[Pkg-privacy-commits] [Git][pkg-privacy-team/torbrowser-launcher][debian/stretch-backports-sloppy] 19 commits: AppArmor: allow Web Content processes to check the update status.
Roger Shimizu
rosh at debian.org
Fri Aug 16 14:55:42 BST 2019
Roger Shimizu pushed to branch debian/stretch-backports-sloppy at Privacy Maintainers / torbrowser-launcher
Commits:
1b2e6aae by intrigeri at 2018-09-25T07:23:18Z
AppArmor: allow Web Content processes to check the update status.
Otherwise restarting after updating Tor Browser is broken.
- - - - -
3cd8aeb0 by intrigeri at 2018-10-06T05:49:58Z
AppArmor: allow Web Content processes to read profile.ini and the updates' "updater" file.
Otherwise restarting after updating Tor Browser is broken.
- - - - -
a27237a9 by Rohan "HEXcube" Villoth at 2018-10-06T08:48:40Z
Update README.md to use the newer apt command
5 years back Debian introduced apt as the new “pleasant for end users” tool over apt-get. The newer apt command works on all currently supported Ubuntu and Debian releases. See https://itsfoss.com/apt-vs-apt-get-difference/
- - - - -
b2ba5b44 by intrigeri at 2018-12-15T10:01:29Z
AppArmor: allow Web Content processes to create .parentwritetest.
Otherwise restarting after updating Tor Browser is broken.
- - - - -
326669f1 by Micah Lee at 2019-01-05T00:09:17Z
Add warning about errors to readme, and update screenshot
- - - - -
c5d37c0d by intrigeri at 2019-03-31T14:55:24Z
AppArmor: drop the profile dedicated to Web Content processes.
Before Firefox 60, Web Content processes were instances of a dedicated
binary (plugin-container). But since Firefox 60, the Web Content processes are
instances of the very same executable as the parent Firefox process,
which makes it impossible to apply a different AppArmor policy to:
- Web Content processes, that should ideally be more strictly confined
- the new parent Firefox process that's spawned while restarting
during a self-upgrade of Tor Browser
And indeed, we had to drop this distinction with commit
678d083491ceba5201d96b514173890944928540.
As a result, the new parent Firefox process that's spawned while restarting
during a self-upgrade of Tor Browser runs under the torbrowser_plugin_container
profile, i.e. more strictly confined than it should be, which breaks all kinds
of things.
A Firefox release manager tells me there's no plan to give Web Content processes
a dedicated binary again; let's give up and go back to confining the entire
browser under one single AppArmor profile, and rely on Firefox' own sandboxing
systems to protect itself against rogue Web Content processes.
- - - - -
8a02a09f by intrigeri at 2019-03-31T15:07:02Z
AppArmor: silence denial logs for dconf access.
- - - - -
aab280fe by intrigeri at 2019-03-31T15:36:57Z
AppArmor: grant permissions needed for audio support.
It's 2019. Users want to watch videos in Tor Browser. Having to edit files and
run commands as root is not a realistic expectation for Tor Browser users.
- - - - -
af427c1d by marieismywaifu at 2019-07-04T13:01:21Z
Use non-vulnerable key server
- - - - -
a52b5a58 by intrigeri at 2019-07-19T20:59:47Z
Merge pull request #396 from intrigeri/apparmor-drop-plugin-container-profile
AppArmor: drop plugin container profile and allow audio
- - - - -
3d151fe2 by Micah Lee at 2019-07-20T00:25:18Z
Merge pull request #402 from marieismywaifu/patch-1
Use non-vulnerable key server
- - - - -
abaf8981 by Micah Lee at 2019-07-20T00:25:48Z
Merge pull request #370 from HEXcube/patch-1
Update README.md to use the newer apt command
- - - - -
6a5507a9 by Micah Lee at 2019-07-20T00:43:06Z
Version bump to 0.1.2, updated changelog, add new screenshot, and update logo
- - - - -
d6343012 by Micah Lee at 2019-07-20T00:49:17Z
Remove sks keyserver CA, and also remove unnecessary keyserver options
- - - - -
88e7cb28 by Roger Shimizu at 2019-07-27T04:14:27Z
Merge tag 'v0.3.2' into debian/sid
Version 0.3.2
- - - - -
1697639d by Roger Shimizu at 2019-08-06T16:40:52Z
Prepare to release 0.3.2-1
- - - - -
d4a9603e by Roger Shimizu at 2019-08-13T16:33:19Z
Merge tag 'debian/0.3.2-1' into debian/buster-backports
- - - - -
1a3bfb86 by Roger Shimizu at 2019-08-13T16:35:26Z
Rebuild as 0.3.2-1~bpo10+1 for buster-backports
- - - - -
4c028f4d by Roger Shimizu at 2019-08-13T16:40:33Z
Rebuild as 0.3.2-1~bpo9+1 for stretch-backports-sloppy
- - - - -
24 changed files:
- CHANGELOG.md
- README.md
- − apparmor/local/torbrowser.Browser.plugin-container
- apparmor/torbrowser.Browser.firefox
- − apparmor/torbrowser.Browser.plugin-container
- debian/changelog
- − debian/patches/0001-Remove-apparmor-local-path-from-setup.py.patch
- debian/patches/0002-show-gui-only-if-tbb-not-installed.patch → debian/patches/0001-show-gui-only-if-tbb-not-installed.patch
- debian/patches/0003-remove-double-common-assignment.patch → debian/patches/0002-remove-double-common-assignment.patch
- debian/patches/0004-Update-Hungarian-translation.patch → debian/patches/0003-Update-Hungarian-translation.patch
- debian/patches/0005-Create-da.po.patch → debian/patches/0004-Create-da.po.patch
- debian/patches/0006-Fix-two-spelling-errors.patch → debian/patches/0005-Fix-two-spelling-errors.patch
- debian/patches/0007-Add-Swedish-translation.patch → debian/patches/0006-Add-Swedish-translation.patch
- debian/patches/0008-Remove-mention-of-modem-sound-in-docs-and-translatio.patch → debian/patches/0007-Remove-mention-of-modem-sound-in-docs-and-translatio.patch
- debian/patches/0011-Revert-Properly-detect-the-system-s-locale.patch → debian/patches/0008-Revert-Properly-detect-the-system-s-locale.patch
- − debian/patches/0009-AppArmor-allow-Web-Content-processes-to-check-the-up.patch
- − debian/patches/0010-AppArmor-allow-Web-Content-processes-to-read-profile.patch
- debian/patches/series
- screenshot.png
- setup.py
- share/pixmaps/torbrowser.png
- − share/torbrowser-launcher/sks-keyservers.netCA.pem
- share/torbrowser-launcher/version
- torbrowser_launcher/common.py
Changes:
=====================================
CHANGELOG.md
=====================================
@@ -1,5 +1,10 @@
# Tor Browser Launcher Changelog
+## 0.3.2
+
+* Switch to keys.openpgp.org when refreshing signing key, because SKS keyservers are broken
+* Use new Tor Browser logo
+
## 0.3.1
* Ship with latest version of the Tor Browser Developers OpenPGP public key
=====================================
README.md
=====================================
@@ -1,5 +1,7 @@
# Tor Browser Launcher
+_**Are you getting an error?** Sometimes updates in Tor Browser itself will break Tor Browser Launcher. There's a good chance that the problem you're experiencing has already been fixed in the [newest version](https://github.com/micahflee/torbrowser-launcher/releases), but Linux distributions can be slow to provide up-to-date packages. In this case, you can install from the PPA (instructions below), or [build from source](/BUILD.md)._
+
Tor Browser Launcher is intended to make Tor Browser easier to install and use for GNU/Linux users. You install ```torbrowser-launcher``` from your distribution's package manager and it handles everything else:
* Downloads and installs the most recent version of Tor Browser in your language and for your computer's architecture, or launches Tor Browser if it's already installed (Tor Browser will automatically update itself)
@@ -14,12 +16,11 @@ You might want to check out the [security design doc](/security_design.md).
-# Installing in Ubuntu
+# Installing from the PPA
If you want to always have the latest version of the `torbrowser-launcher` package before your distribution gets it, you can use my PPA:
```sh
sudo add-apt-repository ppa:micahflee/ppa
-sudo apt-get update
-sudo apt-get install torbrowser-launcher
+sudo apt install torbrowser-launcher
```
=====================================
apparmor/local/torbrowser.Browser.plugin-container deleted
=====================================
=====================================
apparmor/torbrowser.Browser.firefox
=====================================
@@ -4,6 +4,7 @@
@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real
profile torbrowser_firefox @{torbrowser_firefox_executable} {
+ #include <abstractions/audio>
#include <abstractions/gnome>
# Uncomment the following lines if you want to give the Tor Browser read-write
@@ -11,12 +12,15 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
# #include <abstractions/user-download>
# @{HOME}/ r,
+ # Audio support
+ /{,usr/}bin/pulseaudio Pixr,
+
#dbus,
network netlink raw,
network tcp,
- ptrace (trace) peer=torbrowser_plugin_container,
- signal (send) set=("term") peer=torbrowser_plugin_container,
+ ptrace (trace) peer=@{profile_name},
+ signal (receive, send) set=("term") peer=@{profile_name},
deny /etc/host.conf r,
deny /etc/hosts r,
@@ -26,12 +30,13 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
deny /etc/group r,
deny /etc/mailcap r,
- deny /etc/machine-id r,
- deny /var/lib/dbus/machine-id r,
+ /etc/machine-id r,
+ /var/lib/dbus/machine-id r,
/dev/ r,
/dev/shm/ r,
+ owner @{PROC}/@{pid}/environ r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
@@ -51,20 +56,24 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
owner @{torbrowser_home_dir}/*.so mr,
owner @{torbrowser_home_dir}/.cache/fontconfig/ rwk,
owner @{torbrowser_home_dir}/.cache/fontconfig/** rwkl,
- owner @{torbrowser_home_dir}/components/*.so mr,
- owner @{torbrowser_home_dir}/browser/components/*.so mr,
+ owner @{torbrowser_home_dir}/browser/** r,
+ owner @{torbrowser_home_dir}/{,browser/}components/*.so mr,
+ owner @{torbrowser_home_dir}/Downloads/ rwk,
+ owner @{torbrowser_home_dir}/Downloads/** rwk,
owner @{torbrowser_home_dir}/firefox rix,
- owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/updater ix,
- owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/0/MozUpdater/bgupdate/updater ix,
+ owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/* rw,
+ owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/{,MozUpdater/bgupdate/}updater ix,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/.parentwritetest rw,
owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profiles.ini r,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/ r,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/{,**} rwk,
+ owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,
owner @{torbrowser_home_dir}/TorBrowser/Tor/tor px,
owner @{torbrowser_home_dir}/TorBrowser/Tor/ r,
owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so mr,
owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,
- # Web Content processes
- owner @{torbrowser_firefox_executable} px -> torbrowser_plugin_container,
+ # parent Firefox process when restarting after upgrade, Web Content processes
+ owner @{torbrowser_firefox_executable} ixmr -> torbrowser_firefox,
/etc/mailcap r,
/etc/mime.types r,
@@ -110,6 +119,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
deny @{PROC}/@{pid}/net/route r,
deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
+ deny /run/user/[0-9]*/dconf/user rw,
# Silence denial logs about PulseAudio
deny /etc/pulse/client.conf r,
=====================================
apparmor/torbrowser.Browser.plugin-container deleted
=====================================
@@ -1,101 +0,0 @@
-#include <tunables/global>
-#include <tunables/torbrowser>
-
-@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real
-
-profile torbrowser_plugin_container {
- #include <abstractions/gnome>
-
- # Uncomment the following lines if you want Tor Browser
- # to have direct access to your sound hardware. You will also
- # need to remove, further bellow:
- # - the "deny" word in the machine-id lines
- # - the rules that deny reading /etc/pulse/client.conf
- # and executing /usr/bin/pulseaudio
- # #include <abstractions/audio>
- # /etc/asound.conf r,
- # owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/mozilla-temp-* rw,
-
- signal (receive) set=("term") peer=torbrowser_firefox,
-
- deny /etc/host.conf r,
- deny /etc/hosts r,
- deny /etc/nsswitch.conf r,
- deny /etc/resolv.conf r,
- deny /etc/passwd r,
- deny /etc/group r,
- deny /etc/mailcap r,
-
- deny /etc/machine-id r,
- deny /var/lib/dbus/machine-id r,
-
- /etc/mime.types r,
- /usr/share/applications/gnome-mimeapps.list r,
-
- /dev/shm/ r,
-
- owner @{PROC}/@{pid}/environ r,
- owner @{PROC}/@{pid}/fd/ r,
- owner @{PROC}/@{pid}/mountinfo r,
- owner @{PROC}/@{pid}/stat r,
- owner @{PROC}/@{pid}/status r,
- owner @{PROC}/@{pid}/task/*/stat r,
- @{PROC}/sys/kernel/random/uuid r,
-
- owner @{torbrowser_home_dir}/*.dat r,
- owner @{torbrowser_home_dir}/*.manifest r,
- owner @{torbrowser_home_dir}/*.so mr,
- owner @{torbrowser_home_dir}/.cache/fontconfig/ rw,
- owner @{torbrowser_home_dir}/.cache/fontconfig/** rw,
- owner @{torbrowser_home_dir}/browser/** r,
- owner @{torbrowser_home_dir}/components/*.so mr,
- owner @{torbrowser_home_dir}/browser/components/*.so mr,
- owner @{torbrowser_home_dir}/defaults/pref/ r,
- owner @{torbrowser_home_dir}/defaults/pref/*.js r,
- owner @{torbrowser_home_dir}/dependentlibs.list r,
- owner @{torbrowser_home_dir}/fonts/ r,
- owner @{torbrowser_home_dir}/fonts/** r,
- owner @{torbrowser_home_dir}/omni.ja r,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/* rw,
- owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,
- owner @{torbrowser_home_dir}/TorBrowser/Tor/ r,
- owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so mr,
- owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,
- owner @{torbrowser_home_dir}/Downloads/ rwk,
- owner @{torbrowser_home_dir}/Downloads/** rwk,
-
- owner @{torbrowser_firefox_executable} ixmr -> torbrowser_plugin_container,
-
- /sys/devices/system/cpu/ r,
- /sys/devices/system/cpu/present r,
- /sys/devices/system/node/ r,
- /sys/devices/system/node/node[0-9]*/meminfo r,
- deny /sys/devices/virtual/block/*/uevent r,
-
- # Should use abstractions/gstreamer instead once merged upstream
- /etc/udev/udev.conf r,
- /run/udev/data/+pci:* r,
- /sys/devices/pci[0-9]*/**/uevent r,
- owner /{dev,run}/shm/shmfd-* rw,
-
- # Required for multiprocess Firefox (aka Electrolysis, i.e. e10s)
- owner /{dev,run}/shm/org.chromium.* rw,
-
- # Deny access to DRM nodes, that's granted by the X abstraction, which is
- # sourced by the gnome abstraction, that we include.
- deny /dev/dri/** rwklx,
-
- # Silence denial logs about permissions we don't need
- deny /dev/dri/ rwklx,
- deny @{PROC}/@{pid}/net/route r,
- deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
- deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
-
- # Silence denial logs about PulseAudio
- deny /etc/pulse/client.conf r,
- deny /usr/bin/pulseaudio x,
-
- #include <local/torbrowser.Browser.plugin-container>
-}
=====================================
debian/changelog
=====================================
@@ -1,3 +1,27 @@
+torbrowser-launcher (0.3.2-1~bpo9+1) stretch-backports-sloppy; urgency=medium
+
+ * Rebuild for stretch-backports-sloppy.
+
+ -- Roger Shimizu <rosh at debian.org> Wed, 14 Aug 2019 01:40:32 +0900
+
+torbrowser-launcher (0.3.2-1~bpo10+1) buster-backports; urgency=medium
+
+ * Rebuild for buster-backports.
+
+ -- Roger Shimizu <rosh at debian.org> Wed, 14 Aug 2019 01:35:25 +0900
+
+torbrowser-launcher (0.3.2-1) unstable; urgency=medium
+
+ * New upstream release 0.3.2
+ - Switch to keys.openpgp.org when refreshing signing key, because
+ SKS keyservers are broken.
+ - Use new Tor Browser logo.
+ * debian/patches:
+ - Remove upstreamed patches.
+ - Refresh patches.
+
+ -- Roger Shimizu <rosh at debian.org> Wed, 07 Aug 2019 01:40:22 +0900
+
torbrowser-launcher (0.3.1-2~bpo9+2) stretch-backports-sloppy; urgency=medium
* Rebuild for stretch-backports-sloppy.
=====================================
debian/patches/0001-Remove-apparmor-local-path-from-setup.py.patch deleted
=====================================
@@ -1,24 +0,0 @@
-From: Roger Shimizu <rosh at debian.org>
-Date: Sun, 18 Mar 2018 23:12:26 +0900
-Subject: Remove apparmor local path from setup.py
-
-apparmor local files were just removed, so change setup.py accordingly.
----
- setup.py | 4 ----
- 1 file changed, 4 deletions(-)
-
-diff --git a/setup.py b/setup.py
-index 37452ba..cf098c1 100644
---- a/setup.py
-+++ b/setup.py
-@@ -83,10 +83,6 @@ if distro != 'Ubuntu':
- 'apparmor/torbrowser.Browser.firefox',
- 'apparmor/torbrowser.Browser.plugin-container',
- 'apparmor/torbrowser.Tor.tor']),
-- ('/etc/apparmor.d/local/', [
-- 'apparmor/local/torbrowser.Browser.firefox',
-- 'apparmor/local/torbrowser.Browser.plugin-container',
-- 'apparmor/local/torbrowser.Tor.tor']),
- ('/etc/apparmor.d/tunables/', ['apparmor/tunables/torbrowser'])
- ]
-
=====================================
debian/patches/0002-show-gui-only-if-tbb-not-installed.patch → debian/patches/0001-show-gui-only-if-tbb-not-installed.patch
=====================================
=====================================
debian/patches/0003-remove-double-common-assignment.patch → debian/patches/0002-remove-double-common-assignment.patch
=====================================
=====================================
debian/patches/0004-Update-Hungarian-translation.patch → debian/patches/0003-Update-Hungarian-translation.patch
=====================================
@@ -8,12 +8,12 @@ Subject: Update Hungarian translation
2 files changed, 25 insertions(+), 13 deletions(-)
diff --git a/README.md b/README.md
-index 9ca9f3a..c71ef13 100644
+index df3d365..be37a35 100644
--- a/README.md
+++ b/README.md
-@@ -23,3 +23,11 @@ sudo add-apt-repository ppa:micahflee/ppa
- sudo apt-get update
- sudo apt-get install torbrowser-launcher
+@@ -24,3 +24,11 @@ If you want to always have the latest version of the `torbrowser-launcher` packa
+ sudo add-apt-repository ppa:micahflee/ppa
+ sudo apt install torbrowser-launcher
```
+# Installing in blackPanther OS
+
=====================================
debian/patches/0005-Create-da.po.patch → debian/patches/0004-Create-da.po.patch
=====================================
=====================================
debian/patches/0006-Fix-two-spelling-errors.patch → debian/patches/0005-Fix-two-spelling-errors.patch
=====================================
=====================================
debian/patches/0007-Add-Swedish-translation.patch → debian/patches/0006-Add-Swedish-translation.patch
=====================================
=====================================
debian/patches/0008-Remove-mention-of-modem-sound-in-docs-and-translatio.patch → debian/patches/0007-Remove-mention-of-modem-sound-in-docs-and-translatio.patch
=====================================
@@ -14,10 +14,10 @@ Subject: Remove mention of modem sound in docs and translation po files
8 files changed, 42 deletions(-)
diff --git a/README.md b/README.md
-index c71ef13..0245b86 100644
+index be37a35..96cb581 100644
--- a/README.md
+++ b/README.md
-@@ -6,7 +6,6 @@ Tor Browser Launcher is intended to make Tor Browser easier to install and use f
+@@ -8,7 +8,6 @@ Tor Browser Launcher is intended to make Tor Browser easier to install and use f
* Verifies Tor Browser's [signature](https://www.torproject.org/docs/verifying-signatures.html.en) for you, to ensure the version you downloaded was cryptographically signed by Tor developers and was not tampered with
* Adds "Tor Browser" and "Tor Browser Launcher Settings" application launcher to your desktop environment's menu
* Includes AppArmor profiles to make a Tor Browser compromise not as bad
=====================================
debian/patches/0011-Revert-Properly-detect-the-system-s-locale.patch → debian/patches/0008-Revert-Properly-detect-the-system-s-locale.patch
=====================================
@@ -8,7 +8,7 @@ This reverts commit b828bdfafe60bb9bcf93ec660ad5c07ff7fdbdf5.
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/torbrowser_launcher/common.py b/torbrowser_launcher/common.py
-index 4e3a30a..9740e1d 100644
+index 25bb984..1d619b1 100644
--- a/torbrowser_launcher/common.py
+++ b/torbrowser_launcher/common.py
@@ -73,7 +73,7 @@ class Common(object):
=====================================
debian/patches/0009-AppArmor-allow-Web-Content-processes-to-check-the-up.patch deleted
=====================================
@@ -1,23 +0,0 @@
-From: intrigeri <intrigeri at boum.org>
-Date: Tue, 25 Sep 2018 07:23:18 +0000
-Subject: AppArmor: allow Web Content processes to check the update status.
-
-Otherwise restarting after updating Tor Browser is broken.
-
-(cherry picked from commit 1b2e6aae02eeb2a651e8911c0cec3f6e7dcc1a77)
----
- apparmor/torbrowser.Browser.plugin-container | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
-index 7ec8a00..a70f4ac 100644
---- a/apparmor/torbrowser.Browser.plugin-container
-+++ b/apparmor/torbrowser.Browser.plugin-container
-@@ -57,6 +57,7 @@ profile torbrowser_plugin_container {
- owner @{torbrowser_home_dir}/fonts/** r,
- owner @{torbrowser_home_dir}/omni.ja r,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
-+ owner @{torbrowser_home_dir}/TorBrowser/UpdateInfo/updates/[0-9]*/update.{status,version} r,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/* rw,
- owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,
=====================================
debian/patches/0010-AppArmor-allow-Web-Content-processes-to-read-profile.patch deleted
=====================================
@@ -1,26 +0,0 @@
-From: intrigeri <intrigeri at boum.org>
-Date: Sat, 6 Oct 2018 05:49:58 +0000
-Subject: AppArmor: allow Web Content processes to read profile.ini and the
- updates' "updater" file.
-
-Otherwise restarting after updating Tor Browser is broken.
-
-(cherry picked from commit 3cd8aeb0f843d2530382a61a263489aea066b15a)
----
- apparmor/torbrowser.Browser.plugin-container | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/apparmor/torbrowser.Browser.plugin-container b/apparmor/torbrowser.Browser.plugin-container
-index a70f4ac..fdf5fda 100644
---- a/apparmor/torbrowser.Browser.plugin-container
-+++ b/apparmor/torbrowser.Browser.plugin-container
-@@ -57,7 +57,9 @@ profile torbrowser_plugin_container {
- owner @{torbrowser_home_dir}/fonts/** r,
- owner @{torbrowser_home_dir}/omni.ja r,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
-+ owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profiles.ini r,
- owner @{torbrowser_home_dir}/TorBrowser/UpdateInfo/updates/[0-9]*/update.{status,version} r,
-+ owner @{torbrowser_home_dir}/TorBrowser/UpdateInfo/updates/[0-9]/updater rw,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/* rw,
- owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,
=====================================
debian/patches/series
=====================================
@@ -1,11 +1,8 @@
-0001-Remove-apparmor-local-path-from-setup.py.patch
-0002-show-gui-only-if-tbb-not-installed.patch
-0003-remove-double-common-assignment.patch
-0004-Update-Hungarian-translation.patch
-0005-Create-da.po.patch
-0006-Fix-two-spelling-errors.patch
-0007-Add-Swedish-translation.patch
-0008-Remove-mention-of-modem-sound-in-docs-and-translatio.patch
-0009-AppArmor-allow-Web-Content-processes-to-check-the-up.patch
-0010-AppArmor-allow-Web-Content-processes-to-read-profile.patch
-0011-Revert-Properly-detect-the-system-s-locale.patch
+0001-show-gui-only-if-tbb-not-installed.patch
+0002-remove-double-common-assignment.patch
+0003-Update-Hungarian-translation.patch
+0004-Create-da.po.patch
+0005-Fix-two-spelling-errors.patch
+0006-Add-Swedish-translation.patch
+0007-Remove-mention-of-modem-sound-in-docs-and-translatio.patch
+0008-Revert-Properly-detect-the-system-s-locale.patch
=====================================
screenshot.png
=====================================
Binary files a/screenshot.png and b/screenshot.png differ
=====================================
setup.py
=====================================
@@ -81,11 +81,9 @@ if distro != 'Ubuntu':
datafiles += [
('/etc/apparmor.d/', [
'apparmor/torbrowser.Browser.firefox',
- 'apparmor/torbrowser.Browser.plugin-container',
'apparmor/torbrowser.Tor.tor']),
('/etc/apparmor.d/local/', [
'apparmor/local/torbrowser.Browser.firefox',
- 'apparmor/local/torbrowser.Browser.plugin-container',
'apparmor/local/torbrowser.Tor.tor']),
('/etc/apparmor.d/tunables/', ['apparmor/tunables/torbrowser'])
]
=====================================
share/pixmaps/torbrowser.png
=====================================
Binary files a/share/pixmaps/torbrowser.png and b/share/pixmaps/torbrowser.png differ
=====================================
share/torbrowser-launcher/sks-keyservers.netCA.pem deleted
=====================================
@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV
-BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u
-ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw
-MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP
-c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr
-cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I
-6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj
-MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F
-45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS
-FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx
-Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4
-aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx
-MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y
-u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9
-p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP
-fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G
-A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY
-TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR
-OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u
-gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/
-X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5
-gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB
-UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04
-lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT
-BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB
-cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U
-f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G
-ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph
-WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg==
------END CERTIFICATE-----
=====================================
share/torbrowser-launcher/version
=====================================
@@ -1 +1 @@
-0.3.1
+0.3.2
=====================================
torbrowser_launcher/common.py
=====================================
@@ -139,7 +139,6 @@ class Common(object):
'tbl_bin': sys.argv[0],
'icon_file': os.path.join(os.path.dirname(SHARE), 'pixmaps/torbrowser.png'),
'torproject_pem': os.path.join(SHARE, 'torproject.pem'),
- 'keyserver_ca': os.path.join(SHARE, 'sks-keyservers.netCA.pem'),
'signing_keys': {
'tor_browser_developers': os.path.join(SHARE, 'tor-browser-developers.asc')
},
@@ -196,9 +195,7 @@ class Common(object):
p = subprocess.Popen(['/usr/bin/gpg2', '--status-fd', '2',
'--homedir', self.paths['gnupg_homedir'],
- '--keyserver', 'hkps://hkps.pool.sks-keyservers.net',
- '--keyserver-options', 'ca-cert-file=' + self.paths['keyserver_ca']
- + ',include-revoked,no-honor-keyserver-url,no-honor-pka-record',
+ '--keyserver', 'hkps://keys.openpgp.org',
'--refresh-keys'], stderr=subprocess.PIPE)
p.wait()
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/compare/bb44e759a9f11ef000532cede4422b5f9abff542...4c028f4d6972b036236e286b8033990ad5840278
--
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/compare/bb44e759a9f11ef000532cede4422b5f9abff542...4c028f4d6972b036236e286b8033990ad5840278
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-commits/attachments/20190816/bd13d986/attachment-0001.html>
More information about the Pkg-privacy-commits
mailing list