[tor-qa] Tor Browser 6.0a5 is ready for testing

Sherief Alaa sheriefalaa.w at gmail.com
Mon Apr 25 06:25:14 UTC 2016 

On Sun, Apr 24, 2016 at 10:45 PM, Georg Koppen <gk at torproject.org> wrote:

> Hello,
>
> we are pleased to accounce that Tor Browser 6.0a5 is ready for testing
> and bundles can be found on:
>
> https://people.torproject.org/~gk/builds/6.0a5-build3/
>
> This will probably be our last alpha release before the stable 6.0 and
> it contains a bunch of noteworthy changes.
>
> First, we switched the browser to Firefox ESR 45 and rebased our old
> patches/wrote new ones were necessary.
>
> Second, we ship a new Tor alpha version, 0.2.8.2, which makes meek
> usable again and contains a number of other improvements/stability fixes.
>
> Third, this alpha release will introduce code signing for OS X in order
> to cope with Gatekeeper. There were bundle layout changes necessary to
> adhere to code signing requirements. Please test that everything is
> still working as expected if you happen to have an OS X machine.
>
> The fourth highlight is the fix for an installer related DLL hijacking
> vulnerability. This vulnerability made it necessary to deploy a newer
> NSIS version to create our .exe files. Please test that the installer is
> still working as expected if you happen to have a Windows machine.
>
> Here is the full changelog since 6.0a4:
>
> Tor Browser 6.0a5 -- April 27 2016
>  * All Platforms
>    * Update Firefox to 45.1.0esr
>    * Update Tor to 0.2.8.2-alpha
>    * Update Torbutton to 1.9.5.3
>      * Bug 18466: Make Torbutton compatible with Firefox ESR 45
>      * Translation updates
>    * Update Tor Launcher to 0.2.9.1
>      * Bug 13252: Do not store data in the application bundle
>      * Bug 10534: Don't advertise the help desk directly anymore
>      * Translation updates
>    * Update HTTPS-Everywhere to 5.1.6
>    * Update NoScript to 2.9.0.11
>    * Update meek to 0.22 (tag 0.22-18371-2)
>      * Bug 18371: Symlinks are incompatible with Gatekeeper signing
>    * Bug 15197 and child tickets: Rebase Tor Browser patches to ESR 45
>    * Bug 18042: Disable SHA1 certificate support
>    * Bug 18821: Disable libmdns support for desktop and mobile
>    * Bug 18848: Disable additional welcome URL shown on first start
>    * Bug 14970: Exempt our extensions from signing requirement
>    * Bug 16328: Disable MediaDevices.enumerateDevices
>    * Bug 16673: Disable HTTP Alternative-Services
>    * Bug 17167: Disable Mozilla's tracking protection
>    * Bug 18603: Disable performance-based WebGL fingerprinting option
>    * Bug 18738: Disable Selfsupport and Unified Telemetry
>    * Bug 18799: Disable Network Tickler
>    * Bug 18800: Remove DNS lookup in lockfile code
>    * Bug 18801: Disable dom.push preferences
>    * Bug 18802: Remove the JS-based Flash VM (Shumway)
>    * Bug 18863: Disable MozTCPSocket explicitly
>    * Bug 15640: Place Canvas MediaStream behind site permission
>    * Bug 16326: Verify cache isolation for Request and Fetch APIs
>    * Bug 18741: Fix OCSP and favicon isolation for ESR 45
>    * Bug 16998: Disable <link rel="preconnect"> for now
>    * Bug 18726: Add new default obfs4 bridge (GreenBelt)
>  * Windows
>    * Bug 13419: Support ICU in Windows builds
>    * Bug 16874: Fix broken https://sports.yahoo.com/dailyfantasy page
>    * Bug 18767: Context menu is broken on Windows in ESR 45 based Tor
> Browser
>  * OS X
>    * Bug 6540: Support OS X Gatekeeper
>    * Bug 13252: Tor Browser should not store data in the application bundle
>  * Build System
>    * All Platforms
>      * Bug 18127: Add LXC support for building with Debian guest VMs
>      * Bug 16224: Don't use BUILD_HOSTNAME anymore in Firefox builds
>    * Windows
>      * Bug 17895: Use NSIS 2.51 for installer to avoid DLL hijacking
>      * Bug 18290: Bump mingw-w64 commit we use
>    * OS X
>      * Bug 18331: Update toolchain for Firefox 45 ESR
>      * Bug 18690: Switch to Debian Wheezy guest VMs
>    * Linux
>      * Bug 18699: Stripping fails due to obsolete Browser/components
> directory
>      * Bug 18698: Include libgconf2-dev for our Linux builds
>
> Georg
>
>
> _______________________________________________
> tor-qa mailing list
> tor-qa at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-qa
>
>
Testing on OSX 10.11.3. I still get a gate keeper warning that the
developer is unidentified. (See attached.)

-- 
Sherief Alaa
pgp 0x8623B882
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-qa/attachments/20160425/f6858c5c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2016-04-25 at 8.25.17 AM.png
Type: image/png
Size: 84830 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-qa/attachments/20160425/f6858c5c/attachment-0001.png>

More information about the tor-qa mailing list