commit 926caabae889b927d2d7ebe21fbee4b85ac2cd3d
Author: Yawning Angel <yawning(a)schwanenlied.me>
Date: Tue Dec 13 21:40:15 2016 +0000
Keep the Grsec PaX override till 7.0.0 release.
The transition to ESR52 will happen mid-alpha, so MPROTECT will be
broken for a few versions since Firefox won't do W^X correctly till
ESR52.
---
ChangeLog | 3 +++
.../internal/sandbox/application.go | 2 +-
.../internal/ui/config/manifest.go | 19 +++++++++++--------
3 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 6425234..81e7f23 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
Changes in version 0.0.3 - UNRELEASED:
* Bug 20806: Try even harder to exclude gstreamer.
+ * Per the browser developers, the initial 7.0 alpha builds will not be ESR52
+ based, with a switch mid-alpha series, so keep the Grsec PaX override
+ around till 7.0.0 release.
Changes in version 0.0.2 - 2016-12-10:
* Bug #20780: Shuffle and persist the ordering of internal bridges.
diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
index 119f7ef..36c303e 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
@@ -341,7 +341,7 @@ func applyPaXAttributes(manif *config.Manifest, f string) error {
// Strip off the attribute if this is a non-grsec kernel, or the bundle is
// sufficiently recent to the point where the required W^X fixes are present
// in the JIT.
- if !IsGrsecKernel() || manif.BundleVersionAtLeast("7.0a1") {
+ if !IsGrsecKernel() || manif.BundleVersionAtLeast("7.0.0") {
if sz > 0 {
log.Printf("sandbox: Removing Tor Browser PaX attributes.")
syscall.Removexattr(f, paxAttr)
diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/config/manifest.go b/src/cmd/sandboxed-tor-browser/internal/ui/config/manifest.go
index 393a31e..05954ba 100644
--- a/src/cmd/sandboxed-tor-browser/internal/ui/config/manifest.go
+++ b/src/cmd/sandboxed-tor-browser/internal/ui/config/manifest.go
@@ -89,21 +89,24 @@ func (m *Manifest) BundleUpdateVersionValid(vStr string) bool {
return cmp < 0
}
-func bundleVersionParse(vStr string) (*[4]int, error) {
+func bundleVersionParse(vStr string) (*[4]int, bool, error) {
vStr = strings.TrimSuffix(vStr, "-hardened")
vStr = strings.Replace(vStr, "a", ".0.", 1)
var out [4]int
+ vSplit := strings.Split(vStr, ".")
+ isAlpha := len(vSplit) == 4
+
for idx, s := range strings.Split(vStr, ".") {
i, err := strconv.Atoi(s)
if err != nil {
- return nil, err
+ return nil, false, err
}
out[idx] = i
}
- out[3] = -out[3] // XXX: I hope there never is "7.0a" or "7.0a0"
+ out[3] = -out[3]
- return &out, nil
+ return &out, isAlpha, nil
}
func bundleVersionCompare(a, b string) (int, error) {
@@ -114,11 +117,11 @@ func bundleVersionCompare(a, b string) (int, error) {
return 0, nil // Equal.
}
- aVer, err := bundleVersionParse(a)
+ aVer, aAlpha, err := bundleVersionParse(a)
if err != nil {
return 0, err
}
- bVer, err := bundleVersionParse(b)
+ bVer, bAlpha, err := bundleVersionParse(b)
if err != nil {
return 0, err
}
@@ -132,10 +135,10 @@ func bundleVersionCompare(a, b string) (int, error) {
}
}
- if aVer[3] < 0 && bVer[3] >= 0 { // Alpha vs Release.
+ if aAlpha && !bAlpha { // Alpha vs Release.
return -1, nil
}
- if aVer[3] >= 0 && bVer[3] < 0 { // Release vs Alpha.
+ if !aAlpha && bAlpha { // Release vs Alpha.
return 1, nil
}