[tor-commits] [torbrowser/maint-2.4] bump all versions of stable and alpha (0.2.5.1-alpha) TBBs
erinn at torproject.org
erinn at torproject.org
Sat Dec 14 18:45:12 UTC 2013
commit fb7238f449bd8e990222ba8e8a693b4d12ee7e67
Author: Erinn Clark <erinn at torproject.org>
Date: Sat Dec 14 16:45:06 2013 -0200
bump all versions of stable and alpha (0.2.5.1-alpha) TBBs
---
README.LINUX-2.4 | 6 +-
README.LINUX-2.5 | 29 ++
README.OSX-2.4 | 6 +-
README.OSX-2.5 | 23 ++
README.WIN-2.4 | 6 +-
README.WIN-2.5 | 27 ++
build-scripts/config/Info.plist | 6 +-
build-scripts/config/Info.plist-stable | 6 +-
build-scripts/edit-changelog.sh | 4 +-
build-scripts/linux-alpha.mk | 2 +-
build-scripts/linux.mk | 2 +-
build-scripts/osx.mk | 2 +-
build-scripts/versions-alpha.mk | 8 +-
build-scripts/versions.mk | 8 +-
build-scripts/windows.mk | 2 +-
changelog.linux-2.4 | 319 +++++++++++++++++
changelog.linux-2.5 | 592 ++++++++++++++++++++++++++++++++
changelog.osx-2.4 | 299 ++++++++++++++++
changelog.osx-2.5 | 561 ++++++++++++++++++++++++++++++
changelog.windows-2.4 | 297 ++++++++++++++++
changelog.windows-2.5 | 557 ++++++++++++++++++++++++++++++
21 files changed, 2733 insertions(+), 29 deletions(-)
diff --git a/README.LINUX-2.4 b/README.LINUX-2.4
index e03ab99..97ae4d9 100644
--- a/README.LINUX-2.4
+++ b/README.LINUX-2.4
@@ -5,11 +5,11 @@ Included applications
---------------------
Vidalia 0.2.21 (with Qt 4.8.1)
-Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
Firefox 17.0.11esr
\_ Torbutton 1.5.2
- |_ NoScript 2.6.8.5
- |_ HTTPS-Everywhere 3.4.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
Usage
-----
diff --git a/README.LINUX-2.5 b/README.LINUX-2.5
new file mode 100644
index 0000000..a21f5be
--- /dev/null
+++ b/README.LINUX-2.5
@@ -0,0 +1,29 @@
+Tor Browser Bundle for GNU/Linux (beta)
+===============
+
+Included applications
+---------------------
+
+Vidalia 0.2.21 (with Qt 4.8.1)
+Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Firefox 17.0.11esr
+ \_ Torbutton 1.5.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
+
+Usage
+-----
+
+Extract the bundle with:
+
+tar -xvzf tor-browser-gnu-linux*.tar.gz
+
+This will create a directory named tor-browser_LANG. Click on this directory or
+cd into it and execute the 'start-tor-browser' script. This will start Vidalia.
+Once Tor has successfully opened a circuit, Firefox will automatically be
+opened.
+
+To exit, close Firefox. Vidalia will automatically clean up and exit.
+
+For more information about bugfixes and other package changes, see the
+changelog in tor-browser_LANG/Docs/changelog.
diff --git a/README.OSX-2.4 b/README.OSX-2.4
index 52ba0f0..6eed409 100644
--- a/README.OSX-2.4
+++ b/README.OSX-2.4
@@ -5,11 +5,11 @@ Included applications
---------------------
Vidalia 0.2.21 (with Qt 4.8.1)
-Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
Firefox 17.0.11esr
\_ Torbutton 1.5.2
- |_ NoScript 2.6.8.5
- |_ HTTPS-Everywhere 3.4.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
Usage
-----
diff --git a/README.OSX-2.5 b/README.OSX-2.5
new file mode 100644
index 0000000..3f073ac
--- /dev/null
+++ b/README.OSX-2.5
@@ -0,0 +1,23 @@
+Tor Browser Bundle for Mac OS X (beta)
+===============
+
+Included applications
+---------------------
+
+Vidalia 0.2.21 (with Qt 4.8.1)
+Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Firefox 17.0.11esr
+ \_ Torbutton 1.5.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
+
+Usage
+-----
+
+Unzip the TorBrowser zip file that you downloaded. Click on the
+TorBrowser_LANG.app which will launch Vidalia and then Firefox.
+
+To exit, close Firefox and Vidalia.
+
+For more information about bugfixes and other package changes, see the
+changelog in TorBrowser_LANG.app/Contents/Resources/changelog.
diff --git a/README.WIN-2.4 b/README.WIN-2.4
index 51925e9..a0aff79 100644
--- a/README.WIN-2.4
+++ b/README.WIN-2.4
@@ -5,11 +5,11 @@ Included applications
---------------------
Vidalia 0.2.21 (with Qt 4.8.1)
-Tor 0.2.4.18-rc (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Tor 0.2.4.19 (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
Firefox 17.0.11esr
\_ Torbutton 1.5.2
- |_ NoScript 2.6.8.5
- |_ HTTPS-Everywhere 3.4.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
Usage
-----
diff --git a/README.WIN-2.5 b/README.WIN-2.5
new file mode 100644
index 0000000..17c9b03
--- /dev/null
+++ b/README.WIN-2.5
@@ -0,0 +1,27 @@
+Tor Browser Bundle for Windows (beta)
+===============
+
+Included applications
+---------------------
+
+Vidalia 0.2.21 (with Qt 4.8.1)
+Tor 0.2.5.1-alpha (with libevent-2.0.21-stable, zlib-1.2.8 and openssl-1.0.0k)
+Firefox 17.0.11esr
+ \_ Torbutton 1.5.2
+ |_ NoScript 2.6.8.7
+ |_ HTTPS-Everywhere 3.4.3
+
+Usage
+-----
+
+Tor Browser.exe is a 7zip self extracting archive. To extract the bundle, run
+this and point it to the install location. It will create a folder called "Tor
+Browser". This may be the hard disk, but is more likely the currently mounted
+USB drive. The install process needs only be performed once.
+
+Once the bundle is extracted, open the newly created folder and click
+"Start Tor Browser.bat" (may appear as simply "Start Tor Browser").
+This will start Vidalia. Once Tor has successfully opened a circuit,
+Firefox will automatically be opened.
+
+To exit, close Firefox. Vidalia will automatically clean up and exit.
diff --git a/build-scripts/config/Info.plist b/build-scripts/config/Info.plist
index 8b626a7..4870df7 100644
--- a/build-scripts/config/Info.plist
+++ b/build-scripts/config/Info.plist
@@ -9,7 +9,7 @@
<key>CFBundleExecutable</key>
<string>TorBrowserBundle</string>
<key>CFBundleGetInfoString</key>
- <string>Tor Browser Bundle 2.4.18-rc-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
+ <string>Tor Browser Bundle 2.5.1-alpha-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
<key>CFBundleIconFile</key>
<string>vidalia.icns</string>
<key>CFBundleIdentifier</key>
@@ -21,7 +21,7 @@
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
- <string>2.4.18-rc-1</string>
+ <string>2.5.1-alpha-1</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>LSEnvironment</key>
@@ -35,7 +35,7 @@
<key>NSAppleScriptEnabled</key>
<false/>
<key>NSHumanReadableCopyright</key>
- <string>Tor Browser Bundle 2.4.18-rc-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
+ <string>Tor Browser Bundle 2.5.1-alpha-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
<key>NSMainNibFile</key>
<string>MainMenu</string>
<key>NSPrincipalClass</key>
diff --git a/build-scripts/config/Info.plist-stable b/build-scripts/config/Info.plist-stable
index f1648cf..0e50fc0 100644
--- a/build-scripts/config/Info.plist-stable
+++ b/build-scripts/config/Info.plist-stable
@@ -9,7 +9,7 @@
<key>CFBundleExecutable</key>
<string>TorBrowserBundle</string>
<key>CFBundleGetInfoString</key>
- <string>Tor Browser Bundle 2.3.25-15 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
+ <string>Tor Browser Bundle 2.4.19-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
<key>CFBundleIconFile</key>
<string>vidalia.icns</string>
<key>CFBundleIdentifier</key>
@@ -21,7 +21,7 @@
<key>CFBundlePackageType</key>
<string>APPL</string>
<key>CFBundleShortVersionString</key>
- <string>2.3.25-15</string>
+ <string>2.4.19-1</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>LSEnvironment</key>
@@ -35,7 +35,7 @@
<key>NSAppleScriptEnabled</key>
<false/>
<key>NSHumanReadableCopyright</key>
- <string>Tor Browser Bundle 2.3.25-15 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
+ <string>Tor Browser Bundle 2.4.19-1 Copyright 2010, 2011, 2012, 2013 The Tor Project</string>
<key>NSMainNibFile</key>
<string>MainMenu</string>
<key>NSPrincipalClass</key>
diff --git a/build-scripts/edit-changelog.sh b/build-scripts/edit-changelog.sh
index 4369d33..b8bded4 100755
--- a/build-scripts/edit-changelog.sh
+++ b/build-scripts/edit-changelog.sh
@@ -23,6 +23,6 @@ Tor Browser Bundle ($VERSION); suite=$1
EOF
-mv ../changelog.$1-2.3 ../changelog.$1-2.3-old
-cat ../tmp.changelog.$1 ../changelog.$1-2.3-old >> ../changelog.$1-2.3
+mv ../changelog.$1-2.4 ../changelog.$1-2.4-old
+cat ../tmp.changelog.$1 ../changelog.$1-2.4-old >> ../changelog.$1-2.4
diff --git a/build-scripts/linux-alpha.mk b/build-scripts/linux-alpha.mk
index 349d512..3f831dd 100644
--- a/build-scripts/linux-alpha.mk
+++ b/build-scripts/linux-alpha.mk
@@ -15,7 +15,7 @@
## Architecture
ARCH_TYPE=$(shell uname -m)
-BUILD_NUM=2
+BUILD_NUM=1
PLATFORM=Linux
## Build machine specific settings
diff --git a/build-scripts/linux.mk b/build-scripts/linux.mk
index 9edc7ac..300357f 100644
--- a/build-scripts/linux.mk
+++ b/build-scripts/linux.mk
@@ -15,7 +15,7 @@
## Architecture
ARCH_TYPE=$(shell uname -m)
-BUILD_NUM=16
+BUILD_NUM=1
PLATFORM=Linux
## Build machine specific settings
diff --git a/build-scripts/osx.mk b/build-scripts/osx.mk
index 349e908..4246dc3 100644
--- a/build-scripts/osx.mk
+++ b/build-scripts/osx.mk
@@ -15,7 +15,7 @@
## Architecture
ARCH_TYPE=x86_64
-BUILD_NUM=15
+BUILD_NUM=1
PLATFORM=MacOS
## Set OSX-specific backwards compatibility options
diff --git a/build-scripts/versions-alpha.mk b/build-scripts/versions-alpha.mk
index 0410f41..bc27020 100644
--- a/build-scripts/versions-alpha.mk
+++ b/build-scripts/versions-alpha.mk
@@ -1,6 +1,6 @@
#!/usr/bin/make
-RELEASE_VER=2.4.18-rc
+RELEASE_VER=2.5.1-alpha
ZLIB_VER=1.2.8
OPENSSL_VER=1.0.0k
@@ -8,13 +8,13 @@ LIBPNG_VER=1.6.6
QT_VER=4.8.1
VIDALIA_VER=0.2.21
LIBEVENT_VER=2.0.21-stable
-TOR_VER=0.2.4.18-rc
+TOR_VER=0.2.5.1-alpha
PIDGIN_VER=2.6.4
FIREFOX_VER=17.0.11esr
MOZBUILD_VER=1.5.1
TORBUTTON_VER=1.5.2
-NOSCRIPT_VER=2.6.8.5
-HTTPSEVERYWHERE_VER=3.4.2
+NOSCRIPT_VER=2.6.8.7
+HTTPSEVERYWHERE_VER=3.4.3
PDFJS_VER=0.8.298
OBFSPROXY_VER=0.1.4
OTR_VER=3.2.0
diff --git a/build-scripts/versions.mk b/build-scripts/versions.mk
index 77275b8..2c2add0 100644
--- a/build-scripts/versions.mk
+++ b/build-scripts/versions.mk
@@ -1,6 +1,6 @@
#!/usr/bin/make
-RELEASE_VER=2.3.25
+RELEASE_VER=2.4.19
ZLIB_VER=1.2.8
OPENSSL_VER=1.0.0k
@@ -8,13 +8,13 @@ LIBPNG_VER=1.6.6
QT_VER=4.8.1
VIDALIA_VER=0.2.21
LIBEVENT_VER=2.0.21-stable
-TOR_VER=0.2.3.25
+TOR_VER=0.2.4.19
PIDGIN_VER=2.6.4
FIREFOX_VER=17.0.11esr
MOZBUILD_VER=1.5.1
TORBUTTON_VER=1.5.2
-NOSCRIPT_VER=2.6.8.5
-HTTPSEVERYWHERE_VER=3.4.2
+NOSCRIPT_VER=2.6.8.7
+HTTPSEVERYWHERE_VER=3.4.3
OTR_VER=3.2.0
OBFSPROXY_VER=0.1.4
diff --git a/build-scripts/windows.mk b/build-scripts/windows.mk
index f0174b3..9b4a557 100644
--- a/build-scripts/windows.mk
+++ b/build-scripts/windows.mk
@@ -13,7 +13,7 @@
### Configuration ###
#####################
-BUILD_NUM=15
+BUILD_NUM=1
PLATFORM=Windows
## Location of required libraries
diff --git a/changelog.linux-2.4 b/changelog.linux-2.4
index f3623e4..77b27f7 100644
--- a/changelog.linux-2.4
+++ b/changelog.linux-2.4
@@ -1,3 +1,12 @@
+Tor Browser Bundle (2.4.19-1); suite=linux
+
+ * New stable release
+ * Update Tor to 0.2.4.19
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn at torproject.org> Sat Dec 14 16:30:26 BRST 2013
+
Tor Browser Bundle (2.4.18-rc-2); suite=linux
* Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
@@ -271,3 +280,313 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=linux
-- Erinn Clark <erinn at torproject.org> Sat Dec 1 15:21:21 GMT 2012
+Tor Browser Bundle (2.3.25-16); suite=linux
+
+ * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
+ stop crashing (closes: #10195)
+
+ -- Erinn Clark <erinn at torproject.org> Wed Nov 20 17:46:24 BRST 2013
+
+Tor Browser Bundle (2.3.25-15); suite=linux
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+
+ -- Erinn Clark <erinn at torproject.org> Fri Nov 15 18:11:05 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=linux
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.10
+ * Update LibPNG to 1.6.6
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn at torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=linux
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.9
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn at torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=linux
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn at torproject.org> Sun Aug 11 11:51:21 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=linux
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.8
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.7
+ * Update LibPNG to 1.6.3
+
+ -- Erinn Clark <erinn at torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=linux
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update libpng 1.5.16
+ * Update NoScript 2.6.6.6
+
+ -- Erinn Clark <erinn at torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-9); suite=linux
+
+ * Rebuild 64-bit bundles with Firefox optimizations disabled in order to
+ prevent browser crashes. (closes: #8970)
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.2
+
+ -- Erinn Clark <erinn at torproject.org> Wed Jun 12 18:42:24 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=linux
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn at torproject.org> Sun May 12 22:05:55 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=linux
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn at torproject.org> Tue May 7 19:56:58 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=linux
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn at torproject.org> Mon Apr 1 19:08:16 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=linux
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn at torproject.org> Sun Mar 10 22:15:43 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=linux
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 19 23:59:24 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=linux
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 5 18:08:43 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=linux
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn at torproject.org> Fri Jan 4 11:46:05 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=linux
+
+ * Update Tor to 0.2.3.25-rc
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn at torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn at torproject.org> Sat Oct 27 12:16:59 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+ * Update libpng to 1.5.13
+
+ -- Erinn Clark <erinn at torproject.org> Mon Oct 22 16:14:09 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.22-rc
+ * Temporarily use fixed Control and SOCKS ports as a workaround for #6803
+
+ -- Erinn Clark <erinn at torproject.org> Wed Sep 12 14:02:57 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn at torproject.org> Sun Sep 9 10:42:38 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.20-rc
+ * Update libpng to 1.5.12
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn at torproject.org> Sun Aug 5 23:21:30 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+ * Update libpng to 1.5.12
+
+ -- Erinn Clark <erinn at torproject.org> Wed Jul 25 15:12:37 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=linux
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Don't attempt to load the default KDE 4 theme from Vidalia, because that
+ fails when the Qt versions don't match (closes: #5214)
+
+ -- Erinn Clark <erinn at torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=linux
+
+ * Initial release
+
+ -- Erinn Clark <erinn at torproject.org> Thu Mar 1 14:04:56 BRT 2012
diff --git a/changelog.linux-2.5 b/changelog.linux-2.5
new file mode 100644
index 0000000..154d69f
--- /dev/null
+++ b/changelog.linux-2.5
@@ -0,0 +1,592 @@
+Tor Browser Bundle (2.5.1-alpha-1); suite=linux
+
+ * New alpha release
+ * Update Tor to 0.2.5.1-alpha
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn at torproject.org> Sat Dec 14 16:30:44 BRST 2013
+
+Tor Browser Bundle (2.4.18-rc-2); suite=linux
+
+ * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
+ stop crashing (closes: #10195)
+
+ -- Erinn Clark <erinn at torproject.org> Wed Nov 20 17:46:24 BRST 2013
+
+Tor Browser Bundle (2.4.18-rc-1); suite=linux
+
+ * Update Tor to 0.2.4.18-rc
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+ * Remove PDF.js since it is no longer supported in Firefox 17
+
+ -- Erinn Clark <erinn at torproject.org> Sun Nov 17 16:41:32 BRST 2013
+
+Tor Browser Bundle (2.4.17-rc-1); suite=linux
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.10
+ * Update LibPNG to 1.6.6
+ * Update NoScript to 2.6.8.4
+ * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this
+ becoming the stable bundle
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn at torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.4.17-beta-2); suite=linux
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.9
+ * Update LibPNG to 1.6.3
+ * Update HTTPS Everywhere to 4.0development.12
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+ * Add missing geoip file
+
+ -- Erinn Clark <erinn at torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.4.17-beta-1); suite=linux
+
+ * Update Tor to 0.2.4.17-rc
+ * Update NoScript to 2.6.7.1
+ * Update HTTPS Everywhere to 4.0development.11
+
+ -- Erinn Clark <erinn at torproject.org> Thu Sep 5 14:26:06 CEST 2013
+
+Tor Browser Bundle (2.4.16-beta-1); suite=linux
+
+ * Update Tor to 0.2.4.16-rc
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn at torproject.org> Sun Aug 11 11:51:39 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-2); suite=linux
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.8
+ * HTTPS Everywhere to 4.0development.9
+ * Update PDF.js to 0.8.298
+ * Update NoScript to 2.6.6.9
+ * Update LibPNG to 1.6.3
+
+ -- Erinn Clark <erinn at torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-1); suite=linux
+
+ * Update Tor to 0.2.4.15-rc
+ * Update NoScript to 2.6.6.7
+
+ -- Erinn Clark <erinn at torproject.org> Sun Jul 7 18:38:52 BRT 2013
+
+Tor Browser Bundle (2.4.14-alpha-1); suite=linux
+
+ * Update Tor to 0.2.4.14-alpha
+ * Update Firefox 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update libpng to 1.5.16
+ * Update HTTPS Everywhere to 4.0development.8
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn at torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-2); suite=linux
+
+ * Update Firefox to 17.0.6esr
+ * Update NoScript to 2.6.6.1
+
+ -- Erinn Clark <erinn at torproject.org> Sun May 12 22:06:23 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-1); suite=linux
+
+ * Update Tor to 0.2.4.12-alpha
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6
+ * Update PDF.js to 0.8.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn at torproject.org> Thu Apr 25 21:15:37 BRT 2013
+
+Tor Browser Bundle (2.4.11-alpha-2); suite=linux
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn at torproject.org> Mon Apr 1 19:08:37 EDT 2013
+
+Tor Browser Bundle (2.4.10-alpha-3); suite=linux
+
+ * Update Firefox to 17.0.4esr
+ * Update Tor to 0.2.4.11-alpha
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 4.0development.6
+ * Update PDF.js to 0.7.236
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn at torproject.org> Tue Mar 12 12:06:00 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-2); suite=linux
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 19 23:59:47 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-1); suite=linux
+
+ * Update Tor to 0.2.4.10-alpha
+ * Update OpenSSL to 1.0.1d
+ * Update NoScript to 2.6.4.4
+ * Add PDF Viewer (PDF.js) to README
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 5 18:13:28 CET 2013
+
+Tor Browser Bundle (2.4.9-alpha-1); suite=linux
+
+ * Update Firefox to 17.0.2esr
+ * Update Tor to 0.2.4.9-alpha
+ * Update Torbutton to 1.5.0pre-alpha
+ * Update NoScript to 2.6.4.3
+ * Update HTTPS-Everywhere to 4.0development.5
+ * Add Mozilla's PDF.js extension to give people the ability to read PDFs in
+ TBB
+ * Prevent TBB from trying to access the X session manager (closes: #5261)
+ * Firefox patch changes:
+ - Isolate image cache to url bar domain (closes: #5742 and #6539)
+ - Enable DOM storage and isolate it to url bar domain (closes: #6564)
+ - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
+ * Misc preference changes:
+ - Disable DOM performance timers (dom.enable_performance) (closes: #6204)
+ - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
+ - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
+ - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)
+
+ -- Erinn Clark <erinn at torproject.org> Fri Jan 25 15:31:35 CET 2013
+
+Tor Browser Bundle (2.4.7-alpha-1); suite=linux
+
+ * Update Firefox to 10.0.12esr
+ * Update Tor to 0.2.4.7-alpha
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 4.0development.4
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn at torproject.org> Fri Jan 4 11:55:05 CET 2013
+
+Tor Browser Bundle (2.4.6-alpha-2); suite=linux
+
+ * Update Makefiles to use the right changelogs and READMEs
+
+ -- Erinn Clark <erinn at torproject.org> Mon Dec 3 16:13:47 GMT 2012
+
+Tor Browser Bundle (2.4.6-alpha-1); suite=linux
+
+ * Initial release
+
+ -- Erinn Clark <erinn at torproject.org> Sat Dec 1 15:21:21 GMT 2012
+
+Tor Browser Bundle (2.3.25-16); suite=linux
+
+ * Update 64-bit Linux's mozconfig to --disable-optimize so Tor Browser will
+ stop crashing (closes: #10195)
+
+ -- Erinn Clark <erinn at torproject.org> Wed Nov 20 17:46:24 BRST 2013
+
+Tor Browser Bundle (2.3.25-15); suite=linux
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+
+ -- Erinn Clark <erinn at torproject.org> Fri Nov 15 18:11:05 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=linux
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.10
+ * Update LibPNG to 1.6.6
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn at torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=linux
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.9
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn at torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=linux
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn at torproject.org> Sun Aug 11 11:51:21 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=linux
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.8
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.7
+ * Update LibPNG to 1.6.3
+
+ -- Erinn Clark <erinn at torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=linux
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update libpng 1.5.16
+ * Update NoScript 2.6.6.6
+
+ -- Erinn Clark <erinn at torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-9); suite=linux
+
+ * Rebuild 64-bit bundles with Firefox optimizations disabled in order to
+ prevent browser crashes. (closes: #8970)
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.2
+
+ -- Erinn Clark <erinn at torproject.org> Wed Jun 12 18:42:24 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=linux
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn at torproject.org> Sun May 12 22:05:55 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=linux
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn at torproject.org> Tue May 7 19:56:58 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=linux
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn at torproject.org> Mon Apr 1 19:08:16 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=linux
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn at torproject.org> Sun Mar 10 22:15:43 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=linux
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 19 23:59:24 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=linux
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 5 18:08:43 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=linux
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn at torproject.org> Fri Jan 4 11:46:05 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=linux
+
+ * Update Tor to 0.2.3.25-rc
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn at torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn at torproject.org> Sat Oct 27 12:16:59 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+ * Update libpng to 1.5.13
+
+ -- Erinn Clark <erinn at torproject.org> Mon Oct 22 16:14:09 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.22-rc
+ * Temporarily use fixed Control and SOCKS ports as a workaround for #6803
+
+ -- Erinn Clark <erinn at torproject.org> Wed Sep 12 14:02:57 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn at torproject.org> Sun Sep 9 10:42:38 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.20-rc
+ * Update libpng to 1.5.12
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn at torproject.org> Sun Aug 5 23:21:30 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=linux
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+ * Update libpng to 1.5.12
+
+ -- Erinn Clark <erinn at torproject.org> Wed Jul 25 15:12:37 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=linux
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Don't attempt to load the default KDE 4 theme from Vidalia, because that
+ fails when the Qt versions don't match (closes: #5214)
+
+ -- Erinn Clark <erinn at torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=linux
+
+ * Initial release
+
+ -- Erinn Clark <erinn at torproject.org> Thu Mar 1 14:04:56 BRT 2012
diff --git a/changelog.osx-2.4 b/changelog.osx-2.4
index d8c0b4a..6fcd6d2 100644
--- a/changelog.osx-2.4
+++ b/changelog.osx-2.4
@@ -1,3 +1,12 @@
+Tor Browser Bundle (2.4.19-1); suite=osx
+
+ * New stable release
+ * Update Tor to 0.2.4.19
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn at torproject.org> Sat Dec 14 16:30:22 BRST 2013
+
Tor Browser Bundle (2.4.18-rc-1); suite=linux
* Update Tor to 0.2.4.18-rc
@@ -260,3 +269,293 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=osx
* Initial release
-- Erinn Clark <erinn at torproject.org> Sat Dec 1 15:21:11 GMT 2012
+Tor Browser Bundle (2.3.25-15); suite=osx
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+ * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield.
+ (closes: #10092)
+
+ -- Erinn Clark <erinn at torproject.org> Fri Nov 15 18:11:00 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=osx
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.10
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn at torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=osx
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.9
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn at torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=osx
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn at torproject.org> Sun Aug 11 11:51:19 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=osx
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.8
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn at torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=osx
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn at torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=osx
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn at torproject.org> Sun May 12 22:05:50 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=osx
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn at torproject.org> Tue May 7 19:56:56 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=osx
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn at torproject.org> Mon Apr 1 19:08:11 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=osx
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn at torproject.org> Sun Mar 10 22:15:38 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=osx
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 19 23:59:21 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=osx
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 5 18:08:39 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=osx
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn at torproject.org> Fri Jan 4 11:46:03 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=osx
+
+ * Update Tor to 0.2.3.25
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn at torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn at torproject.org> Sat Oct 27 12:16:55 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+
+ -- Erinn Clark <erinn at torproject.org> Mon Oct 22 16:14:03 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.22-rc
+ * Temporarily use fixed Control and SOCKS ports as a workaround for #6803
+
+ -- Erinn Clark <erinn at torproject.org> Wed Sep 12 14:02:57 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn at torproject.org> Sun Sep 9 10:42:33 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.20-rc
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn at torproject.org> Sun Aug 5 23:21:27 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+
+ -- Erinn Clark <erinn at torproject.org> Wed Jul 25 15:12:26 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=osx
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Give OS X users below 10.5 an incompatibility message (closes: #4356)
+
+ -- Erinn Clark <erinn at torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=osx
+
+ * Initial release
+
+ -- Erinn Clark <erinn at torproject.org> Thu Mar 1 14:04:56 BRT 2012
diff --git a/changelog.osx-2.5 b/changelog.osx-2.5
new file mode 100644
index 0000000..83de71c
--- /dev/null
+++ b/changelog.osx-2.5
@@ -0,0 +1,561 @@
+Tor Browser Bundle (2.5.1-alpha-1); suite=osx
+
+ * New alpha release
+ * Update Tor to 0.2.5.1-alpha
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn at torproject.org> Sat Dec 14 16:31:01 BRST 2013
+
+Tor Browser Bundle (2.4.18-rc-1); suite=linux
+
+ * Update Tor to 0.2.4.18-rc
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+ * Remove PDF.js since it is no longer supported in Firefox 17
+ * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield.
+ (closes: #10092)
+
+ -- Erinn Clark <erinn at torproject.org> Sun Nov 17 16:41:32 BRST 2013
+
+Tor Browser Bundle (2.4.17-rc-1); suite=osx
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.10
+ * Update NoScript to 2.6.8.4
+ * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this
+ becoming the stable bundle
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn at torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.4.17-beta-2); suite=osx
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.9
+ * Update HTTPS Everywhere to 4.0development.12
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn at torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.4.17-beta-1); suite=osx
+
+ * Update Tor to 0.2.4.17-rc
+ * Update NoScript to 2.6.7.1
+ * Update HTTPS Everywhere to 4.0development.11
+
+ -- Erinn Clark <erinn at torproject.org> Thu Sep 5 14:26:04 CEST 2013
+
+Tor Browser Bundle (2.4.16-beta-1); suite=osx
+
+ * Update Tor to 0.2.4.16-rc
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn at torproject.org> Sun Aug 11 11:51:41 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-2); suite=osx
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.8
+ * HTTPS Everywhere to 4.0development.9
+ * Update PDF.js to 0.8.298
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn at torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-1); suite=osx
+
+ * Update Tor to 0.2.4.15-rc
+ * Update NoScript to 2.6.6.7
+
+ -- Erinn Clark <erinn at torproject.org> Sun Jul 7 18:38:48 BRT 2013
+
+Tor Browser Bundle (2.4.14-alpha-1); suite=osx
+
+ * Update Tor to 0.2.4.14-alpha
+ * Update Firefox 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update libpng to 1.5.16
+ * Update HTTPS Everywhere to 4.0development.8
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn at torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-2); suite=osx
+
+ * Update Firefox to 17.0.6esr
+ * Update NoScript to 2.6.6.1
+
+ -- Erinn Clark <erinn at torproject.org> Sun May 12 22:06:20 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-1); suite=osx
+
+ * Update Tor to 0.2.4.12-alpha
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6
+ * Update PDF.js to 0.8.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn at torproject.org> Thu Apr 25 21:15:32 BRT 2013
+
+Tor Browser Bundle (2.4.11-alpha-2); suite=osx
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn at torproject.org> Mon Apr 1 19:08:42 EDT 2013
+
+Tor Browser Bundle (2.4.10-alpha-3); suite=osx
+
+ * Update Firefox to 17.0.4esr
+ * Update Tor to 0.2.4.11-alpha
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 4.0development.6
+ * Update PDF.js to 0.7.236
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn at torproject.org> Tue Mar 12 12:06:00 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-2); suite=osx
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 19 23:59:45 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-1); suite=osx
+
+ * Update Tor to 0.2.4.10-alpha
+ * Update OpenSSL to 1.0.1d
+ * Update NoScript to 2.6.4.4
+ * Add PDF Viewer (PDF.js) to README
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 5 18:13:28 CET 2013
+
+Tor Browser Bundle (2.4.9-alpha-1); suite=osx
+
+ * Update Firefox to 17.0.2esr
+ * Update Tor to 0.2.4.9-alpha
+ * Update Torbutton to 1.5.0pre-alpha
+ * Update NoScript to 2.6.4.3
+ * Update HTTPS-Everywhere to 4.0development.5
+ * Add Mozilla's PDF.js extension to give people the ability to read PDFs in
+ TBB
+ * Firefox patch changes:
+ - Isolate image cache to url bar domain (closes: #5742 and #6539)
+ - Enable DOM storage and isolate it to url bar domain (closes: #6564)
+ - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
+ * Misc preference changes:
+ - Disable DOM performance timers (dom.enable_performance) (closes: #6204)
+ - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
+ - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
+ - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)
+
+ -- Erinn Clark <erinn at torproject.org> Fri Jan 25 15:31:35 CET 2013
+
+Tor Browser Bundle (2.4.7-alpha-1); suite=osx
+
+ * Update Firefox to 10.0.12esr
+ * Update Tor to 0.2.4.7-alpha
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 4.0development.4
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn at torproject.org> Fri Jan 4 11:55:00 CET 2013
+
+Tor Browser Bundle (2.4.6-alpha-2); suite=osx
+
+ * Update Makefiles to use the right changelogs and READMEs
+
+ -- Erinn Clark <erinn at torproject.org> Mon Dec 3 16:13:43 GMT 2012
+
+Tor Browser Bundle (2.4.6-alpha-1); suite=osx
+
+ * Initial release
+
+ -- Erinn Clark <erinn at torproject.org> Sat Dec 1 15:21:11 GMT 2012
+Tor Browser Bundle (2.3.25-15); suite=osx
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+ * Fix paths so Mac OS X 10.9 can find the geoip file. Patch by David Fifield.
+ (closes: #10092)
+
+ -- Erinn Clark <erinn at torproject.org> Fri Nov 15 18:11:00 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=osx
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.10
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn at torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=osx
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.9
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn at torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=osx
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn at torproject.org> Sun Aug 11 11:51:19 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=osx
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.8
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn at torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=osx
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn at torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=osx
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn at torproject.org> Sun May 12 22:05:50 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=osx
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn at torproject.org> Tue May 7 19:56:56 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=osx
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn at torproject.org> Mon Apr 1 19:08:11 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=osx
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn at torproject.org> Sun Mar 10 22:15:38 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=osx
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 19 23:59:21 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=osx
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 5 18:08:39 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=osx
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn at torproject.org> Fri Jan 4 11:46:03 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=osx
+
+ * Update Tor to 0.2.3.25
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn at torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn at torproject.org> Sat Oct 27 12:16:55 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+
+ -- Erinn Clark <erinn at torproject.org> Mon Oct 22 16:14:03 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.22-rc
+ * Temporarily use fixed Control and SOCKS ports as a workaround for #6803
+
+ -- Erinn Clark <erinn at torproject.org> Wed Sep 12 14:02:57 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn at torproject.org> Sun Sep 9 10:42:33 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.20-rc
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn at torproject.org> Sun Aug 5 23:21:27 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=osx
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+
+ -- Erinn Clark <erinn at torproject.org> Wed Jul 25 15:12:26 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=osx
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Give OS X users below 10.5 an incompatibility message (closes: #4356)
+
+ -- Erinn Clark <erinn at torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=osx
+
+ * Initial release
+
+ -- Erinn Clark <erinn at torproject.org> Thu Mar 1 14:04:56 BRT 2012
diff --git a/changelog.windows-2.4 b/changelog.windows-2.4
index 8282c4a..15f3bb3 100644
--- a/changelog.windows-2.4
+++ b/changelog.windows-2.4
@@ -1,3 +1,12 @@
+Tor Browser Bundle (2.4.19-1); suite=windows
+
+ * New stable release
+ * Update Tor to 0.2.4.19
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn at torproject.org> Sat Dec 14 16:30:24 BRST 2013
+
Tor Browser Bundle (2.4.18-rc-1); suite=linux
* Update Tor to 0.2.4.18-rc
@@ -258,3 +267,291 @@ Tor Browser Bundle (2.4.6-alpha-1); suite=windows
* Initial release
-- Erinn Clark <erinn at torproject.org> Sat Dec 1 15:21:17 GMT 2012
+Tor Browser Bundle (2.3.25-15); suite=windows
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+
+ -- Erinn Clark <erinn at torproject.org> Fri Nov 15 18:11:02 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=windows
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.10
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn at torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=windows
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.9
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn at torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=windows
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn at torproject.org> Sun Aug 11 11:51:23 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=windows
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.8
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn at torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=windows
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn at torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=windows
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn at torproject.org> Sun May 12 22:05:52 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=windows
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+ - Re-enable --enable-optimize for Windows builds
+
+ -- Erinn Clark <erinn at torproject.org> Tue May 7 19:57:00 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=windows
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn at torproject.org> Mon Apr 1 19:08:14 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=windows
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn at torproject.org> Sun Mar 10 22:15:41 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=windows
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 19 23:59:26 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=windows
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 5 18:08:41 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=windows
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn at torproject.org> Fri Jan 4 11:46:07 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=windows
+
+ * Update Tor to 0.2.3.25
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn at torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn at torproject.org> Sat Oct 27 12:16:57 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+
+ -- Erinn Clark <erinn at torproject.org> Mon Oct 22 16:14:05 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.22-rc
+
+ -- Erinn Clark <erinn at torproject.org> Tue Sep 11 19:49:08 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn at torproject.org> Sun Sep 9 10:42:35 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.20-rc
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn at torproject.org> Sun Aug 5 23:21:32 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+
+ -- Erinn Clark <erinn at torproject.org> Wed Jul 25 15:12:41 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=windows
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Remove tor-resolve from the Windows bundle (closes: #5403)
+
+ -- Erinn Clark <erinn at torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=windows
+
+ * Initial release
+
+ -- Erinn Clark <erinn at torproject.org> Thu Mar 1 14:04:56 BRT 2012
diff --git a/changelog.windows-2.5 b/changelog.windows-2.5
new file mode 100644
index 0000000..d84e74d
--- /dev/null
+++ b/changelog.windows-2.5
@@ -0,0 +1,557 @@
+Tor Browser Bundle (2.5.1-alpha-1); suite=windows
+
+ * New alpha release
+ * Update Tor to 0.2.5.1-alpha
+ * Update NoScript to 2.6.8.7
+ * Update HTTPS Everywhere to 3.4.3
+
+ -- Erinn Clark <erinn at torproject.org> Sat Dec 14 16:30:59 BRST 2013
+
+Tor Browser Bundle (2.4.18-rc-1); suite=linux
+
+ * Update Tor to 0.2.4.18-rc
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+ * Remove PDF.js since it is no longer supported in Firefox 17
+
+ -- Erinn Clark <erinn at torproject.org> Sun Nov 17 16:41:32 BRST 2013
+
+Tor Browser Bundle (2.4.17-rc-1); suite=windows
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.10
+ * Update NoScript to 2.6.8.4
+ * Downgrade HTTPS-Everywhere to 3.4.2 in preparation for this
+ becoming the stable bundle
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn at torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.4.17-beta-2); suite=windows
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.9
+ * Update HTTPS Everywhere to 4.0development.12
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn at torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.4.17-beta-1); suite=windows
+
+ * Update Tor to 0.2.4.17-rc
+ * Update NoScript to 2.6.7.1
+ * Update HTTPS Everywhere to 4.0development.11
+
+ -- Erinn Clark <erinn at torproject.org> Thu Sep 5 14:26:09 CEST 2013
+
+Tor Browser Bundle (2.4.16-beta-1); suite=windows
+
+ * Update Tor to 0.2.4.16-rc
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn at torproject.org> Sun Aug 11 11:51:37 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-2); suite=windows
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.8
+ * HTTPS Everywhere to 4.0development.9
+ * Update PDF.js to 0.8.298
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn at torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.4.15-beta-1); suite=windows
+
+ * Update Tor to 0.2.4.15-rc
+ * Update NoScript to 2.6.6.7
+
+ -- Erinn Clark <erinn at torproject.org> Sun Jul 7 18:38:50 BRT 2013
+
+Tor Browser Bundle (2.4.14-alpha-1); suite=windows
+
+ * Update Tor to 0.2.4.14-alpha
+ * Update Firefox 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update libpng to 1.5.16
+ * Update HTTPS Everywhere to 4.0development.8
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn at torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-2); suite=windows
+
+ * Update Firefox to 17.0.6esr
+ * Update NoScript to 2.6.6.1
+
+ -- Erinn Clark <erinn at torproject.org> Sun May 12 22:06:25 BRT 2013
+
+Tor Browser Bundle (2.4.12-alpha-1); suite=windows
+
+ * Update Tor to 0.2.4.12-alpha
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6
+ * Update PDF.js to 0.8.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+
+ -- Erinn Clark <erinn at torproject.org> Thu Apr 25 21:15:34 BRT 2013
+
+Tor Browser Bundle (2.4.11-alpha-2); suite=windows
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn at torproject.org> Mon Apr 1 19:08:39 EDT 2013
+
+Tor Browser Bundle (2.4.10-alpha-3); suite=windows
+
+ * Update Firefox to 17.0.4esr
+ * Update Tor to 0.2.4.11-alpha
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 4.0development.6
+ * Update PDF.js to 0.7.236
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn at torproject.org> Tue Mar 12 12:06:00 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-2); suite=windows
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 19 23:59:49 CET 2013
+
+Tor Browser Bundle (2.4.10-alpha-1); suite=windows
+
+ * Update Tor to 0.2.4.10-alpha
+ * Update OpenSSL to 1.0.1d
+ * Update NoScript to 2.6.4.4
+ * Add PDF Viewer (PDF.js) to README
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 5 18:13:28 CET 2013
+
+Tor Browser Bundle (2.4.9-alpha-test-1); suite=windows
+
+ * Update Firefox to 17.0.2esr
+ * Update Tor to 0.2.4.9-alpha
+ * Update Torbutton to 1.5.0pre-alpha
+ * Update NoScript to 2.6.4.3
+ * Update HTTPS-Everywhere to 4.0development.5
+ * Add Mozilla's PDF.js extension to give people the ability to read PDFs in
+ TBB
+ * Firefox patch changes:
+ - Isolate image cache to url bar domain (closes: #5742 and #6539)
+ - Enable DOM storage and isolate it to url bar domain (closes: #6564)
+ - Include nsIHttpChannel.redirectTo API for HTTPS-Everywhere (closes: #5477)
+ * Misc preference changes:
+ - Disable DOM performance timers (dom.enable_performance) (closes: #6204)
+ - Disable HTTP connection retry timeout (network.http.connection-retry-timeout) (closes: #7656)
+ - Disable full path information for plugins (plugin.expose_full_path) (closes: #6210)
+ - Disable NoScript's block of remote WebFonts (noscript.forbidFonts) (closes: #7937)
+
+ -- Erinn Clark <erinn at torproject.org> Fri Jan 25 15:31:35 CET 2013
+
+Tor Browser Bundle (2.4.7-alpha-1); suite=windows
+
+ * Update Firefox to 10.0.12esr
+ * Update Tor to 0.2.4.7-alpha
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 4.0development.4
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn at torproject.org> Fri Jan 4 11:55:02 CET 2013
+
+Tor Browser Bundle (2.4.6-alpha-2); suite=windows
+
+ * Update Makefiles to use the right changelogs and READMEs
+
+ -- Erinn Clark <erinn at torproject.org> Mon Dec 3 16:13:45 GMT 2012
+
+Tor Browser Bundle (2.4.6-alpha-1); suite=windows
+
+ * Initial release
+
+ -- Erinn Clark <erinn at torproject.org> Sat Dec 1 15:21:17 GMT 2012
+Tor Browser Bundle (2.3.25-15); suite=windows
+
+ * Update Firefox to 17.0.11esr
+ * Update NoScript to 2.6.8.5
+
+ -- Erinn Clark <erinn at torproject.org> Fri Nov 15 18:11:02 BRST 2013
+
+Tor Browser Bundle (2.3.25-14); suite=windows
+
+ * Update Firefox to 17.0.10esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.10
+ * Update NoScript to 2.6.8.4
+ * Update HTTPS-Everywhere to 3.4.2
+ * Firefox patch changes:
+ - Hide infobar for missing plugins. (closes: #9012)
+ - Change the default entry page for the addons tab to the
+ installed addons page. (closes: #8364)
+ - Make flash objects really be click-to-play if flash is
+ enabled. (closes: #9867)
+ - Make getFirstPartyURI log+handle errors internally to
+ simplify caller usage of the API. (closes: #3661)
+ - Remove polipo and privoxy from the banned ports list. (closes: #3661)
+ - misc: Fix a potential memory leak in the Image Cache isolation
+ - misc: Fix a potential crash if OS theme information is ever absent
+
+ -- Erinn Clark <erinn at torproject.org> Thu Oct 31 14:30:45 BRST 2013
+
+Tor Browser Bundle (2.3.25-13); suite=windows
+
+ * Update Firefox to 17.0.9esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.9
+ * Update HTTPS Everywhere to 3.4.1
+ * Update NoScript to 2.6.7.1
+ * Remove extraneous libevent libraries (closes: #9727)
+ * Enable GCC hardening for Tor
+ * Firefox patch changes:
+ - Disable filtered results in Startpage omnibox (closes: #8839)
+
+ -- Erinn Clark <erinn at torproject.org> Thu Sep 19 19:56:35 CEST 2013
+
+Tor Browser Bundle (2.3.25-12); suite=windows
+
+ * Re-add the locale pref to the Firefox prefs file to allow for localization
+ of bundles again (closes: #9436)
+
+ -- Erinn Clark <erinn at torproject.org> Sun Aug 11 11:51:23 CEST 2013
+
+Tor Browser Bundle (2.3.25-11); suite=windows
+
+ * Update Firefox to 17.0.8esr
+ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html#firefox17.0.8
+ * Update HTTPS Everywhere to 3.3.1
+ * Update NoScript to 2.6.6.9
+
+ -- Erinn Clark <erinn at torproject.org> Thu Aug 8 15:10:52 CEST 2013
+
+Tor Browser Bundle (2.3.25-10); suite=windows
+
+ * Update Firefox to 17.0.7esr
+ * Update zlib to 1.2.8
+ * Update HTTPS Everywhere to 3.2.2
+ * Update NoScript to 2.6.6.6
+
+ -- Erinn Clark <erinn at torproject.org> Sun Jun 23 23:20:25 BRT 2013
+
+Tor Browser Bundle (2.3.25-8); suite=windows
+
+ * Update Firefox to 17.0.6esr
+ * Update HTTPS Everywhere to 3.2
+
+ -- Erinn Clark <erinn at torproject.org> Sun May 12 22:05:52 BRT 2013
+
+Tor Browser Bundle (2.3.25-7); suite=windows
+
+ * Update Torbutton to 1.5.2
+ * Update libpng to 1.5.15
+ * Update NoScript to 2.6.6.1
+ * Firefox patch changes:
+ - Apply font limits to @font-face local() fonts and disable fallback
+ rendering for @font-face. (closes: #8455)
+ - Use Optimistic Data SOCKS handshake (improves page load performance).
+ (closes: #3875)
+ - Honor the Windows theme for inverse text colors (without leaking those
+ colors to content). (closes: #7920)
+ - Increase pipeline randomization and try harder to batch pipelined
+ requests together. (closes: #8470)
+ - Fix an image cache isolation domain key misusage. May fix several image
+ cache related crash bugs with New Identity, exit, and certain websites.
+ (closes: #8628)
+ * Torbutton changes:
+ - Allow session restore if the user allows disk actvity (closes: #8457)
+ - Remove the Display Settings panel and associated locales (closes: #8301)
+ - Fix "Transparent Torification" option. (closes: #6566)
+ - Fix a hang on New Identity. (closes: #8642)
+ * Build changes:
+ - Fetch our source deps from an https mirror (closes: #8286)
+ - Create watch scripts for syncing mirror sources and monitoring mirror
+ integrity (closes: #8338)
+ - Re-enable --enable-optimize for Windows builds
+
+ -- Erinn Clark <erinn at torproject.org> Tue May 7 19:57:00 BRT 2013
+
+Tor Browser Bundle (2.3.25-6); suite=windows
+
+ * Update Firefox to 17.0.5esr
+ * Update NoScript to 2.6.59
+
+ -- Erinn Clark <erinn at torproject.org> Mon Apr 1 19:08:14 EDT 2013
+
+Tor Browser Bundle (2.3.25-5); suite=windows
+
+ * Update Firefox to 17.0.4esr
+ * Update NoScript to 2.6.5.8
+ * Update HTTPS Everywhere to 3.1.4
+ * Fix non-English language bundles to have the correct branding (closes: #8302)
+ * Firefox patch changes:
+ - Remove "This plugin is disabled" barrier
+ * This improves the user experience for HTML5 Youtube videos:
+ They "silently" attempt to load flash first, which was not so silent
+ with this barrier in place. (closes: #8312)
+ - Disable NoScript's HTML5 media click-to-play barrier (closes: #8386)
+ - Fix a New Identity hang and/or crash condition (closes: #6386)
+ - Fix crash with Drag + Drop on Windows (closes: #8324)
+ * Torbutton changes:
+ - Fix Drag+Drop crash by using a new TBB drag observer (closes: #8324)
+ - Fix XML/E4X errors with Cookie Protections (closes: #6202)
+ - Don't clear cookies at shutdown if user wants disk history (closes: #8423)
+ - Leave IndexedDB and Offline Storage disabled. (closes: #8382)
+ - Clear DOM localStorage on New Identity. (closes: #8422)
+ - Don't strip "third party" HTTP auth from favicons (closes: #8335)
+ - Localize the "Spoof english" button strings (closes: #5183)
+ - Ask user for confirmation before enabling plugins (closes: #8313)
+ - Emit private browsing session clearing event on "New Identity"
+
+ -- Erinn Clark <erinn at torproject.org> Sun Mar 10 22:15:41 CET 2013
+
+Tor Browser Bundle (2.3.25-4); suite=windows
+
+ * Update Firefox to 17.0.3esr
+ * Downgrade OpenSSL to 1.0.0k
+ * Update libpng to 1.5.14
+ * Update NoScript to 2.6.5.7
+ * Firefox patch changes:
+ - Exempt remote @font-face fonts from font limits (and prefer them).
+ (closes: #8270)
+ * Remote fonts (aka "User Fonts") are not a fingerprinting threat, so
+ they should not count towards our CSS font count limits. Moreover,
+ if a CSS font-family rule lists any remote fonts, those fonts are
+ preferred over the local fonts, so we do not reduce the font count
+ for that rule.
+ * This vastly improves rendering and typography for many websites.
+ - Disable WebRTC in Firefox build options. (closes: 8178)
+ * WebRTC isn't slated to be enabled until Firefox 18, but the code
+ was getting compiled in already and is capable of creating UDP Sockets
+ and bypassing Tor. We disable it from build as a safety measure.
+ - Move prefs.js into omni.ja and extension-overrides. (closes: 3944)
+ * This causes our browser pref changes to appear as defaults. It also
+ means that future updates of TBB should preserve user pref settings.
+ - Fix a use-after-free that caused crashing on MacOS (closes: 8234)
+ - Eliminate several redundant, useless, and deprecated Firefox pref settings
+ - Report Firefox 17.0 as the Tor Browser user agent
+ - Use Firefox's click-to-play barrier for plugins instead of NoScript
+ - Set the Tor SOCKS+Control ports to 9150, 9151 respectively on all platforms
+ * This fixes a SOCKS race condition with our SOCKS autoport configuration
+ and HTTPS-Everywhere's Tor test. Firefox 17 appears to cache proxy
+ settings per URL now, which resulted in a proxy error for
+ check.torproject.org if we lost the race.
+ * Torbutton was updated to 1.5.0. The following issues were fixed:
+ - Remove old toggle observers and related code (closes: #5279)
+ - Simplify Security Preference UI and associated pref updates (closes: #3100)
+ - Eliminate redundancy in our Flash/plugin disabling code (closes: #1305)
+ - Leave most preferences under Tor Browser's control (closes: #3944)
+ - Disable toggle-on-startup and crash detection logic (closes: #7974)
+ - Disable/remove toggle-mode code and related observers (closes: #5279)
+ - Add menu hint to Torbutton icon (closes: #6431)
+ - Make Torbutton icon flash a warning symbol if TBB is out of date (closes: #7495)
+ - Perform version check every time there's a new tab. (closes: #6096)
+ - Rate limit version check queries to once every 1.5hrs max. (closes: #6156)
+ - misc: Allow WebGL and DOM storage.
+ - misc: Disable independent Torbutton updates
+ - misc: Change the recommended SOCKSPort to 9150 (to match TBB)
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 19 23:59:26 CET 2013
+
+Tor Browser Bundle (2.3.25-3); suite=windows
+
+ * Update OpenSSL to 1.0.1d
+ * Update HTTPS Everywhere to 3.1.3
+ * Update NoScript to 2.6.4.4
+
+ -- Erinn Clark <erinn at torproject.org> Tue Feb 5 18:08:41 CET 2013
+
+Tor Browser Bundle (2.3.25-2); suite=windows
+
+ * Update Firefox to 10.0.12esr
+ * Update Libevent to 2.0.21-stable
+ * Update HTTPS Everywhere to 3.1.2
+ * Update NoScript to 2.6.4.2
+
+ -- Erinn Clark <erinn at torproject.org> Fri Jan 4 11:46:07 CET 2013
+
+Tor Browser Bundle (2.3.25-1); suite=windows
+
+ * Update Tor to 0.2.3.25
+ * Update Firefox 10.0.11esr
+ * Update Vidalia to 0.2.21
+ * Update NoScript to 2.6.2
+
+ -- Erinn Clark <erinn at torproject.org> Sun Dec 2 09:03:27 GMT 2012
+
+Tor Browser Bundle (2.3.24-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.24-rc
+ * Update Firefox to 10.0.10esr
+ * Update NoScript to 2.5.9
+ * Update HTTPS Everywhere to 4.0development.2
+
+ -- Erinn Clark <erinn at torproject.org> Sat Oct 27 12:16:57 BST 2012
+
+Tor Browser Bundle (2.3.23-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.23-rc
+ * Update Firefox to 10.0.9esr
+ * Update HTTPS Everywhere to 4.0development.1
+ * Update NoScript to 2.5.8
+ * Re-enable automatic Control and SOCKS port selection on Linux and OSX
+
+ -- Erinn Clark <erinn at torproject.org> Mon Oct 22 16:14:05 BST 2012
+
+Tor Browser Bundle (2.3.22-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.22-rc
+
+ -- Erinn Clark <erinn at torproject.org> Tue Sep 11 19:49:08 BST 2012
+
+Tor Browser Bundle (2.3.21-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.21-rc
+ * Update Firefox to 15.0.1
+ * Update Libevent to 2.0.20-stable
+ * Update Torbutton to 1.4.6.1
+ * Update HTTPS Everywhere to 3.0development.6
+ * Update NoScript to 2.5.4
+
+ -- Erinn Clark <erinn at torproject.org> Sun Sep 9 10:42:35 BST 2012
+
+Tor Browser Bundle (2.3.20-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.20-rc
+ * Update NoScript to 2.5
+ * Change the urlbar search engine to Startpage (closes: #5925)
+ * Firefox patch updates:
+ - Fix the Tor Browser SIGFPE crash bug (closes: #6492)
+ - Add a redirect API for HTTPS-Everywhere (closes: #5477)
+ - Enable WebGL (as click-to-play only) (closes: #6370)
+
+ -- Erinn Clark <erinn at torproject.org> Sun Aug 5 23:21:32 BST 2012
+
+Tor Browser Bundle (2.3.19-alpha-1); suite=windows
+
+ * Update Tor to 0.2.3.19-rc
+ * Update Firefox to 14.0.1
+ * Update libevent to 2.0.19-stable
+ * Update OpenSSL to 1.0.1c
+ * Update zlib to 1.2.7
+ * Update Torbutton to 1.4.6
+ * Update NoScript to 2.4.9
+ * Update HTTPS Everywhere to 3.0development.5
+ * Downgrade Vidalia to 0.2.20
+
+ -- Erinn Clark <erinn at torproject.org> Wed Jul 25 15:12:41 BST 2012
+
+Tor Browser Bundle (2.3.12-alpha-2); suite=windows
+
+ * Update Firefox to 11.0
+ * Update NoScript to 2.3.4
+ * Update HTTPS Everywhere to 3.0development.1
+ * Disable HTTPS Everywhere SSL Observatory screen (closes: #5300)
+ * Always build to with warnings enabled (closes: #4470)
+ * Remove tor-resolve from the Windows bundle (closes: #5403)
+
+ -- Erinn Clark <erinn at torproject.org> Mon Mar 19 01:14:43 BRT 2012
+
+Tor Browser Bundle (2.3.12-alpha-1); suite=windows
+
+ * Initial release
+
+ -- Erinn Clark <erinn at torproject.org> Thu Mar 1 14:04:56 BRT 2012
More information about the tor-commits
mailing list