-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2013-18834 2013-10-11 01:01:26 --------------------------------------------------------------------------------
Name : mozilla-https-everywhere Product : Fedora 18 Version : 3.4.2 Release : 1.fc18 URL : https://eff.org/https-everywhere Summary : HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey Description : HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS. -------------------------------------------------------------------------------- Update Information: - HTTPS Everywhere builds are now deterministic! - Global memory leak bug fixes - Updated rules: Craigslist, Apple.com, Microsoft, CloudFront, UKLocalGov, -- Bing, Cengage - New rules from dev: IPTorrents.com, TvTorrents -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 9 2013 Russell Golden <[email protected]> - 3.4.2-1 - HTTPS Everywhere builds are now deterministic! - Global memory leak bug fixes - Updated rules: Craigslist, Apple.com, Microsoft, CloudFront, UKLocalGov, -- Bing, Cengage - New rules from dev: IPTorrents.com, TvTorrents * Mon Aug 19 2013 Russell Golden <[email protected]> - 3.4.1-1 - Update to upstream 3.4.1. There were a lot of changes since the last update. -- See https://www.eff.org/files/Changelog.txt for details. * Sun Jul 28 2013 Russell Golden <[email protected]> - 3.3.1-1 3.3.1 - [Wikimedia] removed mixedcontent 3.3 - This major release fixed the following mixed content blocker (MCB) -- related bugs in time for Firefox 23: -- https://trac.torproject.org/projects/tor/ticket/9196 -- https://trac.torproject.org/projects/tor/ticket/8774 -- https://trac.torproject.org/projects/tor/ticket/8776 - In effect, this update disables rulesets that cause mixed content errors -- by default, and adds platform="mixedcontent" to 950 new rules. This is -- necessary to prevent a massive amount of websites from breaking by default -- for our users when Firefox 23 comes out. - [Internet Archive] Moved to stable - [Linaro] Default off per webmaster request - [Applicom] Default off per webmaster request * Tue Jul 16 2013 Russell Golden <[email protected]> - 3.2.4-1 - [Yandex] remove maps from exclusions - [Amazon Web Services] Add exclusion https://trac.torproject.org/projects/tor/ticket/8907 - [Hotmail / Live] Add exclusion https://trac.torproject.org/projects/tor/ticket/9026 - [Mozilla] Point labs to mozillalabs.org https://mail1.eff.org/pipermail/https-everywhere-rules/2013-July/001636.html - [Yandex] Exclude ll - [Brightcove] Add exclusion https://mail1.eff.org/pipermail/https-everywhere-rules/2013-May/001587.html - [NYTimes] Add exclusion, disabled - [News Corporation] Exclude 2013 images https://trac.torproject.org/projects/tor/ticket/9040 - [imgbox] Fix typo https://trac.torproject.org/projects/tor/ticket/8690 * Tue Jul 2 2013 Russell Golden <[email protected]> - 3.2.3-1 - Update to upstream 3.2.3 * Thu May 23 2013 Russell Golden <[email protected]> - 3.2.2-1 - Quick turn-around release to unbreak support.apple.com - Fixes for a number of other ruleset bugs: https://eff.org/r.5bSj - Incremental observatory cert whitelist update * Sat May 18 2013 Russell Golden <[email protected]> - 3.2.1-1 - Implement XHR outstanding request limits to work around TCP connection -- exhaustion if the SSL Observatory server is slow or down: -- https://trac.torproject.org/projects/tor/ticket/8670 -- https://bugzilla.mozilla.org/show_bug.cgi?id=856748 - Overdue update to the Observatory cert whitelist - Other known ruleset fixes: EA, Yandex, Apple -- https://trac.torproject.org/projects/tor/ticket/8584 -- https://trac.torproject.org/projects/tor/ticket/8571 * Wed May 1 2013 Russell Golden <[email protected]> - 3.2-1 - Related trac bugs for this release: https://eff.org/r.b9Qc - New: MoinMoin - Fixes: Adobe, Bahn.de, Cloudfront, Dell, Droplr, FBI, Google Maps, Joomla, Juno Download, Lenovo, New York Times, SEC, Soundcloud, Tweakers.net, Univ Strasbourg, Vkontakte, Zend - Disable broken: AirAsia, Netvibes, Newgrounds, Pirate Bay, Russia Today, SVT, Wolfram Alpha - Maybe fixed: Quantcast/Tumblr: https://trac.torproject.org/projects/tor/ticket/8406 (maybe fixed) - Sync languages and translations from the master branch. - New languages: Finnish, Norwegian (Bokmål), Slovak, Bulgarian. - All HTTPS Everywhere users will be now prompted about using the SSL Observatory. * Fri Mar 8 2013 Russell Golden <[email protected]> - 3.1.4-1 - The circles are stable releasee - Fixes: - AmazonAWS/Atomsforpeace.info, Disqus, Eventbrite, ImageShack.us, MySQL, NuGet, NYTimes, Ooyala, Opera, Scientific American, SourceForge, University of Southampton, UserVoice, WebType, Zendesk - https://trac.torproject.org/projects/tor/ticket/8056 - https://trac.torproject.org/projects/tor/ticket/8349 - https://trac.torproject.org/projects/tor/ticket/7690 - https://trac.torproject.org/projects/tor/ticket/8025 - http://bugs.mysql.com/bug.php?id=67311 - https://trac.torproject.org/projects/tor/ticket/7615 - https://trac.torproject.org/projects/tor/ticket/8077 - https://trac.torproject.org/projects/tor/ticket/8199 - https://trac.torproject.org/projects/tor/ticket/8198 - Disable broken: - American Public Media (for real this time), Asymmetric Publications, Salsa Labs, Vimeo - https://trac.torproject.org/projects/tor/ticket/7650 - https://trac.torproject.org/projects/tor/ticket/8280 - https://trac.torproject.org/projects/tor/ticket/7569 - Update cert whitelist * Thu Feb 14 2013 Fedora Release Engineering <[email protected]> - 3.1.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Mon Jan 21 2013 Russell Golden <[email protected]> - 3.1.3-1 - Internet Freedom Day stable bugfix release - Fixes: CloudFront/Spotify, AmazonAWS (Amazon MP3s and product images), Libav, Google Maps, UserEcho https://trac.torproject.org/projects/tor/ticket/7931 https://trac.torproject.org/projects/tor/ticket/7888 https://trac.torproject.org/projects/tor/ticket/7594 https://trac.torproject.org/projects/tor/ticket/7539 https://trac.torproject.org/projects/tor/ticket/7698 - Disable broken: Coursera, EBay, Etsy, OpenOffice, Ping.fm, Pinterest :( https://trac.torproject.org/projects/tor/ticket/7336 https://trac.torproject.org/projects/tor/ticket/7825 https://trac.torproject.org/projects/tor/ticket/7774 https://trac.torproject.org/projects/tor/ticket/7695 https://trac.torproject.org/projects/tor/ticket/7777 https://trac.torproject.org/projects/tor/ticket/7865 - Update cert whitelist * Thu Jan 3 2013 Russell Golden <[email protected]> - 3.1.2-1 - Fixes for: AmazonAWS/Datawrapper, Cachefly, Cloudfront/C-SPAN, Hetzner.de KeyDrive/Snapnames, QT, openDesktop, OpenTTD, WhiskeyMedia https://mail1.eff.org/pipermail/https-everywhere-rules/2012-December/001432.html https://trac.torproject.org/projects/tor/ticket/7608 https://trac.torproject.org/projects/tor/ticket/7567 https://mail1.eff.org/pipermail/https-everywhere-rules/2012-December/001432.html https://trac.torproject.org/projects/tor/ticket/7560 https://trac.torproject.org/projects/tor/ticket/7796 - Disable broken: FlossManuals, Pastebin, Poste.it, Ustream, TED, AusGamers https://trac.torproject.org/projects/tor/ticket/7731 https://trac.torproject.org/projects/tor/ticket/7850 https://trac.torproject.org/projects/tor/ticket/7840 https://trac.torproject.org/projects/tor/ticket/7548 - Increase Observatory deployment (65>85%) - Update cert whitelist * Wed Dec 12 2012 Russell Golden <[email protected]> - 3.1-1 - Hacky solution to a very nasty bug in which <securecookie> directives would cause cookies to be flagged as secure even if they were set from HTTP origins! https://trac.torproject.org/projects/tor/ticket/7491 https://mail1.eff.org/pipermail/https-everywhere-rules/2012-November/001397.html - Fixes: Akamai, Biomed central, BYU, Cachefly / Topix, DuckDuckGo, Focus.de, Fortum, Mashable, Mail.ru, MayFirst/People Link, MIT, Rackspace, Salsa Labs, SurveyMonkey, Tumblr - Disable: Adtech.de, AllthingsD American Public Media, Dafont, MediaFire, Verizon, vk.com, Wired, Conde Nast - Observatory-only translations into Hebrew and Croatian - Offer the SSL Observatory popup to a larger cohort of users -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update mozilla-https-everywhere' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
