Page MenuHomePhabricator
Create Task
Maniphest T105

consider removal of deactivation of TBB's internal updater because upstream fixed the issue
Closed, ResolvedPublic
Actions

Description

There was an security issue with TBB's native updater:
https://trac.torproject.org/projects/tor/ticket/13379

The Tor Project has fixed this in TBB version 4.5a3. (As per blog post.)
https://blog.torproject.org/blog/tor-browser-45a3-released

Forum discussion:
https://www.whonix.org/forum/index.php/topic,807.0.html

If 4.5a3 is the new stable at next Whonix release, then the patch mechanism to deactivate TBB's internal updater (function tb_run_function tb_patch_internal_updater_disable_maybe) should be deactivated.

Event Timeline

Patrick created this task.Jan 19 2015, 11:45 PM
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: tb-updater, Whonix 10, security.
Patrick added subscribers: Patrick, HulaHoop.
Herald added a project: Whonix. · View Herald TranscriptJan 19 2015, 11:45 PM
Patrick added a project: easy.Feb 23 2015, 6:47 PM
Herald added a subscriber: WhonixQubes. · View Herald TranscriptFeb 23 2015, 6:47 PM
Patrick added a comment.Apr 2 2015, 4:06 PM

<Patrick> do you have an ETA or roadmap when TBB alpha becomes TBB stable?
<GeKo> 4.5 becomes stable in around 2 weeks
<GeKo> it might not contain all the things we have in the current alpha though
<GeKo> but as far as I currently see only the code for #14429 might not make it
-zwiebelbot/#tor- tor#14429: Automated rounding of content window dimensions - https://bugs.torproject.org/14429

Patrick closed this task as Resolved.Apr 2 2015, 5:11 PM
Patrick claimed this task.

Found an elegant solution to get this done right now.

removed deactivation of TBB internal updater for TBB versions equal or higher than 4.5 because upstream fixed the security issue:
https://github.com/Whonix/tb-updater/commit/5269eca39da11a2cbb3a9a5e190a1eb37ddb3f63

Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer