changelog has ordinals outside of 128, need to open changelog in binary mode launcher.py #337
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…tion. We already allow the main browser profile to do that but with e10s plugin-container now needs it as well.
…m signals. With e10s Firefox does not need to ptrace itself anymore but instead it needs to ptrace and kill its child plugin-container processes.
…ent Firefox process.
We already allow Firefox to send term signals to plugin-container;
this is the receiving counterpart.
This requires giving the Firefox profile a proper name (torbrowser_firefox)
because this:
signal (receive) set=("term") peer=/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox
… does not work.
Note to package maintainers
===========================
(This should probably be copied to the release notes.)
Due to the profile renaming, upgrading the
/etc/apparmor.d/torbrowser.Browser.firefox file requires special care. The best
option is probably to strongly recommend users to reboot their system after
this upgrade.
Other options I can think of have unacceptable consequences:
- if we unload the old profile from the kernel, we will leave any already
running Tor Browser's Firefox executable unconfined, which is an unacceptable
violation of the user's security expectations;
- if we don't unload the old profile from the kernel, surprising behaviour will
happen such as:
- any already running Tor Browser's Firefox executable will be left confined
under the old profile which won't play well with new rules that have
peer=torbrowser_firefox;
- unpredictable behavior when a new Tor Browser is started, because two
profiles matching the Tor Browser's Firefox executable are loaded.
So far we allowed it to do everything in there except a link operation, so let's be consistent.
…es to read. Same rationale as commit 68f502c.
We don't currently allow access to the audio subsystem; let's not let AppArmor spam the logs about it.
This will allow us to handle upgrades more nicely in the future, e.g. when the executable path changes. Besides, this makes the output of aa-status and logs much easier to grasp. Note to packagers: exactly as for the similar change applied to the Tor Browser's Firefox profile, please consider recommending users to reboot their system after the upgrade that applies this change.
This fixes support for obfs4 and obfs3. meek and fte require vastly more extended permissions and thus dedicated child profiles.
This matches how recent dh-apparmor behaves.
Updated the French translation!
…yet still because of twisted issues)
…rors or update the GUI
…tion fails, it saves a backup. And it uses gpg2 to refresh the keyring instead of gpg1, which did nothing.
…of-date and I use systemwide packages for deps
…uncher into forthommel-patch-1
AppArmor profiles, 2018-01 edition
…compiled. Otherwise, Tor Browser 8.0a9 crashes when clicking "Save Page As".
ghost
requested review from
ghost
changed the title
|
@deskos-xp this PR includes quite a few commits of mine that are probably already on the develop branch. Maybe you meant to request a merge into micahflee:develop rather than micahflee:master? |
|
thanks, wong branch. |
ghost
closed this
This pull request was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
the change should look like this; need to open the changelog in binary mode
def check_min_version(self):
installed_version=None
for line in open(self.common.paths['tbb']['changelog'],'rb').readlines():
if line.startswith(b'Tor Browser '):
installed_version=line.split()[2].decode()
break
if self.min_version <= installed_version:
return True