[Pkg-privacy-maintainers] Bug#805634: jessie-pu: torbrowser-launcher/0.2.2-2~deb8u1
Holger Levsen
holger at layer-acht.org
Fri Nov 20 13:10:46 UTC 2015
package: release.debian.org
x-debbugs-cc: pkg-privacy-maintainers at lists.alioth.debian.org
Severity: normal
Tags: jessie
User: release.debian.org at packages.debian.org
Usertags: pu
Hi,
torbrowser-launcher 0.1.9-1+deb8u1 in jessie is affected by 3 serious bugs
(#804184 #784041 #804274) which are all fixed in the version in stretch
(=0.2.1-2), plus there is one annoying bug left in stretch (#805078) which
is fixed in the sid version = 0.2.2-2.
That last bug again breaks torbrowser-launcher completly but can be worked
around by removing ~/.cache/torbrowser/, ~/.local/share/torbrowser/ and
~/.config/torbrowser/ so it's a bummer from the user experience too.
The diff is a bit longer than I would like, but given the commits were
reviewed several times by several people and given the purpose of the package
(to install another rather large bit of software…) I think it's sane to accept
this. Especially as the alternative would mean cherry-picking most of the
commits anyway and having to do the same when upstream (=torbrowser, and thus
the launcher) changes again…
$ git diff debian/0.1.9-1+deb8u1 debian/0.2.2-2|diffstat
apparmor/torbrowser.start-tor-browser | 53 -
b/.gitignore | 2
b/BUILD.md | 4
b/CHANGELOG.md | 24
b/README.md | 24
b/apparmor/torbrowser.Browser.firefox | 18
b/apparmor/torbrowser.Tor.tor | 3
b/apparmor/usr.bin.torbrowser-launcher | 4
b/build_rpm.sh | 2
b/debian/changelog | 58 +-
b/debian/control | 6
b/debian/copyright | 22
b/debian/gbp.conf | 2
b/debian/patches/Include-local-overrides-file-in-AppArmor-profiles.-C.patch | 38 +
b/debian/patches/Set-torbrowser.start-tor-browser-and-usr.bin.torbrow.patch | 26
b/debian/patches/series | 2
b/screenshot.png |binary
b/setup.py | 1
b/share/applications/torbrowser-settings.desktop | 7
b/share/applications/torbrowser.desktop | 8
b/share/torbrowser-launcher/version | 2
b/stdeb.cfg | 5
b/torbrowser_launcher/__init__.py | 7
b/torbrowser_launcher/common.py | 102 ---
b/torbrowser_launcher/launcher.py | 276 +++-------
b/torbrowser_launcher/settings.py | 116 +---
debian/patches/0001-Update-location-of-start-tor-browser-for-TBB-4.5-and.patch | 93 ---
debian/patches/0002-execute-.-start-tor-browser.desktop-instead-of-.-Bro.patch | 41 -
debian/patches/0003-Stop-letting-Tor-Browser-act-as-a-default-browser.patch | 21
share/torbrowser-launcher/erinn.asc | 51 -
30 files changed, 353 insertions(+), 665 deletions(-)
If you want to look yourself in more detail, please use
git.debian.org/git/collab-maint/torbrowser-launcher.git and the tags debian/$version.
(I've confirmed the tags correspond to what has been uploaded. Attached is the output
of debdiff torbrowser-launcher_0.1.9-1+deb8u1.dsc torbrowser-launcher_0.2.2-2.dsc>tbl-jessie-sid.diff)
The upstream changelog is (rather well describing the changes and) reads:
# Tor Browser Launcher Changelog
## 0.2.2
* Tor Browser Lanucher no longer attempts to auto-update, now that Tor Browser has this feature
* System Tor is now an optional dependency
* Fix issue where downloads fail because of unicode URLs
* Removed window management code that stopped working many releases ago, and removed wmctrl dependency
* Removed test code that caused signature verification to happen at the wrong time
## 0.2.1
* Stop using RecommendedTBBVersions and start using more reliable "release" channel XML
* Converted settings file from pickle format to JSON
* Download tarball signatures to verify, rather than SHA256SUMS and signature
* Implemented IPolicyForHTTPS to prevent twisted-related crashes in Debian
* Some AppArmor fixes
## 0.2.0
* Fix critical bug with new location of start-tor-browser
* Silenced some AppArmor denied events from logs
* Print less console output
* Remove support for accepting links
* Added better support for updating over Tor in Fedora
Please advise me the road to fix this.
Finally, you might enjoy https://jenkins.debian.net/view/torbrowser/ which
presents a clear overview shows which version is working in which suite and#
which shall also notify us in time about new breakages!
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tbl-jessie-sid.diff
Type: text/x-patch
Size: 73410 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-privacy-maintainers/attachments/20151120/8edcaa02/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-privacy-maintainers/attachments/20151120/8edcaa02/attachment-0001.sig>
More information about the Pkg-privacy-maintainers
mailing list