Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/tor-browser tor-browser: update to 9.0.9nb4.
details: https://anonhg.NetBSD.org/pkgsrc/rev/9993dd11d06e
branches: trunk
changeset: 430491:9993dd11d06e
user: wiz <wiz%pkgsrc.org@localhost>
date: Fri May 01 07:01:46 2020 +0000
description:
tor-browser: update to 9.0.9nb4.
Install and use the fonts distributed with the Linux binary of tor-browser.
Reduces fingerprinting possibilities based on installed fonts.
Idea from Caspar Schutijser, the OpenBSD ports maintainer, and
based on his patch for OpenBSD ports.
diffstat:
security/tor-browser/Makefile | 40 ++++++--
security/tor-browser/PLIST | 49 +++++++++-
security/tor-browser/distinfo | 10 +-
security/tor-browser/files/tor-browser.sh | 5 +
security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js | 17 +++-
security/tor-browser/patches/patch-toolkit_moz.configure | 16 ++-
6 files changed, 119 insertions(+), 18 deletions(-)
diffs (258 lines):
diff -r 2f4cd51e5c54 -r 9993dd11d06e security/tor-browser/Makefile
--- a/security/tor-browser/Makefile Fri May 01 07:00:16 2020 +0000
+++ b/security/tor-browser/Makefile Fri May 01 07:01:46 2020 +0000
@@ -1,12 +1,14 @@
-# $NetBSD: Makefile,v 1.62 2020/04/30 07:52:39 wiz Exp $
+# $NetBSD: Makefile,v 1.63 2020/05/01 07:01:46 wiz Exp $
DISTNAME= src-firefox-tor-browser-68.7.0esr-9.0-2-build1
PKGNAME= tor-browser-9.0.9
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= security www
MASTER_SITES= https://dist.torproject.org/torbrowser/${PKGVERSION_NOREV}/
EXTRACT_SUFX= .tar.xz
-#DISTFILES= ${DISTNAME}${EXTRACT_SUFX} src-tor-launcher-0.2.20.5${EXTRACT_SUFX}
+DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
+DISTFILES+= tor-browser-linux64-${PKGVERSION_NOREV}_en-US${EXTRACT_SUFX}
+#DISTFILES+= src-tor-launcher-0.2.20.5${EXTRACT_SUFX}
MAINTAINER= wiz%NetBSD.org@localhost
HOMEPAGE= https://www.torproject.org/projects/torbrowser.html.en
@@ -24,10 +26,12 @@
# replace all patches with the one from the correspoding www/firefox${ESR_RELEASE}
# BUT keep patch-xpcom_io_TorFileUtils.cpp
# AND keep patch-browser_app_profile_000-tor-browser.js
+# AND the second chunk of patch-toolkit_moz.configure
# (AND if necessary patch-.mozconfig)
# make the patches apply
#
# when packaged up, read MESSAGE and test by visiting https://check.torproject.org
+# and https://panopticlick.eff.org
# Remove hardcoded build directory.
SUBST_CLASSES+= fix-build-dir
@@ -35,6 +39,12 @@
SUBST_FILES.fix-build-dir+= .mozconfig
SUBST_SED.fix-build-dir+= -e 's,mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@,,'
+SUBST_CLASSES+= fonts
+SUBST_STAGE.fonts= pre-configure
+SUBST_FILES.fonts+= tor-browser_en-US/Browser/TorBrowser/Data/fontconfig/fonts.conf
+SUBST_SED.fonts+= -e 's,<dir>fonts</dir>,<dir>${PREFIX}/lib/tor-browser/browser/fonts</dir>,'
+SUBST_MESSAGE.fonts= Fixing path to bundled fonts directory.
+
MOZILLA_DIR= # empty
.include "../../mk/bsd.prefs.mk"
@@ -79,6 +89,7 @@
post-extract:
mv ${WRKSRC}/gfx/ycbcr/yuv_row_arm.s ${WRKSRC}/gfx/ycbcr/yuv_row_arm.S
${CP} ${FILESDIR}/cubeb_sun.c ${WRKSRC}/media/libcubeb/src/cubeb_sun.c
+ mv ${WRKDIR}/tor-browser_en-US ${WRKSRC}
# mv ${WRKDIR}/tor-launcher* ${WRKSRC}/browser/extensions/tor-launcher
pre-configure:
@@ -93,17 +104,26 @@
-e 's|@FIREFOX_ICON@|${MOZILLA}.png|g' \
< ${FILESDIR}/desktop.in \
> ${WRKDIR}/desktop
+ ${SED} -e 's|@PREFIX@|${PREFIX}|g' \
+ < ${FILESDIR}/tor-browser.sh \
+ > ${WRKDIR}/tor-browser.sh
-INSTALLATION_DIRS+= share/applications share/pixmaps
+INSTALLATION_DIRS+= share/applications
+INSTALLATION_DIRS+= share/pixmaps
+INSTALLATION_DIRS+= ${PREFIX}/lib/tor-browser/browser/fontconfig
+INSTALLATION_DIRS+= ${PREFIX}/lib/tor-browser/browser/fonts
+
post-install:
- ${ECHO} '#! /bin/sh' > ${DESTDIR}${PREFIX}/bin/${MOZILLA}
- ${ECHO} '${PREFIX}/lib/tor-browser/tor-browser-bin "$$@"' >> \
- ${DESTDIR}${PREFIX}/bin/${MOZILLA}
- ${CHMOD} 755 ${DESTDIR}${PREFIX}/bin/${MOZILLA}
+ ${INSTALL_SCRIPT} ${WRKDIR}/tor-browser.sh \
+ ${DESTDIR}${PREFIX}/bin/tor-browser
${INSTALL_DATA} ${WRKDIR}/desktop \
- ${DESTDIR}${PREFIX}/share/applications/${MOZILLA}.desktop
+ ${DESTDIR}${PREFIX}/share/applications/${MOZILLA}.desktop
${INSTALL_DATA} ${MOZILLA_ICON} \
- ${DESTDIR}${PREFIX}/share/pixmaps/${MOZILLA}.png
+ ${DESTDIR}${PREFIX}/share/pixmaps/${MOZILLA}.png
+ ${INSTALL_DATA} ${WRKSRC}/tor-browser_en-US/Browser/TorBrowser/Data/fontconfig/fonts.conf \
+ ${DESTDIR}${PREFIX}/lib/tor-browser/browser/fontconfig
+ ${INSTALL_DATA} ${WRKSRC}/tor-browser_en-US/Browser/fonts/* \
+ ${DESTDIR}${PREFIX}/lib/tor-browser/browser/fonts
.include "../../sysutils/desktop-file-utils/desktopdb.mk"
.include "../../sysutils/dbus-glib/buildlink3.mk"
diff -r 2f4cd51e5c54 -r 9993dd11d06e security/tor-browser/PLIST
--- a/security/tor-browser/PLIST Fri May 01 07:00:16 2020 +0000
+++ b/security/tor-browser/PLIST Fri May 01 07:01:46 2020 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2020/03/13 17:59:27 wiz Exp $
+@comment $NetBSD: PLIST,v 1.7 2020/05/01 07:01:46 wiz Exp $
bin/tor-browser
lib/tor-browser/actors/AudioPlaybackChild.jsm
lib/tor-browser/actors/AutoplayChild.jsm
@@ -3960,6 +3960,53 @@
lib/tor-browser/browser/features/onboarding%mozilla.org@localhost/en-US/locale/en-US/onboarding.properties
lib/tor-browser/browser/features/onboarding%mozilla.org@localhost/manifest.json
lib/tor-browser/browser/features/onboarding%mozilla.org@localhost/schema.json
+lib/tor-browser/browser/fontconfig/fonts.conf
+lib/tor-browser/browser/fonts/Arimo-Bold.ttf
+lib/tor-browser/browser/fonts/Arimo-BoldItalic.ttf
+lib/tor-browser/browser/fonts/Arimo-Italic.ttf
+lib/tor-browser/browser/fonts/Arimo-Regular.ttf
+lib/tor-browser/browser/fonts/Cousine-Regular.ttf
+lib/tor-browser/browser/fonts/NotoEmoji-Regular.ttf
+lib/tor-browser/browser/fonts/NotoNaskhArabic-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansArmenian-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansBengali-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansBuginese-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansCanadianAboriginal-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansCherokee-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansDevanagari-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansEthiopic-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansGeorgian-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansGujarati-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansGurmukhi-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansHebrew-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansJP-Regular.otf
+lib/tor-browser/browser/fonts/NotoSansKR-Regular.otf
+lib/tor-browser/browser/fonts/NotoSansKannada-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansKhmer-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansLao-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansMalayalam-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansMongolian-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansMyanmar-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansOriya-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansSC-Regular.otf
+lib/tor-browser/browser/fonts/NotoSansSinhala-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansTC-Regular.otf
+lib/tor-browser/browser/fonts/NotoSansTamil-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansTelugu-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansThaana-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansThai-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansTibetan-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansYi-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSerifArmenian-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSerifKhmer-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSerifLao-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSerifThai-Regular.ttf
+lib/tor-browser/browser/fonts/STIXMath-Regular.otf
+lib/tor-browser/browser/fonts/Tinos-Bold.ttf
+lib/tor-browser/browser/fonts/Tinos-BoldItalic.ttf
+lib/tor-browser/browser/fonts/Tinos-Italic.ttf
+lib/tor-browser/browser/fonts/Tinos-Regular.ttf
+lib/tor-browser/browser/fonts/TwemojiMozilla.ttf
lib/tor-browser/browser/localization/en-US/branding/brand.ftl
lib/tor-browser/browser/localization/en-US/browser/aboutConfig.ftl
lib/tor-browser/browser/localization/en-US/browser/aboutDialog.ftl
diff -r 2f4cd51e5c54 -r 9993dd11d06e security/tor-browser/distinfo
--- a/security/tor-browser/distinfo Fri May 01 07:00:16 2020 +0000
+++ b/security/tor-browser/distinfo Fri May 01 07:01:46 2020 +0000
@@ -1,12 +1,16 @@
-$NetBSD: distinfo,v 1.18 2020/04/28 19:38:49 wiz Exp $
+$NetBSD: distinfo,v 1.19 2020/05/01 07:01:46 wiz Exp $
SHA1 (src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) = c9be70c6cbbac9d73d1aee930703ea4d013725df
RMD160 (src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) = 6289e342fa8e99c21098331d153beb6d88bc39b2
SHA512 (src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) = 6cf582c1eb3092c1ecbef86c67040c89dc2c84f54805c52408b0c1051550fcff1af563e09e85ba9cd72a1a1e924b6643a812e9669676856a86e903e0063e5270
Size (src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) = 348594032 bytes
+SHA1 (tor-browser-linux64-9.0.9_en-US.tar.xz) = 094d148a5df4efa979e2aaca5d88a6517469ebe6
+RMD160 (tor-browser-linux64-9.0.9_en-US.tar.xz) = b880eeecc748e6584672a761615fefccb07a7a5b
+SHA512 (tor-browser-linux64-9.0.9_en-US.tar.xz) = 72a6c080ad2d5237b20f00e82388373accd4866f19a713564823fe416bcaf41408ef774d6cb735db8c3f2766d2870655c85e6109e8ef32de8b1403fc9c63561d
+Size (tor-browser-linux64-9.0.9_en-US.tar.xz) = 80156396 bytes
SHA1 (patch-.mozconfig) = 66fbb2f113091eee1f022cd656231f845b04b0f8
SHA1 (patch-aa) = 9f7200c411cd2217a80ec10a276c8877bc6b845c
-SHA1 (patch-browser_app_profile_000-tor-browser.js) = 545cf6e80f061a6a58b429d2696046de4e34725f
+SHA1 (patch-browser_app_profile_000-tor-browser.js) = 84a0a15605fff0e22f3150bce901a296fc920280
SHA1 (patch-browser_app_profile_firefox.js) = 076cc2892547bac07fe907533f4e821f13f5738e
SHA1 (patch-dom_base_nsAttrName.h) = ac7ba441a3b27df2855cf2673eea36b1cb44ad49
SHA1 (patch-dom_media_CubebUtils.cpp) = 3cd2c65ab281d802c56216565970450767a3fb24
@@ -34,7 +38,7 @@
SHA1 (patch-toolkit_components_terminator_nsTerminator.cpp) = e5700d95302ef9672b404ab19e13ef7ba3ede5cf
SHA1 (patch-toolkit_library_moz.build) = 57516a1cc888fdbaf39ba90f73e5de488ad1f01e
SHA1 (patch-toolkit_modules_subprocess_subprocess__shared__unix.js) = 22a39e54e042ab2270a3cb54e4e307c8900cad12
-SHA1 (patch-toolkit_moz.configure) = 40ee147cc1d2c62dd6c83b3f67ce9e61f758ea57
+SHA1 (patch-toolkit_moz.configure) = 9f4edca09802f6d3adb517613e879dca8d2d65be
SHA1 (patch-toolkit_mozapps_installer_packager.mk) = b2343fbad2556504dfd13601c02e6e2357c7d2bc
SHA1 (patch-toolkit_xre_glxtest.cpp) = 04942938f45f326c7d5c4da3bf8cc2d09b977c69
SHA1 (patch-xpcom_base_nscore.h) = 1ac4d34d3c9e80bc1ac966c6c84cb320bc0fa1ec
diff -r 2f4cd51e5c54 -r 9993dd11d06e security/tor-browser/files/tor-browser.sh
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/tor-browser/files/tor-browser.sh Fri May 01 07:01:46 2020 +0000
@@ -0,0 +1,5 @@
+#! /bin/sh
+export FONTCONFIG_PATH="@PREFIX@/lib/tor-browser/browser/fontconfig/"
+export FONTCONFIG_FILE="fonts.conf"
+
+exec @PREFIX@/lib/tor-browser/tor-browser-bin "$@"
diff -r 2f4cd51e5c54 -r 9993dd11d06e security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js
--- a/security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js Fri May 01 07:00:16 2020 +0000
+++ b/security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js Fri May 01 07:01:46 2020 +0000
@@ -1,4 +1,6 @@
-$NetBSD: patch-browser_app_profile_000-tor-browser.js,v 1.1 2020/04/28 19:38:49 wiz Exp $
+$NetBSD: patch-browser_app_profile_000-tor-browser.js,v 1.2 2020/05/01 07:01:46 wiz Exp $
+
+First chunk:
Despite the warning at the top of this file, we change the default for the socks
port in pkgsrc from 9150 to 9050.
@@ -9,6 +11,10 @@
pkgsrc's tor-browser uses the system-wide installation of tor and thus should use
its default port to minimize manual setup steps for the end users.
+
+Second chunk:
+Hardcode font list on all pkgsrc platforms to make it harder to fingerprint.
+
--- browser/app/profile/000-tor-browser.js.orig 2020-04-04 03:09:31.000000000 +0000
+++ browser/app/profile/000-tor-browser.js
@@ -161,7 +161,7 @@ pref("network.predictor.enabled", false)
@@ -20,3 +26,12 @@
pref("network.proxy.socks_remote_dns", true);
pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local service vulns (#10419)
pref("network.proxy.allow_hijacking_localhost", true); // Allow proxies for localhost (#31065)
+@@ -370,7 +370,7 @@ pref("font.name.sans-serif.ar", "Arial")
+ pref("font.system.whitelist", "Arial, Batang, 바탕, Cambria Math, Courier New, Euphemia, Gautami, Georgia, Gulim, 굴림, GulimChe, 굴림체, Iskoola Pota, Kalinga, Kartika, Latha, Lucida Console, MS Gothic,
MS ゴシック, MS Mincho, MS 明朝, MS PGothic, MS Pゴシック, MS PMincho, MS P明朝, MV Boli, Malgun Gothic, Mangal, Meiryo, Meiryo UI, Microsoft Himalaya, Microsoft JhengHei, Microsoft JhengHei UI, Microsoft YaHei,
微软雅黑, Microsoft YaHei UI, MingLiU, 細明體, Noto Sans Buginese, Noto Sans Khmer, Noto Sans Lao, Noto Sans Myanmar, Noto Sans Yi, Nyala, PMingLiU, 新細明體, Plantagenet Cherokee, Raavi, Segoe UI, Shruti,
SimSun, 宋体, Sylfaen, Tahoma, Times New Roman, Tunga, Verdana, Vrinda, Yu Gothic UI");
+ #endif
+
+-#ifdef XP_LINUX
++#if 1
+ pref("font.default.lo", "Noto Sans Lao");
+ pref("font.default.my", "Noto Sans Myanmar");
+ pref("font.default.x-western", "sans-serif");
diff -r 2f4cd51e5c54 -r 9993dd11d06e security/tor-browser/patches/patch-toolkit_moz.configure
--- a/security/tor-browser/patches/patch-toolkit_moz.configure Fri May 01 07:00:16 2020 +0000
+++ b/security/tor-browser/patches/patch-toolkit_moz.configure Fri May 01 07:01:46 2020 +0000
@@ -1,10 +1,11 @@
-$NetBSD: patch-toolkit_moz.configure,v 1.2 2020/03/13 17:59:27 wiz Exp $
+$NetBSD: patch-toolkit_moz.configure,v 1.3 2020/05/01 07:01:46 wiz Exp $
* skia part: support bigendian architectures
+* second chunk: use bundled fonts to reduce fingerprinting possibilities
---- toolkit/moz.configure.orig 2018-05-03 16:58:41.000000000 +0000
+--- toolkit/moz.configure.orig 2020-04-04 03:09:31.000000000 +0000
+++ toolkit/moz.configure
-@@ -932,11 +932,11 @@ include('nss.configure')
+@@ -834,11 +834,11 @@ include('nss.configure')
# ==============================================================
option('--disable-skia', help='Disable use of Skia')
@@ -21,3 +22,12 @@
return True
set_config('MOZ_ENABLE_SKIA', skia)
+@@ -1318,7 +1318,7 @@ set_config('MOZ_BITS_DOWNLOAD',
+
+ @depends(target)
+ def bundled_fonts_default(target):
+- return target.os == 'WINNT' or target.kernel == 'Linux'
++ return True
+
+ @depends(build_project)
+ def allow_bundled_fonts(project):
Home |
Main Index |
Thread Index |
Old Index