- tor-commits - lists.torproject.org

[Git][tpo/applications/tor-browser-build] Pushed new tag mb-15.0-build1
by morgan (＠morgan) 21 Oct '25

21 Oct '25

morgan pushed new tag mb-15.0-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/mb-… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build] Pushed new tag tbb-15.0-build1
by morgan (＠morgan) 21 Oct '25

21 Oct '25

morgan pushed new tag tbb-15.0-build1 at The Tor Project / Applications / tor-browser-build -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/tree/tbb… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-15.0] Bug 41596,41597: Prepare Tor, Mullvad Browser 15.0
by morgan (＠morgan) 21 Oct '25

21 Oct '25

morgan pushed to branch maint-15.0 at The Tor Project / Applications / tor-browser-build Commits: 8cf87f2c by Morgan at 2025-10-21T16:37:49+00:00 Bug 41596,41597: Prepare Tor, Mullvad Browser 15.0 - - - - - 8 changed files: - projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt - projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt - projects/browser/config - projects/firefox/config - projects/geckoview/config - projects/tor/config - projects/translation/config - rbm.conf Changes: ===================================== projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt ===================================== @@ -1,3 +1,123 @@ +Mullvad Browser 15.0 - October 28 + * All Platforms + * Updated Firefox to 140.4.0esr + * Updated NoScript to 13.2.2 + * Bug 451: The restart to apply button doesn't work [mullvad-browser] + * Bug 463: Fix typo in MimeType entry in .desktop file included in deb/rpm package (application/xhtml_xml instead of application/xhtml+xml) [mullvad-browser] + * Bug 468: Drop the Metager search engine [mullvad-browser] + * Bug 478: Update to the Mullvad Browser extension to 0.9.5 [mullvad-browser] + * Bug 19741: Opensearch (contextual search) does not obey FPI [tor-browser] + * Bug 42738: Tidy up the commit structure for browser updates UI [tor-browser] + * Bug 43009: Backport Bug 1973265 - Put WebCodecs API behind RFP Target [tor-browser] + * Bug 43093: Refactor the patch to disable LaterRun [tor-browser] + * Bug 43111: Delete our webextensions for search engines when Bug 1885953 is fixed upstream [tor-browser] + * Bug 43525: Check if our search engine customization still works after ESR 140 transition [tor-browser] + * Bug 43590: Move letterboxing rules out of browser/base/content/browser.css [tor-browser] + * Bug 43610: Use newer CSS variable names for ESR 140 [tor-browser] + * Bug 43629: All migrations in migrateUIBB are run for new profiles [tor-browser] + * Bug 43638: Fix up our `<command>` elements [tor-browser] + * Bug 43664: Review Mozilla 1842832: Move the private browsing toggle to initial install dialog [tor-browser] + * Bug 43728: Update search engine icon sizes [tor-browser] + * Bug 43745: Disable HEVC (H265) playback support [tor-browser] + * Bug 43749: Replace the newtab component and addon with our home page [tor-browser] + * Bug 43770: Bugzilla 1958070: More BrowserGlue simplification/splitting [tor-browser] + * Bug 43772: Do not use official branding for BB/TB/MB [tor-browser] + * Bug 43776: Set branding files for l10n merging [tor-browser] + * Bug 43795: Restore the URL classifier XPCOM components. [tor-browser] + * Bug 43844: Security level shield icon should be flipped for RTL locales [tor-browser] + * Bug 43850: Modify the Contrast Control settings for RFP [tor-browser] + * Bug 43864: Remove features from the unified search button [tor-browser] + * Bug 43869: Hide pens with RFP [tor-browser] + * Bug 43874: Incorporate our unified extension button hiding logic into mozilla's changes for ESR 140 [tor-browser] + * Bug 43886: Fix new tab for ESR 140 [tor-browser] + * Bug 43900: Open newtab rather than firefoxview when unloading the last tab [tor-browser] + * Bug 43902: Hide Sidebar buttons [tor-browser] + * Bug 43903: Report broken site is disabled rather than hidden [tor-browser] + * Bug 43905: base-browser.ftl missing from about:addons [tor-browser] + * Bug 43906: Extension.sys.mjs change in the wrong commit [tor-browser] + * Bug 43913: Context menu not properly populated [tor-browser] + * Bug 43947: Console error from ContentBlockingPrefs.init [tor-browser] + * Bug 43966: Notify the user when they are in a custom security level (desktop) [tor-browser] + * Bug 43989: Switch off AI chatbot preference [tor-browser] + * Bug 44030: Security Level selector does not get confirmation before restarting [tor-browser] + * Bug 44034: Update string used for checkbox on New Identity confirmation dialog [tor-browser] + * Bug 44040: Modify nsIPrompt and the commonDialog code to allow destructive buttons [tor-browser] + * Bug 44045: Drop AI and machine learning components [tor-browser] + * Bug 44090: Several of our XUL pages cause a crash because of missing CSP [tor-browser] + * Bug 44106: Make sure background tasks are not used for shutdown cleanup [tor-browser] + * Bug 44107: Switch tab search action is missing an icon [tor-browser] + * Bug 44108: Fix the new history sidebar [tor-browser] + * Bug 44123: Do not trim protocol off of URLs ever [tor-browser] + * Bug 44125: Do not offer to save signatures by default in Private Browsing Mode [tor-browser] + * Bug 44140: Refactored patch to prevent writing temp PDF files to disk [tor-browser] + * Bug 44141: Hide "Report broken site" items by default [tor-browser] + * Bug 44142: Missing document_pdf.svg from our branding directories [tor-browser] + * Bug 44153: Test search engine customization [tor-browser] + * Bug 44159: Change or hide the sidebar settings description [tor-browser] + * Bug 44177: Remove more urlbar actions [tor-browser] + * Bug 44178: Search preservation does not work with duckduckgo in safest security level [tor-browser] + * Bug 44187: TLS session tickets leak Private Browsing mode [tor-browser] + * Bug 44213: Reduce linkability concerns of the "Search with" contextual search action [tor-browser] + * Bug 44214: Update letterboxing to reflect changes in ESR 140 [tor-browser] + * Bug 44215: Hide Firefox home settings in about:preferences [tor-browser] + * Bug 44221: Backport MozBug 1984333 Bump Spoofed Processor Count [tor-browser] + * Bug 44234: No images in PDF [tor-browser] + * Bug 44242: Hand over Security Level's WebAssembly controls to NoScript [tor-browser] + * Bug 44262: Disable adding search engines from HTML forms [tor-browser] + * Bug 44279: Disable contextual search install prompt [tor-browser] + * Windows + * Bug 440: Make abseil use win32 thread model on mingw [mullvad-browser] + * Bug 44046: Replace BASE_BROWSER_UPDATE with BASE_BROWSER_VERSION in the font visibility list [tor-browser] + * Bug 44062: Force touch enabled on Windows and Android [tor-browser] + * Linux + * Bug 43950: Review Mozilla 1894818: Support HEVC playback on Linux [tor-browser] + * Bug 43959: Make Noto Color Emoji the default emoji font on Linux [tor-browser] + * Bug 44227: Some CJK characters cannot be rendered by Tor which uses the Noto font family [tor-browser] + * Bug 41586: Replace Noto CJK with Jigmo on Linux [tor-browser-build] + * Build System + * All Platforms + * Bug 43891: Update the translation CI to use the new mozilla versions [tor-browser] + * Bug 44067: Move --enable-geckodriver only to Linux-only mozconfigs [tor-browser] + * Bug 44103: git's export-subst is a reproducibility problem [tor-browser] + * Bug 44104: Don't run linter when there are no overall changes [tor-browser] + * Bug 26408: Make MAR signature checks clearer when creating incremental MAR files [tor-browser-build] + * Bug 34434: Remove unused variables from rbm.conf [tor-browser-build] + * Bug 40697: Delete repackage_browser.sh [tor-browser-build] + * Bug 40698: Update locale in tbb_version.json [tor-browser-build] + * Bug 40994: Add support in do-all-signing to sign release for some archs only [tor-browser-build] + * Bug 41064: Update tools/signing/README and add a tools/signing/machines-setup/README [tor-browser-build] + * Bug 41227: Update projects/common/list_toolchain_updates-common-firefox-geckoview to include check for binutils [tor-browser-build] + * Bug 41373: Remove `_ALL` from mar filenames [tor-browser-build] + * Bug 41444: Build artifacts to support artifact builds of Tor/Muillvad/Base Browser [tor-browser-build] + * Bug 41448: Update toolchains for Firefox ESR 140 [tor-browser-build] + * Bug 41452: Skip update-responses xml files for versions which don't have incrementals [tor-browser-build] + * Bug 41457: Set mar IDs as env variables in tor-browser-build [tor-browser-build] + * Bug 41459: Update taskcluster/ci paths in README and comments [tor-browser-build] + * Bug 41465: Disable development artifacts generation by default, keep it enabled for nightly builds [tor-browser-build] + * Bug 41478: Add vim and others missing basic tools to base container image [tor-browser-build] + * Bug 41496: Clean up unused projects [tor-browser-build] + * Bug 41501: cargo_vendor generated archive maintains timestamps [tor-browser-build] + * Bug 41517: Add morgan's key to the setup account on the signing machine [tor-browser-build] + * Bug 41534: Copy geckodriver only for Linux x86-64 [tor-browser-build] + * Bug 41539: Update Ubuntu version used to run mmdebstrap to 24.04.3 [tor-browser-build] + * Bug 41568: Update instructions for manually building 7zip [tor-browser-build] + * Bug 41579: Add zip to the list of Tor Browser Build dependencies [tor-browser-build] + * Bug 40084: Always use bash for the debug terminal [rbm] + * Bug 40087: Downloaded files getting stricter permissions than expected [rbm] + * Windows + * Bug 44167: Move the nsis-uninstall.patch to tor-browser repository [tor-browser] + * macOS + * Bug 41503: Error 403 when downloading macOS SDK [tor-browser-build] + * Bug 41527: Update libdmg-hfsplus and enable LZMA compression on dmgs [tor-browser-build] + * Bug 41538: Bump macOS SDK to 15.5 [tor-browser-build] + * Bug 41571: Work-around to prevent older 7z versions to break rcodesign. [tor-browser-build] + * Linux + * Bug 41458: Ship geckodriver only on Linux [tor-browser-build] + * Bug 41488: Disable sys/random.h for Node.js [tor-browser-build] + * Bug 41558: Share descriptions between Linux packages and archives [tor-browser-build] + * Bug 41561: Ship Noto Color Emoji on Linux [tor-browser-build] + * Bug 41569: Use var/display_name in .desktop files [tor-browser-build] + Mullvad Browser 15.0a4 - October 16 2025 * All Platforms * Updated Firefox to 140.4.0esr @@ -24,7 +144,7 @@ Mullvad Browser 15.0a4 - October 16 2025 * Bug 44221: Backport MozBug 1984333 Bump Spoofed Processor Count [tor-browser] * Bug 44234: No images in PDF [tor-browser] * Bug 44240: Typo on dom.security.https_first_add_exception_on_failure [tor-browser] - * Bug 44242: Hand over Security Level's WebAssembly controls to NoScript [tor-browser] + * Bug 44242: Hand over Security Level's WebAssembly controls to NoScript [tor-browser] * Bug 44262: Disable adding search engines from HTML forms [tor-browser] * Linux * Bug 44227: Some CJK characters cannot be rendered by Tor which uses the Noto font family [tor-browser] ===================================== projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt ===================================== @@ -1,3 +1,210 @@ +Tor Browser 15.0 - October 28 2025 + * All Platforms + * Updated NoScript to 13.2.2 + * Updated Lyrebird to 0.6.2 + * Bug 19741: Opensearch (contextual search) does not obey FPI [tor-browser] + * Bug 43009: Backport Bug 1973265 - Put WebCodecs API behind RFP Target [tor-browser] + * Bug 43093: Refactor the patch to disable LaterRun [tor-browser] + * Bug 43727: Update moz-toggle customisation for ESR 140 [tor-browser] + * Bug 43745: Disable HEVC (H265) playback support [tor-browser] + * Bug 43772: Do not use official branding for BB/TB/MB [tor-browser] + * Bug 43784: Get confirmation from NoScript that settings are applied [tor-browser] + * Bug 43832: Drop eslint-env [tor-browser] + * Bug 43850: Modify the Contrast Control settings for RFP [tor-browser] + * Bug 43853: DomainFrontedRequests: setData is no longer a function [tor-browser] + * Bug 43864: Remove features from the unified search button [tor-browser] + * Bug 43869: Hide pens with RFP [tor-browser] + * Bug 43880: Update moat's domain front url [tor-browser] + * Bug 44045: Drop AI and machine learning components [tor-browser] + * Bug 44068: Handle migration from meek-azure to meek built-in bridge type [tor-browser] + * Bug 44069: Update `meek-azure` related strings to `meek` [tor-browser] + * Bug 44140: Refactored patch to prevent writing temp PDF files to disk [tor-browser] + * Bug 44234: No images in PDF [tor-browser] + * Bug 41429: Add a note about user safety to Tor Browser Alpha blog posts [tor-browser-build] + * Bug 41442: Update our audit CSVs to use the new Audit template [tor-browser-build] + * Bug 41502: Application services build is failing on isNetworkAllowed() [tor-browser-build] + * Windows + macOS + Linux + * Updated Firefox to 140.4.0esr + * Bug 42025: Purple elements (e.g. Tor buttons) need dark theme variants [tor-browser] + * Bug 42738: Tidy up the commit structure for browser updates UI [tor-browser] + * Bug 43111: Delete our webextensions for search engines when Bug 1885953 is fixed upstream [tor-browser] + * Bug 43519: Replace tor-loading.png with SVG [tor-browser] + * Bug 43525: Check if our search engine customization still works after ESR 140 transition [tor-browser] + * Bug 43590: Move letterboxing rules out of browser/base/content/browser.css [tor-browser] + * Bug 43610: Use newer CSS variable names for ESR 140 [tor-browser] + * Bug 43629: All migrations in migrateUIBB are run for new profiles [tor-browser] + * Bug 43636: Tor exiting during startup with "connect automatically" leads to "Try a bridge" page [tor-browser] + * Bug 43638: Fix up our `<command>` elements [tor-browser] + * Bug 43664: Review Mozilla 1842832: Move the private browsing toggle to initial install dialog [tor-browser] + * Bug 43728: Update search engine icon sizes [tor-browser] + * Bug 43765: Temporarily disable Lox [tor-browser] + * Bug 43766: Only save the relevant TorSettings changes to preferences. [tor-browser] + * Bug 43770: Bugzilla 1958070: More BrowserGlue simplification/splitting [tor-browser] + * Bug 43776: Set branding files for l10n merging [tor-browser] + * Bug 43795: Restore the URL classifier XPCOM components. [tor-browser] + * Bug 43817: Write e2e test for verifying if the browser is connected to the Tor network [tor-browser] + * Bug 43844: Security level shield icon should be flipped for RTL locales [tor-browser] + * Bug 43874: Incorporate our unified extension button hiding logic into mozilla's changes for ESR 140 [tor-browser] + * Bug 43879: tor-branding.css declarations are overwritten [tor-browser] + * Bug 43886: Fix new tab for ESR 140 [tor-browser] + * Bug 43900: Open newtab rather than firefoxview when unloading the last tab [tor-browser] + * Bug 43901: Modify about:license for Tor Browser and drop about:rights [tor-browser] + * Bug 43902: Hide Sidebar buttons [tor-browser] + * Bug 43903: Report broken site is disabled rather than hidden [tor-browser] + * Bug 43905: base-browser.ftl missing from about:addons [tor-browser] + * Bug 43906: Extension.sys.mjs change in the wrong commit [tor-browser] + * Bug 43913: Context menu not properly populated [tor-browser] + * Bug 43929: two about:tor pages opened after update [tor-browser] + * Bug 43930: Onionize toggle not centre aligned in about:tor [tor-browser] + * Bug 43947: Console error from ContentBlockingPrefs.init [tor-browser] + * Bug 43966: Notify the user when they are in a custom security level (desktop) [tor-browser] + * Bug 43989: Switch off AI chatbot preference [tor-browser] + * Bug 44030: Security Level selector does not get confirmation before restarting [tor-browser] + * Bug 44034: Update string used for checkbox on New Identity confirmation dialog [tor-browser] + * Bug 44040: Modify nsIPrompt and the commonDialog code to allow destructive buttons [tor-browser] + * Bug 44090: Several of our XUL pages cause a crash because of missing CSP [tor-browser] + * Bug 44095: Rename connectionPane.xhtml and remove it from the jar [tor-browser] + * Bug 44101: Toolbar connection status is not visible when using vertical tabs [tor-browser] + * Bug 44106: Make sure background tasks are not used for shutdown cleanup [tor-browser] + * Bug 44107: Switch tab search action is missing an icon [tor-browser] + * Bug 44108: Fix the new history sidebar [tor-browser] + * Bug 44115: Make remove all bridges dialog use a destructive red button [tor-browser] + * Bug 44123: Do not trim protocol off of URLs ever [tor-browser] + * Bug 44125: Do not offer to save signatures by default in Private Browsing Mode [tor-browser] + * Bug 44141: Hide "Report broken site" items by default [tor-browser] + * Bug 44142: Missing document_pdf.svg from our branding directories [tor-browser] + * Bug 44145: Switch onion connection icons to use --icon-color-critical and --icon-color [tor-browser] + * Bug 44153: Test search engine customization [tor-browser] + * Bug 44159: Change or hide the sidebar settings description [tor-browser] + * Bug 44177: Remove more urlbar actions [tor-browser] + * Bug 44178: Search preservation does not work with duckduckgo in safest security level [tor-browser] + * Bug 44180: Clear YEC 2024 preference [tor-browser] + * Bug 44184: Duckduckgo Onion Lite search does not work properly in safest when added as a search engine [tor-browser] + * Bug 44187: TLS session tickets leak Private Browsing mode [tor-browser] + * Bug 44192: Hovering unloaded tab causes console error [tor-browser] + * Bug 44213: Reduce linkability concerns of the "Search with" contextual search action [tor-browser] + * Bug 44214: Update letterboxing to reflect changes in ESR 140 [tor-browser] + * Bug 44215: Hide Firefox home settings in about:preferences [tor-browser] + * Bug 44221: Backport MozBug 1984333 Bump Spoofed Processor Count [tor-browser] + * Bug 44239: DDG HTML page and search results displayed incorrectly with Safest security setting [tor-browser] + * Bug 44262: Disable adding search engines from HTML forms [tor-browser] + * Bug 44279: Disable contextual search install prompt [tor-browser] + * Windows + Android + * Bug 44062: Force touch enabled on Windows and Android [tor-browser] + * Windows + * Bug 44046: Replace BASE_BROWSER_UPDATE with BASE_BROWSER_VERSION in the font visibility list [tor-browser] + * macOS + * Bug 44127: Do not show macOS Privacy hint on network error pages [tor-browser] + * Linux + * Bug 43950: Review Mozilla 1894818: Support HEVC playback on Linux [tor-browser] + * Bug 43959: Make Noto Color Emoji the default emoji font on Linux [tor-browser] + * Bug 44227: Some CJK characters cannot be rendered by Tor which uses the Noto font family [tor-browser] + * Bug 41586: Replace Noto CJK with Jigmo on Linux [tor-browser-build] + * Android + * Updated GeckoView to 140.4.0esr + * Bug 43179: Make persistent 'private tabs' notification distinct from Firefox's [tor-browser] + * Bug 43401: Replace the constructor of Locale with a builder [tor-browser] + * Bug 43577: Flush settings fails on Android [tor-browser] + * Bug 43643: Clean out unused tor connect strings [tor-browser] + * Bug 43650: Survey banner behaves like a dialog on Android, rather than a card [tor-browser] + * Bug 43676: Preemptively disable unified trust panel by default so we are tracking for next ESR [tor-browser] + * Bug 43699: Dummy "about:" pages are not cleared from recently closed tabs (and possibly elsewhere) because they are normal tabs, not private tabs. [tor-browser] + * Bug 43755: Restore functionality of "switch to tab" urlbar suggestion [tor-browser] + * Bug 43826: Review Mozilla 1960122: Use `MOZ_BUILD_DATE` in Fenix build configuration [tor-browser] + * Bug 43855: brand.properties merging on Android is broken in 140 [tor-browser] + * Bug 43943: Review Mozilla 1928705: Ship Android Font Restrictions as part of FPP [tor-browser] + * Bug 44021: Android settings page colors are sometimes messed up (seems to be on the first launch) [tor-browser] + * Bug 44029: Search/url bar doesn't work on android after ESR 140 [tor-browser] + * Bug 44036: Crash on opening "Search Settings" on android [tor-browser] + * Bug 44042: Debug crash when opening settings too quickly after launching app [tor-browser] + * Bug 44047: Tor Browser's home doesn't have the background at the first load on Android [tor-browser] + * Bug 44080: Further remove "Analytics data collection and usage" [tor-browser] + * Bug 44083: "snowflake" is lower case on Android [tor-browser] + * Bug 44098: Bookmarks offer a way to go to sync in 15.0a1 [tor-browser] + * Bug 44133: Hide the "Allow in private browsing" checkboxes from WebExtension management UI [tor-browser] + * Bug 44139: Restore the (inactive) YouTube and Reddit search plugins on Android [tor-browser] + * Bug 44172: Fix crash in TorAndroidIntegration.handleMessage() [tor-browser] + * Bug 44237: Revoke access to all advertising ids available in Android [tor-browser] + * Bug 41494: Update GeckoView build scripts for ESR140 [tor-browser-build] + * Build System + * All Platforms + * Bug 43615: Add Gitlab Issue and Merge request templates [tor-browser] + * Bug 43616: Customize Gitlab Issue and Merge templates [tor-browser] + * Bug 43891: Update the translation CI to use the new mozilla versions [tor-browser] + * Bug 43954: Update tb-dev to handle lightweight tags [tor-browser] + * Bug 43962: update tb-dev auto-fixup for git 2.50 [tor-browser] + * Bug 44061: "Contributing" link is broken [tor-browser] + * Bug 44067: Move --enable-geckodriver only to Linux-only mozconfigs [tor-browser] + * Bug 44103: git's export-subst is a reproducibility problem [tor-browser] + * Bug 44104: Don't run linter when there are no overall changes [tor-browser] + * Bug 26408: Make MAR signature checks clearer when creating incremental MAR files [tor-browser-build] + * Bug 34434: Remove unused variables from rbm.conf [tor-browser-build] + * Bug 40551: Drop go reproducibility patches [tor-browser-build] + * Bug 40697: Delete repackage_browser.sh [tor-browser-build] + * Bug 40698: Update locale in tbb_version.json [tor-browser-build] + * Bug 41064: Update tools/signing/README and add a tools/signing/machines-setup/README [tor-browser-build] + * Bug 41227: Update projects/common/list_toolchain_updates-common-firefox-geckoview to include check for binutils [tor-browser-build] + * Bug 41434: Go updates shouldn't target all platforms until macOS is on legacy in the changelogs [tor-browser-build] + * Bug 41444: Build artifacts to support artifact builds of Tor/Muillvad/Base Browser [tor-browser-build] + * Bug 41448: Update toolchains for Firefox ESR 140 [tor-browser-build] + * Bug 41459: Update taskcluster/ci paths in README and comments [tor-browser-build] + * Bug 41465: Disable development artifacts generation by default, keep it enabled for nightly builds [tor-browser-build] + * Bug 41474: update README to explain moat-settings project requires `jq` to be installed [tor-browser-build] + * Bug 41478: Add vim and others missing basic tools to base container image [tor-browser-build] + * Bug 41486: Track bundletool and osslicenses-plugin versions in list_toolchain_updates_checks [tor-browser-build] + * Bug 41496: Clean up unused projects [tor-browser-build] + * Bug 41501: cargo_vendor generated archive maintains timestamps [tor-browser-build] + * Bug 41514: Remove var/build_go_lib from projects/go/config [tor-browser-build] + * Bug 41532: Rename meek-azure to meek in pt_config.json [tor-browser-build] + * Bug 41534: Copy geckodriver only for Linux x86-64 [tor-browser-build] + * Bug 41537: Add script to count mar downloads from web logs [tor-browser-build] + * Bug 41539: Update Ubuntu version used to run mmdebstrap to 24.04.3 [tor-browser-build] + * Bug 41568: Update instructions for manually building 7zip [tor-browser-build] + * Bug 41576: Build expert bundles outside containers [tor-browser-build] + * Bug 41579: Add zip to the list of Tor Browser Build dependencies [tor-browser-build] + * Bug 41594: Remove version from tor-expert-bundle and tor-expert-bundle-aar filenames [tor-browser-build] + * Bug 41600: update lyrebird version to v0.6.2 [tor-browser-build] + * Bug 41602: Update tools/changelog-format-blog-post [tor-browser-build] + * Bug 40084: Always use bash for the debug terminal [rbm] + * Bug 40087: Downloaded files getting stricter permissions than expected [rbm] + * Windows + macOS + Linux + * Bug 44131: Generate torrc-defaults and put it in objdir post-build [tor-browser] + * Bug 41373: Remove `_ALL` from mar filenames [tor-browser-build] + * Bug 41457: Set mar IDs as env variables in tor-browser-build [tor-browser-build] + * Bug 41604: Keep update-responses files from previous release [tor-browser-build] + * Windows + Linux + Android + * Updated Go to 1.24.9 + * Windows + * Bug 44167: Move the nsis-uninstall.patch to tor-browser repository [tor-browser] + * macOS + * Bug 41503: Error 403 when downloading macOS SDK [tor-browser-build] + * Bug 41527: Update libdmg-hfsplus and enable LZMA compression on dmgs [tor-browser-build] + * Bug 41538: Bump macOS SDK to 15.5 [tor-browser-build] + * Bug 41571: Work-around to prevent older 7z versions to break rcodesign. [tor-browser-build] + * Linux + * Bug 41458: Ship geckodriver only on Linux [tor-browser-build] + * Bug 41488: Disable sys/random.h for Node.js [tor-browser-build] + * Bug 41558: Share descriptions between Linux packages and archives [tor-browser-build] + * Bug 41561: Ship Noto Color Emoji on Linux [tor-browser-build] + * Bug 41569: Use var/display_name in .desktop files [tor-browser-build] + * Android + * Bug 43984: Update android build scripts and docs for ESR 140 [tor-browser] + * Bug 43987: 140 Android is not reproducible [tor-browser] + * Bug 44078: Modify ./autopublish-settings.gradle for building a-s and glean with uniffi-bindgen no-op [tor-browser] + * Bug 44220: Disable the JS minifier as it produces invalid JS [tor-browser] + * Bug 41453: Update application-services and uniffi-rs for ESR140 [tor-browser-build] + * Bug 41467: Remove list_toolchain_updates-firefox-android from Makefile [tor-browser-build] + * Bug 41483: geckoview_example-withGeckoBinaries-....apk doesn't exist anymore in Firefox 140 [tor-browser-build] + * Bug 41484: Create a fork of application-services [tor-browser-build] + * Bug 41500: Optimize tor and its dependencies for size on Android [tor-browser-build] + * Bug 41506: Use appilcation-services branch for nightlies builds [tor-browser-build] + * Bug 41507: Single-arch build fails because artifacts don't have arch subdirectories [tor-browser-build] + * Bug 41523: Use custom built Glean package on Android [tor-browser-build] + * Bug 41548: Hide tor's symbols on Android and add other linker options to save space [tor-browser-build] + * Bug 41577: Minify JS with UglifyJS on Android x86 [tor-browser-build] + * Bug 41583: Align tor and PTs to 16kB on Android [tor-browser-build] + * Bug 41605: Ignore incrementals if we're not building desktop [tor-browser-build] + Tor Browser 15.0a4 - October 16 2025 * All Platforms * Updated NoScript to 13.2.1 ===================================== projects/browser/config ===================================== @@ -113,9 +113,9 @@ input_files: enable: '[% ! c("var/android") %]' - filename: dmg-root enable: '[% ! c("var/android") %]' - - URL: https://addons.mozilla.org/firefox/downloads/file/4593796/noscript-13.2.1.x… + - URL: https://addons.mozilla.org/firefox/downloads/file/4597669/noscript-13.2.2.x… name: noscript - sha256sum: 190297f3d1e55db0c65f9bc00460bea9b753939d428ea593d6cef27fde1ce69a + sha256sum: f5ae80f2858057a3c8ebbafc12269659003f937e1cd781e05c01cc668e025c70 - URL: https://addons.mozilla.org/firefox/downloads/file/4578681/ublock_origin-1.6… name: ublock-origin sha256sum: bc62cd930601212f1568964389352bbd4b1808466f2c9ac1198c754338077fb0 ===================================== projects/firefox/config ===================================== @@ -21,7 +21,7 @@ var: browser_series: '15.0' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 2 + browser_build: 4 copyright_year: '[% exec("git show -s --format=%ci " _ c("git_hash") _ "^{commit}", { exec_noco => 1 }).remove("-.*") %]' nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]' gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser @@ -114,6 +114,7 @@ targets: updater_url: 'https://cdn.mullvad.net/browser/update_responses/update_1/' mar_id_prefix: 'mullvadbrowser-mullvad' nightly_updates_publish_dir_prefix: mullvadbrowser- + browser_build: 3 linux-x86_64: var: ===================================== projects/geckoview/config ===================================== @@ -23,7 +23,7 @@ var: browser_series: '15.0' browser_rebase: 1 browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]' - browser_build: 2 + browser_build: 4 gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser git_commit: '[% exec("git rev-parse " _ c("git_hash") _ "^{commit}", { exec_noco => 1 }) %]' deps: ===================================== projects/tor/config ===================================== @@ -1,6 +1,6 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' -version: 0.4.9.3-alpha +version: 0.4.8.19 git_hash: 'tor-[% c("version") %]' git_url: https://gitlab.torproject.org/tpo/core/tor.git git_submodule: 1 ===================================== projects/translation/config ===================================== @@ -12,13 +12,13 @@ compress_tar: 'gz' steps: base-browser: base-browser: '[% INCLUDE build %]' - git_hash: dff70d135408cfc24931c170efa91fbaded19914 + git_hash: cdd3da6308bb3beb916744057af92331025053bb targets: nightly: git_hash: 'base-browser' tor-browser: tor-browser: '[% INCLUDE build %]' - git_hash: ca310e42296a7085ea59fc323592f3dc702123ac + git_hash: 3395fe5bdb7556490e31d3c6804e6240278bc708 targets: nightly: git_hash: 'tor-browser' @@ -32,7 +32,7 @@ steps: fenix: '[% INCLUDE build %]' # We need to bump the commit before releasing but just pointing to a branch # might cause too much rebuidling of the Firefox part. - git_hash: 0efa38c746df88feeb4daa7150e394e87e6d4d18 + git_hash: 807271d57878187b08fbd004276a3eea624421e6 compress_tar: 'zst' targets: nightly: ===================================== rbm.conf ===================================== @@ -74,13 +74,13 @@ buildconf: git_signtag_opt: '-s' var: - torbrowser_version: '15.0a4' + torbrowser_version: '15.0' torbrowser_build: 'build1' # This should be the date of when the build is started. For the build # to be reproducible, browser_release_date should always be in the past. - browser_release_date: '2025/10/15 18:00:00' + browser_release_date: '2025/10/20 17:00:00' browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' - browser_default_channel: alpha + browser_default_channel: release browser_platforms: android-armv7: '[% c("var/browser_platforms/is_android_release") %]' android-x86: '[% c("var/browser_platforms/is_android_release") %]' @@ -128,13 +128,13 @@ var: updater_enabled: 1 build_mar: 1 torbrowser_incremental_from: - - 15.0a3 - - 15.0a2 - - 15.0a1 + - 14.5.8 + - 14.5.7 + - 14.5.6 mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]' -# torbrowser_legacy_version: 13.5.22 -# torbrowser_legacy_platform_version: 115.28.0 + torbrowser_legacy_version: 13.5.23 + torbrowser_legacy_platform_version: 115.29.0 # By default, we sort the list of installed packages. This allows sharing # containers with identical list of packages, even if they are not listed View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-140.4.0esr-15.0-1-build3
by morgan (＠morgan) 21 Oct '25

21 Oct '25

morgan pushed new tag mullvad-browser-140.4.0esr-15.0-1-build3 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-140.4.0esr-15.0-1-build4
by morgan (＠morgan) 21 Oct '25

21 Oct '25

morgan pushed new tag tor-browser-140.4.0esr-15.0-1-build4 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.4.0esr-15.0-1] BB 44279: Disable contextual search install prompt.
by henry (＠henry) 21 Oct '25

21 Oct '25

henry pushed to branch mullvad-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 3d411c42 by henry at 2025-10-21T15:55:32+01:00 BB 44279: Disable contextual search install prompt. (cherry picked from commit 5b9d6ce72ac5e4a3a296d6084a9bce7cf4a1ccd6) Co-authored-by: Henry Wilkes <henry(a)torproject.org> - - - - - 1 changed file: - browser/components/urlbar/ActionsProviderContextualSearch.sys.mjs Changes: ===================================== browser/components/urlbar/ActionsProviderContextualSearch.sys.mjs ===================================== @@ -9,6 +9,8 @@ import { ActionsResult, } from "resource:///modules/ActionsProvider.sys.mjs"; +import { AppConstants } from "resource://gre/modules/AppConstants.sys.mjs"; + const lazy = {}; ChromeUtils.defineESModuleGetters(lazy, { @@ -312,6 +314,11 @@ class ProviderContextualSearch extends ActionsProvider { ); if ( + // Do not show the install prompt in non-private windows to have + // consistent behaviour with private windows and avoid linkability + // concerns. tor-browser#44134. + // Maybe re-enable as part of tor-browser#44117. + !AppConstants.BASE_BROWSER_VERSION && !queryContext.isPrivate && type != INSTALLED_ENGINE && (await Services.search.shouldShowInstallPrompt(engine)) View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/3d4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/3d4… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-140.4.0esr-15.0-1] BB 44279: Disable contextual search install prompt.
by henry (＠henry) 21 Oct '25

21 Oct '25

henry pushed to branch base-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: e009a21f by henry at 2025-10-21T14:54:00+00:00 BB 44279: Disable contextual search install prompt. (cherry picked from commit 5b9d6ce72ac5e4a3a296d6084a9bce7cf4a1ccd6) Co-authored-by: Henry Wilkes <henry(a)torproject.org> - - - - - 1 changed file: - browser/components/urlbar/ActionsProviderContextualSearch.sys.mjs Changes: ===================================== browser/components/urlbar/ActionsProviderContextualSearch.sys.mjs ===================================== @@ -9,6 +9,8 @@ import { ActionsResult, } from "resource:///modules/ActionsProvider.sys.mjs"; +import { AppConstants } from "resource://gre/modules/AppConstants.sys.mjs"; + const lazy = {}; ChromeUtils.defineESModuleGetters(lazy, { @@ -312,6 +314,11 @@ class ProviderContextualSearch extends ActionsProvider { ); if ( + // Do not show the install prompt in non-private windows to have + // consistent behaviour with private windows and avoid linkability + // concerns. tor-browser#44134. + // Maybe re-enable as part of tor-browser#44117. + !AppConstants.BASE_BROWSER_VERSION && !queryContext.isPrivate && type != INSTALLED_ENGINE && (await Services.search.shouldShowInstallPrompt(engine)) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e009a21… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/e009a21… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.4.0esr-15.0-1] fixup! BB 18905: Hide unwanted items from help menu
by morgan (＠morgan) 21 Oct '25

21 Oct '25

morgan pushed to branch mullvad-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 9c619ad1 by Henry Wilkes at 2025-10-21T14:51:51+00:00 fixup! BB 18905: Hide unwanted items from help menu TB 44141: Hide "Report broken site" items by default. This should stop the app menu and help menu from jumping in height when first opened. - - - - - 2 changed files: - browser/base/content/appmenu-viewcache.inc.xhtml - browser/base/content/browser-menubar.inc Changes: ===================================== browser/base/content/appmenu-viewcache.inc.xhtml ===================================== @@ -156,6 +156,7 @@ data-l10n-id="appmenuitem-report-broken-site" closemenu="none" disabled="true" + hidden="true" command="cmd_reportBrokenSite"/> <toolbarbutton id="appMenu-help-button2" class="subviewbutton subviewbutton-nav" ===================================== browser/base/content/browser-menubar.inc ===================================== @@ -435,6 +435,7 @@ command="cmd_reportBrokenSite" data-l10n-id="menu-report-broken-site" disabled="true" + hidden="true" appmenu-data-l10n-id="appmenuitem-report-broken-site"/> <menuitem id="feedbackPage" hidden="true" View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/9c6… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/9c6… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.4.0esr-15.0-1] BB 44279: Disable contextual search install prompt.
by henry (＠henry) 21 Oct '25

21 Oct '25

henry pushed to branch tor-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 5b9d6ce7 by Henry Wilkes at 2025-10-21T14:49:24+00:00 BB 44279: Disable contextual search install prompt. - - - - - 1 changed file: - browser/components/urlbar/ActionsProviderContextualSearch.sys.mjs Changes: ===================================== browser/components/urlbar/ActionsProviderContextualSearch.sys.mjs ===================================== @@ -9,6 +9,8 @@ import { ActionsResult, } from "resource:///modules/ActionsProvider.sys.mjs"; +import { AppConstants } from "resource://gre/modules/AppConstants.sys.mjs"; + const lazy = {}; ChromeUtils.defineESModuleGetters(lazy, { @@ -312,6 +314,11 @@ class ProviderContextualSearch extends ActionsProvider { ); if ( + // Do not show the install prompt in non-private windows to have + // consistent behaviour with private windows and avoid linkability + // concerns. tor-browser#44134. + // Maybe re-enable as part of tor-browser#44117. + !AppConstants.BASE_BROWSER_VERSION && !queryContext.isPrivate && type != INSTALLED_ENGINE && (await Services.search.shouldShowInstallPrompt(engine)) View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5b9d6ce… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5b9d6ce… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-140.4.0esr-15.0-1] fixup! BB 18905: Hide unwanted items from help menu
by morgan (＠morgan) 21 Oct '25

21 Oct '25

morgan pushed to branch base-browser-140.4.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: a5c64f48 by Henry Wilkes at 2025-10-21T14:50:39+00:00 fixup! BB 18905: Hide unwanted items from help menu TB 44141: Hide "Report broken site" items by default. This should stop the app menu and help menu from jumping in height when first opened. - - - - - 2 changed files: - browser/base/content/appmenu-viewcache.inc.xhtml - browser/base/content/browser-menubar.inc Changes: ===================================== browser/base/content/appmenu-viewcache.inc.xhtml ===================================== @@ -155,6 +155,7 @@ data-l10n-id="appmenuitem-report-broken-site" closemenu="none" disabled="true" + hidden="true" command="cmd_reportBrokenSite"/> <toolbarbutton id="appMenu-help-button2" class="subviewbutton subviewbutton-nav" ===================================== browser/base/content/browser-menubar.inc ===================================== @@ -436,6 +436,7 @@ command="cmd_reportBrokenSite" data-l10n-id="menu-report-broken-site" disabled="true" + hidden="true" appmenu-data-l10n-id="appmenuitem-report-broken-site"/> <menuitem id="feedbackPage" hidden="true" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a5c64f4… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/a5c64f4… You're receiving this email because of your account on gitlab.torproject.org.

1 0