Bug #17539
Upgrade Tor Browser to 9.0.7
100%
Description
This features the upgrade to 0.4.2.7 on the tor side but more importantly for us, it contains JS bugfixes, and a new NoScript version.
From the announcement of the release candidate (sent to tails-dev@):
Tor Browser 9.0.7 contains updates to a number of its components. Above
all, it includes Tor 0.4.2.7 which contains important security fixes. In
addition, on the Safest security level, javascript is now disabled for
the entire browser. Along with NoScript 11.0.19, this mitigates a bug in
Firefox that allowed Javascript execution on Safest. Javascript may be
enabled while using the Safest security level by enabling the
`javascript.enabled` preference in `about:config` and then modifying
NoScript's settings, as usual.
The full changelog since Tor Browser 9.0.6 is:
Tor Browser 9.0.7 -- March 20 2020
* All Platforms
* Bump NoScript to 11.0.19
* Bug 33613: Disable Javascript on Safest security level
* Windows + OS X + Linux
* Bump Tor to 0.4.2.7Subtasks
History
#1 Updated by CyrilBrulebois 2020-03-21 12:55:34
- Status changed from Confirmed to In Progress
Applied in changeset commit:tails|c9944e48b4fe482ffe4605dbbb34e981edbf1365.
#2 Updated by CyrilBrulebois 2020-03-21 12:57:29
I’ve implemented this in the feature/17539-tor-browser-9.0.7+force-all-tests branch, based on top of the feature/17531-tor-0.4.2.7+force-all-tests one (itself just merged into stable) so that I would be testing the combination of both upgrades (which we want to be in 4.4.1), rather than testing both separately.
A local build and testing all of features/*tor* looked good, so I’ve pushed it so that Jenkins can pick it up and run the full test suite.
#3 Updated by CyrilBrulebois 2020-03-22 06:38:47
Test results in Jenkins:
Failing Scenarios:
cucumber features/additional_software_packages.feature:25 # Scenario: I set up Additional Software when installing a package without persistent partition and the package is installed next time I start Tails
cucumber features/additional_software_packages.feature:46 # Scenario: My Additional Software list is configurable through a GUI or through notifications when I install or remove packages with APT or Synaptic
cucumber features/additional_software_packages.feature:69 # Scenario: Recovering in offline mode after Additional Software previously failed to upgrade and then succeed to upgrade when online
cucumber features/additional_software_packages.feature:114 # Scenario: I am notified when Additional Software fails to install a package
cucumber features/persistence.feature:23 # Scenario: Writing files to a read/write-enabled persistent partition
cucumber features/torified_browsing.feature:132 # Scenario: Persistent browser bookmarks
cucumber features/torified_misc.feature:17 # Scenario: wget(1) with tricky options should work for HTTP and go through Tor.
218 scenarios (7 failed, 211 passed)
1629 steps (7 failed, 59 skipped, 1563 passed)
370m33.148sBut all those passed locally:
kibi@wodi:~/work/clients/tails/release/release-checkout$ sudo TMPDIR=~/TT ./run_test_suite --view --capture --iso *iso -- features/additional_software_packages.feature features/persistence.feature features/torified_browsing.feature features/torified_misc.feature
…
27 scenarios (27 passed)
241 steps (241 passed)
64m50.194sso I’ll proceed with the merge into stable.
It seems Tor Browser upstream is getting ready to release 9.0.7; currently waiting for a last confirmation this is indeed based on 9.0.7-build1 (still the tip of the maint-9.0 branch).
#4 Updated by CyrilBrulebois 2020-03-22 14:25:20
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100
Applied in changeset commit:tails|f2ee844bde4672b2dbe7886d24e9da1f9ca17732.