[Pkg-anonymity-tools] Bug#775921: unblock: torbrowser-launcher/0.1.8-1 (pre-approval)

Holger Levsen holger at layer-acht.org
Wed Jan 21 15:16:23 UTC 2015 

Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock
x-debbugs-cc: pkg-anonymity-tools at lists.alioth.debian.org

Hi,

this is a pre-approval unblock request to upload a new upstream verion of
torbrowser-launcher to fix a serious and an important bug in jessie. The new
upstream release contains one other meaningful change which is the last
hunk in the diff below (that's to "fix opening links in TBB if one originally
opened TBB without clicking a link, aka just started it.)

debian/changelog:

 * New upstream version:
   * featuring new signing key. (Closes: #775871)
   * handle new TBB alpha and beta versioning. (Closes: #775891)

The upstream changelog:

## 0.1.8

* Added new Tor Browser signing key
* Fixed removing alpha/beta code due to change in RecommendedTBBVersions syntax
* Fixed opening links in TBB if you originally opened TBB without clicking a link

debdiff torbrowser-launcher_0.1.7-1.dsc torbrowser-launcher_0.1.8-1.dsc | filterdiff -x "*.asc"
sid  matrix:~/Projects/torbrowser-launcher$ debdiff torbrowser-launcher_0.1.7-1.dsc torbrowser-launcher_0.1.8-1.dsc | filterdiff -x "*.asc" 
dpkg-source: Warnung: unsigniertes Quellpaket wird extrahiert (/home/holgi/Projects/torbrowser-launcher/torbrowser-launcher_0.1.8-1.dsc)
diff -Nru torbrowser-launcher-0.1.7/CHANGELOG.md torbrowser-launcher-0.1.8/CHANGELOG.md
--- torbrowser-launcher-0.1.7/CHANGELOG.md      2014-12-02 18:05:10.000000000 +0000
+++ torbrowser-launcher-0.1.8/CHANGELOG.md      2015-01-21 14:55:03.000000000 +0000
@@ -1,5 +1,12 @@
 # Tor Browser Launcher Changelog
 
+## 0.1.8
+
+* Added new Tor Browser signing key
+* Fixed removing alpha/beta code due to change in RecommendedTBBVersions syntax
+* Fixed opening links in TBB if you originally opened TBB without clicking a link
+
+
 ## 0.1.7
 
 * You can now pass URLs into TBL, and set it as your default browser
diff -Nru torbrowser-launcher-0.1.7/debian/changelog torbrowser-launcher-0.1.8/debian/changelog
--- torbrowser-launcher-0.1.7/debian/changelog  2014-12-03 22:46:14.000000000 +0000
+++ torbrowser-launcher-0.1.8/debian/changelog  2015-01-21 15:01:13.000000000 +0000
@@ -1,3 +1,11 @@
+torbrowser-launcher (0.1.8-1) unstable; urgency=medium
+
+  * New upstream version:
+    * featuring new signing key. (Closes: #775871)
+    * handle new TBB alpha and beta versioning. (Closes: #775891)
+
+ -- Ulrike Uhlig <u at 451f.org>  Tue, 20 Jan 2015 23:30:27 +0100
+
 torbrowser-launcher (0.1.7-1) unstable; urgency=medium
 
   [ Ulrike Uhlig ]
diff -Nru torbrowser-launcher-0.1.7/MANIFEST.in torbrowser-launcher-0.1.8/MANIFEST.in
--- torbrowser-launcher-0.1.7/MANIFEST.in       2014-10-26 14:44:19.000000000 +0000
+++ torbrowser-launcher-0.1.8/MANIFEST.in       1970-01-01 00:00:00.000000000 +0000
@@ -1,6 +0,0 @@
-include locale/*
-include img/*
-include keys/*
-include torbrowser.desktop
-include verify.sh
-include mirrors.txt
diff -Nru torbrowser-launcher-0.1.7/share/torbrowser-launcher/tor-browser-developers.asc torbrowser-launcher-0.1.8/share/torbrowser-launcher/tor-browser-developers.asc
diff -Nru torbrowser-launcher-0.1.7/share/torbrowser-launcher/version torbrowser-launcher-0.1.8/share/torbrowser-launcher/version
--- torbrowser-launcher-0.1.7/share/torbrowser-launcher/version 2014-12-02 18:05:10.000000000 +0000
+++ torbrowser-launcher-0.1.8/share/torbrowser-launcher/version 2015-01-21 14:55:03.000000000 +0000
@@ -1 +1 @@
-0.1.7
+0.1.8
diff -Nru torbrowser-launcher-0.1.7/torbrowser_launcher/common.py torbrowser-launcher-0.1.8/torbrowser_launcher/common.py
--- torbrowser-launcher-0.1.7/torbrowser_launcher/common.py     2014-12-02 18:05:10.000000000 +0000
+++ torbrowser-launcher-0.1.8/torbrowser_launcher/common.py     2015-01-21 14:55:03.000000000 +0000
@@ -134,7 +134,7 @@
                 'tbl_bin': sys.argv[0],
                 'icon_file': os.path.join(os.path.dirname(SHARE), 'pixmaps/torbrowser80.xpm'),
                 'torproject_pem': os.path.join(SHARE, 'torproject.pem'),
-                'erinn_key': os.path.join(SHARE, 'erinn.asc'),
+                'signing_keys': [os.path.join(SHARE, 'erinn.asc'), os.path.join(SHARE, 'tor-browser-developers.asc')],
                 'mirrors_txt': [os.path.join(SHARE, 'mirrors.txt'),
                                 tbb_config+'/mirrors.txt'],
                 'modem_sound': os.path.join(SHARE, 'modem.ogg'),
@@ -175,16 +175,14 @@
     # import gpg keys
     def import_keys(self):
         print _('Importing keys')
-        subprocess.Popen(['/usr/bin/gpg', '--homedir', self.paths['gnupg_homedir'], '--import', self.paths['erinn_key']]).wait()
+        for key in self.paths['signing_keys']:
+            subprocess.Popen(['/usr/bin/gpg', '--homedir', self.paths['gnupg_homedir'], '--import', key]).wait()
 
     # load mirrors
     def load_mirrors(self):
         self.mirrors = []
         for srcfile in self.paths['mirrors_txt']:
-            if os.path.exists(srcfile):
-                print "Successfully loaded mirrors from %s" % srcfile
-            elif not os.path.exists(srcfile):
-                print "Warning: can't load mirrors from %s" % srcfile
+            if not os.path.exists(srcfile):
                 continue
             for mirror in open(srcfile, 'r').readlines():
                 if mirror.strip() not in self.mirrors:
diff -Nru torbrowser-launcher-0.1.7/torbrowser_launcher/launcher.py torbrowser-launcher-0.1.8/torbrowser_launcher/launcher.py
--- torbrowser-launcher-0.1.7/torbrowser_launcher/launcher.py   2014-12-02 18:05:10.000000000 +0000
+++ torbrowser-launcher-0.1.8/torbrowser_launcher/launcher.py   2015-01-21 14:55:03.000000000 +0000
@@ -26,7 +26,7 @@
 OTHER DEALINGS IN THE SOFTWARE.
 """
 
-import os, subprocess, time, json, tarfile, hashlib, lzma, threading
+import os, subprocess, time, json, tarfile, hashlib, lzma, threading, re
 from twisted.internet import reactor
 from twisted.web.client import Agent, RedirectAgent, ResponseDone, ResponseFailed
 from twisted.web.http_headers import Headers
@@ -513,7 +513,7 @@
                 stable = []
                 # remove alphas/betas
                 for version in versions:
-                    if '-alpha-' not in version and '-beta-' not in version:
+                    if not re.search(r'a\d-Linux', version) and not re.search(r'b\d-Linux', version):
                         stable.append(version)
                 if len(stable):
                     latest = stable.pop()
@@ -634,10 +634,7 @@
                 gtk.main_iteration_do(True)
 
         # run Tor Browser
-        if len(self.url_list) == 0:
-            subprocess.call([self.common.paths['tbb']['start']])
-        else:
-            subprocess.call([self.common.paths['tbb']['start'], '-allow-remote'] + self.url_list)
+        subprocess.call([self.common.paths['tbb']['start'], '-allow-remote'] + self.url_list)
 
         if run_next_task:
             self.run_task()

The alternative would obviously to just cherry-pick all other commits except
de13483 and upload that... but I think this last hunk is safe and meaningful,
so I would prefer to go with 0.1.8-1.


cheers,
	Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.alioth.debian.org/mailman/private/pkg-anonymity-tools/attachments/20150121/263990a0/attachment.sig>

More information about the Pkg-anonymity-tools mailing list