The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2024-03-27T17:36:16Zhttps://gitlab.torproject.org/tpo/applications/vpn/-/issues/145Fix the connection bar animation2024-03-27T17:36:16ZdonutsFix the connection bar animationThe connection bar is intended to animate like so: [Figma / Tor VPN for Android](https://www.figma.com/proto/sjNWeIOpb0BckjmxApXd5m/Tor-VPN-for-Android?page-id=4280%3A1524&type=design&node-id=4621-6088&viewport=-2084%2C233%2C0.65&t=O5WUU...The connection bar is intended to animate like so: [Figma / Tor VPN for Android](https://www.figma.com/proto/sjNWeIOpb0BckjmxApXd5m/Tor-VPN-for-Android?page-id=4280%3A1524&type=design&node-id=4621-6088&viewport=-2084%2C233%2C0.65&t=O5WUUZ62ub2lXys1-1&scaling=min-zoom&starting-point-node-id=4621%3A6088&mode=design)
At the moment it appears to be doing something different. However it should match the same color transition/animation as Tor Browser's connection bar – but remain fixed at 100% of the device's width.VPN pre-alpha 07https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42438Adapt the data import wizard to use the original $HOME on Linux2024-03-07T09:47:19ZPier Angelo VendrameAdapt the data import wizard to use the original $HOME on LinuxWe change `$HOME` on Linux for various reasons, but this prevents the import procedure from working, plus maybe other disadvantages.
While exploring this might require more time (we have mullvad-browser#170 for it), we can probably adju...We change `$HOME` on Linux for various reasons, but this prevents the import procedure from working, plus maybe other disadvantages.
While exploring this might require more time (we have mullvad-browser#170 for it), we can probably adjust the paths Firefox uses for importing the data to use a (different) environment variable.Pier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41101Prepare Tor Browser 13.0.11 (emergency release)2024-03-06T14:10:31ZPier Angelo VendramePrepare Tor Browser 13.0.11 (emergency release)<details>
<summary>Explanation of variables</summary>
- `$(BUILD_SERVER)` : the server the main builder is using to build a tor-browser release
- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER)
- **example** :...<details>
<summary>Explanation of variables</summary>
- `$(BUILD_SERVER)` : the server the main builder is using to build a tor-browser release
- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER)
- **example** : `pierov`
- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process
- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building tor-browser tags, labels, etc
- **example** : `91.6.0`
- `$(TOR_BROWSER_MAJOR)` : the Tor Browser major version
- **example** : `11`
- `$(TOR_BROWSER_MINOR)` : the Tor Browser minor version
- **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
- `$(TOR_BROWSER_VERSION)` : the Tor Browser version in the format
- **example** : `12.5a3`, `12.0.3`
- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(TOR_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build.
- **example** : `build1`
- `$(TOR_BROWSER_BUILD_N)` : the tor-browser build revision for a given Tor Browser release; used in tagging git commits
- **example** : `build2`
- **NOTE** : A project's `$(BUILD_N)` and `$(TOR_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For example :
- if we have multiple Tor Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(TOR_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(TOR_BROWSER_VERSION)` will increase)
- if we have build failures unrelated to `tor-browser`, the `$(TOR_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same.
- `$(TOR_BROWSER_VERSION)` : the published Tor Browser version
- **example** : `11.5a6`, `11.0.7`
- `$(TBB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Tor Browser version
- **example** : `tbb-12.0.7-build1`
</details>
**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed
**NOTE** This can/is often done in conjunction with the equivalent Mullvad Browser release prep issue
<details>
<summary>Building</summary>
### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
Tor Browser Stable lives in the various `maint-$(TOR_BROWSER_MAJOR).$(TOR_BROWSER_MINOR)` (and possibly more specific) branches.
- [x] Update `rbm.conf`
- [x] `var/torbrowser_version` : update to next version
- [x] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)`
- [x] ***(Desktop Only)***`var/torbrowser_incremental_from` : update to previous Desktop version
- **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update
- **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make torbrowser-incrementals-*` step will fail
- [x] Update Desktop-specific build configs
- [x] Update `projects/firefox/config`
- [x] `browser_build` : update to match `tor-browser` tag
- [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased
- [x] Update Android-specific build configs
- [ ] Update `projects/geckoview/config`
- [ ] `browser_build` : update to match `tor-browser` tag
- [ ] ***(Optional)*** `var/geckoview_version` : update to latest `$(ESR_VERSION)` if rebased
- [ ] ***(Optional)*** Update `projects/tor-android-service/config`
- [ ] `git_hash` : update with `HEAD` commit of project's `main` branch
- [ ] ***(Optional)*** Update `projects/application-services/config`:
**NOTE** we don't currently have any of our own patches for this project
- [ ] `git_hash` : update to appropriate git commit associated with `$(ESR_VERSION)`
- [x] ***(Optional)*** Update `projects/firefox-android/config`:
- [ ] `fenix_version` : update to match stable `firefox-android` build tag
- [ ] `browser_branch` : update to match stable `firefox-android` build tag
- [x] `browser_build` : update to match stable `firefox-android` build tag
variant: Beta
- [x] Update allowed_addons.json by running (from `tor-browser-build` root):
- `./tools/fetch_allowed_addons.py > projects/browser/allowed_addons.json`
- [x] Update `projects/translation/config`:
- [x] run `make list_translation_updates-release` to get updated hashes
- [x] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch
- [x] `steps/tor-browser/git_hash` : update with `HEAD` commit of project's `tor-browser` branch
- [x] `steps/fenix/git_hash` : update with `HEAD` commit of project's `fenix-torbrowserstringsxml` branch
- [x] Update common build configs
- [x] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript
- [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config`
- [ ] `URL`
- [ ] `sha256sum`
- [x] Check for OpenSSL updates here : https://www.openssl.org/source/
- [ ] ***(Optional)*** If new 3.0.X version available, update `projects/openssl/config`
- [ ] `version` : update to next 3.0.X version
- [ ] `input_files/sha256sum` : update to sha256 sum of source tarball
- [x] Check for zlib updates here: https://github.com/madler/zlib/releases
- [ ] **(Optional)** If new tag available, update `projects/zlib/config`
- [ ] `version` : update to next release tag
- [x] Check for tor updates here : https://gitlab.torproject.org/tpo/core/tor/-/tags
- [ ] ***(Optional)*** Update `projects/tor/config`
- [ ] `version` : update to latest non `-alpha` tag (ping dgoulet or ahf if unsure)
- [x] Check for go updates here : https://go.dev/dl
- **NOTE** : In general, Tor Browser Stable uses the latest of the *previous* Stable major series Go version, but there are sometimes exceptions. Check with the anti-censorship team before doing a major version update in case there is incompatibilities.
- [ ] ***(Optional)*** Update `projects/go/config`
- [ ] `version` : update go version
- [ ] `input_files/sha256sum` for `go` : update sha256sum of archive (sha256 sums are displayed on the go download page)
- [x] Check for manual updates by running (from `tor-browser-build` root): `./tools/fetch-manual.py`
- [x] ***(Optional)*** If new version is available:
- [x] Upload the downloaded `manual_$PIPELINEID.zip` file to `tb-build-02.torproject.org`
- [x] Deploy to `tb-builder`'s `public_html` directory:
- `sudo -u tb-builder cp manual_$PIPELINEID.zip ~tb-builder/public_html/.`
- [x] Update `projects/manual/config`:
- [x] Change the `version` to `$PIPELINEID`
- [x] Update `sha256sum` in the `input_files` section
- [x] Update `ChangeLog-TBB.txt`
- [x] Ensure `ChangeLog-TBB.txt` is sync'd between alpha and stable branches
- [x] Check the linked issues: ask people to check if any are missing, remove the not fixed ones
- [x] Run `./tools/fetch-changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs`
- Make sure you have `requests` installed (e.g., `apt install python3-requests`)
- The first time you run this script you will need to generate an access token; the script will guide you
- `$updateArgs` should be these arguments, depending on what you actually updated:
- [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case)
- [ ] `--tor`
- [ ] `--no-script`
- [ ] `--openssl`
- [ ] `--zlib`
- [ ] `--go`
- E.g., `./tools/fetch-changelogs.py 41028 --date 'December 19 2023' --firefox 115.6.0esr --tor 0.4.8.10 --no-script 11.4.29 --zlib 1.3 --go 1.21.5 --openssl 3.0.12`
- `--date $date` is optional, if omitted it will be the date on which you run the command
- [x] Copy the output of the script to the beginning of `ChangeLog-TBB.txt` and adjust its output
- [x] Open MR with above changes, using the template for release preparations
- [x] Merge
- [x] Sign+Tag
- **NOTE** this must be done by one of:
- boklm
- dan
- ma1
- pierov
- richard
- [x] Run: `make torbrowser-signtag-release`
- [x] Push tag to `upstream`
- [x] Build the tag:
- Run `make torbrowser-release && make torbrowser-incrementals-release`
- [x] Tor Project build machine
- [x] Local developer machine
- [x] Submit build request to Mullvad infrastructure:
- **NOTE** this requires a devmole authentication token
- Run `make torbrowser-kick-devmole-build`
- [x] Ensure builders have matching builds
</details>
<details>
<summary>Communications</summary>
### notify stakeholders
- [x] **(Once builds confirmed matching)** Email tor-qa mailing list with release information
- [x] tor-qa: tor-qa@lists.torproject.org
- **Subject**
```
Tor Browser $(TOR_BROWSER_VERION) (Android, Windows, macOS, Linux)
```
- **Body**
```
Hello,
Unsigned Tor Browser $(TOR_BROWSER_VERSION) release candidate builds are now available for testing:
- https://tb-build-02.torproject.org/~$(BUILDER)/builds/torbrowser/release/unsigned/$(TOR_BROWSER_VERSION)/
The full changelog can be found here:
- https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/raw/$(TBB_BUILD_TAG)/projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt
```
- [x] Email packagers:
- [x] Tails dev mailing list: tails-dev@boum.org
- [x] Guardian Project: nathan@guardianproject.info
- [x] FreeBSD port: freebsd@sysctl.cz <!-- Gitlab user maxfx -->
- [x] OpenBSD port: caspar@schutijser.com <!-- Gitlab user cschutijser -->
- [ ] Note any changes which may affect packaging/downstream integration
</details>
<details>
<summary>Signing</summary>
### release signing
- **NOTE** : In practice, it's most efficient to have the blog post and website updates ready to merge, since signing doesn't take very long
- [x] Assign this issue to the signer, one of:
- boklm
- richard
- [x] On `$(STAGING_SERVER)`, ensure updated:
- [x] `tor-browser-build` is on the right commit: `git tag -v tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N) && git checkout tbb-$(TOR_BROWSER_VERSION)-$(TOR_BROWSER_BUILD_N)`
- [x] `tor-browser-build/tools/signing/set-config.hosts`
- `ssh_host_builder` : ssh hostname of machine with unsigned builds
- **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
- `ssh_host_linux_signer` : ssh hostname of linux signing machine
- [x] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect`
- `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos
- [x] `set-config.update-responses`
- `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/tor-browser-update-responses.git`
- [x] `tor-browser-build/tools/signing/set-config.tbb-version`
- `tbb_version` : tor browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
- `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
- `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases
- [x] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
- [x] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script:
- `cd tor-browser-build/tools/signing/`
- `./do-all-signing.torbrowser`
- **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
- [x] Update `staticiforme.torproject.org`:
- From `screen` session on `staticiforme.torproject.org`:
- [x] Static update components : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
- [x] Enable update responses : `sudo -u tb-release ./deploy_update_responses-release.sh`
- [x] Remove old release data from following places:
- **NOTE** : Skip this step if we need to hold on to older versions for some reason (for example, this is an Andoid or Desktop-only release, or if we need to hold back installers in favor of build-to-build updates if there are signing issues, etc)
- [x] `/srv/cdn-master.torproject.org/htdocs/aus1/torbrowser`
- [x] `/srv/dist-master.torproject.org/htdocs/torbrowser`
- [x] Static update components (again) : `static-update-component cdn.torproject.org && static-update-component dist.torproject.org`
</details>
<details>
<summary>Signature verification</summary>
<details>
<summary>Check whether the .exe files got properly signed and timestamped</summary>
```bash
# Point OSSLSIGNCODE to your osslsigncode binary
pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
OSSLSIGNCODE=/path/to/osslsigncode
../../../tools/authenticode_check.sh
popd
```
</details>
<details>
<summary>Check whether the MAR files got properly signed</summary>
```bash
# Point NSSDB to your nssdb containing the mar signing certificate
# Point SIGNMAR to your signmar binary
# Point LD_LIBRARY_PATH to your mar-tools directory
pushd tor-browser-build/${channel}/signed/$TORBROWSER_VERSION
NSSDB=/path/to/nssdb
SIGNMAR=/path/to/mar-tools/signmar
LD_LIBRARY_PATH=/path/to/mar-tools/
../../../tools/marsigning_check.sh
popd
```
</details>
</details>
<details>
<summary>Publishing</summary>
### Google Play: https://play.google.com/apps/publish
- [x] Publish APKs to Google Play:
- Select `Tor Browser` app
- Navigate to `Release > Production` and click `Create new release` button:
- Upload the `tor-browser-android-*.apk` APKs
- Update Release Name to Tor Browser version number
- Update Release Notes
- Next to 'Release notes', click `Copy from a previous release`
- Edit blog post url to point to most recent blog post
- Save, review, and configure rollout percentage
- [ ] 25% rollout when publishing a scheduled update
- [x] 100% rollout when publishing a security-driven release
- [ ] Update rollout percentage to 100% after confirmed no major issues
### website: https://gitlab.torproject.org/tpo/web/tpo.git
- [x] `databags/versions.ini` : Update the downloads versions
- `torbrowser-stable/version` : sort of a catch-all for latest stable version
- `torbrowser-alpha/version` : sort of a catch-all for latest stable version
- `torbrowser-*-stable/version` : platform-specific stable versions
- `torbrowser-*-alpha/version` : platform-specific alpha versions
- `tor-stable`,`tor-alpha` : set by tor devs, do not touch
- [x] Push to origin as new branch, open 'Draft :' MR
- [x] Remove `Draft:` from MR once signed-packages are accessible on https://dist.torproject.org
- [x] Merge
- [x] Publish after CI passes and builds are published
### blog: https://gitlab.torproject.org/tpo/web/blog.git
- [x] Run `tools/signing/create-blog-post` which should create the new blog post from a template (edit set-config.blog to set you local blog directory)
- [ ] Note any ESR update
- [ ] Note any updates to dependencies (OpenSSL, zlib, NoScript, tor, etc)
- [ ] Thank any users which have contributed patches
- [x] Push to origin as new branch, open `Draft:` MR
- [x] Merge once signed-packages are accessible on https://dist.torproject.org
- [x] Publish after CI passes and website has been updated
### tor-announce mailing list
- [x] Email tor-announce mailing list: tor-announce@lists.torproject.org
- **Subject**
```
New Release: Tor Browser $(TOR_BROWSER_VERSION) (Android, Windows, macOS, Linux)
```
- **Body**
```
Hi everyone,
Tor Browser $(TOR_BROWSER_VERSION) has now been published for all platforms. For details please see our blog post:
- $(BLOG_POST_URL)
Changelog:
# paste changleog as quote here
```
</details>richardrichardhttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/issues/40014Intergrating WebTunnel into Lyrebird to reduce Distributed Binary Size2024-03-26T14:17:29ZshelikhooIntergrating WebTunnel into Lyrebird to reduce Distributed Binary SizeWe are considering integrating WebTunnel into WebTunnel in order to reduce the binary size of distributed binary.
This is a request from application team: the apk size is increasing and approaching the limit of Play Store. It might be b...We are considering integrating WebTunnel into WebTunnel in order to reduce the binary size of distributed binary.
This is a request from application team: the apk size is increasing and approaching the limit of Play Store. It might be beneficial for us to move webtunnel's entry point to Lyrebird to avoid shipping one more copy of the Go Runtime library.shelikhooshelikhoohttps://gitlab.torproject.org/tpo/core/torspec/-/issues/256hspow: Scheme ordering. Duplicate unknown schemes2024-03-06T19:12:20ZIan Jacksoniwj@torproject.orghspow: Scheme ordering. Duplicate unknown schemesAn hsdesc inner doc can contain something like this:
```
pow-params wombat ...
pow-params v1 ...
pow-params wombat ...
```
The spec says this may appear "at most once per scheme". Is the client supposed to check this for unknown scheme...An hsdesc inner doc can contain something like this:
```
pow-params wombat ...
pow-params v1 ...
pow-params wombat ...
```
The spec says this may appear "at most once per scheme". Is the client supposed to check this for unknown schemes? If so it would need to build a data structure of strings, solely to perform that check.
Does it matter that the ordering isn't specified?
If we said the ordering was ASCII lexical on the scheme name, duplicates could be detected without a proper data structure.
IHNI what C Tor does.
Apropos of my review of arti!2026. Whatever answer we come up with should be implemented in C Tor and in Arti.https://gitlab.torproject.org/tpo/community/relays/-/issues/89Tor relay operator meetup (April 13rd 2024 @ 1900 UTC)2024-03-05T13:55:06ZGusTor relay operator meetup (April 13rd 2024 @ 1900 UTC)* [ ] Put together an agenda with the contribution of other teams and relay community
* [ ] BBB room - https://tor.meet.coop/gus-og0-x74-dzn
* [ ] Publish the meetup invitation where our community hangout:
* [ ] tor-relays mailing list...* [ ] Put together an agenda with the contribution of other teams and relay community
* [ ] BBB room - https://tor.meet.coop/gus-og0-x74-dzn
* [ ] Publish the meetup invitation where our community hangout:
* [ ] tor-relays mailing list:
* [ ] Twitter
* [ ] Mastodon
* [ ] r/TOR
* [ ] Facilitate the meetup (Saturday, April 13rd @ 1900 UTC)
* [ ] Send the meetup notes to the tor-relays mailing listGusGushttps://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/40344Snowflake works unreliably in China, 2024 Q12024-03-05T12:21:14ZshelikhooSnowflake works unreliably in China, 2024 Q1We have been receiving conflicting report about connectivity interruptions in China.
There was one report from user that highlighted this issue: https://github.com/net4people/bbs/issues/325. We was able to observe similar interruption o...We have been receiving conflicting report about connectivity interruptions in China.
There was one report from user that highlighted this issue: https://github.com/net4people/bbs/issues/325. We was able to observe similar interruption on our vantage point: https://gitlab.torproject.org/tpo/anti-censorship/connectivity-measurement/bridgestatus/-/blob/dc663e36d7dc81467a63f59c5d435b9f93e9e3ab/recentResult_cnnext#L89 .
The exact way connection get interrupted differ from report to report. The report from github user shows the connection can be established, but was interrupted soon. The report from vantage point show dtls connection handshake was unsuccessful, or the remote server was unreachable.
As of now, the censorship we are observing is decreasing, as some report's subsequent report show successful connection after waiting sufficiently long.https://gitlab.torproject.org/tpo/applications/vpn/-/issues/144Add "General" and "About" sections to Configure2024-03-07T00:04:57ZdonutsAdd "General" and "About" sections to ConfigureThere are additional Configure screens in the Figma file that haven't been built yet – "General", which contains sections for the app icon and notifications, and "About".
The Figma file can be found here: [Figma / Tor VPN for Android](h...There are additional Configure screens in the Figma file that haven't been built yet – "General", which contains sections for the app icon and notifications, and "About".
The Figma file can be found here: [Figma / Tor VPN for Android](https://www.figma.com/file/sjNWeIOpb0BckjmxApXd5m/Tor-VPN-for-Android?type=design&node-id=4280%3A1524&mode=design&t=QaXRFt9BKyClRF4p-1)VPN pre-alpha 07https://gitlab.torproject.org/tpo/applications/vpn/-/issues/143Convert "Add new bridges" dialog into a full-screen dialog2024-03-05T17:32:20ZdonutsConvert "Add new bridges" dialog into a full-screen dialogThe previous dialog we designed is a little claustrophobic. The text area is quite narrow, and the dialog awkwardly grows in height when new lines are entered. We could improve on this by switching to a full-screen dialog as described he...The previous dialog we designed is a little claustrophobic. The text area is quite narrow, and the dialog awkwardly grows in height when new lines are entered. We could improve on this by switching to a full-screen dialog as described here: https://m3.material.io/components/dialogs/guidelines
The Figma file can be found here: [Figma / Tor VPN for Android](https://www.figma.com/file/sjNWeIOpb0BckjmxApXd5m/Tor-VPN-for-Android?type=design&node-id=4395%3A1618&mode=design&t=QaXRFt9BKyClRF4p-1)VPN pre-alpha 07https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/137A new home for bridges.tpo/info2024-03-04T17:40:00Zmeskiomeskio@torproject.orgA new home for bridges.tpo/infohttps://bridges.torproject.org/info lists all the bridge distribution mechanisms. AFAIK the only place this is being linked from is the *Bridge distribution mechanism* on the bridge page in metrics.tpo. We might have a better place for t...https://bridges.torproject.org/info lists all the bridge distribution mechanisms. AFAIK the only place this is being linked from is the *Bridge distribution mechanism* on the bridge page in metrics.tpo. We might have a better place for this page than BridgeDB (soon to be rdsys).meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/anti-censorship/gettor-project/OnionSproutsBot/-/issues/60Some languages are not appearing in the 'Change Language' menu2024-03-04T16:49:34Zmeskiomeskio@torproject.orgSome languages are not appearing in the 'Change Language' menuThe following translations are installed but don't appear in the menu: ar, be, bg, ca, hr, cs, is, it, ja, pt_BR, roThe following translations are installed but don't appear in the menu: ar, be, bg, ca, hr, cs, is, it, ja, pt_BR, romeskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/core/arti/-/issues/1311panic when run without subcommand in most obvious way2024-03-05T18:55:14ZIan Jacksoniwj@torproject.orgpanic when run without subcommand in most obvious wayWithout any config file. Repro'd with ef374c925. Reported by @beth.
```
zealot:arti> nailing-cargo run --bin arti
nailing-cargo: out-of-tree, git, building in: `/home/ian/Rustup/Arti/Build/arti'
nailing-cargo: using really to run as u...Without any config file. Repro'd with ef374c925. Reported by @beth.
```
zealot:arti> nailing-cargo run --bin arti
nailing-cargo: out-of-tree, git, building in: `/home/ian/Rustup/Arti/Build/arti'
nailing-cargo: using really to run as user `rustcargo'
nailing-cargo: *WARNING* cwd is not in Cargo.nail thbough it has Cargo.toml!
nailing-cargo: nailed (2 manifests, 2 packages)
nailing-cargo: invoking: cargo run --locked --offline --bin arti
Finished dev [unoptimized + debuginfo] target(s) in 0.48s
Running `target/debug/arti`
thread 'main' panicked at crates/arti/src/lib.rs:602:9:
Subcommand added to clap subcommand list, but not yet implemented
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
2024-03-04T16:03:02Z ERROR arti::logging: Panic at crates/arti/src/lib.rs:602:9: Subcommand added to clap subcommand list, but not yet implemented
0: arti::logging::install_panic_handler::{{closure}}
at crates/arti/src/logging.rs:286:25
1: <alloc::boxed::Box<F,A> as core::ops::function::Fn<Args>>::call
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/alloc/src/boxed.rs:2029:9
std::panicking::rust_panic_with_hook
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/std/src/panicking.rs:785:13
2: std::panicking::begin_panic_handler::{{closure}}
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/std/src/panicking.rs:651:13
3: std::sys_common::backtrace::__rust_end_short_backtrace
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/std/src/sys_common/backtrace.rs:171:18
4: rust_begin_unwind
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/std/src/panicking.rs:647:5
5: core::panicking::panic_fmt
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/core/src/panicking.rs:72:14
6: arti::main_main
at crates/arti/src/lib.rs:602:9
7: arti::main
at crates/arti/src/lib.rs:632:11
8: arti::main
at crates/arti/src/main.rs:46:5
9: core::ops::function::FnOnce::call_once
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/core/src/ops/function.rs:250:5
10: std::sys_common::backtrace::__rust_begin_short_backtrace
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/std/src/sys_common/backtrace.rs:155:18
11: std::rt::lang_start::{{closure}}
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/std/src/rt.rs:166:18
12: core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/core/src/ops/function.rs:284:13
std::panicking::try::do_call
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/std/src/panicking.rs:554:40
std::panicking::try
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/std/src/panicking.rs:518:19
std::panic::catch_unwind
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/std/src/panic.rs:142:14
std::rt::lang_start_internal::{{closure}}
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/std/src/rt.rs:148:48
std::panicking::try::do_call
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/std/src/panicking.rs:554:40
std::panicking::try
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/std/src/panicking.rs:518:19
std::panic::catch_unwind
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/std/src/panic.rs:142:14
std::rt::lang_start_internal
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/std/src/rt.rs:148:20
13: std::rt::lang_start
at /rustc/f2043422f7b161a2fc1a00589a8c4956db963450/library/std/src/rt.rs:165:17
14: main
15: __libc_start_main
at /build/glibc-6iIyft/glibc-2.28/csu/../csu/libc-start.c:308:16
16: _start
nailing-cargo: really failed (exit status 25856)
nailing-cargo: unnailed. status 101.
zealot:arti>
```Ian Jacksoniwj@torproject.orgIan Jacksoniwj@torproject.orghttps://gitlab.torproject.org/tpo/core/arti/-/issues/1310Release rune improvements2024-03-05T13:06:51Zgabi-250Release rune improvementsThe release rune shouldn't publish more than 1 crate per minute(?) to prevent failures like:
```
Caused by:
the remote server responded with an error (status 429 Too Many Requests): You have published too many updates to existing cra...The release rune shouldn't publish more than 1 crate per minute(?) to prevent failures like:
```
Caused by:
the remote server responded with an error (status 429 Too Many Requests): You have published too many updates to existing crates in a short period of time. Please try again after Mon, 04 Mar 2024 16:02:16 GMT or email help@crates.io to have your limit increased.
```gabi-250gabi-250https://gitlab.torproject.org/tpo/network-health/sbws/-/issues/40195Figure out why server descriptor observed bandwidth is not seen for at least ...2024-03-18T14:59:16ZjugaFigure out why server descriptor observed bandwidth is not seen for at least 4 days by some bwauthsOne reason could be that at the moment of the measurement, sbws can't see it.
Other could be that when the measurement fails, the original data structures doesn't store that moment observed bandwidth. I think i created an issue for this ...One reason could be that at the moment of the measurement, sbws can't see it.
Other could be that when the measurement fails, the original data structures doesn't store that moment observed bandwidth. I think i created an issue for this last one that at that moment didn't look important and it doesn't happen in onbasca. Maybe it's one of these: https://gitlab.torproject.org/tpo/network-health/sbws/-/issues/?sort=updated_desc&state=closed&search=observed&first_page_size=100
Maybe https://gitlab.torproject.org/tpo/network-health/sbws/-/issues/40190 could be happening due this too (observed getting higher and sbws taking days to realize)jugajugahttps://gitlab.torproject.org/tpo/team/-/issues/264Code audit for sponsor 1502024-03-07T15:23:37ZGabagaba@torproject.orgCode audit for sponsor 150We are contracting a third party to audit the code changed on project sponsor 150.
- [ ] Write RFP
- [ ] Send to auditors
- [ ] Choose and contract auditor
- [ ] Start audit by July 1st.We are contracting a third party to audit the code changed on project sponsor 150.
- [ ] Write RFP
- [ ] Send to auditors
- [ ] Choose and contract auditor
- [ ] Start audit by July 1st.Gabagaba@torproject.orgGabagaba@torproject.org2024-05-27https://gitlab.torproject.org/tpo/anti-censorship/bridgestrap/-/issues/41issue when downloading from https://bridges.torproject.org/bridgestrap-collector2024-03-19T13:15:07ZHiroissue when downloading from https://bridges.torproject.org/bridgestrap-collectorI have noticed an issue when collector-02 is downloading from: https://bridges.torproject.org/bridgestrap-collector
This is the error I see in java.
```
2024-03-01 09:45:13,880 WARN o.t.m.c.b.BridgestrapStatsDownloader:70 Failed downl...I have noticed an issue when collector-02 is downloading from: https://bridges.torproject.org/bridgestrap-collector
This is the error I see in java.
```
2024-03-01 09:45:13,880 WARN o.t.m.c.b.BridgestrapStatsDownloader:70 Failed downloading https://bridges.torproject.org/bridgestrap-collector.
java.io.IOException: Premature EOF
at java.base/sun.net.www.http.ChunkedInputStream.readAheadBlocking(ChunkedInputStream.java:567)
at java.base/sun.net.www.http.ChunkedInputStream.readAhead(ChunkedInputStream.java:611)
at java.base/sun.net.www.http.ChunkedInputStream.read(ChunkedInputStream.java:705)
at java.base/java.io.FilterInputStream.read(FilterInputStream.java:132)
at java.base/sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.read(HttpURLConnection.java:3698)
at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:244)
at java.base/java.io.BufferedInputStream.read1(BufferedInputStream.java:284)
at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:343)
at org.torproject.metrics.collector.downloader.Downloader.downloadFromHttpServer(Downloader.java:55)
at org.torproject.metrics.collector.downloader.Downloader.downloadFromHttpServer(Downloader.java:26)
at org.torproject.metrics.collector.bridgestrap.BridgestrapStatsDownloader.startProcessing(BridgestrapStatsDownloader.java:68)
at org.torproject.metrics.collector.cron.CollecTorMain.run(CollecTorMain.java:55)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:840)
```
I made some little measurements from bash and got this:
```
time_namelookup: 0.050899s
time_connect: 0.097606s
time_appconnect: 0.159109s
time_pretransfer: 0.159138s
time_redirect: 0.000000s
time_starttransfer: 0.209088s
----------
time_total: 5.969495s
```
Seems nothing is really amiss. Any idea what is happening? Is this a web server issue or should I talk to anti-censorship instead?meskiomeskio@torproject.orgmeskiomeskio@torproject.orghttps://gitlab.torproject.org/tpo/community/hackweek/-/issues/36renovate-bot is too noisy here2024-03-06T20:37:59Zanarcatrenovate-bot is too noisy hereHey @rhatto
Is there a way we could tune @renovate-bot so that it doesn't generate as much noise?
It keeps reopening the same MR over and over again here. It's done 84 so far:
https://gitlab.torproject.org/tpo/community/hackweek/-/me...Hey @rhatto
Is there a way we could tune @renovate-bot so that it doesn't generate as much noise?
It keeps reopening the same MR over and over again here. It's done 84 so far:
https://gitlab.torproject.org/tpo/community/hackweek/-/merge_requests?scope=all&state=closed
The latest (https://gitlab.torproject.org/tpo/community/hackweek/-/merge_requests/131) shows that it's trying to update the submodule but, for some reason, it immediately closes the MR without actually letting us accept the change...
/cc @micahSilvio RhattoSilvio Rhattohttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42437Drop "torbrowser.version" preference2024-03-26T20:27:58ZhenryDrop "torbrowser.version" preference"torbrowser.version" is defined based on `__BASE_BROWSER_VERSION_QUOTED__`, but is only used in one place: https://gitlab.torproject.org/tpo/applications/tor-browser/-/blob/8614325290175a7253f11501d823db65ab805257/browser/components/abou..."torbrowser.version" is defined based on `__BASE_BROWSER_VERSION_QUOTED__`, but is only used in one place: https://gitlab.torproject.org/tpo/applications/tor-browser/-/blob/8614325290175a7253f11501d823db65ab805257/browser/components/abouttor/AboutTorMessage.sys.mjs#L30.
But we could just use the existing "browser.startup.homepage_override.torbrowser.version" instead.henryhenryhttps://gitlab.torproject.org/tpo/anti-censorship/rdsys/-/issues/194Unable to load Moat captchas in Tor Browser2024-03-04T13:34:53Zebanamebanam@torproject.orgUnable to load Moat captchas in Tor BrowserThe request is timing out after a few moments with the message "Solve the CAPTCHA to request a bridge" but no accompanying image.
![moat-captcha-2](/uploads/1f9dc45b8eecac9d2f32561187c286dd/moat-captcha-2.png){width=50%}The request is timing out after a few moments with the message "Solve the CAPTCHA to request a bridge" but no accompanying image.
![moat-captcha-2](/uploads/1f9dc45b8eecac9d2f32561187c286dd/moat-captcha-2.png){width=50%}https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41100Prepare Mullvad Browser Stable 13.0.142024-03-26T17:44:27ZrichardPrepare Mullvad Browser Stable 13.0.14<details>
<summary>Explanation of variables</summary>
- `$(BUILD_SERVER)` : the server the main builder is using to build a mullvad-browser release
- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER)
- **example...<details>
<summary>Explanation of variables</summary>
- `$(BUILD_SERVER)` : the server the main builder is using to build a mullvad-browser release
- `$(BUILDER)` : whomever is building the release on the $(BUILD_SERVER)
- **example** : `pierov`
- `$(STAGING_SERVER)` : the server the signer is using to to run the signing process
- `$(ESR_VERSION)` : the Mozilla defined ESR version, used in various places for building mullvad-browser tags, labels, etc
- **example** : `91.6.0`
- `$(MULLVAD_BROWSER_MAJOR)` : the Mullvad Browser major version
- **example** : `11`
- `$(MULLVAD_BROWSER_MINOR)` : the Mullvad Browser minor version
- **example** : either `0` or `5`; Alpha's is always `(Stable + 5) % 10`
- `$(MULLVAD_BROWSER_VERSION)` : the Mullvad Browser version in the format
- **example** : `12.5a3`, `12.0.3`
- `$(BUILD_N)` : a project's build revision within a its branch; this is separate from the `$(MULLVAD_BROWSER_BUILD_N)` value; many of the Firefox-related projects have a `$(BUILD_N)` suffix and may differ between projects even when they contribute to the same build.
- **example** : `build1`
- `$(MULLVAD_BROWSER_BUILD_N)` : the mullvad-browser build revision for a given Mullvad Browser release; used in tagging git commits
- **example** : `build2`
- **NOTE** : A project's `$(BUILD_N)` and `$(MULLVAD_BROWSER_BUILD_N)` may be the same, but it is possible for them to diverge. For **example** :
- if we have multiple Mullvad Browser releases on a given ESR branch the two will become out of sync as the `$(BUILD_N)` value will increase, while the `$(MULLVAD_BROWSER_BUILD_N)` value may stay at `build1` (but the `$(MULLVAD_BROWSER_VERSION)` will increase)
- if we have build failures unrelated to `mullvad-browser`, the `$(MULLVAD_BROWSER_BUILD_N)` value will increase while the `$(BUILD_N)` will stay the same.
- `$(MULLVAD_BROWSER_VERSION)` : the published Mullvad Browser version
- **example** : `11.5a6`, `11.0.7`
- `$(MB_BUILD_TAG)` : the `tor-browser-build` build tag used to build a given Mullvad Browser version
- **example** : `mb-12.0.7-build1`
</details>
**NOTE** It is assumed that the `tor-browser` stable rebase and security backport tasks have been completed
**NOTE** This can/is often done in conjunction with the equivalent Tor Browser release prep issue
<details>
<summary>Building</summary>
### tor-browser-build: https://gitlab.torproject.org/tpo/applications/tor-browser-build.git
Mullvad Browser Stable lives in the various `maint-$(MULLVAD_BROWSER_MAJOR).$(MULLVAD_BROWSER_MINOR)` (and possibly more specific) branches
- [ ] Update `rbm.conf`
- [ ] `var/torbrowser_version` : update to next version
- [ ] `var/torbrowser_build` : update to `$(MULLVAD_BROWSER_BUILD_N)`
- [ ] `var/torbrowser_incremental_from` : update to previous Desktop version
- **NOTE**: We try to build incrementals for the previous 3 desktop versions except in the case of a watershed update
- **IMPORTANT**: Really *actually* make sure this is the previous Desktop version or else the `make mullvadbrowser-incrementals-*` step will fail
- [ ] Update build configs
- [ ] Update `projects/firefox/config`
- [ ] `browser_build` : update to match `mullvad-browser` tag
- [ ] ***(Optional)*** `var/firefox_platform_version` : update to latest `$(ESR_VERSION)` if rebased
- [ ] Update `projects/translation/config`:
- [ ] run `make list_translation_updates-release` to get updated hashes
- [ ] `steps/base-browser/git_hash` : update with `HEAD` commit of project's `base-browser` branch
- [ ] `steps/mullvad-browser/git_hash` : update with `HEAD` commit of project's `mullvad-browser` branch
- [ ] Update common build configs
- [ ] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript
- [ ] ***(Optional)*** If new version available, update `noscript` section of `input_files` in `projects/browser/config`
- [ ] `URL`
- [ ] `sha256sum`
- [ ] Check for uBlock-origin updates here : https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
- [ ] ***(Optional)*** If new version available, update `ublock-origin` section of `input_files` in `projects/browser/config`
- [ ] `URL`
- [ ] `sha256sum`
- [ ] Check for Mullvad Browser Extension updates here : https://github.com/mullvad/browser-extension/releases
- [ ] ***(Optional)*** If new version available, update `mullvad-extension` section of `input_files` in `projects/browser/config`
- [ ] `URL`
- [ ] `sha256sum`
- [ ] Update `ChangeLog-MB.txt`
- [ ] Ensure `ChangeLog-MB.txt` is sync'd between alpha and stable branches
- [ ] Check the linked issues: ask people to check if any are missing, remove the not fixed ones
- [ ] Run `./tools/fetch-changelogs.py $(ISSUE_NUMBER) --date $date $updateArgs`
- Make sure you have `requests` installed (e.g., `apt install python3-requests`)
- The first time you run this script you will need to generate an access token; the script will guide you
- `$updateArgs` should be these arguments, depending on what you actually updated:
- [ ] `--firefox` (be sure to include esr at the end if needed, which is usually the case)
- [ ] `--no-script`
- [ ] `--ublock`
- E.g., `./tools/fetch-changelogs.py 41029 --date 'December 19 2023' --firefox 115.6.0esr --no-script 11.4.29 --ublock 1.54.0`
- `--date $date` is optional, if omitted it will be the date on which you run the command
- [ ] Copy the output of the script to the beginning of `ChangeLog-MB.txt` and adjust its output
- [ ] Open MR with above changes, using the template for release preparations
- [ ] Merge
- [ ] Sign+Tag
- **NOTE** this must be done by one of:
- boklm
- dan
- ma1
- pierov
- richard
- [ ] Run: `make mullvadbrowser-signtag-release`
- [ ] Push tag to `upstream`
- [ ] Build the tag:
- Run `make mullvadbrowser-release && make mullvadbrowser-incrementals-release`
- [ ] Tor Project build machine
- [ ] Local developer machine
- [ ] Submit build request to Mullvad infrastructure:
- **NOTE** this requires a devmole authentication token
- Run `make mullvadbrowser-kick-devmole-build`
- [ ] Ensure builders have matching builds
</details>
<details>
<summary>Signing</summary>
### release signing
- [ ] Assign this issue to the signer, one of:
- boklm
- richard
- [ ] On `$(STAGING_SERVER)`, ensure updated:
- [ ] `tor-browser-build` is on the right commit: `git tag -v tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N) && git checkout tbb-$(MULLVAD_BROWSER_VERSION)-$(MULLVAD_BROWSER_BUILD_N)`
- [ ] `tor-browser-build/tools/signing/set-config.hosts`
- `ssh_host_builder` : ssh hostname of machine with unsigned builds
- **NOTE** : `tor-browser-build` is expected to be in the `$HOME` directory)
- `ssh_host_linux_signer` : ssh hostname of linux signing machine
- [ ] `tor-browser-build/tools/signing/set-config.rcodesign-appstoreconnect`
- `appstoreconnect_api_key_path` : path to json file containing appstoreconnect api key infos
- [ ] `set-config.update-responses`
- `update_responses_repository_dir` : directory where you cloned `git@gitlab.torproject.org:tpo/applications/mullvad-browser-update-responses.git`
- [ ] `tor-browser-build/tools/signing/set-config.tbb-version`
- `tbb_version` : mullvad browser version string, same as `var/torbrowser_version` in `rbm.conf` (examples: `11.5a12`, `11.0.13`)
- `tbb_version_build` : the tor-browser-build build number (if `var/torbrowser_build` in `rbm.conf` is `buildN` then this value is `N`)
- `tbb_version_type` : either `alpha` for alpha releases or `release` for stable releases
- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, ensure tor daemon is running with SOCKS5 proxy on the default port 9050
- [ ] On `$(STAGING_SERVER)` in a separate `screen` session, run do-all-signing script:
- `cd tor-browser-build/tools/signing/`
- `./do-all-signing.mullvadbrowser`
- **NOTE**: at this point the signed binaries should have been copied to `staticiforme`
- [ ] Update `staticiforme.torproject.org`:
- From `screen` session on `staticiforme.torproject.org`:
- [ ] Remove old release data from `/srv/dist-master.torproject.org/htdocs/mullvadbrowser`
- [ ] Static update components (again) : `static-update-component dist.torproject.org`
</details>
<details>
<summary>Publishing</summary>
### mullvad-browser (GitHub): https://github.com/mullvad/mullvad-browser/
- [ ] Assign this issue to someone with mullvad commit access, one of:
- richard
- [ ] Push this release's associated `mullvad-browser.git` branch to github
- [ ] Push this release's associated tags to github:
- [ ] Firefox ESR tag
- **example** : `FIREFOX_102_12_0esr_BUILD1`
- [ ] `base-browser` tag
- **example** : `base-browser-102.12.0esr-12.0-1-build1`
- [ ] `mullvad-browser` tag
- **example** : `mullvad-browser-102.12.0esr-12.0-1-build1`
- [ ] Sign+Tag additionally the `mullvad-browser.git` `firefox` commit used in build:
- **Tag**: `$(MULLVAD_BROWSER_VERSION)`
- **example** : `12.0.7`
- **Message**: `$(ESR_VERSION)esr-based $(MULLVAD_BROWSER_VERSION)`
- **example** : `102.12.0esr-based 12.0.7`
- [ ] Push tag to github
### email
- [ ] **(Once branch+tags pushed to GitHub)** Email Mullvad with release information:
- [ ] support alias: support@mullvadvpn.net
- [ ] Rui: rui@mullvad.net
- **Subject**
```
New build: Mullvad Browser $(MULLVAD_BROWSER_VERION) (signed)
```
- **Body**
```
Hello,
Branch+Tags have been pushed to Mullvad's GitHub repo.
- signed builds: https://dist.torproject.org/mullvadbrowser/$(MULLVAD_BROWSER_VERSION)
- update_response hashes: $(MULLVAD_UPDATE_RESPONSES_HASH)
changelog:
...
```
</details>
<details>
<summary>Downstream</summary>
### notify packagers
These steps depend on Mullvad having updated their [GitHub Releases](https://github.com/mullvad/mullvad-browser/releases/) page with the latest release
- [ ] Email downstream consumers:
- [ ] flathub package maintainer: proletarius101@protonmail.com
- [ ] arch package maintainer: bootctl@gmail.com
- [ ] nixOS package maintainer: dev@felschr.com
- **Subject**
```
Mullvad Browser $(MULLVAD_BROWSER_VERSION) released
```
- **Body**
```
Hello!
Mullvad-Browser packages are available, so you should update your respective downstream packages.
The latest release builds can be found here:
- https://github.com/mullvad/mullvad-browser/releases?q=prerelease%3Afalse
```
### merge requests
- [ ] homebrew: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/m/mullvad-browser.rb
- **NOTE**: should just need to update `version` and `sha256` to latest
</details>richardrichard