Tor Browser Bundle 3.0rc1 Released
The first release candidate in the 3.0 series of the Tor Browser Bundle is now available from the Tor Package Archive:
https://archive.torproject.org/tor-package-archive/torbrowser/3.0rc1/.
This release includes important security updates to Firefox.
Unfortunately, we have decided to remove the PDF.JS addon from this bundle, as the version available for Firefox 17 has stopped receiving updates. Built-in PDF support should return when we transition to Firefox 24 in the coming weeks.
This release should also fix a build reproducibility issue on Windows. All platform binaries should once again be identically reproducible from source by anyone using git tag tbb-3.0rc1-release.
- All Platforms:
- Update Firefox to 17.0.11esr
- Update Tor to 0.2.4.18-rc
- Remove unsupported PDF.JS addon from the bundle
- Bug #7277: TBB's Tor client will now omit its timestamp in the TLS handshake.
- Update Torbutton to 1.6.4.1
- Bug #10002: Make the TBB3.0 blog tag our update download URL for now
- Windows
- Bug #10102: Patch binutils to remove nondeterministic bytes in compiled binaries
- Linux
- Bug #10049: Fix architecture check to work from outside TBB's directory
- Bug #10126: Remove libz and firefox-bin, and strip unstripped binaries
- Misc: Disable Firefox updater during compile time (in addition to pref)
Comments
Please note that the comment area below has been archived.
Some kind of change in the
Some kind of change in the 3.0 RC 1 bundle has made RequestPolicy stop working. As soon as you restart Tor Browser to finish installing it, Tor Browser stops working and keeps on crashing out every time you try to restart it. Even removing the RequestPolicy Extension manually does not solve the issues.
Okay, I have to backtrack
Okay, I have to backtrack here. The issue is coming when I uncheck the 'use private browsing mode" thing in Torbutton. This needs a fix, I know that you love for people to use private browsing mode because you think that it is 'safer' but many of us do not like private browsing mode because of conflicts with other add-ons and applications.
"Web creator Sir Tim
"Web creator Sir Tim Berners-Lee has warned that the democratic nature of the net is threatened by a 'growing tide of surveillance and censorship'".
And grateful thanks to y'all - I'm sure I "speak" for all - when I say youse at Tor are still one step ahead...
Well done, an' more power to yer collective elbows...
The git tag seems to be
The git tag seems to be tbb-3.0rc1-build1 not tbb-3.0rc1-release.
Regards,
torland
Anybody else getting a stall
Anybody else getting a stall when opening Start Tor Browser.exe launcher? It worked fine on first run, but when altering about:config and adding a few add-ons, the behavior starts. The browser launches just fine when clicking "open settings" however. Perhaps an add-on conflict? refcontrol, downthemall, adblockplus were added post install.
I think I figured it out.
I think I figured it out. Clearing the cache in \Data\Tor seemed to restore normal Tor launcher behavior.
This did not work for me.
This did not work for me. When I clear that cache a new attempt at connecting drops a file in that folder called LOCK. Does that mean my ISP is locking me out or is project gutenberg still blocking?
You are thinking your ISP
You are thinking your ISP can cause Tor to make a file on your filesystem? Ugh. :) I recommend https://www.torproject.org/docs/documentation#UpToSpeed as a start.
Not working on Kubuntu
Not working on Kubuntu 13.10, unfortunately -- loading it prompts a recursive restart message. Beta version was more stable.
It won't start for
It won't start for me:
tor-browser_en-US $ ./start-tor-browser
Launching Tor Browser Bundle for Linux in /home/.../.../tor-browser_en-US
(process:2159): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed
/home/newman/bin/TorBrowserBundle/tor-browser_en-US/Tor/tor: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory
Also:
tor-browser_en-US $ ldd Tor/tor
libssl.so.1.0.0 => not found
libcrypto.so.1.0.0 => not found
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/ticket/10213
Well done! The new update
Well done! The new update is working great for me so far, and the 17.0.11esr patches address complaints in https://trac.torproject.org/projects/tor/ticket/10202#comment:1 ridiculously quickly.
Eager to see TBB transition to 24.1.1 for the NSS updates!
meant to say 25.0.1 for its
meant to say 25.0.1 for its NSS bugs: https://www.mozilla.org/security/known-vulnerabilities/firefox.html
The NSS bug is fixed in
The NSS bug is fixed in 17.0.11esr too, which the link on that page also says.
This is very much
This is very much appreciated. One suggestion:
Including NoScript 2.6.8.5 instead of the older 2.6.8.2 would have been nice...even though it's trivial for users with decently fast connections to just update.
Also think the new big black arrow indicating to users that they should update is a welcome new addition. For users who may not stay "on top of" keeping their extensions updated, maybe similar notification behavior would be useful?
Firefox (Tor Browser)
Firefox (Tor Browser) already has an auto-update mechanism for extensions, and I believe Tor Browser has it enabled by default.
This is an excellent
This is an excellent product; definitely worth a donation.
Thanks guys.
Is this recommended
Is this recommended (security-wise) over tor 0.2.4.18-rc?
You are confusing Tor
You are confusing Tor versions with Tor Browser Bundle versions.
TBB 3.0rc1 includes Tor 0.2.4.18-rc.
Hi, do you plan to place Tor
Hi, do you plan to place Tor Browser 3.0 in the Debian's main repository when it's finally released?
Debian has a policy against
Debian has a policy against overlapping code in packages. Since Tor Browser overlaps with Iceweasel, their policy says no.
I agree that's a crummy outcome. See
https://trac.torproject.org/projects/tor/ticket/3994
and
https://labs.riseup.net/code/issues/5798
for hints on how to move forward.
Thank you for the answer.
Thank you for the answer. Actually I started to have doubts if Debian's main is the right place. Debian is security oriented mostly in the stable branch. But even now it has 17.0.10 in stable-security repo. In testing branch the situation from the security point of view is bad: it has 17.0.9 and no way to update to 17.0.11, because in unstable there is already 24.1. Since 20 days v24.1 cannot enter testing because of some architecture-dependent reasons.
see: http://packages.qa.debian.org/i/iceweasel.html
If I remember correctly you had your own repo in the past? Maybe this is the way to go? Updating TBB is quite problematic, I never know if I can extract the new version into the existing folder. Of course I understand the limited resources and additional effort needed to host your own repository, so these are only my thoughts.
There is a problem in the
There is a problem in the start-tor-browser script for tor-browser-linux32-3.0-rc-1_en-US.tar.xz. LD_LIBRARY_PATH is not set so tor won't run.
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/ticket/10213
Note sure why the thinking
Note sure why the thinking is that this bug is limited to Fedora 19 and Debian Squeeze. It is also a bug with Mint 13 which is based on Ubuntu. I would think you would want to set LD_LIBRARY_PATH for every distribution. Not sure what thinking is behind setting LDPATH either. It has no effect in every distribution I have tried and appears to be dead code.
I'm a little mystified as to
I'm a little mystified as to how to monitor the network and change tor and relay settings from within the browser, now that it is intyegrated into the browser in TBB 3.0.
The tor-developers don't
The tor-developers don't think that it is important to let the users see, which circuit they are using... they don't answer questions about the lost features vidalia gave to us.
tor-users are loosing control...
The usability of the TBB 3.0
The usability of the TBB 3.0 is great, but... Now one can't easily see the Tor error/warning message log and the current circuit's node info (country, bandwidth, etc.). Any plans to include a new viewer for those?
I cannot figure it out how
I cannot figure it out how start only the Browser. I have Tor running on my machine, dont need aonother one.
x64 linux client just dies
x64 linux client just dies on startup with this new version. error starting Tor.
Why on Earth would Tor WANT
Why on Earth would Tor WANT to include support for PDF anyway, knowing that PDF is a known leaker of information. And the rest of the Tor site actively discourages accessing PDFs downloaded via TBB when online.
Well, exactly for that
Well, exactly for that reason -- if we can do it safely, and people want it, then we make it less likely that people try it unsafely and shoot off their foot.
I miss the PDF.JS addon a
I miss the PDF.JS addon a lot! Therefore I`m looking forward to Firefox ESR 24 ...
If going down that road, a
If going down that road, a couple of weeks back I think I read somewhere it is possible to stop Flash/SWF lP leaks by making some changes to the Flash Player preferences. Any comment on this ?
This is much
This is much safer:
http://view.samurajdata.se/
the linux32 version can't
the linux32 version can't find libssl. and the "blinking onion" directs you to the a4 version instead of rc (it did that when beta came out as well, i downloaded the a4 version 3 times before i noticed that it was the same version (my bad, i know :)).
https://trac.torproject.org/p
https://trac.torproject.org/projects/tor/ticket/10212
https://trac.torproject.org/projects/tor/ticket/10213
This article mentions TOR
This article mentions TOR and TOR hidden services about 3/4 down the article.
http://www.telegraph.co.uk/technology/internet/10468112/The-internet-my…
I am also having trouble
I am also having trouble getting tor / vidalia to completely boot up. I am using the latest Tor BB tor-browser-2.3.25-15_en-US.exe downloaded on 20-Nov. I launch and get the Vidalia box. The Advanced Log says (edited down):
Dec 02 11:41:40.841 [Notice] Tor v0.2.3.25 (git-17c24b3118224d65) running on Windows XP.
Dec 02 11:41:44.155 [Notice] New control connection opened.
Dec 02 11:41:44.702 [Notice] Bootstrapped 5%: Connecting to directory server.
Dec 02 11:41:47.078 [Notice] Bootstrapped 10%: Finishing handshake with directory server.
AND THEN IT HANGS. This has been going on for 2-3 days with no successful connections to tor in that time.
Is it me or is it you?
Please help, thank you!
Try deleting & removing tor
Try deleting & removing tor then redownload. That was the only way I could get back in tor net.
I was still able to connect
I was still able to connect as of last night but onion sites were not working well and frequently err'ing out.
Today it wont connect at all. I read on here that large parts of the network are down. The po po state is pressing hard to shut down nodes and block bridges...
I'm getting the same thing.
I'm getting the same thing. My crt on tor cannot see any relays anywhere in the world. Wth? Been like this since running latest release version. Before that on wed and Thursday this week it was slow and erroring out a lot. The past 48 hours it bootstraps 0%... then stands still. Firefox doesn't open and the network doesn't connect.