Bug #11082

Replace Liferea

Added by sajolida 2016-02-08 17:55:08 . Updated 2019-01-30 11:48:27 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2016-05-05
Due date:
% Done:

100%

Feature Branch:
feature/11082-deprecate-liferea
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Feed Reader
Deliverable for:

Description

It has many problems and we could use Icedove instead.

Let’s use this one as meta ticket.


Files


Subtasks

Feature #7626: Investigate using Thunderbird & TorBirdy as the RSS reader Resolved

100

Feature #15745: Update doc wrt. Liferea → Thunderbird as the default feed reader Resolved

100

Bug #15775: Adjust persistence setup to Thunderbird being recommended for feeds Resolved

100

Bug #15776: Remove Liferea Resolved

100


Related issues

Related to Tails - Bug #9989: Liferea freezes at startup Rejected 2015-08-13
Blocked by Tails - Feature #15091: Upgrade to Thunderbird 60 Resolved 2018-05-09
Blocks Tails - Feature #15507: Core work 2019Q1: Foundations Team Resolved 2018-04-08

History

#1 Updated by sajolida 2016-02-08 18:01:50

  • Subject changed from Remove Liferea to Replace Liferea

#2 Updated by sajolida 2016-05-09 11:36:34

  • Affected tool set to Feed Reader

#3 Updated by intrigeri 2017-05-16 10:14:06

  • Assignee set to anonym
  • Target version set to Tails_3.0

We’re seeing issues in 3.0~betaN with Liferea, and we prefer spending our time moving to Thunderbird instead of debugging Liferea.

#4 Updated by anonym 2017-05-16 15:34:03

  • Target version changed from Tails_3.0 to Tails_3.2

#5 Updated by intrigeri 2017-06-29 10:33:44

#6 Updated by intrigeri 2017-09-02 10:42:15

Looking at your 3.2 plate, I suggest you postpone this to another major release.

#7 Updated by intrigeri 2017-09-07 06:58:15

  • Target version changed from Tails_3.2 to Tails_3.5

#8 Updated by intrigeri 2017-09-24 09:38:36

#9 Updated by intrigeri 2017-09-24 09:38:39

  • blocked by deleted (Feature #13234: Core work 2017Q3: Foundations Team)

#10 Updated by intrigeri 2017-12-07 12:51:17

  • Assignee changed from anonym to intrigeri

I’ll propose something.

#11 Updated by intrigeri 2017-12-08 09:08:16

  • Type of work changed from Code to Discuss

I’ll first describe what’s the current status of feed reading support in Tails, so we can take this baseline into account when we discuss the next steps, and we can avoid demanding than the replacement solution replaces things that we never had, or does perfectly something the old solution did poorly:

  • We don’t document Liferea usage anywhere. It’s only mentioned on our doc/about/features page.
  • We have no persistence setting for Liferea, so if anyone uses it seriously, they have to add a custom persistence setting. But we have a persistence setting for Thunderbird.
  • We have had concerns for years about the safety of Liferea because it’s essentially another browser we ship, with JS enabled by default (Bug #9429) and merely running it with torsocks is not enough to make a web browser anonymous. On Thunderbird with Torbirdy, by default only text (not HTML) is rendered which is safer. Users can enable full HTML rendering in Thunderbird too, but at least the default configuration is safe.
  • I’ve not heard anything about Liferea from our help desk for many years. I seriously doubt anyone is using it in Tails currently. The only person I know who uses Liferea on Debian Stretch, wrapped with torsocks just like we do, sees it crashing (segfault) every 15 minutes or so. Likely there’s something Liferea dislikes about being run in a torsocks environment. I suspect Tails is affected just the same but nobody noticed.
  • A few of us are using Thunderbird (in Tails and outside) for their feed reading. AFAIK they’re all happy with it.
  • Years ago we decided to focus on this very ticket instead so we’ve left numerous Liferea issues open, e.g. Bug #8793 and Bug #9989. Thunderbird does not suffer from these bugs.
  • Most of the research we wanted to do on Feature #7626 has been done, and https://trac.torproject.org/projects/tor/wiki/torbirdy#IsitsafetosubscribetoRSSfeedswithThunderbirdandTorBirdy now says “Is it safe to subscribe to RSS feeds with Thunderbird and TorBirdy? → Yes, RSS support was added in TorBirdy 0.2.0.”

To sum up, it seems that Liferea support in Tails is poorly integrated, unmaintained, buggy, unsafe by default and probably unused. The current state of Thunderbird support for feed reading in Tails is already better than that on all these counts.

So I propose:

  1. in Tails 3.5 (January 23) we wrap Liferea to display a “Liferea is going away, please migrate your feeds to Thunderbird”; not sure it’s worth documenting how to migrate feeds (export + import OPML)
  2. in Tails 3.6 (March 13) we stop shipping Liferea, drop it from the list of features, add feed reading to the list of Thunderbird features on doc/about/features, and close Feature #7626.

Then Feature #7625 can be repurposed into “Modify the description of the Thunderbird persistence setting to mention feeds” (not a blocker IMO).

#12 Updated by intrigeri 2017-12-09 11:19:08

  • Target version changed from Tails_3.5 to Tails_3.6

Added to the monthly meeting agenda. If we reach an agreement I’ll implement this for our next major release.

#13 Updated by intrigeri 2018-01-01 16:50:02

  • blocked by deleted (Feature #13244: Core work 2017Q4: Foundations Team)

#14 Updated by intrigeri 2018-01-01 16:50:35

#15 Updated by muri 2018-01-01 17:29:06

hi,

for the record: there was a security audit published by cure53 on thunderbird and enigmail a few weeks ago, commissioned by mozilla and posteo (a german email provider). the final result will be published when all the vulns are fixed, but a press release by posteo states:
> Im Audit wurden auch schwerwiegende Sicherheitsprobleme in Verbindung mit RSS-Feeds nachgewiesen, die voraussichtlich erst in Thunderbird Version 59 vollständig behoben sein werden. Die Angriffswege werden in diesem Beitrag aus Sicherheitsgründen nicht weiter beschrieben. Das Verwenden von RSS-Feeds in Thunderbird kann Ihre vertrauliche Kommunikation in Thunderbird sowie andere sensible Daten offenlegen und gefährden.

which (approximatly, sorry for the broken english) says: “In the audit security problems in connection with RSS-Feeds have been detected, which likely only will be fully fixed in thunderbird 59. the attack vector won’t be described in details because of security concerns. The usage of RSS-Feeds in thunderbird can reveal and endanger your confident communication in thunderbird as well as other sensitive information”

the press release also recommends:
> Nutzen Sie bis auf Weiteres keine RSS-Feeds in Thunderbird. Es liegen schwerwiegende Sicherheitsprobleme vor, die die Vertraulichkeit Ihrer (Ende-zu-Ende-verschlüsselten) Kommunikation gefährden.

which translates to: “Don’t use RSS-Feeds in thunderbird for now. There are serious security problems, which could endanger the confidentiality of your (end to end encrypted) communication.”

this is the link to the press release (in german, parts are translated): https://posteo.de/blog/sicherheits-warnung-f%C3%BCr-thunderbird-und-enigmail-nutzer-schwachstellen-gef%C3%A4hrden-vertraulichkeit-der-kommunikation

#16 Updated by intrigeri 2018-01-02 14:40:47

The “Kalender, RSS und andere Funktionen mit Rich-Text” wording suggests that the problems come with rich-text, so with the default Torbirdy settings (only the plaintext of RSS feeds is fetched and displayed) we should be safe. But there may be other, critical security problems with RSS feeds, so let’s be careful: even though it’s likely that Liferea is affected by similar problems (see e.g. Bug #9429), we’re not in a big hurry.

Let’s keep this topic on the monthly meeting agenda. I’m hereby amending my proposal that becomes:

  1. in Tails 3.5 (January 23) we wrap Liferea to display a “Liferea is going away, please migrate your feeds to Thunderbird”; not sure it’s worth documenting how to migrate feeds (export + import OPML)
  2. in the first Tails release that switches to the next Thunderbird ESR (likely 60), that will have the fixes this article mentions: we stop shipping Liferea, drop it from the list of features, add feed reading to the list of Thunderbird features on doc/about/features, and close Feature #7626.

#17 Updated by intrigeri 2018-01-04 06:41:14

  • Target version changed from Tails_3.6 to Tails_3.7
  • Type of work changed from Discuss to Code

During the 2018-01 meeting we decided:

  1. In the first Tails release that switches to the next Thunderbird ESR (likely 60), that will have the fixes the Posteo article mentions: we wrap Liferea to display “Liferea is going away, please migrate your feeds to Thunderbird”
  2. In the following (N+1) release or N+2, we remove Liferea, drop it from the list of features, add feed reading to the list of Thunderbird features on doc/about/features, and close Feature #7626.

#18 Updated by intrigeri 2018-01-04 06:41:52

#19 Updated by intrigeri 2018-01-04 06:41:56

  • blocked by deleted (Feature #13245: Core work 2018Q1: Foundations Team)

#20 Updated by intrigeri 2018-02-20 08:42:23

#21 Updated by intrigeri 2018-03-29 18:44:07

  • Target version changed from Tails_3.7 to Tails_3.8

I don’t think we’ll have Thunderbird ESR60 in Tails 3.7: Feature #15091#note-18.

#22 Updated by lamby 2018-05-28 14:37:26

  • Assignee changed from intrigeri to lamby
  • Estimated time set to 1 h

Self-assigning ticket during meeting on tails-meeting with nod from intrigeri. Adding 1 hour to estimate/max-time. See the prior art in unsafe-browser and electrum.

#23 Updated by intrigeri 2018-06-26 16:27:53

  • Target version changed from Tails_3.8 to Tails_3.9

#24 Updated by intrigeri 2018-06-28 14:30:07

  • blocked by deleted (Feature #15139: Core work 2018Q2: Foundations Team)

#25 Updated by intrigeri 2018-06-28 14:30:12

#26 Updated by lamby 2018-07-08 18:15:56

Patch attached. Can also be found using the 11082-deprecate-liferea branch on https://github.com/lamby/tails.

#27 Updated by intrigeri 2018-07-09 10:31:03

  • Status changed from Confirmed to In Progress
  • Feature Branch set to feature/11082-deprecate-liferea

Thank you!

I’ve:

  1. merged current devel into the topic branch (https://tails.boum.org/contribute/git/#branches)
  2. integrated the new wrapper into our translation system (commit:2bf9ab76848ec0e45f6afc0f2d3573d9a60ec6b1)

Code looks good. My only concerns are:

  • The wrapper does not apply to Liferea started via D-Bus activation: /usr/share/dbus-1/services/net.sourceforge.liferea.service has Exec=/usr/bin/torsocks /usr/bin/liferea --gapplication-service. If we don’t expose ways to trigger that to users, fine. If not, it’ll be a tiny bit more involved since we already patch the .service file in config/chroot_local-hooks/09-torsocks-apps. I’ll quickly check it.
  • The “Due to security concerns the Liferea RSS reader from a future […]” sentence is broken. I’ll ask our in-house GUI designer to tell us what the string should be.

#28 Updated by intrigeri 2018-07-09 11:28:18

  • Assignee changed from intrigeri to lamby
  • QA Check deleted (Ready for QA)

intrigeri wrote:
> * The wrapper does not apply to Liferea started via D-Bus activation: /usr/share/dbus-1/services/net.sourceforge.liferea.service has Exec=/usr/bin/torsocks /usr/bin/liferea --gapplication-service. If we don’t expose ways to trigger that to users, fine. If not, it’ll be a tiny bit more involved since we already patch the .service file in config/chroot_local-hooks/09-torsocks-apps. I’ll quickly check it.

Indeed, starting Liferea from the Applications menu or from the Activities Overview does not display the warning and the list of processes says /usr/bin/liferea --gapplication-service, so GNOME starts Liferea via the D-Bus service. I suspect you’ve tested your branch only by starting Liferea from a terminal and not in the way most users would start it :)

lamby, do you have budgetted time left to fix this? I think I would use a config/chroot_local-patches/ to s|/usr/bin/liferea|/usr/local/bin/liferea| and then let the unmodified config/chroot_local-hooks/09-torsocks-apps code handle the torsocks wrapping. It won’t be pretty but that’s a temporary wrapper anyway, it’ll get removed in Tails 3.11, so whatever works.

> * The “Due to security concerns the Liferea RSS reader from a future […]” sentence is broken. I’ll ask our in-house GUI designer to tell us what the string should be.

sajolida and I came up with a good string and I updated my branch to use it => case closed.

#29 Updated by lamby 2018-07-09 13:13:56

  • Assignee changed from lamby to intrigeri
  • QA Check set to Ready for QA

Fixed by cherry-picking https://github.com/lamby/tails/commit/61e9cb092377f174d57836523f68dceab948a539.diff

#30 Updated by intrigeri 2018-07-09 17:43:33

  • Assignee changed from intrigeri to lamby
  • QA Check changed from Ready for QA to Dev Needed

> Fixed by cherry-picking https://github.com/lamby/tails/commit/61e9cb092377f174d57836523f68dceab948a539.diff

I’ve merged your updated branch (that has this commit) into mine, built an ISO, started it, clicked Liferea in the applications menu, and nothing shows up except the “waiting” cursor. Looking closer:

$ /usr/bin/torsocks /usr/local/bin/liferea --gapplication-service
1531157610 WARNING torsocks[7735]: [syscall] Unsupported syscall number 217. Denying the call (in tsocks_syscall() at syscall.c:488)
Traceback (most recent call last):
File "/usr/local/bin/liferea", line 53, in <module>
sys.exit(main(*sys.argv[1:]))
TypeError: main() takes 0 positional arguments but 1 was given

Sorry I did not make the expectations clear previously, I’ll do it now: for such tasks, whose outcome is a specific user-visible change in a running Tails, I expect submitted branches have been tested as in “built an ISO, booted it, tested by acting as closely as possible to how a non-tech-savvy user would, and works as intended”. Unless of course we have an automatic test case precisely about the expected outcome, in which case passing the automated test can be sufficient. Let’s take this part of the work into account when we do time estimates in the future (usually, for such small things, the build+test part would add 5-30 minutes of focused work depending on how many iterations are needed, but for larger projects it may be much bigger). Deal? :)

#31 Updated by lamby 2018-07-09 18:10:22

  • Assignee changed from lamby to intrigeri
  • QA Check changed from Dev Needed to Ready for QA

Ick, urgh, blarghg, I’m really sorry for screwing up twice in one week and wasting your time here. This is pretty unprofessional of me and I can only apologise. I feel pretty crappy about this now… I had been “half” testing these changes on the command-line in a booted Tails instance and then copy-pasting scripts back and forth, rather than generating a new ISO and testing everything from scratch. Naturally, this can lead to errors, omissions or missed changes, as I have discovered when hacking on d-i..

I now plan on testing this properly (as you describe…) but I cannot this evening as I am about to head out. However, I do believe (and again, half-tested!) the fix is https://github.com/lamby/tails/commit/9d97257028f0bdecbcd33ab0a01eeefc10d27a5d.patch, or at least that is what I plan on testing first.

[Marking as “needing QA” but taking ticket back]

#32 Updated by lamby 2018-07-09 18:10:50

  • Assignee changed from intrigeri to lamby

#33 Updated by intrigeri 2018-07-09 18:39:05

> I feel pretty crappy about this now…

No worries! Shit happens and I totally trust your ability to learn from this small mistake :)

> I had been “half” testing these changes on the command-line in a booted Tails instance and then copy-pasting scripts back and forth, rather than generating a new ISO and testing everything from scratch.

Actually, many (most?) of us do that, it’s totally fine and I don’t see how we would survive otherwise: clearly the feedback loop is too long for such small changes when one has to build an ISO between every single hack/test iteration. And as you’ve discovered, one final ISO build + manual test of the branch is key to validating that what one is requesting a merge for is indeed what one has validated earlier by taking shortcuts. But I know for a fact that it’s very hard to self-enforce this discipline for things that look very simple like this, because what can possibly go wrong? :)

> I now plan on testing this properly (as you describe…) but I cannot this evening as I am about to head out. However, I do believe (and again, half-tested!) the fix is https://github.com/lamby/tails/commit/9d97257028f0bdecbcd33ab0a01eeefc10d27a5d.patch, or at least that is what I plan on testing first.

Great :)

#34 Updated by lamby 2018-07-10 11:43:11

(I won’t be able to do this today due to not having my charger and the image building will chew into my battery)

#35 Updated by intrigeri 2018-07-10 12:17:21

> (I won’t be able to do this today due to not having my charger and the image building will chew into my battery)

No worries, it can as well happen later as long as we can merge it by August 13 :)

#36 Updated by lamby 2018-07-15 11:36:45

Sorry for the delay but I had some fun getting my local Tails build environment up and running.

I’ve now tested this with my aforementioned patch:

Loading from the launcher:

Loading from the command-line:

Liferea loads successfully in all cases:

This was tails-amd64-11082-deprecate-liferea-3.9-20180715T0939Z-5b460c1796.iso.

Build log attached

#37 Updated by intrigeri 2018-07-22 01:49:18

  • Status changed from In Progress to Fix committed
  • Assignee deleted (intrigeri)
  • QA Check deleted (Ready for QA)

lamby wrote:
> Sorry for the delay but I had some fun getting my local Tails build environment up and running.
>
> I’ve now tested this with my aforementioned patch:

Code review passes, it seems to be the obvious fix and I trust your test results => merged into devel! Thanks.

#38 Updated by intrigeri 2018-07-22 01:52:35

#39 Updated by intrigeri 2018-07-22 01:55:03

  • Status changed from Fix committed to In Progress
  • Assignee set to intrigeri

I’ll track the next steps.

#40 Updated by intrigeri 2018-08-09 05:59:17

  • blocked by deleted (Feature #7625: Persistence preset: RSS feeds)

#41 Updated by intrigeri 2018-08-09 06:06:44

  • Target version changed from Tails_3.9 to Tails_3.11

The part of this that’s for 3.9 is well tracked in subtasks. Once that’s done, the only remaining thing will be Bug #15776 which is scheduled for 3.11.

#42 Updated by intrigeri 2018-08-18 09:11:17

  • Target version changed from Tails_3.11 to Tails_3.12

Let’s do this in a major release.

#43 Updated by Anonymous 2018-08-18 10:58:22

  • related to Bug #9989: Liferea freezes at startup added

#44 Updated by intrigeri 2018-08-21 09:05:31

  • blocked by deleted (Feature #15334: Core work 2018Q3: Foundations Team)

#45 Updated by intrigeri 2018-08-21 09:05:44

#46 Updated by intrigeri 2018-11-18 07:24:59

  • Assignee changed from intrigeri to segfault
  • QA Check set to Ready for QA

#47 Updated by segfault 2018-11-28 11:44:20

  • Status changed from In Progress to Fix committed
  • % Done changed from 78 to 100

Applied in changeset commit:tails|0af6e1aeae39b2d0c9d905cbb7d55ab73c48961c.

#48 Updated by segfault 2018-11-28 11:44:45

  • Assignee deleted (segfault)
  • QA Check changed from Ready for QA to Pass

#49 Updated by anonym 2019-01-30 11:48:27

  • Status changed from Fix committed to Resolved