In March, the Tor Browser team made two releases: 3.6-beta-1[1], and 3.5.3[2]. Both releases included Mozilla's 24.4.0ESR update, which fixed several security issues. Due to improvements in our release process, we were able to make these releases within a day of Mozilla's official release.
The 3.5.3 release featured a fix for a keyboard input failure on Ubuntu 13.10[3], a fix for a disk record leak while viewing video content[4], a fix for a hang when downloading content from certain HTTP server configurations[5], a fix for a localization fingerprinting issue[6], build process and debugging improvements[7,8], and a fix to enable the translation of Tor connectivity status and error messages in the Tor Launcher UI[9]. The 3.6-beta-1 release featured a single, unified bundle for both censored and uncensored users, and included three Pluggable Transports and default bridges. We put a fair amount of work into making sure the Pluggable Transport configuration was safe and usable, and backported several Tor patches to ensure correct functionality of Pluggable Transport use and configuration[10]. The 3.6-beta-1 release also featured a new DMG-based installer for MacOS, which should greatly improve usability on that platform[11]. We presented the 3.6-beta-1 at the RightsCon conference in San Francisco[12], with a live demo of the new MacOS DMG installation process and Pluggable Transport configuration. People seemed impressed with the usability improvements we have made since they last used Tor Browser. We've also been working hard on our next release, which will likely be 3.6-rc-1. This release will feature Turkish translations[13], a fix for an update notification issue[14], a fix for the remaining screen resolution/resizing issues[15], translation improvements[16], and several Tor Launcher usability improvements[17]. In terms of ongoing development, progress has continued on our Firefox-based updater[18]. We discussed restructuring the bundles to simplify our changes to the Firefox update code, and have arrived at an agreement on how to proceed[19,20]. Several other issues that are as-yet unsolved were also investigated, including a few crash bugs[21,22,23], Windows hardening improvements[24], and issues with websites that might be related to changes to our browser[25]. We also investigated markup and content for the Tor Browser Short User Manual[26]. On the Mozilla merge process front, all of our patches to improve build reproducibility have been merged[27]. The ball is now in Mozilla's court to ensure that the rest of their build infrastructure is capable of creating reproducible builds[28]. We also merged an API to assist Tor Launcher in handling the Tor sub-process[29], and wrote unit tests and helped investigate a couple of other Firefox bugs that affect us[30,31]. On the QA and Testing front, we improved our nightly build process to prune old builds[32], improved our usage of Mozilla's automated testing infrastructure[33], and began deploying our own suite of automated integration tests[34]. On the community coordination front, we wrote a Tor Browser Hacking introductory document, to help get volunteers and potential new hires up to speed on contributing to Tor Browser as quickly and as painlessly as possible[35]. We have also begun tagging and listing the frequently encountered support issues in our bug tracker, and posting them with the release announcements[36]. On the external coordination front, we continued our meetings with the Mozilla Security and Privacy team, and also met with the EFF to discuss and work on improvements to the Decentralized SSL Observatory. On the interview process front, all of our candidates selected tickets at the beginning of this month, and two of have selected tickets that would help get patches merged by Mozilla. Unfortunately, they have not yet been issued contracts to officially begin work due the Tor Project's efforts to change its contracting processes. To the candidates' credit, some of them have begun work anyway. In April, we will continue our efforts at improving and stabilizing the unified 3.6 bundles, releasing at least 3.6-rc-1, and ideally 3.6-stable. We will continue improving Tor Launcher usability for Pluggable Transports as part of this process. In terms of ongoing development, we will continue work on the Firefox updater, restructuring the bundles, and testing this new layout. If we're lucky, this may result in a 4.0-alpha with a restructured layout, or at least a few nightlies. We also hope to complete the Windows hardening efforts by this time. In terms of the merge process, the Mozilla merge deadline for Firefox 31ESR is at the end of April. It remains to be seen how much more will be ready for merge by this point. 1. https://blog.torproject.org/blog/tor-browser-36-beta-1-released 2. https://blog.torproject.org/blog/tor-browser-353-released 3. https://trac.torproject.org/projects/tor/ticket/9353 4. https://trac.torproject.org/projects/tor/ticket/10237 5. https://trac.torproject.org/projects/tor/ticket/9901 6. https://trac.torproject.org/projects/tor/ticket/10703 7. https://trac.torproject.org/projects/tor/ticket/10104 8. https://trac.torproject.org/projects/tor/ticket/9896 9. https://trac.torproject.org/projects/tor/ticket/10604 10. https://trac.torproject.org/projects/tor/ticket/10418 11. https://trac.torproject.org/projects/tor/ticket/4261 12. https://www.rightscon.org/ 13. https://trac.torproject.org/projects/tor/ticket/9010 14. https://trac.torproject.org/projects/tor/ticket/11242 15. https://trac.torproject.org/projects/tor/ticket/9268 16. https://trac.torproject.org/projects/tor/ticket/10398 17. https://trac.torproject.org/projects/tor/ticket/11180 18. https://trac.torproject.org/projects/tor/ticket/4234 19. https://lists.torproject.org/pipermail/tbb-dev/2014-March/000028.html 20. https://lists.torproject.org/pipermail/tbb-dev/2014-March/000027.html 21. https://bugs.torproject.org/9531 22. https://bugs.torproject.org/11258 23. https://bugs.torproject.org/11260 24. https://bugs.torproject.org/10065 25. https://trac.torproject.org/projects/tor/ticket/10569 26. https://trac.torproject.org/projects/tor/ticket/10974 27. https://bugzilla.mozilla.org/show_bug.cgi?id=885777 28. http://andreasgal.com/2014/01/11/trust-but-verify/ 29. https://bugzilla.mozilla.org/show_bug.cgi?id=962314 30. https://bugzilla.mozilla.org/show_bug.cgi?id=971153 31. https://bugzilla.mozilla.org/show_bug.cgi?id=944557 32. https://github.com/boklm/prune-old-builds 33. https://github.com/boklm/tor-browser-try/ 34. https://people.torproject.org/~boklm/tbbtests/tests.html 35. https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking 36. https://trac.torproject.org/projects/tor/query?keywords=~tbb-helpdesk-frequent&status=!closed -- Mike Perry
signature.asc
Description: Digital signature
_______________________________________________ tor-reports mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-reports
