- 26 Jan, 2018 9 commits
-
-
anonym authored
This way any mounts made by users of this library (e.g. the Unsafe Browser) can mount targets inside the chroot and let the automatic teardown of the chroot browser deal with the umounting.
-
anonym authored
-
anonym authored
We don't enable Tor Launcher in Tor Browser, so they're just noise.
-
anonym authored
We want to allow something in Tor's rule that is blocked in the LAN rules, so the Tor rule must be listed first.
-
anonym authored
This has been broken since we migrated from our custom Iceweasel to TBB.
- 22 Jan, 2018 8 commits
-
-
anonym authored
-
anonym authored
-
anonym authored
-
anonym authored
As the comment in the removed code says, Tor Browser 7.5 does not ship these files any more.
-
anonym authored
For reasons that still are elusive to me, the `7z u` this commit replaces with `7z a` seems to be broken. I inserted `md5sum omni.ja` before and after the `7z u` and it printed the same value, despite `7z u` saying that that the expected files were changed and updated.
-
anonym authored
By updating the hack used to make Tor Browser consider uBlock Origin to be a verified add-on.
-
- 20 Jan, 2018 2 commits
-
-
intrigeri authored
-
- 19 Jan, 2018 1 commit
-
- 18 Jan, 2018 2 commits
-
- 17 Jan, 2018 2 commits
- 16 Jan, 2018 2 commits
-
-
intrigeri authored
Upgrade snapshot of the Debian APT repository to 2018011503 ⇒ upgrade to Linux 4.14.13 (refs: #15148). Linux 4.14.13 is the first kernel that has the "[x86] microcode/AMD: Add support for fam17h microcode loading" commit, that's needed to load the AMD fam17h microcode for mitigating the Spectre vulnerability (CVE-2017-5715).
-
intrigeri authored
It causes too many regressions: https://bugs.debian.org/886998. Partially reverts commit 9e6aec2c.
-
- 15 Jan, 2018 1 commit
-
-
intrigeri authored
-
- 11 Jan, 2018 2 commits
-
-
intrigeri authored
On the short term, this allows us to get the mitigation against Spectre (CVE-2017-5715). While this could be done via our freeze exception mechanism, instead I chose to bump APT snapshots and add APT pinning to install these packages from sid for the foreseeable future: keeping CPU microcode up-to-date has become an important factor in securing systems these days and such security updates land faster in sid than anywhere else in Debian.
-
intrigeri authored
i.e. one that has intel-microcode 3.20180108 and amd64-microcode 3.20171205.1, with mitigation against the Spectre vulnerability (CVE-2017-5715).
-
- 08 Jan, 2018 3 commits
- 06 Jan, 2018 8 commits
-
-
intrigeri authored
i.e. the first one that has Linux 4.14.12-2, that fixes https://bugs.debian.org/886366.
-
intrigeri authored
Linux 4.14 brings new AppArmor mediation features and the policy shipped in Stretch may not be ready for it. So let's disable these new features to avoid breaking stuff: it's too hard to check if all the policy for apps we ship (and that users install themselves) has the right rules to cope with these new mediation features. This feature set file will be: - either removed: once we install an apparmor package that ships its own, maintained elsewhere, feature set (probably via Debian#879585); - or upgraded: to the Buster kernel's, when we move to Buster, iff. Debian does not ship any pinned feature set then (refs: #15149). This commit ports to our build system the changes that are in Buster/sid currently, except we include the Stretch's kernel feature set while Buster/sid is pinned to Linux 4.14's feature set (the policy in Buster/sid was updated to support it). This is exactly what will likely land in the next Debian Stretch point release. I'm using a different filename from the one used on Debian, in order to make it easier to compare the "upstream" (Debian) file with ours. And while I'm at it I'm adding a build-time sanity check that will warn us if there's some maintenance work to do on our side.
-
intrigeri authored
XXX: don't merge Let's drop this commit once we get Linux 4.14.12-2 which fixes that bug for real (likely today around 5pm UTC). I'm only committing this now in order to have automated tests results with Linux 4.14.12 ASAP.
-
intrigeri authored
-
intrigeri authored
It's a recurring source of headaches, let's ease debugging.
-
intrigeri authored
-
intrigeri authored
This hook is a recurring cause of headaches, let's simplify debugging.