tor-qa July 2015

tor-qa@lists.torproject.org

5 participants
2 discussions

TBB 5.0a4 is ready for testing
by Mike Perry 08 Aug '15

08 Aug '15

The final alpha before TBB 5.0 is ready for testing at: https://people.torproject.org/~mikeperry/builds/5.0a4-build3/ The primary user-facing change in this release is the inclusion of built-in fonts. If someone is willing to run the instructions here to set up a hidden service or other test site so we can test Windows vs Mac vs Linux differences, that would be most helpful: https://trac.torproject.org/projects/tor/ticket/13313#comment:16 I am about to hop on a plane. If no one gets to it, I will try to set something up on Monday and re-post to this list. Otherwise, the usual tests are also appeciated. Here is the complete changelog: * All Platforms * Update Tor to 0.2.7.2-alpha with patches: * Bug 15482: Don't allow circuits to change while a site is in use * Update OpenSSL to 1.0.1p * Update HTTPS-Everywhere to 5.0.7 * Update NoScript to 2.6.9.31 * Update Torbutton to 1.9.3.1 * Bug 16268: Show Tor Browser logo on About page * Bug 16639: Check for Updates menu item can cause update download failure * Bug 15781: Remove the sessionstore filter * Bug 15656: Sync privacy.resistFingerprinting with Torbutton pref * Translation updates * Bug 16884: Prefer IPv6 when supported by the current Tor exit * Bug 16488: Remove "Sign in to Sync" from the browser menu * Bug 13313: Bundle a fixed set of fonts to defend againstfingerprinting * Bug 16662: Enable network.http.spdy.* prefs in meek-http-helper * Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent (fixup) * Bug 15703: Isolate mediasource URIs and media streams to first party * Bug 16429+16416: Isolate blob URIs to first party * Bug 16632: Turn on the background updater and restart prompting * Bug 16528: Prevent indexedDB Modernizr site breakage on Twitter and elsewhere * Bug 16523: Fix in-browser JavaScript debugger * Bug 16236: Windows updater: avoid writing to the registry * Bug 16005: Restrict WebGL minimal mode a bit (fixup) * Bug 16625: Fully disable network connection prediction * Bug 16495: Fix SVG crash when security level is set to "High" * Build System * Bug 15864: rename sha256sums.txt to sha256sums-unsigned-build.txt -- Mike Perry

9 19

Tor Browser 5.0a3 is ready for testing
by Georg Koppen 01 Jul '15

01 Jul '15

Hi, the first Tor Browser based on Firefox ESR 38 is ready for testing and can be found at: https://people.torproject.org/~gk/builds/5.0a3-build5/ Tor Browser 5.0a3 is based on Firefox 38.1.0esr. We needed to modify some of the new APIs and capabilities in order to neuter fingerprinting an tracking risks. Details about it can be found in the changelog below. While we think we have fixed the most crucial issues there is still a way to go before we can switch to ESR 38 for our stable series. The open tickets currently on our radar can be found at: https://trac.torproject.org/projects/tor/query?status=accepted&status=assig… In order to get Tor Browser built at all we needed to update our toolchain on OS X using now the OS X 10.7 SDK. For Linux and Windows we switched to GCC 5.1 as our new (cross)-compiler. We are therefore especially interested in feedback if there are stability issues or broken Tor Browser bundles due to this toolchain upgrade. Besides these two major changes there are a lot of other things that got improved. Most notably, we bumped OpenSSL to version 1.0.1o, NoScript to version 2.6.9.27 and Torbutton to version 1.9.3.0. Included as well is a backported Tor patch to improve usability on websites and we fixed a crash bug impacting users with the security slider level set to "High". Here is the full changelog: Tor Browser 5.0a3 -- June 30 2015 * All Platforms * Update Firefox to 38.1.0esr * Update OpenSSL to 1.0.1o * Update NoScript to 2.6.9.27 * Tor patch backport * Bug 16430: Allow DNS names with _ characters in them (fixes nytimes.com) * Update Torbutton to 1.9.3.0 * Bug 16403: Set search parameters for Disconnect * Bug 14429: Make sure the automatic resizing is disabled * Bug 16427: Use internal update URL to block updates (instead of 127.0.0.1) * Bug 16200: Update Cache API usage and prefs for FF38 * Bug 16357: Use Mozilla API to wipe permissions db * Translation updates * Update Tor Launcher to 0.2.6.7 * Bug 16428: Use internal update URL to block updates (instead of 127.0.0.1) * Bug 15145: Visually distinguish "proxy" and "bridge" screens. * Translation updates * Bug 16397: Fix crash related to disabling SVG * Bug 16403: Set search parameters for Disconnect * Bug 16446: Update FTE bridge #1 fingerprint * Bug 15646: Prevent keyboard layout fingerprinting in KeyboardEvent * Bug 16005: Relax WebGL minimal mode * Bug 16300: Isolate Broadcast Channels to first party * Bug 16439: Remove Roku screencasting code * Bug 16285: Disabling EME bits * Bug 16206: Enforce certificate pinning * Bug 15910: Disable GMPs for now * Bug 13670: Isolate OCSP requests by first party domain * Bug 16448: Isolate favicon requests by first party * Bug 7561: Disable FTP request caching * Bug 6503: Fix single-word URL bar searching * Bug 15526: ES6 page crashes Tor Browser * Bug 16254: Disable GeoIP-based search results. * Bug 16222: Disable WebIDE to prevent remote debugging and addon downloads. * Bug 13024: Disable DOM Resource Timing API * Bug 16340: Disable User Timing API * Bug 14952: Disable HTTP/2 * Mac OS * Use OSX 10.7 SDK * Bug 16253: Tor Browser menu on OS X is broken with ESR 38 * Build System * Bug 16351: Upgrade our toolchain to use GCC 5.1 * Bug 15772 and child tickets: Update build system for Firefox 38 Georg

1 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

tor-qa July 2015