Tor浏览器13.0a2(Android,Windows,macOS,Linux)
时间:2023-08-13 来源:torproject 作者:理查德 条评论
Tor 浏览器 13.0a2 现在可以从 Tor 浏览器下载页面和我们的发行版目录中获得。
此版本将 Firefox 更新到 115.1.0esr,包括错误修复、稳定性改进和重要的安全更新。我们还从 Firefox 116 向后移植了特定于 Android 的安全更新。
主要变化
这是我们在 13.0 系列中的第二个 alpha 版本,代表了从 Firefox 102-esr 到 Firefox 115-esr 的过渡。这是建立在一年的上游Firefox更改的基础上的,因此alpha测试人员应该会遇到问题。如果您发现任何问题,请在我们的 gitlab 或 Tor 项目论坛上报告。
我们正在进行年度 esr 过渡审计,我们审查 Mozilla 一年的工作,着眼于会对 Tor 浏览器用户产生负面影响的隐私和安全问题。这将在我们将 13.0 alpha 系列转换为稳定系列之前完成。有风险的用户应保留在基于 102-esr 的 12.5 稳定系列上,该系列将继续接收安全更新,直到 13.0 alpha 提升为稳定版。
桌面
Tor 控制器
我们一直在进行一些主要的重构,并重写到 Tor 浏览器桌面版中的 tor 守护进程控制器代码。我们正在将以前在遗留的 torbutton 和 tor-launcher 组件中找到的各种控制端口接口方法的竞争实现统一和现代化为 Firefox 代码库中的封装 JavaScript 模块。这项工作是必要代码清理的长期计划的一部分,并为支持遗留 tor 守护程序之外的备用 tor 后端奠定了基础。
但是,由于修复了错误或引入了新错误,所有这些代码改动确实为新行为提供了机会。如果您在非标准/非默认配置中使用 Tor 浏览器(通过 Firefox 首选项或自定义环境变量),请确保在此 alpha 版本中的配置按预期工作!
受这些变化影响的领域包括:
- 配置 Tor 浏览器以使用外部系统 Tor 服务/守护进程
- 使用琴鸟(以前称为 OBFS4proxy)可插拔传输获取审查规避设置
- 任何依赖于通过控制端口与 Tor 守护进程通信的 Tor 功能(电路显示、洋葱身份验证、网桥+网络设置、新身份等)
托尔战俘
这也是第一个 Tor 浏览器版本,其中包含具有新洋葱服务工作量证明 ddos 防护功能的 tor 守护进程。有关实施的背景和 gitlab 问题,请参阅提案 327。
人造人
这是我们第一个基于Firefox 115esr系列的Android版本。有些东西在边缘仍然有点粗糙,但据我们所知,浏览器的核心功能没有任何已知的回归。
已知问题
窗户
为了确保我们发布的二进制文件仅包含我们认为它们包含的功能,我们使用可重现的构建策略。基本思想是,在不同网络上运行构建机器的多个用户独立下拉并构建相同的源代码。然后,我们验证我们最终签名并交付给用户的构建二进制文件是否位对位相同。这让我们有理由相信我们的版本没有受到损害,并且只包含源代码中的功能。
在 13.0a2 发布周期中,我们启用了为受支持的 Windows 平台生成调试信息的功能,以便更轻松地解决特定于 Windows 的问题。此调试信息包括 PDB 符号(将二进制文件中的地址映射到 Firefox 源代码中的位置)和生成的 C/C++ 标头。不幸的是,标头生成不是确定性的,因此不同的构建器将生成不同的(尽管语义等效)输出。
这意味着,从整体上看,我们的构建当前不匹配。但是,不匹配的部分仅出现在此调试信息中,该信息与交付给最终用户的实际应用程序是分开的(需要主动查找此不匹配的调试信息,并且仅对调试问题的开发人员有用)。
此处正在跟踪此问题。它将在今年晚些时候 13.0 alpha 系列过渡到稳定版之前修复,或者我们将默认禁用此开发人员功能以确保完全匹配版本。
人造人
Android 版 Tor 浏览器的引导和登录页面中存在各种图形错误,包括未对齐的文本和 Firefox 品牌。首次用户的 Tor 浏览器入门也缺失。这些问题(以及其他问题)正在跟踪 这里, 这里 和 这里.
完整更新日志
我们要感谢志愿者贡献者 FlexFoot 对 tor-browser-build#40615 的修复。 自 Tor 浏览器 13.0a1 以来的完整更新日志是:
- 所有平台
- 更新的翻译
- 将 NoScript 更新到 11.4.26
- 将 OpenSSL 更新到 3.0.10
- 将 tor 更新为 0.4.8.3-rc
- 错误 tor-browser#41909:将 13.0 alpha 变基为 115.1.0 esr
- Windows + macOS + Linux
- 将火狐浏览器更新到 115.1.0esr
- 错误或浏览器#30556:重新评估上下黑边尺寸选择
- 错误浏览器#33282:增加新窗口的最大宽度
- 错误 tor-browser#40982:电路显示中的清理地图
- 错误 tor-browser#40983:将不与 UI 相关的 torbutton.js 代码移动到模块
- 错误浏览器#41844:停止直接使用控制端口
- 错误 tor-browser#41907:如果进程在已经引导时准备就绪,引导程序将被中断而没有任何错误
- 错误浏览器#41922:统一桥线解析器
- 错误 tor-browser#41923:路径规范化导致警告
- 错误 tor-browser#41924:TorProcess 的小重构
- 错误 tor-browser#41925:删除 torbutton 启动过程
- 错误 tor-browser#41926:重构控制端口客户端实现
- 错误 tor-browser#41964:连接首选项中未及时定义“表情符号注释”
- 人造人
- 将 GeckoView 更新为 115.1.0esr
- 错误 tor-browser-build#40919:修复 13.0a2-build1 的 nimbus-fml 可重现性
- 错误 tor-browser#41928:将特定于 Android 的安全修复程序从 Firefox 116 向后移植到 ESR 102.14 / 115.1 的基于 Tor 浏览器
- 错误 tor-browser#41972:在 13.0 中禁用 Firefox 载入
- 错误 tor-browser#41997:删除所有对 com.adjust.sdk.Adjust 的使用和引用,现在使用 AD_ID
- 构建系统
- 所有平台
- 更新至 1.20.7
- Bug tor-browser-build#31588:更聪明地为 Rust 项目提供供应商
- Bug tor-browser-build#40855:更新 Mozilla 115 的工具链
- 错误 tor-browser-build#40880:自述文件不包括构建增量所需的一些依赖项
- 错误 tor-browser-build#40905:Go 供应商存档忽略测试构建的夜间版本覆盖
- 错误 tor-browser-build#40908:在 tor 中启用 --enable-gpl 配置标志以引入 PoW 功能
- 错误 tor-browser-build#40909:将 dan_b 和 ma1 添加到相关项目中的标记器列表中
- 错误 tor-browser-build#40913:将 boklm 添加回相关项目中的标记器列表
- Windows + macOS + Linux
- 错误 tor-browser-build#40615:考虑将自述文件添加到字体目录
- 错误 tor-browser-build#40907:Mar-tools 在 13.0a1 上不是确定性的
- 窗户
- Bug tor-browser-build#31546:在Windows上创建和公开用于Tor浏览器调试的PDB文件
- 人造人
- Bug tor-browser-build#40867:为统一的 Android 存储库创建一个 RBM 项目
- Bug tor-browser-build#40917:删除uniffi-rs项目
- 错误浏览器#41899:使用LLD安卓版
- 错误 tor-browser-build#40920:在安卓 apks 中不确定地生成 baseline.profm 文件
- 所有平台
New Alpha Release: Tor Browser 13.0a2 (Android, Windows, macOS, Linux)
Tor Browser 13.0a2 is now available from the Tor Browser download page and also from our distribution directory.
This release updates Firefox to 115.1.0esr, including bug fixes, stability improvements and important security updates. We also backported the Android-specific security updates from Firefox 116.
Major Changes
This is our second alpha release in the 13.0 series which represents a transition from Firefox 102-esr to Firefox 115-esr. This builds on a year's worth of upstream Firefox changes, so alpha-testers should expect to run into issues. If you find any issues, please report them on our gitlab or on the Tor Project forum.
We are in the middle of our annual esr transition audit, where we review Mozilla's year's worth of work with an eye for privacy and security issues that would negatively affect Tor Browser users. This will be completed before we transition the 13.0 alpha series to stable. At-risk users should remain on the 102-esr based 12.5 stable series which will continue to receive security updates until 13.0 alpha is promoted to stable.
Desktop
Tor Controller
We have been working on some major refactors and rewrites to the tor daemon controller code in Tor Browser for Desktop. We are unifying and modernizing the competing implementations of various control port interface methods formerly found in the legacy torbutton and tor-launcher components into encapsulated JavaScript modules within the Firefox codebase. This work is part of long-term plan of necessary code-cleanup and lays the groundwork for supporting alternate tor backends besides the legacy tor daemon.
However, all this code-churn does open up opportunity for new behaviour due to fixed bugs or due to the introduction of new ones. If you use Tor Browser in a non-standard/non-default configuration (either via Firefox preferences or custom environment variables) please ensure things are working as expected for your configuration with this alpha release!
The areas affected by these changes include:
- configuring Tor Browser to use an external system tor service/daemon
- fetching censorship-circumvention setting using the lyrebird (formerly obfs4proxy) pluggable transport
- any tor functionality that relies on communicating with the tor daemon via the control port (circuit display, onion auth, bridge+network settings, new identity, etc)
Tor PoW
This is also the first Tor Browser release including a tor daemon with the new onion service proof-of-work ddos prevention feature. See Proposal 327 for background and the gitlab issue regarding the implementation.
Android
This is our first Android release based on the Firefox 115esr series. Some things are still a bit rough around the edges but, to our knowledge, there are not any known regressions to the browser's core functionality.
Known Issues
Windows
To ensure that we are shipping binaries which only contain the functionality we believe they do, we use a reproducible build strategy. The basic idea is that multiple users with build machines running on different networks independently pull down and build the same source code. We then verify that the built binaries we ultimately sign and ship to users are bit for bit identical. This gives us reasonable confidence that our releases have not been compromised and contain only the functionality found in our source code.
During the 13.0a2 release cycle, we have enabled generating debug information for our supported windows platforms to make trouble-shooting windows-specific issues easier. This debug information includes PDB symbols (which map addresses in the binaries to locations in the firefox source code) and generated C/C++ headers. Unfortunately, the header generation is not deterministic, and so different builders will generate different (though semantically equivalent) outputs.
What this means is that, taken as a whole, our builds are not currently matching. However, the mismatched parts only appear in this debug info which is separate from the actual application that is shipped to end-users (this non-matching debug info needs to be actively sought out and is only useful for developers debugging an issue).
This issue is being tracked here. It will either be fixed before the 13.0 alpha series transitions to stable later this year, or we will disable this developer feature by default to ensure fully matching builds.
Android
There are various graphical bugs in the bootstrapping and landing pages in Tor Browser for Android including misaligned text and Firefox branding. The Tor Browser onboarding for first-time users is also missing. These issues (among others) are being tracked here, here and here.
Full changelog
We would like to thank volunteer contributor FlexFoot for their fix for tor-browser-build#40615. The full changelog since Tor Browser 13.0a1 is:
- All Platforms
- Updated Translations
- Updated NoScript to 11.4.26
- Updated OpenSSL to 3.0.10
- Updated tor to 0.4.8.3-rc
- Bug tor-browser#41909: Rebase 13.0 alpha to 115.1.0 esr
- Windows + macOS + Linux
- Updated Firefox to 115.1.0esr
- Bug tor-browser#30556: Re-evaluate letterboxing dimension choices
- Bug tor-browser#33282: Increase the max width of new windows
- Bug tor-browser#40982: Cleanup maps in tor-circuit-display
- Bug tor-browser#40983: Move not UI-related torbutton.js code to modules
- Bug tor-browser#41844: Stop using the control port directly
- Bug tor-browser#41907: The bootstrap is interrupted without any errors if the process becomes ready when already bootstrapping
- Bug tor-browser#41922: Unify the bridge line parsers
- Bug tor-browser#41923: The path normalization results in warnings
- Bug tor-browser#41924: Small refactors for TorProcess
- Bug tor-browser#41925: Remove the torbutton startup process
- Bug tor-browser#41926: Refactor the control port client implementation
- Bug tor-browser#41964: 'emojiAnnotations' not defined in time in connection preferences
- Android
- Updated GeckoView to 115.1.0esr
- Bug tor-browser-build#40919: Fix nimbus-fml reproducibility of 13.0a2-build1
- Bug tor-browser#41928: Backport Android-specific security fixes from Firefox 116 to ESR 102.14 / 115.1 - based Tor Browser
- Bug tor-browser#41972: Disable Firefox onboarding in 13.0
- Bug tor-browser#41997: Remove all use and reference to com.adjust.sdk.Adjust which now uses AD_ID
- Build System
- All Platforms
- Updated Go to 1.20.7
- Bug tor-browser-build#31588: Be smarter about vendoring for Rust projects
- Bug tor-browser-build#40855: Update toolchains for Mozilla 115
- Bug tor-browser-build#40880: The README doesn't include some dependencies needed for building incrementals
- Bug tor-browser-build#40905: Go vendor archives ignore the nightly version override on testbuilds
- Bug tor-browser-build#40908: Enable the --enable-gpl config flag in tor to bring in PoW functionality
- Bug tor-browser-build#40909: Add dan_b and ma1 to list of taggers in relevant projects
- Bug tor-browser-build#40913: add boklm back to list of taggers in relevant projects
- Windows + macOS + Linux
- Bug tor-browser-build#40615: Consider adding a readme to the fonts directory
- Bug tor-browser-build#40907: Mar-tools aren't deterministic on 13.0a1
- Windows
- Bug tor-browser-build#31546: Create and expose PDB files for Tor Browser debugging on Windows
- Android
- Bug tor-browser-build#40867: Create a RBM project for the unified Android repository
- Bug tor-browser-build#40917: Remove the uniffi-rs project
- Bug tor-browser#41899: Use LLD for Android
- Bug tor-browser-build#40920: Non-deterministic generation of baseline.profm file in Android apks
- All Platforms
返回→:首页 > android手机翻墙软件