Tor Browser Bundle 3.0rc1 Released

by mikeperry | November 22, 2013

The first release candidate in the 3.0 series of the Tor Browser Bundle is now available from the Tor Package Archive:
https://archive.torproject.org/tor-package-archive/torbrowser/3.0rc1/.

This release includes important security updates to Firefox.

Unfortunately, we have decided to remove the PDF.JS addon from this bundle, as the version available for Firefox 17 has stopped receiving updates. Built-in PDF support should return when we transition to Firefox 24 in the coming weeks.

This release should also fix a build reproducibility issue on Windows. All platform binaries should once again be identically reproducible from source by anyone using git tag tbb-3.0rc1-release.

  • All Platforms:
    • Update Firefox to 17.0.11esr
    • Update Tor to 0.2.4.18-rc
    • Remove unsupported PDF.JS addon from the bundle
    • Bug #7277: TBB's Tor client will now omit its timestamp in the TLS handshake.
    • Update Torbutton to 1.6.4.1
      • Bug #10002: Make the TBB3.0 blog tag our update download URL for now
  • Windows
    • Bug #10102: Patch binutils to remove nondeterministic bytes in compiled binaries
  • Linux
    • Bug #10049: Fix architecture check to work from outside TBB's directory
    • Bug #10126: Remove libz and firefox-bin, and strip unstripped binaries
    • Misc: Disable Firefox updater during compile time (in addition to pref)

Comments

Please note that the comment area below has been archived.

November 21, 2013

Permalink

Some kind of change in the 3.0 RC 1 bundle has made RequestPolicy stop working. As soon as you restart Tor Browser to finish installing it, Tor Browser stops working and keeps on crashing out every time you try to restart it. Even removing the RequestPolicy Extension manually does not solve the issues.

November 21, 2013

Permalink

Okay, I have to backtrack here. The issue is coming when I uncheck the 'use private browsing mode" thing in Torbutton. This needs a fix, I know that you love for people to use private browsing mode because you think that it is 'safer' but many of us do not like private browsing mode because of conflicts with other add-ons and applications.

November 22, 2013

Permalink

"Web creator Sir Tim Berners-Lee has warned that the democratic nature of the net is threatened by a 'growing tide of surveillance and censorship'".

And grateful thanks to y'all - I'm sure I "speak" for all - when I say youse at Tor are still one step ahead...

Well done, an' more power to yer collective elbows...

November 22, 2013

Permalink

The git tag seems to be tbb-3.0rc1-build1 not tbb-3.0rc1-release.

Regards,

torland

November 22, 2013

Permalink

Anybody else getting a stall when opening Start Tor Browser.exe launcher? It worked fine on first run, but when altering about:config and adding a few add-ons, the behavior starts. The browser launches just fine when clicking "open settings" however. Perhaps an add-on conflict? refcontrol, downthemall, adblockplus were added post install.

November 22, 2013

Permalink

I think I figured it out. Clearing the cache in \Data\Tor seemed to restore normal Tor launcher behavior.

This did not work for me. When I clear that cache a new attempt at connecting drops a file in that folder called LOCK. Does that mean my ISP is locking me out or is project gutenberg still blocking?

November 22, 2013

Permalink

Not working on Kubuntu 13.10, unfortunately -- loading it prompts a recursive restart message. Beta version was more stable.

November 22, 2013

Permalink

It won't start for me:

tor-browser_en-US $ ./start-tor-browser

Launching Tor Browser Bundle for Linux in /home/.../.../tor-browser_en-US

(process:2159): GLib-CRITICAL **: g_slice_set_config: assertion `sys_page_size == 0' failed
/home/newman/bin/TorBrowserBundle/tor-browser_en-US/Tor/tor: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory

Also:

tor-browser_en-US $ ldd Tor/tor
libssl.so.1.0.0 => not found
libcrypto.so.1.0.0 => not found

November 22, 2013

Permalink

This is very much appreciated. One suggestion:

Including NoScript 2.6.8.5 instead of the older 2.6.8.2 would have been nice...even though it's trivial for users with decently fast connections to just update.

Also think the new big black arrow indicating to users that they should update is a welcome new addition. For users who may not stay "on top of" keeping their extensions updated, maybe similar notification behavior would be useful?

Firefox (Tor Browser) already has an auto-update mechanism for extensions, and I believe Tor Browser has it enabled by default.

November 22, 2013

Permalink

This is an excellent product; definitely worth a donation.

Thanks guys.

November 22, 2013

Permalink

Hi, do you plan to place Tor Browser 3.0 in the Debian's main repository when it's finally released?

December 02, 2013

In reply to arma

Permalink

Thank you for the answer. Actually I started to have doubts if Debian's main is the right place. Debian is security oriented mostly in the stable branch. But even now it has 17.0.10 in stable-security repo. In testing branch the situation from the security point of view is bad: it has 17.0.9 and no way to update to 17.0.11, because in unstable there is already 24.1. Since 20 days v24.1 cannot enter testing because of some architecture-dependent reasons.
see: http://packages.qa.debian.org/i/iceweasel.html

If I remember correctly you had your own repo in the past? Maybe this is the way to go? Updating TBB is quite problematic, I never know if I can extract the new version into the existing folder. Of course I understand the limited resources and additional effort needed to host your own repository, so these are only my thoughts.

November 22, 2013

Permalink

There is a problem in the start-tor-browser script for tor-browser-linux32-3.0-rc-1_en-US.tar.xz. LD_LIBRARY_PATH is not set so tor won't run.

November 30, 2013

In reply to arma

Permalink

Note sure why the thinking is that this bug is limited to Fedora 19 and Debian Squeeze. It is also a bug with Mint 13 which is based on Ubuntu. I would think you would want to set LD_LIBRARY_PATH for every distribution. Not sure what thinking is behind setting LDPATH either. It has no effect in every distribution I have tried and appears to be dead code.

November 22, 2013

Permalink

I'm a little mystified as to how to monitor the network and change tor and relay settings from within the browser, now that it is intyegrated into the browser in TBB 3.0.

The tor-developers don't think that it is important to let the users see, which circuit they are using... they don't answer questions about the lost features vidalia gave to us.

tor-users are loosing control...

November 22, 2013

Permalink

The usability of the TBB 3.0 is great, but... Now one can't easily see the Tor error/warning message log and the current circuit's node info (country, bandwidth, etc.). Any plans to include a new viewer for those?

November 23, 2013

Permalink

I cannot figure it out how start only the Browser. I have Tor running on my machine, dont need aonother one.

November 23, 2013

Permalink

Why on Earth would Tor WANT to include support for PDF anyway, knowing that PDF is a known leaker of information. And the rest of the Tor site actively discourages accessing PDFs downloaded via TBB when online.

Well, exactly for that reason -- if we can do it safely, and people want it, then we make it less likely that people try it unsafely and shoot off their foot.

November 26, 2013

In reply to arma

Permalink

I miss the PDF.JS addon a lot! Therefore I`m looking forward to Firefox ESR 24 ...

November 26, 2013

In reply to arma

Permalink

If going down that road, a couple of weeks back I think I read somewhere it is possible to stop Flash/SWF lP leaks by making some changes to the Flash Player preferences. Any comment on this ?

November 24, 2013

Permalink

the linux32 version can't find libssl. and the "blinking onion" directs you to the a4 version instead of rc (it did that when beta came out as well, i downloaded the a4 version 3 times before i noticed that it was the same version (my bad, i know :)).

December 02, 2013

Permalink

I am also having trouble getting tor / vidalia to completely boot up. I am using the latest Tor BB tor-browser-2.3.25-15_en-US.exe downloaded on 20-Nov. I launch and get the Vidalia box. The Advanced Log says (edited down):

Dec 02 11:41:40.841 [Notice] Tor v0.2.3.25 (git-17c24b3118224d65) running on Windows XP.

Dec 02 11:41:44.155 [Notice] New control connection opened.
Dec 02 11:41:44.702 [Notice] Bootstrapped 5%: Connecting to directory server.

Dec 02 11:41:47.078 [Notice] Bootstrapped 10%: Finishing handshake with directory server.

AND THEN IT HANGS. This has been going on for 2-3 days with no successful connections to tor in that time.

Is it me or is it you?

Please help, thank you!

December 06, 2013

Permalink

I was still able to connect as of last night but onion sites were not working well and frequently err'ing out.
Today it wont connect at all. I read on here that large parts of the network are down. The po po state is pressing hard to shut down nodes and block bridges...

December 07, 2013

Permalink

I'm getting the same thing. My crt on tor cannot see any relays anywhere in the world. Wth? Been like this since running latest release version. Before that on wed and Thursday this week it was slow and erroring out a lot. The past 48 hours it bootstraps 0%... then stands still. Firefox doesn't open and the network doesn't connect.