Tor浏览器13.0a4(Android,Windows,macOS,Linux)
时间:2023-09-17 来源:torproject 作者:理查德 条评论
Tor 浏览器 13.0a4 现在可以从 Tor 浏览器下载页面和我们的发行版目录中获得。
此版本将 Firefox 更新到 115.2.1esr,包括错误修复、稳定性改进和重要的安全更新。我们还从 Firefox 117 向后移植了特定于 Android 的安全更新。
主要变化
这是我们在 13.0 系列中的第四个 alpha 版本,代表了从 Firefox 102-esr 到 Firefox 115-esr 的过渡。这是建立在一年的上游Firefox更改的基础上的,因此alpha测试人员应该会遇到问题。如果您发现任何问题,请在我们的 gitlab 或 Tor 项目论坛上报告。
我们正在进行年度 esr 过渡审计,我们审查 Mozilla 一年的工作,着眼于会对 Tor 浏览器用户产生负面影响的隐私和安全问题。这将在我们将 13.0 alpha 系列转换为稳定系列之前完成。有风险的用户应保留在基于 102-esr 的 12.5 稳定系列上,该系列将继续接收安全更新,直到 13.0 alpha 提升为稳定版。
生成输出命名更新
作为 13.0a3 发布帖子的提醒,我们已经使所有构建输出的命名方案相互一致。如果您是下游打包者或以其他方式下载脚本或自动化中的 Tor 浏览器工件,那么一旦 13.0 alpha 稳定下来,除了增加版本号之外,您还有更多工作要做。我们当前的所有构建输出都可以在分发目录中找到
UX 刷新 about:tor
引导后您登陆的 about:tor 页面已针对我们的桌面平台进行了重写。作为这个过程的一部分,作为 tor 集成后端重写的一部分,我们删除了 about:tor 页面中发生的自动 tor 网络连接检查 (https://check.torproject.org)。
这个检查是 tor-launcher 时代的遗留问题,当时启动和引导 tor 守护进程是由一个扩展处理的,该扩展在 Firefox 浏览器界面呈现给用户之前运行。由于 about:connection 中更紧密的 tor 集成和浏览器内引导体验,此检查背后的遗留逻辑有时会失败,并为一些用户呈现臭名昭著的“死机红屏”,即使他们的 tor 连接很好。
也就是说,在使用默认配置时,我们收到的所有用户点击此屏幕的报告都是误报。此页面上的检查有意义的条件不再存在,现在只会使用户感到困惑。最重要的是,Tor 浏览器在非默认配置中使用的两个主要环境(Tails 和 Whonix)不使用内置的 about:tor 页面作为主页或新选项卡。
成功完成引导过程的具有默认配置的 Tor 浏览器用户基本上无法进入这样一种情况:他们能够在不连接到进程拥有的 Tor 守护进程的情况下加载 about:tor。如果它们连接到 tor 守护进程,那么如果在引导后与 Tor 网络的连接失败,则检查将成功或超时。如果 tor 守护进程崩溃或无法启动,则浏览器的代理设置会阻止 Web 流量流向用户系统之外的任何地方
在短期内,我们将在about:tor页面中添加一些ux,供未使用默认配置的用户轻松检查其配置是否正确并按预期使用Tor。
从长远来看(在 13.5 时间范围内),我们计划将此 tor 检查直接集成到 about:connection 状态机中,这样我们就可以避免默认配置中的误报,同时让您高枕无忧,Web 流量正在正确路由。我们还可能会为非默认配置中的用户迭代 about:tor ux。
Android
Our Tor Browser Android release should be pretty close to final in terms of changes, apart from bug fixes or tweaks required by our annual ESR code-audit. The rendering+branding errors from 13.0a3 have been resolved. If you are able, please be sure to take the Tor Browser Android alpha for a spin, and especially try using bridges!
Known Issues
Desktop
如果从早于 13.0a3 的版本开始,则某些用户当前无法生成增量更新。13.0a2 和 13.0a1 上的用户将首先下载小型增量更新,重新启动后无法应用它,然后下载完整的大型更新。这不应该导致除了您宝贵的时间之外失去任何有价值的东西。
它正在 tor-browser#42101 中被跟踪。
窗户
生成生成的调试标头当前不可重现。这仅影响调试信息,不会影响用户。此处正在跟踪此问题。它将在今年晚些时候 13.0 alpha 系列过渡到稳定版之前修复,或者我们将默认禁用此开发人员功能以确保完全匹配版本。
完整更新日志
我们要感谢志愿者贡献者cypherpunks1对tor-browser#41876和tor-browser#41740的修复。
自 Tor 浏览器 13.0a3 以来的完整更新日志是:
- 所有平台
- 更新的翻译
- 将 NoScript 更新到 11.4.27
- 将 tor 更新到 0.4.8.5
- 将雪花更新到 2.6.1
- 错误 tor-browser-build#40951:在 #40938 之后,Firefox 无法为 macos 构建
- 错误浏览器#41675:ESR115:决定大型数组缓冲区
- 错误 tor-browser#41740:ESR115:在 alpha 中将设备像素比率欺骗更改为 2 进行测试
- 错误 tor-browser#41797:在发布版本中锁定 RFP
- 错误 tor-browser#41934:Websocket 在 13.0a1 中在 http onions 上引发了 DOMException
- 错误 tor-browser#42034:关于TBUpdate.dtd 是重复的
- 错误浏览器#42043:禁用gUM:media.devices.enumerate.legacy.enabled
- 错误 tor-browser#42061:将 alpha 更新通道创建自行移动到提交
- 错误 tor-browser#42084:语言首选项的争用条件可能会使spoof_english无效
- 错误 tor-browser#42093:将 alpha 变基到 115.2.1esr
- Windows + macOS + Linux
- 将火狐浏览器更新为 115.2.1esr
- 错误 tor-browser-build#40149:删除每晚更新 URL 的修补
- 错误 tor-browser-build#40821:alpha 中的更新详细信息 URL 错误
- 错误 tor-browser-build#40938:将新的 tor-browser.ftl 文件复制到相应的目录
- 错误 tor-browser#41333:现代化 Tor 浏览器的新标签页 (about:tor)
- 错误 tor-browser#41528:硬编码的英语“基于 Mozilla Firefox”出现在“关于”对话框中的版本
- 错误 tor-browser#41651:在连接首选项中使用 moz-切换
- 错误浏览器#41739:删除“网站外观”
- 错误 tor-browser#41774:隐藏新的“切换到新设备”帮助菜单项
- 错误 tor-browser#41821:修复了 13.0 中关于:首选项的代理模式中的代理类型
- 错误 tor-browser#41865:使用 --text-color-de强调而不是 --panel-description-color
- 错误浏览器#41876:从标题栏中删除火狐视图
- 错误或浏览器#41881:开发人员工具/网络/新请求记住请求
- 错误 tor-browser#41886:下载下拉面板在“小心打开下载”警告中的每个单词之间都有换行符/换行符
- 错误或浏览器#41904:日志文本区域不再调整大小
- BUg 41906: 隐藏关于:首选项#隐私 > DNS over HTTPS 部分 [tor-browser]
- 错误或浏览器#41971:更新下载中的尾巴 URL 警告
- 错误 tor-browser#41974:自定义组件中取消强调的文本在 13.0 alpha 中不再是灰色
- 错误浏览器#41977:隐藏桥接卡中的“了解更多”链接
- 错误 tor-browser#41980:电路显示标题在 13.0 alpha 中未对齐
- Bug tor-browser#42027: Create a Base Browser version of migrateUI
- Bug tor-browser#42045: Circuit panel overflows with long ipv6 addresses
- Bug tor-browser#42046: Remove XUL layout hacks from base browser
- Bug tor-browser#42047: Remove layout hacks from tor browser preferences
- Bug tor-browser#42050: Bring back Save As... dialog as default
- Bug tor-browser#42075: Fix link spacing and underline on new homepage
- Windows + Android
- 将 zlib 更新到 1.3
- 错误 tor-browser-build#40930:在 1.3a13 之后将 zlib 更新到 0.3
- 苹果操作系统
- 错误浏览器#42057:禁用平台文本识别功能
- Linux目录
- 错误 tor-browser#41509:更新后,KDE Plasma 将 Tor 浏览器夜间窗口组识别为“Firefox-nightly”
- 人造人
- 将 GeckoView 更新为 115.2.1esr
- 错误浏览器构建#40941:删除安卓上的PT进程选项
- 错误 tor-browser#41878:火狐移动:重构 tor 引导程序关闭已删除的载入路径
- 错误 tor-browser#41879:火狐-安卓:添加 Tor 集成和 UI 提交太大,需要拆分
- 错误浏览器#41882:更新鸭鸭围图标
- 错误 tor-browser#41987: Tor 浏览器安卓入职计划
- 错误 tor-browser#42001:隐藏“在外部应用程序中打开链接”设置选项并强制默认值
- 错误 tor-browser#42038:TBA Alpha - 在开始屏幕上同时写入 Tor 浏览器 Alpha 和 FireFox 浏览器
- 错误 tor-browser#42076:主题在选项中可见,但不应该
- 构建系统
- 所有平台
- 更新至 1.21.1
- 错误 tor-browser-build#40929:更新到 1.21 之后的 13.0a3 系列
- 错误 tor-browser-build#40932:从项目/发布/update_responses_config.yml 中删除appname_bundle_android、appname_bundle_macos、appname_bundle_linux、appname_bundle_win32 appname_bundle_win64
- 错误 tor-browser-build#40935:修复签名脚本中构建目标重命名的影响
- 错误 tor-browser-build#40948:每晚删除琴鸟供应商 sha256sum
- Windows + macOS + Linux
- 错误 tor-browser-build#40786:deploy_update_responses-*.sh 需要 +r 权限才能运行
- 错误 tor-browser-build#40931:修复 tor-browser-build#40829 之后的增量
- 错误 tor-browser-build#40933:修复了在 12.5.x 和 13.0 之间生成增量的问题
- 错误 tor-browser-build#40942:使用分支构建基本浏览器
- 错误 tor-browser-build#40944:在 #40931 之后,updates_responses正在使用增量 .mar 文件,就好像它们是非增量 mar 文件一样
- 错误 tor-browser-build#40946:override_updater_url不适用于 Mullvad 浏览器
- 错误 tor-browser-build#40947:从工具/签名/每晚/更新响应-base-config.yml 中删除migrate_langs
- 苹果操作系统
- 错误 tor-browser-build#40943:更新 libdmg-hfsplus 以包含我们提升的补丁
- 错误 tor-browser#42035:更新工具/浏览器/脚本以支持 macOS 开发环境
- Linux目录
- 错误 tor-browser#42071:tor 浏览器部署的格式更改了中断 fetch.sh
- 所有平台
New Alpha Release: Tor Browser 13.0a4 (Android, Windows, macOS, Linux)
Tor Browser 13.0a4 is now available from the Tor Browser download page and also from our distribution directory.This release updates Firefox to 115.2.1esr, including bug fixes, stability improvements and important security updates. We also backported the Android-specific security updates from Firefox 117.
Major Changes
This is our fourth alpha release in the 13.0 series which represents a transition from Firefox 102-esr to Firefox 115-esr. This builds on a year's worth of upstream Firefox changes, so alpha-testers should expect to run into issues. If you find any issues, please report them on our gitlab or on the Tor Project forum.
We are in the middle of our annual esr transition audit, where we review Mozilla's year's worth of work with an eye for privacy and security issues that would negatively affect Tor Browser users. This will be completed before we transition the 13.0 alpha series to stable. At-risk users should remain on the 102-esr based 12.5 stable series which will continue to receive security updates until 13.0 alpha is promoted to stable.
Build Output Naming Updates
As a reminder from the 13.0a3 release post, we have made the naming scheme for all of our build outputs mutually consistent. If you are a downstream packager or in some other way download Tor Browser artifacts in scripts or automation, you will have a bit more work to do beyond bumping the version number once the 13.0 alpha stabilizes. All of our current build outputs can be found in the distribution directory
UX Refresh of about:tor
The about:tor page you land on after bootstrapping has been rewritten for our Desktop platforms. As part of this process, and as part of the tor integration back-end rewrite, we have removed the automatic tor network connectivity check ( https://check.torproject.org ) which occurred in the about:tor page.
This check was a hold-over from the tor-launcher days when launching and bootstrapping the tor daemon was handled by an extension which ran before the Firefox browser interface was presented to the user. As a result of the tighter tor integration and in-browser bootstrapping experience in about:connection, the legacy logic behind this check would sometimes fail and present some users with the infamous 'red screen of death', even if their tor connection was fine.
That is to say, all of the reports we have received of users hitting this screen were false-positives when using the default configuration. The conditions for which the check on this page made sense no longer exist and now only serve to confuse users. On top of that, the two main environments where Tor Browser is used in a non-default configuration where the check is arguably useful (Tails and Whonix) do not use the built-in about:tor page for home or new-tab.
Tor Browser users with the default configuration who successfully go through the bootstrapping process essentially cannot get into a situation where they are able to load about:tor while not being connected to the process-owned tor daemon. If they are connected to the tor daemon, then the check will either succeed or timeout if the connection to the Tor Network fails after bootstrapping. If the tor daemon has crashed or failed to launch, then the browser's proxy settings prevent web traffic from going anywhere outside the users system
In the short term, we will be adding some ux to the about:tor page for users who are not using a default configuration to easily check that their configuration is correct and using tor as expected.
Longer-term (in the 13.5 time-frame) we plan on integrating this tor check directly into the about:connection state-machine so we can avoid false-positives in the default configuration while also providing peace-of-mind that web traffic is being routed correctly. We will also likely iterate on the about:tor ux for users in non-default configurations.
Android
Our Tor Browser Android release should be pretty close to final in terms of changes, apart from bug fixes or tweaks required by our annual ESR code-audit. The rendering+branding errors from 13.0a3 have been resolved. If you are able, please be sure to take the Tor Browser Android alpha for a spin, and especially try using bridges!
Known Issues
Desktop
Build to build incremental updates are currently failing for some users if you are starting at a version older than 13.0a3. Users on 13.0a2 and 13.0a1 will first download the small incremental update, fail to apply it after a re-launch, and then download the full large update. This should not result in losing anything of value apart from your precious time.
It is being tracked in tor-browser#42101.
Windows
Building generated debug headers are not currently reproducible. This only affects debug info and does not affect users. This issue is being tracked here. It will either be fixed before the 13.0 alpha series transitions to stable later this year, or we will disable this developer feature by default to ensure fully matching builds.
Full changelog
We would like to thank volunteer contributor cypherpunks1 for their fixes for tor-browser#41876 and tor-browser#41740.
The full changelog since Tor Browser 13.0a3 is:
- All Platforms
- Updated Translations
- Updated NoScript to 11.4.27
- Updated tor to 0.4.8.5
- Updated Snowflake to 2.6.1
- Bug tor-browser-build#40951: Firefox fails to build for macos after #40938
- Bug tor-browser#41675: ESR115: decide on large array buffers
- Bug tor-browser#41740: ESR115: change devicePixelRatio spoof to 2 in alpha for testing
- Bug tor-browser#41797: Lock RFP in release builds
- Bug tor-browser#41934: Websocket raises DOMException on http onions in 13.0a1
- Bug tor-browser#42034: aboutTBUpdate.dtd is duplicated
- Bug tor-browser#42043: Disable gUM: media.devices.enumerate.legacy.enabled
- Bug tor-browser#42061: Move the alpha update channel creation to a commit on its own
- Bug tor-browser#42084: Race condition with language preferences may make spoof_english ineffective
- Bug tor-browser#42093: Rebase alpha onto 115.2.1esr
- Windows + macOS + Linux
- Updated Firefox to 115.2.1esr
- Bug tor-browser-build#40149: Remove patching of nightly update URL
- Bug tor-browser-build#40821: The update details URL is wrong in alphas
- Bug tor-browser-build#40938: Copy the new tor-browser.ftl file to the appropriate directory
- Bug tor-browser#41333: Modernize Tor Browser's new-tab page (about:tor)
- Bug tor-browser#41528: Hard-coded English "based on Mozilla Firefox" appears in version in "About" dialog
- Bug tor-browser#41651: Use moz-toggle in connection preferences
- Bug tor-browser#41739: Remove "Website appearance"
- Bug tor-browser#41774: Hide the new "Switching to a new device" help menu item
- Bug tor-browser#41821: Fix the proxy type in the proxy modal of about:preferences in 13.0
- Bug tor-browser#41865: Use --text-color-deemphasized rather than --panel-description-color
- Bug tor-browser#41876: Remove firefox view from title bar
- Bug tor-browser#41881: Developer tools/Network/New Request remembers requests
- Bug tor-browser#41886: Downloads drop-down panel has new-line/line-break between every word in the 'Be careful opening downloads' warning
- Bug tor-browser#41904: The log textarea doesn't resize anymore
- BUg 41906: hide about:preferences#privacy > DNS over HTTPS section [tor-browser]
- Bug tor-browser#41971: Update Tails URL in downloads warning
- Bug tor-browser#41974: De-emphasized text in custom components is no longer gray in 13.0 alpha
- Bug tor-browser#41977: Hide the "Learn more" link in bridge cards
- Bug tor-browser#41980: Circuit display headline is misaligned in 13.0 alpha
- Bug tor-browser#42027: Create a Base Browser version of migrateUI
- Bug tor-browser#42045: Circuit panel overflows with long ipv6 addresses
- Bug tor-browser#42046: Remove XUL layout hacks from base browser
- Bug tor-browser#42047: Remove layout hacks from tor browser preferences
- Bug tor-browser#42050: Bring back Save As... dialog as default
- Bug tor-browser#42075: Fix link spacing and underline on new homepage
- Windows + Android
- Updated zlib to 1.3
- Bug tor-browser-build#40930: Update zlib to 1.3 after 13.0a3
- macOS
- Bug tor-browser#42057: Disable Platform text-recognition functionality
- Linux
- Bug tor-browser#41509: After update, KDE Plasma identifies Tor Browser Nightly window group as "firefox-nightly"
- Android
- Updated GeckoView to 115.2.1esr
- Bug tor-browser-build#40941: Remove PT process options on Android
- Bug tor-browser#41878: firefox-mobile: refactor tor bootstrap off deleted onboarding path
- Bug tor-browser#41879: firefox-android: Add Tor integration and UI commit is too big, needs to be split up
- Bug tor-browser#41882: Update DuckDuckGo icons
- Bug tor-browser#41987: Tor Browser Android Onboarding Plan
- Bug tor-browser#42001: Hide 'Open links in external app' settings option and force defaults
- Bug tor-browser#42038: TBA Alpha - inscriptions Tor Browser Alpha and FireFox Browser simultaneously on the start screen
- Bug tor-browser#42076: Theme is visable in options, but shouldn't be
- Build System
- All Platforms
- Updated Go to 1.21.1
- Bug tor-browser-build#40929: Update go to 1.21 series after 13.0a3
- Bug tor-browser-build#40932: Remove appname_bundle_android, appname_bundle_macos, appname_bundle_linux, appname_bundle_win32, appname_bundle_win64 from projects/release/update_responses_config.yml
- Bug tor-browser-build#40935: Fix fallout from build target rename in signing scripts
- Bug tor-browser-build#40948: Remove lyrebird-vendor sha256sum in nightly
- Windows + macOS + Linux
- Bug tor-browser-build#40786: deploy_update_responses-*.sh requires +r permissions to run
- Bug tor-browser-build#40931: Fix incrementals after tor-browser-build#40829
- Bug tor-browser-build#40933: Fix generating incrementals between 12.5.x and 13.0
- Bug tor-browser-build#40942: Use the branch to build Base Browser
- Bug tor-browser-build#40944: After #40931, updates_responses is using incremental.mar files as if they were non-incremental mar files
- Bug tor-browser-build#40946: override_updater_url does not work for Mullvad Browser
- Bug tor-browser-build#40947: Remove migrate_langs from tools/signing/nightly/update-responses-base-config.yml
- macOS
- Bug tor-browser-build#40943: Update libdmg-hfsplus to include our uplifted patch
- Bug tor-browser#42035: Update tools/torbrowser/ scripts to support macOS dev environment
- Linux
- Bug tor-browser#42071: tor-browser deployed format changed breaking fetch.sh
- All Platforms
返回→:首页 > android手机翻墙软件