-
Posts
12,054 -
Joined
-
Days Won
42
Content Type
Events
Profiles
Forums
Posts posted by 1PW
-
-
The Tor Browser 13.0.8 (All Platforms) has been released. (21-December-2023)
Tor Browser 13.0.8 is now available from the Tor Browser download page and also from our distribution directory.Blog/Announcement | Full Changelog |
QuoteThe full changelog since Tor Browser 13.0.7 is:
-
Windows
- Bug tor-browser-build#41053: All PT's crash instantly in 13.0.7
- Bug tor-browser#42179: PTs on Tor Browser 13 do not work with Windows 7
-
Linux
- Bug tor-browser-build#41050: Improve the disk leak sanitization on start-$browser
-
Build System
-
All Platforms
- Bug tor-browser-build#41042: Add options to include updates in the changelog scripts
- Bug tor-browser-build#41043: Create script to push build requests to Mullvad build servers
-
All Platforms
- 1
-
Windows
-
Hello @fredg:
Excellent!
The only questions that remain is whether Firefox had a previous version of MBG and if v2.6.17 will self update with the next update.
Thank you.
-
Hello @fredg:
Re: The older/unknown MacBook. As you likely already have determined, Malwarebytes Browser Guard (MBG), version 2.3.0 for Safari has no relationship to MBG 2.6.17 for all other Firefox/Chrome based compatible browsers.
Using Firefox 121.0, please try to remove/Add to Firefox the MBG 2.6.7 extension and reply to this topic with your results.
Thank you.
-
IrfanView | Home | 64-Bit Download | Changelog | FAQ | Forum |
IrfanView 4.66 has been released. (20-December-2023)
QuoteThere were numerous changes, here are only the more important things.
Version 4.66 (- CURRENT VERSION -)
(Release date: 2023-12-20)
- Fixed problem with network paths in Save-As dialog>
- Fix for text alignment in Insert Text dialog (selection/canvas)
- SVG PlugIn loading bugs fixed (thanks to nerty_nerty)
-
Download the newest PlugIns version from:
https://www.irfanview.com/plugins.htm
- 1
-
Hello @fredg:
Despite your newer unknown MacBook missing macOS updates, MBG for Mac does seem up-to-date.
For the MBG developer's benefit, please reveal the version of Safari in the older, unknown MacBook.
Thank you, always.
-
Mullvad Browser 13.0.7 has been released. (19-December-2023)
Blog | Changelog | Update: Auto-update or download.QuoteAll Platforms
Updated Firefox to 115.6.0esr
- Bug 42042: view-source:http://ip-address does not work because of HTTPS Only [tor-browser]
Build System
All Platforms
- Bug 40884: Script to automate uploading sha256s and signatures to location signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo expects them to be [tor-browser-build]
- Bug 41026: Do not use ~ when uploading the signed hashes [tor-browser-build]
- Bug 41039: Update tools/signing/upload-update_responses-to-staticiforme to keep download-*json files from previous release when new release does not include them [tor-browser-build]
macOS
- Bug 40990: Remove old macOS signing scripts [tor-browser-build]
- 1
-
The Tor Browser 13.0.7 (All Platforms) has been released. (19-December-2023)
Tor Browser 13.0.7 is now available from the Tor Browser download page and also from our distribution directory.Blog/Announcement | Full Changelog |
QuoteFull changelog
The full changelog since Tor Browser 13.0.6 is:
-
All Platforms
- Updated tor to 0.4.8.10
- Updated NoScript to 11.4.29
- Bug tor-browser#42042: view-source:http://ip-address does not work because of HTTPS Only
- Bug tor-browser#42261: Update the icon of Startpage search engine
- Bug tor-browser#42330: Rebase stable browsers to 115.6.0esr
- Bug tor-browser#42334: Keep returning ERROR_ONION_WITH_SELF_SIGNED_CERT only for .onion sites whose cert throws ERROR_UNKNOWN_ISSUER
-
Windows + macOS + Linux
- Updated Firefox to 115.6.0esr
- Bug tor-browser#42283: Tor Browser shouldn't ship blockchair by default
-
Android
- Updated GekcoView to 115.6.0esr
- Bug tor-browser#42285: Update the gitignore to use the correct paths for tor stuff
- Bug tor-browser#42339: Backport Android security fixes from Firefox 121 to 115.6 - based Tor Browser
-
Build System
-
All Platforms
- Update Go to 1.21.5
- Bug tor-browser-build#40884: Script to automate uploading sha256s and signatures to location signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo expects them to be
- Bug tor-browser-build#41026: Do not use ~ when uploading the signed hashes
- Bug tor-browser-build#41036: Remove go_vendor-lyrebird-nightly Makefile target, and rename go_vendor-$project-alpha Makefile targets to go_vendor-$project
- Bug tor-browser-build#41039: Update tools/signing/upload-update_responses-to-staticiforme to keep download-*json files from previous release when new release does not include them
-
macOS
- Bug tor-browser-build#40990: Remove old macOS signing scripts
-
All Platforms
- 1
- 1
-
All Platforms
-
Security Vulnerabilities fixed in Firefox 121 - MFSA 2023-56
18 Security fixes: 5 High, 8 Moderate and 5 Low-impact fixes.
QuoteMozilla Foundation Security Advisory 2023-56
Security Vulnerabilities fixed in Firefox 121
- Announced
- December 19, 2023
- Impact
- high
- Products
- Firefox
- Fixed in
-
- Firefox 121
#CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver
- Reporter
- DoHyun Lee
- Impact
- high
Description
The WebGL
DrawElementsInstanced
method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape.References
#CVE-2023-6135: NSS susceptible to "Minerva" attack
- Reporter
- George Pantela (Red Hat) and Hubert Kario (Red Hat)
- Impact
- high
Description
Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key.
References
#CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream
- Reporter
- Jan Varga
- Impact
- high
Description
EncryptingOutputStream
was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode.References
#CVE-2023-6857: Symlinks may resolve to smaller than expected buffers
- Reporter
- Jed Davis
- Impact
- moderate
Description
When resolving a symlink, a race may occur where the buffer passed to
readlink
may actually be smaller than necessary.
This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.References
#CVE-2023-6858: Heap buffer overflow in nsTextFragment
- Reporter
- Irvan Kurniawan
- Impact
- moderate
Description
Firefox was susceptible to a heap buffer overflow in
nsTextFragment
due to insufficient OOM handling.References
#CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer
- Reporter
- Irvan Kurniawan
- Impact
- moderate
Description
A use-after-free condition affected TLS socket creation when under memory pressure.
References
#CVE-2023-6866: TypedArrays lack sufficient exception handling
- Reporter
- Tom Schuster
- Impact
- moderate
Description
TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed.
References
#CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation
- Reporter
- Andrew Osmond
- Impact
- moderate
Description
The
VideoBridge
allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox.References
#CVE-2023-6867: Clickjacking permission prompts using the popup transition
- Reporter
- Hafiizh
- Impact
- moderate
Description
The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear.
References
#CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode
- Reporter
- Yangkang of 360 ATA Team
- Impact
- moderate
Description
The
nsWindow::PickerOpen(void)
method was susceptible to a heap buffer overflow when running in headless mode.References
#CVE-2023-6868: WebPush requests on Firefox for Android did not require VAPID key
- Reporter
- John-Mark Gurney
- Impact
- moderate
Description
In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.
This bug only affects Firefox on Android.References
#CVE-2023-6869: Content can paint outside of sandboxed iframe
- Reporter
- Oriol Brufau
- Impact
- low
Description
A
<dialog>
element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content.References
#CVE-2023-6870: Android Toast notifications may obscure fullscreen event notifications
- Reporter
- Hafiizh
- Impact
- low
Description
Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox.
This issue only affects Android versions of Firefox and Firefox Focus.References
#CVE-2023-6871: Lack of protocol handler warning in some instances
- Reporter
- Roy Gunsen
- Impact
- low
Description
Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler.
References
#CVE-2023-6872: Browsing history leaked to syslogs via GNOME
- Reporter
- honorton via Tor Browser
- Impact
- low
Description
Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab.
References
#CVE-2023-6863: Undefined behavior in ShutdownObserver()
- Reporter
- Ronald Crane
- Impact
- low
Description
The
ShutdownObserver()
was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor.References
#CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6
- Reporter
- Andrew McCreight, the Mozilla Fuzzing Team, Randell Jesup, Valentin Gosu (he/him), Karl Tomlinson
- Impact
- high
Description
Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
#CVE-2023-6873: Memory safety bugs fixed in Firefox 121
- Reporter
- Andrew McCreight, Yury Delendik
- Impact
- high
Description
Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
- 1
- 1
-
-
Schneier on Security: 15-December-2023
QuoteIn this issue:
- New SSH Vulnerability
- Leaving Authentication Credentials in Public Code
- FTC’s Voice Cloning Challenge
- Ransomware Gang Files SEC Complaint
- Using Generative AI for Surveillance
- Email Security Flaw Found in the Wild
- Apple to Add Manual Authentication to iMessage
- LitterDrifter USB Worm
- Chocolate Swiss Army Knife
- Secret White House Warrantless Surveillance Program
- Digital Car Keys Are Coming
- Breaking Laptop Fingerprint Sensors
- Extracting GPT’s Training Data
- AI Decides to Engage in Insider Trading
- AI and Trust
- AI and Mass Spying
- Security Analysis of a Thirteenth-Century Venetian Election Protocol
- Spying through Push Notifications
- New Bluetooth Attack
- Facebook Enables Messenger End-to-End Encryption by Default
- New Windows/Linux Firmware Attack
- Surveillance by the US Postal Service
- Surveillance Cameras Disguised as Clothes Hooks
- 2
-
Malwarebytes Windows Firewall Control (WFC) 6.9.9.1 has been released. (14-December-2023)
Homepage | Download | Change History | FAQ | User Guide | Support | Forum
QuoteWindows Firewall Control v.6.9.9.1
Change log:
- Improved: The notification dialog was updated to be able to add a notification exception for the full path too.
- Improved: Loading time was decreased for Rules Panel and Connections Log with a new cache mechanism for program icons.
- Fixed: Rules Panel may crash if there are hundreds of firewall rules and the rules are scrolled up and down multiple times.
There is just one new translation string 248 = Exclude full path which I already updated in all included language files.
Download location: https://binisoft.org/download/wfc6setup.exe
SHA256: cef52f11a0e28d7eb02012f45ca5947d6fed094cbcf7ed2935ed1be15d3db325
SHA512: d6024384fa9c1d581fde3c148bdbc37da6608bfe3b4752a63aa43274adce525175bc493f93ef7e37a73294b324db0cb34b6871e6beb186774dda8d25abb5c855
Thank you for your feedback and your support,
Alexandru Dicu
This is the last release for this year. I am running out of version numbers The next big change is dark theme support which requires a lot of work. This will be included in version 7 which will come next year. Happy holidays to all of you!
P.S. In case someone needs the previous version, it can be downloaded from: https://binisoft.org/download/old/6990/wfc6setup.exe- 1
- 1
-
NoScript | Homepage | Changelog | Download | FAQ | Forum |
NoScript stable 11.4.29 has been released. (11-December-2023)
Autoupdate or Download
Quotev 11.4.29 ============================================================ x [nscl] Updated TLDs x [nscl] Improved reliability of TLD updater x Removed theme.js console noise x Fix beta channel updates breakage due to browser_specific_settings override x [nscl] Several content-side performance improvements x Reduce synchronous policy retrieval impact on file: and ftp: document loading performance x More commands for which a keyboard shortcut can be configured x [L10n] Updated de, fi, mk, nl, pl, ru, sq, tr, uk, pt_BR, zh_CN, zh_TW x Explicit Android compatibility declaration
- 1
-
IsoBuster 5.3 has been released. (11-December-2023)
IsoBuster | Home | Download | Betas | News | Help | Tips | Support | Site Map |
QuoteDecember 11, 2023I'm very happy to announce the release of IsoBuster 5.3.
Check out the many improvements and new functionality, such as improved DVR support, improved partition parsing, spanned gz files, gzndx files, XA extraction from CD and much more.
Best let the below list do the talking:
Important:
We had to renew our signing certificate again (which is every 3 years) so if you see the annoying “SmartScreen” dialog saying “Windows protected your PC” (blah blah) then please click the “More info” link and next the “Run anyway” button. I'm afraid we all need to train Windows SmartScreen again for a while (sadly). The more people deem it OK, the faster this dialog will go away for everyone.
Changes / New:
- Support for the Toshiba RD-H100 DTKF DVR
- Create and Load *.gzndx files to speed up opening *.gz files for random access
- Spanned *.gz files' support: *.gz.001, *.gz.002, ..
- Full support for *.gz files referenced from a CUE file
- Full support for *.gz files referenced from an IMLST file
- XA Extraction (2336 bytes per block) from CDs with Mode 2 tracks (Files, Image files, CUE etc.)
- New Command line parameter /setsp: to change the optical drive's speed
- New Command line parameter /lprogress: to dump the progress dialog progress in a file, so that external processes can track progress
- PS3 partition parsing on decrypted disks with support for embedded 'OtherOS' partition tables (MBR, GPT, ..)
- Show PS3 OtherOS bootloader in its dedicated PS3 partition
- Show Linux Swap file in its dedicated partition
- Ability to Load and/or Export a Partition list (*.ibpt), to map your partition layout against a drive or image file [Professional license]
- Support for \\*\virtual:size:pattern files which are virtual files that can be added before, after or in the middle of spanned files
Improvements:
- Find all files and folders in FAT 12 and FAT 16 volumes that were not correctly formatted according to the specifications
- Find Panasonic, Philips, Magnavox, ReplayTV and other DVR file systems on previously Windows' formatted disks that still have a valid backup GPT partition table
- BSD partition parsing improved by taking in account the different flavors (FreeBSD vs. OpenBSD / NetBSD)
- Automatic creation of a CUE Sheet can be set to 'always' except when there's only one track
- More extensions that match the Mac Creator / Type fields can be assigned
- Put up a dialog when IsoBuster is being closed [X] and when it's still scanning or searching
- Show more metadata for Pioneer DVR file systems
- Prompt after multiple files' extraction, when there were read errors that required user intervention
- Improved detection of Windows changing the style from dark to light (or vice versa)
- When you open a regular (non image) *.gz file, IsoBuster allows you to extract the file (since it did all the work already anyway)
- *.gzip files are recognized as *.gz files
- Show *.imlst files in recently opened image files (rather than the first file in the imlst)
- Improvements to assign file systems to the correct CD track after a scan for missing files and folders
- Tracks and Partitions take on the 'Compressed' property when located in compressed image files
- Show the type of encryption that was encountered in the (right-hand side) ListView when you select an encrypted track or partition (e.g., BitLocker)
- Introduced {%NOBOM} in the file export functionality so that a text with BOM-able CodePage (e.g., {%UTF8}) can also be written without the BOM
- Added the command /scan:nofs to only /scan when no file systems could be found
- Do not create a separate UDF file system for UDF system streams, instead, add the streams as metadata to the regular UDF File System
- Leverage the stored CurrentLBA in GPT backup data to determine its relative position (should it be nested in a partition, or shifted somehow)
- Option to show the W11-style smoke effect underneath certain dialogs
- Plenty of other tweaks and improvements
Fixes:
- Fixed a crash when reading blocks outside the on the fly decompressed *.gz range
- Fixed a file addressing issue for Pioneer DVRs (OEM, also Sony etc.) when many recordings had been deleted
- Folder file-names should not get the extension '.mpg' when extracted with the 'only MPEG' filter
- Fixed setting the CD Read Speed to the lowest speed (would not work on all drives)
- Fixed issue that prevented listing files found based on their signature on partitions > 1 TB
- Fixed it so that orphaned EXT file systems with a logical block size > 1024 get assigned a correct partition address
- 2
-
The Tor Expert Bundle 0.4.8.10 has been released. (08-December-2023)
Homepage | Changelog, Bundle Download, Checksum, Sig | Repository | Verify | FAQ | Newsletter |
Changes in version 0.4.8.10 - 2023-12-08 This is a security release fixing a high severity bug (TROVE-2023-007) affecting Exit relays supporting Conflux. We strongly recommend to update as soon as possible. o Major bugfixes (TROVE-2023-007, exit): - Improper error propagation from a safety check in conflux leg linking lead to a desynchronization of which legs were part of a conflux set, ultimately causing a UAF and NULL pointer dereference crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha. o Minor features (fallbackdir): - Regenerate fallback directories generated on December 08, 2023. o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, as retrieved on 2023/12/08. o Minor bugfixes (bridges, statistics): - Correctly report statistics for client count over Pluggable transport. Fixes bug 40871; bugfix on 0.4.8.4
- 1
- 1
-
IrfanView | Home | 64-Bit Download | Changelog | FAQ | Forum |
IrfanView 4.65 has been released. (09-December-2023)
There were numerous changes, here are only the more important things.
Version 4.65 ( - CURRENT VERSION - )
(Release date: 2023-12-09)
-
Option for Dark mode: Properties⇾Viewing (works best with Windows 10/11)
(thanks to Richard Yu, Stephen Eckels, adzm) - New option in the Insert Text dialog: Text rotation (90 deg for vertical text)
-
New in Slideshow dialog: Option to set different time for each file
(new button: “Change time” for selected files) - “Paste into Selection”: Second paste (CTRL+V) will also apply the image
-
New Hotkey after “Paste into selection”:
SHIFT + Click within selection: Apply pasted image and keep selection - New Edit menu: Apply image effects to inverted selection (non-selected area)
- New option in Properties⇾Editing: Set custom filename for pasted image
- Option to read XMP data in the IPTC dialog (thanks to Lee Thomason)
- New Histogram effects in Effects Browser dialog (thanks to Richard Heurtley)
- Improved support for tabs in text in the Insert Text dialog (CTRL + Tab)
- New PlugIn for AVIF format
- The Replace File dialog shows a preview of both images
- The Fine Rotation dialog can be resized
- New in Fine Rotation dialog: draw a straight line to rotate
- The Histogram dialog can be resized (Local dark mode using right button)
- Slideshow/Automatic mode will suspend system sleep while running
- Command line: “/append” will append all pages from the input file (if “/page” option is not used)
- SVG PlugIn loading bugs fixed (thanks to nerty_nerty)
- JP2 PlugIn loading bug fixed (CVE-2023-26974, thanks to overXsky)
-
Several PlugIns are changed/updated, please install the newest versions:
https://www.irfanview.com/plugins.htm
- 1
-
Option for Dark mode: Properties⇾Viewing (works best with Windows 10/11)
-
-
Microsoft's Sysinternals Suite 2023.07.12 was released on 07-December-2023.
Sysinternals Suite 2023.07.12 changelog:
-
ProcDump 3.0 for Linux - This update to ProcDump for Linux adds memory leak tracking and reporting.
-
Sysmon 1.3.2 for Linux - This update to Sysmon for Linux fixes a stack overflow bug.
Download: Sysinternals Suite 2023.07.12 | 50.6 MB (Freeware)
Download: Sysinternals Suite for ARM64 | 15.0 MB
Link: Sysinternals Suite Home Page- 1
-
-
uBO 1.54.0 was released on 22-November-2023.
Download: Autoupdate or install from the browser's Add-ons source.
QuoteFixes / changes
-
Enable path for native
has()
selector in Firefox -
Allow scriptlets to be injected in
about:blank
-
Fix faulty
as
vararg inset-constant
scriptlet -
Add support to redirect to
noop.json
-
More improvements to the
google-ima
shim script (by @kzar) - All exceptions filters are exempt from requiring a trusted source
-
Add
trusted-set-session-storage-item
scriptlet -
Allow the use of quotes in
set-cookie
scriptlet -
Allow the use of quotes in
set-(local|session)-storage-item
- Add the ability to trigger cookie removal on specific events
- Ensure CSSTree does not hold a reference onto last parsed string
- Lower minimum Expires value to 4h
- Properly reset needle length in unserialized buffer
- Add additional flags to regional lists (by @DandelionSprout)
- Harden scriptlets which need to serialize function code into string
-
Reset
g
regexes before use inrmnt
/rpnt
scriptlets - Apply response filtering according to mime type
- Add t/f to set-cookie (by @ryanbr)
-
Have
urltransform=
use the same syntax asreplace=
-
Implement network filter option
replace=
(Firefox only because filterResponseData) - Prevent evaluating the SNFE until fully loaded
- Add support for differential update of filter lists
- 1
-
Enable path for native
-
Bitwarden Editions 2023.12.0 have been released. (06-December-2023)
Release notes & downloads for all editions
Quote- Add prompt to set master password when user logs in with new permissions
- Add support for Azure AD to LastPass direct import
- Bug fix for mismatched account fingerprint phrase
- 1
-
The latest Fresh Branch 7.6.4.1 has been released. (07-December-2023)
The latest Still Branch 7.5.9.1 has been released. (07-December-2023)
Release Notes | Fresh & Still Branch Downloads | Blog |
Berlin, December 7, 2023 – LibreOffice 7.6.4 Community and LibreOffice 7.5.9 Community are immediately available from www.libreoffice.org/download for Windows (Intel/AMD/ARM processors), macOS (Apple Silicon and Intel processors), and Linux [1].
LibreOffice 7.6.4 Community is the most advanced version of the office suite, and offers the best in terms of productivity functions and interoperability with Microsoft Office proprietary formats.
LibreOffice 7.5.9 Community is the most thoroughly tested version of the suite, for productivity applications in the enterprise environment, but has now reached the end of its life, so users are invited to plan the upgrade to LibreOffice 7.6.4 Community, which has also been tested and sought after enough for production environments.
For enterprise-class deployments, TDF strongly recommends the LibreOffice Enterprise family of applications from ecosystem partners – for desktop, mobile and cloud – with a large number of dedicated value-added features and other benefits such as SLA (Service Level Agreements): www.libreoffice.org/download/libreoffice-in-business/.
- 1
- 1
-
cURL and libcurl 8.5.0 have been released. (06-December-2023)
Download | News | Releaselogs | Changelog | Release Video |
2 Changes and 183 Bugfixes.
QuoteFixed in 8.5.0 - December 6 2023
Changes:
Bugfixes:
- appveyor: make VS2008-built curl tool runnable
- asyn-thread: use pipe instead of socketpair for IPC when available
- autotools: accept linker flags via `CURL_LDFLAGS_{LIB,BIN}`
- autotools: avoid passing `LDFLAGS` twice to libcurl
- autotools: delete LCC compiler support bits
- autotools: fix/improve gcc and Apple clang version detection
- autotools: stop setting `-std=gnu89` with `--enable-warnings`
- autotools: update references to deleted `crypt-auth` option
- BINDINGS: add V binding
- build: add `src/.checksrc` to source tarball
- build: add more picky warnings and fix them
- build: always revert `#pragma GCC diagnostic` after use
- build: delete `HAVE_STDINT_H` and `HAVE_INTTYPES_H`
- build: delete support bits for obsolete Windows compilers
- build: fix 'threadsafe' feature detection for older gcc
- build: fix builds that disable protocols but not digest auth
- build: fix compiler warning with auths disabled
- build: fix libssh2 + `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_AWS`
- build: picky warning updates
- build: require Windows XP or newer
- cfilter: provide call to tell connection to forget a socket
- CI: add autotools, out-of-tree, debug build to distro check job
- CI: ignore test 286 on Appveyor gcc 9 build
- cmake: add `CURL_DISABLE_BINDLOCAL` option
- cmake: add test for `DISABLE` options, add `CURL_DISABLE_HEADERS_API`
- cmake: dedupe Windows system libs
- cmake: fix `HAVE_H_ERRNO_ASSIGNABLE` detection
- cmake: fix CURL_DISABLE_GETOPTIONS
- cmake: fix multiple include of CURL package
- cmake: fix OpenSSL quic detection in quiche builds
- cmake: option to disable install & drop `curlu` target when unused
- cmake: pre-fill rest of detection values for Windows
- cmake: replace `check_library_exists_concat()`
- cmake: speed up threads setup for Windows
- cmake: speed up zstd detection
- config-win32: set `HAVE_SNPRINTF` for mingw-w64
- configure: better --disable-http
- configure: check for the fseeko declaration too
- conncache: use the closure handle when disconnecting surplus connections
- content_encoding: make Curl_all_content_encodings allocless
- cookie: lowercase the domain names before PSL checks
- curl.h: delete Symbian OS references
- curl.h: on FreeBSD include sys/param.h instead of osreldate.h
- curl.rc: switch out the copyright symbol for plain ASCII
- curl: improved IPFS and IPNS URL support
- curl_easy_duphandle.3: clarify how HSTS and alt-svc are duped
- Curl_http_body: cleanup properly when Curl_getformdata errors
- curl_setup: disallow Windows IPv6 builds missing getaddrinfo
- curl_sspi: support more revocation error names in error messages
- CURLINFO_PRETRANSFER_TIME_T.3: fix time explanation
- CURLMOPT_MAX_CONCURRENT_STREAMS: make sure the set value is within range
- CURLOPT_CAINFO_BLOB.3: explain what CURL_BLOB_COPY does
- CURLOPT_WRITEFUNCTION.3: clarify libcurl returns for CURL_WRITEFUNC_ERROR
- CURPOST_POSTFIELDS.3: add CURLOPT_COPYPOSTFIELDS in SEE ALSO
- docs/example/keepalive.c: show TCP keep-alive options
- docs/example/localport.c: show off CURLOPT_LOCALPORT
- docs/examples/interface.c: show CURLOPT_INTERFACE use
- docs/libcurl: fix three minor man page format mistakes
- docs/libcurl: SYNSOPSIS cleanup
- docs: add supported version for the json write-out
- docs: clarify that curl passes on input unfiltered
- docs: fix function typo in curl_easy_option_next.3
- docs: KNOWN_BUGS cleanup
- docs: preserve the modification date when copying the prebuilt man page
- docs: remove bold from some man page SYNOPSIS sections
- docs: use SOURCE_DATE_EPOCH for generated manpages
- doh: provide better return code for responses w/o addresses
- doh: use PIPEWAIT when HTTP/2 is attempted
- duphandle: also free 'outcurl->cookies' in error path
- duphandle: make dupset() not return with pointers to old alloced data
- duphandle: use strdup to clone *COPYPOSTFIELDS if size is not set
- easy: in duphandle, init the cookies for the new handle
- easy: remove duplicate wolfSSH init call
- easy_lock: add a pthread_mutex_t fallback
- fopen: create new file using old file's mode
- fopen: create short(er) temporary file name
- getenv: PlayStation doesn't have getenv()
- GHA: move mod_h2 version in CI to v2.0.25
- hostip: show the list of IPs when resolving is done
- hostip: silence compiler warning `-Wparentheses-equality`
- hsts: skip single-dot hostname
- HTTP/2, HTTP/3: handle detach of onoing transfers
- http2: header conversion tightening
- http2: provide an error callback and failf the message
- http2: safer invocation of populate_binsettings
- http: allow longer HTTP/2 request method names
- http: avoid Expect: 100-continue if Upgrade: is used
- http: consider resume with CURLOPT_FAILONERRROR and 416 to be fine
- http: fix `-Wunused-parameter` with no auth and no proxy
- http: fix `-Wunused-variable` compiler warning
- http: fix empty-body warning
- http_aws_sigv4: canonicalise valueless query params
- hyper: temporarily remove HTTP/2 support
- INSTALL: update list of ports and CPU archs
- IPFS: fix IPFS_PATH and file parsing
- keylog: disable if unused
- lib: add and use Curl_strndup()
- lib: apache style infof and trace macros/functions
- lib: fix gcc warning in printf call
- libcurl-errors.3: sync with current public headers
- libcurl-thread.3: simplify the TLS section
- Makefile.am: drop vc10, vc11 and vc12 projects from dist
- Makefile.mk: fix `-rtmp` option for non-Windows
- mime: store "form escape" as a single bit
- misc: fix -Walloc-size warnings
- msh3: error when built with CURL_DISABLE_SOCKETPAIR set
- multi: during ratelimit multi_getsock should return no sockets
- multi: use pipe instead of socketpair to *wakeup()
- ngtcp2: fix races in stream handling
- ntlm_wb: use pipe instead of socketpair when possible
- openldap: move the alloc of ldapconninfo to *connect()
- openldap: set the callback argument in oldap_do
- openssl: avoid BN_num_bits() NULL pointer derefs
- openssl: fix building with v3 `no-deprecated` + add CI test
- openssl: fix infof() to avoid compiler warning for %s with null
- openssl: identify the "quictls" backend correctly
- openssl: include SIG and KEM algorithms in verbose
- openssl: make CURLSSLOPT_NATIVE_CA import Windows intermediate CAs
- openssl: two multi pointer checks should probably rather be asserts
- openssl: when a session-ID is reused, skip OCSP stapling
- page-footer: clarify exit code 25
- projects: add VC14.20 project files
- pytest: use lower count in repeat tests
- quic: make eyeballers connect retries stop at weird replies
- quic: manage connection idle timeouts
- quiche: use quiche_conn_peer_transport_params()
- rand: fix build error with autotools + LibreSSL
- resolve.d: drop a multi use-sentence
- RTSP: improved RTP parser
- sasl: fix `-Wunused-function` compiler warning
- schannel: add CA cache support for files and memory blobs
- setopt: check CURLOPT_TFTP_BLKSIZE range on set
- setopt: remove outdated cookie comment
- setopt: remove superfluous use of ternary expressions
- socks: better buffer size checks for socks4a user and hostname
- socks: make SOCKS5 use the CURLOPT_IPRESOLVE choice
- symbols-in-versions: the CLOSEPOLICY options are deprecated
- test1683: remove commented-out check alternatives
- test3103: add missing quotes around a test tag attribute
- test613: stop showing an error on missing output file
- tests/README: SOCKS tests are not using OpenSSH, it has its own server
- tests/server: add more SOCKS5 handshake error checking
- tests: Fix Windows test helper tool search & use it for handle64
- tidy-up: casing typos, delete unused Windows version aliases
- tool: fix --capath when proxy support is disabled
- tool: support bold headers in Windows
- tool_cb_hdr: add an additional parsing check
- tool_cb_prg: make the carriage return fit for wide progress bars
- tool_cb_wrt: fix write output for very old Windows versions
- tool_getparam: limit --rate to be smaller than number of ms
- tool_operate: do not mix memory models
- tool_operate: fix links in ipfs errors
- tool_parsecfg: make warning output propose double-quoting
- tool_urlglob: fix build for old gcc versions
- tool_urlglob: make multiply() bail out on negative values
- tool_writeout_json: fix JSON encoding of non-ascii bytes
- transfer: abort pause send when connection is marked for closing
- transfer: avoid calling the read callback again after EOF
- transfer: only reset the FTP wildcard engine in CLEAR state
- url: don't touch the multi handle when closing internal handles
- url: find scheme with a "perfect hash"
- url: fix `-Wzero-length-array` with no protocols
- url: fix builds with `CURL_DISABLE_HTTP`
- url: protocol handler lookup tidy-up
- url: proxy ssl connection reuse fix
- urlapi: avoid null deref if setting blank host to url encode
- urlapi: skip appending NULL pointer query
- urlapi: when URL encoding the fragment, pass in the right length
- urldata: make maxconnects a 32 bit value
- urldata: move async resolver state from easy handle to connectdata
- urldata: move cookielist from UserDefined to UrlState
- urldata: move hstslist from 'set' to 'state'
- urldata: move the 'internal' boolean to the state struct
- vssh: remove the #ifdef for Curl_ssh_init, use empty macro
- vtls: cleanup SSL config management
- vtls: consistently use typedef names for OpenSSL structs
- vtls: late clone of connection ssl config
- vtls: use ALPN "http/1.1" for HTTP/1.x, including HTTP/1.0
- VULN-DISCLOSURE-POLICY: escape sequences are not a security flaw
- windows: use built-in `_WIN32` macro to detect Windows
- wolfssh: remove redundant static prototypes
- wolfssl: add default case for wolfssl_connect_step1 switch
- wolfssl: require WOLFSSL_SYS_CA_CERTS for loading system CA
- 1
-
Mullvad Browser 13.0.6 has been released. (06-December-2023)
Blog | Changelog | Update: Auto-update or download.QuoteAll Platforms
- Bug 42288: Allow language spoofing in status messages [tor-browser]
- Updated uBlock Origin to 1.54.0
Linux
- Bug 17560: Downloaded URLs disk leak on Linux [tor-browser]
- Bug 42306: Tor Browser crashes when extensions popups are opened with Wayland enabled [tor-browser]
- Bug 41017: Disable Nvidia shader cache [tor-browser-build]
Build System
All Platforms
- Bug 41027: Remove tb-build-04 and tb-build-05 from tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo [tor-browser-build]
- Bug 40936: Revert tor-browser-build#40933 [tor-browser-build]
- Bug 40970: Missing symlink create-blog-post.torbrowser -> create-blog-post symlink [tor-browser-build]
- Bug 40995: Use cdn.stagemole.eu instead of cdn.devmole.eu in download-unsigned-sha256sums-gpg-signatures-from-people-tpo [tor-browser-build]
- Bug 40063: RBM's chroot fails in Fedora [rbm]
- Bug 40064: Using exec on project with no git_url/hg_url is causing warning [rbm]
- Windows + macOS + Linux
- Bug 41031: Add command to unsign .mar files and compare with sha256sums-unsigned-build.txt [tor-browser-build]
Windows
- Bug 41030: Add command to unsign .exe files and compare with sha256sums-unsigned-build.txt [tor-browser-build]
- 1
-
The Tor Browser 13.0.6 (All Platforms) has been released. (05-December-2023)
Tor Browser 13.0.6 is now available from the Tor Browser download page and also from our distribution directory.Blog/Announcement | Full Changelog |
Full changelog
The full changelog since Tor Browser 13.0.5 is:
-
All Platforms
- Bug tor-browser#42288: Allow language spoofing in status messages
-
Windows + macOS + Linux
- Bug tor-browser#42302: The allowed ports string contains a typo
- Bug tor-browser#42231: Improve the network monitor patch for http onion resources
- Bug tor-browser#42299: After adding an incorrect bridge address on user cannot go back to the Connection page
-
Linux
- Bug tor-browser#17560: Downloaded URLs disk leak on Linux
- Bug tor-browser#42306: Tor Browser crashes when extensions popups are opened with Wayland enabled
- Bug tor-browser-build#41017: Disable Nvidia shader cache
-
Build System
-
All Platforms
- Bug tor-browser-build#41027: Remove tb-build-04 and tb-build-05 from tools/signing/download-unsigned-sha256sums-gpg-signatures-from-people-tpo
- Bug tor-browser-build#40936: Revert tor-browser-build#40933
- Bug tor-browser-build#40995: Use cdn.stagemole.eu instead of cdn.devmole.eu in download-unsigned-sha256sums-gpg-signatures-from-people-tpo
- Bug rbm#40064: Using exec on project with no git_url/hg_url is causing warning
-
Windows + macOS + Linux
- Bug tor-browser-build#41031: Add command to unsign .mar files and compare with sha256sums-unsigned-build.txt
-
Windows
- Bug tor-browser-build#41030: Add command to unsign .exe files and compare with sha256sums-unsigned-build.txt
-
Android
- Bug tor-browser-build#41024: Fix android filenames in Release Prep issue templates
-
All Platforms
- 1
-
All Platforms
-
https://ask.wireshark.org/question/33214/wireshark-help-constantly-deleted-wireshark-packets/
- 1
Bitwarden Password Manager
in General Software and Security Updates
Posted
Bitwarden Editions 2023.12.1 have been released. (21-December-2023)
Release notes & downloads for all editions