Fedora 18 Update: mozilla-https-everywhere-3.2.1-1.fc18

updates at fedoraproject.org updates at fedoraproject.org
Tue May 21 08:30:31 UTC 2013 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-8570
2013-05-19 01:39:17
--------------------------------------------------------------------------------

Name        : mozilla-https-everywhere
Product     : Fedora 18
Version     : 3.2.1
Release     : 1.fc18
URL         : https://eff.org/https-everywhere
Summary     : HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
Description :
HTTPS Everywhere is a Firefox extension produced as a collaboration between
The Tor Project and the Electronic Frontier Foundation. It encrypts your
communications with a number of major websites.

Many sites on the web offer some limited support for encryption over HTTPS,
but make it difficult to use. For instance, they may default to unencrypted
HTTP, or fill encrypted pages with links that go back to the unencrypted site.

The HTTPS Everywhere extension fixes these problems by rewriting all requests
to these sites to HTTPS.

--------------------------------------------------------------------------------
Update Information:

- Implement XHR outstanding request limits to work around TCP connection
  -- exhaustion if the SSL Observatory server is slow or down:
  -- https://trac.torproject.org/projects/tor/ticket/8670
  -- https://bugzilla.mozilla.org/show_bug.cgi?id=856748
- Overdue update to the Observatory cert whitelist
- Other known ruleset fixes: EA, Yandex, Apple
  -- https://trac.torproject.org/projects/tor/ticket/8584
  -- https://trac.torproject.org/projects/tor/ticket/8571
--------------------------------------------------------------------------------
ChangeLog:

* Sat May 18 2013 Russell Golden <niveusluna at niveusluna.org> - 3.2.1-1
- Implement XHR outstanding request limits to work around TCP connection
  -- exhaustion if the SSL Observatory server is slow or down:
  -- https://trac.torproject.org/projects/tor/ticket/8670
  -- https://bugzilla.mozilla.org/show_bug.cgi?id=856748
- Overdue update to the Observatory cert whitelist
- Other known ruleset fixes: EA, Yandex, Apple
  -- https://trac.torproject.org/projects/tor/ticket/8584
  -- https://trac.torproject.org/projects/tor/ticket/8571
* Wed May  1 2013 Russell Golden <niveusluna at niveusluna.org> - 3.2-1
- Related trac bugs for this release:
  https://eff.org/r.b9Qc
- New: MoinMoin
- Fixes: Adobe, Bahn.de, Cloudfront, Dell, Droplr, FBI, Google Maps,
  Joomla, Juno Download, Lenovo, New York Times, SEC, Soundcloud,
  Tweakers.net, Univ Strasbourg, Vkontakte, Zend
- Disable broken: AirAsia, Netvibes, Newgrounds, Pirate Bay, Russia Today, SVT,
  Wolfram Alpha
- Maybe fixed: Quantcast/Tumblr:
  https://trac.torproject.org/projects/tor/ticket/8406 (maybe fixed)
- Sync languages and translations from the master branch.
- New languages: Finnish, Norwegian (Bokmål), Slovak, Bulgarian.
- All HTTPS Everywhere users will be now prompted about using the
  SSL Observatory.
* Fri Mar  8 2013 Russell Golden <niveusluna at niveusluna.org> - 3.1.4-1
- The circles are stable releasee
- Fixes:
  - AmazonAWS/Atomsforpeace.info, Disqus, Eventbrite, ImageShack.us, MySQL,
    NuGet, NYTimes, Ooyala, Opera, Scientific American, SourceForge,
    University of Southampton, UserVoice, WebType, Zendesk
  - https://trac.torproject.org/projects/tor/ticket/8056
  - https://trac.torproject.org/projects/tor/ticket/8349
  - https://trac.torproject.org/projects/tor/ticket/7690
  - https://trac.torproject.org/projects/tor/ticket/8025
  - http://bugs.mysql.com/bug.php?id=67311
  - https://trac.torproject.org/projects/tor/ticket/7615
  - https://trac.torproject.org/projects/tor/ticket/8077
  - https://trac.torproject.org/projects/tor/ticket/8199
  - https://trac.torproject.org/projects/tor/ticket/8198
- Disable broken:
  - American Public Media (for real this time), Asymmetric Publications, 
    Salsa Labs, Vimeo
  - https://trac.torproject.org/projects/tor/ticket/7650
  - https://trac.torproject.org/projects/tor/ticket/8280
  - https://trac.torproject.org/projects/tor/ticket/7569
- Update cert whitelist
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.1.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Mon Jan 21 2013 Russell Golden <niveusluna at niveusluna.org> - 3.1.3-1
- Internet Freedom Day stable bugfix release
  - Fixes: CloudFront/Spotify, AmazonAWS (Amazon MP3s and product images), Libav, 
           Google Maps, UserEcho
    https://trac.torproject.org/projects/tor/ticket/7931
    https://trac.torproject.org/projects/tor/ticket/7888
    https://trac.torproject.org/projects/tor/ticket/7594
    https://trac.torproject.org/projects/tor/ticket/7539
    https://trac.torproject.org/projects/tor/ticket/7698
  - Disable broken: Coursera, EBay, Etsy, OpenOffice, Ping.fm, Pinterest :(
    https://trac.torproject.org/projects/tor/ticket/7336
    https://trac.torproject.org/projects/tor/ticket/7825
    https://trac.torproject.org/projects/tor/ticket/7774
    https://trac.torproject.org/projects/tor/ticket/7695
    https://trac.torproject.org/projects/tor/ticket/7777
    https://trac.torproject.org/projects/tor/ticket/7865
  - Update cert whitelist
* Thu Jan  3 2013 Russell Golden <niveusluna at niveusluna.org> - 3.1.2-1
- Fixes for: AmazonAWS/Datawrapper, Cachefly, Cloudfront/C-SPAN, Hetzner.de KeyDrive/Snapnames, QT, openDesktop, OpenTTD, WhiskeyMedia https://mail1.eff.org/pipermail/https-everywhere-rules/2012-December/001432.html https://trac.torproject.org/projects/tor/ticket/7608 https://trac.torproject.org/projects/tor/ticket/7567 https://mail1.eff.org/pipermail/https-everywhere-rules/2012-December/001432.html https://trac.torproject.org/projects/tor/ticket/7560 https://trac.torproject.org/projects/tor/ticket/7796
- Disable broken: FlossManuals, Pastebin, Poste.it, Ustream, TED, AusGamers https://trac.torproject.org/projects/tor/ticket/7731 https://trac.torproject.org/projects/tor/ticket/7850 https://trac.torproject.org/projects/tor/ticket/7840 https://trac.torproject.org/projects/tor/ticket/7548
- Increase Observatory deployment (65>85%)
- Update cert whitelist
* Wed Dec 12 2012 Russell Golden <niveusluna at niveusluna.org> - 3.1-1
- Hacky solution to a very nasty bug in which <securecookie> directives
    would cause cookies to be flagged as secure even if they were set from
    HTTP origins!
    https://trac.torproject.org/projects/tor/ticket/7491
    https://mail1.eff.org/pipermail/https-everywhere-rules/2012-November/001397.html
- Fixes: Akamai, Biomed central, BYU, Cachefly / Topix, DuckDuckGo, Focus.de,
    Fortum, Mashable, Mail.ru, MayFirst/People Link, MIT, Rackspace, 
    Salsa Labs, SurveyMonkey, Tumblr
- Disable: Adtech.de, AllthingsD American Public Media, Dafont, MediaFire,
    Verizon, vk.com, Wired, Conde Nast
- Observatory-only translations into Hebrew and Croatian
- Offer the SSL Observatory popup to a larger cohort of users
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update mozilla-https-everywhere' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list