summaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorAlan <alan@boum.org>2018-10-18 18:15:41 +0000
committerAlan <alan@boum.org>2018-10-18 18:15:41 +0000
commite932963c1995261ae69f60e065dc801a35a070f3 (patch)
treecea89d4915f36211a4a28f59564c4e2c57dd570e /config
parent1e91cca251d615572abf4fa44dd00d66fd355fd8 (diff)
parentdd142431c4c4e3026b7ed2565b31706160ef711c (diff)
Merge remote-tracking branch 'origin/stable' into bugfix/15838-asp-fix-non-blocking-issues
Diffstat (limited to 'config')
-rw-r--r--config/APT_overlays.d/feature-11501-install-verbs-instead-yes-no0
-rw-r--r--config/APT_snapshots.d/debian/serial2
-rw-r--r--config/amnesia2
-rw-r--r--config/chroot_apt/preferences3
-rwxr-xr-xconfig/chroot_local-hooks/46-configure-htpdate12
-rw-r--r--config/chroot_local-includes/etc/default/htpdate.user-agent1
-rw-r--r--config/chroot_local-includes/etc/whisperback/debugging-info.json2
-rwxr-xr-xconfig/chroot_local-includes/usr/local/lib/getTorBrowserUserAgent6
-rwxr-xr-xconfig/chroot_local-includes/usr/local/lib/onion-grater9
-rw-r--r--config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch64
-rw-r--r--config/chroot_local-patches/apparmor-adjust-freedesktop-abstraction.diff11
11 files changed, 52 insertions, 60 deletions
diff --git a/config/APT_overlays.d/feature-11501-install-verbs-instead-yes-no b/config/APT_overlays.d/feature-11501-install-verbs-instead-yes-no
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/config/APT_overlays.d/feature-11501-install-verbs-instead-yes-no
diff --git a/config/APT_snapshots.d/debian/serial b/config/APT_snapshots.d/debian/serial
index 27e6ccc..b1f9fa5 100644
--- a/config/APT_snapshots.d/debian/serial
+++ b/config/APT_snapshots.d/debian/serial
@@ -1 +1 @@
-2018081901
+2018100901
diff --git a/config/amnesia b/config/amnesia
index 1ef3ee5..6af6099 100644
--- a/config/amnesia
+++ b/config/amnesia
@@ -26,7 +26,7 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20"
# Kernel version
-KERNEL_VERSION='4.17.0-3'
+KERNEL_VERSION='4.18.0-2'
KERNEL_SOURCE_VERSION=$(
echo "$KERNEL_VERSION" \
| perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
diff --git a/config/chroot_apt/preferences b/config/chroot_apt/preferences
index 0556f67..95b9f6d 100644
--- a/config/chroot_apt/preferences
+++ b/config/chroot_apt/preferences
@@ -105,7 +105,8 @@ Package: vulcan* libvulkan*
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
-Package: wayland-protocols
+Explanation: src:wayland and src:wayland-protocols
+Package: libwayland* wayland-protocols
Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999
diff --git a/config/chroot_local-hooks/46-configure-htpdate b/config/chroot_local-hooks/46-configure-htpdate
deleted file mode 100755
index 628ffab..0000000
--- a/config/chroot_local-hooks/46-configure-htpdate
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-
-set -e
-
-echo "Configuring htpdate HTTP User-Agent"
-
-CONFFILE='/etc/default/htpdate.user-agent'
-
-install -o root -g root -m 0644 /dev/null "$CONFFILE"
-
-echo "HTTP_USER_AGENT=\"$(/usr/local/lib/getTorBrowserUserAgent)\"" \
- > "$CONFFILE"
diff --git a/config/chroot_local-includes/etc/default/htpdate.user-agent b/config/chroot_local-includes/etc/default/htpdate.user-agent
new file mode 100644
index 0000000..e5aa636
--- /dev/null
+++ b/config/chroot_local-includes/etc/default/htpdate.user-agent
@@ -0,0 +1 @@
+HTTP_USER_AGENT="Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0"
diff --git a/config/chroot_local-includes/etc/whisperback/debugging-info.json b/config/chroot_local-includes/etc/whisperback/debugging-info.json
index 586bf93..44f2d70 100644
--- a/config/chroot_local-includes/etc/whisperback/debugging-info.json
+++ b/config/chroot_local-includes/etc/whisperback/debugging-info.json
@@ -6,6 +6,8 @@
["command", {"args": ["/usr/bin/lspci", "-nn"]}],
["command", {"args": ["/bin/df", "--human-readable", "--print-type"]}],
["command", {"args": ["/bin/mount", "--show-labels"]}],
+["command", {"args": ["/sbin/dmsetup", "ls", "--tree", "--options=blkdevname,uuid,active,open,rw,notrunc"]}],
+["command", {"args": ["/sbin/losetup", "--list", "--output=NAME,BACK-FILE,AUTOCLEAR,RO,PARTSCAN,SIZELIMIT,OFFSET"]}],
["command", {"args": ["/bin/lsmod"]}],
["file", {"user": "root", "path": "/proc/asound/cards"}],
["file", {"user": "root", "path": "/proc/asound/devices"}],
diff --git a/config/chroot_local-includes/usr/local/lib/getTorBrowserUserAgent b/config/chroot_local-includes/usr/local/lib/getTorBrowserUserAgent
deleted file mode 100755
index 62e625d..0000000
--- a/config/chroot_local-includes/usr/local/lib/getTorBrowserUserAgent
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-
-set -e
-set -u
-
-echo 'Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0'
diff --git a/config/chroot_local-includes/usr/local/lib/onion-grater b/config/chroot_local-includes/usr/local/lib/onion-grater
index 4f0690d..b8369b9 100755
--- a/config/chroot_local-includes/usr/local/lib/onion-grater
+++ b/config/chroot_local-includes/usr/local/lib/onion-grater
@@ -134,6 +134,7 @@ import socket
import socketserver
import stem
import stem.control
+import stem.connection
import struct
import sys
import textwrap
@@ -565,12 +566,8 @@ class FilteredControlPortProxyHandler(socketserver.StreamRequestHandler):
))
def connect_to_real_control_port(self):
- with open(global_args.control_cookie_path, "rb") as f:
- cookie = f.read()
- controller = stem.control.Controller.from_socket_file(
- global_args.control_socket_path
- )
- controller.authenticate(cookie)
+ controller = stem.connection.connect(control_socket=global_args.control_socket_path)
+ stem.connection.authenticate_cookie(controller, cookie_path=global_args.control_cookie_path)
return controller
def handle(self):
diff --git a/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch b/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch
index f7f436c..1ab78e0 100644
--- a/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch
+++ b/config/chroot_local-includes/usr/share/tails/torbrowser-AppArmor-profile.patch
@@ -1,12 +1,12 @@
diff --git a/etc/apparmor.d/torbrowser.Browser.firefox b/etc/apparmor.d/torbrowser.Browser.firefox
-index d0aded9..e718ed5 100644
+index 9f269e1..8c7c830 100644
--- a/etc/apparmor.d/torbrowser.Browser.firefox
+++ b/etc/apparmor.d/torbrowser.Browser.firefox
@@ -1,10 +1,11 @@
#include <tunables/global>
#include <tunables/torbrowser>
--@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox
+-@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real
+@{torbrowser_firefox_executable} = /usr/local/lib/tor-browser/firefox.real
profile torbrowser_firefox @{torbrowser_firefox_executable} {
@@ -34,7 +34,7 @@ index d0aded9..e718ed5 100644
owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
-@@ -39,30 +43,32 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
+@@ -39,32 +43,34 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
owner @{PROC}/@{pid}/task/*/stat r,
@{PROC}/sys/kernel/random/uuid r,
@@ -53,7 +53,6 @@ index d0aded9..e718ed5 100644
- owner @{torbrowser_home_dir}/components/*.so mr,
- owner @{torbrowser_home_dir}/browser/components/*.so mr,
- owner @{torbrowser_home_dir}/firefox rix,
-- owner @{torbrowser_home_dir}/plugin-container px -> torbrowser_plugin_container,
- owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/[0-9]*/updater ix,
- owner @{torbrowser_home_dir}/{,TorBrowser/UpdateInfo/}updates/0/MozUpdater/bgupdate/updater ix,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profiles.ini r,
@@ -64,7 +63,6 @@ index d0aded9..e718ed5 100644
- owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,
+ @{torbrowser_home_dir}/ r,
+ @{torbrowser_home_dir}/** mr,
-+ @{torbrowser_home_dir}/plugin-container px -> torbrowser_plugin_container,
+
+ owner "@{HOME}/Tor Browser/" rw,
+ owner "@{HOME}/Tor Browser/**" rwk,
@@ -89,17 +87,13 @@ index d0aded9..e718ed5 100644
+ /usr/share/doc/tails/website/ r,
+ /usr/share/doc/tails/website/** r,
+ # Web Content processes
+- owner @{torbrowser_firefox_executable} px -> torbrowser_plugin_container,
++ @{torbrowser_firefox_executable} px -> torbrowser_plugin_container,
+
/etc/mailcap r,
/etc/mime.types r,
-@@ -70,6 +76,7 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
- /usr/share/ r,
- /usr/share/mime/ r,
- /usr/share/themes/ r,
-+ /usr/share/glib-2.0/schemas/gschemas.compiled r,
- /usr/share/applications/** rk,
- /usr/share/gnome/applications/ r,
- /usr/share/gnome/applications/kde4/ r,
-@@ -85,12 +92,6 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
+@@ -88,12 +94,6 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
/sys/devices/system/node/node[0-9]*/meminfo r,
deny /sys/devices/virtual/block/*/uevent r,
@@ -112,7 +106,7 @@ index d0aded9..e718ed5 100644
# Required for multiprocess Firefox (aka Electrolysis, i.e. e10s)
owner /{dev,run}/shm/org.chromium.* rw,
-@@ -104,6 +105,31 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
+@@ -107,6 +107,29 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
deny @{HOME}/.cache/fontconfig/** rw,
deny @{HOME}/.config/gtk-2.0/ rw,
deny @{HOME}/.config/gtk-2.0/** rw,
@@ -122,8 +116,6 @@ index d0aded9..e718ed5 100644
+ deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
+ deny /usr/local/lib/tor-browser/update.test/ rw,
+
-+ @{torbrowser_firefox_executable} px -> torbrowser_plugin_container,
-+
+ # Grant access to assistive technologies
+ # (otherwise, Firefox crashes when Orca is enabled:
+ # https://labs.riseup.net/code/issues/9261)
@@ -144,7 +136,7 @@ index d0aded9..e718ed5 100644
deny @{PROC}/@{pid}/net/route r,
deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
-@@ -119,5 +145,10 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
+@@ -122,5 +145,10 @@ profile torbrowser_firefox @{torbrowser_firefox_executable} {
/etc/xfce4/defaults.list r,
/usr/share/xfce4/applications/ r,
@@ -157,10 +149,19 @@ index d0aded9..e718ed5 100644
+ deny /tmp/ rwklx,
}
diff --git a/etc/apparmor.d/torbrowser.Browser.plugin-container b/etc/apparmor.d/torbrowser.Browser.plugin-container
-index fe95fdb..32d0c38 100644
+index 7ec8a00..346f2ad 100644
--- a/etc/apparmor.d/torbrowser.Browser.plugin-container
+++ b/etc/apparmor.d/torbrowser.Browser.plugin-container
-@@ -10,9 +10,9 @@ profile torbrowser_plugin_container {
+@@ -1,7 +1,7 @@
+ #include <tunables/global>
+ #include <tunables/torbrowser>
+
+-@{torbrowser_firefox_executable} = /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox.real
++@{torbrowser_firefox_executable} = /usr/local/lib/tor-browser/firefox.real
+
+ profile torbrowser_plugin_container {
+ #include <abstractions/gnome>
+@@ -12,9 +12,9 @@ profile torbrowser_plugin_container {
# - the "deny" word in the machine-id lines
# - the rules that deny reading /etc/pulse/client.conf
# and executing /usr/bin/pulseaudio
@@ -173,7 +174,7 @@ index fe95fdb..32d0c38 100644
signal (receive) set=("term") peer=torbrowser_firefox,
-@@ -24,14 +24,15 @@ profile torbrowser_plugin_container {
+@@ -26,8 +26,8 @@ profile torbrowser_plugin_container {
deny /etc/group r,
deny /etc/mailcap r,
@@ -184,14 +185,7 @@ index fe95fdb..32d0c38 100644
/etc/mime.types r,
/usr/share/applications/gnome-mimeapps.list r,
-
- /dev/shm/ r,
-
-+ owner @{PROC}/@{pid}/environ r,
- owner @{PROC}/@{pid}/fd/ r,
- owner @{PROC}/@{pid}/mountinfo r,
- owner @{PROC}/@{pid}/stat r,
-@@ -39,28 +40,28 @@ profile torbrowser_plugin_container {
+@@ -42,31 +42,29 @@ profile torbrowser_plugin_container {
owner @{PROC}/@{pid}/task/*/stat r,
@{PROC}/sys/kernel/random/uuid r,
@@ -205,11 +199,12 @@ index fe95fdb..32d0c38 100644
- owner @{torbrowser_home_dir}/browser/components/*.so mr,
- owner @{torbrowser_home_dir}/defaults/pref/ r,
- owner @{torbrowser_home_dir}/defaults/pref/*.js r,
+- owner @{torbrowser_home_dir}/dependentlibs.list r,
- owner @{torbrowser_home_dir}/fonts/ r,
- owner @{torbrowser_home_dir}/fonts/** r,
- owner @{torbrowser_home_dir}/omni.ja r,
-- owner @{torbrowser_home_dir}/plugin-container ixmr,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/extensions/*.xpi r,
+- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/startupCache/* r,
- owner @{torbrowser_home_dir}/TorBrowser/Data/Browser/profile.default/tmp/* rw,
- owner @{torbrowser_home_dir}/TorBrowser/Data/fontconfig/fonts.conf r,
- owner @{torbrowser_home_dir}/TorBrowser/Tor/ r,
@@ -217,11 +212,12 @@ index fe95fdb..32d0c38 100644
- owner @{torbrowser_home_dir}/TorBrowser/Tor/*.so.* mr,
- owner @{torbrowser_home_dir}/Downloads/ rwk,
- owner @{torbrowser_home_dir}/Downloads/** rwk,
+-
+- owner @{torbrowser_firefox_executable} ixmr -> torbrowser_plugin_container,
+ @{torbrowser_home_dir}/ r,
+ @{torbrowser_home_dir}/** mr,
-+ @{torbrowser_home_dir}/plugin-container ixmr,
+
-+ owner @{HOME}/.tor-browser/profile.default/startupCache/scriptCache-child-current.bin r,
++ owner @{HOME}/.tor-browser/profile.default/startupCache/* r,
+ owner @{HOME}/.tor-browser/profile.default/tmp/* rw,
+
+ owner "@{HOME}/Tor Browser/" rw,
@@ -239,10 +235,12 @@ index fe95fdb..32d0c38 100644
+
+ /usr/share/doc/tails/website/ r,
+ /usr/share/doc/tails/website/** r,
++
++ @{torbrowser_firefox_executable} ixmr -> torbrowser_plugin_container,
/sys/devices/system/cpu/ r,
/sys/devices/system/cpu/present r,
-@@ -86,10 +87,16 @@ profile torbrowser_plugin_container {
+@@ -92,10 +90,16 @@ profile torbrowser_plugin_container {
deny @{PROC}/@{pid}/net/route r,
deny /sys/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,
deny /sys/devices/system/cpu/*/cache/index[0-9]*/size r,
diff --git a/config/chroot_local-patches/apparmor-adjust-freedesktop-abstraction.diff b/config/chroot_local-patches/apparmor-adjust-freedesktop-abstraction.diff
new file mode 100644
index 0000000..2596d1f
--- /dev/null
+++ b/config/chroot_local-patches/apparmor-adjust-freedesktop-abstraction.diff
@@ -0,0 +1,11 @@
+--- /etc/apparmor.d/abstractions/freedesktop.org 2018-10-07 19:38:49.308000000 +0000
++++ /etc/apparmor.d/abstractions/freedesktop.org 2018-10-07 19:48:40.400000000 +0000
+@@ -24,7 +24,7 @@
+ /usr/local/share/pixmaps/** r,
+
+ # this should probably go elsewhere
+- /usr/share/mime/** r,
++ /usr/{local/,}share/mime/** r,
+
+ # per-user configurations
+ owner @{HOME}/.icons/ r,