[tor-dev] Release: sandboxed-tor-browser-0.0.5

Yawning Angel yawning at schwanenlied.me
Thu Apr 13 08:23:23 UTC 2017 

Hello,

I just tagged sandboxed-tor-browser 0.0.5.  Binaries will be built when
the next Tor Browser build happens (soon).  Astute readers will notice
that I skipped the release announcement for 0.0.4, which was tagged
yesterday.  This is due to changes related to e10s being enabled in the
next alpha release, that were caught after the 0.0.4 tag was created.

Changes in version 0.0.5 - 2017-04-13:
 * Bug 21764: Use bubblewrap's `--die-with-parent` when supported.
 * Fix e10s Web Content crash on systems with grsec kernels.
 * Add `prlimit64` to the firefox system call whitelist.

Changes in version 0.0.4 - 2017-04-12:
 * Bug 21928: Force a reinstall if an existing hardened bundle is
   present.
 * Bug 21929: Remove hardened/ASAN related code.
 * Bug 21927: Remove the ability to install/update the hardened bundle.
 * Bug 21244: Update the MAR signing key for 7.0.
 * Bug 21536: Remove asn's scramblesuit bridge from Tor Browser.
 * Fix compilation with Go 1.8.
 * Use Config.Clone() to clone TLS configs when available.

The main major change is the eradication of support for the `hardened`
series, as the Tor Browser team will be dropping it starting from the
next release (#20814).

The impact on `sandboxed-tor-browser` + `hardened` users is thus:

 * (< 0.0.4) Will not correctly transition to the alpha channel.
   Sorry.  The bundle may or may not be rendered non-functional by the
   transition update, I don't have a good way to test the Tor Browser
   auto update infrastructure with updates that haven't been released
   yet.

 * (>= 0.0.4) When `sandboxed-tor-browser` is launched, it will detect
   the `hardened` bundle and force a reinstall.  This will eradicate the
   existing bundle directory obliterating user customization,
   bookmarks, and downloads (unless the download directory is
   overridden).

   A warning dialog box is displayed prior to booting the user back to
   the installation screen.

Known issues:

 * Sending SIGINT to `sandboxed-tor-browser` (or likely otherwise
   killing the process) will leave the firefox process running on
   ESR52 + e10s builds, *unless* bubblewrap is version 0.1.8 or newer.
   Exiting firefox normally works as intended.

Regards,

-- 
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170413/bf5fcd4d/attachment.sig>

More information about the tor-dev mailing list