Hello community,
here is the log from the commit of package torbrowser-launcher for
openSUSE:Factory checked in at 2016-07-24 19:52:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/torbrowser-launcher (Old)
and /work/SRC/openSUSE:Factory/.torbrowser-launcher.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "torbrowser-launcher"
Changes:
--------
--- /work/SRC/openSUSE:Factory/torbrowser-launcher/torbrowser-launcher.changes
2016-04-08 09:39:42.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.torbrowser-launcher.new/torbrowser-launcher.changes
2016-07-24 19:53:23.000000000 +0200
@@ -1,0 +2,14 @@
+Wed Jul 20 21:42:36 UTC 2016 - [email protected]
+
+- Update to version 0.2.5:
+ + Fix issue where Tor Browser Launcher failed to launch if
+ currently installed version of Tor Browser was too old.
+ + If Tor Browser download isn't available in your language,
+ fallback to English.
+ + Avoid re-downloading tarball if it's already present.
+ + Verify GnuPG importing keys using status-fd rather than exit
+ codes.
+ + Various AppArmor improvements.
+ + Remove unused dependency of IPolicyForHTTPS.
+
+-------------------------------------------------------------------
Old:
----
v0.2.4.tar.gz
New:
----
v0.2.5.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ torbrowser-launcher.spec ++++++
--- /var/tmp/diff_new_pack.jBJl9x/_old 2016-07-24 19:53:25.000000000 +0200
+++ /var/tmp/diff_new_pack.jBJl9x/_new 2016-07-24 19:53:25.000000000 +0200
@@ -17,7 +17,7 @@
Name: torbrowser-launcher
-Version: 0.2.4
+Version: 0.2.5
Release: 0
Summary: Tool for launching and easy-updates of Tor Browser
License: MIT
++++++ v0.2.4.tar.gz -> v0.2.5.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/torbrowser-launcher-0.2.4/CHANGELOG.md
new/torbrowser-launcher-0.2.5/CHANGELOG.md
--- old/torbrowser-launcher-0.2.4/CHANGELOG.md 2016-03-13 22:57:27.000000000
+0100
+++ new/torbrowser-launcher-0.2.5/CHANGELOG.md 2016-07-09 01:53:49.000000000
+0200
@@ -1,8 +1,17 @@
# Tor Browser Launcher Changelog
+## 0.2.5
+
+* Fix issue where Tor Browser Launcher failed to launch if currently installed
version of Tor Browser was too old
+* If Tor Browser download isn't available in your language, fallback to English
+* Avoid re-downloading tarball if it's already present
+* Verify GnuPG importing keys using status-fd rather than exit codes
+* Various AppArmor improvements
+* Removed unused dependency
+
## 0.2.4
-* Fix signature verification bypass attack, reported by Jann Horn
+* Fix signature verification bypass attack, reported by Jann Horn
(CVE-2016-3180)
## 0.2.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/torbrowser-launcher-0.2.4/apparmor/torbrowser.Browser.firefox
new/torbrowser-launcher-0.2.5/apparmor/torbrowser.Browser.firefox
--- old/torbrowser-launcher-0.2.4/apparmor/torbrowser.Browser.firefox
2016-03-13 22:57:27.000000000 +0100
+++ new/torbrowser-launcher-0.2.5/apparmor/torbrowser.Browser.firefox
2016-07-09 01:53:49.000000000 +0200
@@ -28,9 +28,9 @@
deny /etc/machine-id r,
deny /var/lib/dbus/machine-id r,
- @{PROC}/[0-9]*/mountinfo r,
- @{PROC}/[0-9]*/stat r,
- @{PROC}/[0-9]*/task/*/stat r,
+ owner @{PROC}/[0-9]*/mountinfo r,
+ owner @{PROC}/[0-9]*/stat r,
+ owner @{PROC}/[0-9]*/task/*/stat r,
@{PROC}/sys/kernel/random/uuid r,
owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/ r,
@@ -40,17 +40,18 @@
owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/.** rwk,
owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/ rw,
owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** rw,
- owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser.bak/updated/
rwk,
+ owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser.bak/
rwk,
+ owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser.bak/**
rwk,
owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/*.so mr,
owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/components/*.so
mr,
owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/browser/components/*.so
mr,
owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox
rix,
- owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/updates/[0-9]*/updater
ix,
- owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/updates/0/MozUpdater/bgupdate/updater
ix,
+ owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{,TorBrowser/UpdateInfo/}updates/[0-9]*/updater
ix,
+ owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/{,TorBrowser/UpdateInfo/}updates/0/MozUpdater/bgupdate/updater
ix,
owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profiles.ini
r,
owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/
r,
owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/**
rwk,
- owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor
Px,
+ owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/tor
px,
owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Tor/libstdc++.so.6
m,
owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/Desktop/
rw,
owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/Desktop/**
rwk,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/torbrowser-launcher-0.2.4/apparmor/torbrowser.Tor.tor
new/torbrowser-launcher-0.2.5/apparmor/torbrowser.Tor.tor
--- old/torbrowser-launcher-0.2.4/apparmor/torbrowser.Tor.tor 2016-03-13
22:57:27.000000000 +0100
+++ new/torbrowser-launcher-0.2.5/apparmor/torbrowser.Tor.tor 2016-07-09
01:53:49.000000000 +0200
@@ -13,9 +13,9 @@
owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor
mr,
owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Tor/*
rw,
owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Data/Tor/lock
rwk,
- owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Lib/*.so mr,
- owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Lib/*.so.* mr,
- @{PROC}/meminfo r,
+ owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/Tor,Lib}/*.so
mr,
+ owner
@{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/Tor,Lib}/*.so.*
mr,
+
@{PROC}/sys/kernel/random/uuid r,
/sys/devices/system/cpu/ r,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/torbrowser-launcher-0.2.4/share/torbrowser-launcher/version
new/torbrowser-launcher-0.2.5/share/torbrowser-launcher/version
--- old/torbrowser-launcher-0.2.4/share/torbrowser-launcher/version
2016-03-13 22:57:27.000000000 +0100
+++ new/torbrowser-launcher-0.2.5/share/torbrowser-launcher/version
2016-07-09 01:53:49.000000000 +0200
@@ -1 +1 @@
-0.2.4
+0.2.5
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/torbrowser-launcher-0.2.4/torbrowser_launcher/common.py
new/torbrowser-launcher-0.2.5/torbrowser_launcher/common.py
--- old/torbrowser-launcher-0.2.4/torbrowser_launcher/common.py 2016-03-13
22:57:27.000000000 +0100
+++ new/torbrowser-launcher-0.2.5/torbrowser_launcher/common.py 2016-07-09
01:53:49.000000000 +0200
@@ -26,7 +26,7 @@
OTHER DEALINGS IN THE SOFTWARE.
"""
-import os, sys, platform, subprocess, locale, pickle, json, psutil
+import os, sys, platform, subprocess, locale, pickle, json, psutil, re
import pygtk
pygtk.require('2.0')
@@ -40,13 +40,23 @@
from twisted.internet import gtk2reactor
gtk2reactor.install()
+
+# We're looking for output which:
+#
+# 1. The first portion must be `[GNUPG:] IMPORT_OK`
+# 2. The second must be an integer between [0, 15], inclusive
+# 3. The third must be an uppercased hex-encoded 160-bit fingerprint
+gnupg_import_ok_pattern = re.compile(
+ "(\[GNUPG\:\]) (IMPORT_OK) ([0-9]|[1]?[0-5]) ([A-F0-9]{40})")
+
+
class Common:
def __init__(self, tbl_version):
self.tbl_version = tbl_version
# initialize the app
- self.default_mirror = 'https://dist.torproject.org/'
+ self.default_mirror = 'https://www.torproject.org/dist/'
self.discover_arch_lang()
self.build_paths()
for d in self.paths['dirs']:
@@ -110,7 +120,12 @@
arch = 'linux64'
else:
arch = 'linux32'
- tarball_filename =
'tor-browser-'+arch+'-'+tbb_version+'_'+self.language+'.tar.xz'
+
+ if hasattr(self, 'settings') and self.settings['force_en-US']:
+ language = 'en-US'
+ else:
+ language = self.language
+ tarball_filename =
'tor-browser-'+arch+'-'+tbb_version+'_'+language+'.tar.xz'
# tarball
self.paths['tarball_url'] =
'{0}torbrowser/'+tbb_version+'/'+tarball_filename
@@ -132,7 +147,9 @@
'tbl_bin': sys.argv[0],
'icon_file': os.path.join(os.path.dirname(SHARE),
'pixmaps/torbrowser.png'),
'torproject_pem': os.path.join(SHARE, 'torproject.pem'),
- 'signing_keys': [os.path.join(SHARE,
'tor-browser-developers.asc')],
+ 'signing_keys': {
+ 'tor_browser_developers': os.path.join(SHARE,
'tor-browser-developers.asc')
+ },
'mirrors_txt': [os.path.join(SHARE, 'mirrors.txt'),
tbb_config+'/mirrors.txt'],
'modem_sound': os.path.join(SHARE, 'modem.ogg'),
@@ -150,6 +167,11 @@
},
}
+ # Add the expected fingerprint for imported keys:
+ self.fingerprints = {
+ 'tor_browser_developers':
'EF6E286DDA85EA2A4BA7DE684E2C6E8793298290'
+ }
+
# create a directory
@staticmethod
def mkdir(path):
@@ -172,10 +194,57 @@
self.mkdir(self.paths['gnupg_homedir'])
self.import_keys()
+ def import_key_and_check_status(self, key):
+ """Import a GnuPG key and check that the operation was successful.
+
+ :param str key: A string specifying the key's filepath from
+ ``Common.paths``, as well as its fingerprint in
+ ``Common.fingerprints``.
+ :rtype: bool
+ :returns: ``True`` if the key is now within the keyring (or was
+ previously and hasn't changed). ``False`` otherwise.
+ """
+ success = False
+
+ p = subprocess.Popen(['/usr/bin/gpg', '--status-fd', '2',
+ '--homedir', self.paths['gnupg_homedir'],
+ '--import', self.paths['signing_keys'][key]],
+ stderr=subprocess.PIPE)
+ p.wait()
+
+ for output in p.stderr.readlines():
+ match = gnupg_import_ok_pattern.match(output)
+ if match:
+ # The output must match everything in the
+ # ``gnupg_import_ok_pattern``, as well as the expected
fingerprint:
+ if match.group().find(self.fingerprints[key]) >= 0:
+ success = True
+ break
+
+ return success
+
# import gpg keys
def import_keys(self):
- for key in self.paths['signing_keys']:
- subprocess.Popen(['/usr/bin/gpg', '--quiet', '--homedir',
self.paths['gnupg_homedir'], '--import', key]).wait()
+ """Import all GnuPG keys.
+
+ :rtype: bool
+ :returns: ``True`` if all keys were successfully imported; ``False``
+ otherwise.
+ """
+ keys = ['tor_browser_developers',]
+ all_imports_succeeded = True
+
+ for key in keys:
+ imported = self.import_key_and_check_status(key)
+ if not imported:
+ print _('Could not import key with fingerprint: %s.'
+ % self.fingerprints[key])
+ all_imports_succeeded = False
+
+ if not all_imports_succeeded:
+ print _('Not all keys were imported successfully!')
+
+ return all_imports_succeeded
# load mirrors
def load_mirrors(self):
@@ -195,7 +264,8 @@
'download_over_tor': False,
'modem_sound': False,
'tor_socks_address': 'tcp:127.0.0.1:9050',
- 'mirror': self.default_mirror
+ 'mirror': self.default_mirror,
+ 'force_en-US': False,
}
if os.path.isfile(self.paths['settings_file']):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/torbrowser-launcher-0.2.4/torbrowser_launcher/launcher.py
new/torbrowser-launcher-0.2.5/torbrowser_launcher/launcher.py
--- old/torbrowser-launcher-0.2.4/torbrowser_launcher/launcher.py
2016-03-13 22:57:27.000000000 +0100
+++ new/torbrowser-launcher-0.2.5/torbrowser_launcher/launcher.py
2016-07-09 01:53:49.000000000 +0200
@@ -30,7 +30,6 @@
from twisted.internet import reactor
from twisted.web.client import Agent, RedirectAgent, ResponseDone,
ResponseFailed
from twisted.web.http_headers import Headers
-from twisted.web.iweb import IPolicyForHTTPS
from twisted.internet.protocol import Protocol
from twisted.internet.error import DNSLookupError, ConnectionRefusedError
@@ -48,6 +47,9 @@
class TryDefaultMirrorException(Exception):
pass
+class TryForcingEnglishException(Exception):
+ pass
+
class DownloadErrorException(Exception):
pass
@@ -55,16 +57,17 @@
def __init__(self, common, url_list):
self.common = common
self.url_list = url_list
+ self.force_redownload = False
# this is the current version of Tor Browser, which should get updated
with every release
- self.min_version = '5.5.2'
+ self.min_version = '6.0.2'
# init launcher
self.set_gui(None, '', [])
self.launch_gui = True
# if Tor Browser is not installed, detect latest version, download,
and install
- if not self.common.settings['installed']:
+ if not self.common.settings['installed'] or not
self.check_min_version():
# if downloading over Tor, include txsocksx
if self.common.settings['download_over_tor']:
try:
@@ -78,9 +81,16 @@
self.common.settings['download_over_tor'] = False
self.common.save_settings()
+ # different message if downloading for the first time, or because
your installed version is too low
+ download_message = ""
+ if not self.common.settings['installed']:
+ download_message = _("Downloading and installing Tor Browser
for the first time.")
+ elif not self.check_min_version():
+ download_message = _("Your version of Tor Browser is
out-of-date. Downloading and installing the newest version.")
+
# download and install
- print _("Downloading and installing Tor Browser for the first
time.")
- self.set_gui('task', _("Downloading and installing Tor Browser for
the first time."),
+ print download_message
+ self.set_gui('task', download_message,
['download_version_check',
'set_version',
'download_sig',
@@ -159,6 +169,8 @@
self.yes_button.connect("clicked", self.try_stable, None)
elif self.gui == 'error_try_default_mirror':
self.yes_button.connect("clicked",
self.try_default_mirror, None)
+ elif self.gui == 'error_try_forcing_english':
+ self.yes_button.connect("clicked",
self.try_forcing_english, None)
elif self.gui == 'error_try_tor':
self.yes_button.connect("clicked", self.try_tor, None)
self.button_box.add(self.yes_button)
@@ -260,7 +272,10 @@
elif task == 'download_tarball':
print _('Downloading'),
self.common.paths['tarball_url'].format(self.common.settings['mirror'])
- self.download('tarball', self.common.paths['tarball_url'],
self.common.paths['tarball_file'])
+ if not self.force_redownload and
os.path.exists(self.common.paths['tarball_file']):
+ self.run_task()
+ else:
+ self.download('tarball', self.common.paths['tarball_url'],
self.common.paths['tarball_file'])
elif task == 'verify':
print _('Verifying signature')
@@ -290,6 +305,8 @@
if response.code != 200:
if common.settings['mirror'] != common.default_mirror:
raise TryDefaultMirrorException(_("Download Error: {0}
{1}\n\nYou are currently using a non-default mirror:\n{2}\n\nWould you like to
switch back to the default?").format(response.code, response.phrase,
common.settings['mirror']))
+ elif common.language != 'en-US' and not
common.settings['force_en-US']:
+ raise TryForcingEnglishException(_("Download Error:
{0} {1}\n\nWould you like to try the English version of Tor Browser
instead?").format(response.code, response.phrase))
else:
raise DownloadErrorException(_("Download Error: {0}
{1}").format(response.code, response.phrase))
@@ -343,6 +360,10 @@
f.trap(TryDefaultMirrorException)
self.set_gui('error_try_default_mirror', str(f.value), [], False)
+ elif isinstance(f.value, TryForcingEnglishException):
+ f.trap(TryForcingEnglishException)
+ self.set_gui('error_try_forcing_english', str(f.value), [], False)
+
elif isinstance(f.value, DownloadErrorException):
f.trap(DownloadErrorException)
self.set_gui('error', str(f.value), [], False)
@@ -424,6 +445,13 @@
subprocess.Popen([self.common.paths['tbl_bin']])
self.destroy(False)
+ def try_forcing_english(self, widget, data=None):
+ # change force english to true and relaunch TBL
+ self.common.settings['force_en-US'] = True
+ self.common.save_settings()
+ subprocess.Popen([self.common.paths['tbl_bin']])
+ self.destroy(False)
+
def try_tor(self, widget, data=None):
# set download_over_tor to true and relaunch TBL
self.common.settings['download_over_tor'] = True
@@ -566,6 +594,7 @@
# start over and download TBB again
def start_over(self):
+ self.force_redownload = True # Overwrite any existing file
self.label.set_text(_("Downloading Tor Browser Bundle over again."))
self.gui_tasks = ['download_tarball', 'verify', 'extract', 'run']
self.gui_task_i = 0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/torbrowser-launcher-0.2.4/torbrowser_launcher/settings.py
new/torbrowser-launcher-0.2.5/torbrowser_launcher/settings.py
--- old/torbrowser-launcher-0.2.4/torbrowser_launcher/settings.py
2016-03-13 22:57:27.000000000 +0100
+++ new/torbrowser-launcher-0.2.5/torbrowser_launcher/settings.py
2016-07-09 01:53:49.000000000 +0200
@@ -101,6 +101,16 @@
self.modem_checkbox.set_tooltip_text(_("This option requires
python-pygame to be installed"))
self.modem_checkbox.show()
+ # force en-US, only display if language isn't already en-US
+ if self.common.language != 'en-US':
+ self.force_en_checkbox = gtk.CheckButton(_("Force downloading
English version of Tor Browser"))
+ if self.common.settings['force_en-US']:
+ self.force_en_checkbox.set_active(True)
+ else:
+ self.force_en_checkbox.set_active(False)
+ self.settings_box.pack_start(self.force_en_checkbox, True, True, 0)
+ self.force_en_checkbox.show()
+
# Tor SOCKS address
self.tor_addr_box = gtk.HBox(False, 10)
self.settings_box.pack_start(self.tor_addr_box, True, True, 0)
@@ -227,6 +237,7 @@
# checkbox options
self.common.settings['download_over_tor'] =
self.tor_download_checkbox.get_active()
self.common.settings['modem_sound'] = self.modem_checkbox.get_active()
+ self.common.settings['force_en-US'] =
self.force_en_checkbox.get_active()
self.common.settings['tor_socks_address'] = self.tor_addr.get_text()
# figure out the selected mirror
