[Bug 1896085] Re: [SRU] Backport patch to update Tor Browser Developers public key into Ubuntu 20.04
Thomas Ward
1896085 at bugs.launchpad.net
Fri Sep 25 02:31:34 UTC 2020
** Changed in: torbrowser-launcher (Ubuntu Groovy)
Status: In Progress => Fix Released
** Changed in: torbrowser-launcher (Ubuntu Groovy)
Assignee: Thomas Ward (teward) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1896085
Title:
[SRU] Backport patch to update Tor Browser Developers public key into
Ubuntu 20.04
Status in torbrowser-launcher package in Ubuntu:
Fix Released
Status in torbrowser-launcher source package in Focal:
In Progress
Status in torbrowser-launcher source package in Groovy:
Fix Released
Bug description:
[Impact]
The torbrowser-launcher package in Ubuntu 20.04 does not work *at all* on new installations (see bug #1856895), because of a Tor Browser Developers public key change (old key is not valid anymore) that causes Tor Browser archive downloaded by torbrowser-launcher when being launched for a first time to fail verification. The included debdiff contains patch with a new key from latest package version (that is in Debian Testing and Ubuntu Groovy) and makes the torbrowser-launcher work again.
[Test Case]
1. Use a clean, fully updated Ubuntu 20.04 system where torbrowser-launcher was not previously installed/configured.
2. Install the "torbrowser-launcher" package.
3. Run "Tor Browser" from a desktop menu (or "torbrowser-launcher" from terminal).
4. Wait for the Tor Browser archive to finish downloading, verifying and unpacking.
[Regression Potential]
This debdiff adds just the one patch mentioned above. As mentioned, the developer key is used only when torbrowser-launcher is launched for a first time - to verify Tor Browser archive that is downloaded and unpacked (into user's home) by torbrowser-launcher. torbrowser updates are then handled by torbrowser itself, not by torbrowser-launcher. Subsequent Tor Browser updates are handled by Tor Browser itself, not by torbrowser-launcher and work fine even if the developer key shipped with torbrowser-launcher is incorrect. I am not aware of any regression this change could cause.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1896085/+subscriptions
More information about the Ubuntu-sponsors
mailing list