Commit e932963c authored by Alan's avatar Alan

Merge remote-tracking branch 'origin/stable' into bugfix/15838-asp-fix-non-blocking-issues

parents 1e91cca2 dd142431
......@@ -26,7 +26,7 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20"
# Kernel version
KERNEL_VERSION='4.17.0-3'
KERNEL_VERSION='4.18.0-2'
KERNEL_SOURCE_VERSION=$(
echo "$KERNEL_VERSION" \
| perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
......
......@@ -105,7 +105,8 @@ Package: vulcan* libvulkan*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
Package: wayland-protocols
Explanation: src:wayland and src:wayland-protocols
Package: libwayland* wayland-protocols
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
......
#!/bin/sh
set -e
echo "Configuring htpdate HTTP User-Agent"
CONFFILE='/etc/default/htpdate.user-agent'
install -o root -g root -m 0644 /dev/null "$CONFFILE"
echo "HTTP_USER_AGENT=\"$(/usr/local/lib/getTorBrowserUserAgent)\"" \
> "$CONFFILE"
HTTP_USER_AGENT="Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0"
......@@ -6,6 +6,8 @@
["command", {"args": ["/usr/bin/lspci", "-nn"]}],
["command", {"args": ["/bin/df", "--human-readable", "--print-type"]}],
["command", {"args": ["/bin/mount", "--show-labels"]}],
["command", {"args": ["/sbin/dmsetup", "ls", "--tree", "--options=blkdevname,uuid,active,open,rw,notrunc"]}],
["command", {"args": ["/sbin/losetup", "--list", "--output=NAME,BACK-FILE,AUTOCLEAR,RO,PARTSCAN,SIZELIMIT,OFFSET"]}],
["command", {"args": ["/bin/lsmod"]}],
["file", {"user": "root", "path": "/proc/asound/cards"}],
["file", {"user": "root", "path": "/proc/asound/devices"}],
......
#!/bin/sh
set -e
set -u
echo 'Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0'
......@@ -134,6 +134,7 @@ import socket
import socketserver
import stem
import stem.control
import stem.connection
import struct
import sys
import textwrap
......@@ -565,12 +566,8 @@ class FilteredControlPortProxyHandler(socketserver.StreamRequestHandler):
))
def connect_to_real_control_port(self):
with open(global_args.control_cookie_path, "rb") as f:
cookie = f.read()
controller = stem.control.Controller.from_socket_file(
global_args.control_socket_path
)
controller.authenticate(cookie)
controller = stem.connection.connect(control_socket=global_args.control_socket_path)
stem.connection.authenticate_cookie(controller, cookie_path=global_args.control_cookie_path)
return controller
def handle(self):
......
diff --git a/etc/apparmor.d/torbrowser.Browser.firefox b/etc/apparmor.d/torbrowser.Browser.firefox
index d0aded9..e718ed5 100644
index 9f269e1..8c7c830 100644
--- a/etc/apparmor.d/torbrowser.Browser.firefox
+++ b/etc/apparmor.d/torbrowser.Browser.firefox
@@ -1,10 +1,11 @@
#include <tunables/global>
#include <tunables/torbrowser>
-@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox
-@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real
+@{torbrowser_firefox_executable} = /usr/local/lib/tor-browser/firefox.real
profile torbrowser_firefox @{torbrowser_firefox_executable} {
......@@ -34,7 +34,7 @@ index d0aded9..e718ed5 100644
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
@@ -39,30 +43,32 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
@@ -39,32 +43,34 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
owner @{PROC}/@{pid}/task/*/stat r,
@{PROC}/sys/kernel/random/uuid r,
......@@ -53,7 +53,6 @@ index d0aded9..e718ed5 100644
- owner @{torbrowser_home_dir}/components/*.so mr,
- owner @{torbrowser_home_dir}/browser/components/*.so mr,
- owner @{torbrowser_home_dir}/firefox rix,
- owner @{torbrowser_home_dir}/plugin-container px -> torbrowser_plugin_container,
- owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/updater ix,
- owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/0/MozUpdater/bgupdate/updater ix,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profiles.ini r,
......@@ -64,7 +63,6 @@ index d0aded9..e718ed5 100644
- owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,
+ @{torbrowser_home_dir}/ r,
+ @{torbrowser_home_dir}/** mr,
+ @{torbrowser_home_dir}/plugin-container px -> torbrowser_plugin_container,
+
+ owner "@{HOME}/Tor Browser/" rw,
+ owner "@{HOME}/Tor Browser/**" rwk,
......@@ -89,17 +87,13 @@ index d0aded9..e718ed5 100644
+ /usr/share/doc/tails/website/ r,
+ /usr/share/doc/tails/website/** r,
# Web Content processes
- owner @{torbrowser_firefox_executable} px -> torbrowser_plugin_container,
+ @{torbrowser_firefox_executable} px -> torbrowser_plugin_container,
/etc/mailcap r,
/etc/mime.types r,
@@ -70,6 +76,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
/usr/share/ r,
/usr/share/mime/ r,
/usr/share/themes/ r,
+ /usr/share/glib-2.0/schemas/gschemas.compiled r,
/usr/share/applications/** rk,
/usr/share/gnome/applications/ r,
/usr/share/gnome/applications/kde4/ r,
@@ -85,12 +92,6 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
@@ -88,12 +94,6 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
/sys/devices/system/node/node[0-9]*/meminfo r,
deny /sys/devices/virtual/block/*/uevent r,
......@@ -112,7 +106,7 @@ index d0aded9..e718ed5 100644
# Required for multiprocess Firefox (aka Electrolysis, i.e. e10s)
owner /{dev,run}/shm/org.chromium.* rw,
@@ -104,6 +105,31 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
@@ -107,6 +107,29 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
deny @{HOME}/.cache/fontconfig/** rw,
deny @{HOME}/.config/gtk-2.0/ rw,
deny @{HOME}/.config/gtk-2.0/** rw,
......@@ -122,8 +116,6 @@ index d0aded9..e718ed5 100644
+ deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
+ deny /usr/local/lib/tor-browser/update.test/ rw,
+
+ @{torbrowser_firefox_executable} px -> torbrowser_plugin_container,
+
+ # Grant access to assistive technologies
+ # (otherwise, Firefox crashes when Orca is enabled:
+ # https://labs.riseup.net/code/issues/9261)
......@@ -144,7 +136,7 @@ index d0aded9..e718ed5 100644
deny @{PROC}/@{pid}/net/route r,
deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
@@ -119,5 +145,10 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
@@ -122,5 +145,10 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
/etc/xfce4/defaults.list r,
/usr/share/xfce4/applications/ r,
......@@ -157,10 +149,19 @@ index d0aded9..e718ed5 100644
+ deny /tmp/ rwklx,
}
diff --git a/etc/apparmor.d/torbrowser.Browser.plugin-container b/etc/apparmor.d/torbrowser.Browser.plugin-container
index fe95fdb..32d0c38 100644
index 7ec8a00..346f2ad 100644
--- a/etc/apparmor.d/torbrowser.Browser.plugin-container
+++ b/etc/apparmor.d/torbrowser.Browser.plugin-container
@@ -10,9 +10,9 @@ profile torbrowser_plugin_container {
@@ -1,7 +1,7 @@
#include <tunables/global>
#include <tunables/torbrowser>
-@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real
+@{torbrowser_firefox_executable} = /usr/local/lib/tor-browser/firefox.real
profile torbrowser_plugin_container {
#include <abstractions/gnome>
@@ -12,9 +12,9 @@ profile torbrowser_plugin_container {
# - the "deny" word in the machine-id lines
# - the rules that deny reading /etc/pulse/client.conf
# and executing /usr/bin/pulseaudio
......@@ -173,7 +174,7 @@ index fe95fdb..32d0c38 100644
signal (receive) set=("term") peer=torbrowser_firefox,
@@ -24,14 +24,15 @@ profile torbrowser_plugin_container {
@@ -26,8 +26,8 @@ profile torbrowser_plugin_container {
deny /etc/group r,
deny /etc/mailcap r,
......@@ -184,14 +185,7 @@ index fe95fdb..32d0c38 100644
/etc/mime.types r,
/usr/share/applications/gnome-mimeapps.list r,
/dev/shm/ r,
+ owner @{PROC}/@{pid}/environ r,
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
@@ -39,28 +40,28 @@ profile torbrowser_plugin_container {
@@ -42,31 +42,29 @@ profile torbrowser_plugin_container {
owner @{PROC}/@{pid}/task/*/stat r,
@{PROC}/sys/kernel/random/uuid r,
......@@ -205,11 +199,12 @@ index fe95fdb..32d0c38 100644
- owner @{torbrowser_home_dir}/browser/components/*.so mr,
- owner @{torbrowser_home_dir}/defaults/pref/ r,
- owner @{torbrowser_home_dir}/defaults/pref/*.js r,
- owner @{torbrowser_home_dir}/dependentlibs.list r,
- owner @{torbrowser_home_dir}/fonts/ r,
- owner @{torbrowser_home_dir}/fonts/** r,
- owner @{torbrowser_home_dir}/omni.ja r,
- owner @{torbrowser_home_dir}/plugin-container ixmr,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/* rw,
- owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,
- owner @{torbrowser_home_dir}/TorBrowser/Tor/ r,
......@@ -217,11 +212,12 @@ index fe95fdb..32d0c38 100644
- owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,
- owner @{torbrowser_home_dir}/Downloads/ rwk,
- owner @{torbrowser_home_dir}/Downloads/** rwk,
-
- owner @{torbrowser_firefox_executable} ixmr -> torbrowser_plugin_container,
+ @{torbrowser_home_dir}/ r,
+ @{torbrowser_home_dir}/** mr,
+ @{torbrowser_home_dir}/plugin-container ixmr,
+
+ owner @{HOME}/.tor-browser/profile.default/startupCache/scriptCache-child-current.bin r,
+ owner @{HOME}/.tor-browser/profile.default/startupCache/* r,
+ owner @{HOME}/.tor-browser/profile.default/tmp/* rw,
+
+ owner "@{HOME}/Tor Browser/" rw,
......@@ -239,10 +235,12 @@ index fe95fdb..32d0c38 100644
+
+ /usr/share/doc/tails/website/ r,
+ /usr/share/doc/tails/website/** r,
+
+ @{torbrowser_firefox_executable} ixmr -> torbrowser_plugin_container,
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/present r,
@@ -86,10 +87,16 @@ profile torbrowser_plugin_container {
@@ -92,10 +90,16 @@ profile torbrowser_plugin_container {
deny @{PROC}/@{pid}/net/route r,
deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
......
--- /etc/apparmor.d/abstractions/freedesktop.org 2018-10-07 19:38:49.308000000 +0000
+++ /etc/apparmor.d/abstractions/freedesktop.org 2018-10-07 19:48:40.400000000 +0000
@@ -24,7 +24,7 @@
/usr/local/share/pixmaps/** r,
# this should probably go elsewhere
- /usr/share/mime/** r,
+ /usr/{local/,}share/mime/** r,
# per-user configurations
owner @{HOME}/.icons/ r,
......@@ -194,7 +194,12 @@ When /^I (install|reinstall|upgrade) Tails (?:to|on) USB drive "([^"]+)" (by clo
label = action.capitalize
end
@installer.button(label).click
@installer.child('Question', roleName: 'alert').button('Yes').click
if action == 'upgrade'
confirmation_label = 'Upgrade'
else
confirmation_label = 'Install'
end
@installer.child('Question', roleName: 'alert').button(confirmation_label).click
try_for(15*60, { :delay => 10 }) do
@installer
.child('Information', roleName: 'alert')
......
Subproject commit 01543e47eae7653c7e9a35a7204301f8a0b3ca50
Subproject commit bdda97c749604bb9ea3f19e0c1ffac9042e79f77
......@@ -242,3 +242,21 @@ Clean up
cd "$TBB_ARCHIVE" && \
git annex drop -- "${TBB_VERSION}" && \
rm -rf "$DL_DIR"
Update the htpdate User Agent
=============================
We want to use the same user agent in our htpdate script (see the
[[Time syncing design|contribute/design/Time_syncing]]
for more info on that) as in Tor Browser.
To find out the User Agent of the new Tor Browser:
1. Start Tor Browser (outside of Tails, if there is no ISO yet with the new
Tor Browser)
2. Open the _Network_ tab in the _Developer Tools_ (Ctrl+Shift+E)
3. Load a website (e.g. <https://tails.boum.org>)
4. Select one of the GET requests in the _Developer Tools_
5. Scroll down to `User-Agent` in the _Request headers_ section
Now replace the User Agent in `config/chroot_local-includes/etc/default/htpdate.user-agent` with the one you found above.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment