Commit 9158b310 authored by Tails translators's avatar Tails translators

merge with main git using update-weblate-git.

parents 2254423b 7ce7a280
This diff is collapsed.
......@@ -76,11 +76,6 @@ Package: linux-compiler-* linux-headers-* linux-image-* linux-kbuild-* linux-sou
Pin: release o=Debian,n=sid
Pin-Priority: 999
Explanation: We ship our custom-built Thunderbird for now, see #6156
Package: thunderbird* calendar-google-provider
Pin: origin deb.tails.boum.org
Pin-Priority: 999
Explanation: src:libdrm
Package: libdrm*
Pin: release o=Debian,n=stretch-backports
......
......@@ -13,7 +13,7 @@ echo "Install the Tor Browser"
# a new browser profile we can simply copy the profile directory
# without duplicating all extensions.
. /usr/local/lib/tails-shell-library/tor-browser.sh
# Import install_fake_package
# Import install_fake_package and strip_nondeterminism_wrapper
. /usr/local/lib/tails-shell-library/build.sh
download_and_verify_files() {
......
......@@ -11,14 +11,9 @@ echo "Localize each supported browser locale"
# Import language_code_from_locale()
. /usr/local/lib/tails-shell-library/localization.sh
# Import strip_nondeterminism_wrapper() and ensure_hook_dependency_is_installed()
. /usr/local/lib/tails-shell-library/build.sh
# Import TAILS_WIKI_SUPPORTED_LANGUAGES
. /etc/amnesia/environment
ensure_hook_dependency_is_installed p7zip imagemagick
BROWSER_LOCALIZATION_DIR="/usr/share/tails/browser-localization"
DESCRIPTIONS_FILE="${BROWSER_LOCALIZATION_DIR}/descriptions"
LOCALE_PROFILES_DIR="/etc/tor-browser/locale-profiles/"
......
#!/bin/sh
set -e
set -u
echo "Patching the Thunderbird account setup wizard"
# Import strip_nondeterminism_wrapper
. /usr/local/lib/tails-shell-library/build.sh
OMNI_JA=/usr/share/thunderbird/omni.ja
/usr/share/tails/build/patch-thunderbird \
"$OMNI_JA" \
/usr/share/tails/build/thunderbird-patches
strip_nondeterminism_wrapper \
--type zip \
--timestamp "$SOURCE_DATE_EPOCH" \
"$OMNI_JA" 2>/dev/null
......@@ -39,6 +39,8 @@ for modules_dir in /lib/modules/*/extra ; do
fi
done
strip --strip-debug /lib/modules/*/extra/aufs.ko
depmod "${KERNEL_VERSION}-${arch}"
rm -r /usr/src/aufs4-standalone
rm -r "/usr/src/linux-source-${KERNEL_SOURCE_VERSION}"
......@@ -270,9 +270,8 @@ class Volume(object):
None) # cancellable
unmounted_at_least_once = True
except GLib.Error as e:
if "org.freedesktop.UDisks2.Error.NotMounted" in e.message:
if not unmounted_at_least_once:
logger.warning("Failed to unmount volume %s: %s", self.device_file, e.message)
# Ignore "not mounted" error if the volume was already unmounted
if "org.freedesktop.UDisks2.Error.NotMounted" in e.message and unmounted_at_least_once:
return
raise
......@@ -322,8 +321,16 @@ class Volume(object):
loop.call_set_autoclear_sync(True,
GLib.Variant('a{sv}', {}), # options
None) # cancellable
self.unmount()
self.backing_volume.lock()
try:
self.unmount()
self.backing_volume.lock()
except GLib.Error as e:
# Translators: Don't translate {volume_name} or {error_message},
# they are placeholder and will be replaced.
body = _("Couldn't lock volume {volume_name}:\n{error_message}".format(volume_name=self.name,
error_message=e.message))
self.manager.show_warning(_("Error locking volume"), body)
return
def on_unlock_button_clicked(self, button):
logger.debug("in on_unlock_button_clicked")
......
......@@ -255,6 +255,9 @@ class VolumeManager(object):
Gtk.ButtonsType.CLOSE,
title)
dialog.format_secondary_markup(body)
# Make the body selectable to allow users to easily copy/paste the error message
dialog.get_message_area().get_children()[-1].set_selectable(True)
dialog.run()
dialog.close()
......
#!/bin/sh
set -e
PREREQ=""
prereqs () {
echo "${PREREQ}"
}
case "${1}" in
prereqs)
prereqs
exit 0
;;
esac
. /usr/share/initramfs-tools/hook-functions
manual_add_modules mmc_core mmc_block sdhci-pci sdhci
exit 0
......@@ -123,8 +123,9 @@ dd if=/tmp/vbr of="${SYSTEM_PARTITION}" bs=3 count=1
# Set a random filesystem UUID (aka. FAT "Volume ID" / "serial number")
MTOOLS_SKIP_CHECK=1 mlabel -i "${SYSTEM_PARTITION}" -n ::Tails
# Set the following attributes on the system partition (we have to
# set them after running fatresize, because fatresize resets them):
# Recompute CHS values for the hybrid MBR (see #16389) and set the
# following attributes on the system partition (we have to set them
# after running fatresize, because fatresize resets them):
# 0: system partition
# 2: legacy BIOS bootable
# 60: read-only
......@@ -136,6 +137,7 @@ sgdisk \
--attributes=1:set:60 \
--attributes=1:set:62 \
--attributes=1:set:63 \
--recompute-chs \
"${PARENT_DEVICE}"
# Tell the kernel to reload the partition table
......
#!/bin/sh
set -e
set -u
OMNI_JA="$1"
PATCHES_DIRECTORY=$(readlink -f "$2")
[ -r "$OMNI_JA" ] || exit 1
[ -d "$PATCHES_DIRECTORY" ] || exit 2
tmpdir="$(mktemp -d)"
(
cd "${tmpdir}"
# due to the weird omni.ja format, 7z will exit with non-zero code,
# that we need to override
7z x -tzip "$OMNI_JA" || true
for patch in $(cat "$PATCHES_DIRECTORY"/series) ; do
cat "$PATCHES_DIRECTORY/$patch" \
| perl -p -E 's{^(--- [ab])/comm/mail/components/accountcreation/content/}{$1/chrome/messenger/content/messenger/accountcreation/}' \
| perl -p -E 's{^(--- [ab])/comm/mailnews/}{$1/defaults/pref/}' \
| patch -p1
done
find . -name *.js -exec touch --date="@$SOURCE_DATE_EPOCH" '{}' \;
rm "$OMNI_JA"
7z a -mtc=off -tzip "$OMNI_JA" *
)
rm -r "${tmpdir}"
From bb7b4741004c367132869b56dbd62a829ac67167 Mon Sep 17 00:00:00 2001
From: anonym <anonym@riseup.net>
Date: Wed, 27 Feb 2019 09:54:59 +0100
Subject: [PATCH] Add SOCKS proxy support for account guessing.
Any configured SOCKS proxy will be used while probing servers, but
HTTP(s) proxies etc will be ignored since they are not
applicable. This solves Mozilla bug #669238:
https://bugzilla.mozilla.org/show_bug.cgi?id=669238
Refreshed-by: Cyril Brulebois <ckb@riseup.net>
Backported from TB 66 to TB 65, dropping reindentation to have a
higher chance of applying this patch successfully against further
65.x releases.
--- a/comm/mail/components/accountcreation/content/guessConfig.js
+++ b/comm/mail/components/accountcreation/content/guessConfig.js
@@ -467,9 +467,18 @@ HostDetector.prototype =
if (i == 0) // showing 50 servers at once is pointless
this.mProgressCallback(thisTry);
+ // This implements the nsIProtocolProxyCallback interface:
+ function ProxyResolveCallback() { }
+ ProxyResolveCallback.prototype = {
+ onProxyAvailable : function(req, uri, proxyInfo, status) {
+ // Anything but a SOCKS proxy will be unusable for the probes.
+ if (proxyInfo != null && proxyInfo.type != "socks" &&
+ proxyInfo.type != "socks4") {
+ proxyInfo = null;
+ }
thisTry.abortable = SocketUtil(
thisTry.hostname, thisTry.port, thisTry.ssl,
- thisTry.commands, TIMEOUT,
+ thisTry.commands, TIMEOUT, proxyInfo,
new SSLErrorHandler(thisTry, this._log),
function(wiredata) // result callback
{
@@ -487,6 +496,21 @@ HostDetector.prototype =
thisTry.status = kFailed;
me._checkFinished();
});
+ }
+ };
+
+ var proxyService = Cc["@mozilla.org/network/protocol-proxy-service;1"]
+ .getService(Ci.nsIProtocolProxyService);
+ // Use some arbitrary scheme just because it is required...
+ var uri = Services.io.newURI("http://" + thisTry.hostname, null, null);
+ // ... we'll ignore it any way. We prefer SOCKS since that's the
+ // only thing we can use for email protocols.
+ var proxyFlags = Ci.nsIProtocolProxyService.RESOLVE_IGNORE_URI_SCHEME |
+ Ci.nsIProtocolProxyService.RESOLVE_PREFER_SOCKS_PROXY;
+ if (Services.prefs.getBoolPref("network.proxy.socks_remote_dns")) {
+ proxyFlags |= Ci.nsIProtocolProxyService.RESOLVE_ALWAYS_TUNNEL;
+ }
+ proxyService.asyncResolve(uri, proxyFlags, new ProxyResolveCallback());
thisTry.status = kOngoing;
}
},
@@ -1019,13 +1043,14 @@ SSLErrorHandler.prototype =
* @param commands {Array of String}: protocol commands
* to send to the server.
* @param timeout {Integer} seconds to wait for a server response, then cancel.
+ * @param proxy {nsIProxyInfo} The proxy to use (or null to not use any).
* @param sslErrorHandler {SSLErrorHandler}
* @param resultCallback {function(wiredata)} This function will
* be called with the result string array from the server
* or null if no communication occurred.
* @param errorCallback {function(e)}
*/
-function SocketUtil(hostname, port, ssl, commands, timeout,
+function SocketUtil(hostname, port, ssl, commands, timeout, proxy,
sslErrorHandler, resultCallback, errorCallback)
{
assert(commands && commands.length, "need commands");
@@ -1064,7 +1089,7 @@ function SocketUtil(hostname, port, ssl,
var socketTypeName = ssl == SSL ? "ssl" : (ssl == TLS ? "starttls" : null);
var transport = transportService.createTransport([socketTypeName],
ssl == NONE ? 0 : 1,
- hostname, port, null);
+ hostname, port, proxy);
transport.setTimeout(Ci.nsISocketTransport.TIMEOUT_CONNECT, timeout);
transport.setTimeout(Ci.nsISocketTransport.TIMEOUT_READ_WRITE, timeout);
From b0ca355e118dd7d4bf147550fbce8ddd23140c8e Mon Sep 17 00:00:00 2001
From: anonym <anonym@riseup.net>
Date: Wed, 27 Feb 2019 09:44:54 +0100
Subject: [PATCH] Add comment for pref.
All other prefs in this section have comments, so not commenting this
one may even be confusing ("does the comment for
fetchFromExchange.enable also apply to guess.enabled?").
---
comm/mailnews/mailnews.js | 3 +++
1 file changed, 3 insertions(+)
--- a/comm/mailnews/mailnews.js
+++ b/comm/mailnews/mailnews.js
@@ -908,6 +908,9 @@ pref("mailnews.auto_config.fetchFromISP.
// This also sends the email address and password to the server,
// which the protocol unfortunately requires in practice.
pref("mailnews.auto_config.fetchFromExchange.enabled", true);
+// Whether we will attempt to guess the account configuration based on
+// protocol default ports and common domain practices
+// (e.g. {mail,pop,imap,smtp}.<email-domain>).
pref("mailnews.auto_config.guess.enabled", true);
// Work around bug 1454325 by disabling mimetype mungling in XmlHttpRequest
pref("dom.xhr.standard_content_type_normalization", false);
From c143a7e31885968afa1488f0a103676a84fa183f Mon Sep 17 00:00:00 2001
From: anonym <anonym@riseup.net>
Date: Wed, 27 Feb 2019 10:44:24 +0100
Subject: [PATCH] Add pref for setting the autoconfiguration guess timeout.
The static 10 seconds is not enough for Tor users (delay spikes of 10
seconds is not uncommon), so let's make it possible for the TorBirdy
extension to override this timeout.
---
comm/mail/components/accountcreation/content/guessConfig.js | 5 ++---
comm/mailnews/mailnews.js | 2 ++
2 files changed, 4 insertions(+), 3 deletions(-)
--- a/comm/mail/components/accountcreation/content/guessConfig.js
+++ b/comm/mail/components/accountcreation/content/guessConfig.js
@@ -6,8 +6,6 @@
ChromeUtils.import("resource:///modules/gloda/log4moz.js");
ChromeUtils.import("resource://gre/modules/Services.jsm");
-var TIMEOUT = 10; // in seconds
-
// This is a bit ugly - we set outgoingDone to false
// when emailWizard.js cancels the outgoing probe because the user picked
// an outoing server. It does this by poking the probeAbortable object,
@@ -456,6 +454,7 @@ HostDetector.prototype =
if (this._cancel)
return;
var me = this;
+ var timeout = Services.prefs.getIntPref("mailnews.auto_config.guess.timeout");
for (let i = 0; i < this._hostsToTry.length; i++)
{
let thisTry = this._hostsToTry[i]; // {HostTry}
@@ -478,7 +477,7 @@ HostDetector.prototype =
}
thisTry.abortable = SocketUtil(
thisTry.hostname, thisTry.port, thisTry.ssl,
- thisTry.commands, TIMEOUT, proxyInfo,
+ thisTry.commands, timeout, proxyInfo,
new SSLErrorHandler(thisTry, this._log),
function(wiredata) // result callback
{
--- a/comm/mailnews/mailnews.js
+++ b/comm/mailnews/mailnews.js
@@ -918,6 +918,8 @@ pref("mailnews.auto_config.ssl_only_conf
// protocol default ports and common domain practices
// (e.g. {mail,pop,imap,smtp}.<email-domain>).
pref("mailnews.auto_config.guess.enabled", true);
+// The timeout (in seconds) for each guess
+pref("mailnews.auto_config.guess.timeout", 10);
// Whether we allow fetched configurations using OAuth2.
pref("mailnews.auto_config.account_constraints.allow_oauth2", true);
// Work around bug 1454325 by disabling mimetype mungling in XmlHttpRequest
From 619c17e0dc3d1cbfdf3859b18c9e71ec00694f9c Mon Sep 17 00:00:00 2001
From: anonym <anonym@riseup.net>
Date: Wed, 27 Feb 2019 10:59:33 +0100
Subject: [PATCH] Add pref for whether to accept plaintext protocols during
autoconfiguration.
Let's make it possible for security-focused distributions (and
extensions like TorBirdy) to prevent insecure configurations to ever
be displayed to users; for other users there is a warning explaining
the consequences of accepting a non-SSL configuration.
--- a/comm/mail/components/accountcreation/content/guessConfig.js
+++ b/comm/mail/components/accountcreation/content/guessConfig.js
@@ -412,6 +412,7 @@ HostDetector.prototype =
{ "imap" : IMAP, "pop3" : POP, "smtp" : SMTP }, UNKNOWN);
if (!port)
port = UNKNOWN;
+ var ssl_only = Services.prefs.getBoolPref("mailnews.auto_config.ssl_only_mail_servers");
var ssl = ConvertSocketTypeToSSL(socketType);
this._cancel = false;
this._log.info("doing auto detect for protocol " + protocol +
@@ -435,6 +436,8 @@ HostDetector.prototype =
for (let j = 0; j < hostEntries.length; j++)
{
let hostTry = hostEntries[j]; // from getHostEntry()
+ if (ssl_only && hostTry.ssl == NONE)
+ continue;
hostTry.hostname = hostname;
hostTry.status = kNotTried;
hostTry.desc = hostTry.hostname + ":" + hostTry.port +
--- a/comm/mail/components/accountcreation/content/readFromXML.js
+++ b/comm/mail/components/accountcreation/content/readFromXML.js
@@ -29,6 +29,8 @@ function readFromXML(clientConfigXML)
}
var allow_oauth2 =
Services.prefs.getBoolPref("mailnews.auto_config.account_constraints.allow_oauth2");
+ var ssl_only =
+ Services.prefs.getBoolPref("mailnews.auto_config.ssl_only_mail_servers");
var exception;
if (typeof(clientConfigXML) != "object" ||
!("clientConfig" in clientConfigXML) ||
@@ -92,6 +94,10 @@ function readFromXML(clientConfigXML)
throw exception ? exception : "need proper <socketType> in XML";
exception = null;
+ if (ssl_only && iO.socketType == 1) {
+ continue;
+ }
+
for (let iXauth of array_or_undef(iX.$authentication))
{
try {
@@ -177,6 +183,10 @@ function readFromXML(clientConfigXML)
throw exception ? exception : "need proper <socketType> in XML";
exception = null;
+ if (ssl_only && oO.socketType == 1) {
+ continue;
+ }
+
for (let oXauth of array_or_undef(oX.$authentication))
{
try {
--- a/comm/mailnews/mailnews.js
+++ b/comm/mailnews/mailnews.js
@@ -922,6 +922,12 @@ pref("mailnews.auto_config.guess.enabled
pref("mailnews.auto_config.guess.timeout", 10);
// Whether we allow fetched configurations using OAuth2.
pref("mailnews.auto_config.account_constraints.allow_oauth2", true);
+// Whether we allow fetched account configurations that employs
+// non-SSL/TLS protocols. With this option set, insecure
+// configurations are never presented to the user; with this option
+// unset, users picking an insecure configuration will get a warning
+// and have to opt-in.
+pref("mailnews.auto_config.ssl_only_mail_servers", false);
// Work around bug 1454325 by disabling mimetype mungling in XmlHttpRequest
pref("dom.xhr.standard_content_type_normalization", false);
From bd42ea2e3864f97608530d3f79efb8f816f2c71a Mon Sep 17 00:00:00 2001
From: anonym <anonym@riseup.net>
Date: Wed, 27 Feb 2019 10:34:33 +0100
Subject: [PATCH] Add pref for whether we accept OAuth2 during
autoconfiguration.
For many providers JavaScript is required for OAuth2 to work; with it
disabled autoconfiguration then result in a terrible UX (e.g. the web
login fails, has to manually alter the authentication method). Let's
provide a pref that discards OAuth2 configurations so e.g. extensions
that disables JavaScript (like TorBirdy) can provide a workaround.
---
.../accountcreation/content/emailWizard.js | 56 ++++++++++++----------
.../accountcreation/content/readFromXML.js | 14 ++++++
comm/mailnews/mailnews.js | 2 +
3 files changed, 46 insertions(+), 26 deletions(-)
--- a/comm/mail/components/accountcreation/content/emailWizard.js
+++ b/comm/mail/components/accountcreation/content/emailWizard.js
@@ -1210,19 +1210,21 @@ EmailConfigWizard.prototype =
}
this.fillPortDropdown(config.incoming.type);
- // If the hostname supports OAuth2 and imap is enabled, enable OAuth2.
- let iDetails = OAuth2Providers.getHostnameDetails(config.incoming.hostname);
- if (iDetails) {
- gEmailWizardLogger.info("OAuth2 details for incoming server " +
- config.incoming.hostname + " is " + iDetails);
- }
- e("in-authMethod-oauth2").hidden = !(iDetails && e("incoming_protocol").value == 1);
- if (!e("in-authMethod-oauth2").hidden) {
- config.oauthSettings = {};
- [config.oauthSettings.issuer, config.oauthSettings.scope] = iDetails;
- // oauthsettings are not stored nor changeable in the user interface, so just
- // store them in the base configuration.
- this._currentConfig.oauthSettings = config.oauthSettings;
+ if (Services.prefs.getBoolPref("mailnews.auto_config.account_constraints.allow_oauth2")) {
+ // If the hostname supports OAuth2 and imap is enabled, enable OAuth2.
+ let iDetails = OAuth2Providers.getHostnameDetails(config.incoming.hostname);
+ if (iDetails) {
+ gEmailWizardLogger.info("OAuth2 details for incoming server " +
+ config.incoming.hostname + " is " + iDetails);
+ }
+ e("in-authMethod-oauth2").hidden = !(iDetails && e("incoming_protocol").value == 1);
+ if (!e("in-authMethod-oauth2").hidden) {
+ config.oauthSettings = {};
+ [config.oauthSettings.issuer, config.oauthSettings.scope] = iDetails;
+ // oauthsettings are not stored nor changeable in the user interface, so just
+ // store them in the base configuration.
+ this._currentConfig.oauthSettings = config.oauthSettings;
+ }
}
// outgoing server
@@ -1241,19 +1243,21 @@ EmailConfigWizard.prototype =
this.adjustOutgoingPortToSSLAndProtocol(config);
}
- // If the hostname supports OAuth2 and imap is enabled, enable OAuth2.
- let oDetails = OAuth2Providers.getHostnameDetails(config.outgoing.hostname);
- if (oDetails) {
- gEmailWizardLogger.info("OAuth2 details for outgoing server " +
- config.outgoing.hostname + " is " + oDetails);
- }
- e("out-authMethod-oauth2").hidden = !oDetails;
- if (!e("out-authMethod-oauth2").hidden) {
- config.oauthSettings = {};
- [config.oauthSettings.issuer, config.oauthSettings.scope] = oDetails;
- // oauthsettings are not stored nor changeable in the user interface, so just
- // store them in the base configuration.
- this._currentConfig.oauthSettings = config.oauthSettings;
+ if (Services.prefs.getBoolPref("mailnews.auto_config.account_constraints.allow_oauth2")) {
+ // If the hostname supports OAuth2 and imap is enabled, enable OAuth2.
+ let oDetails = OAuth2Providers.getHostnameDetails(config.outgoing.hostname);
+ if (oDetails) {
+ gEmailWizardLogger.info("OAuth2 details for outgoing server " +
+ config.outgoing.hostname + " is " + oDetails);
+ }
+ e("out-authMethod-oauth2").hidden = !oDetails;
+ if (!e("out-authMethod-oauth2").hidden) {
+ config.oauthSettings = {};
+ [config.oauthSettings.issuer, config.oauthSettings.scope] = oDetails;
+ // oauthsettings are not stored nor changeable in the user interface, so just
+ // store them in the base configuration.
+ this._currentConfig.oauthSettings = config.oauthSettings;
+ }
}
// populate fields even if existingServerKey, in case user changes back
--- a/comm/mail/components/accountcreation/content/readFromXML.js
+++ b/comm/mail/components/accountcreation/content/readFromXML.js
@@ -4,6 +4,8 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
ChromeUtils.import("resource:///modules/hostnameUtils.jsm");
+ChromeUtils.import("resource://gre/modules/Services.jsm");
+
/* eslint-disable complexity */
/**
@@ -25,6 +27,8 @@ function readFromXML(clientConfigXML)
function array_or_undef(value) {
return value === undefined ? [] : value;
}
+ var allow_oauth2 =
+ Services.prefs.getBoolPref("mailnews.auto_config.account_constraints.allow_oauth2");
var exception;
if (typeof(clientConfigXML) != "object" ||
!("clientConfig" in clientConfigXML) ||
@@ -101,6 +105,12 @@ function readFromXML(clientConfigXML)
"GSSAPI" : Ci.nsMsgAuthMethod.GSSAPI,
"NTLM" : Ci.nsMsgAuthMethod.NTLM,
"OAuth2" : Ci.nsMsgAuthMethod.OAuth2 });