[Pkg-privacy-commits] [Git][pkg-privacy-team/torbrowser-launcher][debian/stretch-backports] 10 commits: Rebuild as 0.2.9-3~bpo8+1 for jessie-backports-sloppy
Roger Shimizu
rosh at debian.org
Mon Sep 17 18:13:08 BST 2018
Roger Shimizu pushed to branch debian/stretch-backports at Privacy Maintainers / torbrowser-launcher
Commits:
18a778a2 by Roger Shimizu at 2018-06-24T06:31:58Z
Rebuild as 0.2.9-3~bpo8+1 for jessie-backports-sloppy
- - - - -
a9406271 by Roger Shimizu at 2018-09-09T14:53:18Z
Merge branch 'debian/stretch-backports' into debian/jessie-backports-sloppy
- - - - -
1814e386 by Roger Shimizu at 2018-09-09T14:53:40Z
Rebuild as 0.2.9-4~bpo8+1 for jessie-backports-sloppy
- - - - -
8b15bbd4 by Roger Shimizu at 2018-09-09T15:22:50Z
Make lintian slightly happy
* debian/source/lintian-overrides:
- Rename from debian/source.lintian-overrides
* debian/control:
- Rename tag X-Python-Version to XS-Python-Version.
- - - - -
df0873bb by Roger Shimizu at 2018-09-12T15:42:03Z
d/patches: Cherry-pick three upstream commits
3 commits to fix appamor profile for Web Content process.
Closes: #908463
- - - - -
d0deb2f9 by Roger Shimizu at 2018-09-17T16:08:05Z
d/torbrowser-launcher.maintscript: rm_conffile appamor profile
rm_conffile appamor profile /etc/apparmor.d/local/*, which was
removed since 0.2.9-2. Thanks to gregor herrmann for the fix.
- - - - -
e20c71d8 by Roger Shimizu at 2018-09-17T16:16:59Z
d/control: Add XB-Python-Version tag for binary package
- - - - -
c8628ea7 by Roger Shimizu at 2018-09-17T16:17:18Z
Prepare to release 0.2.9-5
- - - - -
e37448c0 by Roger Shimizu at 2018-09-17T16:26:33Z
Merge branch 'debian/sid' into debian/stretch-backports
- - - - -
a93bddd5 by Roger Shimizu at 2018-09-17T16:26:58Z
Rebuild as 0.2.9-5~bpo9+1 for stretch-backports
- - - - -
9 changed files:
- debian/changelog
- debian/control
- + debian/patches/0019-AppArmor-confine-Firefox-60-Web-Content-processes-un.patch
- + debian/patches/0020-AppArmor-give-Tor-Browser-s-Web-Content-process-some.patch
- + debian/patches/0021-AppArmor-give-Web-Content-processes-read-access-to-t.patch
- debian/patches/series
- − debian/source.lintian-overrides
- + debian/source/lintian-overrides
- debian/torbrowser-launcher.maintscript
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,31 @@
+torbrowser-launcher (0.2.9-5~bpo9+1) stretch-backports; urgency=medium
+
+ * Rebuild for stretch-backports.
+
+ -- Roger Shimizu <rosh at debian.org> Tue, 18 Sep 2018 01:26:57 +0900
+
+torbrowser-launcher (0.2.9-5) unstable; urgency=high
+
+ * debian/source/lintian-overrides:
+ - Rename from debian/source.lintian-overrides
+ * debian/control:
+ - Rename tag X-Python-Version to XS-Python-Version.
+ - Add XB-Python-Version tag for binary package.
+ * debian/patches:
+ - Cherry-pick three upstream commits to fix appamor profile for
+ Web Content process (Closes: #908463).
+ * debian/torbrowser-launcher.maintscript:
+ - rm_conffile appamor profile /etc/apparmor.d/local/*, which was
+ removed since 0.2.9-2. Thanks to gregor herrmann for the fix.
+
+ -- Roger Shimizu <rosh at debian.org> Tue, 18 Sep 2018 01:17:18 +0900
+
+torbrowser-launcher (0.2.9-4~bpo8+1) jessie-backports-sloppy; urgency=medium
+
+ * Rebuild for jessie-backports-sloppy.
+
+ -- Roger Shimizu <rosh at debian.org> Sun, 09 Sep 2018 23:53:39 +0900
+
torbrowser-launcher (0.2.9-4~bpo9+1) stretch-backports; urgency=medium
* Rebuild for stretch-backports.
@@ -17,6 +45,12 @@ torbrowser-launcher (0.2.9-4) unstable; urgency=medium
-- Roger Shimizu <rosh at debian.org> Sun, 09 Sep 2018 16:43:19 +0900
+torbrowser-launcher (0.2.9-3~bpo8+1) jessie-backports-sloppy; urgency=medium
+
+ * Rebuild for jessie-backports-sloppy.
+
+ -- Roger Shimizu <rosh at debian.org> Sun, 24 Jun 2018 15:31:57 +0900
+
torbrowser-launcher (0.2.9-3~bpo9+1) stretch-backports; urgency=medium
* Rebuild for stretch-backports.
=====================================
debian/control
=====================================
@@ -10,7 +10,7 @@ Build-Depends:
help2man,
lsb-release,
python-all (>= 2.7.3-4)
-X-Python-Version: >= 2.7
+XS-Python-Version: >= 2.7
Standards-Version: 3.9.8
Homepage: https://micahflee.com/torbrowser-launcher/
Vcs-Git: https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher.git
@@ -30,6 +30,7 @@ Depends:
python-psutil,
python-twisted,
python-txsocksx (>= 1.13.0.1)
+XB-Python-Version: ${python:Versions}
Recommends: tor
Suggests: apparmor, python-pygame
Description: helps download and run the Tor Browser Bundle
=====================================
debian/patches/0019-AppArmor-confine-Firefox-60-Web-Content-processes-un.patch
=====================================
@@ -0,0 +1,63 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Mon, 10 Sep 2018 07:55:18 +0000
+Subject: AppArmor: confine Firefox 60 "Web Content" processes under the
+ torbrowser_plugin_container AppArmor profile.
+
+(cherry picked from commit 678d083491ceba5201d96b514173890944928540)
+---
+ apparmor/torbrowser.Browser.firefox | 4 +++-
+ apparmor/torbrowser.Browser.plugin-container | 5 ++++-
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/apparmor/torbrowser.Browser.firefox b/apparmor/torbrowser.Browser.firefox
+index 69354d1..9f269e1 100644
+--- a/apparmor/torbrowser.Browser.firefox
++++ b/apparmor/torbrowser.Browser.firefox
+@@ -54,7 +54,6 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
+ owner @{torbrowser_home_dir}/components/*.so mr,
+ owner @{torbrowser_home_dir}/browser/components/*.so mr,
+ owner @{torbrowser_home_dir}/firefox rix,
+- owner @{torbrowser_home_dir}/plugin-container px -> torbrowser_plugin_container,
+ owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/updater ix,
+ owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/0/MozUpdater/bgupdate/updater ix,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profiles.ini r,
+@@ -64,6 +63,9 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
+ owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so mr,
+ owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,
+
++ # Web Content processes
++ owner @{torbrowser_firefox_executable} px -> torbrowser_plugin_container,
++
+ /etc/mailcap r,
+ /etc/mime.types r,
+
+diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
+index fe95fdb..c1c4ccb 100644
+--- a/apparmor/torbrowser.Browser.plugin-container
++++ b/apparmor/torbrowser.Browser.plugin-container
+@@ -1,6 +1,8 @@
+ #include <tunables/global>
+ #include <tunables/torbrowser>
+
++@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real
++
+ profile torbrowser_plugin_container {
+ #include <abstractions/gnome>
+
+@@ -52,7 +54,6 @@ profile torbrowser_plugin_container {
+ owner @{torbrowser_home_dir}/fonts/ r,
+ owner @{torbrowser_home_dir}/fonts/** r,
+ owner @{torbrowser_home_dir}/omni.ja r,
+- owner @{torbrowser_home_dir}/plugin-container ixmr,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/* rw,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,
+@@ -62,6 +63,8 @@ profile torbrowser_plugin_container {
+ owner @{torbrowser_home_dir}/Downloads/ rwk,
+ owner @{torbrowser_home_dir}/Downloads/** rwk,
+
++ owner @{torbrowser_firefox_executable} ixmr -> torbrowser_plugin_container,
++
+ /sys/devices/system/cpu/ r,
+ /sys/devices/system/cpu/present r,
+ /sys/devices/system/node/ r,
=====================================
debian/patches/0020-AppArmor-give-Tor-Browser-s-Web-Content-process-some.patch
=====================================
@@ -0,0 +1,30 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Mon, 10 Sep 2018 07:55:36 +0000
+Subject: AppArmor: give Tor Browser's Web Content process some more innocuous
+ access it now needs.
+
+(cherry picked from commit 45265423d7fea40f93a3924146933aa6e94f0d97)
+---
+ apparmor/torbrowser.Browser.plugin-container | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
+index c1c4ccb..ae2a9ba 100644
+--- a/apparmor/torbrowser.Browser.plugin-container
++++ b/apparmor/torbrowser.Browser.plugin-container
+@@ -34,6 +34,7 @@ profile torbrowser_plugin_container {
+
+ /dev/shm/ r,
+
++ owner @{PROC}/@{pid}/environ r,
+ owner @{PROC}/@{pid}/fd/ r,
+ owner @{PROC}/@{pid}/mountinfo r,
+ owner @{PROC}/@{pid}/stat r,
+@@ -51,6 +52,7 @@ profile torbrowser_plugin_container {
+ owner @{torbrowser_home_dir}/browser/components/*.so mr,
+ owner @{torbrowser_home_dir}/defaults/pref/ r,
+ owner @{torbrowser_home_dir}/defaults/pref/*.js r,
++ owner @{torbrowser_home_dir}/dependentlibs.list r,
+ owner @{torbrowser_home_dir}/fonts/ r,
+ owner @{torbrowser_home_dir}/fonts/** r,
+ owner @{torbrowser_home_dir}/omni.ja r,
=====================================
debian/patches/0021-AppArmor-give-Web-Content-processes-read-access-to-t.patch
=====================================
@@ -0,0 +1,22 @@
+From: intrigeri <intrigeri at boum.org>
+Date: Mon, 10 Sep 2018 09:41:49 +0000
+Subject: AppArmor: give Web Content processes read access to the startup
+ cache, otherwise they fail to load
+
+(cherry picked from commit eb328f2abe7b681c779a6cb7e49657ac93ecd005)
+---
+ apparmor/torbrowser.Browser.plugin-container | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
+index ae2a9ba..7ec8a00 100644
+--- a/apparmor/torbrowser.Browser.plugin-container
++++ b/apparmor/torbrowser.Browser.plugin-container
+@@ -57,6 +57,7 @@ profile torbrowser_plugin_container {
+ owner @{torbrowser_home_dir}/fonts/** r,
+ owner @{torbrowser_home_dir}/omni.ja r,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
++ owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/* rw,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,
+ owner @{torbrowser_home_dir}/TorBrowser/Tor/ r,
=====================================
debian/patches/series
=====================================
@@ -16,3 +16,6 @@
0016-Remove-apparmor-local-path-from-setup.py.patch
0017-AppArmor-allow-Firefox-to-read-usr-share-glib-2.0-sc.patch
0018-AppArmor-adjust-Firefox-binary-path-for-Tor-Browser-.patch
+0019-AppArmor-confine-Firefox-60-Web-Content-processes-un.patch
+0020-AppArmor-give-Tor-Browser-s-Web-Content-process-some.patch
+0021-AppArmor-give-Web-Content-processes-read-access-to-t.patch
=====================================
debian/source.lintian-overrides deleted
=====================================
@@ -1 +0,0 @@
-torbrowser-launcher source: debian-watch-may-check-gpg-signature
=====================================
debian/source/lintian-overrides
=====================================
@@ -0,0 +1 @@
+torbrowser-launcher source: debian-watch-does-not-check-gpg-signature
=====================================
debian/torbrowser-launcher.maintscript
=====================================
@@ -1,2 +1,5 @@
rm_conffile /etc/apparmor.d/torbrowser.start-tor-browser 0.2.8-5~ torbrowser-launcher
rm_conffile /etc/apparmor.d/usr.bin.torbrowser-launcher 0.2.8-4~ torbrowser-launcher
+rm_conffile /etc/apparmor.d/local/torbrowser.Browser.firefox 0.2.9-5~ torbrowser-launcher
+rm_conffile /etc/apparmor.d/local/torbrowser.Browser.plugin-container 0.2.9-5~ torbrowser-launcher
+rm_conffile /etc/apparmor.d/local/torbrowser.Tor.tor 0.2.9-5~ torbrowser-launcher
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/compare/71c98cf1e9c0fb4f1dbdd7fac41516ea1c17169c...a93bddd5c9e78a27fe069275d34db718e1df03bd
--
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/compare/71c98cf1e9c0fb4f1dbdd7fac41516ea1c17169c...a93bddd5c9e78a27fe069275d34db718e1df03bd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-commits/attachments/20180917/78663064/attachment-0001.html>
More information about the Pkg-privacy-commits
mailing list