[Pkg-privacy-maintainers] Bug#805634: jessie-pu: torbrowser-launcher/0.2.2-2~deb8u1

Holger Levsen holger at layer-acht.org
Fri Nov 20 13:10:46 UTC 2015

package: release.debian.org
x-debbugs-cc: pkg-privacy-maintainers at lists.alioth.debian.org
Severity: normal
Tags: jessie
User: release.debian.org at packages.debian.org
Usertags: pu


torbrowser-launcher 0.1.9-1+deb8u1 in jessie is affected by 3 serious bugs
(#804184 #784041 #804274) which are all fixed in the version in stretch
(=0.2.1-2), plus there is one annoying bug left in stretch (#805078) which
is fixed in the sid version = 0.2.2-2.

That last bug again breaks torbrowser-launcher completly but can be worked 
around by removing ~/.cache/torbrowser/, ~/.local/share/torbrowser/ and
~/.config/torbrowser/ so it's a bummer from the user experience too.

The diff is a bit longer than I would like, but given the commits were
reviewed several times by several people and given the purpose of the package
(to install another rather large bit of software…) I think it's sane to accept
this. Especially as the alternative would mean cherry-picking most of the
commits anyway and having to do the same when upstream (=torbrowser, and thus
the launcher) changes again…

$ git diff debian/0.1.9-1+deb8u1 debian/0.2.2-2|diffstat
 apparmor/torbrowser.start-tor-browser                                          |   53 -
 b/.gitignore                                                                   |    2 
 b/BUILD.md                                                                     |    4 
 b/CHANGELOG.md                                                                 |   24 
 b/README.md                                                                    |   24 
 b/apparmor/torbrowser.Browser.firefox                                          |   18 
 b/apparmor/torbrowser.Tor.tor                                                  |    3 
 b/apparmor/usr.bin.torbrowser-launcher                                         |    4 
 b/build_rpm.sh                                                                 |    2 
 b/debian/changelog                                                             |   58 +-
 b/debian/control                                                               |    6 
 b/debian/copyright                                                             |   22 
 b/debian/gbp.conf                                                              |    2 
 b/debian/patches/Include-local-overrides-file-in-AppArmor-profiles.-C.patch    |   38 +
 b/debian/patches/Set-torbrowser.start-tor-browser-and-usr.bin.torbrow.patch    |   26 
 b/debian/patches/series                                                        |    2 
 b/screenshot.png                                                               |binary
 b/setup.py                                                                     |    1 
 b/share/applications/torbrowser-settings.desktop                               |    7 
 b/share/applications/torbrowser.desktop                                        |    8 
 b/share/torbrowser-launcher/version                                            |    2 
 b/stdeb.cfg                                                                    |    5 
 b/torbrowser_launcher/__init__.py                                              |    7 
 b/torbrowser_launcher/common.py                                                |  102 ---
 b/torbrowser_launcher/launcher.py                                              |  276 +++-------
 b/torbrowser_launcher/settings.py                                              |  116 +---
 debian/patches/0001-Update-location-of-start-tor-browser-for-TBB-4.5-and.patch |   93 ---
 debian/patches/0002-execute-.-start-tor-browser.desktop-instead-of-.-Bro.patch |   41 -
 debian/patches/0003-Stop-letting-Tor-Browser-act-as-a-default-browser.patch    |   21 
 share/torbrowser-launcher/erinn.asc                                            |   51 -
 30 files changed, 353 insertions(+), 665 deletions(-)

If you want to look yourself in more detail, please use 
git.debian.org/git/collab-maint/torbrowser-launcher.git and the tags debian/$version.

(I've confirmed the tags correspond to what has been uploaded. Attached is the output
of debdiff torbrowser-launcher_0.1.9-1+deb8u1.dsc torbrowser-launcher_0.2.2-2.dsc>tbl-jessie-sid.diff)

The upstream changelog is (rather well describing the changes and) reads:

# Tor Browser Launcher Changelog

## 0.2.2

* Tor Browser Lanucher no longer attempts to auto-update, now that Tor Browser has this feature
* System Tor is now an optional dependency
* Fix issue where downloads fail because of unicode URLs
* Removed window management code that stopped working many releases ago, and removed wmctrl dependency
* Removed test code that caused signature verification to happen at the wrong time

## 0.2.1

* Stop using RecommendedTBBVersions and start using more reliable "release" channel XML
* Converted settings file from pickle format to JSON
* Download tarball signatures to verify, rather than SHA256SUMS and signature
* Implemented IPolicyForHTTPS to prevent twisted-related crashes in Debian
* Some AppArmor fixes

## 0.2.0

* Fix critical bug with new location of start-tor-browser
* Silenced some AppArmor denied events from logs
* Print less console output
* Remove support for accepting links
* Added better support for updating over Tor in Fedora

Please advise me the road to fix this.

Finally, you might enjoy https://jenkins.debian.net/view/torbrowser/ which
presents a clear overview shows which version is working in which suite and#
which shall also notify us in time about new breakages!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: tbl-jessie-sid.diff
Type: text/x-patch
Size: 73410 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-privacy-maintainers/attachments/20151120/8edcaa02/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-privacy-maintainers/attachments/20151120/8edcaa02/attachment-0001.sig>

More information about the Pkg-privacy-maintainers mailing list