[tor-qa] Tor Browser 6.0a5 is ready for testing
Georg Koppen
gk at torproject.org
Sun Apr 24 20:45:32 UTC 2016
Hello,
we are pleased to accounce that Tor Browser 6.0a5 is ready for testing
and bundles can be found on:
https://people.torproject.org/~gk/builds/6.0a5-build3/
This will probably be our last alpha release before the stable 6.0 and
it contains a bunch of noteworthy changes.
First, we switched the browser to Firefox ESR 45 and rebased our old
patches/wrote new ones were necessary.
Second, we ship a new Tor alpha version, 0.2.8.2, which makes meek
usable again and contains a number of other improvements/stability fixes.
Third, this alpha release will introduce code signing for OS X in order
to cope with Gatekeeper. There were bundle layout changes necessary to
adhere to code signing requirements. Please test that everything is
still working as expected if you happen to have an OS X machine.
The fourth highlight is the fix for an installer related DLL hijacking
vulnerability. This vulnerability made it necessary to deploy a newer
NSIS version to create our .exe files. Please test that the installer is
still working as expected if you happen to have a Windows machine.
Here is the full changelog since 6.0a4:
Tor Browser 6.0a5 -- April 27 2016
* All Platforms
* Update Firefox to 45.1.0esr
* Update Tor to 0.2.8.2-alpha
* Update Torbutton to 1.9.5.3
* Bug 18466: Make Torbutton compatible with Firefox ESR 45
* Translation updates
* Update Tor Launcher to 0.2.9.1
* Bug 13252: Do not store data in the application bundle
* Bug 10534: Don't advertise the help desk directly anymore
* Translation updates
* Update HTTPS-Everywhere to 5.1.6
* Update NoScript to 2.9.0.11
* Update meek to 0.22 (tag 0.22-18371-2)
* Bug 18371: Symlinks are incompatible with Gatekeeper signing
* Bug 15197 and child tickets: Rebase Tor Browser patches to ESR 45
* Bug 18042: Disable SHA1 certificate support
* Bug 18821: Disable libmdns support for desktop and mobile
* Bug 18848: Disable additional welcome URL shown on first start
* Bug 14970: Exempt our extensions from signing requirement
* Bug 16328: Disable MediaDevices.enumerateDevices
* Bug 16673: Disable HTTP Alternative-Services
* Bug 17167: Disable Mozilla's tracking protection
* Bug 18603: Disable performance-based WebGL fingerprinting option
* Bug 18738: Disable Selfsupport and Unified Telemetry
* Bug 18799: Disable Network Tickler
* Bug 18800: Remove DNS lookup in lockfile code
* Bug 18801: Disable dom.push preferences
* Bug 18802: Remove the JS-based Flash VM (Shumway)
* Bug 18863: Disable MozTCPSocket explicitly
* Bug 15640: Place Canvas MediaStream behind site permission
* Bug 16326: Verify cache isolation for Request and Fetch APIs
* Bug 18741: Fix OCSP and favicon isolation for ESR 45
* Bug 16998: Disable <link rel="preconnect"> for now
* Bug 18726: Add new default obfs4 bridge (GreenBelt)
* Windows
* Bug 13419: Support ICU in Windows builds
* Bug 16874: Fix broken https://sports.yahoo.com/dailyfantasy page
* Bug 18767: Context menu is broken on Windows in ESR 45 based Tor
Browser
* OS X
* Bug 6540: Support OS X Gatekeeper
* Bug 13252: Tor Browser should not store data in the application bundle
* Build System
* All Platforms
* Bug 18127: Add LXC support for building with Debian guest VMs
* Bug 16224: Don't use BUILD_HOSTNAME anymore in Firefox builds
* Windows
* Bug 17895: Use NSIS 2.51 for installer to avoid DLL hijacking
* Bug 18290: Bump mingw-w64 commit we use
* OS X
* Bug 18331: Update toolchain for Firefox 45 ESR
* Bug 18690: Switch to Debian Wheezy guest VMs
* Linux
* Bug 18699: Stripping fails due to obsolete Browser/components
directory
* Bug 18698: Include libgconf2-dev for our Linux builds
Georg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-qa/attachments/20160424/24d5f98a/attachment.sig>
More information about the tor-qa
mailing list