Bug 41219,41220: Prepare Tor, Mullvad Browser Alpha 14.0a4

projects/browser/Bundle-Data/Docs-MB/ChangeLog.txt

+Mullvad Browser 14.0a4 - September 06 2024
+ * All Platforms
+   * Updated NoScript to 11.4.35
+   * Bug 329: Remove the Security Levels icon from the toolbar [mullvad-browser]
+   * Bug 30862: 10ms time precision via EXSLT date-time function [tor-browser]
+   * Bug 40147: Re-enable Picture-in-Picture mode [tor-browser]
+   * Bug 41309: Re-enable screenshots component [tor-browser]
+   * Bug 42601: Check Bug 1894779: Allow font-face urls to be resource:// urls and relax CORS for resource:// URLs [tor-browser]
+   * Bug 42617: Restore the HTML form on DDG when using safest in 128 [tor-browser]
+   * Bug 42630: Review LaterRun in 128 [tor-browser]
+   * Bug 42640: Disable Firefox Flame button due to unknown interactions with New Identity [tor-browser]
+   * Bug 42684: Disable network prefetch [tor-browser]
+   * Bug 42685: compat: ESR128: enable textmetrics [tor-browser]
+   * Bug 42686: Backport Mozilla 1885101 [tor-browser]
+   * Bug 42730: Make RemoteSettings use only local dumps [tor-browser]
+   * Bug 42735: Disable recent search suggestions [tor-browser]
+   * Bug 42745: Remove some residuals from update scripts [tor-browser]
+   * Bug 42764: Unconditionally disable find-bar transition animation [tor-browser]
+   * Bug 42867: Disable contentRelevancy component [tor-browser]
+   * Bug 43100: Backport security fixes from Firefox 130 [tor-browser]
+   * Bug 43103: Verify whether an update is unsupported before choosing one [tor-browser]
+ * macOS
+   * Bug 42494: mac: add Arial Black and Arial Narrow to allowlist [tor-browser]
+ * Linux
+   * Bug 42773: Replace ~ with the original HOME [tor-browser]
+   * Bug 43092: Disable Wayland by default in 14.0 [tor-browser]
+ * Build System
+   * All Platforms
+     * Bug 41096: Set SOURCE_DATE_EPOCH in the default env variables [tor-browser-build]
+     * Bug 41188: Upgrade binutils to 2.41 [tor-browser-build]
+
+Mullvad Browser 13.5.3 - September 03 2024
+ * All Platforms
+   * Updated Firefox to 115.15.0esr
+   * Updated NoScript to 11.4.35
+   * Bug 332: Rebase Mullvad Browser Stable onto 115.15.0esr [mullvad-browser]
+   * Bug 40056: Ensure that the lazy loading attribute is ignored on script-disabled documents [tor-browser]
+   * Bug 42686: Backport Mozilla 1885101 [tor-browser]
+   * Bug 42829: Prevent CSS-based scriptless interaction tracking [tor-browser]
+   * Bug 43100: Backport security fixes from Firefox 130 [tor-browser]
+ * Linux
+   * Bug 43064: Make copy/paste and drag/drop file filtering more specific [tor-browser]
+ * Build System
+   * All Platforms
+     * Bug 41218: Use new Tor Browser gpg subkey for signing stable releases [tor-browser-build]
+     * Bug 41222: link_old_mar_filenames still referenced in torbrowser-incrementals-{release,alpha}-unsigned [tor-browser-build]
+
 Mullvad Browser 14.0a3 - August 26 2024
  * All Platforms
    * Updated Firefox to 128.2.0esr

projects/browser/Bundle-Data/Docs-TBB/ChangeLog.txt

+Tor Browser 14.0a4 - September 06 2024
+ * All Platforms
+   * Updated NoScript to 11.4.35
+   * Updated OpenSSL to 3.0.15
+   * Bug 30862: 10ms time precision via EXSLT date-time function [tor-browser]
+   * Bug 42601: Check Bug 1894779: Allow font-face urls to be resource:// urls and relax CORS for resource:// URLs [tor-browser]
+   * Bug 42684: Disable network prefetch [tor-browser]
+   * Bug 42685: compat: ESR128: enable textmetrics [tor-browser]
+   * Bug 42686: Backport Mozilla 1885101 [tor-browser]
+   * Bug 42730: Make RemoteSettings use only local dumps [tor-browser]
+   * Bug 42867: Disable contentRelevancy component [tor-browser]
+   * Bug 43100: Backport security fixes from Firefox 130 [tor-browser]
+ * Windows + macOS + Linux
+   * Bug 40147: Re-enable Picture-in-Picture mode [tor-browser]
+   * Bug 41309: Re-enable screenshots component [tor-browser]
+   * Bug 41835: Review default search engine options [tor-browser]
+   * Bug 42617: Restore the HTML form on DDG when using safest in 128 [tor-browser]
+   * Bug 42630: Review LaterRun in 128 [tor-browser]
+   * Bug 42640: Disable Firefox Flame button due to unknown interactions with New Identity [tor-browser]
+   * Bug 42735: Disable recent search suggestions [tor-browser]
+   * Bug 42737: Drop the hash check on updates [tor-browser]
+   * Bug 42743: Invalid onion sites are shown as secure in the page info window [tor-browser]
+   * Bug 42744: Light theme override for "about:tor" is inherited by chrome error pages. [tor-browser]
+   * Bug 42745: Remove some residuals from update scripts [tor-browser]
+   * Bug 42764: Unconditionally disable find-bar transition animation [tor-browser]
+   * Bug 42803: Lost focus styling for built-in bridges radio options [tor-browser]
+   * Bug 42891: Review Mozilla 1854965: Define new search engine configuration schema [tor-browser]
+   * Bug 43015: Missing region-name-skr fluent entry when fetching TorConnect country names [tor-browser]
+   * Bug 43075: Should we drop link spacing in about:tor [tor-browser]
+   * Bug 43082: Search engine icon is not shown while typing in the address bar [tor-browser]
+   * Bug 43103: Verify whether an update is unsupported before choosing one [tor-browser]
+   * Bug 43105: Migrating Disconnect is not needed anymore [tor-browser]
+ * macOS + Linux
+   * Bug 42467: Make OS HTTP User-Agent OS spoofing configurable by pref [tor-browser]
+ * macOS
+   * Bug 42494: mac: add Arial Black and Arial Narrow to allowlist [tor-browser]
+ * Linux
+   * Bug 42773: Replace ~ with the original HOME [tor-browser]
+   * Bug 43092: Disable Wayland by default in 14.0 [tor-browser]
+ * Android
+   * Bug 42655: Implement "New circuit for this site" on Android [tor-browser]
+   * Bug 42731: Verify `privacy.spoof_english` still works once we have Android builds [tor-browser]
+   * Bug 43016: Re-disable Nimbus [tor-browser]
+   * Bug 43023: Review Mozilla 1872510: Use SamsungColorEmoji by default for Samsung devices [tor-browser]
+   * Bug 43043: Remove credit card autofill UI elements from menu [tor-browser]
+   * Bug 43088: Query stripping is disabled on Android [tor-browser]
+   * Bug 43094: Remove "Open in regular tab" button [tor-browser]
+   * Bug 43114: Reader view uses the catch-all circuit on Android [tor-browser]
+   * Bug 43116: The lack of GeoIP databases produces a lot of spam in the console on Android [tor-browser]
+ * Build System
+   * All Platforms
+     * Bug 41096: Set SOURCE_DATE_EPOCH in the default env variables [tor-browser-build]
+     * Bug 41180: Some files do not need to be copied when building tor-expert-bundle [tor-browser-build]
+     * Bug 41188: Upgrade binutils to 2.41 [tor-browser-build]
+     * Bug 41229: Migrate OpenSSL download location to github releases [tor-browser-build]
+   * Android
+     * Bug 41224: Do not ship Conjure and GeoIP databases on Android x86, x86-64 to save some space [tor-browser-build]
+
+Tor Browser 13.5.3 - September 03 2024
+ * All Platforms
+   * Updated NoScript to 11.4.35
+   * Bug 40056: Ensure that the lazy loading attribute is ignored on script-disabled documents [tor-browser]
+   * Bug 42686: Backport Mozilla 1885101 [tor-browser]
+   * Bug 42829: Prevent CSS-based scriptless interaction tracking [tor-browser]
+   * Bug 43084: Rebase Tor Browser Stable onto 115.15.0esr [tor-browser]
+   * Bug 43100: Backport security fixes from Firefox 130 [tor-browser]
+   * Bug 41207: Upgrade lyrebird to 0.3.0 [tor-browser-build]
+ * Windows + macOS + Linux
+   * Updated Firefox to 115.15.0esr
+   * Bug 42596: Several console errors: Console.maxLogLevelPref used with a non-existing pref: [tor-browser]
+   * Bug 42622: Offline state is unreachable in about:torconnect (first bootstrap attempt) [tor-browser]
+   * Bug 42642: Downloads button warning no longer announced on Orca [tor-browser]
+   * Bug 42661: Re-run update_emojis.py and update locales [tor-browser]
+   * Bug 42691: Simplified bridge cards prevent censored users from modifying built-in bridges [tor-browser]
+   * Bug 42696: Update `mail` icon used in "Find more bridges" [tor-browser]
+   * Bug 42697: Remove padding to left of `tor-bridges-provider-list` under "Find more bridges" [tor-browser]
+   * Bug 43059: Drag and Drop issue in new update 13.5.2 [tor-browser]
+   * Bug 43066: about:torconnect no longer changes the title icon on errors [tor-browser]
+ * Linux
+   * Bug 43064: Make copy/paste and drag/drop file filtering more specific [tor-browser]
+ * Android
+   * Updated GeckoView to 115.15.0esr
+ * Build System
+   * All Platforms
+     * Updated Go to 1.21.13
+     * Bug 41213: Update the update_manual.py script to notify when no changes needed [tor-browser-build]
+     * Bug 41218: Use new Tor Browser gpg subkey for signing stable releases [tor-browser-build]
+     * Bug 41222: link_old_mar_filenames still referenced in torbrowser-incrementals-{release,alpha}-unsigned [tor-browser-build]
+   * Android
+     * Bug 41206: GeckoView ignores the number of processors [tor-browser-build]
+
 Tor Browser 14.0a3 - August 26 2024
  * All Platforms
    * Bug 40056: Ensure that the lazy loading attribute is ignored on script-disabled documents [tor-browser]

projects/browser/config

@@ -104,9 +104,9 @@ input_files:
     enable: '[% ! c("var/android") %]'
   - filename: Bundle-Data
     enable: '[% ! c("var/android") %]'
-  - URL: https://addons.mozilla.org/firefox/downloads/file/4333280/noscript-11.4.34.xpi
+  - URL: https://addons.mozilla.org/firefox/downloads/file/4343311/noscript-11.4.35.xpi
     name: noscript
-    sha256sum: e538163118e8e9dcabd6306b8a9abb3fccb556b7d87b68e18aa0997d121ba00a
+    sha256sum: a448e4c2e0eb7ca5fb1b6d3189bc586b91a7ee6facecdd0424f1bfbf2b3016fb
   - URL: https://addons.mozilla.org/firefox/downloads/file/4328681/ublock_origin-1.59.0.xpi
     name: ublock-origin
     sha256sum: 1db9c676a07d141f8d36dbbc24f9e3d64a6cc2340dbfc6c848bc4395f96cfb14

projects/firefox/config

@@ -19,7 +19,7 @@ var:
   browser_series: '14.0'
   browser_rebase: 1
   browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]'
-  browser_build: 2
+  browser_build: 3
   branding_directory_prefix: 'tb'
   copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]'
   nightly_updates_publish_dir: '[% c("var/nightly_updates_publish_dir_prefix") %]nightly-[% c("var/osname") %]'
@@ -107,7 +107,7 @@ targets:
       gitlab_project: https://gitlab.torproject.org/tpo/applications/mullvad-browser
       updater_url: 'https://cdn.mullvad.net/browser/update_responses/update_1/'
       nightly_updates_publish_dir_prefix: mullvadbrowser-
-      browser_build: 1
+      browser_build: 2
 
   linux-x86_64:
     var:

projects/geckoview/config

@@ -21,7 +21,7 @@ var:
   browser_series: '14.0'
   browser_rebase: 1
   browser_branch: '[% c("var/browser_series") %]-[% c("var/browser_rebase") %]'
-  browser_build: 2
+  browser_build: 3
   copyright_year: '[% exec("git show -s --format=%ci").remove("-.*") %]'
   gitlab_project: https://gitlab.torproject.org/tpo/applications/tor-browser
   git_commit: '[% exec("git rev-parse HEAD") %]'

projects/manual/config

 # vim: filetype=yaml sw=2
 # To update, see doc/how-to-update-the-manual.txt
 # Remember to update also the package's hash, with the version!
-version: 198022
+version: 199081
 filename: 'manual-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]'
 container:
   use_container: 1
@@ -23,6 +23,6 @@ input_files:
   - project: container-image
   - URL: 'https://build-sources.tbb.torproject.org/manual_[% c("version") %].zip'
     name: manual
-    sha256sum: 0f93bdcabd678af5446d174674ca690583cff5761cbc978c21efcdd9204755e4
+    sha256sum: 12507ba43e5e4a4c4eb8e276f11c9d693d1e0fc4715753c87cd7166649c0da6b
   - filename: packagemanual.py
     name: package_script

projects/openssl/config

 # vim: filetype=yaml sw=2
-version: 3.0.14
+version: 3.0.15
 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]'
 container:
   use_container: 1
@@ -36,5 +36,5 @@ input_files:
   - name: '[% c("var/compiler") %]'
     project: '[% c("var/compiler") %]'
   - URL: 'https://github.com/openssl/openssl/releases/download/openssl-[% c("version") %]/openssl-[% c("version") %].tar.gz'
-    sha256sum: eeca035d4dd4e84fc25846d952da6297484afa0650a6f84c682e39df3a4123ca
+    sha256sum: 23c666d0edf20f14249b3d8f0368acaee9ab585b09e1de82107c66e1f3ec9533
     name: openssl

projects/translation/config

@@ -12,13 +12,13 @@ compress_tar: 'gz'
 steps:
   base-browser:
     base-browser: '[% INCLUDE build %]'
-    git_hash: 6bb06dc8fa175965e085678c1a42ed6a9dedd9e2
+    git_hash: d69ac083437e60d681fdefce6aa1fde96e2f1eaf
     targets:
       nightly:
         git_hash: 'base-browser'
   tor-browser:
     tor-browser: '[% INCLUDE build %]'
-    git_hash: a6f7df79b97c3713bd2deff2068721f2422fe67a
+    git_hash: d3c3f7a23b6bf674e60855476e527a9db331e1f2
     targets:
       nightly:
         git_hash: 'tor-browser'
@@ -32,7 +32,7 @@ steps:
     fenix: '[% INCLUDE build %]'
     # We need to bump the commit before releasing but just pointing to a branch
     # might cause too much rebuidling of the Firefox part.
-    git_hash: 0d81dd3a7abf8699e8886d5964883d150f1baa81
+    git_hash: 2a9884fadf15e57f6a661f12ede1312cc71602c1
     compress_tar: 'zst'
     targets:
       nightly:

rbm.conf

@@ -73,18 +73,18 @@ buildconf:
   git_signtag_opt: '-s'
 
 var:
-  torbrowser_version: '14.0a3'
+  torbrowser_version: '14.0a4'
   torbrowser_build: 'build1'
   # This should be the date of when the build is started. For the build
   # to be reproducible, browser_release_date should always be in the past.
-  browser_release_date: '2024/08/26 22:14:05'
+  browser_release_date: '2024/09/05 04:45:14'
   browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]'
   updater_enabled: 1
   build_mar: 1
   torbrowser_incremental_from:
+    - 14.0a3
     - 14.0a2
     - 14.0a1
-    - 13.5a9
   mar_channel_id: '[% c("var/projectname") %]-torproject-[% c("var/channel") %]'
 
   # By default, we sort the list of installed packages. This allows sharing