[torbrowser/master] bump all versions of stable and alpha (0.2.5.1-alpha) TBBs - tor-commits

14 Dec 2013

commit fb7238f449bd8e990222ba8e8a693b4d12ee7e67
Author: Erinn Clark erinn@torproject.org
Date:   Sat Dec 14 16:45:06 2013 -0200
bump all versions of stable and alpha (0.2.5.1-alpha) TBBs
---
 README.LINUX-2.4                       |    6 +-
 README.LINUX-2.5                       |   29 ++
 README.OSX-2.4                         |    6 +-
 README.OSX-2.5                         |   23 ++
 README.WIN-2.4                         |    6 +-
 README.WIN-2.5                         |   27 ++
 build-scripts/config/Info.plist        |    6 +-
 build-scripts/config/Info.plist-stable |    6 +-
 build-scripts/edit-changelog.sh        |    4 +-
 build-scripts/linux-alpha.mk           |    2 +-
 build-scripts/linux.mk                 |    2 +-
 build-scripts/osx.mk                   |    2 +-
 build-scripts/versions-alpha.mk        |    8 +-
 build-scripts/versions.mk              |    8 +-
 build-scripts/windows.mk               |    2 +-
 changelog.linux-2.4                    |  319 +++++++++++++++++
 changelog.linux-2.5                    |  592 ++++++++++++++++++++++++++++++++
 changelog.osx-2.4                      |  299 ++++++++++++++++
 changelog.osx-2.5                      |  561 ++++++++++++++++++++++++++++++
 changelog.windows-2.4                  |  297 ++++++++++++++++
 changelog.windows-2.5                  |  557 ++++++++++++++++++++++++++++++
 21 files changed, 2733 insertions(+), 29 deletions(-)

diff --git a/README.LINUX-2.4 b/README.LINUX-2.4
index e03ab99..97ae4d9 100644
--- a/README.LINUX-2.4
+++ b/README.LINUX-2.4
@@ -5,11 +5,11 @@ Included applications
 ---------------------
Vidalia 0.2.21 (with Qt 4.8.1)
-Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
 Firefox 17.0.11esr
  _ Torbutton 1.5.2
- |_ NoScript 2.6.8.5
- |_ HTTPS-Everywhere 3.4.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
Usage
 -----
diff --git a/README.LINUX-2.5 b/README.LINUX-2.5
new file mode 100644
index 0000000..a21f5be
--- /dev/null
+++ b/README.LINUX-2.5
@@ -0,0 +1,29 @@
+Tor Browser Bundle for GNU/Linux (beta)
+===============
+
+Included applications
+---------------------
+
+Vidalia 0.2.21 (with Qt 4.8.1)
+Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Firefox 17.0.11esr
+ _ Torbutton 1.5.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
+
+Usage
+-----
+
+Extract the bundle with:
+
+tar -xvzf tor-browser-gnu-linux*.tar.gz
+
+This will create a directory named tor-browser_LANG. Click on this directory or
+cd into it and execute the 'start-tor-browser' script. This will start Vidalia.
+Once Tor has successfully opened a circuit, Firefox will automatically be
+opened.
+
+To exit, close Firefox. Vidalia will automatically clean up and exit.
+
+For more information about bugfixes and other package changes, see the
+changelog in tor-browser_LANG/Docs/changelog.
diff --git a/README.OSX-2.4 b/README.OSX-2.4
index 52ba0f0..6eed409 100644
--- a/README.OSX-2.4
+++ b/README.OSX-2.4
@@ -5,11 +5,11 @@ Included applications
 ---------------------
Vidalia 0.2.21 (with Qt 4.8.1)
-Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
 Firefox 17.0.11esr
  _ Torbutton 1.5.2
- |_ NoScript 2.6.8.5
- |_ HTTPS-Everywhere 3.4.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
Usage
 -----
diff --git a/README.OSX-2.5 b/README.OSX-2.5
new file mode 100644
index 0000000..3f073ac
--- /dev/null
+++ b/README.OSX-2.5
@@ -0,0 +1,23 @@
+Tor Browser Bundle for Mac OS X (beta)
+===============
+
+Included applications
+---------------------
+
+Vidalia 0.2.21 (with Qt 4.8.1)
+Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Firefox 17.0.11esr
+ _ Torbutton 1.5.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
+
+Usage
+-----
+
+Unzip the TorBrowser zip file that you downloaded. Click on the
+TorBrowser_LANG.app which will launch Vidalia and then Firefox.
+
+To exit, close Firefox and Vidalia.
+
+For more information about bugfixes and other package changes, see the
+changelog in TorBrowser_LANG.app/Contents/Resources/changelog.
diff --git a/README.WIN-2.4 b/README.WIN-2.4
index 51925e9..a0aff79 100644
--- a/README.WIN-2.4
+++ b/README.WIN-2.4
@@ -5,11 +5,11 @@ Included applications
 ---------------------
Vidalia 0.2.21 (with Qt 4.8.1)
-Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
 Firefox 17.0.11esr
  _ Torbutton 1.5.2
- |_ NoScript 2.6.8.5
- |_ HTTPS-Everywhere 3.4.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
Usage
 -----
diff --git a/README.WIN-2.5 b/README.WIN-2.5
new file mode 100644
index 0000000..17c9b03
--- /dev/null
+++ b/README.WIN-2.5
@@ -0,0 +1,27 @@
+Tor Browser Bundle for Windows (beta)
+===============
+
+Included applications
+---------------------
+
+Vidalia 0.2.21 (with Qt 4.8.1)
+Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Firefox 17.0.11esr
+ _ Torbutton 1.5.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
+
+Usage
+-----
+
+Tor Browser.exe is a 7zip self extracting archive. To extract the bundle, run
+this and point it to the install location. It will create a folder called "Tor
+Browser". This may be the hard disk, but is more likely the currently mounted
+USB drive. The install process needs only be performed once.
+
+Once the bundle is extracted, open the newly created folder and click
+"Start Tor Browser.bat" (may appear as simply "Start Tor Browser").
+This will start Vidalia. Once Tor has successfully opened a circuit,
+Firefox will automatically be opened.
+
+To exit, close Firefox. Vidalia will automatically clean up and exit.
diff --git a/build-scripts/config/Info.plist b/build-scripts/config/Info.plist
index 8b626a7..4870df7 100644
--- a/build-scripts/config/Info.plist
+++ b/build-scripts/config/Info.plist
@@ -9,7 +9,7 @@
    <key>CFBundleExecutable</key>
    <string>TorBrowserBundle</string>
    <key>CFBundleGetInfoString</key>
-	<string>Tor Browser Bundle 2.4.18-rc-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
+	<string>Tor Browser Bundle 2.5.1-alpha-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
    <key>CFBundleIconFile</key>
    <string>vidalia.icns</string>
    <key>CFBundleIdentifier</key>
@@ -21,7 +21,7 @@
    <key>CFBundlePackageType</key>
    <string>APPL</string>
    <key>CFBundleShortVersionString</key>
-	<string>2.4.18-rc-1</string>
+	<string>2.5.1-alpha-1</string>
    <key>CFBundleSignature</key>
    <string>????</string>
    <key>LSEnvironment</key>
@@ -35,7 +35,7 @@
    <key>NSAppleScriptEnabled</key>
    <false/>
    <key>NSHumanReadableCopyright</key>
-	<string>Tor Browser Bundle 2.4.18-rc-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
+	<string>Tor Browser Bundle 2.5.1-alpha-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
    <key>NSMainNibFile</key>
    <string>MainMenu</string>
    <key>NSPrincipalClass</key>
diff --git a/build-scripts/config/Info.plist-stable b/build-scripts/config/Info.plist-stable
index f1648cf..0e50fc0 100644
--- a/build-scripts/config/Info.plist-stable
+++ b/build-scripts/config/Info.plist-stable
@@ -9,7 +9,7 @@
    <key>CFBundleExecutable</key>
    <string>TorBrowserBundle</string>
    <key>CFBundleGetInfoString</key>
-	<string>Tor Browser Bundle 2.3.25-15 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
+	<string>Tor Browser Bundle 2.4.19-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
    <key>CFBundleIconFile</key>
    <string>vidalia.icns</string>
    <key>CFBundleIdentifier</key>
@@ -21,7 +21,7 @@
    <key>CFBundlePackageType</key>
    <string>APPL</string>
    <key>CFBundleShortVersionString</key>
-	<string>2.3.25-15</string>
+	<string>2.4.19-1</string>
    <key>CFBundleSignature</key>
    <string>????</string>
    <key>LSEnvironment</key>
@@ -35,7 +35,7 @@
    <key>NSAppleScriptEnabled</key>
    <false/>
    <key>NSHumanReadableCopyright</key>
-	<string>Tor Browser Bundle 2.3.25-15 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
+	<string>Tor Browser Bundle 2.4.19-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
    <key>NSMainNibFile</key>
    <string>MainMenu</string>
    <key>NSPrincipalClass</key>
diff --git a/build-scripts/edit-changelog.sh b/build-scripts/edit-changelog.sh
index 4369d33..b8bded4 100755
--- a/build-scripts/edit-changelog.sh
+++ b/build-scripts/edit-changelog.sh
@@ -23,6 +23,6 @@ Tor Browser Bundle ($VERSION); suite=$1
EOF
-mv ../changelog.$1-2.3 ../changelog.$1-2.3-old
-cat ../tmp.changelog.$1 ../changelog.$1-2.3-old >> ../changelog.$1-2.3
+mv ../changelog.$1-2.4 ../changelog.$1-2.4-old
+cat ../tmp.changelog.$1 ../changelog.$1-2.4-old >> ../changelog.$1-2.4
diff --git a/build-scripts/linux-alpha.mk b/build-scripts/linux-alpha.mk
index 349d512..3f831dd 100644
--- a/build-scripts/linux-alpha.mk
+++ b/build-scripts/linux-alpha.mk
@@ -15,7 +15,7 @@
## Architecture
 ARCH_TYPE=$(shell uname -m)
-BUILD_NUM=2
+BUILD_NUM=1
 PLATFORM=Linux
## Build machine specific settings
diff --git a/build-scripts/linux.mk b/build-scripts/linux.mk
index 9edc7ac..300357f 100644
--- a/build-scripts/linux.mk
+++ b/build-scripts/linux.mk
@@ -15,7 +15,7 @@
## Architecture
 ARCH_TYPE=$(shell uname -m)
-BUILD_NUM=16
+BUILD_NUM=1
 PLATFORM=Linux
## Build machine specific settings
diff --git a/build-scripts/osx.mk b/build-scripts/osx.mk
index 349e908..4246dc3 100644
--- a/build-scripts/osx.mk
+++ b/build-scripts/osx.mk
@@ -15,7 +15,7 @@
## Architecture
 ARCH_TYPE=x86_64
-BUILD_NUM=15
+BUILD_NUM=1
 PLATFORM=MacOS
## Set OSX-specific backwards compatibility options
diff --git a/build-scripts/versions-alpha.mk b/build-scripts/versions-alpha.mk
index 0410f41..bc27020 100644
--- a/build-scripts/versions-alpha.mk
+++ b/build-scripts/versions-alpha.mk
@@ -1,6 +1,6 @@
 #!/usr/bin/make
-RELEASE_VER=2.4.18-rc
+RELEASE_VER=2.5.1-alpha
ZLIB_VER=1.2.8
 OPENSSL_VER=1.0.0k
@@ -8,13 +8,13 @@ LIBPNG_VER=1.6.6
 QT_VER=4.8.1
 VIDALIA_VER=0.2.21
 LIBEVENT_VER=2.0.21-stable
-TOR_VER=0.2.4.18-rc
+TOR_VER=0.2.5.1-alpha
 PIDGIN_VER=2.6.4
 FIREFOX_VER=17.0.11esr
 MOZBUILD_VER=1.5.1
 TORBUTTON_VER=1.5.2
-NOSCRIPT_VER=2.6.8.5
-HTTPSEVERYWHERE_VER=3.4.2
+NOSCRIPT_VER=2.6.8.7
+HTTPSEVERYWHERE_VER=3.4.3
 PDFJS_VER=0.8.298
 OBFSPROXY_VER=0.1.4
 OTR_VER=3.2.0
diff --git a/build-scripts/versions.mk b/build-scripts/versions.mk
index 77275b8..2c2add0 100644
--- a/build-scripts/versions.mk
+++ b/build-scripts/versions.mk
@@ -1,6 +1,6 @@
 #!/usr/bin/make
-RELEASE_VER=2.3.25
+RELEASE_VER=2.4.19
ZLIB_VER=1.2.8
 OPENSSL_VER=1.0.0k
@@ -8,13 +8,13 @@ LIBPNG_VER=1.6.6
 QT_VER=4.8.1
 VIDALIA_VER=0.2.21
 LIBEVENT_VER=2.0.21-stable
-TOR_VER=0.2.3.25
+TOR_VER=0.2.4.19
 PIDGIN_VER=2.6.4
 FIREFOX_VER=17.0.11esr
 MOZBUILD_VER=1.5.1
 TORBUTTON_VER=1.5.2
-NOSCRIPT_VER=2.6.8.5
-HTTPSEVERYWHERE_VER=3.4.2
+NOSCRIPT_VER=2.6.8.7
+HTTPSEVERYWHERE_VER=3.4.3
 OTR_VER=3.2.0
 OBFSPROXY_VER=0.1.4
diff --git a/build-scripts/windows.mk b/build-scripts/windows.mk
index f0174b3..9b4a557 100644
--- a/build-scripts/windows.mk
+++ b/build-scripts/windows.mk
@@ -13,7 +13,7 @@
 ### Configuration ###
 #####################
-BUILD_NUM=15
+BUILD_NUM=1
 PLATFORM=Windows
## Location of required libraries
diff --git a/changelog.linux-2.4 b/changelog.linux-2.4
index f3623e4..77b27f7 100644
--- a/changelog.linux-2.4
+++ b/changelog.linux-2.4
@@ -1,3 +1,12 @@
+Tor Browser Bundle (2.4.19-1); suite=linux
+
+  * New stable release
+  * Update Tor to 0.2.4.19
+  * Update NoScript to 2.6.8.7
+  * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark erinn@torproject.org  Sat Dec 14 16:30:26 BRST 2013
+
 Tor Browser Bundle (2.4.18-rc-2); suite=linux
* Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
@@ -271,3 +280,313 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=linux
-- Erinn Clark erinn@torproject.org  Sat Dec  1 15:21:21 GMT 2012
+Tor Browser Bundle (2.3.25-16); suite=linux
+
+  * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
+    stop crashing (closes: #10195)
+
+ -- Erinn Clark erinn@torproject.org  Wed Nov 20 17:46:24 BRST 2013
+
+Tor Browser Bundle (2.3.25-15); suite=linux
+
+  * Update Firefox to 17.0.11esr
+  * Update NoScript to 2.6.8.5
+
+ -- Erinn Clark erinn@torproject.org  Fri Nov 15 18:11:05 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=linux
+
+  * Update Firefox to 17.0.10esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update LibPNG to 1.6.6
+  * Update NoScript to 2.6.8.4
+  * Update HTTPS-Everywhere to 3.4.2
+  * Firefox patch changes:
+    - Hide infobar for missing plugins. (closes: #9012)
+    - Change the default entry page for the addons tab to the
+      installed addons page. (closes: #8364)
+    - Make flash objects really be click-to-play if flash is
+      enabled. (closes: #9867)
+    - Make getFirstPartyURI log+handle errors internally to
+      simplify caller usage of the API. (closes: #3661)
+    - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+    - misc: Fix a potential memory leak in the Image Cache isolation
+    - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark erinn@torproject.org  Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=linux
+
+  * Update Firefox to 17.0.9esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update HTTPS Everywhere to 3.4.1
+  * Update NoScript to 2.6.7.1
+  * Remove extraneous libevent libraries (closes: #9727)
+  * Enable GCC hardening for Tor
+  * Firefox patch changes:
+    - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark erinn@torproject.org  Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=linux
+
+  * Re-add the locale pref to the Firefox prefs file to allow for localization
+    of bundles again (closes: #9436)
+
+ -- Erinn Clark erinn@torproject.org  Sun Aug 11 11:51:21 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=linux
+
+  * Update Firefox to 17.0.8esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update HTTPS Everywhere to 3.3.1
+  * Update NoScript to 2.6.7
+  * Update LibPNG to 1.6.3
+
+ -- Erinn Clark erinn@torproject.org  Thu Aug  8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=linux
+
+  * Update Firefox to 17.0.7esr
+  * Update zlib to 1.2.8
+  * Update libpng 1.5.16
+  * Update NoScript 2.6.6.6
+
+ -- Erinn Clark erinn@torproject.org  Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-9); suite=linux
+
+  * Rebuild 64-bit bundles with Firefox optimizations disabled in order to
+    prevent browser crashes. (closes: #8970)
+  * Update HTTPS Everywhere to 3.2.2
+  * Update NoScript to 2.6.6.2
+
+ -- Erinn Clark erinn@torproject.org  Wed Jun 12 18:42:24 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=linux
+
+  * Update Firefox to 17.0.6esr
+  * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark erinn@torproject.org  Sun May 12 22:05:55 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=linux
+
+  * Update Torbutton to 1.5.2
+  * Update libpng to 1.5.15
+  * Update NoScript to 2.6.6.1
+  * Firefox patch changes:
+    - Apply font limits to @font-face local() fonts and disable fallback
+      rendering for @font-face. (closes: #8455)
+    - Use Optimistic Data SOCKS handshake (improves page load performance).
+      (closes: #3875)
+    - Honor the Windows theme for inverse text colors (without leaking those
+      colors to content). (closes: #7920)
+    - Increase pipeline randomization and try harder to batch pipelined
+      requests together. (closes: #8470)
+    - Fix an image cache isolation domain key misusage. May fix several image
+      cache related crash bugs with New Identity, exit, and certain websites.
+      (closes: #8628)
+  * Torbutton changes:
+    - Allow session restore if the user allows disk actvity (closes: #8457)
+    - Remove the Display Settings panel and associated locales (closes: #8301)
+    - Fix "Transparent Torification" option. (closes: #6566)
+    - Fix a hang on New Identity. (closes: #8642)
+  * Build changes:
+    - Fetch our source deps from an https mirror (closes: #8286)
+    - Create watch scripts for syncing mirror sources and monitoring mirror
+      integrity (closes: #8338)
+
+ -- Erinn Clark erinn@torproject.org  Tue May  7 19:56:58 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=linux
+
+  * Update Firefox to 17.0.5esr
+  * Update NoScript to 2.6.59
+
+ -- Erinn Clark erinn@torproject.org  Mon Apr  1 19:08:16 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=linux
+
+  * Update Firefox to 17.0.4esr
+  * Update NoScript to 2.6.5.8
+  * Update HTTPS Everywhere to 3.1.4
+  * Fix non-English language bundles to have the correct branding (closes: #8302)
+  * Firefox patch changes:
+    - Remove "This plugin is disabled" barrier
+      * This improves the user experience for HTML5 Youtube videos:
+        They "silently" attempt to load flash first, which was not so silent
+        with this barrier in place. (closes: #8312)
+    - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+    - Fix a New Identity hang and/or crash condition (closes: #6386)
+    - Fix crash with Drag + Drop on Windows (closes: #8324)
+  * Torbutton changes:
+    - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+    - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+    - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+    - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+    - Clear DOM localStorage on New Identity. (closes: #8422)
+    - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+    - Localize the "Spoof english" button strings (closes: #5183)
+    - Ask user for confirmation before enabling plugins (closes: #8313)
+    - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark erinn@torproject.org  Sun Mar 10 22:15:43 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=linux
+
+  * Update Firefox to 17.0.3esr
+  * Downgrade OpenSSL to 1.0.0k
+  * Update libpng to 1.5.14
+  * Update NoScript to 2.6.5.7
+  * Firefox patch changes:
+    - Exempt remote @font-face fonts from font limits (and prefer them).
+      (closes: #8270)
+      * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+      they should not count towards our CSS font count limits. Moreover,
+      if a CSS font-family rule lists any remote fonts, those fonts are
+      preferred over the local fonts, so we do not reduce the font count
+      for that rule.
+      * This vastly improves rendering and typography for many websites.
+    - Disable WebRTC in Firefox build options. (closes: 8178)
+      * WebRTC isn't slated to be enabled until Firefox 18, but the code
+        was getting compiled in already and is capable of creating UDP Sockets
+        and bypassing Tor. We disable it from build as a safety measure.
+    - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+      * This causes our browser pref changes to appear as defaults. It also
+        means that future updates of TBB should preserve user pref settings.
+    - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+    - Eliminate several redundant, useless, and deprecated Firefox pref settings
+    - Report Firefox 17.0 as the Tor Browser user agent
+    - Use Firefox's click-to-play barrier for plugins instead of NoScript
+    - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+      * This fixes a SOCKS race condition with our SOCKS autoport configuration
+        and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+        settings per URL now, which resulted in a proxy error for
+        check.torproject.org if we lost the race.
+  * Torbutton was updated to 1.5.0. The following issues were fixed:
+    - Remove old toggle observers and related code (closes: #5279)
+    - Simplify Security Preference UI and associated pref updates (closes: #3100)
+    - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+    - Leave most preferences under Tor Browser's control (closes: #3944)
+    - Disable toggle-on-startup and crash detection logic (closes: #7974)
+    - Disable/remove toggle-mode code and related observers (closes: #5279)
+    - Add menu hint to Torbutton icon (closes: #6431)
+    - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+    - Perform version check every time there's a new tab. (closes: #6096)
+    - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+    - misc: Allow WebGL and DOM storage.
+    - misc: Disable independent Torbutton updates
+    - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb 19 23:59:24 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=linux
+
+  * Update OpenSSL to 1.0.1d
+  * Update HTTPS Everywhere to 3.1.3
+  * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb  5 18:08:43 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=linux
+
+  * Update Firefox to 10.0.12esr
+  * Update Libevent to 2.0.21-stable
+  * Update HTTPS Everywhere to 3.1.2
+  * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark erinn@torproject.org  Fri Jan  4 11:46:05 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=linux
+
+  * Update Tor to 0.2.3.25-rc
+  * Update Firefox 10.0.11esr
+  * Update Vidalia to 0.2.21
+  * Update NoScript to 2.6.2
+
+ -- Erinn Clark erinn@torproject.org  Sun Dec  2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=linux
+
+  * Update Tor to 0.2.3.24-rc
+  * Update Firefox to 10.0.10esr
+  * Update NoScript to 2.5.9
+  * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark erinn@torproject.org  Sat Oct 27 12:16:59 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=linux
+
+  * Update Tor to 0.2.3.23-rc
+  * Update Firefox to 10.0.9esr
+  * Update HTTPS Everywhere to 4.0development.1
+  * Update NoScript to 2.5.8
+  * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+  * Update libpng to 1.5.13
+
+ -- Erinn Clark erinn@torproject.org  Mon Oct 22 16:14:09 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=linux
+
+  * Update Tor to 0.2.3.22-rc
+  * Temporarily use fixed Control and SOCKS ports as a workaround for #6803
+
+ -- Erinn Clark erinn@torproject.org  Wed Sep 12 14:02:57 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=linux
+
+  * Update Tor to 0.2.3.21-rc
+  * Update Firefox to 15.0.1
+  * Update Libevent to 2.0.20-stable
+  * Update Torbutton to 1.4.6.1
+  * Update HTTPS Everywhere to 3.0development.6
+  * Update NoScript to 2.5.4
+
+ -- Erinn Clark erinn@torproject.org  Sun Sep  9 10:42:38 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=linux
+
+  * Update Tor to 0.2.3.20-rc
+  * Update libpng to 1.5.12
+  * Update NoScript to 2.5
+  * Change the urlbar search engine to Startpage (closes: #5925)
+  * Firefox patch updates:
+    - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+    - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+    - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark erinn@torproject.org  Sun Aug  5 23:21:30 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=linux
+
+  * Update Tor to 0.2.3.19-rc
+  * Update Firefox to 14.0.1
+  * Update libevent to 2.0.19-stable
+  * Update OpenSSL to 1.0.1c
+  * Update zlib to 1.2.7
+  * Update Torbutton to 1.4.6
+  * Update NoScript to 2.4.9
+  * Update HTTPS Everywhere to 3.0development.5
+  * Downgrade Vidalia to 0.2.20
+  * Update libpng to 1.5.12
+
+ -- Erinn Clark erinn@torproject.org  Wed Jul 25 15:12:37 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=linux
+
+  * Update Firefox to 11.0
+  * Update NoScript to 2.3.4
+  * Update HTTPS Everywhere to 3.0development.1
+  * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+  * Always build to with warnings enabled (closes: #4470)
+  * Don't attempt to load the default KDE 4 theme from Vidalia, because that
+    fails when the Qt versions don't match (closes: #5214)
+
+ -- Erinn Clark erinn@torproject.org  Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=linux
+
+  * Initial release
+
+ -- Erinn Clark erinn@torproject.org  Thu Mar  1 14:04:56 BRT 2012
diff --git a/changelog.linux-2.5 b/changelog.linux-2.5
new file mode 100644
index 0000000..154d69f
--- /dev/null
+++ b/changelog.linux-2.5
@@ -0,0 +1,592 @@
+Tor Browser Bundle (2.5.1-alpha-1); suite=linux
+
+  * New alpha release
+  * Update Tor to 0.2.5.1-alpha
+  * Update NoScript to 2.6.8.7
+  * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark erinn@torproject.org  Sat Dec 14 16:30:44 BRST 2013
+
+Tor Browser Bundle (2.4.18-rc-2); suite=linux
+
+  * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
+    stop crashing (closes: #10195)
+
+ -- Erinn Clark erinn@torproject.org  Wed Nov 20 17:46:24 BRST 2013
+
+Tor Browser Bundle (2.4.18-rc-1); suite=linux
+
+  * Update Tor to 0.2.4.18-rc
+  * Update Firefox to 17.0.11esr
+  * Update NoScript to 2.6.8.5
+  * Remove PDF.js since it is no longer supported in Firefox 17
+
+ -- Erinn Clark erinn@torproject.org  Sun Nov 17 16:41:32 BRST 2013
+
+Tor Browser Bundle (2.4.17-rc-1); suite=linux
+
+  * Update Firefox to 17.0.10esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update LibPNG to 1.6.6
+  * Update NoScript to 2.6.8.4
+  * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this
+    becoming the stable bundle
+  * Firefox patch changes:
+    - Hide infobar for missing plugins. (closes: #9012)
+    - Change the default entry page for the addons tab to the
+      installed addons page. (closes: #8364)
+    - Make flash objects really be click-to-play if flash is
+      enabled. (closes: #9867)
+    - Make getFirstPartyURI log+handle errors internally to
+      simplify caller usage of the API. (closes: #3661)
+    - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+    - misc: Fix a potential memory leak in the Image Cache isolation
+    - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark erinn@torproject.org  Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.4.17-beta-2); suite=linux
+
+  * Update Firefox to 17.0.9esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update LibPNG to 1.6.3
+  * Update HTTPS Everywhere to 4.0development.12
+  * Update NoScript to 2.6.7.1
+  * Remove extraneous libevent libraries (closes: #9727)
+  * Enable GCC hardening for Tor
+  * Firefox patch changes:
+    - Disable filtered results in Startpage omnibox (closes: #8839)
+  * Add missing geoip file
+
+ -- Erinn Clark erinn@torproject.org  Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.4.17-beta-1); suite=linux
+
+  * Update Tor to 0.2.4.17-rc
+  * Update NoScript to 2.6.7.1
+  * Update HTTPS Everywhere to 4.0development.11
+
+ -- Erinn Clark erinn@torproject.org  Thu Sep  5 14:26:06 CEST 2013
+
+Tor Browser Bundle (2.4.16-beta-1); suite=linux
+
+  * Update Tor to 0.2.4.16-rc
+  * Re-add the locale pref to the Firefox prefs file to allow for localization
+    of bundles again (closes: #9436)
+
+ -- Erinn Clark erinn@torproject.org  Sun Aug 11 11:51:39 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-2); suite=linux
+
+  * Update Firefox to 17.0.8esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * HTTPS Everywhere to 4.0development.9
+  * Update PDF.js to 0.8.298
+  * Update NoScript to 2.6.6.9
+  * Update LibPNG to 1.6.3
+
+ -- Erinn Clark erinn@torproject.org  Thu Aug  8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-1); suite=linux
+
+  * Update Tor to 0.2.4.15-rc
+  * Update NoScript to 2.6.6.7
+
+ -- Erinn Clark erinn@torproject.org  Sun Jul  7 18:38:52 BRT 2013
+
+Tor Browser Bundle (2.4.14-alpha-1); suite=linux
+
+  * Update Tor to 0.2.4.14-alpha
+  * Update Firefox 17.0.7esr
+  * Update zlib to 1.2.8
+  * Update libpng to 1.5.16
+  * Update HTTPS Everywhere to 4.0development.8
+  * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark erinn@torproject.org  Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-2); suite=linux
+
+  * Update Firefox to 17.0.6esr
+  * Update NoScript to 2.6.6.1
+
+ -- Erinn Clark erinn@torproject.org  Sun May 12 22:06:23 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-1); suite=linux
+
+  * Update Tor to 0.2.4.12-alpha
+  * Update Torbutton to 1.5.2
+  * Update libpng to 1.5.15
+  * Update NoScript to 2.6.6
+  * Update PDF.js to 0.8.1
+  * Firefox patch changes:
+    - Apply font limits to @font-face local() fonts and disable fallback
+      rendering for @font-face. (closes: #8455)
+    - Use Optimistic Data SOCKS handshake (improves page load performance).
+      (closes: #3875)
+    - Honor the Windows theme for inverse text colors (without leaking those
+      colors to content). (closes: #7920)
+    - Increase pipeline randomization and try harder to batch pipelined
+      requests together. (closes: #8470)
+    - Fix an image cache isolation domain key misusage. May fix several image
+      cache related crash bugs with New Identity, exit, and certain websites.
+      (closes: #8628)
+  * Torbutton changes:
+    - Allow session restore if the user allows disk actvity (closes: #8457)
+    - Remove the Display Settings panel and associated locales (closes: #8301)
+    - Fix "Transparent Torification" option. (closes: #6566)
+    - Fix a hang on New Identity. (closes: #8642)
+  * Build changes:
+    - Fetch our source deps from an https mirror (closes: #8286)
+    - Create watch scripts for syncing mirror sources and monitoring mirror
+       integrity (closes: #8338)
+
+ -- Erinn Clark erinn@torproject.org  Thu Apr 25 21:15:37 BRT 2013
+
+Tor Browser Bundle (2.4.11-alpha-2); suite=linux
+
+  * Update Firefox to 17.0.5esr
+  * Update NoScript to 2.6.59
+
+ -- Erinn Clark erinn@torproject.org  Mon Apr  1 19:08:37 EDT 2013
+
+Tor Browser Bundle (2.4.10-alpha-3); suite=linux
+
+  * Update Firefox to 17.0.4esr
+  * Update Tor to 0.2.4.11-alpha
+  * Update NoScript to 2.6.5.8
+  * Update HTTPS Everywhere to 4.0development.6
+  * Update PDF.js to 0.7.236
+  * Fix non-English language bundles to have the correct branding (closes: #8302)
+  * Firefox patch changes:
+    - Remove "This plugin is disabled" barrier
+      * This improves the user experience for HTML5 Youtube videos:
+        They "silently" attempt to load flash first, which was not so silent
+        with this barrier in place. (closes: #8312)
+    - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+    - Fix a New Identity hang and/or crash condition (closes: #6386)
+    - Fix crash with Drag + Drop on Windows (closes: #8324)
+  * Torbutton changes:
+    - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+    - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+    - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+    - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+    - Clear DOM localStorage on New Identity. (closes: #8422)
+    - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+    - Localize the "Spoof english" button strings (closes: #5183)
+    - Ask user for confirmation before enabling plugins (closes: #8313)
+    - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark erinn@torproject.org  Tue Mar 12 12:06:00 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-2); suite=linux
+
+  * Update Firefox to 17.0.3esr
+  * Downgrade OpenSSL to 1.0.0k
+  * Update libpng to 1.5.14
+  * Update NoScript to 2.6.5.7
+  * Firefox patch changes:
+    - Exempt remote @font-face fonts from font limits (and prefer them).
+      (closes: #8270)
+      * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+      they should not count towards our CSS font count limits. Moreover,
+      if a CSS font-family rule lists any remote fonts, those fonts are
+      preferred over the local fonts, so we do not reduce the font count
+      for that rule.
+      * This vastly improves rendering and typography for many websites.
+    - Disable WebRTC in Firefox build options. (closes: 8178)
+      * WebRTC isn't slated to be enabled until Firefox 18, but the code
+        was getting compiled in already and is capable of creating UDP Sockets
+        and bypassing Tor. We disable it from build as a safety measure.
+    - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+      * This causes our browser pref changes to appear as defaults. It also
+        means that future updates of TBB should preserve user pref settings.
+    - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+    - Eliminate several redundant, useless, and deprecated Firefox pref settings
+    - Report Firefox 17.0 as the Tor Browser user agent
+    - Use Firefox's click-to-play barrier for plugins instead of NoScript
+    - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+      * This fixes a SOCKS race condition with our SOCKS autoport configuration
+        and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+        settings per URL now, which resulted in a proxy error for
+        check.torproject.org if we lost the race.
+  * Torbutton was updated to 1.5.0. The following issues were fixed:
+    - Remove old toggle observers and related code (closes: #5279)
+    - Simplify Security Preference UI and associated pref updates (closes: #3100)
+    - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+    - Leave most preferences under Tor Browser's control (closes: #3944)
+    - Disable toggle-on-startup and crash detection logic (closes: #7974)
+    - Disable/remove toggle-mode code and related observers (closes: #5279)
+    - Add menu hint to Torbutton icon (closes: #6431)
+    - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+    - Perform version check every time there's a new tab. (closes: #6096)
+    - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+    - misc: Allow WebGL and DOM storage.
+    - misc: Disable independent Torbutton updates
+    - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb 19 23:59:47 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-1); suite=linux
+
+  * Update Tor to 0.2.4.10-alpha
+  * Update OpenSSL to 1.0.1d
+  * Update NoScript to 2.6.4.4
+  * Add PDF Viewer (PDF.js) to README
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb  5 18:13:28 CET 2013
+
+Tor Browser Bundle (2.4.9-alpha-1); suite=linux
+
+  * Update Firefox to 17.0.2esr
+  * Update Tor to 0.2.4.9-alpha
+  * Update Torbutton to 1.5.0pre-alpha
+  * Update NoScript to 2.6.4.3
+  * Update HTTPS-Everywhere to 4.0development.5
+  * Add Mozilla's PDF.js extension to give people the ability to read PDFs in
+    TBB
+  * Prevent TBB from trying to access the X session manager (closes: #5261)
+  * Firefox patch changes:
+    - Isolate image cache to url bar domain (closes: #5742 and #6539)
+    - Enable DOM storage and isolate it to url bar domain (closes: #6564)
+    - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
+  * Misc preference changes:
+    - Disable DOM performance timers (dom.enable_performance) (closes: #6204)
+    - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
+    - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
+    - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)
+
+ -- Erinn Clark erinn@torproject.org  Fri Jan 25 15:31:35 CET 2013
+
+Tor Browser Bundle (2.4.7-alpha-1); suite=linux
+
+  * Update Firefox to 10.0.12esr
+  * Update Tor to 0.2.4.7-alpha
+  * Update Libevent to 2.0.21-stable
+  * Update HTTPS Everywhere to 4.0development.4
+  * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark erinn@torproject.org  Fri Jan  4 11:55:05 CET 2013
+
+Tor Browser Bundle (2.4.6-alpha-2); suite=linux
+
+  * Update Makefiles to use the right changelogs and READMEs
+
+ -- Erinn Clark erinn@torproject.org  Mon Dec  3 16:13:47 GMT 2012
+
+Tor Browser Bundle (2.4.6-alpha-1); suite=linux
+
+  * Initial release
+
+ -- Erinn Clark erinn@torproject.org  Sat Dec  1 15:21:21 GMT 2012
+
+Tor Browser Bundle (2.3.25-16); suite=linux
+
+  * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
+    stop crashing (closes: #10195)
+
+ -- Erinn Clark erinn@torproject.org  Wed Nov 20 17:46:24 BRST 2013
+
+Tor Browser Bundle (2.3.25-15); suite=linux
+
+  * Update Firefox to 17.0.11esr
+  * Update NoScript to 2.6.8.5
+
+ -- Erinn Clark erinn@torproject.org  Fri Nov 15 18:11:05 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=linux
+
+  * Update Firefox to 17.0.10esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update LibPNG to 1.6.6
+  * Update NoScript to 2.6.8.4
+  * Update HTTPS-Everywhere to 3.4.2
+  * Firefox patch changes:
+    - Hide infobar for missing plugins. (closes: #9012)
+    - Change the default entry page for the addons tab to the
+      installed addons page. (closes: #8364)
+    - Make flash objects really be click-to-play if flash is
+      enabled. (closes: #9867)
+    - Make getFirstPartyURI log+handle errors internally to
+      simplify caller usage of the API. (closes: #3661)
+    - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+    - misc: Fix a potential memory leak in the Image Cache isolation
+    - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark erinn@torproject.org  Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=linux
+
+  * Update Firefox to 17.0.9esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update HTTPS Everywhere to 3.4.1
+  * Update NoScript to 2.6.7.1
+  * Remove extraneous libevent libraries (closes: #9727)
+  * Enable GCC hardening for Tor
+  * Firefox patch changes:
+    - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark erinn@torproject.org  Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=linux
+
+  * Re-add the locale pref to the Firefox prefs file to allow for localization
+    of bundles again (closes: #9436)
+
+ -- Erinn Clark erinn@torproject.org  Sun Aug 11 11:51:21 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=linux
+
+  * Update Firefox to 17.0.8esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update HTTPS Everywhere to 3.3.1
+  * Update NoScript to 2.6.7
+  * Update LibPNG to 1.6.3
+
+ -- Erinn Clark erinn@torproject.org  Thu Aug  8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=linux
+
+  * Update Firefox to 17.0.7esr
+  * Update zlib to 1.2.8
+  * Update libpng 1.5.16
+  * Update NoScript 2.6.6.6
+
+ -- Erinn Clark erinn@torproject.org  Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-9); suite=linux
+
+  * Rebuild 64-bit bundles with Firefox optimizations disabled in order to
+    prevent browser crashes. (closes: #8970)
+  * Update HTTPS Everywhere to 3.2.2
+  * Update NoScript to 2.6.6.2
+
+ -- Erinn Clark erinn@torproject.org  Wed Jun 12 18:42:24 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=linux
+
+  * Update Firefox to 17.0.6esr
+  * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark erinn@torproject.org  Sun May 12 22:05:55 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=linux
+
+  * Update Torbutton to 1.5.2
+  * Update libpng to 1.5.15
+  * Update NoScript to 2.6.6.1
+  * Firefox patch changes:
+    - Apply font limits to @font-face local() fonts and disable fallback
+      rendering for @font-face. (closes: #8455)
+    - Use Optimistic Data SOCKS handshake (improves page load performance).
+      (closes: #3875)
+    - Honor the Windows theme for inverse text colors (without leaking those
+      colors to content). (closes: #7920)
+    - Increase pipeline randomization and try harder to batch pipelined
+      requests together. (closes: #8470)
+    - Fix an image cache isolation domain key misusage. May fix several image
+      cache related crash bugs with New Identity, exit, and certain websites.
+      (closes: #8628)
+  * Torbutton changes:
+    - Allow session restore if the user allows disk actvity (closes: #8457)
+    - Remove the Display Settings panel and associated locales (closes: #8301)
+    - Fix "Transparent Torification" option. (closes: #6566)
+    - Fix a hang on New Identity. (closes: #8642)
+  * Build changes:
+    - Fetch our source deps from an https mirror (closes: #8286)
+    - Create watch scripts for syncing mirror sources and monitoring mirror
+      integrity (closes: #8338)
+
+ -- Erinn Clark erinn@torproject.org  Tue May  7 19:56:58 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=linux
+
+  * Update Firefox to 17.0.5esr
+  * Update NoScript to 2.6.59
+
+ -- Erinn Clark erinn@torproject.org  Mon Apr  1 19:08:16 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=linux
+
+  * Update Firefox to 17.0.4esr
+  * Update NoScript to 2.6.5.8
+  * Update HTTPS Everywhere to 3.1.4
+  * Fix non-English language bundles to have the correct branding (closes: #8302)
+  * Firefox patch changes:
+    - Remove "This plugin is disabled" barrier
+      * This improves the user experience for HTML5 Youtube videos:
+        They "silently" attempt to load flash first, which was not so silent
+        with this barrier in place. (closes: #8312)
+    - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+    - Fix a New Identity hang and/or crash condition (closes: #6386)
+    - Fix crash with Drag + Drop on Windows (closes: #8324)
+  * Torbutton changes:
+    - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+    - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+    - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+    - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+    - Clear DOM localStorage on New Identity. (closes: #8422)
+    - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+    - Localize the "Spoof english" button strings (closes: #5183)
+    - Ask user for confirmation before enabling plugins (closes: #8313)
+    - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark erinn@torproject.org  Sun Mar 10 22:15:43 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=linux
+
+  * Update Firefox to 17.0.3esr
+  * Downgrade OpenSSL to 1.0.0k
+  * Update libpng to 1.5.14
+  * Update NoScript to 2.6.5.7
+  * Firefox patch changes:
+    - Exempt remote @font-face fonts from font limits (and prefer them).
+      (closes: #8270)
+      * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+      they should not count towards our CSS font count limits. Moreover,
+      if a CSS font-family rule lists any remote fonts, those fonts are
+      preferred over the local fonts, so we do not reduce the font count
+      for that rule.
+      * This vastly improves rendering and typography for many websites.
+    - Disable WebRTC in Firefox build options. (closes: 8178)
+      * WebRTC isn't slated to be enabled until Firefox 18, but the code
+        was getting compiled in already and is capable of creating UDP Sockets
+        and bypassing Tor. We disable it from build as a safety measure.
+    - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+      * This causes our browser pref changes to appear as defaults. It also
+        means that future updates of TBB should preserve user pref settings.
+    - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+    - Eliminate several redundant, useless, and deprecated Firefox pref settings
+    - Report Firefox 17.0 as the Tor Browser user agent
+    - Use Firefox's click-to-play barrier for plugins instead of NoScript
+    - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+      * This fixes a SOCKS race condition with our SOCKS autoport configuration
+        and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+        settings per URL now, which resulted in a proxy error for
+        check.torproject.org if we lost the race.
+  * Torbutton was updated to 1.5.0. The following issues were fixed:
+    - Remove old toggle observers and related code (closes: #5279)
+    - Simplify Security Preference UI and associated pref updates (closes: #3100)
+    - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+    - Leave most preferences under Tor Browser's control (closes: #3944)
+    - Disable toggle-on-startup and crash detection logic (closes: #7974)
+    - Disable/remove toggle-mode code and related observers (closes: #5279)
+    - Add menu hint to Torbutton icon (closes: #6431)
+    - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+    - Perform version check every time there's a new tab. (closes: #6096)
+    - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+    - misc: Allow WebGL and DOM storage.
+    - misc: Disable independent Torbutton updates
+    - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb 19 23:59:24 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=linux
+
+  * Update OpenSSL to 1.0.1d
+  * Update HTTPS Everywhere to 3.1.3
+  * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb  5 18:08:43 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=linux
+
+  * Update Firefox to 10.0.12esr
+  * Update Libevent to 2.0.21-stable
+  * Update HTTPS Everywhere to 3.1.2
+  * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark erinn@torproject.org  Fri Jan  4 11:46:05 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=linux
+
+  * Update Tor to 0.2.3.25-rc
+  * Update Firefox 10.0.11esr
+  * Update Vidalia to 0.2.21
+  * Update NoScript to 2.6.2
+
+ -- Erinn Clark erinn@torproject.org  Sun Dec  2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=linux
+
+  * Update Tor to 0.2.3.24-rc
+  * Update Firefox to 10.0.10esr
+  * Update NoScript to 2.5.9
+  * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark erinn@torproject.org  Sat Oct 27 12:16:59 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=linux
+
+  * Update Tor to 0.2.3.23-rc
+  * Update Firefox to 10.0.9esr
+  * Update HTTPS Everywhere to 4.0development.1
+  * Update NoScript to 2.5.8
+  * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+  * Update libpng to 1.5.13
+
+ -- Erinn Clark erinn@torproject.org  Mon Oct 22 16:14:09 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=linux
+
+  * Update Tor to 0.2.3.22-rc
+  * Temporarily use fixed Control and SOCKS ports as a workaround for #6803
+
+ -- Erinn Clark erinn@torproject.org  Wed Sep 12 14:02:57 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=linux
+
+  * Update Tor to 0.2.3.21-rc
+  * Update Firefox to 15.0.1
+  * Update Libevent to 2.0.20-stable
+  * Update Torbutton to 1.4.6.1
+  * Update HTTPS Everywhere to 3.0development.6
+  * Update NoScript to 2.5.4
+
+ -- Erinn Clark erinn@torproject.org  Sun Sep  9 10:42:38 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=linux
+
+  * Update Tor to 0.2.3.20-rc
+  * Update libpng to 1.5.12
+  * Update NoScript to 2.5
+  * Change the urlbar search engine to Startpage (closes: #5925)
+  * Firefox patch updates:
+    - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+    - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+    - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark erinn@torproject.org  Sun Aug  5 23:21:30 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=linux
+
+  * Update Tor to 0.2.3.19-rc
+  * Update Firefox to 14.0.1
+  * Update libevent to 2.0.19-stable
+  * Update OpenSSL to 1.0.1c
+  * Update zlib to 1.2.7
+  * Update Torbutton to 1.4.6
+  * Update NoScript to 2.4.9
+  * Update HTTPS Everywhere to 3.0development.5
+  * Downgrade Vidalia to 0.2.20
+  * Update libpng to 1.5.12
+
+ -- Erinn Clark erinn@torproject.org  Wed Jul 25 15:12:37 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=linux
+
+  * Update Firefox to 11.0
+  * Update NoScript to 2.3.4
+  * Update HTTPS Everywhere to 3.0development.1
+  * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+  * Always build to with warnings enabled (closes: #4470)
+  * Don't attempt to load the default KDE 4 theme from Vidalia, because that
+    fails when the Qt versions don't match (closes: #5214)
+
+ -- Erinn Clark erinn@torproject.org  Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=linux
+
+  * Initial release
+
+ -- Erinn Clark erinn@torproject.org  Thu Mar  1 14:04:56 BRT 2012
diff --git a/changelog.osx-2.4 b/changelog.osx-2.4
index d8c0b4a..6fcd6d2 100644
--- a/changelog.osx-2.4
+++ b/changelog.osx-2.4
@@ -1,3 +1,12 @@
+Tor Browser Bundle (2.4.19-1); suite=osx
+
+  * New stable release
+  * Update Tor to 0.2.4.19
+  * Update NoScript to 2.6.8.7
+  * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark erinn@torproject.org  Sat Dec 14 16:30:22 BRST 2013
+
 Tor Browser Bundle (2.4.18-rc-1); suite=linux
* Update Tor to 0.2.4.18-rc
@@ -260,3 +269,293 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=osx
   * Initial release
-- Erinn Clark erinn@torproject.org  Sat Dec  1 15:21:11 GMT 2012
+Tor Browser Bundle (2.3.25-15); suite=osx
+
+  * Update Firefox to 17.0.11esr
+  * Update NoScript to 2.6.8.5
+  * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield.
+    (closes: #10092)
+
+ -- Erinn Clark erinn@torproject.org  Fri Nov 15 18:11:00 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=osx
+
+  * Update Firefox to 17.0.10esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update NoScript to 2.6.8.4
+  * Update HTTPS-Everywhere to 3.4.2
+  * Firefox patch changes:
+    - Hide infobar for missing plugins. (closes: #9012)
+    - Change the default entry page for the addons tab to the
+      installed addons page. (closes: #8364)
+    - Make flash objects really be click-to-play if flash is
+      enabled. (closes: #9867)
+    - Make getFirstPartyURI log+handle errors internally to
+      simplify caller usage of the API. (closes: #3661)
+    - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+    - misc: Fix a potential memory leak in the Image Cache isolation
+    - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark erinn@torproject.org  Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=osx
+
+  * Update Firefox to 17.0.9esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update HTTPS Everywhere to 3.4.1
+  * Update NoScript to 2.6.7.1
+  * Remove extraneous libevent libraries (closes: #9727)
+  * Enable GCC hardening for Tor
+  * Firefox patch changes:
+    - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark erinn@torproject.org  Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=osx
+
+  * Re-add the locale pref to the Firefox prefs file to allow for localization
+    of bundles again (closes: #9436)
+
+ -- Erinn Clark erinn@torproject.org  Sun Aug 11 11:51:19 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=osx
+
+  * Update Firefox to 17.0.8esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update HTTPS Everywhere to 3.3.1
+  * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark erinn@torproject.org  Thu Aug  8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=osx
+
+  * Update Firefox to 17.0.7esr
+  * Update zlib to 1.2.8
+  * Update HTTPS Everywhere to 3.2.2
+  * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark erinn@torproject.org  Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=osx
+
+  * Update Firefox to 17.0.6esr
+  * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark erinn@torproject.org  Sun May 12 22:05:50 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=osx
+
+  * Update Torbutton to 1.5.2
+  * Update libpng to 1.5.15
+  * Update NoScript to 2.6.6.1
+  * Firefox patch changes:
+    - Apply font limits to @font-face local() fonts and disable fallback
+      rendering for @font-face. (closes: #8455)
+    - Use Optimistic Data SOCKS handshake (improves page load performance).
+      (closes: #3875)
+    - Honor the Windows theme for inverse text colors (without leaking those
+      colors to content). (closes: #7920)
+    - Increase pipeline randomization and try harder to batch pipelined
+      requests together. (closes: #8470)
+    - Fix an image cache isolation domain key misusage. May fix several image
+      cache related crash bugs with New Identity, exit, and certain websites.
+      (closes: #8628)
+  * Torbutton changes:
+    - Allow session restore if the user allows disk actvity (closes: #8457)
+    - Remove the Display Settings panel and associated locales (closes: #8301)
+    - Fix "Transparent Torification" option. (closes: #6566)
+    - Fix a hang on New Identity. (closes: #8642)
+  * Build changes:
+    - Fetch our source deps from an https mirror (closes: #8286)
+    - Create watch scripts for syncing mirror sources and monitoring mirror
+      integrity (closes: #8338)
+
+ -- Erinn Clark erinn@torproject.org  Tue May  7 19:56:56 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=osx
+
+  * Update Firefox to 17.0.5esr
+  * Update NoScript to 2.6.59
+
+ -- Erinn Clark erinn@torproject.org  Mon Apr  1 19:08:11 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=osx
+
+  * Update Firefox to 17.0.4esr
+  * Update NoScript to 2.6.5.8
+  * Update HTTPS Everywhere to 3.1.4
+  * Fix non-English language bundles to have the correct branding (closes: #8302)
+  * Firefox patch changes:
+    - Remove "This plugin is disabled" barrier
+      * This improves the user experience for HTML5 Youtube videos:
+        They "silently" attempt to load flash first, which was not so silent
+        with this barrier in place. (closes: #8312)
+    - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+    - Fix a New Identity hang and/or crash condition (closes: #6386)
+    - Fix crash with Drag + Drop on Windows (closes: #8324)
+  * Torbutton changes:
+    - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+    - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+    - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+    - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+    - Clear DOM localStorage on New Identity. (closes: #8422)
+    - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+    - Localize the "Spoof english" button strings (closes: #5183)
+    - Ask user for confirmation before enabling plugins (closes: #8313)
+    - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark erinn@torproject.org  Sun Mar 10 22:15:38 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=osx
+
+  * Update Firefox to 17.0.3esr
+  * Downgrade OpenSSL to 1.0.0k
+  * Update libpng to 1.5.14
+  * Update NoScript to 2.6.5.7
+  * Firefox patch changes:
+    - Exempt remote @font-face fonts from font limits (and prefer them).
+      (closes: #8270)
+      * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+      they should not count towards our CSS font count limits. Moreover,
+      if a CSS font-family rule lists any remote fonts, those fonts are
+      preferred over the local fonts, so we do not reduce the font count
+      for that rule.
+      * This vastly improves rendering and typography for many websites.
+    - Disable WebRTC in Firefox build options. (closes: 8178)
+      * WebRTC isn't slated to be enabled until Firefox 18, but the code
+        was getting compiled in already and is capable of creating UDP Sockets
+        and bypassing Tor. We disable it from build as a safety measure.
+    - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+      * This causes our browser pref changes to appear as defaults. It also
+        means that future updates of TBB should preserve user pref settings.
+    - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+    - Eliminate several redundant, useless, and deprecated Firefox pref settings
+    - Report Firefox 17.0 as the Tor Browser user agent
+    - Use Firefox's click-to-play barrier for plugins instead of NoScript
+    - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+      * This fixes a SOCKS race condition with our SOCKS autoport configuration
+        and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+        settings per URL now, which resulted in a proxy error for
+        check.torproject.org if we lost the race.
+  * Torbutton was updated to 1.5.0. The following issues were fixed:
+    - Remove old toggle observers and related code (closes: #5279)
+    - Simplify Security Preference UI and associated pref updates (closes: #3100)
+    - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+    - Leave most preferences under Tor Browser's control (closes: #3944)
+    - Disable toggle-on-startup and crash detection logic (closes: #7974)
+    - Disable/remove toggle-mode code and related observers (closes: #5279)
+    - Add menu hint to Torbutton icon (closes: #6431)
+    - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+    - Perform version check every time there's a new tab. (closes: #6096)
+    - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+    - misc: Allow WebGL and DOM storage.
+    - misc: Disable independent Torbutton updates
+    - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb 19 23:59:21 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=osx
+
+  * Update OpenSSL to 1.0.1d
+  * Update HTTPS Everywhere to 3.1.3
+  * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb  5 18:08:39 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=osx
+
+  * Update Firefox to 10.0.12esr
+  * Update Libevent to 2.0.21-stable
+  * Update HTTPS Everywhere to 3.1.2
+  * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark erinn@torproject.org  Fri Jan  4 11:46:03 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=osx
+
+  * Update Tor to 0.2.3.25
+  * Update Firefox 10.0.11esr
+  * Update Vidalia to 0.2.21
+  * Update NoScript to 2.6.2
+
+ -- Erinn Clark erinn@torproject.org  Sun Dec  2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=osx
+
+  * Update Tor to 0.2.3.24-rc
+  * Update Firefox to 10.0.10esr
+  * Update NoScript to 2.5.9
+  * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark erinn@torproject.org  Sat Oct 27 12:16:55 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=osx
+
+  * Update Tor to 0.2.3.23-rc
+  * Update Firefox to 10.0.9esr
+  * Update HTTPS Everywhere to 4.0development.1
+  * Update NoScript to 2.5.8
+  * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+
+ -- Erinn Clark erinn@torproject.org  Mon Oct 22 16:14:03 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=osx
+
+  * Update Tor to 0.2.3.22-rc
+  * Temporarily use fixed Control and SOCKS ports as a workaround for #6803
+
+ -- Erinn Clark erinn@torproject.org  Wed Sep 12 14:02:57 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=osx
+
+  * Update Tor to 0.2.3.21-rc
+  * Update Firefox to 15.0.1
+  * Update Libevent to 2.0.20-stable
+  * Update Torbutton to 1.4.6.1
+  * Update HTTPS Everywhere to 3.0development.6
+  * Update NoScript to 2.5.4
+
+ -- Erinn Clark erinn@torproject.org  Sun Sep  9 10:42:33 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=osx
+
+  * Update Tor to 0.2.3.20-rc
+  * Update NoScript to 2.5
+  * Change the urlbar search engine to Startpage (closes: #5925)
+  * Firefox patch updates:
+    - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+    - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+    - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark erinn@torproject.org  Sun Aug  5 23:21:27 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=osx
+
+  * Update Tor to 0.2.3.19-rc
+  * Update Firefox to 14.0.1
+  * Update libevent to 2.0.19-stable
+  * Update OpenSSL to 1.0.1c
+  * Update zlib to 1.2.7
+  * Update Torbutton to 1.4.6
+  * Update NoScript to 2.4.9
+  * Update HTTPS Everywhere to 3.0development.5
+  * Downgrade Vidalia to 0.2.20
+
+ -- Erinn Clark erinn@torproject.org  Wed Jul 25 15:12:26 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=osx
+
+  * Update Firefox to 11.0
+  * Update NoScript to 2.3.4
+  * Update HTTPS Everywhere to 3.0development.1
+  * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+  * Always build to with warnings enabled (closes: #4470)
+  * Give OS X users below 10.5 an incompatibility message (closes: #4356)
+
+ -- Erinn Clark erinn@torproject.org  Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=osx
+
+  * Initial release
+
+ -- Erinn Clark erinn@torproject.org  Thu Mar  1 14:04:56 BRT 2012
diff --git a/changelog.osx-2.5 b/changelog.osx-2.5
new file mode 100644
index 0000000..83de71c
--- /dev/null
+++ b/changelog.osx-2.5
@@ -0,0 +1,561 @@
+Tor Browser Bundle (2.5.1-alpha-1); suite=osx
+
+  * New alpha release
+  * Update Tor to 0.2.5.1-alpha
+  * Update NoScript to 2.6.8.7
+  * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark erinn@torproject.org  Sat Dec 14 16:31:01 BRST 2013
+
+Tor Browser Bundle (2.4.18-rc-1); suite=linux
+
+  * Update Tor to 0.2.4.18-rc
+  * Update Firefox to 17.0.11esr
+  * Update NoScript to 2.6.8.5
+  * Remove PDF.js since it is no longer supported in Firefox 17
+  * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield.
+    (closes: #10092)
+
+ -- Erinn Clark erinn@torproject.org  Sun Nov 17 16:41:32 BRST 2013
+
+Tor Browser Bundle (2.4.17-rc-1); suite=osx
+
+  * Update Firefox to 17.0.10esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update NoScript to 2.6.8.4
+  * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this
+    becoming the stable bundle
+  * Firefox patch changes:
+    - Hide infobar for missing plugins. (closes: #9012)
+    - Change the default entry page for the addons tab to the
+      installed addons page. (closes: #8364)
+    - Make flash objects really be click-to-play if flash is
+      enabled. (closes: #9867)
+    - Make getFirstPartyURI log+handle errors internally to
+      simplify caller usage of the API. (closes: #3661)
+    - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+    - misc: Fix a potential memory leak in the Image Cache isolation
+    - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark erinn@torproject.org  Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.4.17-beta-2); suite=osx
+
+  * Update Firefox to 17.0.9esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update HTTPS Everywhere to 4.0development.12
+  * Update NoScript to 2.6.7.1
+  * Remove extraneous libevent libraries (closes: #9727)
+  * Enable GCC hardening for Tor
+  * Firefox patch changes:
+    - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark erinn@torproject.org  Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.4.17-beta-1); suite=osx
+
+  * Update Tor to 0.2.4.17-rc
+  * Update NoScript to 2.6.7.1
+  * Update HTTPS Everywhere to 4.0development.11
+
+ -- Erinn Clark erinn@torproject.org  Thu Sep  5 14:26:04 CEST 2013
+
+Tor Browser Bundle (2.4.16-beta-1); suite=osx
+
+  * Update Tor to 0.2.4.16-rc
+  * Re-add the locale pref to the Firefox prefs file to allow for localization
+    of bundles again (closes: #9436)
+
+ -- Erinn Clark erinn@torproject.org  Sun Aug 11 11:51:41 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-2); suite=osx
+
+  * Update Firefox to 17.0.8esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * HTTPS Everywhere to 4.0development.9
+  * Update PDF.js to 0.8.298
+  * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark erinn@torproject.org  Thu Aug  8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-1); suite=osx
+
+  * Update Tor to 0.2.4.15-rc
+  * Update NoScript to 2.6.6.7
+
+ -- Erinn Clark erinn@torproject.org  Sun Jul  7 18:38:48 BRT 2013
+
+Tor Browser Bundle (2.4.14-alpha-1); suite=osx
+
+  * Update Tor to 0.2.4.14-alpha
+  * Update Firefox 17.0.7esr
+  * Update zlib to 1.2.8
+  * Update libpng to 1.5.16
+  * Update HTTPS Everywhere to 4.0development.8
+  * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark erinn@torproject.org  Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-2); suite=osx
+
+  * Update Firefox to 17.0.6esr
+  * Update NoScript to 2.6.6.1
+
+ -- Erinn Clark erinn@torproject.org  Sun May 12 22:06:20 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-1); suite=osx
+
+  * Update Tor to 0.2.4.12-alpha
+  * Update Torbutton to 1.5.2
+  * Update libpng to 1.5.15
+  * Update NoScript to 2.6.6
+  * Update PDF.js to 0.8.1
+  * Firefox patch changes:
+    - Apply font limits to @font-face local() fonts and disable fallback
+      rendering for @font-face. (closes: #8455)
+    - Use Optimistic Data SOCKS handshake (improves page load performance).
+      (closes: #3875)
+    - Honor the Windows theme for inverse text colors (without leaking those
+      colors to content). (closes: #7920)
+    - Increase pipeline randomization and try harder to batch pipelined
+      requests together. (closes: #8470)
+    - Fix an image cache isolation domain key misusage. May fix several image
+      cache related crash bugs with New Identity, exit, and certain websites.
+      (closes: #8628)
+  * Torbutton changes:
+    - Allow session restore if the user allows disk actvity (closes: #8457)
+    - Remove the Display Settings panel and associated locales (closes: #8301)
+    - Fix "Transparent Torification" option. (closes: #6566)
+    - Fix a hang on New Identity. (closes: #8642)
+  * Build changes:
+    - Fetch our source deps from an https mirror (closes: #8286)
+    - Create watch scripts for syncing mirror sources and monitoring mirror
+      integrity (closes: #8338)
+
+ -- Erinn Clark erinn@torproject.org  Thu Apr 25 21:15:32 BRT 2013
+
+Tor Browser Bundle (2.4.11-alpha-2); suite=osx
+
+  * Update Firefox to 17.0.5esr
+  * Update NoScript to 2.6.59
+
+ -- Erinn Clark erinn@torproject.org  Mon Apr  1 19:08:42 EDT 2013
+
+Tor Browser Bundle (2.4.10-alpha-3); suite=osx
+
+  * Update Firefox to 17.0.4esr
+  * Update Tor to 0.2.4.11-alpha
+  * Update NoScript to 2.6.5.8
+  * Update HTTPS Everywhere to 4.0development.6
+  * Update PDF.js to 0.7.236
+  * Fix non-English language bundles to have the correct branding (closes: #8302)
+  * Firefox patch changes:
+    - Remove "This plugin is disabled" barrier
+      * This improves the user experience for HTML5 Youtube videos:
+        They "silently" attempt to load flash first, which was not so silent
+        with this barrier in place. (closes: #8312)
+    - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+    - Fix a New Identity hang and/or crash condition (closes: #6386)
+    - Fix crash with Drag + Drop on Windows (closes: #8324)
+  * Torbutton changes:
+    - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+    - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+    - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+    - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+    - Clear DOM localStorage on New Identity. (closes: #8422)
+    - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+    - Localize the "Spoof english" button strings (closes: #5183)
+    - Ask user for confirmation before enabling plugins (closes: #8313)
+    - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark erinn@torproject.org  Tue Mar 12 12:06:00 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-2); suite=osx
+
+  * Update Firefox to 17.0.3esr
+  * Downgrade OpenSSL to 1.0.0k
+  * Update libpng to 1.5.14
+  * Update NoScript to 2.6.5.7
+  * Firefox patch changes:
+    - Exempt remote @font-face fonts from font limits (and prefer them).
+      (closes: #8270)
+      * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+      they should not count towards our CSS font count limits. Moreover,
+      if a CSS font-family rule lists any remote fonts, those fonts are
+      preferred over the local fonts, so we do not reduce the font count
+      for that rule.
+      * This vastly improves rendering and typography for many websites.
+    - Disable WebRTC in Firefox build options. (closes: 8178)
+      * WebRTC isn't slated to be enabled until Firefox 18, but the code
+        was getting compiled in already and is capable of creating UDP Sockets
+        and bypassing Tor. We disable it from build as a safety measure.
+    - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+      * This causes our browser pref changes to appear as defaults. It also
+        means that future updates of TBB should preserve user pref settings.
+    - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+    - Eliminate several redundant, useless, and deprecated Firefox pref settings
+    - Report Firefox 17.0 as the Tor Browser user agent
+    - Use Firefox's click-to-play barrier for plugins instead of NoScript
+    - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+      * This fixes a SOCKS race condition with our SOCKS autoport configuration
+        and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+        settings per URL now, which resulted in a proxy error for
+        check.torproject.org if we lost the race.
+  * Torbutton was updated to 1.5.0. The following issues were fixed:
+    - Remove old toggle observers and related code (closes: #5279)
+    - Simplify Security Preference UI and associated pref updates (closes: #3100)
+    - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+    - Leave most preferences under Tor Browser's control (closes: #3944)
+    - Disable toggle-on-startup and crash detection logic (closes: #7974)
+    - Disable/remove toggle-mode code and related observers (closes: #5279)
+    - Add menu hint to Torbutton icon (closes: #6431)
+    - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+    - Perform version check every time there's a new tab. (closes: #6096)
+    - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+    - misc: Allow WebGL and DOM storage.
+    - misc: Disable independent Torbutton updates
+    - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb 19 23:59:45 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-1); suite=osx
+
+  * Update Tor to 0.2.4.10-alpha
+  * Update OpenSSL to 1.0.1d
+  * Update NoScript to 2.6.4.4
+  * Add PDF Viewer (PDF.js) to README
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb  5 18:13:28 CET 2013
+
+Tor Browser Bundle (2.4.9-alpha-1); suite=osx
+
+  * Update Firefox to 17.0.2esr
+  * Update Tor to 0.2.4.9-alpha
+  * Update Torbutton to 1.5.0pre-alpha
+  * Update NoScript to 2.6.4.3
+  * Update HTTPS-Everywhere to 4.0development.5
+  * Add Mozilla's PDF.js extension to give people the ability to read PDFs in
+    TBB
+  * Firefox patch changes:
+    - Isolate image cache to url bar domain (closes: #5742 and #6539)
+    - Enable DOM storage and isolate it to url bar domain (closes: #6564)
+    - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
+  * Misc preference changes:
+    - Disable DOM performance timers (dom.enable_performance) (closes: #6204)
+    - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
+    - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
+    - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)
+
+ -- Erinn Clark erinn@torproject.org  Fri Jan 25 15:31:35 CET 2013
+
+Tor Browser Bundle (2.4.7-alpha-1); suite=osx
+
+  * Update Firefox to 10.0.12esr
+  * Update Tor to 0.2.4.7-alpha
+  * Update Libevent to 2.0.21-stable
+  * Update HTTPS Everywhere to 4.0development.4
+  * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark erinn@torproject.org  Fri Jan  4 11:55:00 CET 2013
+
+Tor Browser Bundle (2.4.6-alpha-2); suite=osx
+
+  * Update Makefiles to use the right changelogs and READMEs
+
+ -- Erinn Clark erinn@torproject.org  Mon Dec  3 16:13:43 GMT 2012
+
+Tor Browser Bundle (2.4.6-alpha-1); suite=osx
+
+  * Initial release
+
+ -- Erinn Clark erinn@torproject.org  Sat Dec  1 15:21:11 GMT 2012
+Tor Browser Bundle (2.3.25-15); suite=osx
+
+  * Update Firefox to 17.0.11esr
+  * Update NoScript to 2.6.8.5
+  * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield.
+    (closes: #10092)
+
+ -- Erinn Clark erinn@torproject.org  Fri Nov 15 18:11:00 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=osx
+
+  * Update Firefox to 17.0.10esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update NoScript to 2.6.8.4
+  * Update HTTPS-Everywhere to 3.4.2
+  * Firefox patch changes:
+    - Hide infobar for missing plugins. (closes: #9012)
+    - Change the default entry page for the addons tab to the
+      installed addons page. (closes: #8364)
+    - Make flash objects really be click-to-play if flash is
+      enabled. (closes: #9867)
+    - Make getFirstPartyURI log+handle errors internally to
+      simplify caller usage of the API. (closes: #3661)
+    - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+    - misc: Fix a potential memory leak in the Image Cache isolation
+    - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark erinn@torproject.org  Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=osx
+
+  * Update Firefox to 17.0.9esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update HTTPS Everywhere to 3.4.1
+  * Update NoScript to 2.6.7.1
+  * Remove extraneous libevent libraries (closes: #9727)
+  * Enable GCC hardening for Tor
+  * Firefox patch changes:
+    - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark erinn@torproject.org  Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=osx
+
+  * Re-add the locale pref to the Firefox prefs file to allow for localization
+    of bundles again (closes: #9436)
+
+ -- Erinn Clark erinn@torproject.org  Sun Aug 11 11:51:19 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=osx
+
+  * Update Firefox to 17.0.8esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update HTTPS Everywhere to 3.3.1
+  * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark erinn@torproject.org  Thu Aug  8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=osx
+
+  * Update Firefox to 17.0.7esr
+  * Update zlib to 1.2.8
+  * Update HTTPS Everywhere to 3.2.2
+  * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark erinn@torproject.org  Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=osx
+
+  * Update Firefox to 17.0.6esr
+  * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark erinn@torproject.org  Sun May 12 22:05:50 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=osx
+
+  * Update Torbutton to 1.5.2
+  * Update libpng to 1.5.15
+  * Update NoScript to 2.6.6.1
+  * Firefox patch changes:
+    - Apply font limits to @font-face local() fonts and disable fallback
+      rendering for @font-face. (closes: #8455)
+    - Use Optimistic Data SOCKS handshake (improves page load performance).
+      (closes: #3875)
+    - Honor the Windows theme for inverse text colors (without leaking those
+      colors to content). (closes: #7920)
+    - Increase pipeline randomization and try harder to batch pipelined
+      requests together. (closes: #8470)
+    - Fix an image cache isolation domain key misusage. May fix several image
+      cache related crash bugs with New Identity, exit, and certain websites.
+      (closes: #8628)
+  * Torbutton changes:
+    - Allow session restore if the user allows disk actvity (closes: #8457)
+    - Remove the Display Settings panel and associated locales (closes: #8301)
+    - Fix "Transparent Torification" option. (closes: #6566)
+    - Fix a hang on New Identity. (closes: #8642)
+  * Build changes:
+    - Fetch our source deps from an https mirror (closes: #8286)
+    - Create watch scripts for syncing mirror sources and monitoring mirror
+      integrity (closes: #8338)
+
+ -- Erinn Clark erinn@torproject.org  Tue May  7 19:56:56 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=osx
+
+  * Update Firefox to 17.0.5esr
+  * Update NoScript to 2.6.59
+
+ -- Erinn Clark erinn@torproject.org  Mon Apr  1 19:08:11 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=osx
+
+  * Update Firefox to 17.0.4esr
+  * Update NoScript to 2.6.5.8
+  * Update HTTPS Everywhere to 3.1.4
+  * Fix non-English language bundles to have the correct branding (closes: #8302)
+  * Firefox patch changes:
+    - Remove "This plugin is disabled" barrier
+      * This improves the user experience for HTML5 Youtube videos:
+        They "silently" attempt to load flash first, which was not so silent
+        with this barrier in place. (closes: #8312)
+    - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+    - Fix a New Identity hang and/or crash condition (closes: #6386)
+    - Fix crash with Drag + Drop on Windows (closes: #8324)
+  * Torbutton changes:
+    - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+    - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+    - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+    - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+    - Clear DOM localStorage on New Identity. (closes: #8422)
+    - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+    - Localize the "Spoof english" button strings (closes: #5183)
+    - Ask user for confirmation before enabling plugins (closes: #8313)
+    - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark erinn@torproject.org  Sun Mar 10 22:15:38 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=osx
+
+  * Update Firefox to 17.0.3esr
+  * Downgrade OpenSSL to 1.0.0k
+  * Update libpng to 1.5.14
+  * Update NoScript to 2.6.5.7
+  * Firefox patch changes:
+    - Exempt remote @font-face fonts from font limits (and prefer them).
+      (closes: #8270)
+      * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+      they should not count towards our CSS font count limits. Moreover,
+      if a CSS font-family rule lists any remote fonts, those fonts are
+      preferred over the local fonts, so we do not reduce the font count
+      for that rule.
+      * This vastly improves rendering and typography for many websites.
+    - Disable WebRTC in Firefox build options. (closes: 8178)
+      * WebRTC isn't slated to be enabled until Firefox 18, but the code
+        was getting compiled in already and is capable of creating UDP Sockets
+        and bypassing Tor. We disable it from build as a safety measure.
+    - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+      * This causes our browser pref changes to appear as defaults. It also
+        means that future updates of TBB should preserve user pref settings.
+    - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+    - Eliminate several redundant, useless, and deprecated Firefox pref settings
+    - Report Firefox 17.0 as the Tor Browser user agent
+    - Use Firefox's click-to-play barrier for plugins instead of NoScript
+    - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+      * This fixes a SOCKS race condition with our SOCKS autoport configuration
+        and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+        settings per URL now, which resulted in a proxy error for
+        check.torproject.org if we lost the race.
+  * Torbutton was updated to 1.5.0. The following issues were fixed:
+    - Remove old toggle observers and related code (closes: #5279)
+    - Simplify Security Preference UI and associated pref updates (closes: #3100)
+    - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+    - Leave most preferences under Tor Browser's control (closes: #3944)
+    - Disable toggle-on-startup and crash detection logic (closes: #7974)
+    - Disable/remove toggle-mode code and related observers (closes: #5279)
+    - Add menu hint to Torbutton icon (closes: #6431)
+    - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+    - Perform version check every time there's a new tab. (closes: #6096)
+    - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+    - misc: Allow WebGL and DOM storage.
+    - misc: Disable independent Torbutton updates
+    - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb 19 23:59:21 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=osx
+
+  * Update OpenSSL to 1.0.1d
+  * Update HTTPS Everywhere to 3.1.3
+  * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb  5 18:08:39 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=osx
+
+  * Update Firefox to 10.0.12esr
+  * Update Libevent to 2.0.21-stable
+  * Update HTTPS Everywhere to 3.1.2
+  * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark erinn@torproject.org  Fri Jan  4 11:46:03 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=osx
+
+  * Update Tor to 0.2.3.25
+  * Update Firefox 10.0.11esr
+  * Update Vidalia to 0.2.21
+  * Update NoScript to 2.6.2
+
+ -- Erinn Clark erinn@torproject.org  Sun Dec  2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=osx
+
+  * Update Tor to 0.2.3.24-rc
+  * Update Firefox to 10.0.10esr
+  * Update NoScript to 2.5.9
+  * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark erinn@torproject.org  Sat Oct 27 12:16:55 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=osx
+
+  * Update Tor to 0.2.3.23-rc
+  * Update Firefox to 10.0.9esr
+  * Update HTTPS Everywhere to 4.0development.1
+  * Update NoScript to 2.5.8
+  * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+
+ -- Erinn Clark erinn@torproject.org  Mon Oct 22 16:14:03 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=osx
+
+  * Update Tor to 0.2.3.22-rc
+  * Temporarily use fixed Control and SOCKS ports as a workaround for #6803
+
+ -- Erinn Clark erinn@torproject.org  Wed Sep 12 14:02:57 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=osx
+
+  * Update Tor to 0.2.3.21-rc
+  * Update Firefox to 15.0.1
+  * Update Libevent to 2.0.20-stable
+  * Update Torbutton to 1.4.6.1
+  * Update HTTPS Everywhere to 3.0development.6
+  * Update NoScript to 2.5.4
+
+ -- Erinn Clark erinn@torproject.org  Sun Sep  9 10:42:33 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=osx
+
+  * Update Tor to 0.2.3.20-rc
+  * Update NoScript to 2.5
+  * Change the urlbar search engine to Startpage (closes: #5925)
+  * Firefox patch updates:
+    - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+    - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+    - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark erinn@torproject.org  Sun Aug  5 23:21:27 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=osx
+
+  * Update Tor to 0.2.3.19-rc
+  * Update Firefox to 14.0.1
+  * Update libevent to 2.0.19-stable
+  * Update OpenSSL to 1.0.1c
+  * Update zlib to 1.2.7
+  * Update Torbutton to 1.4.6
+  * Update NoScript to 2.4.9
+  * Update HTTPS Everywhere to 3.0development.5
+  * Downgrade Vidalia to 0.2.20
+
+ -- Erinn Clark erinn@torproject.org  Wed Jul 25 15:12:26 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=osx
+
+  * Update Firefox to 11.0
+  * Update NoScript to 2.3.4
+  * Update HTTPS Everywhere to 3.0development.1
+  * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+  * Always build to with warnings enabled (closes: #4470)
+  * Give OS X users below 10.5 an incompatibility message (closes: #4356)
+
+ -- Erinn Clark erinn@torproject.org  Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=osx
+
+  * Initial release
+
+ -- Erinn Clark erinn@torproject.org  Thu Mar  1 14:04:56 BRT 2012
diff --git a/changelog.windows-2.4 b/changelog.windows-2.4
index 8282c4a..15f3bb3 100644
--- a/changelog.windows-2.4
+++ b/changelog.windows-2.4
@@ -1,3 +1,12 @@
+Tor Browser Bundle (2.4.19-1); suite=windows
+
+  * New stable release
+  * Update Tor to 0.2.4.19
+  * Update NoScript to 2.6.8.7
+  * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark erinn@torproject.org  Sat Dec 14 16:30:24 BRST 2013
+
 Tor Browser Bundle (2.4.18-rc-1); suite=linux
* Update Tor to 0.2.4.18-rc
@@ -258,3 +267,291 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=windows
   * Initial release
-- Erinn Clark erinn@torproject.org  Sat Dec  1 15:21:17 GMT 2012
+Tor Browser Bundle (2.3.25-15); suite=windows
+
+  * Update Firefox to 17.0.11esr
+  * Update NoScript to 2.6.8.5
+
+ -- Erinn Clark erinn@torproject.org  Fri Nov 15 18:11:02 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=windows
+
+  * Update Firefox to 17.0.10esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update NoScript to 2.6.8.4
+  * Update HTTPS-Everywhere to 3.4.2
+  * Firefox patch changes:
+    - Hide infobar for missing plugins. (closes: #9012)
+    - Change the default entry page for the addons tab to the
+      installed addons page. (closes: #8364)
+    - Make flash objects really be click-to-play if flash is
+      enabled. (closes: #9867)
+    - Make getFirstPartyURI log+handle errors internally to
+      simplify caller usage of the API. (closes: #3661)
+    - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+    - misc: Fix a potential memory leak in the Image Cache isolation
+    - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark erinn@torproject.org  Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=windows
+
+  * Update Firefox to 17.0.9esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update HTTPS Everywhere to 3.4.1
+  * Update NoScript to 2.6.7.1
+  * Remove extraneous libevent libraries (closes: #9727)
+  * Enable GCC hardening for Tor
+  * Firefox patch changes:
+    - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark erinn@torproject.org  Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=windows
+
+  * Re-add the locale pref to the Firefox prefs file to allow for localization
+    of bundles again (closes: #9436)
+
+ -- Erinn Clark erinn@torproject.org  Sun Aug 11 11:51:23 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=windows
+
+  * Update Firefox to 17.0.8esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update HTTPS Everywhere to 3.3.1
+  * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark erinn@torproject.org  Thu Aug  8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=windows
+
+  * Update Firefox to 17.0.7esr
+  * Update zlib to 1.2.8
+  * Update HTTPS Everywhere to 3.2.2
+  * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark erinn@torproject.org  Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=windows
+
+  * Update Firefox to 17.0.6esr
+  * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark erinn@torproject.org  Sun May 12 22:05:52 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=windows
+
+  * Update Torbutton to 1.5.2
+  * Update libpng to 1.5.15
+  * Update NoScript to 2.6.6.1
+  * Firefox patch changes:
+    - Apply font limits to @font-face local() fonts and disable fallback
+      rendering for @font-face. (closes: #8455)
+    - Use Optimistic Data SOCKS handshake (improves page load performance).
+      (closes: #3875)
+    - Honor the Windows theme for inverse text colors (without leaking those
+      colors to content). (closes: #7920)
+    - Increase pipeline randomization and try harder to batch pipelined
+      requests together. (closes: #8470)
+    - Fix an image cache isolation domain key misusage. May fix several image
+      cache related crash bugs with New Identity, exit, and certain websites.
+      (closes: #8628)
+  * Torbutton changes:
+    - Allow session restore if the user allows disk actvity (closes: #8457)
+    - Remove the Display Settings panel and associated locales (closes: #8301)
+    - Fix "Transparent Torification" option. (closes: #6566)
+    - Fix a hang on New Identity. (closes: #8642)
+  * Build changes:
+    - Fetch our source deps from an https mirror (closes: #8286)
+    - Create watch scripts for syncing mirror sources and monitoring mirror
+      integrity (closes: #8338)
+    - Re-enable --enable-optimize for Windows builds
+
+ -- Erinn Clark erinn@torproject.org  Tue May  7 19:57:00 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=windows
+
+  * Update Firefox to 17.0.5esr
+  * Update NoScript to 2.6.59
+
+ -- Erinn Clark erinn@torproject.org  Mon Apr  1 19:08:14 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=windows
+
+  * Update Firefox to 17.0.4esr
+  * Update NoScript to 2.6.5.8
+  * Update HTTPS Everywhere to 3.1.4
+  * Fix non-English language bundles to have the correct branding (closes: #8302)
+  * Firefox patch changes:
+    - Remove "This plugin is disabled" barrier
+      * This improves the user experience for HTML5 Youtube videos:
+        They "silently" attempt to load flash first, which was not so silent
+        with this barrier in place. (closes: #8312)
+    - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+    - Fix a New Identity hang and/or crash condition (closes: #6386)
+    - Fix crash with Drag + Drop on Windows (closes: #8324)
+  * Torbutton changes:
+    - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+    - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+    - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+    - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+    - Clear DOM localStorage on New Identity. (closes: #8422)
+    - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+    - Localize the "Spoof english" button strings (closes: #5183)
+    - Ask user for confirmation before enabling plugins (closes: #8313)
+    - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark erinn@torproject.org  Sun Mar 10 22:15:41 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=windows
+
+  * Update Firefox to 17.0.3esr
+  * Downgrade OpenSSL to 1.0.0k
+  * Update libpng to 1.5.14
+  * Update NoScript to 2.6.5.7
+  * Firefox patch changes:
+    - Exempt remote @font-face fonts from font limits (and prefer them).
+      (closes: #8270)
+      * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+      they should not count towards our CSS font count limits. Moreover,
+      if a CSS font-family rule lists any remote fonts, those fonts are
+      preferred over the local fonts, so we do not reduce the font count
+      for that rule.
+      * This vastly improves rendering and typography for many websites.
+    - Disable WebRTC in Firefox build options. (closes: 8178)
+      * WebRTC isn't slated to be enabled until Firefox 18, but the code
+        was getting compiled in already and is capable of creating UDP Sockets
+        and bypassing Tor. We disable it from build as a safety measure.
+    - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+      * This causes our browser pref changes to appear as defaults. It also
+        means that future updates of TBB should preserve user pref settings.
+    - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+    - Eliminate several redundant, useless, and deprecated Firefox pref settings
+    - Report Firefox 17.0 as the Tor Browser user agent
+    - Use Firefox's click-to-play barrier for plugins instead of NoScript
+    - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+      * This fixes a SOCKS race condition with our SOCKS autoport configuration
+        and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+        settings per URL now, which resulted in a proxy error for
+        check.torproject.org if we lost the race.
+  * Torbutton was updated to 1.5.0. The following issues were fixed:
+    - Remove old toggle observers and related code (closes: #5279)
+    - Simplify Security Preference UI and associated pref updates (closes: #3100)
+    - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+    - Leave most preferences under Tor Browser's control (closes: #3944)
+    - Disable toggle-on-startup and crash detection logic (closes: #7974)
+    - Disable/remove toggle-mode code and related observers (closes: #5279)
+    - Add menu hint to Torbutton icon (closes: #6431)
+    - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+    - Perform version check every time there's a new tab. (closes: #6096)
+    - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+    - misc: Allow WebGL and DOM storage.
+    - misc: Disable independent Torbutton updates
+    - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb 19 23:59:26 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=windows
+
+  * Update OpenSSL to 1.0.1d
+  * Update HTTPS Everywhere to 3.1.3
+  * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb  5 18:08:41 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=windows
+
+  * Update Firefox to 10.0.12esr
+  * Update Libevent to 2.0.21-stable
+  * Update HTTPS Everywhere to 3.1.2
+  * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark erinn@torproject.org  Fri Jan  4 11:46:07 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=windows
+
+  * Update Tor to 0.2.3.25
+  * Update Firefox 10.0.11esr
+  * Update Vidalia to 0.2.21
+  * Update NoScript to 2.6.2
+
+ -- Erinn Clark erinn@torproject.org  Sun Dec  2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=windows
+
+  * Update Tor to 0.2.3.24-rc
+  * Update Firefox to 10.0.10esr
+  * Update NoScript to 2.5.9
+  * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark erinn@torproject.org  Sat Oct 27 12:16:57 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=windows
+
+  * Update Tor to 0.2.3.23-rc
+  * Update Firefox to 10.0.9esr
+  * Update HTTPS Everywhere to 4.0development.1
+  * Update NoScript to 2.5.8
+  * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+
+ -- Erinn Clark erinn@torproject.org  Mon Oct 22 16:14:05 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=windows
+
+  * Update Tor to 0.2.3.22-rc
+
+ -- Erinn Clark erinn@torproject.org  Tue Sep 11 19:49:08 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=windows
+
+  * Update Tor to 0.2.3.21-rc
+  * Update Firefox to 15.0.1
+  * Update Libevent to 2.0.20-stable
+  * Update Torbutton to 1.4.6.1
+  * Update HTTPS Everywhere to 3.0development.6
+  * Update NoScript to 2.5.4
+
+ -- Erinn Clark erinn@torproject.org  Sun Sep  9 10:42:35 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=windows
+
+  * Update Tor to 0.2.3.20-rc
+  * Update NoScript to 2.5
+  * Change the urlbar search engine to Startpage (closes: #5925)
+  * Firefox patch updates:
+    - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+    - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+    - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark erinn@torproject.org  Sun Aug  5 23:21:32 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=windows
+
+  * Update Tor to 0.2.3.19-rc
+  * Update Firefox to 14.0.1
+  * Update libevent to 2.0.19-stable
+  * Update OpenSSL to 1.0.1c
+  * Update zlib to 1.2.7
+  * Update Torbutton to 1.4.6
+  * Update NoScript to 2.4.9
+  * Update HTTPS Everywhere to 3.0development.5
+  * Downgrade Vidalia to 0.2.20
+
+ -- Erinn Clark erinn@torproject.org  Wed Jul 25 15:12:41 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=windows
+
+  * Update Firefox to 11.0
+  * Update NoScript to 2.3.4
+  * Update HTTPS Everywhere to 3.0development.1
+  * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+  * Always build to with warnings enabled (closes: #4470)
+  * Remove tor-resolve from the Windows bundle (closes: #5403)
+
+ -- Erinn Clark erinn@torproject.org  Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=windows
+
+  * Initial release
+
+ -- Erinn Clark erinn@torproject.org  Thu Mar  1 14:04:56 BRT 2012
diff --git a/changelog.windows-2.5 b/changelog.windows-2.5
new file mode 100644
index 0000000..d84e74d
--- /dev/null
+++ b/changelog.windows-2.5
@@ -0,0 +1,557 @@
+Tor Browser Bundle (2.5.1-alpha-1); suite=windows
+
+  * New alpha release
+  * Update Tor to 0.2.5.1-alpha
+  * Update NoScript to 2.6.8.7
+  * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark erinn@torproject.org  Sat Dec 14 16:30:59 BRST 2013
+
+Tor Browser Bundle (2.4.18-rc-1); suite=linux
+
+  * Update Tor to 0.2.4.18-rc
+  * Update Firefox to 17.0.11esr
+  * Update NoScript to 2.6.8.5
+  * Remove PDF.js since it is no longer supported in Firefox 17
+
+ -- Erinn Clark erinn@torproject.org  Sun Nov 17 16:41:32 BRST 2013
+
+Tor Browser Bundle (2.4.17-rc-1); suite=windows
+
+  * Update Firefox to 17.0.10esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update NoScript to 2.6.8.4
+  * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this
+    becoming the stable bundle
+  * Firefox patch changes:
+    - Hide infobar for missing plugins. (closes: #9012)
+    - Change the default entry page for the addons tab to the
+      installed addons page. (closes: #8364)
+    - Make flash objects really be click-to-play if flash is
+      enabled. (closes: #9867)
+    - Make getFirstPartyURI log+handle errors internally to
+      simplify caller usage of the API. (closes: #3661)
+    - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+    - misc: Fix a potential memory leak in the Image Cache isolation
+    - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark erinn@torproject.org  Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.4.17-beta-2); suite=windows
+
+  * Update Firefox to 17.0.9esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update HTTPS Everywhere to 4.0development.12
+  * Update NoScript to 2.6.7.1
+  * Remove extraneous libevent libraries (closes: #9727)
+  * Enable GCC hardening for Tor
+  * Firefox patch changes:
+    - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark erinn@torproject.org  Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.4.17-beta-1); suite=windows
+
+  * Update Tor to 0.2.4.17-rc
+  * Update NoScript to 2.6.7.1
+  * Update HTTPS Everywhere to 4.0development.11
+
+ -- Erinn Clark erinn@torproject.org  Thu Sep  5 14:26:09 CEST 2013
+
+Tor Browser Bundle (2.4.16-beta-1); suite=windows
+
+  * Update Tor to 0.2.4.16-rc
+  * Re-add the locale pref to the Firefox prefs file to allow for localization
+    of bundles again (closes: #9436)
+
+ -- Erinn Clark erinn@torproject.org  Sun Aug 11 11:51:37 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-2); suite=windows
+
+  * Update Firefox to 17.0.8esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * HTTPS Everywhere to 4.0development.9
+  * Update PDF.js to 0.8.298
+  * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark erinn@torproject.org  Thu Aug  8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-1); suite=windows
+
+  * Update Tor to 0.2.4.15-rc
+  * Update NoScript to 2.6.6.7
+
+ -- Erinn Clark erinn@torproject.org  Sun Jul  7 18:38:50 BRT 2013
+
+Tor Browser Bundle (2.4.14-alpha-1); suite=windows
+
+  * Update Tor to 0.2.4.14-alpha
+  * Update Firefox 17.0.7esr
+  * Update zlib to 1.2.8
+  * Update libpng to 1.5.16
+  * Update HTTPS Everywhere to 4.0development.8
+  * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark erinn@torproject.org  Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-2); suite=windows
+
+  * Update Firefox to 17.0.6esr
+  * Update NoScript to 2.6.6.1
+
+ -- Erinn Clark erinn@torproject.org  Sun May 12 22:06:25 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-1); suite=windows
+
+  * Update Tor to 0.2.4.12-alpha
+  * Update Torbutton to 1.5.2
+  * Update libpng to 1.5.15
+  * Update NoScript to 2.6.6
+  * Update PDF.js to 0.8.1
+  * Firefox patch changes:
+    - Apply font limits to @font-face local() fonts and disable fallback
+      rendering for @font-face. (closes: #8455)
+    - Use Optimistic Data SOCKS handshake (improves page load performance).
+      (closes: #3875)
+    - Honor the Windows theme for inverse text colors (without leaking those
+      colors to content). (closes: #7920)
+    - Increase pipeline randomization and try harder to batch pipelined
+      requests together. (closes: #8470)
+    - Fix an image cache isolation domain key misusage. May fix several image
+      cache related crash bugs with New Identity, exit, and certain websites.
+      (closes: #8628)
+  * Torbutton changes:
+    - Allow session restore if the user allows disk actvity (closes: #8457)
+    - Remove the Display Settings panel and associated locales (closes: #8301)
+    - Fix "Transparent Torification" option. (closes: #6566)
+    - Fix a hang on New Identity. (closes: #8642)
+  * Build changes:
+    - Fetch our source deps from an https mirror (closes: #8286)
+    - Create watch scripts for syncing mirror sources and monitoring mirror
+      integrity (closes: #8338)
+
+ -- Erinn Clark erinn@torproject.org  Thu Apr 25 21:15:34 BRT 2013
+
+Tor Browser Bundle (2.4.11-alpha-2); suite=windows
+
+  * Update Firefox to 17.0.5esr
+  * Update NoScript to 2.6.59
+
+ -- Erinn Clark erinn@torproject.org  Mon Apr  1 19:08:39 EDT 2013
+
+Tor Browser Bundle (2.4.10-alpha-3); suite=windows
+
+  * Update Firefox to 17.0.4esr
+  * Update Tor to 0.2.4.11-alpha
+  * Update NoScript to 2.6.5.8
+  * Update HTTPS Everywhere to 4.0development.6
+  * Update PDF.js to 0.7.236
+  * Fix non-English language bundles to have the correct branding (closes: #8302)
+  * Firefox patch changes:
+    - Remove "This plugin is disabled" barrier
+      * This improves the user experience for HTML5 Youtube videos:
+        They "silently" attempt to load flash first, which was not so silent
+        with this barrier in place. (closes: #8312)
+    - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+    - Fix a New Identity hang and/or crash condition (closes: #6386)
+    - Fix crash with Drag + Drop on Windows (closes: #8324)
+  * Torbutton changes:
+    - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+    - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+    - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+    - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+    - Clear DOM localStorage on New Identity. (closes: #8422)
+    - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+    - Localize the "Spoof english" button strings (closes: #5183)
+    - Ask user for confirmation before enabling plugins (closes: #8313)
+    - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark erinn@torproject.org  Tue Mar 12 12:06:00 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-2); suite=windows
+
+  * Update Firefox to 17.0.3esr
+  * Downgrade OpenSSL to 1.0.0k
+  * Update libpng to 1.5.14
+  * Update NoScript to 2.6.5.7
+  * Firefox patch changes:
+    - Exempt remote @font-face fonts from font limits (and prefer them).
+      (closes: #8270)
+      * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+      they should not count towards our CSS font count limits. Moreover,
+      if a CSS font-family rule lists any remote fonts, those fonts are
+      preferred over the local fonts, so we do not reduce the font count
+      for that rule.
+      * This vastly improves rendering and typography for many websites.
+    - Disable WebRTC in Firefox build options. (closes: 8178)
+      * WebRTC isn't slated to be enabled until Firefox 18, but the code
+        was getting compiled in already and is capable of creating UDP Sockets
+        and bypassing Tor. We disable it from build as a safety measure.
+    - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+      * This causes our browser pref changes to appear as defaults. It also
+        means that future updates of TBB should preserve user pref settings.
+    - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+    - Eliminate several redundant, useless, and deprecated Firefox pref settings
+    - Report Firefox 17.0 as the Tor Browser user agent
+    - Use Firefox's click-to-play barrier for plugins instead of NoScript
+    - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+      * This fixes a SOCKS race condition with our SOCKS autoport configuration
+        and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+        settings per URL now, which resulted in a proxy error for
+        check.torproject.org if we lost the race.
+  * Torbutton was updated to 1.5.0. The following issues were fixed:
+    - Remove old toggle observers and related code (closes: #5279)
+    - Simplify Security Preference UI and associated pref updates (closes: #3100)
+    - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+    - Leave most preferences under Tor Browser's control (closes: #3944)
+    - Disable toggle-on-startup and crash detection logic (closes: #7974)
+    - Disable/remove toggle-mode code and related observers (closes: #5279)
+    - Add menu hint to Torbutton icon (closes: #6431)
+    - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+    - Perform version check every time there's a new tab. (closes: #6096)
+    - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+    - misc: Allow WebGL and DOM storage.
+    - misc: Disable independent Torbutton updates
+    - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb 19 23:59:49 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-1); suite=windows
+
+  * Update Tor to 0.2.4.10-alpha
+  * Update OpenSSL to 1.0.1d
+  * Update NoScript to 2.6.4.4
+  * Add PDF Viewer (PDF.js) to README
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb  5 18:13:28 CET 2013
+
+Tor Browser Bundle (2.4.9-alpha-test-1); suite=windows
+
+  * Update Firefox to 17.0.2esr
+  * Update Tor to 0.2.4.9-alpha
+  * Update Torbutton to 1.5.0pre-alpha
+  * Update NoScript to 2.6.4.3
+  * Update HTTPS-Everywhere to 4.0development.5
+  * Add Mozilla's PDF.js extension to give people the ability to read PDFs in
+    TBB
+  * Firefox patch changes:
+    - Isolate image cache to url bar domain (closes: #5742 and #6539)
+    - Enable DOM storage and isolate it to url bar domain (closes: #6564)
+    - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
+  * Misc preference changes:
+    - Disable DOM performance timers (dom.enable_performance) (closes: #6204)
+    - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
+    - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
+    - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)
+
+ -- Erinn Clark erinn@torproject.org  Fri Jan 25 15:31:35 CET 2013
+
+Tor Browser Bundle (2.4.7-alpha-1); suite=windows
+
+  * Update Firefox to 10.0.12esr
+  * Update Tor to 0.2.4.7-alpha
+  * Update Libevent to 2.0.21-stable
+  * Update HTTPS Everywhere to 4.0development.4
+  * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark erinn@torproject.org  Fri Jan  4 11:55:02 CET 2013
+
+Tor Browser Bundle (2.4.6-alpha-2); suite=windows
+
+  * Update Makefiles to use the right changelogs and READMEs
+
+ -- Erinn Clark erinn@torproject.org  Mon Dec  3 16:13:45 GMT 2012
+
+Tor Browser Bundle (2.4.6-alpha-1); suite=windows
+
+  * Initial release
+
+ -- Erinn Clark erinn@torproject.org  Sat Dec  1 15:21:17 GMT 2012
+Tor Browser Bundle (2.3.25-15); suite=windows
+
+  * Update Firefox to 17.0.11esr
+  * Update NoScript to 2.6.8.5
+
+ -- Erinn Clark erinn@torproject.org  Fri Nov 15 18:11:02 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=windows
+
+  * Update Firefox to 17.0.10esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update NoScript to 2.6.8.4
+  * Update HTTPS-Everywhere to 3.4.2
+  * Firefox patch changes:
+    - Hide infobar for missing plugins. (closes: #9012)
+    - Change the default entry page for the addons tab to the
+      installed addons page. (closes: #8364)
+    - Make flash objects really be click-to-play if flash is
+      enabled. (closes: #9867)
+    - Make getFirstPartyURI log+handle errors internally to
+      simplify caller usage of the API. (closes: #3661)
+    - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+    - misc: Fix a potential memory leak in the Image Cache isolation
+    - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark erinn@torproject.org  Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=windows
+
+  * Update Firefox to 17.0.9esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update HTTPS Everywhere to 3.4.1
+  * Update NoScript to 2.6.7.1
+  * Remove extraneous libevent libraries (closes: #9727)
+  * Enable GCC hardening for Tor
+  * Firefox patch changes:
+    - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark erinn@torproject.org  Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=windows
+
+  * Re-add the locale pref to the Firefox prefs file to allow for localization
+    of bundles again (closes: #9436)
+
+ -- Erinn Clark erinn@torproject.org  Sun Aug 11 11:51:23 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=windows
+
+  * Update Firefox to 17.0.8esr
+    https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firef...
+  * Update HTTPS Everywhere to 3.3.1
+  * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark erinn@torproject.org  Thu Aug  8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=windows
+
+  * Update Firefox to 17.0.7esr
+  * Update zlib to 1.2.8
+  * Update HTTPS Everywhere to 3.2.2
+  * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark erinn@torproject.org  Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=windows
+
+  * Update Firefox to 17.0.6esr
+  * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark erinn@torproject.org  Sun May 12 22:05:52 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=windows
+
+  * Update Torbutton to 1.5.2
+  * Update libpng to 1.5.15
+  * Update NoScript to 2.6.6.1
+  * Firefox patch changes:
+    - Apply font limits to @font-face local() fonts and disable fallback
+      rendering for @font-face. (closes: #8455)
+    - Use Optimistic Data SOCKS handshake (improves page load performance).
+      (closes: #3875)
+    - Honor the Windows theme for inverse text colors (without leaking those
+      colors to content). (closes: #7920)
+    - Increase pipeline randomization and try harder to batch pipelined
+      requests together. (closes: #8470)
+    - Fix an image cache isolation domain key misusage. May fix several image
+      cache related crash bugs with New Identity, exit, and certain websites.
+      (closes: #8628)
+  * Torbutton changes:
+    - Allow session restore if the user allows disk actvity (closes: #8457)
+    - Remove the Display Settings panel and associated locales (closes: #8301)
+    - Fix "Transparent Torification" option. (closes: #6566)
+    - Fix a hang on New Identity. (closes: #8642)
+  * Build changes:
+    - Fetch our source deps from an https mirror (closes: #8286)
+    - Create watch scripts for syncing mirror sources and monitoring mirror
+      integrity (closes: #8338)
+    - Re-enable --enable-optimize for Windows builds
+
+ -- Erinn Clark erinn@torproject.org  Tue May  7 19:57:00 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=windows
+
+  * Update Firefox to 17.0.5esr
+  * Update NoScript to 2.6.59
+
+ -- Erinn Clark erinn@torproject.org  Mon Apr  1 19:08:14 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=windows
+
+  * Update Firefox to 17.0.4esr
+  * Update NoScript to 2.6.5.8
+  * Update HTTPS Everywhere to 3.1.4
+  * Fix non-English language bundles to have the correct branding (closes: #8302)
+  * Firefox patch changes:
+    - Remove "This plugin is disabled" barrier
+      * This improves the user experience for HTML5 Youtube videos:
+        They "silently" attempt to load flash first, which was not so silent
+        with this barrier in place. (closes: #8312)
+    - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+    - Fix a New Identity hang and/or crash condition (closes: #6386)
+    - Fix crash with Drag + Drop on Windows (closes: #8324)
+  * Torbutton changes:
+    - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+    - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+    - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+    - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+    - Clear DOM localStorage on New Identity. (closes: #8422)
+    - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+    - Localize the "Spoof english" button strings (closes: #5183)
+    - Ask user for confirmation before enabling plugins (closes: #8313)
+    - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark erinn@torproject.org  Sun Mar 10 22:15:41 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=windows
+
+  * Update Firefox to 17.0.3esr
+  * Downgrade OpenSSL to 1.0.0k
+  * Update libpng to 1.5.14
+  * Update NoScript to 2.6.5.7
+  * Firefox patch changes:
+    - Exempt remote @font-face fonts from font limits (and prefer them).
+      (closes: #8270)
+      * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+      they should not count towards our CSS font count limits. Moreover,
+      if a CSS font-family rule lists any remote fonts, those fonts are
+      preferred over the local fonts, so we do not reduce the font count
+      for that rule.
+      * This vastly improves rendering and typography for many websites.
+    - Disable WebRTC in Firefox build options. (closes: 8178)
+      * WebRTC isn't slated to be enabled until Firefox 18, but the code
+        was getting compiled in already and is capable of creating UDP Sockets
+        and bypassing Tor. We disable it from build as a safety measure.
+    - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+      * This causes our browser pref changes to appear as defaults. It also
+        means that future updates of TBB should preserve user pref settings.
+    - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+    - Eliminate several redundant, useless, and deprecated Firefox pref settings
+    - Report Firefox 17.0 as the Tor Browser user agent
+    - Use Firefox's click-to-play barrier for plugins instead of NoScript
+    - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+      * This fixes a SOCKS race condition with our SOCKS autoport configuration
+        and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+        settings per URL now, which resulted in a proxy error for
+        check.torproject.org if we lost the race.
+  * Torbutton was updated to 1.5.0. The following issues were fixed:
+    - Remove old toggle observers and related code (closes: #5279)
+    - Simplify Security Preference UI and associated pref updates (closes: #3100)
+    - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+    - Leave most preferences under Tor Browser's control (closes: #3944)
+    - Disable toggle-on-startup and crash detection logic (closes: #7974)
+    - Disable/remove toggle-mode code and related observers (closes: #5279)
+    - Add menu hint to Torbutton icon (closes: #6431)
+    - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+    - Perform version check every time there's a new tab. (closes: #6096)
+    - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+    - misc: Allow WebGL and DOM storage.
+    - misc: Disable independent Torbutton updates
+    - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb 19 23:59:26 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=windows
+
+  * Update OpenSSL to 1.0.1d
+  * Update HTTPS Everywhere to 3.1.3
+  * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark erinn@torproject.org  Tue Feb  5 18:08:41 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=windows
+
+  * Update Firefox to 10.0.12esr
+  * Update Libevent to 2.0.21-stable
+  * Update HTTPS Everywhere to 3.1.2
+  * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark erinn@torproject.org  Fri Jan  4 11:46:07 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=windows
+
+  * Update Tor to 0.2.3.25
+  * Update Firefox 10.0.11esr
+  * Update Vidalia to 0.2.21
+  * Update NoScript to 2.6.2
+
+ -- Erinn Clark erinn@torproject.org  Sun Dec  2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=windows
+
+  * Update Tor to 0.2.3.24-rc
+  * Update Firefox to 10.0.10esr
+  * Update NoScript to 2.5.9
+  * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark erinn@torproject.org  Sat Oct 27 12:16:57 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=windows
+
+  * Update Tor to 0.2.3.23-rc
+  * Update Firefox to 10.0.9esr
+  * Update HTTPS Everywhere to 4.0development.1
+  * Update NoScript to 2.5.8
+  * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+
+ -- Erinn Clark erinn@torproject.org  Mon Oct 22 16:14:05 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=windows
+
+  * Update Tor to 0.2.3.22-rc
+
+ -- Erinn Clark erinn@torproject.org  Tue Sep 11 19:49:08 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=windows
+
+  * Update Tor to 0.2.3.21-rc
+  * Update Firefox to 15.0.1
+  * Update Libevent to 2.0.20-stable
+  * Update Torbutton to 1.4.6.1
+  * Update HTTPS Everywhere to 3.0development.6
+  * Update NoScript to 2.5.4
+
+ -- Erinn Clark erinn@torproject.org  Sun Sep  9 10:42:35 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=windows
+
+  * Update Tor to 0.2.3.20-rc
+  * Update NoScript to 2.5
+  * Change the urlbar search engine to Startpage (closes: #5925)
+  * Firefox patch updates:
+    - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+    - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+    - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark erinn@torproject.org  Sun Aug  5 23:21:32 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=windows
+
+  * Update Tor to 0.2.3.19-rc
+  * Update Firefox to 14.0.1
+  * Update libevent to 2.0.19-stable
+  * Update OpenSSL to 1.0.1c
+  * Update zlib to 1.2.7
+  * Update Torbutton to 1.4.6
+  * Update NoScript to 2.4.9
+  * Update HTTPS Everywhere to 3.0development.5
+  * Downgrade Vidalia to 0.2.20
+
+ -- Erinn Clark erinn@torproject.org  Wed Jul 25 15:12:41 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=windows
+
+  * Update Firefox to 11.0
+  * Update NoScript to 2.3.4
+  * Update HTTPS Everywhere to 3.0development.1
+  * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+  * Always build to with warnings enabled (closes: #4470)
+  * Remove tor-resolve from the Windows bundle (closes: #5403)
+
+ -- Erinn Clark erinn@torproject.org  Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=windows
+
+  * Initial release
+
+ -- Erinn Clark erinn@torproject.org  Thu Mar  1 14:04:56 BRT 2012

    