[pkgsrc/trunk]: pkgsrc/security/tor-browser tor-browser: update to 9.0.9nb4.

To: source-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/security/tor-browser tor-browser: update to 9.0.9nb4.
From: wiz <wiz%pkgsrc.org@localhost>
Date: Fri, 01 May 2020 08:35:38 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/9993dd11d06e
branches:  trunk
changeset: 430491:9993dd11d06e
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Fri May 01 07:01:46 2020 +0000

description:
tor-browser: update to 9.0.9nb4.

Install and use the fonts distributed with the Linux binary of tor-browser.
Reduces fingerprinting possibilities based on installed fonts.

Idea from Caspar Schutijser, the OpenBSD ports maintainer, and
based on his patch for OpenBSD ports.

diffstat:

 security/tor-browser/Makefile                                             |  40 ++++++--
 security/tor-browser/PLIST                                                |  49 +++++++++-
 security/tor-browser/distinfo                                             |  10 +-
 security/tor-browser/files/tor-browser.sh                                 |   5 +
 security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js |  17 +++-
 security/tor-browser/patches/patch-toolkit_moz.configure                  |  16 ++-
 6 files changed, 119 insertions(+), 18 deletions(-)

diffs (258 lines):

diff -r 2f4cd51e5c54 -r 9993dd11d06e security/tor-browser/Makefile
--- a/security/tor-browser/Makefile     Fri May 01 07:00:16 2020 +0000
+++ b/security/tor-browser/Makefile     Fri May 01 07:01:46 2020 +0000
@@ -1,12 +1,14 @@
-# $NetBSD: Makefile,v 1.62 2020/04/30 07:52:39 wiz Exp $
+# $NetBSD: Makefile,v 1.63 2020/05/01 07:01:46 wiz Exp $
 
 DISTNAME=      src-firefox-tor-browser-68.7.0esr-9.0-2-build1
 PKGNAME=       tor-browser-9.0.9
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    security www
 MASTER_SITES=  https://dist.torproject.org/torbrowser/${PKGVERSION_NOREV}/
 EXTRACT_SUFX=  .tar.xz
-#DISTFILES=    ${DISTNAME}${EXTRACT_SUFX} src-tor-launcher-0.2.20.5${EXTRACT_SUFX}
+DISTFILES=     ${DISTNAME}${EXTRACT_SUFX}
+DISTFILES+=    tor-browser-linux64-${PKGVERSION_NOREV}_en-US${EXTRACT_SUFX}
+#DISTFILES+=   src-tor-launcher-0.2.20.5${EXTRACT_SUFX}
 
 MAINTAINER=    wiz%NetBSD.org@localhost
 HOMEPAGE=      https://www.torproject.org/projects/torbrowser.html.en
@@ -24,10 +26,12 @@
 # replace all patches with the one from the correspoding www/firefox${ESR_RELEASE}
 # BUT keep patch-xpcom_io_TorFileUtils.cpp
 # AND keep patch-browser_app_profile_000-tor-browser.js
+# AND the second chunk of patch-toolkit_moz.configure
 # (AND if necessary patch-.mozconfig)
 # make the patches apply
 #
 # when packaged up, read MESSAGE and test by visiting https://check.torproject.org
+# and https://panopticlick.eff.org
 
 # Remove hardcoded build directory.
 SUBST_CLASSES+=                        fix-build-dir
@@ -35,6 +39,12 @@
 SUBST_FILES.fix-build-dir+=    .mozconfig
 SUBST_SED.fix-build-dir+=      -e 's,mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@,,'
 
+SUBST_CLASSES+=                fonts
+SUBST_STAGE.fonts=     pre-configure
+SUBST_FILES.fonts+=    tor-browser_en-US/Browser/TorBrowser/Data/fontconfig/fonts.conf
+SUBST_SED.fonts+=      -e 's,<dir>fonts</dir>,<dir>${PREFIX}/lib/tor-browser/browser/fonts</dir>,'
+SUBST_MESSAGE.fonts=   Fixing path to bundled fonts directory.
+
 MOZILLA_DIR=   # empty
 
 .include "../../mk/bsd.prefs.mk"
@@ -79,6 +89,7 @@
 post-extract:
        mv ${WRKSRC}/gfx/ycbcr/yuv_row_arm.s ${WRKSRC}/gfx/ycbcr/yuv_row_arm.S
        ${CP} ${FILESDIR}/cubeb_sun.c ${WRKSRC}/media/libcubeb/src/cubeb_sun.c
+       mv ${WRKDIR}/tor-browser_en-US ${WRKSRC}
 #      mv ${WRKDIR}/tor-launcher* ${WRKSRC}/browser/extensions/tor-launcher
 
 pre-configure:
@@ -93,17 +104,26 @@
          -e 's|@FIREFOX_ICON@|${MOZILLA}.png|g'                        \
          < ${FILESDIR}/desktop.in                                      \
          > ${WRKDIR}/desktop
+       ${SED} -e 's|@PREFIX@|${PREFIX}|g'                              \
+         < ${FILESDIR}/tor-browser.sh                                  \
+         > ${WRKDIR}/tor-browser.sh
 
-INSTALLATION_DIRS+=    share/applications share/pixmaps
+INSTALLATION_DIRS+=    share/applications
+INSTALLATION_DIRS+=    share/pixmaps
+INSTALLATION_DIRS+=    ${PREFIX}/lib/tor-browser/browser/fontconfig
+INSTALLATION_DIRS+=    ${PREFIX}/lib/tor-browser/browser/fonts
+
 post-install:
-       ${ECHO} '#! /bin/sh' > ${DESTDIR}${PREFIX}/bin/${MOZILLA}
-       ${ECHO} '${PREFIX}/lib/tor-browser/tor-browser-bin "$$@"' >> \
-               ${DESTDIR}${PREFIX}/bin/${MOZILLA}
-       ${CHMOD} 755 ${DESTDIR}${PREFIX}/bin/${MOZILLA}
+       ${INSTALL_SCRIPT} ${WRKDIR}/tor-browser.sh \
+               ${DESTDIR}${PREFIX}/bin/tor-browser
        ${INSTALL_DATA} ${WRKDIR}/desktop                               \
-         ${DESTDIR}${PREFIX}/share/applications/${MOZILLA}.desktop
+               ${DESTDIR}${PREFIX}/share/applications/${MOZILLA}.desktop
        ${INSTALL_DATA} ${MOZILLA_ICON}                                 \
-         ${DESTDIR}${PREFIX}/share/pixmaps/${MOZILLA}.png
+               ${DESTDIR}${PREFIX}/share/pixmaps/${MOZILLA}.png
+       ${INSTALL_DATA} ${WRKSRC}/tor-browser_en-US/Browser/TorBrowser/Data/fontconfig/fonts.conf \
+               ${DESTDIR}${PREFIX}/lib/tor-browser/browser/fontconfig
+       ${INSTALL_DATA} ${WRKSRC}/tor-browser_en-US/Browser/fonts/* \
+               ${DESTDIR}${PREFIX}/lib/tor-browser/browser/fonts
 
 .include "../../sysutils/desktop-file-utils/desktopdb.mk"
 .include "../../sysutils/dbus-glib/buildlink3.mk"
diff -r 2f4cd51e5c54 -r 9993dd11d06e security/tor-browser/PLIST
--- a/security/tor-browser/PLIST        Fri May 01 07:00:16 2020 +0000
+++ b/security/tor-browser/PLIST        Fri May 01 07:01:46 2020 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2020/03/13 17:59:27 wiz Exp $
+@comment $NetBSD: PLIST,v 1.7 2020/05/01 07:01:46 wiz Exp $
 bin/tor-browser
 lib/tor-browser/actors/AudioPlaybackChild.jsm
 lib/tor-browser/actors/AutoplayChild.jsm
@@ -3960,6 +3960,53 @@
 lib/tor-browser/browser/features/onboarding%mozilla.org@localhost/en-US/locale/en-US/onboarding.properties
 lib/tor-browser/browser/features/onboarding%mozilla.org@localhost/manifest.json
 lib/tor-browser/browser/features/onboarding%mozilla.org@localhost/schema.json
+lib/tor-browser/browser/fontconfig/fonts.conf
+lib/tor-browser/browser/fonts/Arimo-Bold.ttf
+lib/tor-browser/browser/fonts/Arimo-BoldItalic.ttf
+lib/tor-browser/browser/fonts/Arimo-Italic.ttf
+lib/tor-browser/browser/fonts/Arimo-Regular.ttf
+lib/tor-browser/browser/fonts/Cousine-Regular.ttf
+lib/tor-browser/browser/fonts/NotoEmoji-Regular.ttf
+lib/tor-browser/browser/fonts/NotoNaskhArabic-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansArmenian-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansBengali-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansBuginese-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansCanadianAboriginal-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansCherokee-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansDevanagari-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansEthiopic-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansGeorgian-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansGujarati-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansGurmukhi-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansHebrew-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansJP-Regular.otf
+lib/tor-browser/browser/fonts/NotoSansKR-Regular.otf
+lib/tor-browser/browser/fonts/NotoSansKannada-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansKhmer-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansLao-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansMalayalam-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansMongolian-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansMyanmar-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansOriya-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansSC-Regular.otf
+lib/tor-browser/browser/fonts/NotoSansSinhala-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansTC-Regular.otf
+lib/tor-browser/browser/fonts/NotoSansTamil-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansTelugu-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansThaana-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansThai-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansTibetan-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansYi-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSerifArmenian-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSerifKhmer-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSerifLao-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSerifThai-Regular.ttf
+lib/tor-browser/browser/fonts/STIXMath-Regular.otf
+lib/tor-browser/browser/fonts/Tinos-Bold.ttf
+lib/tor-browser/browser/fonts/Tinos-BoldItalic.ttf
+lib/tor-browser/browser/fonts/Tinos-Italic.ttf
+lib/tor-browser/browser/fonts/Tinos-Regular.ttf
+lib/tor-browser/browser/fonts/TwemojiMozilla.ttf
 lib/tor-browser/browser/localization/en-US/branding/brand.ftl
 lib/tor-browser/browser/localization/en-US/browser/aboutConfig.ftl
 lib/tor-browser/browser/localization/en-US/browser/aboutDialog.ftl
diff -r 2f4cd51e5c54 -r 9993dd11d06e security/tor-browser/distinfo
--- a/security/tor-browser/distinfo     Fri May 01 07:00:16 2020 +0000
+++ b/security/tor-browser/distinfo     Fri May 01 07:01:46 2020 +0000
@@ -1,12 +1,16 @@
-$NetBSD: distinfo,v 1.18 2020/04/28 19:38:49 wiz Exp $
+$NetBSD: distinfo,v 1.19 2020/05/01 07:01:46 wiz Exp $
 
 SHA1 (src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) = c9be70c6cbbac9d73d1aee930703ea4d013725df
 RMD160 (src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) = 6289e342fa8e99c21098331d153beb6d88bc39b2
 SHA512 (src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) = 6cf582c1eb3092c1ecbef86c67040c89dc2c84f54805c52408b0c1051550fcff1af563e09e85ba9cd72a1a1e924b6643a812e9669676856a86e903e0063e5270
 Size (src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) = 348594032 bytes
+SHA1 (tor-browser-linux64-9.0.9_en-US.tar.xz) = 094d148a5df4efa979e2aaca5d88a6517469ebe6
+RMD160 (tor-browser-linux64-9.0.9_en-US.tar.xz) = b880eeecc748e6584672a761615fefccb07a7a5b
+SHA512 (tor-browser-linux64-9.0.9_en-US.tar.xz) = 72a6c080ad2d5237b20f00e82388373accd4866f19a713564823fe416bcaf41408ef774d6cb735db8c3f2766d2870655c85e6109e8ef32de8b1403fc9c63561d
+Size (tor-browser-linux64-9.0.9_en-US.tar.xz) = 80156396 bytes
 SHA1 (patch-.mozconfig) = 66fbb2f113091eee1f022cd656231f845b04b0f8
 SHA1 (patch-aa) = 9f7200c411cd2217a80ec10a276c8877bc6b845c
-SHA1 (patch-browser_app_profile_000-tor-browser.js) = 545cf6e80f061a6a58b429d2696046de4e34725f
+SHA1 (patch-browser_app_profile_000-tor-browser.js) = 84a0a15605fff0e22f3150bce901a296fc920280
 SHA1 (patch-browser_app_profile_firefox.js) = 076cc2892547bac07fe907533f4e821f13f5738e
 SHA1 (patch-dom_base_nsAttrName.h) = ac7ba441a3b27df2855cf2673eea36b1cb44ad49
 SHA1 (patch-dom_media_CubebUtils.cpp) = 3cd2c65ab281d802c56216565970450767a3fb24
@@ -34,7 +38,7 @@
 SHA1 (patch-toolkit_components_terminator_nsTerminator.cpp) = e5700d95302ef9672b404ab19e13ef7ba3ede5cf
 SHA1 (patch-toolkit_library_moz.build) = 57516a1cc888fdbaf39ba90f73e5de488ad1f01e
 SHA1 (patch-toolkit_modules_subprocess_subprocess__shared__unix.js) = 22a39e54e042ab2270a3cb54e4e307c8900cad12
-SHA1 (patch-toolkit_moz.configure) = 40ee147cc1d2c62dd6c83b3f67ce9e61f758ea57
+SHA1 (patch-toolkit_moz.configure) = 9f4edca09802f6d3adb517613e879dca8d2d65be
 SHA1 (patch-toolkit_mozapps_installer_packager.mk) = b2343fbad2556504dfd13601c02e6e2357c7d2bc
 SHA1 (patch-toolkit_xre_glxtest.cpp) = 04942938f45f326c7d5c4da3bf8cc2d09b977c69
 SHA1 (patch-xpcom_base_nscore.h) = 1ac4d34d3c9e80bc1ac966c6c84cb320bc0fa1ec
diff -r 2f4cd51e5c54 -r 9993dd11d06e security/tor-browser/files/tor-browser.sh
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/tor-browser/files/tor-browser.sh Fri May 01 07:01:46 2020 +0000
@@ -0,0 +1,5 @@
+#! /bin/sh
+export FONTCONFIG_PATH="@PREFIX@/lib/tor-browser/browser/fontconfig/"
+export FONTCONFIG_FILE="fonts.conf"
+
+exec @PREFIX@/lib/tor-browser/tor-browser-bin "$@"
diff -r 2f4cd51e5c54 -r 9993dd11d06e security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js
--- a/security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js Fri May 01 07:00:16 2020 +0000
+++ b/security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js Fri May 01 07:01:46 2020 +0000
@@ -1,4 +1,6 @@
-$NetBSD: patch-browser_app_profile_000-tor-browser.js,v 1.1 2020/04/28 19:38:49 wiz Exp $
+$NetBSD: patch-browser_app_profile_000-tor-browser.js,v 1.2 2020/05/01 07:01:46 wiz Exp $
+
+First chunk:
 
 Despite the warning at the top of this file, we change the default for the socks
 port in pkgsrc from 9150 to 9050.
@@ -9,6 +11,10 @@
 pkgsrc's tor-browser uses the system-wide installation of tor and thus should use
 its default port to minimize manual setup steps for the end users.
 
+
+Second chunk:
+Hardcode font list on all pkgsrc platforms to make it harder to fingerprint.
+
 --- browser/app/profile/000-tor-browser.js.orig        2020-04-04 03:09:31.000000000 +0000
 +++ browser/app/profile/000-tor-browser.js
 @@ -161,7 +161,7 @@ pref("network.predictor.enabled", false)
@@ -20,3 +26,12 @@
  pref("network.proxy.socks_remote_dns", true);
  pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local service vulns (#10419)
  pref("network.proxy.allow_hijacking_localhost", true); // Allow proxies for localhost (#31065)
+@@ -370,7 +370,7 @@ pref("font.name.sans-serif.ar", "Arial")
+ pref("font.system.whitelist", "Arial, Batang, 바탕, Cambria Math, Courier New, Euphemia, Gautami, Georgia, Gulim, 굴림, GulimChe, 굴림체, Iskoola Pota, Kalinga, Kartika, Latha, Lucida Console, MS Gothic, 
ＭＳ ゴシック, MS Mincho, ＭＳ 明朝, MS PGothic, ＭＳ Ｐゴシック, MS PMincho, ＭＳ Ｐ明朝, MV Boli, Malgun Gothic, Mangal, Meiryo, Meiryo UI, Microsoft Himalaya, Microsoft JhengHei, Microsoft JhengHei UI, Microsoft YaHei, 
微软雅黑, Microsoft YaHei UI, MingLiU, 細明體, Noto Sans Buginese, Noto Sans Khmer, Noto Sans Lao, Noto Sans Myanmar, Noto Sans Yi, Nyala, PMingLiU, 新細明體, Plantagenet Cherokee, Raavi, Segoe UI, Shruti, 
SimSun, 宋体, Sylfaen, Tahoma, Times New Roman, Tunga, Verdana, Vrinda, Yu Gothic UI");
+ #endif
+ 
+-#ifdef XP_LINUX
++#if 1
+ pref("font.default.lo", "Noto Sans Lao");
+ pref("font.default.my", "Noto Sans Myanmar");
+ pref("font.default.x-western", "sans-serif");
diff -r 2f4cd51e5c54 -r 9993dd11d06e security/tor-browser/patches/patch-toolkit_moz.configure
--- a/security/tor-browser/patches/patch-toolkit_moz.configure  Fri May 01 07:00:16 2020 +0000
+++ b/security/tor-browser/patches/patch-toolkit_moz.configure  Fri May 01 07:01:46 2020 +0000
@@ -1,10 +1,11 @@
-$NetBSD: patch-toolkit_moz.configure,v 1.2 2020/03/13 17:59:27 wiz Exp $
+$NetBSD: patch-toolkit_moz.configure,v 1.3 2020/05/01 07:01:46 wiz Exp $
 
 * skia part: support bigendian architectures
+* second chunk: use bundled fonts to reduce fingerprinting possibilities
 
---- toolkit/moz.configure.orig 2018-05-03 16:58:41.000000000 +0000
+--- toolkit/moz.configure.orig 2020-04-04 03:09:31.000000000 +0000
 +++ toolkit/moz.configure
-@@ -932,11 +932,11 @@ include('nss.configure')
+@@ -834,11 +834,11 @@ include('nss.configure')
  # ==============================================================
  option('--disable-skia', help='Disable use of Skia')
  
@@ -21,3 +22,12 @@
          return True
  
  set_config('MOZ_ENABLE_SKIA', skia)
+@@ -1318,7 +1318,7 @@ set_config('MOZ_BITS_DOWNLOAD',
+ 
+ @depends(target)
+ def bundled_fonts_default(target):
+-    return target.os == 'WINNT' or target.kernel == 'Linux'
++    return True
+ 
+ @depends(build_project)
+ def allow_bundled_fonts(project):
Prev by Date: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/tor-browser to 9.0.9nb4
Next by Date: [pkgsrc/trunk]: pkgsrc/www/aws www/aws: fix pkglint warnings
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/tor-browser to 9.0.9nb4
Next by Thread: [pkgsrc/trunk]: pkgsrc/www/aws www/aws: fix pkglint warnings
Indexes:
Home | Main Index | Thread Index | Old Index