Hi,
Tor Browser 4.0a2 is ready for testing and is planned for getting released on September 2. It contains a bunch of new things, above all an update to Firefox 24.8.0esr, the auto-updater code, better hardening for Windows and Linux builds and improvements with respect to our canvas extraction prompt.
The builds are found on https://people.torproject.org/~mikeperry/builds/4.0-alpha-2/
The full changelog is:
* All Platforms * Update Firefox to 24.8.0esr * Update NoScript to 2.6.8.39 * Update Tor Launcher to 0.2.7.0 * Bug 11405: Remove firewall prompt from wizard. * Bug 12895: Mention @riseup.net as a valid bridge request email address * Bug 12444: Provide feedback when “Copy Tor Log” is clicked. * Bug 11199: Improve error messages if Tor exits unexpectedly * Update Torbutton to 1.6.12.1 * Bug 12684: New strings for canvas image extraction message * Bug 8940: Move RecommendedTBBVersions file to www.torproject.org * Bug 12684: Improve Canvas image extraction permissions prompt * Bug 7265: Only prompt for first party canvas access. Log all scripts that attempt to extract canvas images to Browser console. * Bug 12974: Disable NTLM and Negotiate HTTP Auth * Bug 2874: Remove Components.* from content access (regression) * Bug 4234: Automatic Update support (off by default) * Bug 9881: Open popups in new tabs by default * Meek Pluggable Transport: * Bug 12766: Use TLSv1.0 in meek-http-helper to blend in with Firefox 24 * Windows: * Bug 10065: Enable DEP, ASLR, and SSP hardening options * Linux: * Bug 12103: Adding RELRO hardening back to browser binaries.
Georg
Testing: torbrowser-install-4.0-alpha-2_en-US.exe Platform: Windows 7
TBB Launches successfully: yes Connects to the Tor network: yes
All extensions are present and functional: yes - HTTPS-Everywhere 5.0development.0 - NoScript 2.6.8.39 - TorButton 1.6.12.1
WebBrowsing works as expected - HTTP, HTTPS, .onion browsing works - HTML5 videos work (http://videojs.com/) - https://panopticlick.eff.org/ - unique among 3,658, 11.84 bits of identifying information
I see ASLR on all loaded dll's in firefox.exe and tor.exe using Process Explorer. (whoo!) I see 'DEP (permanent) on the process.
-tom
On 1 September 2014 10:14, Georg Koppen gk@torproject.org wrote:
Hi,
Tor Browser 4.0a2 is ready for testing and is planned for getting released on September 2. It contains a bunch of new things, above all an update to Firefox 24.8.0esr, the auto-updater code, better hardening for Windows and Linux builds and improvements with respect to our canvas extraction prompt.
The builds are found on https://people.torproject.org/~mikeperry/builds/4.0-alpha-2/
The full changelog is:
- All Platforms
- Update Firefox to 24.8.0esr
- Update NoScript to 2.6.8.39
- Update Tor Launcher to 0.2.7.0
- Bug 11405: Remove firewall prompt from wizard.
- Bug 12895: Mention @riseup.net as a valid bridge request email
address * Bug 12444: Provide feedback when "Copy Tor Log" is clicked. * Bug 11199: Improve error messages if Tor exits unexpectedly
- Update Torbutton to 1.6.12.1
- Bug 12684: New strings for canvas image extraction message
- Bug 8940: Move RecommendedTBBVersions file to www.torproject.org
- Bug 12684: Improve Canvas image extraction permissions prompt
- Bug 7265: Only prompt for first party canvas access. Log all scripts that attempt to extract canvas images to Browser console.
- Bug 12974: Disable NTLM and Negotiate HTTP Auth
- Bug 2874: Remove Components.* from content access (regression)
- Bug 4234: Automatic Update support (off by default)
- Bug 9881: Open popups in new tabs by default
- Meek Pluggable Transport:
- Bug 12766: Use TLSv1.0 in meek-http-helper to blend in with
Firefox 24
- Windows:
- Bug 10065: Enable DEP, ASLR, and SSP hardening options
- Linux:
- Bug 12103: Adding RELRO hardening back to browser binaries.
Georg
tor-qa mailing list tor-qa@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-qa
-
Georg Koppen -
Tom Ritter