Sherief Alaa:

On 11/04/2014 02:01 PM, Georg Koppen wrote:

...

Hi,

we are happy to announce the first alpha in the 4.5 series. It contains a bunch of new things most notably the isolation of browser streams by URL bar domain, the obfs4 pluggable transport, a tor based on the 0.2.6 series, 64bit only OS X bundles, a first implementation of the security slider and a backport of the certificate pinning functionality. Furthermore, it includes updates, bugfixes and minor new features. The bundles can be found at:

https://people.torproject.org/~mikeperry/builds/4.5-alpha-1/

a signed SHA256 sums file is in

https://people.torproject.org/~gk/builds/4.5-alpha-1/

Feedback and bug reports are greatly appreciated.

The full changelog is:

Tor Browser 4.5-alpha-1 -- Nov 3 2014

• All Platforms
  • Bug 3455: Patch Firefox SOCKS and proxy filters to allow user+pass

isolation

• Bug 11955: Backport HTTPS Certificate Pinning patches from Firefox 32
• Bug 13019: Make JS engine use English locale if a pref is set by

Torbutton

• Bug 13301: Prevent extensions incompatibility error after upgrades
• Bug 13460: Fix MSVC compilation issue
• Update Tor to 0.2.6.0-alpha
• Update NoScript to 2.6.9.3
• Update Torbutton to 1.8.0.1
  • Bug 9387: Provide a "Security Slider" for vulnerability surface

reduction * Bug 13019: Synchronize locale spoofing pref with our Firefox patch * Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain * Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs * Bug 13651: Prevent circuit-status related UI hang.

• Bug 13586: Make meek use TLS session tickets (to look like stock

Firefox).

• Include obfs4proxy pluggable transport
• Windows
  • Bug 13443: Re-enable DirectShow; fix crash with mingw patch.
  • Bug 13091: Make app name "Tor Browser" instead of "Tor"
• Mac
  • Bug 10138: Switch to 64bit builds for MacOS

Georg

Here's my initial testing results:

1. #8641 seems to be disabled, correct?

No. When I am clicking on the Torbutton icon the circuit is shown for the respective site.

2. Because #9387's strings aren't translated yet, the whole Prefrences

window is filled with an error (I checked the Arabic version - it will likely be the same for all untranslated languages). 3) When using the security slider at "High" it doesn't change of NoScript's icon nor its menu selection options giving the user false information about the current configuration of the addon.

Hmm.. seems we need some reloading here. Opening a new tab is changing the icon.

Georg

Sherief Alaa:

On 11/04/2014 05:26 PM, Georg Koppen wrote:

...

Sherief Alaa:

...

On 11/04/2014 02:01 PM, Georg Koppen wrote:

...

Hi,

we are happy to announce the first alpha in the 4.5 series. It contains a bunch of new things most notably the isolation of browser streams by URL bar domain, the obfs4 pluggable transport, a tor based on the 0.2.6 series, 64bit only OS X bundles, a first implementation of the security slider and a backport of the certificate pinning functionality. Furthermore, it includes updates, bugfixes and minor new features. The bundles can be found at:

https://people.torproject.org/~mikeperry/builds/4.5-alpha-1/

a signed SHA256 sums file is in

https://people.torproject.org/~gk/builds/4.5-alpha-1/

Feedback and bug reports are greatly appreciated.

The full changelog is:

Tor Browser 4.5-alpha-1 -- Nov 3 2014

• All Platforms
  • Bug 3455: Patch Firefox SOCKS and proxy filters to allow user+pass

isolation

• Bug 11955: Backport HTTPS Certificate Pinning patches from Firefox 32
• Bug 13019: Make JS engine use English locale if a pref is set by

Torbutton

• Bug 13301: Prevent extensions incompatibility error after upgrades
• Bug 13460: Fix MSVC compilation issue
• Update Tor to 0.2.6.0-alpha
• Update NoScript to 2.6.9.3
• Update Torbutton to 1.8.0.1
  • Bug 9387: Provide a "Security Slider" for vulnerability surface

reduction * Bug 13019: Synchronize locale spoofing pref with our Firefox patch * Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain * Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs * Bug 13651: Prevent circuit-status related UI hang.

• Bug 13586: Make meek use TLS session tickets (to look like stock

Firefox).

• Include obfs4proxy pluggable transport
• Windows
  • Bug 13443: Re-enable DirectShow; fix crash with mingw patch.
  • Bug 13091: Make app name "Tor Browser" instead of "Tor"
• Mac
  • Bug 10138: Switch to 64bit builds for MacOS

Georg

Here's my initial testing results:

1. #8641 seems to be disabled, correct?

No. When I am clicking on the Torbutton icon the circuit is shown for the respective site.

See attached.

This might actually be due to things like

[11-04 16:06:43] Torbutton WARN: TypeError: s is undefined [11-04 16:16:42] Torbutton WARN: TypeError: statusMaps[i] is undefined

I see in the browser console a lot.

Georg

On 32bit Linux, 1) I (too) cannot see the circuit UI, when I click the Tor button icon. 2) when I click New Identity, I get the following error on the terminal:

[CustomizableUI] [Exception... "Component not initialized" nsresult: "0xc1f30001 (NS_ERROR_NOT_INITIALIZED)" location: "JS frame :: chrome://noscript/content/noscriptOverlay.js :: noscriptOverlay<._customizableUIListener.onWidgetAfterDOMChange :: line 362" data: no] -- undefined:362

On 11/04/2014 10:06 AM, Sherief Alaa wrote:

On 11/04/2014 06:20 PM, Georg Koppen wrote:

...

Sherief Alaa:

...

On 11/04/2014 05:26 PM, Georg Koppen wrote:

...

Sherief Alaa:

...

On 11/04/2014 02:01 PM, Georg Koppen wrote:

...

Hi,

we are happy to announce the first alpha in the 4.5 series. It contains a bunch of new things most notably the isolation of browser streams by URL bar domain, the obfs4 pluggable transport, a tor based on the 0.2.6 series, 64bit only OS X bundles, a first implementation of the security slider and a backport of the certificate pinning functionality. Furthermore, it includes updates, bugfixes and minor new features. The bundles can be found at:

https://people.torproject.org/~mikeperry/builds/4.5-alpha-1/

a signed SHA256 sums file is in

https://people.torproject.org/~gk/builds/4.5-alpha-1/

Feedback and bug reports are greatly appreciated.

The full changelog is:

Tor Browser 4.5-alpha-1 -- Nov 3 2014

• All Platforms
  • Bug 3455: Patch Firefox SOCKS and proxy filters to allow user+pass

isolation

• Bug 11955: Backport HTTPS Certificate Pinning patches from Firefox 32
• Bug 13019: Make JS engine use English locale if a pref is set by

Torbutton

• Bug 13301: Prevent extensions incompatibility error after upgrades
• Bug 13460: Fix MSVC compilation issue
• Update Tor to 0.2.6.0-alpha
• Update NoScript to 2.6.9.3
• Update Torbutton to 1.8.0.1
  • Bug 9387: Provide a "Security Slider" for vulnerability surface

reduction * Bug 13019: Synchronize locale spoofing pref with our Firefox patch * Bug 3455: Use SOCKS user+pass to isolate all requests from the same url domain * Bug 8641: Create browser UI to indicate current tab's Tor circuit IPs * Bug 13651: Prevent circuit-status related UI hang.

• Bug 13586: Make meek use TLS session tickets (to look like stock

Firefox).

• Include obfs4proxy pluggable transport
• Windows
  • Bug 13443: Re-enable DirectShow; fix crash with mingw patch.
  • Bug 13091: Make app name "Tor Browser" instead of "Tor"
• Mac
  • Bug 10138: Switch to 64bit builds for MacOS

Georg

Here's my initial testing results:

1. #8641 seems to be disabled, correct?

No. When I am clicking on the Torbutton icon the circuit is shown for the respective site.

See attached.

This might actually be due to things like

[11-04 16:06:43] Torbutton WARN: TypeError: s is undefined [11-04 16:16:42] Torbutton WARN: TypeError: statusMaps[i] is undefined

I see in the browser console a lot.

I bumped the loglevel of both torlauncher and torbutton to 0 and nothing shows up at the browser console, what's going on? (also on windows and linux).

anonym:

On 04/11/14 13:01, Georg Koppen wrote:

...

• Update Torbutton to 1.8.0.1

I'd just want something cleared up: is Torbutton 1.8.x a development "branch" aimed at the distant TBB 4.5 release, with Torbutton 1.7.x being a stable "branch" used for stable TBB releases until then?

Yes, this is the plan.

On Wed, Nov 12, 2014 at 2:18 AM, Mike Perry mikeperry@torproject.org wrote:

We have another build that should address the localization issues we found with the security slider, as well as a couple of issues with the circuit status UI and a pinning issue from upstream. Updated builds are here:

https://people.torproject.org/~mikeperry/builds/4.5-alpha-1/

I think you need to chmod/chown the folder.