[Pkg-privacy-commits] [Git][pkg-privacy-team/torbrowser-launcher][debian/experimental] 45 commits: Drop spurious trailing whitespace.

Wed Sep 19 17:29:29 BST 2018

Roger Shimizu pushed to branch debian/experimental at Privacy Maintainers / torbrowser-launcher

Commits:
064ad1f7 by intrigeri at 2018-01-29T08:24:13Z
Drop spurious trailing whitespace.

- - - - -
cdb290fe by intrigeri at 2018-01-29T08:24:13Z
AppArmor: allow plugin-container to read file/app association information.

We already allow the main browser profile to do that but with e10s
plugin-container now needs it as well.

- - - - -
9c609476 by intrigeri at 2018-01-29T08:24:13Z
AppArmor: allow Firefox to ptrace plugin-container and to send it term signals.

With e10s Firefox does not need to ptrace itself anymore but instead it needs
to ptrace and kill its child plugin-container processes.

- - - - -
d62a692a by intrigeri at 2018-01-29T08:24:13Z
AppArmor: allow plugin-container to receive term signals from the parent Firefox process.

We already allow Firefox to send term signals to plugin-container;
this is the receiving counterpart.

This requires giving the Firefox profile a proper name (torbrowser_firefox)
because this:

  signal (receive) set=("term") peer=/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox

… does not work.

Note to package maintainers
===========================

(This should probably be copied to the release notes.)

Due to the profile renaming, upgrading the
/etc/apparmor.d/torbrowser.Browser.firefox file requires special care. The best
option is probably to strongly recommend users to reboot their system after
this upgrade.

Other options I can think of have unacceptable consequences:

 - if we unload the old profile from the kernel, we will leave any already
   running Tor Browser's Firefox executable unconfined, which is an unacceptable
   violation of the user's security expectations;

 - if we don't unload the old profile from the kernel, surprising behaviour will
   happen such as:

    - any already running Tor Browser's Firefox executable will be left confined
      under the old profile which won't play well with new rules that have
      peer=torbrowser_firefox;
    - unpredictable behavior when a new Tor Browser is started, because two
      profiles matching the Tor Browser's Firefox executable are loaded.

- - - - -
f4093174 by intrigeri at 2018-01-29T08:24:13Z
Fix comment.

- - - - -
936aee55 by intrigeri at 2018-01-29T08:24:13Z
AppArmor: allow Firefox to fully manage its fontconfig cache.

So far we allowed it to do everything in there except a link operation, so let's
be consistent.

- - - - -
dedd45b0 by intrigeri at 2018-01-29T08:24:13Z
AppArmor: grant access to mostly innocuous stuff plugin-container tries to read.

Same rationale as commit 68f502c3fbb754742cd23967cf30038ff6ce799a.

- - - - -
27289e19 by intrigeri at 2018-01-29T08:24:13Z
AppArmor: silence denial logs about PulseAudio.

We don't currently allow access to the audio subsystem; let's not let AppArmor
spam the logs about it.

- - - - -
0109e95e by intrigeri at 2018-01-29T08:24:13Z
AppArmor: silence more inherited files access denial.

- - - - -
b1e082fe by intrigeri at 2018-01-29T08:24:13Z
AppArmor: drop support for long-obsolete paths.

- - - - -
a9bef63b by intrigeri at 2018-01-29T08:24:13Z
AppArmor: refactor thanks to variables defined in tunables/torbrowser.

- - - - -
33fd86fa by intrigeri at 2018-01-29T08:24:13Z
AppArmor: give the tor profile a stable name.

This will allow us to handle upgrades more nicely in the future,
e.g. when the executable path changes. Besides, this makes the output of
aa-status and logs much easier to grasp.

Note to packagers: exactly as for the similar change applied to the Tor
Browser's Firefox profile, please consider recommending users to reboot their
system after the upgrade that applies this change.

- - - - -
850d5606 by intrigeri at 2018-01-29T08:24:13Z
AppArmor: support some of the included pluggable transports.

This fixes support for obfs4 and obfs3.

meek and fte require vastly more extended permissions and thus dedicated
child profiles.

- - - - -
91652b64 by intrigeri at 2018-01-29T08:24:52Z
AppArmor: remove boilerplate from local override files.

This matches how recent dh-apparmor behaves.

- - - - -
8a762563 by intrigeri at 2018-04-06T07:05:37Z
Merge pull request #310 from intrigeri/apparmor-201801-edition

AppArmor profiles, 2018-01 edition
- - - - -
ad95bbda by intrigeri at 2018-07-03T15:43:10Z
AppArmor: allow Firefox to read /usr/share/glib-2.0/schemas/gschemas.compiled.

Otherwise, Tor Browser 8.0a9 crashes when clicking "Save Page As".

- - - - -
35d08323 by Kunitsyn Andrey Sergeevich at 2018-07-07T17:31:38Z
Update the Russian translate

- - - - -
5648d7d8 by Ulrike Uhlig at 2018-07-23T11:59:44Z
Remove myself from uploaders.

- - - - -
4e4bbd67 by Carl Joseph Hirner III at 2018-07-29T19:40:21Z
Delete launcher.py
- - - - -
bd9e67c2 by Carl Joseph Hirner III at 2018-07-29T19:40:46Z
Add files via upload
- - - - -
a67f026c by intrigeri at 2018-08-18T19:23:13Z
AppArmor: adjust Firefox binary path for Tor Browser 8.0a10.

At this point it seems unlikely that the develop branch will be released
before Tor Browser 8.0 so here we go, let's get ready.

Note that I could have written firefox{,.real} instead, to support both Tor
Browser 7.5 and 8.0, but then we would have to open the profile more broadly so
the new shell wrapper installed as "firefox" by Tor Browser 8.0a10 can do its
job. This does not seem worth the hassle and will be fine as long as this new
torbrowser-launcher is released approximately at the same time as, or after, Tor
Browser 8.

- - - - -
7ff9b5bd by Roger Shimizu at 2018-09-09T07:29:09Z
d/patches: Cherry-pick two upstream commits to fix appamor profile

Fix appamor profile to support Tor Browser 8.0a9

Closes: #908068

- - - - -
6e1b7e18 by Roger Shimizu at 2018-09-09T07:43:19Z
Prepare to release 0.2.9-4

- - - - -
8b15bbd4 by Roger Shimizu at 2018-09-09T15:22:50Z
Make lintian slightly happy

* debian/source/lintian-overrides:
  - Rename from debian/source.lintian-overrides
* debian/control:
  - Rename tag X-Python-Version to XS-Python-Version.

- - - - -
678d0834 by intrigeri at 2018-09-10T07:55:55Z
AppArmor: confine Firefox 60 "Web Content" processes under the torbrowser_plugin_container AppArmor profile.

- - - - -
45265423 by intrigeri at 2018-09-10T07:55:59Z
AppArmor: give Tor Browser's Web Content process some more innocuous access it now needs.

- - - - -
eb328f2a by intrigeri at 2018-09-10T09:41:49Z
AppArmor: give Web Content processes read access to the startup cache, otherwise they fail to load

- - - - -
df0873bb by Roger Shimizu at 2018-09-12T15:42:03Z
d/patches: Cherry-pick three upstream commits

3 commits to fix appamor profile for Web Content process.

Closes: #908463

- - - - -
b828bdfa by Micah Lee at 2018-09-14T22:00:41Z
Properly detect the system's locale

- - - - -
e886c201 by Micah Lee at 2018-09-14T22:04:55Z
Update list of languages that Tor Browser is available in

- - - - -
1eee4dcd by Micah Lee at 2018-09-14T22:09:45Z
Merge branch 'develop' of https://github.com/deskos-xp/torbrowser-launcher into deskos-xp-develop

- - - - -
e6069cfe by Micah Lee at 2018-09-14T22:11:33Z
Remove extra print statement

- - - - -
db2e3c9a by Micah Lee at 2018-09-14T22:11:41Z
Merge branch 'deskos-xp-develop' into develop

- - - - -
11dd4d00 by Micah Lee at 2018-09-14T22:14:25Z
Merge branch 'develop' of https://github.com/NaruTrey/torbrowser-launcher into NaruTrey-develop

- - - - -
e9b7eab1 by Micah Lee at 2018-09-14T22:14:32Z
Merge branch 'NaruTrey-develop' into develop

- - - - -
b50706b7 by Micah Lee at 2018-09-14T22:32:13Z
Merge branch 'locale-fix' into develop

- - - - -
d6d01588 by Micah Lee at 2018-09-14T22:33:04Z
Version bump to 0.3.0 and updated changelog

- - - - -
d0deb2f9 by Roger Shimizu at 2018-09-17T16:08:05Z
d/torbrowser-launcher.maintscript: rm_conffile appamor profile

rm_conffile appamor profile /etc/apparmor.d/local/*, which was
removed since 0.2.9-2. Thanks to gregor herrmann for the fix.

- - - - -
e20c71d8 by Roger Shimizu at 2018-09-17T16:16:59Z
d/control: Add XB-Python-Version tag for binary package

- - - - -
c8628ea7 by Roger Shimizu at 2018-09-17T16:17:18Z
Prepare to release 0.2.9-5

- - - - -
e92689e8 by Roger Shimizu at 2018-09-18T14:17:50Z
Merge branch 'debian/sid' into debian/experimental

- - - - -
78b2fb37 by Roger Shimizu at 2018-09-18T14:22:05Z
Merge tag 'v0.3.0' into debian/experimental

Version 0.3.0

- - - - -
6fb3fc08 by Roger Shimizu at 2018-09-18T14:47:05Z
New upstream release 0.3.0 and refresh d/patches

Upstreamed patches are removed.

- - - - -
4c1f9370 by Roger Shimizu at 2018-09-19T13:52:17Z
d/control: Remove XS-Python-Version and XB-Python-Version

Since lintian says it's not necessary.

- - - - -
04d9921f by Roger Shimizu at 2018-09-19T14:06:56Z
Prepare to release 0.3.0-1~exp1

- - - - -

30 changed files:

- CHANGELOG.md
- apparmor/local/torbrowser.Browser.firefox
- apparmor/local/torbrowser.Browser.plugin-container
- apparmor/local/torbrowser.Tor.tor
- apparmor/torbrowser.Browser.firefox
- apparmor/torbrowser.Browser.plugin-container
- apparmor/torbrowser.Tor.tor
- debian/changelog
- debian/control
- − debian/patches/0001-Drop-spurious-trailing-whitespace.patch
- debian/patches/0015-Remove-apparmor-local-path-from-setup.py.patch → debian/patches/0001-Remove-apparmor-local-path-from-setup.py.patch
- − debian/patches/0002-AppArmor-allow-plugin-container-to-read-file-app-ass.patch
- debian/patches/0016-show-gui-only-if-tbb-not-installed.patch → debian/patches/0002-show-gui-only-if-tbb-not-installed.patch
- − debian/patches/0003-AppArmor-allow-Firefox-to-ptrace-plugin-container-an.patch
- debian/patches/0017-remove-double-common-assignment.patch → debian/patches/0003-remove-double-common-assignment.patch
- − debian/patches/0004-AppArmor-allow-plugin-container-to-receive-term-sign.patch
- − debian/patches/0005-Fix-comment.patch
- − debian/patches/0006-AppArmor-allow-Firefox-to-fully-manage-its-fontconfi.patch
- − debian/patches/0007-AppArmor-grant-access-to-mostly-innocuous-stuff-plug.patch
- − debian/patches/0008-AppArmor-silence-denial-logs-about-PulseAudio.patch
- − debian/patches/0009-AppArmor-silence-more-inherited-files-access-denial.patch
- − debian/patches/0010-AppArmor-drop-support-for-long-obsolete-paths.patch
- − debian/patches/0011-AppArmor-refactor-thanks-to-variables-defined-in-tun.patch
- − debian/patches/0012-AppArmor-give-the-tor-profile-a-stable-name.patch
- − debian/patches/0013-AppArmor-support-some-of-the-included-pluggable-tran.patch
- − debian/patches/0014-AppArmor-remove-boilerplate-from-local-override-file.patch
- − debian/patches/0018-AppArmor-allow-Firefox-to-read-usr-share-glib-2.0-sc.patch
- − debian/patches/0019-AppArmor-adjust-Firefox-binary-path-for-Tor-Browser-.patch
- − debian/patches/0020-AppArmor-confine-Firefox-60-Web-Content-processes-un.patch
- − debian/patches/0021-AppArmor-give-Tor-Browser-s-Web-Content-process-some.patch

The diff was not included because it is too large.

View it on GitLab: https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/compare/d7e0b6a85fd039cd36410f172aa589ab7377343f...04d9921f07b93faa043d6fc1fc62789a477e6bc1

-- 
View it on GitLab: https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/compare/d7e0b6a85fd039cd36410f172aa589ab7377343f...04d9921f07b93faa043d6fc1fc62789a477e6bc1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-commits/attachments/20180919/8f47d9fb/attachment-0001.html>