[Pkg-privacy-commits] [torbrowser-launcher] 12/28: Add AppArmor patches as Debian patches

Sun Jul 10 21:18:17 UTC 2016

This is an automated email from the git hooks/post-receive script.

u-guest pushed a commit to branch debian/sid
in repository torbrowser-launcher.

commit 7a7d29bc0b59ed22dc8e4f881a009cc6d0716051
Author: Ulrike Uhlig <u at 451f.org>
Date:   Fri Jun 24 11:07:12 2016 +0200

    Add AppArmor patches as Debian patches
---
 debian/patches/AppArmor-BundledTor | 61 ++++++++++++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 2 files changed, 62 insertions(+)

diff --git a/debian/patches/AppArmor-BundledTor b/debian/patches/AppArmor-BundledTor
new file mode 100644
index 0000000..a92e5bf
--- /dev/null
+++ b/debian/patches/AppArmor-BundledTor
@@ -0,0 +1,61 @@
+Author: intrigeri <intrigeri at debian.org>
+Description: AppArmor should work with bundled Tor.
+
+Integrate several AppArmor patches:
+https://github.com/intrigeri/torbrowser-launcher/commit/8152968beb4845a67b3519566a80ec0ce06efc67
+AppArmor: try to fix Tor Browser upgrade, again.
+This rule is apparently needed to allow the browser to complete its upgrade
+process and restart after an update has been applied.
+
+https://github.com/intrigeri/torbrowser-launcher/commit/33f1d89270c17caf6934f49bf890b900d3b1a3c0
+AppArmor: allow Firefox to start Tor without libc's Secure Execution.
+It needs to know what LD_LIBRARY_PATH was set to, otherwise it won't
+be able to load its bundled libraries, and then all kinds of problems
+can arise, such as not finding needed symbols in the version of these
+libraries installed system-wide.
+
+In practice, due to Secure Execution I have seen Tor fail to start
+due to evutil_secure_rng_set_urandom_device_file not being found
+on a current Debian unstable system.
+---
+Index: torbrowser-launcher/apparmor/torbrowser.Browser.firefox
+===================================================================
+--- torbrowser-launcher.orig/apparmor/torbrowser.Browser.firefox
++++ torbrowser-launcher/apparmor/torbrowser.Browser.firefox
+@@ -41,17 +41,17 @@
+   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/ rw,
+   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** rw,
+   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser.bak/ rwk,
+-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser.bak/updated/ rwk,
++  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser.bak/** rwk,
+   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/*.so mr,
+   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/components/*.so mr,
+   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/browser/components/*.so mr,
+   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox rix,
+-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/updates/[0-9]*/updater ix,
+-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/updates/0/MozUpdater/bgupdate/updater ix,
++  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{,TorBrowser/UpdateInfo/}updates/[0-9]*/updater ix,
++  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{,TorBrowser/UpdateInfo/}updates/0/MozUpdater/bgupdate/updater ix,
+   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profiles.ini r,
+   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/ r,
+   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/** rwk,
+-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor Px,
++  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor px,
+   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/libstdc++.so.6 m,
+   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/Desktop/ rw,
+   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/Desktop/** rwk,
+Index: torbrowser-launcher/apparmor/torbrowser.Tor.tor
+===================================================================
+--- torbrowser-launcher.orig/apparmor/torbrowser.Tor.tor
++++ torbrowser-launcher/apparmor/torbrowser.Tor.tor
+@@ -13,8 +13,8 @@
+   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor mr,
+   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Tor/* rw,
+   owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Tor/lock rwk,
+-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Lib/*.so mr,
+-  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Lib/*.so.* mr,
++  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/Tor,Lib}/*.so mr,
++  owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/Tor,Lib}/*.so.* mr,
+   @{PROC}/meminfo r,
+   @{PROC}/sys/kernel/random/uuid r,
+   /sys/devices/system/cpu/ r,
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..afc16d3
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+AppArmor-BundledTor

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git

