Mike Perry:
Tor Browser 3.6.5 is ready for testing with a target release date of Tuesday, September 2nd.
This release primarily updates Firefox to the new ESR point release, but also updates NoScript, HTTPS-Everywhere, and the canvas permissions prompt. It also restores the missing RELRO hardening option to the Linux bundles.
Here is the complete changelog:
- All Platforms
- Update Firefox to 24.8.0esr
- Update NoScript to 2.6.8.39
- Update HTTPS Everywhere to 4.0.0
- Update Torbutton to 1.6.12.1
- Bug 12684: New strings for canvas image extraction message
- Bug 8940: Move RecommendedTBBVersions file to
www.torproject.org * Bug 9531: Workaround to avoid rare hangs during New Identity
- Bug 12684: Improve Canvas image extraction permissions prompt
- Bug 7265: Only prompt for first party canvas access. Log all scripts that attempt to extract canvas images to Browser console.
- Bug 12974: Disable NTLM and Negotiate HTTP Auth
- Bug 2874: Remove Components.* from content access (regression)
- Bug 9881: Open popups in new tabs by default
- Linux:
- Bug 12103: Adding RELRO hardening back to browser binaries.
Testing: tor-browser-linux64-3.6.5_en-US.tar.xz Platform: Debian 7.6 Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Tor v0.2.4.23 (git-a9ea51dc0bd48126) Libevent 2.0.21-stable OpenSSL 1.0.1i Firefox: ESR *24.8.0*
TBB Launches successfully: yes Connects to the Tor network: yes
All extensions are present and functional: yes - HTTPS-Everywhere *4.0.0* - NoScript *2.6.8.39* - TorButton *1.6.12.1* - TorLauncher 0.2.5.6
WebBrowsing works as expected - HTTP, HTTPS, .onion browsing works - HTML5 videos work (http://videojs.com/) - http://ip-check.info/?lang=en - ok - https://panopticlick.eff.org/ - unique among 4,491,036, 22.1 bits of identifying information
SOCKS/external apps work as expected: yes