[Pkg-privacy-commits] [Git][pkg-privacy-team/torbrowser-launcher][debian/jessie-backports-sloppy] 73 commits: torbrowser-launcher: explicitly use python2 as interpreter
Roger Shimizu
rosh at debian.org
Sun Jun 24 18:14:15 BST 2018
Roger Shimizu pushed to branch debian/jessie-backports-sloppy at Privacy Maintainers / torbrowser-launcher
Commits:
8648280c by Aleksa Sarai at 2016-09-18T15:41:29+10:00
torbrowser-launcher: explicitly use python2 as interpreter
On some GNU/Linux distributions, python3 is the default python version
and thus causes issues when running torbrowser-launcher. This is a
stopgap until torbrowser-launcher is ported to python3.
Signed-off-by: Aleksa Sarai <cyphar at cyphar.com>
- - - - -
bace7de8 by sedrubal at 2016-11-09T02:54:37+01:00
Use print_function from __future__
To get compatible to python3
See #214
- - - - -
570e9727 by sedrubal at 2016-11-09T02:57:52+01:00
Use octal numbers for mkdir
Behavior will be changed in python3
See #214
- - - - -
69515611 by sedrubal at 2016-11-09T03:08:34+01:00
Use relative import
I'm not really sure with these imports but it worked for me with python2
and 3 :wink:
- - - - -
a2bc002c by intrigeri at 2017-06-16T17:48:08+00:00
AppArmor: create a new profile for Firefox' content rendering processes (plugin-container).
This profile was copied as-is from torbrowser.Browser.firefox, and I updated the
name of the profile and the corresponding local include only.
- - - - -
46ea9f33 by intrigeri at 2017-06-16T17:48:08+00:00
AppArmor: fully transition to plugin-container's own confinement when starting it, i.e. don't inherit Firefox' confinement.
We will later remove credentials plugin-container doesn't need, in order to
confine it more strictly. Such effort would be worthless if we kept inheriting
the permissions we grant the parent Firefox process.
- - - - -
3b0ef2a2 by intrigeri at 2017-06-16T17:48:08+00:00
AppArmor: allow plugin-container to read/map/execute itself.
- - - - -
9fee29d9 by intrigeri at 2017-06-16T17:48:08+00:00
AppArmor: remove useless "Last modified" lines that don't convey any information.
- - - - -
6f6c8f99 by intrigeri at 2017-06-16T17:48:08+00:00
AppArmor: remove lots of permissions the plugin-container process doesn't need.
- - - - -
b679ceee by intrigeri at 2017-06-16T17:48:08+00:00
AppArmor: give plugin-container read-only access to the Tor Browser components it needs, and to user extensions.
- - - - -
76aca91a by intrigeri at 2017-06-16T17:48:34+00:00
setup.py: install the new torbrowser.Browser.plugin-container profile.
- - - - -
c06722ba by intrigeri at 2017-06-17T09:39:09+00:00
AppArmor: add missing "owner" prefix, for consistency.
- - - - -
33502fa0 by intrigeri at 2017-06-17T09:49:55+00:00
AppArmor (refactoring): extract often used paths into variables.
- - - - -
0184abb4 by intrigeri at 2017-06-23T07:11:41+00:00
Merge remote-tracking branch 'upstream-repo/master' into apparmor-e10s
- - - - -
0fedf0d2 by intrigeri at 2017-06-23T07:26:55+00:00
AppArmor: add missing library loading permissions.
Otherwise at least printing is broken.
- - - - -
af8567e3 by intrigeri at 2017-06-23T08:06:51+00:00
AppArmor: grant plugin-container write access to the Downloads directory.
Otherwise at least printing to a PDF file in that directory fails.
- - - - -
3f8e6f93 by intrigeri at 2017-06-23T08:56:51+00:00
AppArmor: move to plugin-container, and extend, the commented-out lines that help making sound work.
Apparently these permissions are now needed by plugin-container, not by the
master firefox process.
- - - - -
4a2501ef by intrigeri at 2017-06-23T09:12:48+00:00
AppArmor: grant plugin-container write access to its temporary directory.
Otherwise e.g. printing to a PDF file fails.
- - - - -
da82f9ce by intrigeri at 2017-06-23T09:46:33+00:00
AppArmor: merge lines to ease maintenance.
- - - - -
c58b5afc by intrigeri at 2017-06-23T09:57:54+00:00
AppArmor: improve comment about allowing sound.
- - - - -
6608523a by intrigeri at 2017-09-08T07:12:30+00:00
AppArmor: grant plugin-container read-write access on the fontconfig cache.
Apparently it needs that to use & manage the cache.
- - - - -
72d385fb by intrigeri at 2017-09-09T17:30:33+00:00
AppArmor: support sysvinit systems.
With systemd (at least on current Debian sid), /run/shm is a symlink to
/dev/shm, so "owner /dev/shm/org.chromium.* rw," is enough. With sysvinit,
apparently things are set up differently (perhaps the symlinks are in the
opposite direction?) so Firefox tries to access /run/shm/org.chromium.*,
which was rejected.
Let's support both!
Thanks to gregor herrmann <gregoa at debian.org> for the bug report:
https://bugs.debian.org/874383
Note that this problem happens with pristine 0.2.8 profiles,
without the changes brought by my apparmor-e10s branch.
- - - - -
cf9f591f by anonym at 2017-09-22T17:27:12+02:00
Silence the AppArmor logs a bit more.
Tor Browser will always check for these directories and fail,
meanwhile needlessly spamming the journal with audit log entries.
- - - - -
e732a8aa by Roger Shimizu at 2017-09-24T11:55:15+09:00
Update mirror list
Except the official site, there're only 3 working mirror in current
mirror list. So it's really necessary to update the list now.
Got the latest list from:
- https://www.torproject.org/getinvolved/mirrors.html.en
And only keeps https links for security sake.
- - - - -
0c74b866 by intrigeri at 2017-09-24T05:33:35+00:00
AppArmor: allow the tor process to modify its data directory.
It's unclear to me why this is not needed _all the time_, but it does make sense
that at least in some circumstances, it needs to do that, e.g. to create
that directory.
Originally reported by Chris Lamb <lamby at debian.org> on
https://bugs.debian.org/876484.
- - - - -
d043788f by intrigeri at 2017-10-26T11:12:05+00:00
AppArmor: add rules needed with new mediation support added in Linux 4.14.
- - - - -
68f502c3 by intrigeri at 2017-10-26T11:12:52+00:00
AppArmor: grant access to mostly innocuous stuff Firefox tries to read.
I did not check in details why it needs that nowadays but this does not
increase the attack surface significantly, so let's allow it and don't
take the risk of breaking security critical stuff by denying it blindly.
If someone does the research and shows that it's safe to deny such access,
then we can do so.
- - - - -
bc5f78f8 by intrigeri at 2017-10-26T11:16:58+00:00
AppArmor: drop the usr.bin.torbrowser-launcher profile.
It's been broken since years and shipped in complain mode since 26 months.
It's now obvious that nobody cares enough about this profile to maintain it,
so let's drop it to avoid polluting system logs with tons of AppArmor messages:
with Linux 4.14, starting Tor Browser once triggers 27k+ such messages.
- - - - -
469331e5 by Karl-Johan Karlsson at 2017-12-16T12:52:00+01:00
Split print calls on newlines
If torbrowser-launcher cannot write to stdout, e.g. because it was
started in the background and the controlling terminal has been closed
or because it was started from a desktop environment launcher whose
stdout has been closed, it crashes after updating the GnuPG key.
This is due to print() crashing the program if stdout isn't writeable
and the string to print contains a newline.
To work around the problem, split the strings containing newlines into
several calls to print().
See also the upstream bug at https://bugs.python.org/issue32345
Closes #298
- - - - -
f5a953ea by Roger Shimizu at 2017-12-24T22:01:03+09:00
d/rules: Clean up all built files during dh_clean
This makes dpkg-buildpackage be able to run again. Thanks to
Andreas Beckmann for the bugreport.
Closes: #884419
- - - - -
60120aa2 by Roger Shimizu at 2017-12-24T23:18:09+09:00
Update AppStream metadata
Upgrade to the new spec of AppStream metadata:
- https://www.freedesktop.org/software/appstream/docs/chap-Metadata.html
And rename to share/metainfo/torbrowser.appdata.xml
- - - - -
e177df03 by Roger Shimizu at 2017-12-26T08:47:33+09:00
Update d/changelog and d/control
d/control:
- Add myself as uploader.
Gbp-Dch: Ignore
- - - - -
31e2260b by Roger Shimizu at 2017-12-26T08:51:20+09:00
d/patches: Upgrade to the new spec of AppStream metadata
New spec:
https://www.freedesktop.org/software/appstream/docs/chap-Metadata.html
And rename to share/metainfo/torbrowser.appdata.xml
- - - - -
0b7bdaa9 by Roger Shimizu at 2018-01-02T23:09:40+09:00
d/control: Add libdbus-glib-1-2 as dependency
Closes: #862799
- - - - -
52a7685c by Roger Shimizu at 2018-01-03T12:39:12+09:00
Prepare to release 0.2.8-6
- - - - -
1425d79f by Matt Kraai at 2018-01-24T18:45:29-08:00
Read the version number from ChangeLog.txt
Fixes #306
- - - - -
295d3590 by Micah Lee at 2018-01-27T13:42:46-08:00
Merge branch 'kraai-version-number'
- - - - -
24ffca2f by Micah Lee at 2018-01-27T13:46:35-08:00
Merge branch 'force-python2' of https://github.com/cyphar/torbrowser-launcher into cyphar-force-python2
- - - - -
202d166e by Micah Lee at 2018-01-27T13:53:38-08:00
Merge branch 'cyphar-force-python2'
- - - - -
001e1ee4 by Micah Lee at 2018-01-27T13:54:28-08:00
Merge branch 'feature-use-octal-numbers' of https://github.com/sedrubal/torbrowser-launcher into sedrubal-feature-use-octal-numbers
- - - - -
4ce1438a by Micah Lee at 2018-01-27T15:41:36-08:00
Merge branch 'sedrubal-feature-use-octal-numbers'
- - - - -
49c7ae49 by Micah Lee at 2018-01-28T08:24:55-08:00
Merge branch 'feature-print-function' of https://github.com/sedrubal/torbrowser-launcher into sedrubal-feature-print-function
- - - - -
23568b58 by Micah Lee at 2018-01-28T08:26:21-08:00
Merge branch 'feature-relative-import' of https://github.com/sedrubal/torbrowser-launcher into sedrubal-feature-relative-import
- - - - -
3c126cfc by Micah Lee at 2018-01-28T08:32:19-08:00
Merge branch 'PR/fix_mirror' of https://github.com/rogers0/torbrowser-launcher into rogers0-PR/fix_mirror
- - - - -
0be9407c by Micah Lee at 2018-01-28T08:39:47-08:00
Updated mirror list again, from mirrors at https://www.torproject.org/getinvolved/mirrors.html.en on 2018-01-28
- - - - -
53d30f26 by Micah Lee at 2018-01-28T08:42:21-08:00
Merge branch '298-remove-newlines-from-prints' of https://github.com/creideiki/torbrowser-launcher into creideiki-298-remove-newlines-from-prints
- - - - -
b396ddb3 by Micah Lee at 2018-01-28T08:42:50-08:00
Merge branch 'creideiki-298-remove-newlines-from-prints'
- - - - -
dc6b2ec5 by Micah Lee at 2018-01-28T08:44:19-08:00
Merge branch 'PR/appstream_metadata' of https://github.com/rogers0/torbrowser-launcher into rogers0-PR/appstream_metadata
- - - - -
96510834 by Micah Lee at 2018-01-28T08:44:29-08:00
Merge branch 'rogers0-PR/appstream_metadata'
- - - - -
3c70aaeb by Micah Lee at 2018-01-28T08:57:26-08:00
Update default mirror to https://dist.torproject.org/
- - - - -
5644a166 by Micah Lee at 2018-01-28T09:05:03-08:00
Updated changelog and version bump to 0.2.9
- - - - -
42126c43 by Micah Lee at 2018-01-28T09:09:29-08:00
Merge branch 'apparmor-e10s' of https://github.com/intrigeri/torbrowser-launcher into intrigeri-apparmor-e10s
- - - - -
cf7d6d76 by Micah Lee at 2018-01-28T09:09:38-08:00
Merge branch 'intrigeri-apparmor-e10s' into apparmor
- - - - -
4290066b by Micah Lee at 2018-01-28T09:10:28-08:00
Merge branch 'apparmor-Data-Tor' of https://github.com/intrigeri/torbrowser-launcher into apparmor
- - - - -
41e39dc1 by Micah Lee at 2018-01-28T09:10:51-08:00
Merge branch 'silence-tor-browser-apparmor-logs' of https://github.com/intrigeri/torbrowser-launcher into apparmor
- - - - -
914d200d by Micah Lee at 2018-01-28T09:12:09-08:00
Merge branch 'apparmor-vs-Linux-4.14' of https://github.com/intrigeri/torbrowser-launcher into apparmor
- - - - -
ca1864c7 by Micah Lee at 2018-01-28T09:35:24-08:00
Remove nonexistent usr.bin.torbrowser-launcher AppArmor profile from setup.py
- - - - -
06eea27c by Micah Lee at 2018-01-28T10:29:29-08:00
Add blank local override AppArmor files
- - - - -
ae949f37 by Micah Lee at 2018-01-28T10:33:29-08:00
Updated changelog once more
- - - - -
b24ce200 by Roger Shimizu at 2018-01-29T21:54:49+09:00
Merge tag 'v0.2.9' into debian/sid
Version 0.2.9
- - - - -
6de0de3c by Roger Shimizu at 2018-01-29T22:03:36+09:00
d/watch: Change filenamemangle to match with the filename in archive
- - - - -
4a4d3e65 by Roger Shimizu at 2018-01-29T22:11:45+09:00
d/patches: Remove all upstreamed patches
- - - - -
fccb4bb8 by Roger Shimizu at 2018-01-29T22:16:21+09:00
d/rules: Add new apparmor profile: torbrowser.Browser.plugin-container
- - - - -
fd6894d5 by Roger Shimizu at 2018-01-29T22:38:14+09:00
Note the bug closure for the new upstream release
Closes: #888236
- - - - -
c8253e7f by Roger Shimizu at 2018-01-29T23:17:48+09:00
Prepare to release 0.2.9-1
- - - - -
e83b226c by Roger Shimizu at 2018-03-18T22:58:41+09:00
d/patches: Add AppArmor profiles, 2018-01 edition
Thanks to intrigeri.
Some breakdown of the patches:
- Make e10s work fine especially with a Linux 4.14 kernel
- Silencing all the denial logs I could observe
- Support for obfs4 and obfs3
- Various updates, refactoring and clean-ups
- - - - -
ae0070a2 by Roger Shimizu at 2018-03-18T23:12:53+09:00
d/patches: Add a local patch to fix FTBFS
Remove apparmor local path from setup.py
- - - - -
52d0a1bd by Roger Shimizu at 2018-03-27T22:11:50+09:00
Prepare to release 0.2.9-2
- - - - -
ad30c5a6 by intrigeri at 2018-05-25T09:14:18+00:00
NEWS.Debian: recommend rebooting the system after upgrading to 0.2.9-2 (Closes: #894333)
- - - - -
8cdbad48 by intrigeri at 2018-05-25T09:16:45+00:00
Update Vcs-* control fields wrt. the move to Salsa.
- - - - -
9dfa038d by intrigeri at 2018-05-25T09:16:45+00:00
torbrowser-launcher (0.2.9-3)
Git-Dch: Ignore
- - - - -
ffd807bb by Roger Shimizu at 2018-06-24T15:31:05+09:00
Rebuild as 0.2.9-3~bpo9+1 for stretch-backports
- - - - -
18a778a2 by Roger Shimizu at 2018-06-24T15:31:58+09:00
Rebuild as 0.2.9-3~bpo8+1 for jessie-backports-sloppy
- - - - -
30 changed files:
- CHANGELOG.md
- + apparmor/local/torbrowser.Browser.firefox
- + apparmor/local/torbrowser.Browser.plugin-container
- + apparmor/local/torbrowser.Tor.tor
- apparmor/torbrowser.Browser.firefox
- + apparmor/torbrowser.Browser.plugin-container
- apparmor/torbrowser.Tor.tor
- + apparmor/tunables/torbrowser
- − apparmor/usr.bin.torbrowser-launcher
- + debian/NEWS.Debian
- debian/changelog
- debian/control
- − debian/patches/0001-AppArmor-support-sysvinit-systems.patch
- + debian/patches/0001-Update-AppArmor-comments.patch
- + debian/patches/0002-Drop-spurious-trailing-whitespace.patch
- − debian/patches/0002-Update-mirror-list.patch
- + debian/patches/0003-AppArmor-allow-plugin-container-to-read-file-app-ass.patch
- − debian/patches/0003-AppArmor-allow-the-tor-process-to-modify-its-data-di.patch
- − debian/patches/0004-AppArmor-add-rules-needed-with-new-mediation-support.patch
- + debian/patches/0004-AppArmor-allow-Firefox-to-ptrace-plugin-container-an.patch
- + debian/patches/0005-AppArmor-allow-plugin-container-to-receive-term-sign.patch
- − debian/patches/0005-AppArmor-grant-access-to-mostly-innocuous-stuff-Fire.patch
- + debian/patches/0006-Fix-comment.patch
- + debian/patches/0007-AppArmor-allow-Firefox-to-fully-manage-its-fontconfi.patch
- + debian/patches/0008-AppArmor-grant-access-to-mostly-innocuous-stuff-plug.patch
- + debian/patches/0009-AppArmor-silence-denial-logs-about-PulseAudio.patch
- + debian/patches/0010-AppArmor-silence-more-inherited-files-access-denial.patch
- + debian/patches/0011-AppArmor-drop-support-for-long-obsolete-paths.patch
- + debian/patches/0012-AppArmor-refactor-thanks-to-variables-defined-in-tun.patch
- + debian/patches/0013-AppArmor-give-the-tor-profile-a-stable-name.patch
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/compare/118514f57f53052a10f8c8a78a68a4a7772f5de5...18a778a24e13c17cdee03ff1412ee1f1dadfc53d
--
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/compare/118514f57f53052a10f8c8a78a68a4a7772f5de5...18a778a24e13c17cdee03ff1412ee1f1dadfc53d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-commits/attachments/20180624/d1edad2c/attachment-0001.html>
More information about the Pkg-privacy-commits
mailing list