Your message dated Sat, 26 Jul 2014 16:33:53 +0000 with message-id <[email protected]> and subject line Bug#751453: fixed in torbrowser-launcher 0.1.1-2 has caused the Debian Bug report #751453, regarding torbrowser-launcher: AppArmor profiles are, well, slightly suboptimal to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 751453: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751453 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: torbrowser-launcher Version: 0.0.7-1 Severity: normal Hi, first, thanks a lot for shipping AppArmor profiles in this package! These profiles have quite some room for improvements: at least one is simply broken, some will work only in common cases and don't use the existing facilities meant to take care of less common cases, and generally speaking, all this stuff would greatly benefit from a good refactoring. * At least torbrowser.Browser.firefox can't possibly be loaded on current Debian, due to the "dbus" line, that will only be supported (as in: parsed, but not effective) once apparmor 2.8.95 is in the archive. In practice, this means that anyone running current Debian testing/sid with AppArmor enabled, installing torbrowser-launcher 0.0.7-1, restarting the apparmor service manually (due to #751449), and then starting torbrowser-launcher, will get an unconfined browser as a result. Especially given the strong dependency expressed on AppArmor (#751452), this seems to be a bug. The rest is not critical, and could probably be forwarded upstream as is. I won't mind if this bug report is closed as soon as the major problem above is fixed, as long as upstream hears about what follows. Just tell me how you prefer to handle that, and I'll do the ticket mangling here (probably cloning this bug, to track the important bug described above separately from the long-term things below). * Quite a few permissions are duplicates of existing ones, that can be found in the already sourced "base" abstraction. This duplication seems useless, and makes auditing harder. * Other permissions would advantageously be replaced by sourcing the appropriate abstractions (e.g., the "X" and "gnome" or "freedesktop.org" ones), that have been tested in a bit more various environments (e.g. it supports more than /dev/dri/card0) and are well maintained upstream. This would make auditing easier too. * It would probably be good to prefix with "owner" basically all lines that start with "@{HOME}", for locking things down a bit more. * Sometimes, the @{HOME} tunable is used, and sometimes it's not (and /home/* is harcoded). @{HOME} should be use consistently, else its presence is useless and misleading. * The torbrowser.Tor.tor profile should probably use abstractions/nameservice, just like abstractions/tor does, so that it supports more kinds of entity resolution than the basic /etc/{passwd,resolv.conf}. E.g. that profile is likely broken if using resolvconf, etc. * Interesting line: deny /proc/9881/mountinfo r, Thanks for maintaining torbrowser-launcher in Debian! Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
--- End Message ---
--- Begin Message ---Source: torbrowser-launcher Source-Version: 0.1.1-2 We believe that the bug you reported is fixed in the latest version of torbrowser-launcher, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Holger Levsen <[email protected]> (supplier of updated torbrowser-launcher package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 26 Jul 2014 17:15:04 +0200 Source: torbrowser-launcher Binary: torbrowser-launcher Architecture: source amd64 Version: 0.1.1-2 Distribution: unstable Urgency: medium Maintainer: Anonymity Tools Debian Maintainers <[email protected]> Changed-By: Holger Levsen <[email protected]> Description: torbrowser-launcher - helps download, update and run the Tor Browser Bundle Closes: 751453 755817 Changes: torbrowser-launcher (0.1.1-2) unstable; urgency=medium . * debian/rules: call dh_apparmor for each shipped profile. (Closes: #755817) * Include e8350a1c4 from upstream to fix typo in ppa script. * Cleanup AppArmor profiles as per not yet merged pull request https://github.com/micahflee/torbrowser-launcher/pull/111 Thanks intrigeri for the patch! (Closes: #751453). Checksums-Sha1: 1c476e12aac8382c382debb03ae886ddf99a26e2 2106 torbrowser-launcher_0.1.1-2.dsc d0c43388f85b3ac43abeb67d177ab6db1d3634ee 6008 torbrowser-launcher_0.1.1-2.debian.tar.xz 93bfeea8b07d789af44e0efad1fd041ceac5b45f 270364 torbrowser-launcher_0.1.1-2_amd64.deb Checksums-Sha256: 8311847dd467bd90c50bfc632f9f32081be45cd3f897f247f7d7e402a5a58a54 2106 torbrowser-launcher_0.1.1-2.dsc e80da62974930ccf44e24d00a599c01b084c96b19be05e61a341183e90e576aa 6008 torbrowser-launcher_0.1.1-2.debian.tar.xz b826cb0b2a24622339c44a24b3dffe072d60a6cd175bebd4fc2b8646d3e568b9 270364 torbrowser-launcher_0.1.1-2_amd64.deb Files: ee3e2fa32a3c7dfb82ed44b05bac4df0 270364 contrib/python optional torbrowser-launcher_0.1.1-2_amd64.deb 748235c5f1701803b292be2fe31234d8 2106 contrib/python optional torbrowser-launcher_0.1.1-2.dsc 2c98ee7a2fefc2ca311a4b460b7a2fa3 6008 contrib/python optional torbrowser-launcher_0.1.1-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIVAwUBU9PTgQkauFYGmqocAQjerA/+NFjSA9ujwapHzQZMlIXSeWhPPyeB7ycc oBnS9ULA83Q6H1TpQjgG7V1Nq5n8KntNz22xXg/E6HG+YDbLoFWUHatJ6o2HBgiQ 6nh/K0ti11JvpMH0xEF4/HEKnu9A8lWqo5k/BSEAuSd9GlDapuwedjp/Qyf3s/qQ 6mmzWIhss3PI4qYp2Yp5i4r1Fbntt4dAeK5Xk2nvejp+IG2DI+dkOJ4/Q8zDvcz7 doXVykBUpcqMvpBYSiLCWm4Z5dM7oCu4jf5udyn1jwa4EoT5Py9+ihtdML+2lbOv SOsgGWv9JuNOCntDjqbLE5TZYEOutTYMC1tnC4HDKthOV0u1gZxXzBHOOnPOdUh/ ldMli/FSbvyNM7I9k1XJLNGFoxKm7LuvR3tteHyGwOHxTjCOr/7L5hTVEGBP3Ntf qmdhg8voL5oTnyr6L85LSq4uKEQTsrgY7iDG43hmXDLK86NLeRgAUf1W4C8FPE/B 0yZ+xFTdgFHAhgwm2qWEwVEiX6007lCBL5Vw7BHFjRtqYNpGV+l+0iIMrJb4X52K O03HcxewiMB5HDRUecE/K4txeddveVLzHdaJOVIgOa/Ug34ulKe+BLWnKPeQMA2G HfGfOKUwbvCvrduuk/c5pR5CfUA1s2JdXulK5t+PI0RfdQQd23E4i/EiFXhNATQP LbmxyktOCOE= =kspK -----END PGP SIGNATURE-----
--- End Message ---
