commit 926caabae889b927d2d7ebe21fbee4b85ac2cd3d Author: Yawning Angel yawning@schwanenlied.me Date: Tue Dec 13 21:40:15 2016 +0000
Keep the Grsec PaX override till 7.0.0 release.
The transition to ESR52 will happen mid-alpha, so MPROTECT will be broken for a few versions since Firefox won't do W^X correctly till ESR52. --- ChangeLog | 3 +++ .../internal/sandbox/application.go | 2 +- .../internal/ui/config/manifest.go | 19 +++++++++++-------- 3 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 6425234..81e7f23 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ Changes in version 0.0.3 - UNRELEASED: * Bug 20806: Try even harder to exclude gstreamer. + * Per the browser developers, the initial 7.0 alpha builds will not be ESR52 + based, with a switch mid-alpha series, so keep the Grsec PaX override + around till 7.0.0 release.
Changes in version 0.0.2 - 2016-12-10: * Bug #20780: Shuffle and persist the ordering of internal bridges. diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go index 119f7ef..36c303e 100644 --- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go +++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go @@ -341,7 +341,7 @@ func applyPaXAttributes(manif *config.Manifest, f string) error { // Strip off the attribute if this is a non-grsec kernel, or the bundle is // sufficiently recent to the point where the required W^X fixes are present // in the JIT. - if !IsGrsecKernel() || manif.BundleVersionAtLeast("7.0a1") { + if !IsGrsecKernel() || manif.BundleVersionAtLeast("7.0.0") { if sz > 0 { log.Printf("sandbox: Removing Tor Browser PaX attributes.") syscall.Removexattr(f, paxAttr) diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/config/manifest.go b/src/cmd/sandboxed-tor-browser/internal/ui/config/manifest.go index 393a31e..05954ba 100644 --- a/src/cmd/sandboxed-tor-browser/internal/ui/config/manifest.go +++ b/src/cmd/sandboxed-tor-browser/internal/ui/config/manifest.go @@ -89,21 +89,24 @@ func (m *Manifest) BundleUpdateVersionValid(vStr string) bool { return cmp < 0 }
-func bundleVersionParse(vStr string) (*[4]int, error) { +func bundleVersionParse(vStr string) (*[4]int, bool, error) { vStr = strings.TrimSuffix(vStr, "-hardened") vStr = strings.Replace(vStr, "a", ".0.", 1)
var out [4]int + vSplit := strings.Split(vStr, ".") + isAlpha := len(vSplit) == 4 + for idx, s := range strings.Split(vStr, ".") { i, err := strconv.Atoi(s) if err != nil { - return nil, err + return nil, false, err } out[idx] = i } - out[3] = -out[3] // XXX: I hope there never is "7.0a" or "7.0a0" + out[3] = -out[3]
- return &out, nil + return &out, isAlpha, nil }
func bundleVersionCompare(a, b string) (int, error) { @@ -114,11 +117,11 @@ func bundleVersionCompare(a, b string) (int, error) { return 0, nil // Equal. }
- aVer, err := bundleVersionParse(a) + aVer, aAlpha, err := bundleVersionParse(a) if err != nil { return 0, err } - bVer, err := bundleVersionParse(b) + bVer, bAlpha, err := bundleVersionParse(b) if err != nil { return 0, err } @@ -132,10 +135,10 @@ func bundleVersionCompare(a, b string) (int, error) { } }
- if aVer[3] < 0 && bVer[3] >= 0 { // Alpha vs Release. + if aAlpha && !bAlpha { // Alpha vs Release. return -1, nil } - if aVer[3] >= 0 && bVer[3] < 0 { // Release vs Alpha. + if !aAlpha && bAlpha { // Release vs Alpha. return 1, nil }