From richard at torproject.org Sat Sep 10 03:15:51 2022 From: richard at torproject.org (Richard Pospesel) Date: Sat, 10 Sep 2022 03:15:51 +0000 Subject: [tor-announce] Tor Browser 12.0a2 released Message-ID: <9b992cef-4b86-f122-4d2c-24b53a30417a@torproject.org> Tor Browser 12.0a2 is now available from the Tor Browser download page and also from our distribution directory. This marks our first alpha on the Firefox ESR 102 series, and our first Android released based on the Firefox ESR (Extended Support Release) series. In the past, our Tor Browser for Android releases have been based on the Firefox Rapid Release schedule. Going forward, Tor Browser for Android will be based on the latest Firefox ESR (same as our Windows, macOS and Linux releases) and we will be back-porting Android-specific security updates from the Rapid Release branches. This updated release schedule should allow us to improve the general stability of Tor Browser for Android and be more confident in our releases going forward. Tor Browser 12.0a2 updates Firefox on Android, Windows, macOS, and Linux to 102.2.0esr. We use this opportunity to update various other components of Tor Browser as well : Tor 0.4.7.10 Tor Launcher 0.2.39 (Desktop only) NoScript 11.4.10 Go 1.18.5 (Android only) This version includes important security updates to Firefox. We also backport the following Android-specific security updates: CVE-2022-36317 CVE-2022-38474 Notably, we have also enabled HTTPS-Only mode for Tor Browser for Android (this feature is already enabled for Desktop). This feature, when enabled, overrides HTTPS-Everywhere functionality. For now this can be reverted in the 'Settings > Privacy and security' pane( see: https://gitlab.torproject.org/tpo/applications/fenix/-/merge_requests/151 ). The full changelog since Tor Browser 12.0a1 is: All Platforms Update Firefox to 102.2.0esr Update Tor to 0.4.7.10 Update NoScript to 11.4.10 Update Translations Bug tor-browser#40242: Tor Browser has two default bridges that share a fingerprint, and Tor ignores one Windows + macOS + Linux Update Tor-Launcher to 0.2.39 Update Manual Bug tor-browser-build#40580: Add support for uk (ukranian) locale Bug tor-browser-buid#40595: Migrate to 102 on desktop Bug tor-browser#41075: The Tor Browser is showing caution sign but your document said it won't Bug tor-browser#41089: Add tor-browser build scripts + Makefile to tor-browser macOS Bug tor-browser#41108: Remove privileged macOS installation from 102 Android Bug fenix#40225: Bundled extensions don't get updated with Android Tor Browser updates (they stay stuck at the first installed version) Bug tor-browser#41094: Enable HTTPS-Only Mode by default in Tor Browser Android Bug tor-browser#41156: User-installed addons are broken on Android Bug tor-browser#41166: Backport fix for CVE-2022-36317: Long URL would hang Firefox for Android (Bug 1759951) Bug tor-browser#41167: Backport fix for CVE-2022-38474: Recording notification not shown when microphone was recording on Android (Bug 1719511) Build System All Platforms Bug tor-browser-build#40407: Bump binutils version to pick up security improvements for Windows users Bug tor-browser-build#40591: Rust 1.60 not working to build 102 on Debian Jessie Bug tor-browser-build#40592: Consider re-using our LLVM/Clang to build Rust Bug tor-browser-build#40593: Update signing scripts to take into account new project names and layout Bug tor-browser-build#40607: Add alpha-specific release prep template Bug tor-browser-build#40610: src-*.tar.xz tarballs are missing in https://dist.torproject.org/torbrowser/12.0a1/ Bug tor-browser-build#40612: Migrate Release Prep template to Release Prep - Stable Windows + macOS + Linux Bug tor-browser#41099: Update+comment the update channels in update_responses.config.yaml Windows Bug tor-browser-buid#29318: Use Clang for everything on Windows Bug tor-browser-build#29321: Use mingw-w64/clang toolchain to build tor Bug tor-browser-build#29322: Use mingw-w64/clang toolchain to build OpenSSL Bug tor-browser-build#40409: Upgrade NSIS to 3.08 macOS Bug tor-browser-build#40605: Reworked the macOS toolchain creation Bug tor-browser-build#40620: Update macosx-sdk to 11.0 Linux Bug tor-browser-build#31321: Add cc -> gcc link to projects/gcc Android Update Go to 1.18.5 Bug tor-browser-build#40574: Improve tools/signing/android-signing Bug tor-browser-build#40582: Prepared TBA to use Mozilla 102 components Bug tor-browser-build#40604: Bug 40604: Fix binutils build on android -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0xDE47360363F34B2C.asc Type: application/pgp-keys Size: 5560 bytes Desc: OpenPGP public key URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: From richard at torproject.org Thu Sep 29 22:13:45 2022 From: richard at torproject.org (Richard Pospesel) Date: Thu, 29 Sep 2022 22:13:45 +0000 Subject: [tor-announce] Tor Browser 12.0a3 is released (Android, Windows, macOS, Linux) Message-ID: <344ac5d6-eec1-6d2e-3beb-eb9b8dc8e4c8@torproject.org> Tor Browser 12.0a3 is now available from the Tor Browser download page and also from our distribution directory. Tor Browser 12.0a3 updates Firefox on Android, Windows, macOS, and Linux to 102.3.0esr. We use this opportunity to update various other components of Tor Browser as well : NoScript 11.4.11 This version includes important security updates to Firefox. We also backport the following Android-specific security updates from Firefox 105: CVE-2022-40961 Additionally, the HTTPS-Everywhere extension has been removed and its functionality replaced with HTTP-Only mode on Android. The full changelog since Tor Browser 12.0a2 is: All Platforms Update Firefox to 102.3.0esr Update NoScript to 11.4.11 Update Translations Bug tor-browser-build#40624: Change placeholder bridge addresses to make snowflake and meek work with ReachableAddresses/FascistFirewall Bug tor-browser#41125: Review Mozilla 1732792: retry polling requests without proxy Windows + macOS + Linux Bug tor-browser#41116: Review Mozilla 1226042: add support for the new 'system-ui' generic font family Bug tor-browesr#41283: Toolbar buttons missing their label attribute Bug tor-browser#41284: Stray security-level- fluent ids Bug tor-browser#41287: New identity button inactive if added after customization Bug tor-browser#41292: moreFromMozilla pane in about:preferences in 12.0a2 Bug tor-browser#41307: font whitelist typos Linux Bug tor-browser-build#40626: Define the replacements for generic families on Linux Bug tor-browser#41163: Fixing loading of bundled fonts on linux Android Bug tor-browser#41159: Remove HTTPS-Everywhere extension from esr102-based Tor Browser Android Bug tor-browser#41312: Backport Firefox 105 Android security fixes to 102.3-based Tor Browser Build System All Platforms Bug tor-browser-build#40587: Migrate tor-browser-build configs from gitolite to gitlab repos Bug tor-browser#41321: Delete various master branches after automated build/testing scripts are updated Linux Bug tor-browser-build#40621: Update namecoin patches for linted TorButton Android Bug tor-browser#41304: Add Android-specific targets to makefiles -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0xDE47360363F34B2C.asc Type: application/pgp-keys Size: 5560 bytes Desc: OpenPGP public key URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: