-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-13022 2014-10-17 06:47:15 --------------------------------------------------------------------------------
Name : mozilla-https-everywhere Product : Fedora 19 Version : 4.0.2 Release : 1.fc19 URL : https://eff.org/https-everywhere Summary : HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey Description : HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites.
Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.
The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.
-------------------------------------------------------------------------------- Update Information:
- Disable SSL 3 to Prevent POODLE attack: -- https://github.com/EFForg/https-everywhere/pull/674 - NEW: HTTP Nowhere mode. Block all plaintext http - Updates to Yahoo APIs, Fastly, VMWare, Netflix, Maashable, LinkedIn, Gitorious, Mozilla, msecnd, Hotmail, Live, Eniro, Steam, Phoronix, net-security.org, Flickr, Craigslist, Apache.org, Joomla.org, Samsung, Google IMages, Expedia, Akamai, Trip Advisor, Ikea, CEll, Leo.org, Facebook, F-Secure, Dropbox, Courage Campaign, Box, Atlassian, Internet Archvie, localbitcoins.com, SOny, SciVerse, Web.com, Urgan Dictionary, Pornhub, Fool.com, ClickBank, MGID, Which?, Microsoft, Barnes and Noble, Royal Institute of GB, Wall Street Journal -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 16 2014 Russell Golden niveusluna@niveusluna.org - 4.0.2-1 - Disable SSL 3 to Prevent POODLE attack: -- https://github.com/EFForg/https-everywhere/pull/674 - NEW: HTTP Nowhere mode. Block all plaintext http - Updates to Yahoo APIs, Fastly, VMWare, Netflix, Maashable, LinkedIn, Gitorious, Mozilla, msecnd, Hotmail, Live, Eniro, Steam, Phoronix, net-security.org, Flickr, Craigslist, Apache.org, Joomla.org, Samsung, Google IMages, Expedia, Akamai, Trip Advisor, Ikea, CEll, Leo.org, Facebook, F-Secure, Dropbox, Courage Campaign, Box, Atlassian, Internet Archvie, localbitcoins.com, SOny, SciVerse, Web.com, Urgan Dictionary, Pornhub, Fool.com, ClickBank, MGID, Which?, Microsoft, Barnes and Noble, Royal Institute of GB, Wall Street Journal * Sat Sep 13 2014 Russell Golden niveusluna@niveusluna.org - 4.0.1-1 - Significant new coverage: Reddit, Quora - Fixes include: -- Frontier Networks, Hotmail / Live, Microsoft, Mozilla, Ohio State, Rackspace, SJ.se, Timbo.se -- https://github.com/EFForg/https-everywhere/issues/310 -- https://github.com/EFForg/https-everywhere/issues/500 -- https://trac.torproject.org/projects/tor/ticket/11402 -- https://trac.torproject.org/projects/tor/ticket/11418 -- https://trac.torproject.org/projects/tor/ticket/12583 -- https://trac.torproject.org/projects/tor/ticket/12104 -- https://trac.torproject.org/projects/tor/ticket/9466 -- https://github.com/EFForg/https-everywhere/issues/144 - Enhancements to MCB detection and subsequent ruleset fixes -- https://github.com/EFForg/https-everywhere/issues/529 * Thu Sep 4 2014 Russell Golden niveusluna@niveusluna.org - 4.0.0-1 - Ruleset fixes to wikimedia, stanford-university, joyent, and gaytorrents. - Merge Android Firefox branch, so Android now has the same release cycle -- as the stable HTTPS Everywhere branch for Firefox. - Remove old unused ContentPolicy code. - FEDORA/RHEL SPECIFIC - Place version conditionals for GNOME Software -- Center metadata in spec file. * Tue Aug 19 2014 Richard Hughes richard@hughsie.com - 3.5.3-2 - Add a MetaInfo file for GNOME Software and Apper. * Wed Jun 25 2014 Russell Golden niveusluna@niveusluna.org - 3.5.3-1 - Now works when installed globally! - Various ruleset fixes, including PCWorld. * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.5.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri May 30 2014 Russell Golden niveusluna@niveusluna.org - 3.5.1-1 - Revert https://github.com/EFForg/https-everywhere/pull/134 due to YouTube -- breakage. - Re-enable ability to see all rulesets in enable/disable dialog. - Added more Debian coverage. - Fixes to Doubleclick, Guardian, Heroku, Home Depot, HypeMachine, IMDB, -- Justin.tv, Kikatek, Mozilla, MyFitnessPal, Pinterest, XKCD, Reuters, -- Technet, Tumblr, Wordpress, Yandex, Youtube, Flickr. - Fix Australis icon positioning: -- https://github.com/EFForg/https-everywhere/pull/216 * Wed Apr 16 2014 Russell Golden niveusluna@niveusluna.org - 3.5-1 - Merge all non-ruleset changes from 4.0development.16 - Merge all new/modified rulesets from 4.0development.16 that are -- in the Alexa Top 1000 using utils/alexa-ruleset-checker.py. For a full list, -- see utils/alexa-logs/07042014.log. * Sun Jan 5 2014 Russell Golden niveusluna@niveusluna.org - 3.4.5-1 - Tiny ruleset tweaks (XKCD is back)! - Create an about:config setting that overrules mixedcontent ruleset disablement - Updated license - Updated README.md - Updated contributors list - Fix a performance bug when re-enabling HTTPS-Everywhere from its menu - Observatory cert whitelist update - Updated rules: Atlassian, Brightcove, MIT, Pidgin, Microsoft, Whonix, -- Skanetrafiken, Stack-Exchange, Stack-Exchange-mixedcontent * Tue Dec 17 2013 Russell Golden niveusluna@niveusluna.org - 3.4.3-1 - Fixes: Cloudfront / Amazon MP3 player, Cornell/Arxiv, FlickR, -- AmazonAWS/spiegel.tv - Disable broken: Barns and Noble, Behance, Boards.ie, Elsevier, Kohls, -- OpenDNS, Spin.de, Svenskakyrkan - Deprecate the ContentPolicy API, fixing a crash bug -- lurking since Firefox 20: -- https://bugzilla.mozilla.org/show_bug.cgi?id=939180 - Fix really silly Observatory UI bug that would leave the Observatory off -- for non-Tor users after they turned it on - Update Observatory blacklist - Bump maxVersion from Firefox 25 to 28. * Wed Oct 9 2013 Russell Golden niveusluna@niveusluna.org - 3.4.2-1 - HTTPS Everywhere builds are now deterministic! - Global memory leak bug fixes - Updated rules: Craigslist, Apple.com, Microsoft, CloudFront, UKLocalGov, -- Bing, Cengage - New rules from dev: IPTorrents.com, TvTorrents * Mon Aug 19 2013 Russell Golden niveusluna@niveusluna.org - 3.4.1-1 - Update to upstream 3.4.1. There were a lot of changes since the last update. -- See https://www.eff.org/files/Changelog.txt for details. * Sun Jul 28 2013 Russell Golden niveusluna@niveusluna.org - 3.3.1-1 3.3.1 - [Wikimedia] removed mixedcontent
3.3 - This major release fixed the following mixed content blocker (MCB) -- related bugs in time for Firefox 23: -- https://trac.torproject.org/projects/tor/ticket/9196 -- https://trac.torproject.org/projects/tor/ticket/8774 -- https://trac.torproject.org/projects/tor/ticket/8776 - In effect, this update disables rulesets that cause mixed content errors -- by default, and adds platform="mixedcontent" to 950 new rules. This is -- necessary to prevent a massive amount of websites from breaking by default -- for our users when Firefox 23 comes out. - [Internet Archive] Moved to stable - [Linaro] Default off per webmaster request - [Applicom] Default off per webmaster request * Tue Jul 16 2013 Russell Golden niveusluna@niveusluna.org - 3.2.4-1 - [Yandex] remove maps from exclusions - [Amazon Web Services] Add exclusion https://trac.torproject.org/projects/tor/ticket/8907 - [Hotmail / Live] Add exclusion https://trac.torproject.org/projects/tor/ticket/9026 - [Mozilla] Point labs to mozillalabs.org https://mail1.eff.org/pipermail/https-everywhere-rules/2013-July/001636.html - [Yandex] Exclude ll - [Brightcove] Add exclusion https://mail1.eff.org/pipermail/https-everywhere-rules/2013-May/001587.html - [NYTimes] Add exclusion, disabled - [News Corporation] Exclude 2013 images https://trac.torproject.org/projects/tor/ticket/9040 - [imgbox] Fix typo https://trac.torproject.org/projects/tor/ticket/8690 * Tue Jul 2 2013 Russell Golden niveusluna@niveusluna.org - 3.2.3-1 - Update to upstream 3.2.3 --------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use su -c 'yum update mozilla-https-everywhere' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org