Commit 7245a8a6 authored by sajolida's avatar sajolida

Merge remote-tracking branch 'origin/master'

parents 13d7b1a5 b46c676d
......@@ -4,12 +4,13 @@ set -eu
echo "Install the Tor Browser"
# Import the TBB_INSTALL, TBB_PROFILE and TBB_EXT variables, which
# contains the paths we will split TBB's actual browser (binaries
# etc), user data and extension into. While this differs from how the
# TBB organizes the files, the end result will be the same, and it's
# practical since when creating a new browser profile we can simply
# copy the profile directory without duplicating all extensions.
# Import the TBB_INSTALL, TBB_PROFILE, TBB_EXT and
# TOR_LAUNCHER_INSTALL variables, which contains the paths we will
# split TBB's actual browser (binaries etc), user data and extension
# into. While this differs from how the TBB organizes the files, the
# end result will be the same, and it's practical since when creating
# a new browser profile we can simply copy the profile directory
# without duplicating all extensions.
. /usr/local/lib/tails-shell-library/tor-browser.sh
download_and_verify_files() {
......@@ -70,11 +71,11 @@ install_tor_browser() {
# profile but we want to keep it as a standalone application
# when Tails is started in "bridge mode".
torlauncher_xpi_path="${prep}/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher@torproject.org.xpi"
7z x -o'/usr/share/tor-launcher-standalone' "${torlauncher_xpi_path}"
7z x -o"${TOR_LAUNCHER_INSTALL}" "${torlauncher_xpi_path}"
torlauncher_version="$(sed -n \
's,^ <em:version>\([0-9\.]\+\)</em:version>,\1,p' \
'/usr/share/tor-launcher-standalone/install.rdf')"
cat > '/usr/share/tor-launcher-standalone/application.ini' << EOF
"${TOR_LAUNCHER_INSTALL}/install.rdf")"
cat > "${TOR_LAUNCHER_INSTALL}/application.ini" << EOF
[App]
Vendor=TorProject
Name=TorLauncher
......@@ -89,7 +90,7 @@ MaxVersion=*.*.*
[Shell]
Icon=icon.png
EOF
chmod -R a+rX '/usr/share/tor-launcher-standalone'
chmod -R a+rX "${TOR_LAUNCHER_INSTALL}"
rm "${torlauncher_xpi_path}"
# The Tor Browser will fail, complaining about an incomplete profile,
......
......@@ -86,7 +86,7 @@ while IFS=: read MOZILLA_LOCALE LOCATION LOCALIZED_LANG STARTPAGE_LANG STARTPAGE
# mix them up.
CAPITALIZED_LANG_CODE="$(echo "${LANG_CODE}" | tr 'a-z' 'A-Z')"
LOCALIZED_WIKIPEDIA_ICON_PATH="/tmp/wikipedia-icon-${LANG_CODE}.png"
WIKIPEDIA_SEARCH_ICON_BASE64_PATH="#{LOCALIZED_WIKIPEDIA_ICON_PATH}.base64"
WIKIPEDIA_SEARCH_ICON_BASE64_PATH="${LOCALIZED_WIKIPEDIA_ICON_PATH}.base64"
WIKIPEDIA_ICON_TEMPLATE="${BROWSER_LOCALIZATION_DIR}/Wikipedia-icon.png"
convert "${WIKIPEDIA_ICON_TEMPLATE}" \
-gravity SouthEast -pointsize 130 -font Liberation-Sans-Bold \
......
......@@ -4,5 +4,8 @@ set -e
echo "Creating prefs override for Tor Launcher"
# Import the TOR_LAUNCHER_INSTALL variable.
. /usr/local/lib/tails-shell-library/tor-browser.sh
ln -s /etc/xul-ext/tor-launcher.js \
/usr/share/tor-launcher-standalone/defaults/preferences/000system.js
"${TOR_LAUNCHER_INSTALL}/defaults/preferences/000system.js"
SOCKS_SERVER=127.0.0.1:9050
SOCKS5_SERVER=127.0.0.1:9050
# Allow Torbutton access to the control port filter (for new identity).
# Setting a password is required, otherwise Torbutton attempts to
# read the authentication cookie file instead, which fails.
TOR_CONTROL_HOST='127.0.0.1'
TOR_CONTROL_PORT='9052'
TOR_CONTROL_PASSWD='passwd'
# Hide Torbutton's "Tor Network Settings..." context menu entry since
# it doesn't work in Tails, and we deal with those configurations
# strictly through Tor Launcher.
TOR_NO_DISPLAY_NETWORK_SETTINGS='yes'
# Port that the monkeysphere validation agent listens on
MSVA_PORT='6136'
Defaults!/usr/bin/tor-launcher always_set_home,env_keep+="TOR_CONFIGURE_ONLY TOR_CONTROL_PORT TOR_CONTROL_COOKIE_AUTH_FILE TOR_FORCE_NET_CONFIG TOR_HIDE_BROWSER_LOGO"
#!/bin/sh
set -e
# Import exec_firefox() and configure_best_tor_launcher_locale()
. /usr/local/lib/tails-shell-library/tor-browser.sh
# The Tor Browser hardcodes the default profile dir to ../.. from the
# folder storing the application.ini file supplied via -app. Sadly,
# -profile doesn't work together with -app. Therefore we copy the
# whole Tor Launcher application (just ~350 KB) into the user's home
# so we can get the profile directory in a sane place.
if [ ! -e "${HOME}"/.tor-launcher ]; then
mkdir -p "${HOME}"/.tor-launcher
cp -r /usr/share/tor-launcher-standalone "${HOME}"/.tor-launcher/tor-launcher-standalone
mkdir -p "${HOME}"/.tor-launcher/TorBrowser/Data/Browser/
cat << EOF > "${HOME}"/.tor-launcher/TorBrowser/Data/Browser/profiles.ini
[General]
StartWithLastProfile=1
[Profile0]
Name=default
IsRelative=1
Path=profile.default
EOF
mkdir -p "${HOME}"/.tor-launcher/TorBrowser/Data/Browser/profile.default/preferences
configure_best_tor_launcher_locale "${HOME}"/.tor-launcher/TorBrowser/Data/Browser/profile.default
fi
exec_unconfined_firefox -app "${HOME}"/.tor-launcher/tor-launcher-standalone/application.ini
......@@ -20,6 +20,18 @@ PROFILE="${HOME}/.tor-browser/profile.default"
# Import exec_firefox() and configure_best_tor_browser_locale()
. /usr/local/lib/tails-shell-library/tor-browser.sh
# Allow Torbutton access to the control port filter (for new identity).
# Setting a password is required, otherwise Torbutton attempts to
# read the authentication cookie file instead, which fails.
export TOR_CONTROL_HOST='127.0.0.1'
export TOR_CONTROL_PORT='9052'
export TOR_CONTROL_PASSWD='passwd'
# Hide Torbutton's "Tor Network Settings..." context menu entry since
# it doesn't work in Tails, and we deal with those configurations
# strictly through Tor Launcher.
export TOR_NO_DISPLAY_NETWORK_SETTINGS='yes'
ask_for_confirmation() {
# Skip dialog if user is already running Tor Browser:
if pgrep -u amnesia -f "${TBB_INSTALL}/firefox" ; then
......@@ -55,11 +67,6 @@ start_browser() {
# not enough to simply set intl.locale.matchOS to true.
configure_best_tor_browser_locale "${PROFILE}"
unset SESSION_MANAGER
export FONTCONFIG_PATH="${TBB_INSTALL}/TorBrowser/Data/fontconfig"
export FONTCONFIG_FILE="fonts.conf"
exec_firefox -allow-remote --class "Tor Browser" -profile "${PROFILE}" "${@}"
}
......
#!/bin/sh
set -e
# Import the TOR_LAUNCHER_INSTALL variable, and exec_unconfined_firefox()
# and configure_best_tor_launcher_locale()
. /usr/local/lib/tails-shell-library/tor-browser.sh
unset TOR_CONTROL_PASSWD
unset TOR_FORCE_NET_CONFIG
export TOR_CONFIGURE_ONLY=1
export TOR_CONTROL_PORT=9051
export TOR_CONTROL_COOKIE_AUTH_FILE=/var/run/tor/control.authcookie
export TOR_HIDE_BROWSER_LOGO=1
if echo "$@" | grep -qw -- --force-net-config; then
export TOR_FORCE_NET_CONFIG=1
fi
PROFILE="${HOME}/.tor-launcher/profile.default"
if [ ! -d "${PROFILE}" ]; then
mkdir -p "${PROFILE}"
configure_best_tor_launcher_locale "${PROFILE}"
fi
exec_unconfined_firefox \
-app "${TOR_LAUNCHER_INSTALL}/application.ini" \
-profile "${PROFILE}"
......@@ -132,8 +132,10 @@ configure_chroot_browser_profile () {
# Set preferences
local browser_prefs="${browser_profile}/preferences/prefs.js"
local chroot_browser_config="/usr/share/tails/chroot-browsers"
mkdir -p "$(dirname "${browser_prefs}")"
cp "/usr/share/tails/${browser_name}/prefs.js" "${browser_prefs}"
cat "${chroot_browser_config}/common/prefs.js" \
"${chroot_browser_config}/${browser_name}/prefs.js" > "${browser_prefs}"
# Set browser home page to something that explains what's going on
if [ -n "${home_page}" ]; then
......@@ -145,12 +147,14 @@ configure_chroot_browser_profile () {
rm "${chroot}/${TBB_PROFILE}/bookmarks.html"
# Set an appropriate theme
cat "/usr/share/tails/${browser_name}/theme.js" >> "${browser_prefs}"
cat "${chroot_browser_config}/${browser_name}/theme.js" >> "${browser_prefs}"
# Customize the GUI.
local browser_chrome="${browser_profile}/chrome/userChrome.css"
mkdir -p "$(dirname "${browser_chrome}")"
cat "/usr/share/tails/${browser_name}/userChrome.css" >> "${browser_chrome}"
cat "${chroot_browser_config}/common/userChrome.css" \
"${chroot_browser_config}/${browser_name}/userChrome.css" >> \
"${browser_chrome}"
set_chroot_browser_permissions "${chroot}" "${browser_name}" "${browser_user}"
}
......
......@@ -3,18 +3,33 @@
TBB_INSTALL=/usr/local/lib/tor-browser
TBB_PROFILE=/etc/tor-browser/profile
TBB_EXT=/usr/local/share/tor-browser-extensions
TOR_LAUNCHER_LOCALES_DIR=/usr/share/tor-launcher-standalone/chrome/locale
TOR_LAUNCHER_INSTALL=/usr/local/lib/tor-launcher-standalone
TOR_LAUNCHER_LOCALES_DIR="${TOR_LAUNCHER_INSTALL}/chrome/locale"
exec_firefox_helper() {
local binary="${1}"; shift
export LD_LIBRARY_PATH="${TBB_INSTALL}"
export FONTCONFIG_PATH="${TBB_INSTALL}/TorBrowser/Data/fontconfig"
export FONTCONFIG_FILE="fonts.conf"
# The Tor Browser often assumes that the current directory is
# where the browser lives, e.g. for the fixed set of fonts set by
# fontconfig above.
cd "${TBB_INSTALL}"
# From start-tor-browser:
unset SESSION_MANAGER
exec "${TBB_INSTALL}"/"${binary}" "${@}"
}
exec_firefox() {
LD_LIBRARY_PATH="${TBB_INSTALL}"
export LD_LIBRARY_PATH
exec "${TBB_INSTALL}"/firefox "${@}"
exec_firefox_helper firefox "${@}"
}
exec_unconfined_firefox() {
LD_LIBRARY_PATH="${TBB_INSTALL}"
export LD_LIBRARY_PATH
exec "${TBB_INSTALL}"/firefox-unconfined "${@}"
exec_firefox_helper firefox-unconfined "${@}"
}
guess_best_tor_browser_locale() {
......
......@@ -5,28 +5,20 @@ set -e
# Import export_gnome_env().
. /usr/local/lib/tails-shell-library/gnome.sh
unset TOR_CONTROL_PASSWD
unset TOR_FORCE_NET_CONFIG
TOR_CONFIGURE_ONLY=1
TOR_CONTROL_PORT=9051
TOR_CONTROL_COOKIE_AUTH_FILE=/var/run/tor/control.authcookie
TOR_HIDE_BROWSER_LOGO=1
export TOR_CONFIGURE_ONLY
export TOR_CONTROL_PORT
export TOR_CONTROL_COOKIE_AUTH_FILE
export TOR_HIDE_BROWSER_LOGO
if echo "$@" | grep -qw -- --force-net-config; then
TOR_FORCE_NET_CONFIG=1
export TOR_FORCE_NET_CONFIG
fi
# Get LIVE_USERNAME
. /etc/live/config.d/username.conf
# Get LANG
. /etc/default/locale
# The Tor Browser hardcodes the default profile dir to inside
# ../TorBrowser/Data/Browser/ from the folder storing the
# application.ini file supplied via -app. We can use -profile to load
# it from a different place, but then the Caches directory
# must still exist and be accessible in the above folder.
mkdir -p /usr/local/lib/TorBrowser/Data/Browser/Caches
chmod -R a+rX /usr/local/lib/TorBrowser
until pgrep -u "${LIVE_USERNAME}" '^ibus-daemon' >/dev/null ; do
sleep 5
done
......@@ -34,11 +26,8 @@ done
export LANG
export_gnome_env
sudo -u ${LIVE_USERNAME} xhost +SI:localuser:tor-launcher
gksudo -u tor-launcher /usr/bin/tor-launcher
gksudo -u tor-launcher /usr/local/bin/tor-launcher -- "$@"
RET=${?}
sudo -u ${LIVE_USERNAME} xhost -SI:localuser:tor-launcher
# Save ~10 RAM (due to the tmpfs) by removing this unused file
rm -f /usr/Data/Browser/*.default/places.sqlite
exit ${RET}
// Disable proxying in the chroot
pref("network.proxy.type", 0);
pref("network.proxy.socks_remote_dns", false);
// Disable update checking
pref("app.update.enabled", false);
pref("extensions.update.enabled", false);
/* Prevent File -> Print or CTRL+P from causing the browser to hang
for several minutes while trying to communicate with CUPS, since
access to port 631 isn't allowed through. */
pref("print.postscript.cups.enabled", false);
// Hide "Get Addons" in Add-ons manager
pref("extensions.getAddons.showPane", false);
/* Google seems like the least suspicious choice of default search
engine for the Unsafe Browser's in-the-clear traffic. */
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
// Disable fetching of the new tab page's Tiles links/ads. Ads are
// generally unwanted, and also the fetching is a "phone home" type of
// feature that generates traffic at least the first time the browser
// is started.
// is started. It won't work in e.g. the I2P Browser, too.
pref("browser.newtabpage.directory.source", "");
pref("browser.newtabpage.directory.ping", "");
// ... and disable the explanation shown the first time
pref("browser.newtabpage.introShown", true);
// Don't use geographically specific search prefs, like
// browser.search.*.US for US locales. Our generated amnesia branding
// add-on localizes search-engines in an incompatible but equivalent
// way.
pref("browser.search.geoSpecificDefaults", false);
/* Prevent File -> Print or CTRL+P from causing the browser to hang
for several minutes while trying to communicate with CUPS, since
access to port 631 isn't allowed through. */
pref("print.postscript.cups.enabled", false);
// Without setting this, the Download Management page will not update
// the progress being made.
pref("browser.download.panel.shown", true);
// Hide "Get Addons" in Add-ons manager
pref("extensions.getAddons.showPane", false);
/* Required, do not remove */
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
/* Hide Firefox Sync options. Sync hasn't been audited by the
Tor Browser developers yet (Tor bug #10368), and it doesn't seem to
work any way (Tor bug #13279). Weak passwords would be a pretty
serious issue too. */
/* Hide Firefox Sync options. It will not work with the I2P Browser
and will only promote unsupported use cases for the Unsafe Browser. */
#BrowserPreferences radio[pane="paneSync"],
#sync-button,
#sync-menu-button,
......@@ -18,20 +15,23 @@
Tools -> Add-ons link to the Add-ons manager. We do not want to
encourage installing such things as it's not part of the supported
use-cases and may have privacy issues. Also they will not persist a
restart, which is just confusing. */
restart, which is just confusing. In the I2P Browser, many of these
features will not work any way. */
#menu_openApps,
#menu_openAddons, /* traditional menu */
#add-ons-button, /* new style Firefox menu */
#wrapper-add-ons-button, /* Customize toolbar */
/* Hide the "Share this page" button in the Tool bar, which encourages
the use of social (= tracking) networks. Note that this one likely
will be removed upstream in the final Tor Browser 5.0 release. */
the use of social (= tracking) networks. These will not work in the
I2P browser any way. */
#social-share-button,
/* Hide TorBrowser Health Report and its configuration option */
/* Hide the Health Report and its configuration option. It's just a
blank page, for some reason. */
#appmenu_healthReport,
#dataChoicesTab,
#healthReport
/* Do the actual hiding. */
{display: none !important}
......@@ -7,21 +7,9 @@ pref("network.proxy.http_port", 4444);
pref("network.proxy.no_proxies_on", "127.0.0.1");
pref("network.proxy.ssl", "127.0.0.1");
pref("network.proxy.ssl_port", 4444);
// Disable searching from the URL bar
pref("keyword.enabled", false);
// Hide "Get Addons" in Add-ons manager
pref("extensions.getAddons.showPane", false);
/* Prevent File -> Print or CTRL+P from causing the browser to hang
for several minutes while trying to communicate with CUPS, since
access to port 631 isn't allowed through. */
pref("print.postscript.cups.enabled", false);
// Disable fetching of the new tab page's Tiles links/ads. It will not
// work in the I2P Browser.
pref("browser.newtabpage.directory.source", "");
pref("browser.newtabpage.directory.ping", "");
// ... and disable the explanation shown the first time
pref("browser.newtabpage.introShown", true);
// Without setting this, the Download Management page will not update
// the progress being made.
......
/* Required, do not remove */
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
/* Hide access to the bookmarks to try to prevent "data loss" due to users
......@@ -24,17 +23,6 @@
#wrapper-history-button,
#wrapper-bookmarks-button,
/* Hide the Tools -> Apps link to the Firefox Marketplace, and
Tools -> Add-ons link to the Add-ons manager. We do not want to
encourage installing such things as it's not part of the supported
use-cases and may have privacy issues. Also they will not persist a
restart, which is just confusing. In the I2P Browser, many of these
features will not work any way. */
#menu_openApps,
#menu_openAddons, /* traditional menu */
#add-ons-button, /* new style Firefox menu */
#wrapper-add-ons-button, /* Customize toolbar */
/* Hide the sidebar menu (underneath View) since the default sidebars consist
* of history and bookmarks. Also disable the bookmark toolbar.
*/
......@@ -66,27 +54,6 @@ menuitem[command="Browser:SendLink"],
[command="cmd_print"],
*/
/* Hide the sync functionality which won't work with I2P */
#BrowserPreferences radio[pane="paneSync"],
#sync-button,
#sync-menu-button,
#sync-setup,
#sync-setup-appmenu,
#sync-status-button,
#sync-syncnowitem-appmenu,
#wrapper-sync-button,
/* Hide the "Share this page" button in the Tool bar, which encourages
the use of social (= tracking) networks. These will not work in the
I2P browser any way. Note that this one likely will be removed
upstream in the final Tor Browser 5.0 release. */
#social-share-button,
/* Hide the "Keyboard shortcuts" and "Tour" options from
from the Help menu */
#menu_keyboardShortcuts,
#menu_openTour,
/* Without I2P search engines defined, the search bar is useless.
* Since there are no I2P search engines added to Tails (yet),
* let's hide it and the Update Pane in Firefox's Preferences.
......@@ -94,9 +61,9 @@ from the Help menu */
#search-container,
#updateTab,
/* Hide options in the Help menu that lead to disallowed resources on the
* Internet.
*/
/* Hide options that lead to resources inaccessible over I2P */
#menu_keyboardShortcuts,
#menu_openTour,
#appmenu_feedbackPage,
#appmenu_gettingStarted,
#appmenu_openHelp,
......@@ -107,12 +74,7 @@ from the Help menu */
/* Hide the TorButton button from the toolbar */
#torbutton-button,
#wrapper-torbutton-button,
/* Hide TorBrowser Health Report and its configuration option */
#appmenu_healthReport,
#dataChoicesTab,
#healthReport
#wrapper-torbutton-button
/* Now the actual hiding */
/* Do the actual hiding. */
{display: none !important}
// Disable proxying in the chroot
pref("network.proxy.type", 0);
pref("network.proxy.socks_remote_dns", false);
/* Google seems like the least suspicious choice of default search
engine for the Unsafe Browser's in-the-clear traffic. */
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
// Don't use geographically specific search prefs, like
// browser.search.*.US for US locales. Our generated amnesia branding
// add-on localizes search-engines in an incompatible but equivalent
// way.
pref("browser.search.geoSpecificDefaults", false);
// Without setting this, the Download Management page will not update
// the progress being made.
pref("browser.download.panel.shown", true);
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
http://torbrowser-archive.tails.boum.org/5.5/
http://torbrowser-archive.tails.boum.org/5.5.2/
f175e3908ab741172dca082a2a1703fbb05148b51dac751507dc7632c50f693a tor-browser-linux32-5.5_ar.tar.xz
28787dd811152b9afd1d1821a0770bd9eefe7fc25bb415c3d5ad0765665e8d8d tor-browser-linux32-5.5_de.tar.xz
8ebf47dc26fd6d867d54cf6d04675e5bd3fdba4927beaf6af340c2a07b8f7a75 tor-browser-linux32-5.5_en-US.tar.xz
e28c844b7fd02515cf51f245ac4be2fbc2ee77dd0053515db436090751fa7b97 tor-browser-linux32-5.5_es-ES.tar.xz
eb56faf8639c4f7019b6adcdb0140048a95a7d165893c8d61a37780ac74b1488 tor-browser-linux32-5.5_fa.tar.xz
ac90e739fd3fb1e096e3f728265227df81e9416b8e34345513194ef0f2e69e3f tor-browser-linux32-5.5_fr.tar.xz
013d6b63ddb16c97cfaef532b11729b017903c80242ef6427ec24c19466f07fa tor-browser-linux32-5.5_it.tar.xz
3dd24c7e2cf19aede85297913e36744812361cd47f5a26ddc4fca587cd0ee257 tor-browser-linux32-5.5_ja.tar.xz
29c22c65688c87b38f291ffc73f78bd82309e2e1acb06c4716a95f38abba480b tor-browser-linux32-5.5_ko.tar.xz
410fa9fb4d7f2404b5538a3a487b12aca87ceb26bfa2b95565a2b41ad9835beb tor-browser-linux32-5.5_nl.tar.xz
fe9f8912254807af8e2171683fbc6b60d00357300f967a4f3dc55a796ea7c6af tor-browser-linux32-5.5_pl.tar.xz
11936a718c8ee00a464ef24ed0454a0db50142512a67d54058e4468f854ee702 tor-browser-linux32-5.5_pt-PT.tar.xz
954a32dc88c79ac22bb4010156c2a64eb0fa2c2e9d30fe16618f1c8b05fe8a6c tor-browser-linux32-5.5_ru.tar.xz
a50121d3a1d3d0b60b4fb45be25122298aa55ff052b6303e789425f047e16272 tor-browser-linux32-5.5_tr.tar.xz
25ffc583e8a8dcf4d274c6555961fdd05bc1c57c1e4b054b9e64cb07104ebe44 tor-browser-linux32-5.5_vi.tar.xz
053cec43ed8447e2ad3a122c3d6bd80699b3569c06c26b20bbbb626effcdf406 tor-browser-linux32-5.5_zh-CN.tar.xz
9b67450e4a4ea482b058c266edfebed219f09760dd8d02198c20eb697a1cdf82 tor-browser-linux32-5.5.2_ar.tar.xz
3b32acd9ecb80f0c9c83c7111981e97481b236f6cf698b5a124b54f68fb9ca84 tor-browser-linux32-5.5.2_de.tar.xz
19e36f9fd66135308202f78ea5f7f5835f2c56960efe47a44de6d8d1f3354cbe tor-browser-linux32-5.5.2_en-US.tar.xz
1e2c4500697cd512d0e1aacdcacdf4edcd923d37d41d81f93c5f2653d0889b94 tor-browser-linux32-5.5.2_es-ES.tar.xz
fdd12dfc1d729ed995e35ce282343421eab8085d7b986d9cb1767a26cd21e801 tor-browser-linux32-5.5.2_fa.tar.xz
dcdec685a1f5a4b4d238787bbcb6e88d3701f83f7f9c0e9e089106a58c75da8b tor-browser-linux32-5.5.2_fr.tar.xz
e7ad29a4fb4cf2e3553e1e1e60be3856807bce609207264c07c95aedfb97851e tor-browser-linux32-5.5.2_it.tar.xz
adb02492193eec5a9ec3cff3724eb5e8f5a6115eb4cbb1d1127211685d8d2a62 tor-browser-linux32-5.5.2_ja.tar.xz
7d79db5daa524deea227d4627457200dbbd7ccb14d3ea9ecf9355569eb22dcba tor-browser-linux32-5.5.2_ko.tar.xz
3c89edcc1d532bed6ee7fb955cb58165efcaea2be9309183d403f76de475ebc4 tor-browser-linux32-5.5.2_nl.tar.xz
15cef82dd7f4ed471391221e0313078fbce416b26426a9ced8e350e04f16e875 tor-browser-linux32-5.5.2_pl.tar.xz
3fd03133d2c12bc23f23bf3b99b067f21ec0b3284874fecd9ff67fc0b985fdc2 tor-browser-linux32-5.5.2_pt-PT.tar.xz
53f680c5228e2beecd08668322d0d91a39b2f1433ae5d23fa544739355c9d05c tor-browser-linux32-5.5.2_ru.tar.xz
8be80d4ae769e1ea39c8e860e2588af5c76a75dd7bbe5c4df9d7c90baba659aa tor-browser-linux32-5.5.2_tr.tar.xz
cb83311d8c94d1d2fa5bac7b5961a94c741de2945e76b7564b97cc407451a6d5 tor-browser-linux32-5.5.2_vi.tar.xz
11ea21a9abc7b3425eca186d58cf49dcadb03439fa2dddc8699bf8151ec611a9 tor-browser-linux32-5.5.2_zh-CN.tar.xz
--- /tmp/torbrowser-launcher-0.2.1/apparmor/torbrowser.Browser.firefox 2015-11-19 13:21:34.000000000 +0100
+++ apparmor/torbrowser.Browser.firefox 2015-11-19 13:19:30.680460539 +0100
--- /tmp/torbrowser-launcher-0.2.2/apparmor/torbrowser.Browser.firefox 2016-02-08 13:11:05.000000000 +0100
+++ apparmor/torbrowser.Browser.firefox 2016-02-08 13:25:15.170069917 +0100
@@ -1,13 +1,15 @@
# Last modified
#include <tunables/global>
......@@ -18,7 +18,7 @@
# Uncomment the following lines if you want to give the Tor Browser read-write
# access to most of your personal files.
@@ -17,41 +19,52 @@
@@ -17,45 +19,52 @@
#dbus,
network tcp,
......@@ -50,13 +50,17 @@
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/ r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/* r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/.** rwk,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/update.test/ rwk,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/.** rwk,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/ r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/ rw,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/** rw,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser.bak/updated/ rwk,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/*.so mr,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/components/*.so mr,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/browser/components/*.so mr,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox rix,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/updates/[0-9]*/updater ix,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/updates/0/MozUpdater/bgupdate/updater ix,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profiles.ini r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/ r,
- owner @{HOME}/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/TorBrowser/Data/Browser/profile.default/** rwk,
......@@ -96,7 +100,7 @@
/etc/mailcap r,
/etc/mime.types r,
@@ -74,6 +87,30 @@
@@ -78,6 +87,30 @@
/sys/devices/pci[0-9]*/**/uevent r,
owner /{dev,run}/shm/shmfd-* rw,
......@@ -127,7 +131,7 @@
# KDE 4
owner @{HOME}/.kde/share/config/* r,
@@ -81,5 +118,10 @@
@@ -85,5 +118,10 @@
/etc/xfce4/defaults.list r,
/usr/share/xfce4/applications/ r,
......
......@@ -399,3 +399,6 @@ openjdk-7-jre
# Enable Electrum's Qt GUI
python-qt4
# Provide gnome-open (used to open e.g. URLs in KeePassX, Icedove, Electrum...)
libgnome2-bin
tails (2.0.1) unstable; urgency=medium
* Major new features and changes
- Enable the Tor Browser's font fingerprinting protection
(Closes: #11000). We do it for all browsers (including
the Unsafe Browser and I2P Browser mainly to avoid making our
automated test suite overly complex. This implied to set an appropriate
working directory when launching the Tor Browser, to accommodate for
the assumptions it makes about this.
* Security fixes
- Upgrade Tor Browser to 5.5.2 (Closes: #11105).
* Bugfixes
- Repair 32-bit UEFI support (Closes: #11007); bugfix on 2.0.
- Add libgnome2-bin to installed packages list to provide gnome-open,
which fixes URL handling at least in KeePassX, Electrum and Icedove
(Closes: #11031); bugfix on 2.0. Thanks to segfault for the patch!
* Minor improvements
- Refactor and de-duplicate the chrooted browsers' configuration: