Hi all!
Tor Browser 7.0a3 is ready for testing. Candidate bundles for this alpha release can be found on:
https://people.torproject.org/~boklm/builds/7.0a3-build4/
This is the first alpha release which is based on Firefox ESR 52. We updated all of our patches that did not get upstreamed yet and made Torbutton and Tor Launcher multiprocess (e10s) compatible. After the first nightly build based on ESR52[1] we already fixed a number of bugs associated with this switch. But more remain, please help!
We hope having e10s and Mozilla's content sandbox enabled will be one of the major new features in the upcoming Tor Browser 7.0 series, both security- and performance-wise. While we are still working on the sandbox part for Windows, both Linux and macOS have e10s and content sandboxing enabled by default in Tor Browser 7.0a3. There are already a number of bugs related to that on our radar which can be found on our bug tracker and which are tagged with the `tbb-e10s` keyword.[2] If you find more, please report them!
We updated our toolchains during the ESR transition as well. In particular we retired the old GCC-based one for our macOS cross-compilation and rely solely on clang/cctools now. Still, we need to deal with new reproducibility issues (on Linux) which we hope to have fixed in the final 7.0a3 alpha release.[3]
Apart from switching to the new ESR and dealing with related issues we included a new Tor alpha (0.3.0.5-rc) and updated our NoScript (5.0.2) and HTTPS-Everywhere versions (5.2.14). The sandboxed Tor Browser for Linux got updated to 0.0.5 making sure it is compatible with Firefox ESR 52.
As in the upcoming Tor Browser 6.5.2 we provide a fix for Tor Browser crashing on github.com on Windows and Twitter issues that got reported already a while ago. We updated our security slider as well taking newer JIT preferences into account.
Please test this release candidate and later on the alpha as we only have this one and probably another alpha release to get Tor Browser 7.0 into a stable shape. All tickets for the remaining 7.0 alphas on our radar can be found with the `tbb-7.0-must-alpha` keyword[4], all related to our ESR52 switch with the `ff52-esr` one.[5]
The full changelog since Tor Browser 7.0a2 is:
Tor Browser 7.0a3 -- April 20 2017 * All Platforms * Update Firefox to 52.1.0esr * Tor to 0.3.0.5-rc * Update Torbutton to 1.9.7.2 * Bug 21865: Update our JIT preferences in the security slider * Bug 21747: Make 'New Tor Circuit for this Site' work in ESR52 * Bug 21745: Fix handling of catch-all circuit * Bug 21547: Fix circuit display under e10s * Bug 21268: e10s compatibility for New Identity * Bug 21267: Remove window resize implementation for now * Bug 21201: Make Torbutton multiprocess compatible * Translations update * Update Tor Launcher to 0.2.12 * Bug 21920: Don't show locale selection dialog * Bug 21546: Mark Tor Launcher as multiprocess compatible * Bug 21264: Add a README file * Translations update * Update HTTPS-Everywhere to 5.2.14 * Update NoScript to 5.0.2 * Update sandboxed-tor-browser to 0.0.5 * Bug 21764: Use bubblewrap's `--die-with-parent` when supported * Fix e10s Web Content crash on systems with grsec kernels * Bug 21928: Force a reinstall if an existing hardened bundle is present * Bug 21929: Remove hardened/ASAN related code * Bug 21927: Remove the ability to install/update the hardened bundle * Bug 21244: Update the MAR signing key for 7.0 * Bug 21536: Remove asn's scramblesuit bridge from Tor Browser * Add `prlimit64` to the firefox system call whitelist * Fix compilation with Go 1.8 * Use Config.Clone() to clone TLS configs when available * Update Go to 1.7.5 (bug 21709) * Bug 21555+16450: Don't remove Authorization header on subdomains (e.g. Twitter) * Bug 21887: Fix broken error pages on higher security levels * Bug 21876: Enable e10s by default on all supported platforms * Bug 21876: Always use esr policies for e10s * Bug 20905: Fix resizing issues after moving to a direct Firefox patch * Bug 21875: Modal dialogs are maximized in ESR52 nightly builds * Bug 21885: SVG is not disabled in Tor Browser based on ESR52 * Bug 17334: Hide Referer when leaving a .onion domain (improved patch) * Bug 3246: Double-key cookies * Bug 8842: Fix XML parsing error * Bug 16886: 16886: "Add-on compatibility check dialog" contains Firefox logo * Bug 19192: Untrust Blue Coat CA * Bug 19955: Avoid confusing warning that favicon load request got cancelled * Bug 20005: Backport fixes for memory leaks investigation * Bug 20755: ltn.com.tw is broken in Tor Browser * Bug 21896: Commenting on website is broken due to CAPTCHA not being disaplyed * Bug 20680: Rebase Tor Browser patches to 52 ESR * Bug 21917: Add new obfs4 bridges * Bug 21918: Move meek-amazon to d2cly7j4zqgua7.cloudfront.net backend * Windows * Bug 21795: Fix Tor Browser crashing on github.com * Bug 12426: Make use of HeapEnableTerminationOnCorruption * Bug 19316: Make sure our Windows updates can deal with the SSE2 requirement * Bug 21868: Fix build bustage with FIREFOX_52_0_2esr_RELEASE for Windows * OS X * Bug 21723: Fix inconsistent generation of MOZ_MACBUNDLE_ID * Bug 21724: Make Firefox and Tor Browser distinct macOS apps * Bug 21931: Backport OSX SetupMacCommandLine updater fixes * Linux * Bug 21907: Fix runtime error on CentOS 6 * Bug 21748: Fix broken Snowflake build and update bridge details * Bug 21954: Snowflake breaks the 7.0a3 build * Build system * Windows * Bug 21837: Fix reproducibility of accessibility code for Windows * Bug 21240: Create patches to fix mingw-w64 compilation of Firefox ESR 52 * Bug 21904: Bump mingw-w64 commit to help with sandbox compilation * Bug 18831: Use own Yasm for Firefox cross-compilation * OS X * Bug 21328: Updating to clang 3.8.0 * Bug 21754: Remove old GCC toolchain and macOS SDK * Bug 19783: Remove unused macOS helper scripts * Bug 10369: Don't use old GCC toolchain anymore for utils * Bug 21753: Replace our old GCC toolchain in PT descriptor * Bug 18530: ESR52 based Tor Browser only runs on macOS 10.9+ * Linux * Bug 21930: NSS libraries are missing from mar-tools archive * Bug 21239: Adapt Linux Firefox descriptor to ESR52 (use GTK2) * Bug 21629: Fix broken ASan builds when switching to ESR 52
Georg
[1] https://lists.torproject.org/pipermail/tbb-dev/2017-April/000501.html [2] https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~... [3] https://trac.torproject.org/projects/tor/ticket/21960 [4] https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~... [5] https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~...
Testing: TorBrowser-7.0a3-osx64_en-US.dmg (based on Mozilla Firefox 52.1.0) (64-bit) Platform: macOS 10.12.4 (16E195)
TBB Launches successfully: yes Connects to the Tor network: yes Browser toolbars and menus work, tab dragging works: yes Circuit display present: yes
*Able to create new identity: NO* *Able to create new tor circuit for site: NO* Note that these errors only apply to a TBB instance running from a disk image. Copying the app to the Downloads folder works as expected. Screenshot: https://cl.ly/2N0O362k0m1o/Image%202017-04-19%20at%2008.09.10.png "Torbutton: Unexpected error during offline cache clearing: [Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsICacheStorage.asyncEvictStorage]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame :: chrome://torbutton/content/torbutton.js :: torbutton_do_new_identity :: line 1190" data: no]" There is no error when trying to create a new tor circuit for a site; nothing happens but the circuit display is exactly the same.
Also, unlike when saving a local copy, when running off a disk image, all my bookmarks are preserved and two tabs open on the first run: the successful update and changelog, and the homepage with the warning the bundle is out of date. This is good though; it's very helpful to be able to preserve bookmarks across TBB updates.
I'm an unable to view add ons (Tools>Add Ons) when running from a disk image as well. I get stuck with a loading gif: https://cl.ly/2W1W412N433U/Screen%20Recording%202017-04-19%20at%2008.08.gif
Note: Saving TorBrowser.app to the Downloads folder and running it created another folder in Downloads called "TorBrowser-Data". This makes sense, but I don't think I've noticed this before when testing other bundles the same way.
All extensions are present and functional: yes - HTTPS-Everywhere 5.2.14 - NoScript 5.0.2 - TorButton 1.9.7.2 - TorLauncher 0.2.12
WebBrowsing works as expected: - HTTP, HTTPS, .onion browsing works (http://duskgytldkxiuqc6.onion/) - HTML5 videos work on http://videojs.com/ and YouTube
SOCKS/external apps work as expected: NO
This is probably the biggest issue. I was not able to send an email using Thunderbird + Torbirdy except when running the Tor Browser 6.5.1.
Some or all of these issues might be because I'm running TBB off of a disk image or from my Downloads folder as opposed to actually installing it over the current stable version in the Applications folder. Feel free to let me know if I'm testing this incorrectly.
————————————————————————————————————————————————————————————
Sandboxed Tor Browser:
I'm probably doing something wrong here, but I can't get this to work. 1. Download and open Tor Browser disk image TorBrowser-7.0a3-osx64_en-US.dmg 2. Copy "Sandboxed Tor Browser" folder to Downloads 3. Copy TorBrowser.app into the folder 4. Open terminal and execute start-tor-with-sandbox file Get error message: sandbox-exec: tor.sb: No such file or directory (I see the tor.sb file in the folder, though.) 5. Decide to keep going anyway and execute start-browser-with-sandbox Get error message: sandbox-exec: /Users/wiltongorske/tb.sb: No such file or directory The script did work somewhat. A folder called TorBrowser-Data was created with "Tor" and "Browser" folders within it. If I try and open the TorBrowser.app from within the folder, I get this error: https://cl.ly/0j2y1f2l0J2k/Image%202017-04-19%20at%2008.16.11.png Clicking "Restart Tor" does nothing, and "Copy Tor Log To Clipboard" is blank ("0 Tor log messages are ready to be pasted").
Wilton http://2lxruhbyj7tust6u.onion/
Georg Koppen:
Hi all!
Tor Browser 7.0a3 is ready for testing. Candidate bundles for this alpha release can be found on:
https://people.torproject.org/~boklm/builds/7.0a3-build4/
This is the first alpha release which is based on Firefox ESR 52. We updated all of our patches that did not get upstreamed yet and made Torbutton and Tor Launcher multiprocess (e10s) compatible. After the first nightly build based on ESR52[1] we already fixed a number of bugs associated with this switch. But more remain, please help!
We hope having e10s and Mozilla's content sandbox enabled will be one of the major new features in the upcoming Tor Browser 7.0 series, both security- and performance-wise. While we are still working on the sandbox part for Windows, both Linux and macOS have e10s and content sandboxing enabled by default in Tor Browser 7.0a3. There are already a number of bugs related to that on our radar which can be found on our bug tracker and which are tagged with the `tbb-e10s` keyword.[2] If you find more, please report them!
We updated our toolchains during the ESR transition as well. In particular we retired the old GCC-based one for our macOS cross-compilation and rely solely on clang/cctools now. Still, we need to deal with new reproducibility issues (on Linux) which we hope to have fixed in the final 7.0a3 alpha release.[3]
Apart from switching to the new ESR and dealing with related issues we included a new Tor alpha (0.3.0.5-rc) and updated our NoScript (5.0.2) and HTTPS-Everywhere versions (5.2.14). The sandboxed Tor Browser for Linux got updated to 0.0.5 making sure it is compatible with Firefox ESR 52.
As in the upcoming Tor Browser 6.5.2 we provide a fix for Tor Browser crashing on github.com on Windows and Twitter issues that got reported already a while ago. We updated our security slider as well taking newer JIT preferences into account.
Please test this release candidate and later on the alpha as we only have this one and probably another alpha release to get Tor Browser 7.0 into a stable shape. All tickets for the remaining 7.0 alphas on our radar can be found with the `tbb-7.0-must-alpha` keyword[4], all related to our ESR52 switch with the `ff52-esr` one.[5]
The full changelog since Tor Browser 7.0a2 is:
Tor Browser 7.0a3 -- April 20 2017
- All Platforms
- Update Firefox to 52.1.0esr
- Tor to 0.3.0.5-rc
- Update Torbutton to 1.9.7.2
- Bug 21865: Update our JIT preferences in the security slider
- Bug 21747: Make 'New Tor Circuit for this Site' work in ESR52
- Bug 21745: Fix handling of catch-all circuit
- Bug 21547: Fix circuit display under e10s
- Bug 21268: e10s compatibility for New Identity
- Bug 21267: Remove window resize implementation for now
- Bug 21201: Make Torbutton multiprocess compatible
- Translations update
- Update Tor Launcher to 0.2.12
- Bug 21920: Don't show locale selection dialog
- Bug 21546: Mark Tor Launcher as multiprocess compatible
- Bug 21264: Add a README file
- Translations update
- Update HTTPS-Everywhere to 5.2.14
- Update NoScript to 5.0.2
- Update sandboxed-tor-browser to 0.0.5
- Bug 21764: Use bubblewrap's `--die-with-parent` when supported
- Fix e10s Web Content crash on systems with grsec kernels
- Bug 21928: Force a reinstall if an existing hardened bundle is
present * Bug 21929: Remove hardened/ASAN related code * Bug 21927: Remove the ability to install/update the hardened bundle * Bug 21244: Update the MAR signing key for 7.0 * Bug 21536: Remove asn's scramblesuit bridge from Tor Browser * Add `prlimit64` to the firefox system call whitelist * Fix compilation with Go 1.8 * Use Config.Clone() to clone TLS configs when available
- Update Go to 1.7.5 (bug 21709)
- Bug 21555+16450: Don't remove Authorization header on subdomains
(e.g. Twitter)
- Bug 21887: Fix broken error pages on higher security levels
- Bug 21876: Enable e10s by default on all supported platforms
- Bug 21876: Always use esr policies for e10s
- Bug 20905: Fix resizing issues after moving to a direct Firefox patch
- Bug 21875: Modal dialogs are maximized in ESR52 nightly builds
- Bug 21885: SVG is not disabled in Tor Browser based on ESR52
- Bug 17334: Hide Referer when leaving a .onion domain (improved patch)
- Bug 3246: Double-key cookies
- Bug 8842: Fix XML parsing error
- Bug 16886: 16886: "Add-on compatibility check dialog" contains
Firefox logo
- Bug 19192: Untrust Blue Coat CA
- Bug 19955: Avoid confusing warning that favicon load request got
cancelled
- Bug 20005: Backport fixes for memory leaks investigation
- Bug 20755: ltn.com.tw is broken in Tor Browser
- Bug 21896: Commenting on website is broken due to CAPTCHA not being
disaplyed
- Bug 20680: Rebase Tor Browser patches to 52 ESR
- Bug 21917: Add new obfs4 bridges
- Bug 21918: Move meek-amazon to d2cly7j4zqgua7.cloudfront.net backend
- Windows
- Bug 21795: Fix Tor Browser crashing on github.com
- Bug 12426: Make use of HeapEnableTerminationOnCorruption
- Bug 19316: Make sure our Windows updates can deal with the SSE2
requirement
- Bug 21868: Fix build bustage with FIREFOX_52_0_2esr_RELEASE for Windows
- OS X
- Bug 21723: Fix inconsistent generation of MOZ_MACBUNDLE_ID
- Bug 21724: Make Firefox and Tor Browser distinct macOS apps
- Bug 21931: Backport OSX SetupMacCommandLine updater fixes
- Linux
- Bug 21907: Fix runtime error on CentOS 6
- Bug 21748: Fix broken Snowflake build and update bridge details
- Bug 21954: Snowflake breaks the 7.0a3 build
- Build system
- Windows
- Bug 21837: Fix reproducibility of accessibility code for Windows
- Bug 21240: Create patches to fix mingw-w64 compilation of Firefox
ESR 52 * Bug 21904: Bump mingw-w64 commit to help with sandbox compilation * Bug 18831: Use own Yasm for Firefox cross-compilation
- OS X
- Bug 21328: Updating to clang 3.8.0
- Bug 21754: Remove old GCC toolchain and macOS SDK
- Bug 19783: Remove unused macOS helper scripts
- Bug 10369: Don't use old GCC toolchain anymore for utils
- Bug 21753: Replace our old GCC toolchain in PT descriptor
- Bug 18530: ESR52 based Tor Browser only runs on macOS 10.9+
- Linux
- Bug 21930: NSS libraries are missing from mar-tools archive
- Bug 21239: Adapt Linux Firefox descriptor to ESR52 (use GTK2)
- Bug 21629: Fix broken ASan builds when switching to ESR 52
Georg
[1] https://lists.torproject.org/pipermail/tbb-dev/2017-April/000501.html [2] https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~... [3] https://trac.torproject.org/projects/tor/ticket/21960 [4] https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~... [5] https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~...
tor-qa mailing list tor-qa@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-qa
On 4/19/17 8:41 AM, Wilton Gorske wrote:
Testing: TorBrowser-7.0a3-osx64_en-US.dmg (based on Mozilla Firefox 52.1.0) (64-bit) Platform: macOS 10.12.4 (16E195)
TBB Launches successfully: yes Connects to the Tor network: yes Browser toolbars and menus work, tab dragging works: yes Circuit display present: yes
*Able to create new identity: NO* *Able to create new tor circuit for site: NO* Note that these errors only apply to a TBB instance running from a disk image. Copying the app to the Downloads folder works as expected. Screenshot: https://cl.ly/2N0O362k0m1o/Image%202017-04-19%20at%2008.09.10.png "Torbutton: Unexpected error during offline cache clearing: [Exception... "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsICacheStorage.asyncEvictStorage]" nsresult: "0x80040111 (NS_ERROR_NOT_AVAILABLE)" location: "JS frame :: chrome://torbutton/content/torbutton.js :: torbutton_do_new_identity :: line 1190" data: no]" There is no error when trying to create a new tor circuit for a site; nothing happens but the circuit display is exactly the same.
Also, unlike when saving a local copy, when running off a disk image, all my bookmarks are preserved and two tabs open on the first run: the successful update and changelog, and the homepage with the warning the bundle is out of date. This is good though; it's very helpful to be able to preserve bookmarks across TBB updates.
I'm an unable to view add ons (Tools>Add Ons) when running from a disk image as well. I get stuck with a loading gif: https://cl.ly/2W1W412N433U/Screen%20Recording%202017-04-19%20at%2008.08.gif
Thank you for testing our Tor Browser alpha candidate! Unfortunately, there are some known issues with running directly from the dmg. See: https://trac.torproject.org/projects/tor/ticket/21445 For now, please do not run from a disk image.
Note: Saving TorBrowser.app to the Downloads folder and running it created another folder in Downloads called "TorBrowser-Data". This makes sense, but I don't think I've noticed this before when testing other bundles the same way.
On macOS, Tor Browser always stores user profile and other configuration data in a TorBrowser-Data folder. That folder will be created next to the application if the app is not inside a folder that has "Applications" in the name (which is the behavior you saw when you ran from your Downloads folder). When Tor Browser is installed in /Applications or ~/Applications, the TorBrowser-Data folder is located at ~/Library/Application Support/TorBrowser-Data/
All extensions are present and functional: yes
- HTTPS-Everywhere 5.2.14
- NoScript 5.0.2
- TorButton 1.9.7.2
- TorLauncher 0.2.12
WebBrowsing works as expected:
- HTTP, HTTPS, .onion browsing works (http://duskgytldkxiuqc6.onion/)
- HTML5 videos work on http://videojs.com/ and YouTube
SOCKS/external apps work as expected: NO
This is probably the biggest issue. I was not able to send an email using Thunderbird + Torbirdy except when running the Tor Browser 6.5.1.
The alpha Tor Browser uses a Unix domain socket for its SOCKS port, which means you will need to make some adjustments to provide a TCP SOCKS port (which is what Torbirdy expects). One simple solution is to use about:config to toggle the following preference so its value is false: extensions.torlauncher.socks_port_use_ipc The other solution is to edit your torrc file (using a text editor) to add an additional SocksPort for Torbirdy.
Some or all of these issues might be because I'm running TBB off of a disk image or from my Downloads folder as opposed to actually installing it over the current stable version in the Applications folder. Feel free to let me know if I'm testing this incorrectly.
It should be fine to run from any location other than a read-only file system such as the disk image.
————————————————————————————————————————————————————————————
Sandboxed Tor Browser:
I'm probably doing something wrong here, but I can't get this to work.
- Download and open Tor Browser disk image TorBrowser-7.0a3-osx64_en-US.dmg
- Copy "Sandboxed Tor Browser" folder to Downloads
- Copy TorBrowser.app into the folder
- Open terminal and execute start-tor-with-sandbox file
Get error message: sandbox-exec: tor.sb: No such file or directory (I see the tor.sb file in the folder, though.) 5. Decide to keep going anyway and execute start-browser-with-sandbox Get error message: sandbox-exec: /Users/wiltongorske/tb.sb: No such file or directory
Please cd to the "Sandboxed Tor Browser" directory before running the ./start-tor-with-sandbox and ./start-browser-with-sandbox commands. That said, we still need to update the macOS sandbox rules to be compatible with the browser's multiprocess mode (see https://trac.torproject.org/projects/tor/ticket/22000). For now, you can workaround that problem by doing something like this: MOZ_FORCE_DISABLE_E10S=1 ./start-browser-with-sandbox
-
Georg Koppen -
Mark Smith -
Wilton Gorske