[tor-commits] [sandboxed-tor-browser/master] Keep the Grsec PaX override till 7.0.0 release.

yawning at torproject.org yawning at torproject.org
Tue Dec 13 21:42:40 UTC 2016


commit 926caabae889b927d2d7ebe21fbee4b85ac2cd3d
Author: Yawning Angel <yawning at schwanenlied.me>
Date:   Tue Dec 13 21:40:15 2016 +0000

    Keep the Grsec PaX override till 7.0.0 release.
    
    The transition to ESR52 will happen mid-alpha, so MPROTECT will be
    broken for a few versions since Firefox won't do W^X correctly till
    ESR52.
---
 ChangeLog                                             |  3 +++
 .../internal/sandbox/application.go                   |  2 +-
 .../internal/ui/config/manifest.go                    | 19 +++++++++++--------
 3 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 6425234..81e7f23 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 Changes in version 0.0.3 - UNRELEASED:
  * Bug 20806: Try even harder to exclude gstreamer.
+ * Per the browser developers, the initial 7.0 alpha builds will not be ESR52
+   based, with a switch mid-alpha series, so keep the Grsec PaX override
+   around till 7.0.0 release.
 
 Changes in version 0.0.2 - 2016-12-10:
  * Bug #20780: Shuffle and persist the ordering of internal bridges.
diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
index 119f7ef..36c303e 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
@@ -341,7 +341,7 @@ func applyPaXAttributes(manif *config.Manifest, f string) error {
 	// Strip off the attribute if this is a non-grsec kernel, or the bundle is
 	// sufficiently recent to the point where the required W^X fixes are present
 	// in the JIT.
-	if !IsGrsecKernel() || manif.BundleVersionAtLeast("7.0a1") {
+	if !IsGrsecKernel() || manif.BundleVersionAtLeast("7.0.0") {
 		if sz > 0 {
 			log.Printf("sandbox: Removing Tor Browser PaX attributes.")
 			syscall.Removexattr(f, paxAttr)
diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/config/manifest.go b/src/cmd/sandboxed-tor-browser/internal/ui/config/manifest.go
index 393a31e..05954ba 100644
--- a/src/cmd/sandboxed-tor-browser/internal/ui/config/manifest.go
+++ b/src/cmd/sandboxed-tor-browser/internal/ui/config/manifest.go
@@ -89,21 +89,24 @@ func (m *Manifest) BundleUpdateVersionValid(vStr string) bool {
 	return cmp < 0
 }
 
-func bundleVersionParse(vStr string) (*[4]int, error) {
+func bundleVersionParse(vStr string) (*[4]int, bool, error) {
 	vStr = strings.TrimSuffix(vStr, "-hardened")
 	vStr = strings.Replace(vStr, "a", ".0.", 1)
 
 	var out [4]int
+	vSplit := strings.Split(vStr, ".")
+	isAlpha := len(vSplit) == 4
+
 	for idx, s := range strings.Split(vStr, ".") {
 		i, err := strconv.Atoi(s)
 		if err != nil {
-			return nil, err
+			return nil, false, err
 		}
 		out[idx] = i
 	}
-	out[3] = -out[3] // XXX: I hope there never is "7.0a" or "7.0a0"
+	out[3] = -out[3]
 
-	return &out, nil
+	return &out, isAlpha, nil
 }
 
 func bundleVersionCompare(a, b string) (int, error) {
@@ -114,11 +117,11 @@ func bundleVersionCompare(a, b string) (int, error) {
 		return 0, nil // Equal.
 	}
 
-	aVer, err := bundleVersionParse(a)
+	aVer, aAlpha, err := bundleVersionParse(a)
 	if err != nil {
 		return 0, err
 	}
-	bVer, err := bundleVersionParse(b)
+	bVer, bAlpha, err := bundleVersionParse(b)
 	if err != nil {
 		return 0, err
 	}
@@ -132,10 +135,10 @@ func bundleVersionCompare(a, b string) (int, error) {
 		}
 	}
 
-	if aVer[3] < 0 && bVer[3] >= 0 { // Alpha vs Release.
+	if aAlpha && !bAlpha { // Alpha vs Release.
 		return -1, nil
 	}
-	if aVer[3] >= 0 && bVer[3] < 0 { // Release vs Alpha.
+	if !aAlpha && bAlpha { // Release vs Alpha.
 		return 1, nil
 	}
 



More information about the tor-commits mailing list