diff options
| author | David Lönnhager <david.l@mullvad.net> | 2020-03-17 13:57:17 +0100 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2020-03-17 13:57:17 +0100 |
| commit | d27c978a41da972d8ec1438b9f6cedf059c02771 (patch) | |
| tree | 14f5f6440f55402616d2a94e3679360415fa357f | |
| parent | 6dcc1295faa8165fb0fb02a8617fcb774c7ab507 (diff) | |
| parent | 8f59f04513fb7cca415fcfab0db6f5ac82d2fe75 (diff) | |
| download | mullvadvpn-d27c978a41da972d8ec1438b9f6cedf059c02771.tar.xz mullvadvpn-d27c978a41da972d8ec1438b9f6cedf059c02771.zip | |
Merge branch 'block-on-upgrade-2'
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | CHANGELOG.md | 5 | ||||
| -rwxr-xr-x | build.sh | 2 | ||||
| -rw-r--r-- | dist-assets/linux/before-install.sh | 1 | ||||
| -rw-r--r-- | dist-assets/linux/before-remove.sh | 5 | ||||
| -rwxr-xr-x | dist-assets/pkg-scripts/postinstall | 3 | ||||
| -rw-r--r-- | gui/tasks/distribution.js | 2 |
7 files changed, 18 insertions, 2 deletions
diff --git a/.gitignore b/.gitignore index 155556243c..0e50984ec3 100644 --- a/.gitignore +++ b/.gitignore @@ -14,6 +14,8 @@ /dist-assets/mullvad.exe /dist-assets/mullvad-daemon /dist-assets/mullvad-daemon.exe +/dist-assets/mullvad-setup +/dist-assets/mullvad-setup.exe /dist-assets/mullvad-problem-report /dist-assets/mullvad-problem-report.exe /dist-assets/libtalpid_openvpn_plugin.dylib diff --git a/CHANGELOG.md b/CHANGELOG.md index 68a2cd3bdd..5e1a4b04ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -61,11 +61,12 @@ Line wrap the file at 100 chars. Th blocked state. This only affected WireGuard. ### Security +- When upgrading or reinstalling while connected, exit the daemon in a blocking state to prevent + unintended leaks. This only affects upgrades from this release. + #### Windows - Fix issue in daemon where the `block_when_disconnected` setting was sometimes not honored when stopping the daemon. I.e. traffic could flow freely after the daemon was stopped. -- When upgrading or reinstalling while connected, exit the daemon in a blocking state to prevent - unintended leaks. This only affects upgrades from this release. ## [2020.3] - 2020-02-20 @@ -146,6 +146,7 @@ if [[ ("$(uname -s)" == "Darwin") ]]; then mullvad mullvad-problem-report libtalpid_openvpn_plugin.dylib + mullvad-setup ) elif [[ ("$(uname -s)" == "Linux") ]]; then binaries=( @@ -153,6 +154,7 @@ elif [[ ("$(uname -s)" == "Linux") ]]; then mullvad mullvad-problem-report libtalpid_openvpn_plugin.so + mullvad-setup ) elif [[ ("$(uname -s)" == "MINGW"*) ]]; then binaries=( diff --git a/dist-assets/linux/before-install.sh b/dist-assets/linux/before-install.sh index 71fe8ae5ab..b47c6ce24c 100644 --- a/dist-assets/linux/before-install.sh +++ b/dist-assets/linux/before-install.sh @@ -3,6 +3,7 @@ set -eu if which systemctl &> /dev/null; then if systemctl status mullvad-daemon &> /dev/null; then + /opt/Mullvad\ VPN/resources/mullvad-setup prepare-restart systemctl stop mullvad-daemon.service systemctl disable mullvad-daemon.service fi diff --git a/dist-assets/linux/before-remove.sh b/dist-assets/linux/before-remove.sh index 2cb0c9afcd..cb4b44bfa1 100644 --- a/dist-assets/linux/before-remove.sh +++ b/dist-assets/linux/before-remove.sh @@ -9,6 +9,11 @@ if [[ "$1" =~ $is_number_re ]] && [ $1 -gt 0 ]; then exit 0; fi +if [[ "$1" == "upgrade" ]]; then + echo not running + exit 0; +fi + if which systemctl &> /dev/null; then # the user might've disabled or stopped the service themselves already systemctl stop mullvad-daemon.service || true diff --git a/dist-assets/pkg-scripts/postinstall b/dist-assets/pkg-scripts/postinstall index 37dec02c09..51283fea35 100755 --- a/dist-assets/pkg-scripts/postinstall +++ b/dist-assets/pkg-scripts/postinstall @@ -48,8 +48,11 @@ DAEMON_PLIST=$(cat <<-EOM EOM ) +"$INSTALL_DIR/Mullvad VPN.app/Contents/Resources/mullvad-setup" prepare-restart || true + pkill -x "Mullvad VPN" || echo "Unable to kill GUI, not running?" sleep 1 + launchctl unload -w $DAEMON_PLIST_PATH echo "$DAEMON_PLIST" > $DAEMON_PLIST_PATH launchctl load -w $DAEMON_PLIST_PATH diff --git a/gui/tasks/distribution.js b/gui/tasks/distribution.js index 20a6dba119..16d99e91d7 100644 --- a/gui/tasks/distribution.js +++ b/gui/tasks/distribution.js @@ -48,6 +48,7 @@ const config = { { from: distAssets('mullvad'), to: '.' }, { from: distAssets('mullvad-problem-report'), to: '.' }, { from: distAssets('mullvad-daemon'), to: '.' }, + { from: distAssets('mullvad-setup'), to: '.' }, { from: distAssets('libtalpid_openvpn_plugin.dylib'), to: '.' }, { from: distAssets('binaries/x86_64-apple-darwin/openvpn'), to: '.' }, { from: distAssets('binaries/x86_64-apple-darwin/sslocal'), to: '.' }, @@ -105,6 +106,7 @@ const config = { extraResources: [ { from: distAssets('mullvad-problem-report'), to: '.' }, { from: distAssets('mullvad-daemon'), to: '.' }, + { from: distAssets('mullvad-setup'), to: '.' }, { from: distAssets('libtalpid_openvpn_plugin.so'), to: '.' }, { from: distAssets('binaries/x86_64-unknown-linux-gnu/openvpn'), to: '.' }, { from: distAssets('binaries/x86_64-unknown-linux-gnu/sslocal'), to: '.' }, |