tor-qa

tor-qa@lists.torproject.org

545 discussions

Tor Browser 8.5a5 is ready for testing
by Georg Koppen 01 Dec '18

01 Dec '18

Hi all! We are pleased to announce that Tor Browser 8.5a5 is ready for testing. Bundles can be found at: https://people.torproject.org/~boklm/builds/8.5a5-build2/ We included a new Tor alpha version in the desktop bundles (0.3.5.5-alpha) to help stabilizing the networking code. Furthermore, we managed to fix two longstanding first party isolation bugs: Both PDF range requests[1] and saving links, images or similar using the context menu[2] are now properly isolated to the URL bar domain. Most importantly, though, we reached another milestone in our efforts to bring Tor Browser for Android into stable shape. From now on it is not necessary anymore to download Orbot in order to use Tor Browser. We implemented a similar solution to our desktop Tor Browser flavors by shipping and using Orbot in Tor Browser directly.[3] We plan to refine our approach for an even smoother user exprience in the future, so stay tuned.[4][5] Additionally, we included the mobile build into our official Tor Browser build infrastructure, implying a similar versioning scheme and same day releases starting with the alpha series. The build artifacts are not reproducible yet (although we are pretty close reaching that goal).[6] But fixing that is one of the top priorities for our next big milestone for the Android app. Below are all changes listed since Tor Browser 8.5a4 and the previous alpha release for Android: Tor Browser 8.5a5 -- December 3 2018 * All Platforms * Update Torbutton to 2.1.2 * Bug 25013: Integrate Torbutton into tor-browser for Android * Bug 27111: Update about:tor desktop version to work on mobile * Bug 28093: Update donation banner style to make it fit in small screens * Bug 28543: about:tor has scroll bar between widths 900px and 1000px * Bug 28039: Enable dump() if log method is 0 * Bug 27701: Don't show App Blocker dialog on Android * Bug 28187: Change tor circuit icon to torbutton.svg * Bug 28515: Use en-US for english Torbutton strings * Translations update * Update Tor Launcher to 0.2.18 * Bug 28039: Enable dump() if log method is 0 * Translations update * Update HTTPS Everywhere to 2018.10.31 * Update NoScript to 10.2.0 * Bug 22343: Make 'Save Page As' obey first-party isolation * Bug 26540: Enabling pdfjs disableRange option prevents pdfs from loading * Windows * Update Tor to 0.3.5.5-alpha * Bug 28310: Don't build obfs4 with module versioning support * Bug 27827: Update Go to 1.11.1 * Bug 28185: Add smallerRichard to Tor Browser * Bug 28657: Remove broken FTE bridge from Tor Browser * OS X * Update Tor to 0.3.5.5-alpha * Bug 28310: Don't build obfs4 with module versioning support * Bug 27827: Update Go to 1.11.1 * Bug 27827: Build snowflake reproducibly * Bug 28258: Don't look for webrtc headers under talk/ * Bug 28185: Add smallerRichard to Tor Browser * Linux * Update Tor to 0.3.5.5-alpha * Bug 28310: Don't build obfs4 with module versioning support * Bug 27827: Update Go to 1.11.1 * Bug 27827: Build snowflake reproducibly * Bug 28258: Don't look for webrtc headers under talk/ * Bug 28185: Add smallerRichard to Tor Browser * Bug 28657: Remove broken FTE bridge from Tor Browser * Android * Bug 28051: Fix up Orbot for inclusion into Tor Browser * Bug 26690+25765: Port padlock states for .onion serices to mobile * Bug 28507: Delete private data in the browser startup * Bug 27111+25013: Configure Tor Browser for mobile to load about:tor * Bug 27256: Enable TouchEvents on Android * Bug 28640: Use system add-on and distributed preferences * Build System * Bug 27977: Build Orbot inside tor-browser-build * Bug 27443: Update Firefox RBM config and build for Android * Bug 27439: Add android target for rust compiler * Bug 28469: Fix unsupported libbacktrace in Rust 1.26 * Bug 28468: Modify Android toolchain to support Orbot * Bug 28483: Modify Android Toolchain API Version * Bug 28472: Add Android Makefile Rules * Bug 28470: Add fetch gradle dependency script to common project * Bug 28144: Update projects/tor-browser for Android Georg [1] https://trac.torproject.org/projects/tor/ticket/26540 [2] https://trac.torproject.org/projects/tor/ticket/22343 [3] https://trac.torproject.org/projects/tor/ticket/28051 [4] https://trac.torproject.org/projects/tor/ticket/28329 [5] https://trac.torproject.org/projects/tor/ticket/27609 [6] https://trac.torproject.org/projects/tor/ticket/25164

1 0

Tor Browser 8.0.3 is ready for testing
by Georg Koppen 21 Oct '18

21 Oct '18

Hello! We are happy to announce that a new Tor Browser release candidate is ready for testing. Bundles can be found at: https://people.torproject.org/~boklm/builds/8.0.3-build1/ Tor Browser 8.0.3 contains important Firefox security updates and includes newer NoScript and HTTPS Everywhere versions. Moreover, it ships with a donation banner for our end of the year campaign and includes another round of smaller fixes for Tor Browser 8 issues on Linux systems. We switched as well to a newer API for our NoScript <-> Torbutton communication, which we need for the Security Slider. The full changelog since Tor Browser 8.0.2 is Tor Browser 8.0.3 -- October 23 2018 * All platforms * Update Firefox to 60.3.0esr * Update Torbutton to 2.0.8 * Bug 23925+27959: Donation banner for year end 2018 campaign * Bug 24172: Donation banner clobbers Tor Browser version string * Bug 27760: Use new NoScript API for IPC and fix about:blank issue * Translations update * Update HTTPS Everywhere to 2018.9.19 * Update NoScript to 10.1.9.9 * Linux * Bug 27546: Fix vertical scrollbar behavior in Tor Browser 8 with Gtk3 * Bug 27552: Use bundled dir on CentOS/RHEL 6 Georg

2 1

Tor Browser 8.5a4 is ready for testing
by Georg Koppen 20 Oct '18

20 Oct '18

Hi tor-qa! Tor Browser 8.5a4 is ready for testing. Bundles can be found at: https://people.torproject.org/~boklm/builds/8.5a4-build2/ This release fixes important Firefox security bugs. Highlights in Tor Browser 8.5a4 are a new Tor alpha version, 0.3.5.3-alpha, a fixed layout of our macOS installer window and Stylo (Mozilla's new CSS engine[1]) being enabled on macOS after fixing a reproducibility issues. Please report any problems you find with those macOS related changes as we think about backporting them for the stable series. Moreover, we backport a defense against protocol handler enumeration developed by Mozilla engineers and provide Tor Browser on all supported platforms in four additional locales: cs, el, hu, and ka. The full changelog since 8.5a3 is: Tor Browser 8.5a4 -- October 23 2018 * All Platforms * Update Firefox to 60.3.0esr * Update Tor to 0.3.5.3-alpha * Update Torbutton to 2.1.1 * Bug 23925+27959: Donation banner for year end 2018 campaign * Bug 24172: Donation banner clobbers Tor Browser version string * Bug 28082: Add locales cs, el, hu, ka * Translations update * Update Tor Launcher to 0.2.17 * Bug 27994+25151: Use the new Tor Browser logo * Bug 28082: Add locales cs, el, hu, ka * Translations update * Update HTTPS Everywhere to 2018.9.19 * Update NoScript to 10.1.9.9 * Bug 1623: Block protocol handler enumeration (backport of fix for #680300) * Bug 27905: Fix many occurrences of "Firefox" in about:preferences * Bug 28082: Add locales cs, el, hu, ka * Windows * Bug 21704: Abort install if CPU is missing SSE2 support * Bug 28002: Fix the precomplete file in the en-US installer * OS X * Bug 26263: App icon positioned incorrectly in macOS DMG installer window * Bug 26475: Fix Stylo related reproducibilitiy issue * Linux * Bug 26475: Fix Stylo related reproducibilitiy issue * Bug 28022: Use `/usr/bin/env bash` for bash invocation * Android * Backport of fixes for bug 1448014, 1458905, 1441345, and 1448305 * Build System * All Platforms * Bug 27218: Generate multiple Tor Browser bundles in parallel * Windows * Bug 27320: Build certutil for Windows * OS X * Bug 27320: Build certutil for macOS Georg [1] https://hacks.mozilla.org/2017/08/inside-a-super-fast-css-engine-quantum-cs…

1 0

Tor Browser 8.0.1 is ready for testing
by Georg Koppen 19 Sep '18

19 Sep '18

Hi! We are happy to announce that our first point release in our 8.0 series is ready for testing. Bundles can be found at: https://people.torproject.org/~boklm/builds/8.0.1-build1/ We used the 8.0.1 release to ship the new stable Tor (0.3.4.8) which solves an annoying crash bug on older macOS systems (10.9.x). We furthermore found a better solution to our User Agent treatment: on desktop platforms Tor Browser will send a Windows User Agent at the network level while still allowing to query the unspoofed User Agent with JavaScript. This takes concerns about any server passively logging the User Agent into account while still avoiding broken websites as good as we can. Finally, we included a banner for signing up to Tor News which allows anyone to stay up-to-date about things going on in the Tor universe (which is, admittedly, sometimes hard to keep track of). Below is the full changelog since 8.0: Tor Browser 8.0.1 -- September 20 2018 * All platforms * Update Tor to 0.3.4.8 * Update Torbutton to 2.0.7 * Bug 27097: Tor News signup banner * Bug 27663: Add New Identity menuitem again * Bug 26624: Only block OBJECT on highest slider level * Bug 26555: Don't show IP address for meek or snowflake * Bug 27478: Torbutton icons for dark theme * Bug 27506+14520: Move status version to upper left corner for RTL locales * Bug 27427: Fix NoScript IPC for about:blank by whitelisting messages * Bug 27558: Update the link to "Your Guard note may not change" text * Translations update * Update Tor Launcher to 0.2.16.5 * Bug 27469: Adapt Moat URLs * Bug 25405: Cannot use Moat if a meek bridge is configured * Translations update * Clean-up * Update NoScript to 10.1.9.6 * Bug 27763: Restrict Torbutton signing exemption to mobile * Bug 26146: Spoof HTTP User-Agent header for desktop platforms * Bug 27543: QR code is broken on web.whatsapp.com * Bug 27264: Bookmark items are not visible on the boomark toolbar * Bug 27535: Enable TLS 1.3 draft version * OS X * Bug 27482: Fix crash during start-up on macOS 10.9.x systems * Linux * Bug 26556: Fix broken Tor Browser icon path on Linux Georg

1 0

Tor Browser 8.0 is ready for testing
by Georg Koppen 03 Sep '18

03 Sep '18

Hi all! We are happy to announce that Tor Browser 8.0 is ready for testing. Bundles can be found at: https://people.torproject.org/~gk/builds/8.0-build5/ This is the first stable release based on Firefox 60 ESR and we worked during the past few months to make Tor Browser compatible with that new major Firefox ESR version. Besides shipping Firefox Quantum it contains other major improvements: 1) User Experience We redesigned our start page and included an onboarding to help new users getting aquainted with Tor Browser's features. That was done in collaboration with the UX team. We added security indicators for .onion sites to provide a better user experience for onion services 2) Localization and platform support We added 9 new locales to Tor Browser giving more users the opportunity of a localized Tor Browser experience. Additionally, we start shipping 64bit builds for Windows users which should enhance Tor Browser stablility compared to the 32bit ones. 3) Easier censorship circumvention Tor Browser includes now a way to request bridges directly from BridgeDB, which should make it easier for users in censored areas to bypass those restrictions just by configuring Tor Browser. Apart from those three highlights a number of other component and toolchains got an update for this major release. In particular, we now ship Tor 0.3.3.9 with OpenSSL 1.0.2p and Libevent 2.1.8. Moreover, we switched to the pure WebExtension version of NoScript (version 10.1.9.1) which we still need to provide the security slider functionality. Even though we are late in the release preparation process, please give this release candidate a test and report bugs you find, thanks! The full changelog since 7.5.6 is: Tor Browser 8.0 -- September 5 2018 * All platforms * Update Firefox to 60.2.0esr * Update Tor to 0.3.3.9 * Update OpenSSL to 1.0.2p * Update Libevent to 2.1.8 * Update Torbutton to 2.0.6 * Bug 26960: Implement new about:tor start page * Bug 26961: Implement new user onboarding * Bug 26962: Circuit display onboarding * Bug 27301: Improve about:tor behavior and appearance * Bug 27214: Improve the onboarding text * Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus * Bug 26100: Adapt Torbutton to Firefox 60 ESR * Bug 26520: Fix sec slider/NoScript for TOR_SKIP_LAUNCH=1 * Bug 27401: Start listening for NoScript before it loads * Bug 26430: New Torbutton icon * Bug 24309: Move circuit display to the identity popup * Bug 26884: Use Torbutton to provide security slider on mobile * Bug 26128: Adapt security slider to the WebExtensions version of NoScript * Bug 27276: Adapt to new NoScript messaging protocol * Bug 23247: Show security state of .onions * Bug 26129: Show our about:tor page on startup * Bug 26235: Hide new unusable items from help menu * Bug 26058: Remove workaround for hiding 'sign in to sync' button * Bug 26590: Use new svg.disabled pref in security slider * Bug 26655: Adjust color and size of onion button * Bug 26500: Reposition circuit display relay icon for RTL locales * Bug 26409: Remove spoofed locale implementation * Bug 26189: Remove content-policy.js * Bug 26544: Images are not centered anymore * Bug 26490: Remove the security slider notification * Bug 25126: Make about:tor layout responsive * Bug 27097: Add text for Tor News signup widget * Bug 21245: Add da translation to Torbutton and keep track of it * Bug 27129+20628: Add locales ca, ga, id, is, nb, da, he, sv, and zh-TW * Translations update * Update Tor Launcher to 0.2.16.3 * Bug 23136: Moat integration (fetch bridges for the user) * Bug 25750: Update Tor Launcher to make it compatible with Firefox 60 ESR * Bug 26985: Help button icons missing * Bug 25509: Improve the proxy help text * Bug 26466: Remove sv-SE from tracking for releases * Bug 27129+20628: Add locales ca, ga, id, is, nb, da, he, sv, and zh-TW * Translations update * Update HTTPS Everywhere to 2018.8.22 * Update NoScript to 10.1.9.1 * Update meek to 0.31 * Bug 26477: Make meek extension compatible with ESR 60 * Update obfs4proxy to v0.0.7 (bug 25356) * Bug 27082: Enable a limited UITour for user onboarding * Bug 26961: New user onboarding * Bug 26962: New feature onboarding * Bug 27403: The onboarding bubble is not always displayed * Bug 27283: Fix first-party isolation for UI tour * Bug 27213: Update about:tbupdate to new (about:tor) layout * Bug 14952+24553: Enable HTTP2 and AltSvc * Bug 25735: Tor Browser stalls while loading Facebook login page * Bug 17252: Enable TLS session identifiers with first-party isolation * Bug 26353: Prevent speculative connects that violate first-party isolation * Bug 26670: Make canvas permission prompt respect first-party isolation * Bug 24056: Use en-US strings in HTML forms if locale is spoofed to english * Bug 26456: HTTP .onion sites inherit previous page's certificate information * Bug 26561: .onion images are not displayed * Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus * Bug 26833: Backport Mozilla's bug 1473247 * Bug 26628: Backport Mozilla's bug 1470156 * Bug 26237: Clean up toolbar for ESR60-based Tor Browser * Bug 26519: Avoid Firefox icons in ESR60 * Bug 26039: Load our preferences that modify extensions (fixup) * Bug 26515: Update Tor Browser blog post URLs * Bug 26216: Fix broken MAR file generation * Bug 26409: Remove spoofed locale implementation * Bug 25543: Rebase Tor Browser patches for ESR60 * Bug 23247: Show security state of .onions * Bug 26039: Load our preferences that modify extensions * Bug 17965: Isolate HPKP and HSTS to URL bar domain * Bug 21787: Spoof en-US for date picker * Bug 21607: Disable WebVR for now until it is properly audited * Bug 21549: Disable wasm for now until it is properly audited * Bug 26614: Disable Web Authentication API until it is properly audited * Bug 27281: Enable Reader View mode again * Bug 26114: Don't expose navigator.mozAddonManager to websites * Bug 21850: Update about:tbupdate handling for e10s * Bug 26048: Fix potentially confusing "restart to update" message * Bug 27221: Purge startup cache if Tor Browser version changed * Bug 26049: Reduce delay for showing update prompt to 1 hour * Bug 26365: Add potential AltSvc support * Bug 9145: Fix broken hardware acceleration on Windows and enable it * Bug 26045: Add new MAR signing keys * Bug 25215: Revert bug 18619 (we are not disabling IndexedDB any longer) * Bug 19910: Rip out optimistic data socks handshake variant (#3875) * Bug 22564: Hide Firefox Sync * Bug 25090: Disable updater telemetry * Bug 26127: Make sure Torbutton and Tor Launcher are not treated as legacy extensions * Bug 13575: Disable randomised Firefox HTTP cache decay user tests * Bug 22548: Firefox downgrades VP9 videos to VP8 for some users * Bug 24995: Include git hash in tor --version * Bug 27268+27257+27262+26603 : Preferences clean-up * Bug 26073: Migrate general.useragent.locale to intl.locale.requested * Bug 27129+20628: Make Tor Browser available in ca, ga, id, is, nb, da, he, sv, and zh-TW * Bug 12927: Include Hebrew translation into Tor Browser * Bug 21245: Add danish (da) translation * Windows * Bug 20636+10026: Create 64bit Tor Browser for Windows * Bug 26239+24197: Enable content sandboxing for 64bit Windows builds * Bug 26514: Fix intermittent updater failures on Win64 (Error 19) * Bug 26874: Fix UNC path restrictions failure in Tor Browser 8.0a9 * Bug 12968: Enable HEASLR in Windows x86_64 builds * Bug 26381: Work around endless loop during page load and about:tor not loading * Bug 27411: Fix broken security slider and NoScript interaction on Windows * Bug 22581: Fix shutdown crash * Bug 25266: PT config should include full names of executable files * Bug 26304: Update zlib to version 1.2.11 * Update tbb-windows-installer to 0.4 * Bug 26355: Update tbb-windows-installer to check for Windows7+ * Bug 26355: Require Windows7+ for updates to Tor Browser 8 * OS X * Bug 24136: After loading file:// URLs clicking on links is broken on OS X * Bug 24243: Tor Browser only renders HTML for local pages via file:// * Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging * Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured * Linux * Bug 22794: Don't open AF_INET/AF_INET6 sockets when AF_LOCAL is configured * Bug 25485: Unbreak Tor Browser on systems with newer libstdc++ * Bug 20866: Fix OpenGL software rendering on systems with newer libstdc++ * Bug 26951+18022: Fix execdesktop argument passing * Bug 24136: After loading file:// URLs clicking on links is broken on Linux * Bug 24243: Tor Browser only renders HTML for local pages via file:// * Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging * Bug 20283: Tor Browser should run without a `/proc` filesystem. * Bug 26354: Set SSE2 support as minimal requirement for Tor Browser 8 * Build System * All * Bug 26362+26410: Use old MAR format for first ESR60-based stable * Bug 27020: RBM build fails with runc version 1.0.1 * Bug 26949: Use GitHub repository for STIX * Bug 26773: Add --verbose to the ./mach build flag for firefox * Bug 26319: Don't package up Tor Browser in the `mach package` step * Bug 27178: add support for xz compression in mar files * Clean up * Windows * Bug 26203: Adapt tor-browser-build/tor-browser for Windows * Bug 26204: Bundle d3dcompiler_47.dll for Tor Browser 8 * Bug 26205: Don't build the uninstaller for Windows during Firefox compilation * Bug 26206: Ship pthread related dll where needed * Bug 26396: Build libwinpthread reproducible * Bug 25837: Integrate fxc2 into our build setup for Windows builds * Bug 27152: Use mozilla/fxc2.git for the fxc2 repository * Bug 25894: Get a rust cross-compiler for Windows * Bug 25554: Bump mingw-w64 version for ESR 60 * Bug 23561: Fix nsis builds for Windows 64 * Bug 13469: Windows installer is missing many languages from NSIS file * Bug 23231: Remove our STL Wrappers workaround for Windows 64bit * Bug 26370: Don't copy msvcr100.dll and libssp-0.dll twice * Bug 26476: Work around Tor Browser crashes due to fix for bug 1467041 * Bug 18287: Use SHA-2 signature for Tor Browser setup executables * Bug 25420: Update GCC to 6.4.0 * Bug 16472: Update Binutils to 2.26.1 * Bug 20302: Fix FTE compilation for Windows with GCC 6.4.0 * Bug 25111: Don't compile Yasm on our own anymore for Windows Tor Browser * Bug 18691: Switch Windows builds from precise to jessie * OS X * Bug 24632: Update macOS toolchain for ESR 60 * Bug 9711: Build our own cctools for macOS cross-compilation * Bug 25548: Update macOS SDK for Tor Browser builds to 10.11 * Bug 26003: Clean up our mozconfig-osx-x86_64 file * Bug 26195: Use new cctools in our macosx-toolchain project * Bug 25975: Get a rust cross-compiler for macOS * Bug 26475: Disable Stylo to make macOS build reproducible * Bug 26489: Fix .app directory name in tools/dmg2mar * Linux * Bug 26073: Patch tor-browser-build for transition to ESR 60 * Bug 25481: Rust support for tor-browser and tor * Bug 25304: Update GCC to 6.4.0 * Bug 16472: Update Binutils to 2.26.1 Georg

1 0

Tor Browser 8.0a10 is ready for testing
by Georg Koppen 17 Aug '18

17 Aug '18

Hi! Tor Browser 8.0a10 is ready for testing. It's the second alpha release based on Firefox ESR 60 and bundles can be found at: https://people.torproject.org/~boklm/builds/8.0a10-build5/ Please give those bundles a try if you can! Tor Browser 8.0a10 contains a number of improvements and bug fixes. Most notably it contains large parts of the user onboarding and a revamped start page, which we developed together with the UX team (special thanks to Mark and Kathy for the implementation on short notice). Addtionally, the meek pluggable transport should be fully functional now and we audited and enabled HTTP2 which should give performance improvements on many websites. For Windows users we worked around a bug in mingw-w64 which affected updates on Windows (64bit) resulting in intermittent update failures. Moreove, we finally enabled hardware acceleration for improved browser rendering performance after applying a fix for a long-standing bug, which often caused crashes on Windows systems with graphics cards, e.g. from Nvidia. The Tor version we ship is now 0.3.4.6-rc and it would be a good time now to report client issues, noticed with this release candidate or previous alpha releases, in case they did not get fixed so far. The full changelog since 8.0a9 is: Tor Browser 8.0a10 -- August 20 2018 * All platforms * Update Tor to 0.3.4.6-rc * Update Torbutton to 2.0.2 * Bug 26960: Implement new about:tor start page * Bug 26961: Implement new user onboarding * Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus * Bug 26590: Use new svg.disabled pref in security slider * Bug 26655: Adjust color and size of onion button * Bug 26500: Reposition circuit display relay icon for RTL locales * Bug 26409: Remove spoofed locale implementation * Bug 26189: Remove content-policy.js * Bug 27129: Add locales ca, ga, id, is, nb * Translations update * Update Tor Launcher to 0.2.16.2 * Bug 26985: Help button icons missing * Bug 25509: Improve the proxy help text * Bug 27129: Add locales ca, ga, id, is, nb * Translations update * Update NoScript to 10.1.8.16 * Update meek to 0.31 * Bug 26477: Make meek extension compatible with ESR 60 * Bug 27082: Enable a limited UITour for user onboarding * Bug 26961: New user onboarding * Bug 14952: Enable HTTP2 and AltSvc * Bug 25735: Tor Browser stalls while loading Facebook login page * Bug 17252: Enable TLS session identifiers with first-party isolation * Bug 26353: Prevent speculative connects that violate first-party isolation * Bug 24056: Use en-US strings in HTML forms if locale is spoofed to english * Bug 26456: HTTP .onion sites inherit previous page's certificate information * Bug 26321: Move 'New Identity', 'New Circuit' to File, hamburger menus * Bug 26833: Backport Mozilla's bug 1473247 * Bug 26628: Backport Mozilla's bug 1470156 * Bug 26237: Clean up toolbar for ESR60-based Tor Browser * Bug 26519: Avoid Firefox icons in ESR60 * Bug 26039: Load our preferences that modify extensions (fixup) * Bug 26515: Update Tor Browser blog post URLs * Bug 27129: Add locales ca, ga, id, is, nb * Bug 26216: Fix broken MAR file generation * Bug 26409: Remove spoofed locale implementation * Bug 26603: Remove obsolete HTTP pipelining preferences * Windows * Bug 26514: Fix intermittent updater failures on Win64 (Error 19) * Bug 26874: Fix UNC path restrictions failure in Tor Browser 8.0a9 * Bug 12968: Enable HEASLR in Windows x86_64 builds * Bug 9145: Fix broken hardware acceleration * Update tbb-windows-installer to 0.4 * Bug 26355: Update tbb-windows-installer to check for Windows7+ * Bug 26355: Require Windows7+ for updates to Tor Browser 8 * OS X * Bug 26795: Bump snowflake to 6077141f4a for bug 25600 * Linux * Bug 25485: Unbreak Tor Browser on systems with newer libstdc++ * Bug 20866: Fix OpenGL software rendering on systems with newer libstdc++ * Bug 26951+18022: Fix execdesktop argument passing * Bug 26795: Bump snowflake to 6077141f4a for bug 25600 * Build System * All * Bug 26410: Stop using old MAR format in the alpha series * Bug 27020: RBM build fails with runc version 1.0.1 * Bug 26949: Use GitHub repository for STIX * Bug 26773: Add --verbose to the ./mach build flag for firefox * Bug 26569: Redirect pre-8.0a9 alpha users to a separate update directory * Bug 26319: Don't package up Tor Browser in the `mach package` step * OS X * Bug 26489: Fix .app directory name in tools/dmg2mar * Windows * Bug 27152: Use mozilla/fxc2.git for the fxc2 repository Georg

1 0

Tor Browser 8.0a9 is ready for testing
by Georg Koppen 28 Jun '18

28 Jun '18

Hello everyone! We are pleased to announce that we finally have a release candidate for Tor Browser 8.0a9 available for wider testing. After fixing a bunch of release relevant bugs during manual testing here are the bundles that could become Tor Browser 8.0a9: https://people.torproject.org/~gk/builds/8.0a9-build3/ Please give them a try if you can! Tor Browser 8.0a9 is the first alpha based in Firefox 60 ESR. We rebased all of our patches and updated our toolchains to pick up new requirements like Rust support. This alpha contains a bunch of new features which we hope to stabilize until Tor Browser 8 gets stable. Most notably we 1) improved our circuit display and moved it from the Torbutton menu to the identity box in the URL bar domain stressing its strong ties to the URL currently visited. 2) added support for .onion security indicators giving you a little onion icon instead/in addition to the padlock icon in the identity box. 3) added four new locales, da, he, sv-SE, and zh-TW to give users spekaing those languages an improved Tor Browser experience. The plan is to add even more locales once we are confident we can handle the additional load and disk space requirements. 4) replaced our old Torbutton icon with a shiny new one. That's the first step in redesigning our icons and making them compatible with Firefox's Photon UI. There is more to come in the next alphas. 5) are able to provide full content sandboxing support for 64bit Windows bundles thanks to the work done by Tom Ritter. Additionally, we updated a number of components we ship: Tor to 0.3.4.2-alpha, Torbutton to 2.0.1, TorLauncher to 0.2.16.1, HTTPS-Everywhere to 2018.06.21, and NoScript to 10.1.8.2. Expect more bugs than usual in this alpha. Which brings me to the known issues section. The most important ones are listed below: 1) We are still investigating why our generation of incremental update files are failing. We might not have fixed that in time for this release which means only the full update files might be available.[1] 2) Meek is currently broken. We need to update the browser part for make it compatible with ESR60.[2] 3) On Windows localized builds on first start the about:tor page is not shown, rather a weird XML error is visible.[3] 4) Maybe related to 3) NoScript does not seem to work properly on Windows builds right now.[4] 5) We are not done yet with reviewing the network code changes between ESR52 and ESR60. While I don't expect that proxy bypass bugs got introduced between those ESR series, I can't rule it out yet.[5] 6) We disable Stylo on macOS due to reproducibility issues we need to investigate and fix.[6] If any of you will find more issues (and I hope you do) please report them at https://bugs.torproject.org. We track all Tor Browser 8 related issues with the ff60-esr keyword. The full changelog since Tor Browser 8.0a8 is: Tor Browser 8.0a9 -- June 27 2018 * All platforms * Update Firefox to 60.1.0esr * Update Tor to 0.3.4.2-alpha * Update Libevent to 2.1.8 * Update Binutils to 2.26.1 * Update Torbutton to 2.0.1 * Bug 26100: Adapt Torbutton to Firefox 60 ESR * Bug 26430: New Torbutton icon * Bug 24309: Move circuit display to the identity popup * Bug 26128: Adapt security slider to the WebExtensions version of NoScript * Bug 23247: Show security state of .onions * Bug 26129: Show our about:tor page on startup * Bug 26235: Hide new unusable items from help menu * Bug 26058: Remove workaround for hiding 'sign in to sync' button * Bug 20628: Add locales da, he, sv, and zh-TW * Translations update * Update Tor Launcher to 0.2.16.1 * Bug 25750: Update Tor Launcher to make it compatible with Firefox 60 ESR * Bug 20890: Increase control port connection timeout * Bug 20628: Add more locales to Tor Browser * Translations update * Update HTTPS Everywhere to 2018.6.13 * Update NoScript to 10.1.8.2 * Bug 25543: Rebase Tor Browser patches for ESR60 * Bug 23247: Show security state of .onions * Bug 26039: Load our preferences that modify extensions * Bug 17965: Isolate HPKP and HSTS to URL bar domain * Bug 26365: Add potential AltSvc support * Bug 26045: Add new MAR signing keys * Bug 22564: Hide Firefox Sync * Bug 25090: Disable updater telemetry * Bug 26127: Make sure Torbutton and Tor Launcher are not treated as legacy extensions * Bug 26073: Migrate general.useragent.locale to intl.locale.requested * Bug 20628: Make Tor Browser available in da, he, sv-SE, and zh-TW * Bug 12927: Include Hebrew translation into Tor Browser * Bug 21245: Add danish (da) translation * Windows * Bug 26239+24197: Enable content sandboxing for 64bit Windows builds * Bug 22581: Fix shutdown crash * Bug 26424: Disable UNC paths to prevent possible proxy bypasses * Bug 26304: Update zlib to version 1.2.11 * OS X * Bug 24052: Backport fix for bug 1412081 for better file:// handling * Bug 24136: After loading file:// URLs clicking on links is broken on OS X * Bug 24243: Tor Browser only renders HTML for local pages via file:// * Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging * Bug 24632: Disable snowflake for now until its build is fixed * Bug 26438: Remove broken seatbelt profiles * Linux * Bug 24052: Backport fix for bug 1412081 for better file:// handling * Bug 24136: After loading file:// URLs clicking on links is broken on Linux * Bug 24243: Tor Browser only renders HTML for local pages via file:// * Bug 24263: Tor Browser does not run extension scripts if loaded via about:debugging * Bug 26153: Update selfrando to be compatible with Firefox 60 ESR * Bug 22242: Remove RUNPATH in Linux binaries embedded by selfrando * Bug 26354: Set SSE2 support as minimal requirement for Tor Browser 8 * Build System * All * Bug 26362: Use old MAR format for first ESR60-based alpha * Clean up * Windows * Bug 26203: Adapt tor-browser-build/tor-browser for Windows * Bug 26204: Bundle d3dcompiler_47.dll for Tor Browser 8 * Bug 26205: Don't build the uninstaller for Windows during Firefox compilation * Bug 26206: Ship pthread related dll where needed * Bug 26396: Build libwinpthread reproducible * Bug 25837: Integrate fxc2 into our build setup for Windows builds * Bug 25894: Get a rust cross-compiler for Windows * Bug 25554: Bump mingw-w64 version for ESR 60 * Bug 23561: Fix nsis builds for Windows 64 * Bug 23231: Remove our STL Wrappers workaround for Windows 64bit * Bug 26370: Don't copy msvcr100.dll and libssp-0.dll twice * Bug 26476: Work around Tor Browser crashes due to fix for bug 1467041 * Bug 18287: Use SHA-2 signature for Tor Browser setup executables * OS X * Bug 24632: Update macOS toolchain for ESR 60 * Bug 9711: Build our own cctools for macOS cross-compilation * Bug 25548: Update macOS SDK for Tor Browser builds to 10.11 * Bug 26003: Clean up our mozconfig-osx-x86_64 file * Bug 26195: Use new cctools in our macosx-toolchain project * Bug 25975: Get a rust cross-compiler for macOS * Bug 26475: Disable Stylo to make macOS build reproducible * Linux * Bug 26073: Patch tor-browser-build for transition to ESR 60 * Bug 25540: Stop building and distributing sandboxed tor browser * Bug 25481: Rust support for tor-browser and tor Georg [1] https://trac.torproject.org/projects/tor/ticket/26472 [2] https://trac.torproject.org/projects/tor/ticket/26477 [3] https://trac.torproject.org/projects/tor/ticket/26381 [4] https://trac.torproject.org/projects/tor/ticket/26381#comment:5 [5] https://trac.torproject.org/projects/tor/ticket/22176 [6] https://trac.torproject.org/projects/tor/ticket/26475

2 4

Tor Browser 7.5.6 is ready for testing
by Georg Koppen 22 Jun '18

22 Jun '18

Hi all! Tor Browser 7.5.4 is ready for testing. Bundles can be found on: https://people.torproject.org/~boklm/builds/7.5.6-build4 Tor Browser 7.5.6 contains security updates to Firefox and includes newer versions of NoScript and HTTPS Everywhere. Moreover, we added the latest Tor stable version, 0.3.3.7. This Tor Browser version additionally contains a number of backported patches from the alpha, most notably the feature to treat cookies set by .onion domain as secure as well. For Windows users we activated an option that prevents an accidental proxy bypass when dealing with UNC paths. The full changelog since Tor Browser 7.5.5 is Tor Browser 7.5.6 -- June 26 2018 * All platforms * Update Firefox to 52.9.0esr * Update Tor to 0.3.3.7 * Update Tor Launcher to 0.2.14.5 * Bug 20890: Increase control port connection timeout * Update HTTPS Everywhere to 2018.6.21 * Bug 26451: Prevent HTTPS Everywhere from freezing the browser * Update NoScript to 5.1.8.6 * Bug 21537: Mark .onion cookies as secure * Bug 25938: Backport fix for cross-origin header leak (bug 1334776) * Bug 25721: Backport patches from Mozilla's bug 1448771 * Bug 25147+25458: Sanitize HTML fragments for chrome documents * Bug 26221: Backport fix for leak in SHA256 in nsHttpConnectionInfo.cpp * Windows * Bug 26424: Disable UNC paths to prevent possible proxy bypasses

1 1

Tor Browser 8.0a7 is ready for testing
by Nicolas Vigier 05 May '18

05 May '18

Hi! Tor Browser 8.0a7 is ready for testing. Bundles can be found on: https://people.torproject.org/~boklm/builds/8.0a7-build1/ Tor Browser 8.0a7 contains security updates to Firefox. In addition we fixed some issues such as UI customization and Youtube videos play. Here is the full changelog since 8.0a6: * All platforms * Update Firefox to 52.8.0esr * Update Tor Launcher to 0.2.15.2 * Bug 25807: Change front domain to unbreak Moat * Translations update * Bug 25973: Backport off-by-one fix (bug 1352073) * Bug 25938: Backport fix for cross-origin header leak (bug 1334776) * Bug 25458: Fix broken UI customization * Bug 25898: Make Youtube videos play automatically again * Bug 25980: Improve backport of bug 1448771 (fixes broken Orfox build) * OS X * Bug 26010: Change Snowflake rendezvous to use the Azure domain front * Linux * Bug 26010: Change Snowflake rendezvous to use the Azure domain front Nicolas

1 0

Tor Browser 7.5.4 is ready for testing
by Nicolas Vigier 04 May '18

04 May '18

Hi All! Tor Browser 7.5.4 is ready for testing. Bundles can be found on: https://people.torproject.org/~boklm/builds/7.5.4-build1/ Note: the sha256sums files are signed using key 0x3E39CEABFC69F6F7. See this ticket for details: https://trac.torproject.org/projects/tor/ticket/25847 Tor Browser 7.5.4 contains security updates to Firefox and includes newer versions of NoScript and HTTPS Everywhere. In addition we backported a few fixes and improvements from the alpha series. Please give it a test if you can. Here is the full changelog since 7.5.3: * All platforms * Update Firefox to 52.8.0esr * Update HTTPS Everywhere to 2018.4.11 * Update NoScript to 5.1.8.5 * Bug 23439: Exempt .onion domains from mixed content warnings * Bug 22614: Make e10s/non-e10s Tor Browsers indistinguishable * Bug 22659: Changes to `intl.accept.languages` get overwritten after restart * Bug 25973: Backport off-by-one fix (bug 1352073) * Bug 25020: Add a tbb_version.json file Nicolas

1 0

← Newer
1
...
10
11
12
13
14
15
16
...
55
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

tor-qa