commit 2262bf1843129feddb7a913b15ef6298be71f4c1 Author: Yawning Angel yawning@schwanenlied.me Date: Fri Jul 28 17:56:41 2017 +0000

Bug 23058: Apply the SelfRando workaround to 7.5a3 as well.

The browser people apparently didn't update SelfRando, so the workaround for the syscall stupiditiy is still needed. --- ChangeLog | 1 + src/cmd/sandboxed-tor-browser/internal/sandbox/application.go | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog index bc20c39..832f019 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,7 @@ Changes in version 0.0.12 - UNRELEASED: * Bug 22984: Force IDNs to be displayed as punycode to thwart homograph attacks. * Bug 22967: Force disable crashdump reporting. + * Bug 23058: Apply the SelfRando workaround to 7.5a3 as well. * Default disable `dom.securecontext.whitelist_onions`.

Changes in version 0.0.11 - 2017-07-18: diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go index 54d64aa..bb44e39 100644 --- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go +++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go @@ -71,11 +71,14 @@ func RunTorBrowser(cfg *config.Config, manif *config.Manifest, tor *tor.Tor) (pr h.fakeDbus = true h.mountProc = false

- if manif.Channel == "alpha" && !manif.BundleVersionAtLeast("7.5a3") { + if manif.Channel == "alpha" && !manif.BundleVersionAtLeast("7.5a4") { // SelfRando prior to c619441e1ceec3599bc81bf9bbaf4d17c68b54b7 has a // bug in how it handles system call return values, leading to a // infinite loop if `/proc/self/environ` doesn't exist. // + // Despite the fix for this being available upstream, the browser + // people didn't pull it in for the 7.5a3 release. + // // See: https://trac.torproject.org/projects/tor/ticket/22853 Debugf("sandbox: SelfRando /proc/self/environ workaround enabled") h.file("/proc/self/environ", []byte{})