commit a7a6f7a92a9972f9133c0d83deedbc93fb9b067a Author: Erinn Clark <erinn@torproject.org> Date: Wed Feb 20 02:30:40 2013 +0100 update stable and alpha TBBs and their changelogs for Firefox 17.0.3esr --- README.LINUX-2.3 | 8 ++++---- README.LINUX-2.4 | 8 ++++---- README.OSX-2.3 | 8 ++++---- README.OSX-2.4 | 8 ++++---- README.WIN-2.3 | 8 ++++---- README.WIN-2.4 | 8 ++++---- changelog.linux-2.3 | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ changelog.linux-2.4 | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ changelog.osx-2.3 | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ changelog.osx-2.4 | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ changelog.windows-2.3 | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ changelog.windows-2.4 | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 12 files changed, 312 insertions(+), 24 deletions(-) diff --git a/README.LINUX-2.3 b/README.LINUX-2.3 index 19db511..62b296b 100644 --- a/README.LINUX-2.3 +++ b/README.LINUX-2.3 @@ -5,10 +5,10 @@ Included applications --------------------- Vidalia 0.2.21 (with Qt 4.8.1) -Tor 0.2.3.25 (with libevent-2.0.21-stable, zlib-1.2.7 and openssl-1.0.1d) -Firefox 10.0.12esr - \_ Torbutton 1.4.6.3 - |_ NoScript 2.6.4.4 +Tor 0.2.3.25 (with libevent-2.0.21-stable, zlib-1.2.7 and openssl-1.0.0k) +Firefox 17.0.3esr + \_ Torbutton 1.5.0 + |_ NoScript 2.6.5.7 |_ HTTPS-Everywhere 3.1.3 Usage diff --git a/README.LINUX-2.4 b/README.LINUX-2.4 index 18d3b2e..2750443 100644 --- a/README.LINUX-2.4 +++ b/README.LINUX-2.4 @@ -5,10 +5,10 @@ Included applications --------------------- Vidalia 0.2.21 (with Qt 4.8.1) -Tor 0.2.4.10-alpha (with libevent-2.0.21-stable, zlib-1.2.7 and openssl-1.0.1d) -Firefox 17.0.2esr - \_ Torbutton 1.5.0pre-alpha - |_ NoScript 2.6.4.4 +Tor 0.2.4.10-alpha (with libevent-2.0.21-stable, zlib-1.2.7 and openssl-1.0.0k) +Firefox 17.0.3esr + \_ Torbutton 1.5.0 + |_ NoScript 2.6.5.7 |_ HTTPS-Everywhere 4.0development.5 |_ PDF Viewer 0.7.1 diff --git a/README.OSX-2.3 b/README.OSX-2.3 index 2405545..0a54dcd 100644 --- a/README.OSX-2.3 +++ b/README.OSX-2.3 @@ -5,10 +5,10 @@ Included applications --------------------- Vidalia 0.2.21 (with Qt 4.8.1) -Tor 0.2.3.25 (with libevent-2.0.21-stable, zlib-1.2.7 and openssl-1.0.1d) -Firefox 10.0.12esr - \_ Torbutton 1.4.6.3 - |_ NoScript 2.6.4.4 +Tor 0.2.3.25 (with libevent-2.0.21-stable, zlib-1.2.7 and openssl-1.0.0k) +Firefox 17.0.3esr + \_ Torbutton 1.5.0 + |_ NoScript 2.6.5.7 |_ HTTPS-Everywhere 3.1.3 Usage diff --git a/README.OSX-2.4 b/README.OSX-2.4 index 4c4f018..9985c11 100644 --- a/README.OSX-2.4 +++ b/README.OSX-2.4 @@ -5,10 +5,10 @@ Included applications --------------------- Vidalia 0.2.21 (with Qt 4.8.1) -Tor 0.2.4.10-alpha (with libevent-2.0.21-stable, zlib-1.2.7 and openssl-1.0.1d) -Firefox 17.0.2esr - \_ Torbutton 1.5.0pre-alpha - |_ NoScript 2.6.4.4 +Tor 0.2.4.10-alpha (with libevent-2.0.21-stable, zlib-1.2.7 and openssl-1.0.0k) +Firefox 17.0.3esr + \_ Torbutton 1.5.0 + |_ NoScript 2.6.5.7 |_ HTTPS-Everywhere 4.0development.5 |_ PDF Viewer 0.7.1 diff --git a/README.WIN-2.3 b/README.WIN-2.3 index f8f766f..1fc4408 100644 --- a/README.WIN-2.3 +++ b/README.WIN-2.3 @@ -5,10 +5,10 @@ Included applications --------------------- Vidalia 0.2.21 (with Qt 4.8.1) -Tor 0.2.3.25 (with libevent-2.0.21-stable, zlib-1.2.7 and openssl-1.0.1d) -Firefox 10.0.12esr - \_ Torbutton 1.4.6.3 - |_ NoScript 2.6.4.4 +Tor 0.2.3.25 (with libevent-2.0.21-stable, zlib-1.2.7 and openssl-1.0.0k) +Firefox 17.0.3esr + \_ Torbutton 1.5.0 + |_ NoScript 2.6.5.7 |_ HTTPS-Everywhere 3.1.3 Usage diff --git a/README.WIN-2.4 b/README.WIN-2.4 index df08643..c7ac5c9 100644 --- a/README.WIN-2.4 +++ b/README.WIN-2.4 @@ -5,10 +5,10 @@ Included applications --------------------- Vidalia 0.2.21 (with Qt 4.8.1) -Tor 0.2.4.10-alpha (with libevent-2.0.21-stable, zlib-1.2.7 and openssl-1.0.1d) -Firefox 17.0.2esr - \_ Torbutton 1.5.0pre-alpha - |_ NoScript 2.6.4.4 +Tor 0.2.4.10-alpha (with libevent-2.0.21-stable, zlib-1.2.7 and openssl-1.0.0k) +Firefox 17.0.3esr + \_ Torbutton 1.5.0 + |_ NoScript 2.6.5.7 |_ HTTPS-Everywhere 4.0development.5 |_ PDF Viewer 0.7.1 diff --git a/changelog.linux-2.3 b/changelog.linux-2.3 index 7592000..02ed8f9 100644 --- a/changelog.linux-2.3 +++ b/changelog.linux-2.3 @@ -1,3 +1,51 @@ +Tor Browser Bundle (2.3.25-4); suite=linux + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #7470) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5379) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn@torproject.org> Tue Feb 19 23:59:24 CET 2013 + Tor Browser Bundle (2.3.25-3); suite=linux * Update OpenSSL to 1.0.1d diff --git a/changelog.linux-2.4 b/changelog.linux-2.4 index 89734db..11846d0 100644 --- a/changelog.linux-2.4 +++ b/changelog.linux-2.4 @@ -1,3 +1,51 @@ +Tor Browser Bundle (2.4.10-alpha-2); suite=linux + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #7470) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5379) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn@torproject.org> Tue Feb 19 23:59:47 CET 2013 + Tor Browser Bundle (2.4.10-alpha-1); suite=linux * Update Tor to 0.2.4.10-alpha diff --git a/changelog.osx-2.3 b/changelog.osx-2.3 index d4e331a..acc240a 100644 --- a/changelog.osx-2.3 +++ b/changelog.osx-2.3 @@ -1,3 +1,51 @@ +Tor Browser Bundle (2.3.25-4); suite=osx + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #7470) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5379) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn@torproject.org> Tue Feb 19 23:59:21 CET 2013 + Tor Browser Bundle (2.3.25-3); suite=osx * Update OpenSSL to 1.0.1d diff --git a/changelog.osx-2.4 b/changelog.osx-2.4 index f099bd0..0cc3f3b 100644 --- a/changelog.osx-2.4 +++ b/changelog.osx-2.4 @@ -1,3 +1,51 @@ +Tor Browser Bundle (2.4.10-alpha-2); suite=osx + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #7470) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5379) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn@torproject.org> Tue Feb 19 23:59:45 CET 2013 + Tor Browser Bundle (2.4.10-alpha-1); suite=osx * Update Tor to 0.2.4.10-alpha diff --git a/changelog.windows-2.3 b/changelog.windows-2.3 index 990d0f2..a9b1db9 100644 --- a/changelog.windows-2.3 +++ b/changelog.windows-2.3 @@ -1,3 +1,51 @@ +Tor Browser Bundle (2.3.25-4); suite=windows + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #7470) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5379) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn@torproject.org> Tue Feb 19 23:59:26 CET 2013 + Tor Browser Bundle (2.3.25-3); suite=windows * Update OpenSSL to 1.0.1d diff --git a/changelog.windows-2.4 b/changelog.windows-2.4 index c77200b..86f2dff 100644 --- a/changelog.windows-2.4 +++ b/changelog.windows-2.4 @@ -1,3 +1,51 @@ +Tor Browser Bundle (2.4.10-alpha-2); suite=windows + + * Update Firefox to 17.0.3esr + * Downgrade OpenSSL to 1.0.0k + * Update libpng to 1.5.14 + * Update NoScript to 2.6.5.7 + * Firefox patch changes: + - Exempt remote @font-face fonts from font limits (and prefer them). + (closes: #8270) + * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so + they should not count towards our CSS font count limits. Moreover, + if a CSS font-family rule lists any remote fonts, those fonts are + preferred over the local fonts, so we do not reduce the font count + for that rule. + * This vastly improves rendering and typography for many websites. + - Disable WebRTC in Firefox build options. (closes: 8178) + * WebRTC isn't slated to be enabled until Firefox 18, but the code + was getting compiled in already and is capable of creating UDP Sockets + and bypassing Tor. We disable it from build as a safety measure. + - Move prefs.js into omni.ja and extension-overrides. (closes: 3944) + * This causes our browser pref changes to appear as defaults. It also + means that future updates of TBB should preserve user pref settings. + - Fix a use-after-free that caused crashing on MacOS (closes: 8234) + - Eliminate several redundant, useless, and deprecated Firefox pref settings + - Report Firefox 17.0 as the Tor Browser user agent + - Use Firefox's click-to-play barrier for plugins instead of NoScript + - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms + * This fixes a SOCKS race condition with our SOCKS autoport configuration + and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy + settings per URL now, which resulted in a proxy error for + check.torproject.org if we lost the race. + * Torbutton was updated to 1.5.0. The following issues were fixed: + - Remove old toggle observers and related code (closes: #5279) + - Simplify Security Preference UI and associated pref updates (closes: #3100) + - Eliminate redundancy in our Flash/plugin disabling code (closes: #7470) + - Leave most preferences under Tor Browser's control (closes: #3944) + - Disable toggle-on-startup and crash detection logic (closes: #7974) + - Disable/remove toggle-mode code and related observers (closes: #5379) + - Add menu hint to Torbutton icon (closes: #6431) + - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495) + - Perform version check every time there's a new tab. (closes: #6096) + - Rate limit version check queries to once every 1.5hrs max. (closes: #6156) + - misc: Allow WebGL and DOM storage. + - misc: Disable independent Torbutton updates + - misc: Change the recommended SOCKSPort to 9150 (to match TBB) + + -- Erinn Clark <erinn@torproject.org> Tue Feb 19 23:59:49 CET 2013 + Tor Browser Bundle (2.4.10-alpha-1); suite=windows * Update Tor to 0.2.4.10-alpha