTTPS Everywhere to 3.0development.1 + * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300) + * Always build to with warnings enabled (closes: #4470) + * Don't attempt to load the default KDE 4 theme from Vidalia, because that + fails when the Qt versions don't match (closes: #5214) + + -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012 + +Tor Browser Bundle (2.3.12-alpha-1); suite=linux + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012 diff --git a/changelog.linux-2.5 b/changelog.linux-2.5 new file mode 100644 index 0000000..154d69f --- /dev/null +++ b/changelog.linux-2.5 @@ -0,0 +1,592 @@ +Tor Browser Bundle (2.5.1-alpha-1); suite=linux + + * New alpha release + * Update Tor to 0.2.5.1-alpha + * Update NoScript to 2.6.8.7 + * Update HTTPS Everywhere to 3.4.3 + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:44 BRST 2013 + +Tor Browser Bundle (2.4.18-rc-2); suite=linux + + * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will + stop crashing (closes: #10195) + + -- Erinn Clark <erinn(a)torproject.org> Wed Nov 20 17:46:24 BRST 2013 + +Tor Browser Bundle (2.4.18-rc-1); suite=linux + + * Update Tor to 0.2.4.18-rc + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + * Remove PDF.js since it is no longer supported in Firefox 17 + + -- Erinn Clark <erinn(a)torproject.org> Sun Nov 17 16:41:32 BRST 2013 + +Tor Browser Bundle (2.4.17-rc-1); suite=linux + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update LibPNG to 1.6.6 + * Update NoScript to 2.6.8.4 + * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this + becoming the stable bundle + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.4.17-beta-2); suite=linux + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update LibPNG to 1.6.3 + * Update HTTPS Everywhere to 4.0development.12 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + * Add missing geoip file + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.4.17-beta-1); suite=linux + + * Update Tor to 0.2.4.17-rc + * Update NoScript to 2.6.7.1 + * Update HTTPS Everywhere to 4.0development.11 + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 5 14:26:06 CEST 2013 + +Tor Browser Bundle (2.4.16-beta-1); suite=linux + + * Update Tor to 0.2.4.16-rc + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:39 CEST 2013 + +Tor Browser Bundle (2.4.15-beta-2); suite=linux + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * HTTPS Everywhere to 4.0development.9 + * Update PDF.js to 0.8.298 + * Update NoScript to 2.6.6.9 + * Update LibPNG to 1.6.3 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.4.15-beta-1); suite=linux + + * Update Tor to 0.2.4.15-rc + * Update NoScript to 2.6.6.7 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jul 7 18:38:52 BRT 2013 + +Tor Browser Bundle (2.4.14-alpha-1); suite=linux + + * Update Tor to 0.2.4.14-alpha + * Update Firefox 17.0.7esr + * Update zlib to 1.2.8 + * Update libpng to 1.5.16 + * Update HTTPS Everywhere to 4.0development.8 + * Update NoScript to 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.4.12-alpha-2); suite=linux + + * Update Firefox to 17.0.6esr + * Update NoScript to 2.6.6.1 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:06:23 BRT 2013 + +Tor Browser Bundle (2.4.12-alpha-1); suite=linux + + * Update Tor to 0.2.4.12-alpha + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6 + * Update PDF.js to 0.8.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + + -- Erinn Clark <erinn(a)torproject.org> Thu Apr 25 21:15:37 BRT 2013 + +Tor Browser Bundle (2.4.11-alpha-2); suite=linux + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:37 EDT 2013 + +Tor Browser Bundle (2.4.10-alpha-3); suite=linux + + * Update Firefox to 17.0.4esr + * Update Tor to 0.2.4.11-alpha + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 4.0development.6 + * Update PDF.js to 0.7.236 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Tue Mar 12 12:06:00 CET 2013 + +Tor Browser Bundle (2.4.10-alpha-2); suite=linux + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:47 CET 2013 + +Tor Browser Bundle (2.4.10-alpha-1); suite=linux + + * Update Tor to 0.2.4.10-alpha + * Update OpenSSL to 1.0.1d + * Update NoScript to 2.6.4.4 + * Add PDF Viewer (PDF.js) to README + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:13:28 CET 2013 + +Tor Browser Bundle (2.4.9-alpha-1); suite=linux + + * Update Firefox to 17.0.2esr + * Update Tor to 0.2.4.9-alpha + * Update Torbutton to 1.5.0pre-alpha + * Update NoScript to 2.6.4.3 + * Update HTTPS-Everywhere to 4.0development.5 + * Add Mozilla's PDF.js extension to give people the ability to read PDFs in + TBB + * Prevent TBB from trying to access the X session manager (closes: #5261) + * Firefox patch changes: + - Isolate image cache to url bar domain (closes: #5742 and #6539) + - Enable DOM storage and isolate it to url bar domain (closes: #6564) + - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477) + * Misc preference changes: + - Disable DOM performance timers (dom.enable_performance) (closes: #6204) + - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656) + - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210) + - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937) + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 25 15:31:35 CET 2013 + +Tor Browser Bundle (2.4.7-alpha-1); suite=linux + + * Update Firefox to 10.0.12esr + * Update Tor to 0.2.4.7-alpha + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 4.0development.4 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:55:05 CET 2013 + +Tor Browser Bundle (2.4.6-alpha-2); suite=linux + + * Update Makefiles to use the right changelogs and READMEs + + -- Erinn Clark <erinn(a)torproject.org> Mon Dec 3 16:13:47 GMT 2012 + +Tor Browser Bundle (2.4.6-alpha-1); suite=linux + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:21 GMT 2012 + +Tor Browser Bundle (2.3.25-16); suite=linux + + * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will + stop crashing (closes: #10195) + + -- Erinn Clark <erinn(a)torproject.org> Wed Nov 20 17:46:24 BRST 2013 + +Tor Browser Bundle (2.3.25-15); suite=linux + + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + + -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:05 BRST 2013 + +Tor Browser Bundle (2.3.25-14); suite=linux + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update LibPNG to 1.6.6 + * Update NoScript to 2.6.8.4 + * Update HTTPS-Everywhere to 3.4.2 + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.3.25-13); suite=linux + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.4.1 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.3.25-12); suite=linux + + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:21 CEST 2013 + +Tor Browser Bundle (2.3.25-11); suite=linux + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.3.1 + * Update NoScript to 2.6.7 + * Update LibPNG to 1.6.3 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.3.25-10); suite=linux + + * Update Firefox to 17.0.7esr + * Update zlib to 1.2.8 + * Update libpng 1.5.16 + * Update NoScript 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.3.25-9); suite=linux + + * Rebuild 64-bit bundles with Firefox optimizations disabled in order to + prevent browser crashes. (closes: #8970) + * Update HTTPS Everywhere to 3.2.2 + * Update NoScript to 2.6.6.2 + + -- Erinn Clark <erinn(a)torproject.org> Wed Jun 12 18:42:24 BRT 2013 + +Tor Browser Bundle (2.3.25-8); suite=linux + + * Update Firefox to 17.0.6esr + * Update HTTPS Everywhere to 3.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:55 BRT 2013 + +Tor Browser Bundle (2.3.25-7); suite=linux + + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + + -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:56:58 BRT 2013 + +Tor Browser Bundle (2.3.25-6); suite=linux + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:16 EDT 2013 + +Tor Browser Bundle (2.3.25-5); suite=linux + + * Update Firefox to 17.0.4esr + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 3.1.4 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:43 CET 2013 + +Tor Browser Bundle (2.3.25-4); suite=linux + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:24 CET 2013 + +Tor Browser Bundle (2.3.25-3); suite=linux + + * Update OpenSSL to 1.0.1d + * Update HTTPS Everywhere to 3.1.3 + * Update NoScript to 2.6.4.4 + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:43 CET 2013 + +Tor Browser Bundle (2.3.25-2); suite=linux + + * Update Firefox to 10.0.12esr + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 3.1.2 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:05 CET 2013 + +Tor Browser Bundle (2.3.25-1); suite=linux + + * Update Tor to 0.2.3.25-rc + * Update Firefox 10.0.11esr + * Update Vidalia to 0.2.21 + * Update NoScript to 2.6.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012 + +Tor Browser Bundle (2.3.24-alpha-1); suite=linux + + * Update Tor to 0.2.3.24-rc + * Update Firefox to 10.0.10esr + * Update NoScript to 2.5.9 + * Update HTTPS Everywhere to 4.0development.2 + + -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:59 BST 2012 + +Tor Browser Bundle (2.3.23-alpha-1); suite=linux + + * Update Tor to 0.2.3.23-rc + * Update Firefox to 10.0.9esr + * Update HTTPS Everywhere to 4.0development.1 + * Update NoScript to 2.5.8 + * Re-enable automatic Control and SOCKS port selection on Linux and OSX + * Update libpng to 1.5.13 + + -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:09 BST 2012 + +Tor Browser Bundle (2.3.22-alpha-1); suite=linux + + * Update Tor to 0.2.3.22-rc + * Temporarily use fixed Control and SOCKS ports as a workaround for #6803 + + -- Erinn Clark <erinn(a)torproject.org> Wed Sep 12 14:02:57 BST 2012 + +Tor Browser Bundle (2.3.21-alpha-1); suite=linux + + * Update Tor to 0.2.3.21-rc + * Update Firefox to 15.0.1 + * Update Libevent to 2.0.20-stable + * Update Torbutton to 1.4.6.1 + * Update HTTPS Everywhere to 3.0development.6 + * Update NoScript to 2.5.4 + + -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:38 BST 2012 + +Tor Browser Bundle (2.3.20-alpha-1); suite=linux + + * Update Tor to 0.2.3.20-rc + * Update libpng to 1.5.12 + * Update NoScript to 2.5 + * Change the urlbar search engine to Startpage (closes: #5925) + * Firefox patch updates: + - Fix the Tor Browser SIGFPE crash bug (closes: #6492) + - Add a redirect API for HTTPS-Everywhere (closes: #5477) + - Enable WebGL (as click-to-play only) (closes: #6370) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:30 BST 2012 + +Tor Browser Bundle (2.3.19-alpha-1); suite=linux + + * Update Tor to 0.2.3.19-rc + * Update Firefox to 14.0.1 + * Update libevent to 2.0.19-stable + * Update OpenSSL to 1.0.1c + * Update zlib to 1.2.7 + * Update Torbutton to 1.4.6 + * Update NoScript to 2.4.9 + * Update HTTPS Everywhere to 3.0development.5 + * Downgrade Vidalia to 0.2.20 + * Update libpng to 1.5.12 + + -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:37 BST 2012 + +Tor Browser Bundle (2.3.12-alpha-2); suite=linux + + * Update Firefox to 11.0 + * Update NoScript to 2.3.4 + * Update HTTPS Everywhere to 3.0development.1 + * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300) + * Always build to with warnings enabled (closes: #4470) + * Don't attempt to load the default KDE 4 theme from Vidalia, because that + fails when the Qt versions don't match (closes: #5214) + + -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012 + +Tor Browser Bundle (2.3.12-alpha-1); suite=linux + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012 diff --git a/changelog.osx-2.4 b/changelog.osx-2.4 index d8c0b4a..6fcd6d2 100644 --- a/changelog.osx-2.4 +++ b/changelog.osx-2.4 @@ -1,3 +1,12 @@ +Tor Browser Bundle (2.4.19-1); suite=osx + + * New stable release + * Update Tor to 0.2.4.19 + * Update NoScript to 2.6.8.7 + * Update HTTPS Everywhere to 3.4.3 + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:22 BRST 2013 + Tor Browser Bundle (2.4.18-rc-1); suite=linux * Update Tor to 0.2.4.18-rc @@ -260,3 +269,293 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=osx * Initial release -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:11 GMT 2012 +Tor Browser Bundle (2.3.25-15); suite=osx + + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield. + (closes: #10092) + + -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:00 BRST 2013 + +Tor Browser Bundle (2.3.25-14); suite=osx + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update NoScript to 2.6.8.4 + * Update HTTPS-Everywhere to 3.4.2 + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.3.25-13); suite=osx + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.4.1 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.3.25-12); suite=osx + + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:19 CEST 2013 + +Tor Browser Bundle (2.3.25-11); suite=osx + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.3.1 + * Update NoScript to 2.6.6.9 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.3.25-10); suite=osx + + * Update Firefox to 17.0.7esr + * Update zlib to 1.2.8 + * Update HTTPS Everywhere to 3.2.2 + * Update NoScript to 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.3.25-8); suite=osx + + * Update Firefox to 17.0.6esr + * Update HTTPS Everywhere to 3.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:50 BRT 2013 + +Tor Browser Bundle (2.3.25-7); suite=osx + + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + + -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:56:56 BRT 2013 + +Tor Browser Bundle (2.3.25-6); suite=osx + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:11 EDT 2013 + +Tor Browser Bundle (2.3.25-5); suite=osx + + * Update Firefox to 17.0.4esr + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 3.1.4 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:38 CET 2013 + +Tor Browser Bundle (2.3.25-4); suite=osx + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:21 CET 2013 + +Tor Browser Bundle (2.3.25-3); suite=osx + + * Update OpenSSL to 1.0.1d + * Update HTTPS Everywhere to 3.1.3 + * Update NoScript to 2.6.4.4 + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:39 CET 2013 + +Tor Browser Bundle (2.3.25-2); suite=osx + + * Update Firefox to 10.0.12esr + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 3.1.2 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:03 CET 2013 + +Tor Browser Bundle (2.3.25-1); suite=osx + + * Update Tor to 0.2.3.25 + * Update Firefox 10.0.11esr + * Update Vidalia to 0.2.21 + * Update NoScript to 2.6.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012 + +Tor Browser Bundle (2.3.24-alpha-1); suite=osx + + * Update Tor to 0.2.3.24-rc + * Update Firefox to 10.0.10esr + * Update NoScript to 2.5.9 + * Update HTTPS Everywhere to 4.0development.2 + + -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:55 BST 2012 + +Tor Browser Bundle (2.3.23-alpha-1); suite=osx + + * Update Tor to 0.2.3.23-rc + * Update Firefox to 10.0.9esr + * Update HTTPS Everywhere to 4.0development.1 + * Update NoScript to 2.5.8 + * Re-enable automatic Control and SOCKS port selection on Linux and OSX + + -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:03 BST 2012 + +Tor Browser Bundle (2.3.22-alpha-1); suite=osx + + * Update Tor to 0.2.3.22-rc + * Temporarily use fixed Control and SOCKS ports as a workaround for #6803 + + -- Erinn Clark <erinn(a)torproject.org> Wed Sep 12 14:02:57 BST 2012 + +Tor Browser Bundle (2.3.21-alpha-1); suite=osx + + * Update Tor to 0.2.3.21-rc + * Update Firefox to 15.0.1 + * Update Libevent to 2.0.20-stable + * Update Torbutton to 1.4.6.1 + * Update HTTPS Everywhere to 3.0development.6 + * Update NoScript to 2.5.4 + + -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:33 BST 2012 + +Tor Browser Bundle (2.3.20-alpha-1); suite=osx + + * Update Tor to 0.2.3.20-rc + * Update NoScript to 2.5 + * Change the urlbar search engine to Startpage (closes: #5925) + * Firefox patch updates: + - Fix the Tor Browser SIGFPE crash bug (closes: #6492) + - Add a redirect API for HTTPS-Everywhere (closes: #5477) + - Enable WebGL (as click-to-play only) (closes: #6370) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:27 BST 2012 + +Tor Browser Bundle (2.3.19-alpha-1); suite=osx + + * Update Tor to 0.2.3.19-rc + * Update Firefox to 14.0.1 + * Update libevent to 2.0.19-stable + * Update OpenSSL to 1.0.1c + * Update zlib to 1.2.7 + * Update Torbutton to 1.4.6 + * Update NoScript to 2.4.9 + * Update HTTPS Everywhere to 3.0development.5 + * Downgrade Vidalia to 0.2.20 + + -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:26 BST 2012 + +Tor Browser Bundle (2.3.12-alpha-2); suite=osx + + * Update Firefox to 11.0 + * Update NoScript to 2.3.4 + * Update HTTPS Everywhere to 3.0development.1 + * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300) + * Always build to with warnings enabled (closes: #4470) + * Give OS X users below 10.5 an incompatibility message (closes: #4356) + + -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012 + +Tor Browser Bundle (2.3.12-alpha-1); suite=osx + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012 diff --git a/changelog.osx-2.5 b/changelog.osx-2.5 new file mode 100644 index 0000000..83de71c --- /dev/null +++ b/changelog.osx-2.5 @@ -0,0 +1,561 @@ +Tor Browser Bundle (2.5.1-alpha-1); suite=osx + + * New alpha release + * Update Tor to 0.2.5.1-alpha + * Update NoScript to 2.6.8.7 + * Update HTTPS Everywhere to 3.4.3 + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:31:01 BRST 2013 + +Tor Browser Bundle (2.4.18-rc-1); suite=linux + + * Update Tor to 0.2.4.18-rc + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + * Remove PDF.js since it is no longer supported in Firefox 17 + * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield. + (closes: #10092) + + -- Erinn Clark <erinn(a)torproject.org> Sun Nov 17 16:41:32 BRST 2013 + +Tor Browser Bundle (2.4.17-rc-1); suite=osx + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update NoScript to 2.6.8.4 + * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this + becoming the stable bundle + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.4.17-beta-2); suite=osx + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 4.0development.12 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.4.17-beta-1); suite=osx + + * Update Tor to 0.2.4.17-rc + * Update NoScript to 2.6.7.1 + * Update HTTPS Everywhere to 4.0development.11 + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 5 14:26:04 CEST 2013 + +Tor Browser Bundle (2.4.16-beta-1); suite=osx + + * Update Tor to 0.2.4.16-rc + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:41 CEST 2013 + +Tor Browser Bundle (2.4.15-beta-2); suite=osx + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * HTTPS Everywhere to 4.0development.9 + * Update PDF.js to 0.8.298 + * Update NoScript to 2.6.6.9 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.4.15-beta-1); suite=osx + + * Update Tor to 0.2.4.15-rc + * Update NoScript to 2.6.6.7 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jul 7 18:38:48 BRT 2013 + +Tor Browser Bundle (2.4.14-alpha-1); suite=osx + + * Update Tor to 0.2.4.14-alpha + * Update Firefox 17.0.7esr + * Update zlib to 1.2.8 + * Update libpng to 1.5.16 + * Update HTTPS Everywhere to 4.0development.8 + * Update NoScript to 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.4.12-alpha-2); suite=osx + + * Update Firefox to 17.0.6esr + * Update NoScript to 2.6.6.1 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:06:20 BRT 2013 + +Tor Browser Bundle (2.4.12-alpha-1); suite=osx + + * Update Tor to 0.2.4.12-alpha + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6 + * Update PDF.js to 0.8.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + + -- Erinn Clark <erinn(a)torproject.org> Thu Apr 25 21:15:32 BRT 2013 + +Tor Browser Bundle (2.4.11-alpha-2); suite=osx + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:42 EDT 2013 + +Tor Browser Bundle (2.4.10-alpha-3); suite=osx + + * Update Firefox to 17.0.4esr + * Update Tor to 0.2.4.11-alpha + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 4.0development.6 + * Update PDF.js to 0.7.236 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Tue Mar 12 12:06:00 CET 2013 + +Tor Browser Bundle (2.4.10-alpha-2); suite=osx + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:45 CET 2013 + +Tor Browser Bundle (2.4.10-alpha-1); suite=osx + + * Update Tor to 0.2.4.10-alpha + * Update OpenSSL to 1.0.1d + * Update NoScript to 2.6.4.4 + * Add PDF Viewer (PDF.js) to README + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:13:28 CET 2013 + +Tor Browser Bundle (2.4.9-alpha-1); suite=osx + + * Update Firefox to 17.0.2esr + * Update Tor to 0.2.4.9-alpha + * Update Torbutton to 1.5.0pre-alpha + * Update NoScript to 2.6.4.3 + * Update HTTPS-Everywhere to 4.0development.5 + * Add Mozilla's PDF.js extension to give people the ability to read PDFs in + TBB + * Firefox patch changes: + - Isolate image cache to url bar domain (closes: #5742 and #6539) + - Enable DOM storage and isolate it to url bar domain (closes: #6564) + - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477) + * Misc preference changes: + - Disable DOM performance timers (dom.enable_performance) (closes: #6204) + - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656) + - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210) + - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937) + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 25 15:31:35 CET 2013 + +Tor Browser Bundle (2.4.7-alpha-1); suite=osx + + * Update Firefox to 10.0.12esr + * Update Tor to 0.2.4.7-alpha + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 4.0development.4 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:55:00 CET 2013 + +Tor Browser Bundle (2.4.6-alpha-2); suite=osx + + * Update Makefiles to use the right changelogs and READMEs + + -- Erinn Clark <erinn(a)torproject.org> Mon Dec 3 16:13:43 GMT 2012 + +Tor Browser Bundle (2.4.6-alpha-1); suite=osx + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:11 GMT 2012 +Tor Browser Bundle (2.3.25-15); suite=osx + + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield. + (closes: #10092) + + -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:00 BRST 2013 + +Tor Browser Bundle (2.3.25-14); suite=osx + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update NoScript to 2.6.8.4 + * Update HTTPS-Everywhere to 3.4.2 + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.3.25-13); suite=osx + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.4.1 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.3.25-12); suite=osx + + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:19 CEST 2013 + +Tor Browser Bundle (2.3.25-11); suite=osx + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.3.1 + * Update NoScript to 2.6.6.9 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.3.25-10); suite=osx + + * Update Firefox to 17.0.7esr + * Update zlib to 1.2.8 + * Update HTTPS Everywhere to 3.2.2 + * Update NoScript to 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.3.25-8); suite=osx + + * Update Firefox to 17.0.6esr + * Update HTTPS Everywhere to 3.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:50 BRT 2013 + +Tor Browser Bundle (2.3.25-7); suite=osx + + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + + -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:56:56 BRT 2013 + +Tor Browser Bundle (2.3.25-6); suite=osx + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:11 EDT 2013 + +Tor Browser Bundle (2.3.25-5); suite=osx + + * Update Firefox to 17.0.4esr + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 3.1.4 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:38 CET 2013 + +Tor Browser Bundle (2.3.25-4); suite=osx + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:21 CET 2013 + +Tor Browser Bundle (2.3.25-3); suite=osx + + * Update OpenSSL to 1.0.1d + * Update HTTPS Everywhere to 3.1.3 + * Update NoScript to 2.6.4.4 + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:39 CET 2013 + +Tor Browser Bundle (2.3.25-2); suite=osx + + * Update Firefox to 10.0.12esr + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 3.1.2 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:03 CET 2013 + +Tor Browser Bundle (2.3.25-1); suite=osx + + * Update Tor to 0.2.3.25 + * Update Firefox 10.0.11esr + * Update Vidalia to 0.2.21 + * Update NoScript to 2.6.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012 + +Tor Browser Bundle (2.3.24-alpha-1); suite=osx + + * Update Tor to 0.2.3.24-rc + * Update Firefox to 10.0.10esr + * Update NoScript to 2.5.9 + * Update HTTPS Everywhere to 4.0development.2 + + -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:55 BST 2012 + +Tor Browser Bundle (2.3.23-alpha-1); suite=osx + + * Update Tor to 0.2.3.23-rc + * Update Firefox to 10.0.9esr + * Update HTTPS Everywhere to 4.0development.1 + * Update NoScript to 2.5.8 + * Re-enable automatic Control and SOCKS port selection on Linux and OSX + + -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:03 BST 2012 + +Tor Browser Bundle (2.3.22-alpha-1); suite=osx + + * Update Tor to 0.2.3.22-rc + * Temporarily use fixed Control and SOCKS ports as a workaround for #6803 + + -- Erinn Clark <erinn(a)torproject.org> Wed Sep 12 14:02:57 BST 2012 + +Tor Browser Bundle (2.3.21-alpha-1); suite=osx + + * Update Tor to 0.2.3.21-rc + * Update Firefox to 15.0.1 + * Update Libevent to 2.0.20-stable + * Update Torbutton to 1.4.6.1 + * Update HTTPS Everywhere to 3.0development.6 + * Update NoScript to 2.5.4 + + -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:33 BST 2012 + +Tor Browser Bundle (2.3.20-alpha-1); suite=osx + + * Update Tor to 0.2.3.20-rc + * Update NoScript to 2.5 + * Change the urlbar search engine to Startpage (closes: #5925) + * Firefox patch updates: + - Fix the Tor Browser SIGFPE crash bug (closes: #6492) + - Add a redirect API for HTTPS-Everywhere (closes: #5477) + - Enable WebGL (as click-to-play only) (closes: #6370) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:27 BST 2012 + +Tor Browser Bundle (2.3.19-alpha-1); suite=osx + + * Update Tor to 0.2.3.19-rc + * Update Firefox to 14.0.1 + * Update libevent to 2.0.19-stable + * Update OpenSSL to 1.0.1c + * Update zlib to 1.2.7 + * Update Torbutton to 1.4.6 + * Update NoScript to 2.4.9 + * Update HTTPS Everywhere to 3.0development.5 + * Downgrade Vidalia to 0.2.20 + + -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:26 BST 2012 + +Tor Browser Bundle (2.3.12-alpha-2); suite=osx + + * Update Firefox to 11.0 + * Update NoScript to 2.3.4 + * Update HTTPS Everywhere to 3.0development.1 + * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300) + * Always build to with warnings enabled (closes: #4470) + * Give OS X users below 10.5 an incompatibility message (closes: #4356) + + -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012 + +Tor Browser Bundle (2.3.12-alpha-1); suite=osx + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012 diff --git a/changelog.windows-2.4 b/changelog.windows-2.4 index 8282c4a..15f3bb3 100644 --- a/changelog.windows-2.4 +++ b/changelog.windows-2.4 @@ -1,3 +1,12 @@ +Tor Browser Bundle (2.4.19-1); suite=windows + + * New stable release + * Update Tor to 0.2.4.19 + * Update NoScript to 2.6.8.7 + * Update HTTPS Everywhere to 3.4.3 + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:24 BRST 2013 + Tor Browser Bundle (2.4.18-rc-1); suite=linux * Update Tor to 0.2.4.18-rc @@ -258,3 +267,291 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=windows * Initial release -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:17 GMT 2012 +Tor Browser Bundle (2.3.25-15); suite=windows + + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + + -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:02 BRST 2013 + +Tor Browser Bundle (2.3.25-14); suite=windows + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update NoScript to 2.6.8.4 + * Update HTTPS-Everywhere to 3.4.2 + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.3.25-13); suite=windows + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.4.1 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.3.25-12); suite=windows + + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:23 CEST 2013 + +Tor Browser Bundle (2.3.25-11); suite=windows + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.3.1 + * Update NoScript to 2.6.6.9 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.3.25-10); suite=windows + + * Update Firefox to 17.0.7esr + * Update zlib to 1.2.8 + * Update HTTPS Everywhere to 3.2.2 + * Update NoScript to 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.3.25-8); suite=windows + + * Update Firefox to 17.0.6esr + * Update HTTPS Everywhere to 3.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:52 BRT 2013 + +Tor Browser Bundle (2.3.25-7); suite=windows + + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + - Re-enable --enable-optimize for Windows builds + + -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:57:00 BRT 2013 + +Tor Browser Bundle (2.3.25-6); suite=windows + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:14 EDT 2013 + +Tor Browser Bundle (2.3.25-5); suite=windows + + * Update Firefox to 17.0.4esr + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 3.1.4 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:41 CET 2013 + +Tor Browser Bundle (2.3.25-4); suite=windows + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:26 CET 2013 + +Tor Browser Bundle (2.3.25-3); suite=windows + + * Update OpenSSL to 1.0.1d + * Update HTTPS Everywhere to 3.1.3 + * Update NoScript to 2.6.4.4 + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:41 CET 2013 + +Tor Browser Bundle (2.3.25-2); suite=windows + + * Update Firefox to 10.0.12esr + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 3.1.2 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:07 CET 2013 + +Tor Browser Bundle (2.3.25-1); suite=windows + + * Update Tor to 0.2.3.25 + * Update Firefox 10.0.11esr + * Update Vidalia to 0.2.21 + * Update NoScript to 2.6.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012 + +Tor Browser Bundle (2.3.24-alpha-1); suite=windows + + * Update Tor to 0.2.3.24-rc + * Update Firefox to 10.0.10esr + * Update NoScript to 2.5.9 + * Update HTTPS Everywhere to 4.0development.2 + + -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:57 BST 2012 + +Tor Browser Bundle (2.3.23-alpha-1); suite=windows + + * Update Tor to 0.2.3.23-rc + * Update Firefox to 10.0.9esr + * Update HTTPS Everywhere to 4.0development.1 + * Update NoScript to 2.5.8 + * Re-enable automatic Control and SOCKS port selection on Linux and OSX + + -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:05 BST 2012 + +Tor Browser Bundle (2.3.22-alpha-1); suite=windows + + * Update Tor to 0.2.3.22-rc + + -- Erinn Clark <erinn(a)torproject.org> Tue Sep 11 19:49:08 BST 2012 + +Tor Browser Bundle (2.3.21-alpha-1); suite=windows + + * Update Tor to 0.2.3.21-rc + * Update Firefox to 15.0.1 + * Update Libevent to 2.0.20-stable + * Update Torbutton to 1.4.6.1 + * Update HTTPS Everywhere to 3.0development.6 + * Update NoScript to 2.5.4 + + -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:35 BST 2012 + +Tor Browser Bundle (2.3.20-alpha-1); suite=windows + + * Update Tor to 0.2.3.20-rc + * Update NoScript to 2.5 + * Change the urlbar search engine to Startpage (closes: #5925) + * Firefox patch updates: + - Fix the Tor Browser SIGFPE crash bug (closes: #6492) + - Add a redirect API for HTTPS-Everywhere (closes: #5477) + - Enable WebGL (as click-to-play only) (closes: #6370) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:32 BST 2012 + +Tor Browser Bundle (2.3.19-alpha-1); suite=windows + + * Update Tor to 0.2.3.19-rc + * Update Firefox to 14.0.1 + * Update libevent to 2.0.19-stable + * Update OpenSSL to 1.0.1c + * Update zlib to 1.2.7 + * Update Torbutton to 1.4.6 + * Update NoScript to 2.4.9 + * Update HTTPS Everywhere to 3.0development.5 + * Downgrade Vidalia to 0.2.20 + + -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:41 BST 2012 + +Tor Browser Bundle (2.3.12-alpha-2); suite=windows + + * Update Firefox to 11.0 + * Update NoScript to 2.3.4 + * Update HTTPS Everywhere to 3.0development.1 + * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300) + * Always build to with warnings enabled (closes: #4470) + * Remove tor-resolve from the Windows bundle (closes: #5403) + + -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012 + +Tor Browser Bundle (2.3.12-alpha-1); suite=windows + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012 diff --git a/changelog.windows-2.5 b/changelog.windows-2.5 new file mode 100644 index 0000000..d84e74d --- /dev/null +++ b/changelog.windows-2.5 @@ -0,0 +1,557 @@ +Tor Browser Bundle (2.5.1-alpha-1); suite=windows + + * New alpha release + * Update Tor to 0.2.5.1-alpha + * Update NoScript to 2.6.8.7 + * Update HTTPS Everywhere to 3.4.3 + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:59 BRST 2013 + +Tor Browser Bundle (2.4.18-rc-1); suite=linux + + * Update Tor to 0.2.4.18-rc + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + * Remove PDF.js since it is no longer supported in Firefox 17 + + -- Erinn Clark <erinn(a)torproject.org> Sun Nov 17 16:41:32 BRST 2013 + +Tor Browser Bundle (2.4.17-rc-1); suite=windows + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update NoScript to 2.6.8.4 + * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this + becoming the stable bundle + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.4.17-beta-2); suite=windows + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 4.0development.12 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.4.17-beta-1); suite=windows + + * Update Tor to 0.2.4.17-rc + * Update NoScript to 2.6.7.1 + * Update HTTPS Everywhere to 4.0development.11 + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 5 14:26:09 CEST 2013 + +Tor Browser Bundle (2.4.16-beta-1); suite=windows + + * Update Tor to 0.2.4.16-rc + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:37 CEST 2013 + +Tor Browser Bundle (2.4.15-beta-2); suite=windows + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * HTTPS Everywhere to 4.0development.9 + * Update PDF.js to 0.8.298 + * Update NoScript to 2.6.6.9 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.4.15-beta-1); suite=windows + + * Update Tor to 0.2.4.15-rc + * Update NoScript to 2.6.6.7 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jul 7 18:38:50 BRT 2013 + +Tor Browser Bundle (2.4.14-alpha-1); suite=windows + + * Update Tor to 0.2.4.14-alpha + * Update Firefox 17.0.7esr + * Update zlib to 1.2.8 + * Update libpng to 1.5.16 + * Update HTTPS Everywhere to 4.0development.8 + * Update NoScript to 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.4.12-alpha-2); suite=windows + + * Update Firefox to 17.0.6esr + * Update NoScript to 2.6.6.1 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:06:25 BRT 2013 + +Tor Browser Bundle (2.4.12-alpha-1); suite=windows + + * Update Tor to 0.2.4.12-alpha + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6 + * Update PDF.js to 0.8.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + + -- Erinn Clark <erinn(a)torproject.org> Thu Apr 25 21:15:34 BRT 2013 + +Tor Browser Bundle (2.4.11-alpha-2); suite=windows + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:39 EDT 2013 + +Tor Browser Bundle (2.4.10-alpha-3); suite=windows + + * Update Firefox to 17.0.4esr + * Update Tor to 0.2.4.11-alpha + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 4.0development.6 + * Update PDF.js to 0.7.236 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Tue Mar 12 12:06:00 CET 2013 + +Tor Browser Bundle (2.4.10-alpha-2); suite=windows + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:49 CET 2013 + +Tor Browser Bundle (2.4.10-alpha-1); suite=windows + + * Update Tor to 0.2.4.10-alpha + * Update OpenSSL to 1.0.1d + * Update NoScript to 2.6.4.4 + * Add PDF Viewer (PDF.js) to README + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:13:28 CET 2013 + +Tor Browser Bundle (2.4.9-alpha-test-1); suite=windows + + * Update Firefox to 17.0.2esr + * Update Tor to 0.2.4.9-alpha + * Update Torbutton to 1.5.0pre-alpha + * Update NoScript to 2.6.4.3 + * Update HTTPS-Everywhere to 4.0development.5 + * Add Mozilla's PDF.js extension to give people the ability to read PDFs in + TBB + * Firefox patch changes: + - Isolate image cache to url bar domain (closes: #5742 and #6539) + - Enable DOM storage and isolate it to url bar domain (closes: #6564) + - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477) + * Misc preference changes: + - Disable DOM performance timers (dom.enable_performance) (closes: #6204) + - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656) + - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210) + - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937) + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 25 15:31:35 CET 2013 + +Tor Browser Bundle (2.4.7-alpha-1); suite=windows + + * Update Firefox to 10.0.12esr + * Update Tor to 0.2.4.7-alpha + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 4.0development.4 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:55:02 CET 2013 + +Tor Browser Bundle (2.4.6-alpha-2); suite=windows + + * Update Makefiles to use the right changelogs and READMEs + + -- Erinn Clark <erinn(a)torproject.org> Mon Dec 3 16:13:45 GMT 2012 + +Tor Browser Bundle (2.4.6-alpha-1); suite=windows + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:17 GMT 2012 +Tor Browser Bundle (2.3.25-15); suite=windows + + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + + -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:02 BRST 2013 + +Tor Browser Bundle (2.3.25-14); suite=windows + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update NoScript to 2.6.8.4 + * Update HTTPS-Everywhere to 3.4.2 + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.3.25-13); suite=windows + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.4.1 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.3.25-12); suite=windows + + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:23 CEST 2013 + +Tor Browser Bundle (2.3.25-11); suite=windows + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.3.1 + * Update NoScript to 2.6.6.9 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.3.25-10); suite=windows + + * Update Firefox to 17.0.7esr + * Update zlib to 1.2.8 + * Update HTTPS Everywhere to 3.2.2 + * Update NoScript to 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.3.25-8); suite=windows + + * Update Firefox to 17.0.6esr + * Update HTTPS Everywhere to 3.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:52 BRT 2013 + +Tor Browser Bundle (2.3.25-7); suite=windows + + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + - Re-enable --enable-optimize for Windows builds + + -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:57:00 BRT 2013 + +Tor Browser Bundle (2.3.25-6); suite=windows + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:14 EDT 2013 + +Tor Browser Bundle (2.3.25-5); suite=windows + + * Update Firefox to 17.0.4esr + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 3.1.4 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:41 CET 2013 + +Tor Browser Bundle (2.3.25-4); suite=windows + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:26 CET 2013 + +Tor Browser Bundle (2.3.25-3); suite=windows + + * Update OpenSSL to 1.0.1d + * Update HTTPS Everywhere to 3.1.3 + * Update NoScript to 2.6.4.4 + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:41 CET 2013 + +Tor Browser Bundle (2.3.25-2); suite=windows + + * Update Firefox to 10.0.12esr + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 3.1.2 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:07 CET 2013 + +Tor Browser Bundle (2.3.25-1); suite=windows + + * Update Tor to 0.2.3.25 + * Update Firefox 10.0.11esr + * Update Vidalia to 0.2.21 + * Update NoScript to 2.6.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012 + +Tor Browser Bundle (2.3.24-alpha-1); suite=windows + + * Update Tor to 0.2.3.24-rc + * Update Firefox to 10.0.10esr + * Update NoScript to 2.5.9 + * Update HTTPS Everywhere to 4.0development.2 + + -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:57 BST 2012 + +Tor Browser Bundle (2.3.23-alpha-1); suite=windows + + * Update Tor to 0.2.3.23-rc + * Update Firefox to 10.0.9esr + * Update HTTPS Everywhere to 4.0development.1 + * Update NoScript to 2.5.8 + * Re-enable automatic Control and SOCKS port selection on Linux and OSX + + -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:05 BST 2012 + +Tor Browser Bundle (2.3.22-alpha-1); suite=windows + + * Update Tor to 0.2.3.22-rc + + -- Erinn Clark <erinn(a)torproject.org> Tue Sep 11 19:49:08 BST 2012 + +Tor Browser Bundle (2.3.21-alpha-1); suite=windows + + * Update Tor to 0.2.3.21-rc + * Update Firefox to 15.0.1 + * Update Libevent to 2.0.20-stable + * Update Torbutton to 1.4.6.1 + * Update HTTPS Everywhere to 3.0development.6 + * Update NoScript to 2.5.4 + + -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:35 BST 2012 + +Tor Browser Bundle (2.3.20-alpha-1); suite=windows + + * Update Tor to 0.2.3.20-rc + * Update NoScript to 2.5 + * Change the urlbar search engine to Startpage (closes: #5925) + * Firefox patch updates: + - Fix the Tor Browser SIGFPE crash bug (closes: #6492) + - Add a redirect API for HTTPS-Everywhere (closes: #5477) + - Enable WebGL (as click-to-play only) (closes: #6370) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:32 BST 2012 + +Tor Browser Bundle (2.3.19-alpha-1); suite=windows + + * Update Tor to 0.2.3.19-rc + * Update Firefox to 14.0.1 + * Update libevent to 2.0.19-stable + * Update OpenSSL to 1.0.1c + * Update zlib to 1.2.7 + * Update Torbutton to 1.4.6 + * Update NoScript to 2.4.9 + * Update HTTPS Everywhere to 3.0development.5 + * Downgrade Vidalia to 0.2.20 + + -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:41 BST 2012 + +Tor Browser Bundle (2.3.12-alpha-2); suite=windows + + * Update Firefox to 11.0 + * Update NoScript to 2.3.4 + * Update HTTPS Everywhere to 3.0development.1 + * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300) + * Always build to with warnings enabled (closes: #4470) + * Remove tor-resolve from the Windows bundle (closes: #5403) + + -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012 + +Tor Browser Bundle (2.3.12-alpha-1); suite=windows + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012

1 0

[torbrowser/maint-2.4] bump all versions of stable and alpha (0.2.5.1-alpha) TBBs
by erinn＠torproject.org 14 Dec '13

14 Dec '13

commit fb7238f449bd8e990222ba8e8a693b4d12ee7e67 Author: Erinn Clark <erinn(a)torproject.org> Date: Sat Dec 14 16:45:06 2013 -0200 bump all versions of stable and alpha (0.2.5.1-alpha) TBBs --- README.LINUX-2.4 | 6 +- README.LINUX-2.5 | 29 ++ README.OSX-2.4 | 6 +- README.OSX-2.5 | 23 ++ README.WIN-2.4 | 6 +- README.WIN-2.5 | 27 ++ build-scripts/config/Info.plist | 6 +- build-scripts/config/Info.plist-stable | 6 +- build-scripts/edit-changelog.sh | 4 +- build-scripts/linux-alpha.mk | 2 +- build-scripts/linux.mk | 2 +- build-scripts/osx.mk | 2 +- build-scripts/versions-alpha.mk | 8 +- build-scripts/versions.mk | 8 +- build-scripts/windows.mk | 2 +- changelog.linux-2.4 | 319 +++++++++++++++++ changelog.linux-2.5 | 592 ++++++++++++++++++++++++++++++++ changelog.osx-2.4 | 299 ++++++++++++++++ changelog.osx-2.5 | 561 ++++++++++++++++++++++++++++++ changelog.windows-2.4 | 297 ++++++++++++++++ changelog.windows-2.5 | 557 ++++++++++++++++++++++++++++++ 21 files changed, 2733 insertions(+), 29 deletions(-) diff --git a/README.LINUX-2.4 b/README.LINUX-2.4 index e03ab99..97ae4d9 100644 --- a/README.LINUX-2.4 +++ b/README.LINUX-2.4 @@ -5,11 +5,11 @@ Included applications --------------------- Vidalia 0.2.21 (with Qt 4.8.1) -Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) +Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) Firefox 17.0.11esr \_ Torbutton 1.5.2 - |_ NoScript 2.6.8.5 - |_ HTTPS-Everywhere 3.4.2 + |_ NoScript 2.6.8.7 + |_ HTTPS-Everywhere 3.4.3 Usage ----- diff --git a/README.LINUX-2.5 b/README.LINUX-2.5 new file mode 100644 index 0000000..a21f5be --- /dev/null +++ b/README.LINUX-2.5 @@ -0,0 +1,29 @@ +Tor Browser Bundle for GNU/Linux (beta) +=============== + +Included applications +--------------------- + +Vidalia 0.2.21 (with Qt 4.8.1) +Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) +Firefox 17.0.11esr + \_ Torbutton 1.5.2 + |_ NoScript 2.6.8.7 + |_ HTTPS-Everywhere 3.4.3 + +Usage +----- + +Extract the bundle with: + +tar -xvzf tor-browser-gnu-linux*.tar.gz + +This will create a directory named tor-browser_LANG. Click on this directory or +cd into it and execute the 'start-tor-browser' script. This will start Vidalia. +Once Tor has successfully opened a circuit, Firefox will automatically be +opened. + +To exit, close Firefox. Vidalia will automatically clean up and exit. + +For more information about bugfixes and other package changes, see the +changelog in tor-browser_LANG/Docs/changelog. diff --git a/README.OSX-2.4 b/README.OSX-2.4 index 52ba0f0..6eed409 100644 --- a/README.OSX-2.4 +++ b/README.OSX-2.4 @@ -5,11 +5,11 @@ Included applications --------------------- Vidalia 0.2.21 (with Qt 4.8.1) -Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) +Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) Firefox 17.0.11esr \_ Torbutton 1.5.2 - |_ NoScript 2.6.8.5 - |_ HTTPS-Everywhere 3.4.2 + |_ NoScript 2.6.8.7 + |_ HTTPS-Everywhere 3.4.3 Usage ----- diff --git a/README.OSX-2.5 b/README.OSX-2.5 new file mode 100644 index 0000000..3f073ac --- /dev/null +++ b/README.OSX-2.5 @@ -0,0 +1,23 @@ +Tor Browser Bundle for Mac OS X (beta) +=============== + +Included applications +--------------------- + +Vidalia 0.2.21 (with Qt 4.8.1) +Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) +Firefox 17.0.11esr + \_ Torbutton 1.5.2 + |_ NoScript 2.6.8.7 + |_ HTTPS-Everywhere 3.4.3 + +Usage +----- + +Unzip the TorBrowser zip file that you downloaded. Click on the +TorBrowser_LANG.app which will launch Vidalia and then Firefox. + +To exit, close Firefox and Vidalia. + +For more information about bugfixes and other package changes, see the +changelog in TorBrowser_LANG.app/Contents/Resources/changelog. diff --git a/README.WIN-2.4 b/README.WIN-2.4 index 51925e9..a0aff79 100644 --- a/README.WIN-2.4 +++ b/README.WIN-2.4 @@ -5,11 +5,11 @@ Included applications --------------------- Vidalia 0.2.21 (with Qt 4.8.1) -Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) +Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) Firefox 17.0.11esr \_ Torbutton 1.5.2 - |_ NoScript 2.6.8.5 - |_ HTTPS-Everywhere 3.4.2 + |_ NoScript 2.6.8.7 + |_ HTTPS-Everywhere 3.4.3 Usage ----- diff --git a/README.WIN-2.5 b/README.WIN-2.5 new file mode 100644 index 0000000..17c9b03 --- /dev/null +++ b/README.WIN-2.5 @@ -0,0 +1,27 @@ +Tor Browser Bundle for Windows (beta) +=============== + +Included applications +--------------------- + +Vidalia 0.2.21 (with Qt 4.8.1) +Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k) +Firefox 17.0.11esr + \_ Torbutton 1.5.2 + |_ NoScript 2.6.8.7 + |_ HTTPS-Everywhere 3.4.3 + +Usage +----- + +Tor Browser.exe is a 7zip self extracting archive. To extract the bundle, run +this and point it to the install location. It will create a folder called "Tor +Browser". This may be the hard disk, but is more likely the currently mounted +USB drive. The install process needs only be performed once. + +Once the bundle is extracted, open the newly created folder and click +"Start Tor Browser.bat" (may appear as simply "Start Tor Browser"). +This will start Vidalia. Once Tor has successfully opened a circuit, +Firefox will automatically be opened. + +To exit, close Firefox. Vidalia will automatically clean up and exit. diff --git a/build-scripts/config/Info.plist b/build-scripts/config/Info.plist index 8b626a7..4870df7 100644 --- a/build-scripts/config/Info.plist +++ b/build-scripts/config/Info.plist @@ -9,7 +9,7 @@ <key>CFBundleExecutable</key> <string>TorBrowserBundle</string> <key>CFBundleGetInfoString</key> - <string>Tor Browser Bundle 2.4.18-rc-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string> + <string>Tor Browser Bundle 2.5.1-alpha-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string> <key>CFBundleIconFile</key> <string>vidalia.icns</string> <key>CFBundleIdentifier</key> @@ -21,7 +21,7 @@ <key>CFBundlePackageType</key> <string>APPL</string> <key>CFBundleShortVersionString</key> - <string>2.4.18-rc-1</string> + <string>2.5.1-alpha-1</string> <key>CFBundleSignature</key> <string>????</string> <key>LSEnvironment</key> @@ -35,7 +35,7 @@ <key>NSAppleScriptEnabled</key> <false/> <key>NSHumanReadableCopyright</key> - <string>Tor Browser Bundle 2.4.18-rc-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string> + <string>Tor Browser Bundle 2.5.1-alpha-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string> <key>NSMainNibFile</key> <string>MainMenu</string> <key>NSPrincipalClass</key> diff --git a/build-scripts/config/Info.plist-stable b/build-scripts/config/Info.plist-stable index f1648cf..0e50fc0 100644 --- a/build-scripts/config/Info.plist-stable +++ b/build-scripts/config/Info.plist-stable @@ -9,7 +9,7 @@ <key>CFBundleExecutable</key> <string>TorBrowserBundle</string> <key>CFBundleGetInfoString</key> - <string>Tor Browser Bundle 2.3.25-15 Copyright 2010, 2011, 2012, 2013 The Tor Project</string> + <string>Tor Browser Bundle 2.4.19-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string> <key>CFBundleIconFile</key> <string>vidalia.icns</string> <key>CFBundleIdentifier</key> @@ -21,7 +21,7 @@ <key>CFBundlePackageType</key> <string>APPL</string> <key>CFBundleShortVersionString</key> - <string>2.3.25-15</string> + <string>2.4.19-1</string> <key>CFBundleSignature</key> <string>????</string> <key>LSEnvironment</key> @@ -35,7 +35,7 @@ <key>NSAppleScriptEnabled</key> <false/> <key>NSHumanReadableCopyright</key> - <string>Tor Browser Bundle 2.3.25-15 Copyright 2010, 2011, 2012, 2013 The Tor Project</string> + <string>Tor Browser Bundle 2.4.19-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string> <key>NSMainNibFile</key> <string>MainMenu</string> <key>NSPrincipalClass</key> diff --git a/build-scripts/edit-changelog.sh b/build-scripts/edit-changelog.sh index 4369d33..b8bded4 100755 --- a/build-scripts/edit-changelog.sh +++ b/build-scripts/edit-changelog.sh @@ -23,6 +23,6 @@ Tor Browser Bundle ($VERSION); suite=$1 EOF -mv ../changelog.$1-2.3 ../changelog.$1-2.3-old -cat ../tmp.changelog.$1 ../changelog.$1-2.3-old >> ../changelog.$1-2.3 +mv ../changelog.$1-2.4 ../changelog.$1-2.4-old +cat ../tmp.changelog.$1 ../changelog.$1-2.4-old >> ../changelog.$1-2.4 diff --git a/build-scripts/linux-alpha.mk b/build-scripts/linux-alpha.mk index 349d512..3f831dd 100644 --- a/build-scripts/linux-alpha.mk +++ b/build-scripts/linux-alpha.mk @@ -15,7 +15,7 @@ ## Architecture ARCH_TYPE=$(shell uname -m) -BUILD_NUM=2 +BUILD_NUM=1 PLATFORM=Linux ## Build machine specific settings diff --git a/build-scripts/linux.mk b/build-scripts/linux.mk index 9edc7ac..300357f 100644 --- a/build-scripts/linux.mk +++ b/build-scripts/linux.mk @@ -15,7 +15,7 @@ ## Architecture ARCH_TYPE=$(shell uname -m) -BUILD_NUM=16 +BUILD_NUM=1 PLATFORM=Linux ## Build machine specific settings diff --git a/build-scripts/osx.mk b/build-scripts/osx.mk index 349e908..4246dc3 100644 --- a/build-scripts/osx.mk +++ b/build-scripts/osx.mk @@ -15,7 +15,7 @@ ## Architecture ARCH_TYPE=x86_64 -BUILD_NUM=15 +BUILD_NUM=1 PLATFORM=MacOS ## Set OSX-specific backwards compatibility options diff --git a/build-scripts/versions-alpha.mk b/build-scripts/versions-alpha.mk index 0410f41..bc27020 100644 --- a/build-scripts/versions-alpha.mk +++ b/build-scripts/versions-alpha.mk @@ -1,6 +1,6 @@ #!/usr/bin/make -RELEASE_VER=2.4.18-rc +RELEASE_VER=2.5.1-alpha ZLIB_VER=1.2.8 OPENSSL_VER=1.0.0k @@ -8,13 +8,13 @@ LIBPNG_VER=1.6.6 QT_VER=4.8.1 VIDALIA_VER=0.2.21 LIBEVENT_VER=2.0.21-stable -TOR_VER=0.2.4.18-rc +TOR_VER=0.2.5.1-alpha PIDGIN_VER=2.6.4 FIREFOX_VER=17.0.11esr MOZBUILD_VER=1.5.1 TORBUTTON_VER=1.5.2 -NOSCRIPT_VER=2.6.8.5 -HTTPSEVERYWHERE_VER=3.4.2 +NOSCRIPT_VER=2.6.8.7 +HTTPSEVERYWHERE_VER=3.4.3 PDFJS_VER=0.8.298 OBFSPROXY_VER=0.1.4 OTR_VER=3.2.0 diff --git a/build-scripts/versions.mk b/build-scripts/versions.mk index 77275b8..2c2add0 100644 --- a/build-scripts/versions.mk +++ b/build-scripts/versions.mk @@ -1,6 +1,6 @@ #!/usr/bin/make -RELEASE_VER=2.3.25 +RELEASE_VER=2.4.19 ZLIB_VER=1.2.8 OPENSSL_VER=1.0.0k @@ -8,13 +8,13 @@ LIBPNG_VER=1.6.6 QT_VER=4.8.1 VIDALIA_VER=0.2.21 LIBEVENT_VER=2.0.21-stable -TOR_VER=0.2.3.25 +TOR_VER=0.2.4.19 PIDGIN_VER=2.6.4 FIREFOX_VER=17.0.11esr MOZBUILD_VER=1.5.1 TORBUTTON_VER=1.5.2 -NOSCRIPT_VER=2.6.8.5 -HTTPSEVERYWHERE_VER=3.4.2 +NOSCRIPT_VER=2.6.8.7 +HTTPSEVERYWHERE_VER=3.4.3 OTR_VER=3.2.0 OBFSPROXY_VER=0.1.4 diff --git a/build-scripts/windows.mk b/build-scripts/windows.mk index f0174b3..9b4a557 100644 --- a/build-scripts/windows.mk +++ b/build-scripts/windows.mk @@ -13,7 +13,7 @@ ### Configuration ### ##################### -BUILD_NUM=15 +BUILD_NUM=1 PLATFORM=Windows ## Location of required libraries diff --git a/changelog.linux-2.4 b/changelog.linux-2.4 index f3623e4..77b27f7 100644 --- a/changelog.linux-2.4 +++ b/changelog.linux-2.4 @@ -1,3 +1,12 @@ +Tor Browser Bundle (2.4.19-1); suite=linux + + * New stable release + * Update Tor to 0.2.4.19 + * Update NoScript to 2.6.8.7 + * Update HTTPS Everywhere to 3.4.3 + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:26 BRST 2013 + Tor Browser Bundle (2.4.18-rc-2); suite=linux * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will @@ -271,3 +280,313 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=linux -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:21 GMT 2012 +Tor Browser Bundle (2.3.25-16); suite=linux + + * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will + stop crashing (closes: #10195) + + -- Erinn Clark <erinn(a)torproject.org> Wed Nov 20 17:46:24 BRST 2013 + +Tor Browser Bundle (2.3.25-15); suite=linux + + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + + -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:05 BRST 2013 + +Tor Browser Bundle (2.3.25-14); suite=linux + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update LibPNG to 1.6.6 + * Update NoScript to 2.6.8.4 + * Update HTTPS-Everywhere to 3.4.2 + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.3.25-13); suite=linux + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.4.1 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.3.25-12); suite=linux + + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:21 CEST 2013 + +Tor Browser Bundle (2.3.25-11); suite=linux + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.3.1 + * Update NoScript to 2.6.7 + * Update LibPNG to 1.6.3 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.3.25-10); suite=linux + + * Update Firefox to 17.0.7esr + * Update zlib to 1.2.8 + * Update libpng 1.5.16 + * Update NoScript 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.3.25-9); suite=linux + + * Rebuild 64-bit bundles with Firefox optimizations disabled in order to + prevent browser crashes. (closes: #8970) + * Update HTTPS Everywhere to 3.2.2 + * Update NoScript to 2.6.6.2 + + -- Erinn Clark <erinn(a)torproject.org> Wed Jun 12 18:42:24 BRT 2013 + +Tor Browser Bundle (2.3.25-8); suite=linux + + * Update Firefox to 17.0.6esr + * Update HTTPS Everywhere to 3.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:55 BRT 2013 + +Tor Browser Bundle (2.3.25-7); suite=linux + + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + + -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:56:58 BRT 2013 + +Tor Browser Bundle (2.3.25-6); suite=linux + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:16 EDT 2013 + +Tor Browser Bundle (2.3.25-5); suite=linux + + * Update Firefox to 17.0.4esr + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 3.1.4 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:43 CET 2013 + +Tor Browser Bundle (2.3.25-4); suite=linux + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:24 CET 2013 + +Tor Browser Bundle (2.3.25-3); suite=linux + + * Update OpenSSL to 1.0.1d + * Update HTTPS Everywhere to 3.1.3 + * Update NoScript to 2.6.4.4 + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:43 CET 2013 + +Tor Browser Bundle (2.3.25-2); suite=linux + + * Update Firefox to 10.0.12esr + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 3.1.2 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:05 CET 2013 + +Tor Browser Bundle (2.3.25-1); suite=linux + + * Update Tor to 0.2.3.25-rc + * Update Firefox 10.0.11esr + * Update Vidalia to 0.2.21 + * Update NoScript to 2.6.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012 + +Tor Browser Bundle (2.3.24-alpha-1); suite=linux + + * Update Tor to 0.2.3.24-rc + * Update Firefox to 10.0.10esr + * Update NoScript to 2.5.9 + * Update HTTPS Everywhere to 4.0development.2 + + -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:59 BST 2012 + +Tor Browser Bundle (2.3.23-alpha-1); suite=linux + + * Update Tor to 0.2.3.23-rc + * Update Firefox to 10.0.9esr + * Update HTTPS Everywhere to 4.0development.1 + * Update NoScript to 2.5.8 + * Re-enable automatic Control and SOCKS port selection on Linux and OSX + * Update libpng to 1.5.13 + + -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:09 BST 2012 + +Tor Browser Bundle (2.3.22-alpha-1); suite=linux + + * Update Tor to 0.2.3.22-rc + * Temporarily use fixed Control and SOCKS ports as a workaround for #6803 + + -- Erinn Clark <erinn(a)torproject.org> Wed Sep 12 14:02:57 BST 2012 + +Tor Browser Bundle (2.3.21-alpha-1); suite=linux + + * Update Tor to 0.2.3.21-rc + * Update Firefox to 15.0.1 + * Update Libevent to 2.0.20-stable + * Update Torbutton to 1.4.6.1 + * Update HTTPS Everywhere to 3.0development.6 + * Update NoScript to 2.5.4 + + -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:38 BST 2012 + +Tor Browser Bundle (2.3.20-alpha-1); suite=linux + + * Update Tor to 0.2.3.20-rc + * Update libpng to 1.5.12 + * Update NoScript to 2.5 + * Change the urlbar search engine to Startpage (closes: #5925) + * Firefox patch updates: + - Fix the Tor Browser SIGFPE crash bug (closes: #6492) + - Add a redirect API for HTTPS-Everywhere (closes: #5477) + - Enable WebGL (as click-to-play only) (closes: #6370) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:30 BST 2012 + +Tor Browser Bundle (2.3.19-alpha-1); suite=linux + + * Update Tor to 0.2.3.19-rc + * Update Firefox to 14.0.1 + * Update libevent to 2.0.19-stable + * Update OpenSSL to 1.0.1c + * Update zlib to 1.2.7 + * Update Torbutton to 1.4.6 + * Update NoScript to 2.4.9 + * Update HTTPS Everywhere to 3.0development.5 + * Downgrade Vidalia to 0.2.20 + * Update libpng to 1.5.12 + + -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:37 BST 2012 + +Tor Browser Bundle (2.3.12-alpha-2); suite=linux + + * Update Firefox to 11.0 + * Update NoScript to 2.3.4 + * Update HTTPS Everywhere to 3.0development.1 + * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300) + * Always build to with warnings enabled (closes: #4470) + * Don't attempt to load the default KDE 4 theme from Vidalia, because that + fails when the Qt versions don't match (closes: #5214) + + -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012 + +Tor Browser Bundle (2.3.12-alpha-1); suite=linux + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012 diff --git a/changelog.linux-2.5 b/changelog.linux-2.5 new file mode 100644 index 0000000..154d69f --- /dev/null +++ b/changelog.linux-2.5 @@ -0,0 +1,592 @@ +Tor Browser Bundle (2.5.1-alpha-1); suite=linux + + * New alpha release + * Update Tor to 0.2.5.1-alpha + * Update NoScript to 2.6.8.7 + * Update HTTPS Everywhere to 3.4.3 + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:44 BRST 2013 + +Tor Browser Bundle (2.4.18-rc-2); suite=linux + + * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will + stop crashing (closes: #10195) + + -- Erinn Clark <erinn(a)torproject.org> Wed Nov 20 17:46:24 BRST 2013 + +Tor Browser Bundle (2.4.18-rc-1); suite=linux + + * Update Tor to 0.2.4.18-rc + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + * Remove PDF.js since it is no longer supported in Firefox 17 + + -- Erinn Clark <erinn(a)torproject.org> Sun Nov 17 16:41:32 BRST 2013 + +Tor Browser Bundle (2.4.17-rc-1); suite=linux + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update LibPNG to 1.6.6 + * Update NoScript to 2.6.8.4 + * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this + becoming the stable bundle + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.4.17-beta-2); suite=linux + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update LibPNG to 1.6.3 + * Update HTTPS Everywhere to 4.0development.12 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + * Add missing geoip file + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.4.17-beta-1); suite=linux + + * Update Tor to 0.2.4.17-rc + * Update NoScript to 2.6.7.1 + * Update HTTPS Everywhere to 4.0development.11 + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 5 14:26:06 CEST 2013 + +Tor Browser Bundle (2.4.16-beta-1); suite=linux + + * Update Tor to 0.2.4.16-rc + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:39 CEST 2013 + +Tor Browser Bundle (2.4.15-beta-2); suite=linux + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * HTTPS Everywhere to 4.0development.9 + * Update PDF.js to 0.8.298 + * Update NoScript to 2.6.6.9 + * Update LibPNG to 1.6.3 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.4.15-beta-1); suite=linux + + * Update Tor to 0.2.4.15-rc + * Update NoScript to 2.6.6.7 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jul 7 18:38:52 BRT 2013 + +Tor Browser Bundle (2.4.14-alpha-1); suite=linux + + * Update Tor to 0.2.4.14-alpha + * Update Firefox 17.0.7esr + * Update zlib to 1.2.8 + * Update libpng to 1.5.16 + * Update HTTPS Everywhere to 4.0development.8 + * Update NoScript to 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.4.12-alpha-2); suite=linux + + * Update Firefox to 17.0.6esr + * Update NoScript to 2.6.6.1 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:06:23 BRT 2013 + +Tor Browser Bundle (2.4.12-alpha-1); suite=linux + + * Update Tor to 0.2.4.12-alpha + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6 + * Update PDF.js to 0.8.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + + -- Erinn Clark <erinn(a)torproject.org> Thu Apr 25 21:15:37 BRT 2013 + +Tor Browser Bundle (2.4.11-alpha-2); suite=linux + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:37 EDT 2013 + +Tor Browser Bundle (2.4.10-alpha-3); suite=linux + + * Update Firefox to 17.0.4esr + * Update Tor to 0.2.4.11-alpha + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 4.0development.6 + * Update PDF.js to 0.7.236 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Tue Mar 12 12:06:00 CET 2013 + +Tor Browser Bundle (2.4.10-alpha-2); suite=linux + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:47 CET 2013 + +Tor Browser Bundle (2.4.10-alpha-1); suite=linux + + * Update Tor to 0.2.4.10-alpha + * Update OpenSSL to 1.0.1d + * Update NoScript to 2.6.4.4 + * Add PDF Viewer (PDF.js) to README + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:13:28 CET 2013 + +Tor Browser Bundle (2.4.9-alpha-1); suite=linux + + * Update Firefox to 17.0.2esr + * Update Tor to 0.2.4.9-alpha + * Update Torbutton to 1.5.0pre-alpha + * Update NoScript to 2.6.4.3 + * Update HTTPS-Everywhere to 4.0development.5 + * Add Mozilla's PDF.js extension to give people the ability to read PDFs in + TBB + * Prevent TBB from trying to access the X session manager (closes: #5261) + * Firefox patch changes: + - Isolate image cache to url bar domain (closes: #5742 and #6539) + - Enable DOM storage and isolate it to url bar domain (closes: #6564) + - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477) + * Misc preference changes: + - Disable DOM performance timers (dom.enable_performance) (closes: #6204) + - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656) + - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210) + - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937) + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 25 15:31:35 CET 2013 + +Tor Browser Bundle (2.4.7-alpha-1); suite=linux + + * Update Firefox to 10.0.12esr + * Update Tor to 0.2.4.7-alpha + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 4.0development.4 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:55:05 CET 2013 + +Tor Browser Bundle (2.4.6-alpha-2); suite=linux + + * Update Makefiles to use the right changelogs and READMEs + + -- Erinn Clark <erinn(a)torproject.org> Mon Dec 3 16:13:47 GMT 2012 + +Tor Browser Bundle (2.4.6-alpha-1); suite=linux + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:21 GMT 2012 + +Tor Browser Bundle (2.3.25-16); suite=linux + + * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will + stop crashing (closes: #10195) + + -- Erinn Clark <erinn(a)torproject.org> Wed Nov 20 17:46:24 BRST 2013 + +Tor Browser Bundle (2.3.25-15); suite=linux + + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + + -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:05 BRST 2013 + +Tor Browser Bundle (2.3.25-14); suite=linux + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update LibPNG to 1.6.6 + * Update NoScript to 2.6.8.4 + * Update HTTPS-Everywhere to 3.4.2 + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.3.25-13); suite=linux + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.4.1 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.3.25-12); suite=linux + + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:21 CEST 2013 + +Tor Browser Bundle (2.3.25-11); suite=linux + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.3.1 + * Update NoScript to 2.6.7 + * Update LibPNG to 1.6.3 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.3.25-10); suite=linux + + * Update Firefox to 17.0.7esr + * Update zlib to 1.2.8 + * Update libpng 1.5.16 + * Update NoScript 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.3.25-9); suite=linux + + * Rebuild 64-bit bundles with Firefox optimizations disabled in order to + prevent browser crashes. (closes: #8970) + * Update HTTPS Everywhere to 3.2.2 + * Update NoScript to 2.6.6.2 + + -- Erinn Clark <erinn(a)torproject.org> Wed Jun 12 18:42:24 BRT 2013 + +Tor Browser Bundle (2.3.25-8); suite=linux + + * Update Firefox to 17.0.6esr + * Update HTTPS Everywhere to 3.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:55 BRT 2013 + +Tor Browser Bundle (2.3.25-7); suite=linux + + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + + -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:56:58 BRT 2013 + +Tor Browser Bundle (2.3.25-6); suite=linux + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:16 EDT 2013 + +Tor Browser Bundle (2.3.25-5); suite=linux + + * Update Firefox to 17.0.4esr + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 3.1.4 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:43 CET 2013 + +Tor Browser Bundle (2.3.25-4); suite=linux + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:24 CET 2013 + +Tor Browser Bundle (2.3.25-3); suite=linux + + * Update OpenSSL to 1.0.1d + * Update HTTPS Everywhere to 3.1.3 + * Update NoScript to 2.6.4.4 + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:43 CET 2013 + +Tor Browser Bundle (2.3.25-2); suite=linux + + * Update Firefox to 10.0.12esr + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 3.1.2 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:05 CET 2013 + +Tor Browser Bundle (2.3.25-1); suite=linux + + * Update Tor to 0.2.3.25-rc + * Update Firefox 10.0.11esr + * Update Vidalia to 0.2.21 + * Update NoScript to 2.6.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012 + +Tor Browser Bundle (2.3.24-alpha-1); suite=linux + + * Update Tor to 0.2.3.24-rc + * Update Firefox to 10.0.10esr + * Update NoScript to 2.5.9 + * Update HTTPS Everywhere to 4.0development.2 + + -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:59 BST 2012 + +Tor Browser Bundle (2.3.23-alpha-1); suite=linux + + * Update Tor to 0.2.3.23-rc + * Update Firefox to 10.0.9esr + * Update HTTPS Everywhere to 4.0development.1 + * Update NoScript to 2.5.8 + * Re-enable automatic Control and SOCKS port selection on Linux and OSX + * Update libpng to 1.5.13 + + -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:09 BST 2012 + +Tor Browser Bundle (2.3.22-alpha-1); suite=linux + + * Update Tor to 0.2.3.22-rc + * Temporarily use fixed Control and SOCKS ports as a workaround for #6803 + + -- Erinn Clark <erinn(a)torproject.org> Wed Sep 12 14:02:57 BST 2012 + +Tor Browser Bundle (2.3.21-alpha-1); suite=linux + + * Update Tor to 0.2.3.21-rc + * Update Firefox to 15.0.1 + * Update Libevent to 2.0.20-stable + * Update Torbutton to 1.4.6.1 + * Update HTTPS Everywhere to 3.0development.6 + * Update NoScript to 2.5.4 + + -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:38 BST 2012 + +Tor Browser Bundle (2.3.20-alpha-1); suite=linux + + * Update Tor to 0.2.3.20-rc + * Update libpng to 1.5.12 + * Update NoScript to 2.5 + * Change the urlbar search engine to Startpage (closes: #5925) + * Firefox patch updates: + - Fix the Tor Browser SIGFPE crash bug (closes: #6492) + - Add a redirect API for HTTPS-Everywhere (closes: #5477) + - Enable WebGL (as click-to-play only) (closes: #6370) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:30 BST 2012 + +Tor Browser Bundle (2.3.19-alpha-1); suite=linux + + * Update Tor to 0.2.3.19-rc + * Update Firefox to 14.0.1 + * Update libevent to 2.0.19-stable + * Update OpenSSL to 1.0.1c + * Update zlib to 1.2.7 + * Update Torbutton to 1.4.6 + * Update NoScript to 2.4.9 + * Update HTTPS Everywhere to 3.0development.5 + * Downgrade Vidalia to 0.2.20 + * Update libpng to 1.5.12 + + -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:37 BST 2012 + +Tor Browser Bundle (2.3.12-alpha-2); suite=linux + + * Update Firefox to 11.0 + * Update NoScript to 2.3.4 + * Update HTTPS Everywhere to 3.0development.1 + * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300) + * Always build to with warnings enabled (closes: #4470) + * Don't attempt to load the default KDE 4 theme from Vidalia, because that + fails when the Qt versions don't match (closes: #5214) + + -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012 + +Tor Browser Bundle (2.3.12-alpha-1); suite=linux + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012 diff --git a/changelog.osx-2.4 b/changelog.osx-2.4 index d8c0b4a..6fcd6d2 100644 --- a/changelog.osx-2.4 +++ b/changelog.osx-2.4 @@ -1,3 +1,12 @@ +Tor Browser Bundle (2.4.19-1); suite=osx + + * New stable release + * Update Tor to 0.2.4.19 + * Update NoScript to 2.6.8.7 + * Update HTTPS Everywhere to 3.4.3 + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:22 BRST 2013 + Tor Browser Bundle (2.4.18-rc-1); suite=linux * Update Tor to 0.2.4.18-rc @@ -260,3 +269,293 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=osx * Initial release -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:11 GMT 2012 +Tor Browser Bundle (2.3.25-15); suite=osx + + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield. + (closes: #10092) + + -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:00 BRST 2013 + +Tor Browser Bundle (2.3.25-14); suite=osx + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update NoScript to 2.6.8.4 + * Update HTTPS-Everywhere to 3.4.2 + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.3.25-13); suite=osx + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.4.1 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.3.25-12); suite=osx + + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:19 CEST 2013 + +Tor Browser Bundle (2.3.25-11); suite=osx + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.3.1 + * Update NoScript to 2.6.6.9 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.3.25-10); suite=osx + + * Update Firefox to 17.0.7esr + * Update zlib to 1.2.8 + * Update HTTPS Everywhere to 3.2.2 + * Update NoScript to 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.3.25-8); suite=osx + + * Update Firefox to 17.0.6esr + * Update HTTPS Everywhere to 3.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:50 BRT 2013 + +Tor Browser Bundle (2.3.25-7); suite=osx + + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + + -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:56:56 BRT 2013 + +Tor Browser Bundle (2.3.25-6); suite=osx + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:11 EDT 2013 + +Tor Browser Bundle (2.3.25-5); suite=osx + + * Update Firefox to 17.0.4esr + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 3.1.4 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:38 CET 2013 + +Tor Browser Bundle (2.3.25-4); suite=osx + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:21 CET 2013 + +Tor Browser Bundle (2.3.25-3); suite=osx + + * Update OpenSSL to 1.0.1d + * Update HTTPS Everywhere to 3.1.3 + * Update NoScript to 2.6.4.4 + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:39 CET 2013 + +Tor Browser Bundle (2.3.25-2); suite=osx + + * Update Firefox to 10.0.12esr + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 3.1.2 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:03 CET 2013 + +Tor Browser Bundle (2.3.25-1); suite=osx + + * Update Tor to 0.2.3.25 + * Update Firefox 10.0.11esr + * Update Vidalia to 0.2.21 + * Update NoScript to 2.6.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012 + +Tor Browser Bundle (2.3.24-alpha-1); suite=osx + + * Update Tor to 0.2.3.24-rc + * Update Firefox to 10.0.10esr + * Update NoScript to 2.5.9 + * Update HTTPS Everywhere to 4.0development.2 + + -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:55 BST 2012 + +Tor Browser Bundle (2.3.23-alpha-1); suite=osx + + * Update Tor to 0.2.3.23-rc + * Update Firefox to 10.0.9esr + * Update HTTPS Everywhere to 4.0development.1 + * Update NoScript to 2.5.8 + * Re-enable automatic Control and SOCKS port selection on Linux and OSX + + -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:03 BST 2012 + +Tor Browser Bundle (2.3.22-alpha-1); suite=osx + + * Update Tor to 0.2.3.22-rc + * Temporarily use fixed Control and SOCKS ports as a workaround for #6803 + + -- Erinn Clark <erinn(a)torproject.org> Wed Sep 12 14:02:57 BST 2012 + +Tor Browser Bundle (2.3.21-alpha-1); suite=osx + + * Update Tor to 0.2.3.21-rc + * Update Firefox to 15.0.1 + * Update Libevent to 2.0.20-stable + * Update Torbutton to 1.4.6.1 + * Update HTTPS Everywhere to 3.0development.6 + * Update NoScript to 2.5.4 + + -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:33 BST 2012 + +Tor Browser Bundle (2.3.20-alpha-1); suite=osx + + * Update Tor to 0.2.3.20-rc + * Update NoScript to 2.5 + * Change the urlbar search engine to Startpage (closes: #5925) + * Firefox patch updates: + - Fix the Tor Browser SIGFPE crash bug (closes: #6492) + - Add a redirect API for HTTPS-Everywhere (closes: #5477) + - Enable WebGL (as click-to-play only) (closes: #6370) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:27 BST 2012 + +Tor Browser Bundle (2.3.19-alpha-1); suite=osx + + * Update Tor to 0.2.3.19-rc + * Update Firefox to 14.0.1 + * Update libevent to 2.0.19-stable + * Update OpenSSL to 1.0.1c + * Update zlib to 1.2.7 + * Update Torbutton to 1.4.6 + * Update NoScript to 2.4.9 + * Update HTTPS Everywhere to 3.0development.5 + * Downgrade Vidalia to 0.2.20 + + -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:26 BST 2012 + +Tor Browser Bundle (2.3.12-alpha-2); suite=osx + + * Update Firefox to 11.0 + * Update NoScript to 2.3.4 + * Update HTTPS Everywhere to 3.0development.1 + * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300) + * Always build to with warnings enabled (closes: #4470) + * Give OS X users below 10.5 an incompatibility message (closes: #4356) + + -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012 + +Tor Browser Bundle (2.3.12-alpha-1); suite=osx + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012 diff --git a/changelog.osx-2.5 b/changelog.osx-2.5 new file mode 100644 index 0000000..83de71c --- /dev/null +++ b/changelog.osx-2.5 @@ -0,0 +1,561 @@ +Tor Browser Bundle (2.5.1-alpha-1); suite=osx + + * New alpha release + * Update Tor to 0.2.5.1-alpha + * Update NoScript to 2.6.8.7 + * Update HTTPS Everywhere to 3.4.3 + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:31:01 BRST 2013 + +Tor Browser Bundle (2.4.18-rc-1); suite=linux + + * Update Tor to 0.2.4.18-rc + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + * Remove PDF.js since it is no longer supported in Firefox 17 + * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield. + (closes: #10092) + + -- Erinn Clark <erinn(a)torproject.org> Sun Nov 17 16:41:32 BRST 2013 + +Tor Browser Bundle (2.4.17-rc-1); suite=osx + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update NoScript to 2.6.8.4 + * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this + becoming the stable bundle + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.4.17-beta-2); suite=osx + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 4.0development.12 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.4.17-beta-1); suite=osx + + * Update Tor to 0.2.4.17-rc + * Update NoScript to 2.6.7.1 + * Update HTTPS Everywhere to 4.0development.11 + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 5 14:26:04 CEST 2013 + +Tor Browser Bundle (2.4.16-beta-1); suite=osx + + * Update Tor to 0.2.4.16-rc + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:41 CEST 2013 + +Tor Browser Bundle (2.4.15-beta-2); suite=osx + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * HTTPS Everywhere to 4.0development.9 + * Update PDF.js to 0.8.298 + * Update NoScript to 2.6.6.9 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.4.15-beta-1); suite=osx + + * Update Tor to 0.2.4.15-rc + * Update NoScript to 2.6.6.7 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jul 7 18:38:48 BRT 2013 + +Tor Browser Bundle (2.4.14-alpha-1); suite=osx + + * Update Tor to 0.2.4.14-alpha + * Update Firefox 17.0.7esr + * Update zlib to 1.2.8 + * Update libpng to 1.5.16 + * Update HTTPS Everywhere to 4.0development.8 + * Update NoScript to 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.4.12-alpha-2); suite=osx + + * Update Firefox to 17.0.6esr + * Update NoScript to 2.6.6.1 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:06:20 BRT 2013 + +Tor Browser Bundle (2.4.12-alpha-1); suite=osx + + * Update Tor to 0.2.4.12-alpha + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6 + * Update PDF.js to 0.8.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + + -- Erinn Clark <erinn(a)torproject.org> Thu Apr 25 21:15:32 BRT 2013 + +Tor Browser Bundle (2.4.11-alpha-2); suite=osx + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:42 EDT 2013 + +Tor Browser Bundle (2.4.10-alpha-3); suite=osx + + * Update Firefox to 17.0.4esr + * Update Tor to 0.2.4.11-alpha + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 4.0development.6 + * Update PDF.js to 0.7.236 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Tue Mar 12 12:06:00 CET 2013 + +Tor Browser Bundle (2.4.10-alpha-2); suite=osx + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:45 CET 2013 + +Tor Browser Bundle (2.4.10-alpha-1); suite=osx + + * Update Tor to 0.2.4.10-alpha + * Update OpenSSL to 1.0.1d + * Update NoScript to 2.6.4.4 + * Add PDF Viewer (PDF.js) to README + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:13:28 CET 2013 + +Tor Browser Bundle (2.4.9-alpha-1); suite=osx + + * Update Firefox to 17.0.2esr + * Update Tor to 0.2.4.9-alpha + * Update Torbutton to 1.5.0pre-alpha + * Update NoScript to 2.6.4.3 + * Update HTTPS-Everywhere to 4.0development.5 + * Add Mozilla's PDF.js extension to give people the ability to read PDFs in + TBB + * Firefox patch changes: + - Isolate image cache to url bar domain (closes: #5742 and #6539) + - Enable DOM storage and isolate it to url bar domain (closes: #6564) + - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477) + * Misc preference changes: + - Disable DOM performance timers (dom.enable_performance) (closes: #6204) + - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656) + - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210) + - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937) + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 25 15:31:35 CET 2013 + +Tor Browser Bundle (2.4.7-alpha-1); suite=osx + + * Update Firefox to 10.0.12esr + * Update Tor to 0.2.4.7-alpha + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 4.0development.4 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:55:00 CET 2013 + +Tor Browser Bundle (2.4.6-alpha-2); suite=osx + + * Update Makefiles to use the right changelogs and READMEs + + -- Erinn Clark <erinn(a)torproject.org> Mon Dec 3 16:13:43 GMT 2012 + +Tor Browser Bundle (2.4.6-alpha-1); suite=osx + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:11 GMT 2012 +Tor Browser Bundle (2.3.25-15); suite=osx + + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield. + (closes: #10092) + + -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:00 BRST 2013 + +Tor Browser Bundle (2.3.25-14); suite=osx + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update NoScript to 2.6.8.4 + * Update HTTPS-Everywhere to 3.4.2 + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.3.25-13); suite=osx + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.4.1 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.3.25-12); suite=osx + + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:19 CEST 2013 + +Tor Browser Bundle (2.3.25-11); suite=osx + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.3.1 + * Update NoScript to 2.6.6.9 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.3.25-10); suite=osx + + * Update Firefox to 17.0.7esr + * Update zlib to 1.2.8 + * Update HTTPS Everywhere to 3.2.2 + * Update NoScript to 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.3.25-8); suite=osx + + * Update Firefox to 17.0.6esr + * Update HTTPS Everywhere to 3.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:50 BRT 2013 + +Tor Browser Bundle (2.3.25-7); suite=osx + + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + + -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:56:56 BRT 2013 + +Tor Browser Bundle (2.3.25-6); suite=osx + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:11 EDT 2013 + +Tor Browser Bundle (2.3.25-5); suite=osx + + * Update Firefox to 17.0.4esr + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 3.1.4 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:38 CET 2013 + +Tor Browser Bundle (2.3.25-4); suite=osx + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:21 CET 2013 + +Tor Browser Bundle (2.3.25-3); suite=osx + + * Update OpenSSL to 1.0.1d + * Update HTTPS Everywhere to 3.1.3 + * Update NoScript to 2.6.4.4 + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:39 CET 2013 + +Tor Browser Bundle (2.3.25-2); suite=osx + + * Update Firefox to 10.0.12esr + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 3.1.2 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:03 CET 2013 + +Tor Browser Bundle (2.3.25-1); suite=osx + + * Update Tor to 0.2.3.25 + * Update Firefox 10.0.11esr + * Update Vidalia to 0.2.21 + * Update NoScript to 2.6.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012 + +Tor Browser Bundle (2.3.24-alpha-1); suite=osx + + * Update Tor to 0.2.3.24-rc + * Update Firefox to 10.0.10esr + * Update NoScript to 2.5.9 + * Update HTTPS Everywhere to 4.0development.2 + + -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:55 BST 2012 + +Tor Browser Bundle (2.3.23-alpha-1); suite=osx + + * Update Tor to 0.2.3.23-rc + * Update Firefox to 10.0.9esr + * Update HTTPS Everywhere to 4.0development.1 + * Update NoScript to 2.5.8 + * Re-enable automatic Control and SOCKS port selection on Linux and OSX + + -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:03 BST 2012 + +Tor Browser Bundle (2.3.22-alpha-1); suite=osx + + * Update Tor to 0.2.3.22-rc + * Temporarily use fixed Control and SOCKS ports as a workaround for #6803 + + -- Erinn Clark <erinn(a)torproject.org> Wed Sep 12 14:02:57 BST 2012 + +Tor Browser Bundle (2.3.21-alpha-1); suite=osx + + * Update Tor to 0.2.3.21-rc + * Update Firefox to 15.0.1 + * Update Libevent to 2.0.20-stable + * Update Torbutton to 1.4.6.1 + * Update HTTPS Everywhere to 3.0development.6 + * Update NoScript to 2.5.4 + + -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:33 BST 2012 + +Tor Browser Bundle (2.3.20-alpha-1); suite=osx + + * Update Tor to 0.2.3.20-rc + * Update NoScript to 2.5 + * Change the urlbar search engine to Startpage (closes: #5925) + * Firefox patch updates: + - Fix the Tor Browser SIGFPE crash bug (closes: #6492) + - Add a redirect API for HTTPS-Everywhere (closes: #5477) + - Enable WebGL (as click-to-play only) (closes: #6370) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:27 BST 2012 + +Tor Browser Bundle (2.3.19-alpha-1); suite=osx + + * Update Tor to 0.2.3.19-rc + * Update Firefox to 14.0.1 + * Update libevent to 2.0.19-stable + * Update OpenSSL to 1.0.1c + * Update zlib to 1.2.7 + * Update Torbutton to 1.4.6 + * Update NoScript to 2.4.9 + * Update HTTPS Everywhere to 3.0development.5 + * Downgrade Vidalia to 0.2.20 + + -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:26 BST 2012 + +Tor Browser Bundle (2.3.12-alpha-2); suite=osx + + * Update Firefox to 11.0 + * Update NoScript to 2.3.4 + * Update HTTPS Everywhere to 3.0development.1 + * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300) + * Always build to with warnings enabled (closes: #4470) + * Give OS X users below 10.5 an incompatibility message (closes: #4356) + + -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012 + +Tor Browser Bundle (2.3.12-alpha-1); suite=osx + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012 diff --git a/changelog.windows-2.4 b/changelog.windows-2.4 index 8282c4a..15f3bb3 100644 --- a/changelog.windows-2.4 +++ b/changelog.windows-2.4 @@ -1,3 +1,12 @@ +Tor Browser Bundle (2.4.19-1); suite=windows + + * New stable release + * Update Tor to 0.2.4.19 + * Update NoScript to 2.6.8.7 + * Update HTTPS Everywhere to 3.4.3 + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:24 BRST 2013 + Tor Browser Bundle (2.4.18-rc-1); suite=linux * Update Tor to 0.2.4.18-rc @@ -258,3 +267,291 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=windows * Initial release -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:17 GMT 2012 +Tor Browser Bundle (2.3.25-15); suite=windows + + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + + -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:02 BRST 2013 + +Tor Browser Bundle (2.3.25-14); suite=windows + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update NoScript to 2.6.8.4 + * Update HTTPS-Everywhere to 3.4.2 + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.3.25-13); suite=windows + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.4.1 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.3.25-12); suite=windows + + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:23 CEST 2013 + +Tor Browser Bundle (2.3.25-11); suite=windows + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.3.1 + * Update NoScript to 2.6.6.9 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.3.25-10); suite=windows + + * Update Firefox to 17.0.7esr + * Update zlib to 1.2.8 + * Update HTTPS Everywhere to 3.2.2 + * Update NoScript to 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.3.25-8); suite=windows + + * Update Firefox to 17.0.6esr + * Update HTTPS Everywhere to 3.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:52 BRT 2013 + +Tor Browser Bundle (2.3.25-7); suite=windows + + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + - Re-enable --enable-optimize for Windows builds + + -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:57:00 BRT 2013 + +Tor Browser Bundle (2.3.25-6); suite=windows + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:14 EDT 2013 + +Tor Browser Bundle (2.3.25-5); suite=windows + + * Update Firefox to 17.0.4esr + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 3.1.4 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:41 CET 2013 + +Tor Browser Bundle (2.3.25-4); suite=windows + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:26 CET 2013 + +Tor Browser Bundle (2.3.25-3); suite=windows + + * Update OpenSSL to 1.0.1d + * Update HTTPS Everywhere to 3.1.3 + * Update NoScript to 2.6.4.4 + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:41 CET 2013 + +Tor Browser Bundle (2.3.25-2); suite=windows + + * Update Firefox to 10.0.12esr + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 3.1.2 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:07 CET 2013 + +Tor Browser Bundle (2.3.25-1); suite=windows + + * Update Tor to 0.2.3.25 + * Update Firefox 10.0.11esr + * Update Vidalia to 0.2.21 + * Update NoScript to 2.6.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012 + +Tor Browser Bundle (2.3.24-alpha-1); suite=windows + + * Update Tor to 0.2.3.24-rc + * Update Firefox to 10.0.10esr + * Update NoScript to 2.5.9 + * Update HTTPS Everywhere to 4.0development.2 + + -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:57 BST 2012 + +Tor Browser Bundle (2.3.23-alpha-1); suite=windows + + * Update Tor to 0.2.3.23-rc + * Update Firefox to 10.0.9esr + * Update HTTPS Everywhere to 4.0development.1 + * Update NoScript to 2.5.8 + * Re-enable automatic Control and SOCKS port selection on Linux and OSX + + -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:05 BST 2012 + +Tor Browser Bundle (2.3.22-alpha-1); suite=windows + + * Update Tor to 0.2.3.22-rc + + -- Erinn Clark <erinn(a)torproject.org> Tue Sep 11 19:49:08 BST 2012 + +Tor Browser Bundle (2.3.21-alpha-1); suite=windows + + * Update Tor to 0.2.3.21-rc + * Update Firefox to 15.0.1 + * Update Libevent to 2.0.20-stable + * Update Torbutton to 1.4.6.1 + * Update HTTPS Everywhere to 3.0development.6 + * Update NoScript to 2.5.4 + + -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:35 BST 2012 + +Tor Browser Bundle (2.3.20-alpha-1); suite=windows + + * Update Tor to 0.2.3.20-rc + * Update NoScript to 2.5 + * Change the urlbar search engine to Startpage (closes: #5925) + * Firefox patch updates: + - Fix the Tor Browser SIGFPE crash bug (closes: #6492) + - Add a redirect API for HTTPS-Everywhere (closes: #5477) + - Enable WebGL (as click-to-play only) (closes: #6370) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:32 BST 2012 + +Tor Browser Bundle (2.3.19-alpha-1); suite=windows + + * Update Tor to 0.2.3.19-rc + * Update Firefox to 14.0.1 + * Update libevent to 2.0.19-stable + * Update OpenSSL to 1.0.1c + * Update zlib to 1.2.7 + * Update Torbutton to 1.4.6 + * Update NoScript to 2.4.9 + * Update HTTPS Everywhere to 3.0development.5 + * Downgrade Vidalia to 0.2.20 + + -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:41 BST 2012 + +Tor Browser Bundle (2.3.12-alpha-2); suite=windows + + * Update Firefox to 11.0 + * Update NoScript to 2.3.4 + * Update HTTPS Everywhere to 3.0development.1 + * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300) + * Always build to with warnings enabled (closes: #4470) + * Remove tor-resolve from the Windows bundle (closes: #5403) + + -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012 + +Tor Browser Bundle (2.3.12-alpha-1); suite=windows + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012 diff --git a/changelog.windows-2.5 b/changelog.windows-2.5 new file mode 100644 index 0000000..d84e74d --- /dev/null +++ b/changelog.windows-2.5 @@ -0,0 +1,557 @@ +Tor Browser Bundle (2.5.1-alpha-1); suite=windows + + * New alpha release + * Update Tor to 0.2.5.1-alpha + * Update NoScript to 2.6.8.7 + * Update HTTPS Everywhere to 3.4.3 + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 14 16:30:59 BRST 2013 + +Tor Browser Bundle (2.4.18-rc-1); suite=linux + + * Update Tor to 0.2.4.18-rc + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + * Remove PDF.js since it is no longer supported in Firefox 17 + + -- Erinn Clark <erinn(a)torproject.org> Sun Nov 17 16:41:32 BRST 2013 + +Tor Browser Bundle (2.4.17-rc-1); suite=windows + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update NoScript to 2.6.8.4 + * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this + becoming the stable bundle + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.4.17-beta-2); suite=windows + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 4.0development.12 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.4.17-beta-1); suite=windows + + * Update Tor to 0.2.4.17-rc + * Update NoScript to 2.6.7.1 + * Update HTTPS Everywhere to 4.0development.11 + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 5 14:26:09 CEST 2013 + +Tor Browser Bundle (2.4.16-beta-1); suite=windows + + * Update Tor to 0.2.4.16-rc + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:37 CEST 2013 + +Tor Browser Bundle (2.4.15-beta-2); suite=windows + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * HTTPS Everywhere to 4.0development.9 + * Update PDF.js to 0.8.298 + * Update NoScript to 2.6.6.9 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.4.15-beta-1); suite=windows + + * Update Tor to 0.2.4.15-rc + * Update NoScript to 2.6.6.7 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jul 7 18:38:50 BRT 2013 + +Tor Browser Bundle (2.4.14-alpha-1); suite=windows + + * Update Tor to 0.2.4.14-alpha + * Update Firefox 17.0.7esr + * Update zlib to 1.2.8 + * Update libpng to 1.5.16 + * Update HTTPS Everywhere to 4.0development.8 + * Update NoScript to 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.4.12-alpha-2); suite=windows + + * Update Firefox to 17.0.6esr + * Update NoScript to 2.6.6.1 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:06:25 BRT 2013 + +Tor Browser Bundle (2.4.12-alpha-1); suite=windows + + * Update Tor to 0.2.4.12-alpha + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6 + * Update PDF.js to 0.8.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + + -- Erinn Clark <erinn(a)torproject.org> Thu Apr 25 21:15:34 BRT 2013 + +Tor Browser Bundle (2.4.11-alpha-2); suite=windows + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:39 EDT 2013 + +Tor Browser Bundle (2.4.10-alpha-3); suite=windows + + * Update Firefox to 17.0.4esr + * Update Tor to 0.2.4.11-alpha + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 4.0development.6 + * Update PDF.js to 0.7.236 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Tue Mar 12 12:06:00 CET 2013 + +Tor Browser Bundle (2.4.10-alpha-2); suite=windows + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:49 CET 2013 + +Tor Browser Bundle (2.4.10-alpha-1); suite=windows + + * Update Tor to 0.2.4.10-alpha + * Update OpenSSL to 1.0.1d + * Update NoScript to 2.6.4.4 + * Add PDF Viewer (PDF.js) to README + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:13:28 CET 2013 + +Tor Browser Bundle (2.4.9-alpha-test-1); suite=windows + + * Update Firefox to 17.0.2esr + * Update Tor to 0.2.4.9-alpha + * Update Torbutton to 1.5.0pre-alpha + * Update NoScript to 2.6.4.3 + * Update HTTPS-Everywhere to 4.0development.5 + * Add Mozilla's PDF.js extension to give people the ability to read PDFs in + TBB + * Firefox patch changes: + - Isolate image cache to url bar domain (closes: #5742 and #6539) + - Enable DOM storage and isolate it to url bar domain (closes: #6564) + - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477) + * Misc preference changes: + - Disable DOM performance timers (dom.enable_performance) (closes: #6204) + - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656) + - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210) + - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937) + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 25 15:31:35 CET 2013 + +Tor Browser Bundle (2.4.7-alpha-1); suite=windows + + * Update Firefox to 10.0.12esr + * Update Tor to 0.2.4.7-alpha + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 4.0development.4 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:55:02 CET 2013 + +Tor Browser Bundle (2.4.6-alpha-2); suite=windows + + * Update Makefiles to use the right changelogs and READMEs + + -- Erinn Clark <erinn(a)torproject.org> Mon Dec 3 16:13:45 GMT 2012 + +Tor Browser Bundle (2.4.6-alpha-1); suite=windows + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Sat Dec 1 15:21:17 GMT 2012 +Tor Browser Bundle (2.3.25-15); suite=windows + + * Update Firefox to 17.0.11esr + * Update NoScript to 2.6.8.5 + + -- Erinn Clark <erinn(a)torproject.org> Fri Nov 15 18:11:02 BRST 2013 + +Tor Browser Bundle (2.3.25-14); suite=windows + + * Update Firefox to 17.0.10esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update NoScript to 2.6.8.4 + * Update HTTPS-Everywhere to 3.4.2 + * Firefox patch changes: + - Hide infobar for missing plugins. (closes: #9012) + - Change the default entry page for the addons tab to the + installed addons page. (closes: #8364) + - Make flash objects really be click-to-play if flash is + enabled. (closes: #9867) + - Make getFirstPartyURI log+handle errors internally to + simplify caller usage of the API. (closes: #3661) + - Remove polipo and privoxy from the banned ports list. (closes: #3661) + - misc: Fix a potential memory leak in the Image Cache isolation + - misc: Fix a potential crash if OS theme information is ever absent + + -- Erinn Clark <erinn(a)torproject.org> Thu Oct 31 14:30:45 BRST 2013 + +Tor Browser Bundle (2.3.25-13); suite=windows + + * Update Firefox to 17.0.9esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.4.1 + * Update NoScript to 2.6.7.1 + * Remove extraneous libevent libraries (closes: #9727) + * Enable GCC hardening for Tor + * Firefox patch changes: + - Disable filtered results in Startpage omnibox (closes: #8839) + + -- Erinn Clark <erinn(a)torproject.org> Thu Sep 19 19:56:35 CEST 2013 + +Tor Browser Bundle (2.3.25-12); suite=windows + + * Re-add the locale pref to the Firefox prefs file to allow for localization + of bundles again (closes: #9436) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 11 11:51:23 CEST 2013 + +Tor Browser Bundle (2.3.25-11); suite=windows + + * Update Firefox to 17.0.8esr + https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#fire… + * Update HTTPS Everywhere to 3.3.1 + * Update NoScript to 2.6.6.9 + + -- Erinn Clark <erinn(a)torproject.org> Thu Aug 8 15:10:52 CEST 2013 + +Tor Browser Bundle (2.3.25-10); suite=windows + + * Update Firefox to 17.0.7esr + * Update zlib to 1.2.8 + * Update HTTPS Everywhere to 3.2.2 + * Update NoScript to 2.6.6.6 + + -- Erinn Clark <erinn(a)torproject.org> Sun Jun 23 23:20:25 BRT 2013 + +Tor Browser Bundle (2.3.25-8); suite=windows + + * Update Firefox to 17.0.6esr + * Update HTTPS Everywhere to 3.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun May 12 22:05:52 BRT 2013 + +Tor Browser Bundle (2.3.25-7); suite=windows + + * Update Torbutton to 1.5.2 + * Update libpng to 1.5.15 + * Update NoScript to 2.6.6.1 + * Firefox patch changes: + - Apply font limits to @font-face local() fonts and disable fallback + rendering for @font-face. (closes: #8455) + - Use Optimistic Data SOCKS handshake (improves page load performance). + (closes: #3875) + - Honor the Windows theme for inverse text colors (without leaking those + colors to content). (closes: #7920) + - Increase pipeline randomization and try harder to batch pipelined + requests together. (closes: #8470) + - Fix an image cache isolation domain key misusage. May fix several image + cache related crash bugs with New Identity, exit, and certain websites. + (closes: #8628) + * Torbutton changes: + - Allow session restore if the user allows disk actvity (closes: #8457) + - Remove the Display Settings panel and associated locales (closes: #8301) + - Fix "Transparent Torification" option. (closes: #6566) + - Fix a hang on New Identity. (closes: #8642) + * Build changes: + - Fetch our source deps from an https mirror (closes: #8286) + - Create watch scripts for syncing mirror sources and monitoring mirror + integrity (closes: #8338) + - Re-enable --enable-optimize for Windows builds + + -- Erinn Clark <erinn(a)torproject.org> Tue May 7 19:57:00 BRT 2013 + +Tor Browser Bundle (2.3.25-6); suite=windows + + * Update Firefox to 17.0.5esr + * Update NoScript to 2.6.59 + + -- Erinn Clark <erinn(a)torproject.org> Mon Apr 1 19:08:14 EDT 2013 + +Tor Browser Bundle (2.3.25-5); suite=windows + + * Update Firefox to 17.0.4esr + * Update NoScript to 2.6.5.8 + * Update HTTPS Everywhere to 3.1.4 + * Fix non-English language bundles to have the correct branding (closes: #8302) + * Firefox patch changes: + - Remove "This plugin is disabled" barrier + * This improves the user experience for HTML5 Youtube videos: + They "silently" attempt to load flash first, which was not so silent + with this barrier in place. (closes: #8312) + - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386) + - Fix a New Identity hang and/or crash condition (closes: #6386) + - Fix crash with Drag + Drop on Windows (closes: #8324) + * Torbutton changes: + - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324) + - Fix XML/E4X errors with Cookie Protections (closes: #6202) + - Don't clear cookies at shutdown if user wants disk history (closes: #8423) + - Leave IndexedDB and Offline Storage disabled. (closes: #8382) + - Clear DOM localStorage on New Identity. (closes: #8422) + - Don't strip "third party" HTTP auth from favicons (closes: #8335) + - Localize the "Spoof english" button strings (closes: #5183) + - Ask user for confirmation before enabling plugins (closes: #8313) + - Emit private browsing session clearing event on "New Identity" + + -- Erinn Clark <erinn(a)torproject.org> Sun Mar 10 22:15:41 CET 2013 + +Tor Browser Bundle (2.3.25-4); suite=windows + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5279) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 19 23:59:26 CET 2013 + +Tor Browser Bundle (2.3.25-3); suite=windows + + * Update OpenSSL to 1.0.1d + * Update HTTPS Everywhere to 3.1.3 + * Update NoScript to 2.6.4.4 + + -- Erinn Clark <erinn(a)torproject.org> Tue Feb 5 18:08:41 CET 2013 + +Tor Browser Bundle (2.3.25-2); suite=windows + + * Update Firefox to 10.0.12esr + * Update Libevent to 2.0.21-stable + * Update HTTPS Everywhere to 3.1.2 + * Update NoScript to 2.6.4.2 + + -- Erinn Clark <erinn(a)torproject.org> Fri Jan 4 11:46:07 CET 2013 + +Tor Browser Bundle (2.3.25-1); suite=windows + + * Update Tor to 0.2.3.25 + * Update Firefox 10.0.11esr + * Update Vidalia to 0.2.21 + * Update NoScript to 2.6.2 + + -- Erinn Clark <erinn(a)torproject.org> Sun Dec 2 09:03:27 GMT 2012 + +Tor Browser Bundle (2.3.24-alpha-1); suite=windows + + * Update Tor to 0.2.3.24-rc + * Update Firefox to 10.0.10esr + * Update NoScript to 2.5.9 + * Update HTTPS Everywhere to 4.0development.2 + + -- Erinn Clark <erinn(a)torproject.org> Sat Oct 27 12:16:57 BST 2012 + +Tor Browser Bundle (2.3.23-alpha-1); suite=windows + + * Update Tor to 0.2.3.23-rc + * Update Firefox to 10.0.9esr + * Update HTTPS Everywhere to 4.0development.1 + * Update NoScript to 2.5.8 + * Re-enable automatic Control and SOCKS port selection on Linux and OSX + + -- Erinn Clark <erinn(a)torproject.org> Mon Oct 22 16:14:05 BST 2012 + +Tor Browser Bundle (2.3.22-alpha-1); suite=windows + + * Update Tor to 0.2.3.22-rc + + -- Erinn Clark <erinn(a)torproject.org> Tue Sep 11 19:49:08 BST 2012 + +Tor Browser Bundle (2.3.21-alpha-1); suite=windows + + * Update Tor to 0.2.3.21-rc + * Update Firefox to 15.0.1 + * Update Libevent to 2.0.20-stable + * Update Torbutton to 1.4.6.1 + * Update HTTPS Everywhere to 3.0development.6 + * Update NoScript to 2.5.4 + + -- Erinn Clark <erinn(a)torproject.org> Sun Sep 9 10:42:35 BST 2012 + +Tor Browser Bundle (2.3.20-alpha-1); suite=windows + + * Update Tor to 0.2.3.20-rc + * Update NoScript to 2.5 + * Change the urlbar search engine to Startpage (closes: #5925) + * Firefox patch updates: + - Fix the Tor Browser SIGFPE crash bug (closes: #6492) + - Add a redirect API for HTTPS-Everywhere (closes: #5477) + - Enable WebGL (as click-to-play only) (closes: #6370) + + -- Erinn Clark <erinn(a)torproject.org> Sun Aug 5 23:21:32 BST 2012 + +Tor Browser Bundle (2.3.19-alpha-1); suite=windows + + * Update Tor to 0.2.3.19-rc + * Update Firefox to 14.0.1 + * Update libevent to 2.0.19-stable + * Update OpenSSL to 1.0.1c + * Update zlib to 1.2.7 + * Update Torbutton to 1.4.6 + * Update NoScript to 2.4.9 + * Update HTTPS Everywhere to 3.0development.5 + * Downgrade Vidalia to 0.2.20 + + -- Erinn Clark <erinn(a)torproject.org> Wed Jul 25 15:12:41 BST 2012 + +Tor Browser Bundle (2.3.12-alpha-2); suite=windows + + * Update Firefox to 11.0 + * Update NoScript to 2.3.4 + * Update HTTPS Everywhere to 3.0development.1 + * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300) + * Always build to with warnings enabled (closes: #4470) + * Remove tor-resolve from the Windows bundle (closes: #5403) + + -- Erinn Clark <erinn(a)torproject.org> Mon Mar 19 01:14:43 BRT 2012 + +Tor Browser Bundle (2.3.12-alpha-1); suite=windows + + * Initial release + + -- Erinn Clark <erinn(a)torproject.org> Thu Mar 1 14:04:56 BRT 2012

1 0

r26479: {website} Removed EL5 listing from RPMs packages page. EL5 is no longe (website/trunk/docs/en)
by Ondrej Mikle 14 Dec '13

14 Dec '13

Author: hiviah Date: 2013-12-14 16:01:16 +0000 (Sat, 14 Dec 2013) New Revision: 26479 Modified: website/trunk/docs/en/rpms.wml Log: Removed EL5 listing from RPMs packages page. EL5 is no longer supported. Modified: website/trunk/docs/en/rpms.wml =================================================================== --- website/trunk/docs/en/rpms.wml 2013-12-13 20:12:11 UTC (rev 26478) +++ website/trunk/docs/en/rpms.wml 2013-12-14 16:01:16 UTC (rev 26479) @@ -55,32 +55,6 @@ </p> <pre>3B9E EEB9 7B1E 827B CF0A 0D96 8AF5 653C 5AC0 01F1</pre> - <h3>EL5 packages</h3> - - <p>Packages for RHEL 5 (and clones) are signed with different key due to - old rpm limitations, put this repo file in /etc/yum.repos.d/ directory: - </p> - -<pre>[tor] -name=Tor experimental repo -enabled=1 -baseurl=http://deb.torproject.org/torproject.org/rpm/el/5/$basearch/ -gpgcheck=1 -gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.EL5.asc - -[tor-source] -name=Tor experimental source repo -enabled=1 -autorefresh=0 -baseurl=http://deb.torproject.org/torproject.org/rpm/el/5/SRPMS -gpgcheck=1 -gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.EL5.asc -</pre> - <p> - Fingerprint of RPM-GPG-KEY-torproject.org.EL5.asc key above should be: - </p> -<pre>9D27 0E2A 351C B4CB 6D95 78AF F8E7 95F8 B4D4 03EA</pre> - <h3>Package installation and running</h3> <p>

1 0

[translation/abouttor-homepage_completed] Update translations for abouttor-homepage_completed
by translation＠torproject.org 14 Dec '13

14 Dec '13

commit db3155374c0b57d65a7c72ffc23c8b61476be8bf Author: Translation commit bot <translation(a)torproject.org> Date: Sat Dec 14 00:46:38 2013 +0000 Update translations for abouttor-homepage_completed --- fr/aboutTor.dtd | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fr/aboutTor.dtd b/fr/aboutTor.dtd index b43c4ff..a0b041b 100644 --- a/fr/aboutTor.dtd +++ b/fr/aboutTor.dtd @@ -34,16 +34,16 @@ --> <!ENTITY aboutTor.searchSPPost.link "https://startpage.com/rth/search"> <!ENTITY aboutTor.searchDDGPost.link "https://duckduckgo.com/html/"> -<!ENTITY aboutTor.searchSP.privacy.beforeLink.label "Rechercher"> -<!ENTITY aboutTor.searchDDG.privacy.beforeLink.label "Rechercher"> +<!ENTITY aboutTor.searchSP.privacy.beforeLink.label "Rechercher "> +<!ENTITY aboutTor.searchDDG.privacy.beforeLink.label "Rechercher "> <!ENTITY aboutTor.searchSP.privacy.label "en toute sécurité"> <!ENTITY aboutTor.searchDDG.privacy.label "en toute sécurité"> <!ENTITY aboutTor.searchSP.privacy.link "https://startpage.com/eng/protect-privacy.html"> <!ENTITY aboutTor.searchDDG.privacy.link "https://duckduckgo.com/privacy.html"> <!ENTITY aboutTor.searchSP.privacy.afterLink.label "&nbsp;"> <!ENTITY aboutTor.searchDDG.privacy.afterLink.label "&nbsp;"> -<!ENTITY aboutTor.searchSP.search.beforeLink.label "avec"> -<!ENTITY aboutTor.searchDDG.search.beforeLink.label "avec"> +<!ENTITY aboutTor.searchSP.search.beforeLink.label "avec "> +<!ENTITY aboutTor.searchDDG.search.beforeLink.label "avec "> <!ENTITY aboutTor.searchSP.search.label "Startpage"> <!ENTITY aboutTor.searchDDG.search.label "DuckDuckGo"> <!ENTITY aboutTor.searchSP.search.link "https://startpage.com/">

1 0

[translation/abouttor-homepage] Update translations for abouttor-homepage
by translation＠torproject.org 14 Dec '13

14 Dec '13

commit 58eac069368f8af0a1249ad144ef80876950467c Author: Translation commit bot <translation(a)torproject.org> Date: Sat Dec 14 00:46:35 2013 +0000 Update translations for abouttor-homepage --- fr/aboutTor.dtd | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fr/aboutTor.dtd b/fr/aboutTor.dtd index b43c4ff..a0b041b 100644 --- a/fr/aboutTor.dtd +++ b/fr/aboutTor.dtd @@ -34,16 +34,16 @@ --> <!ENTITY aboutTor.searchSPPost.link "https://startpage.com/rth/search"> <!ENTITY aboutTor.searchDDGPost.link "https://duckduckgo.com/html/"> -<!ENTITY aboutTor.searchSP.privacy.beforeLink.label "Rechercher"> -<!ENTITY aboutTor.searchDDG.privacy.beforeLink.label "Rechercher"> +<!ENTITY aboutTor.searchSP.privacy.beforeLink.label "Rechercher "> +<!ENTITY aboutTor.searchDDG.privacy.beforeLink.label "Rechercher "> <!ENTITY aboutTor.searchSP.privacy.label "en toute sécurité"> <!ENTITY aboutTor.searchDDG.privacy.label "en toute sécurité"> <!ENTITY aboutTor.searchSP.privacy.link "https://startpage.com/eng/protect-privacy.html"> <!ENTITY aboutTor.searchDDG.privacy.link "https://duckduckgo.com/privacy.html"> <!ENTITY aboutTor.searchSP.privacy.afterLink.label "&nbsp;"> <!ENTITY aboutTor.searchDDG.privacy.afterLink.label "&nbsp;"> -<!ENTITY aboutTor.searchSP.search.beforeLink.label "avec"> -<!ENTITY aboutTor.searchDDG.search.beforeLink.label "avec"> +<!ENTITY aboutTor.searchSP.search.beforeLink.label "avec "> +<!ENTITY aboutTor.searchDDG.search.beforeLink.label "avec "> <!ENTITY aboutTor.searchSP.search.label "Startpage"> <!ENTITY aboutTor.searchDDG.search.label "DuckDuckGo"> <!ENTITY aboutTor.searchSP.search.link "https://startpage.com/">

1 0

[translation/vidalia_alpha_completed] Update translations for vidalia_alpha_completed
by translation＠torproject.org 14 Dec '13

14 Dec '13

commit bc23590babda8cfd47b2d76d66f19d45bf2f4bf8 Author: Translation commit bot <translation(a)torproject.org> Date: Sat Dec 14 00:45:26 2013 +0000 Update translations for vidalia_alpha_completed --- fr/vidalia_fr.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fr/vidalia_fr.po b/fr/vidalia_fr.po index 76c5627..66aeb39 100644 --- a/fr/vidalia_fr.po +++ b/fr/vidalia_fr.po @@ -12,7 +12,7 @@ msgstr "" "Project-Id-Version: The Tor Project\n" "Report-Msgid-Bugs-To: translations(a)vidalia-project.net\n" "POT-Creation-Date: 2012-03-21 17:46+0000\n" -"PO-Revision-Date: 2013-11-12 09:41+0000\n" +"PO-Revision-Date: 2013-12-14 00:30+0000\n" "Last-Translator: runasand <runa.sandvik(a)gmail.com>\n" "Language-Team: French (http://www.transifex.com/projects/p/torproject/language/fr/)\n" "MIME-Version: 1.0\n"

1 0