OpenBSD Mail Box: Re: WIP: Tor Browser 10.0a6

On Sat, Aug 29, 2020 at 03:34:25AM -0000, Dimitri Karamazov wrote:
> The 9.5.4 already exists in the cvs, can you post a diff w.r.t to it?

Sorry about that and thanks for catching that. The diff below is
generated against an up-to-date tree.

Thanks,
Caspar Schutijser

Index: meta/tor-browser/Makefile
===================================================================
RCS file: /cvs/ports/meta/tor-browser/Makefile,v
retrieving revision 1.29
diff -u -p -r1.29 Makefile
--- meta/tor-browser/Makefile 26 Aug 2020 07:37:38 -0000 1.29
+++ meta/tor-browser/Makefile 29 Aug 2020 07:16:18 -0000
@@ -4,11 +4,11 @@ COMMENT= Tor Browser meta package

MAINTAINER= Caspar Schutijser <caspar@schutijser.com>

-PKGNAME= tor-browser-9.5.4
+PKGNAME= tor-browser-10.0a6
ONLY_FOR_ARCHS = amd64 i386

-RUN_DEPENDS= www/tor-browser/browser>=9.5.4 \
- www/tor-browser/noscript>=11.0.38 \
+RUN_DEPENDS= www/tor-browser/browser>=10.0a6 \
+ www/tor-browser/noscript>=11.0.39 \
www/tor-browser/https-everywhere>=2020.8.13 \
net/tor>=0.4.3.6

Index: www/tor-browser/Makefile.inc
===================================================================
RCS file: /cvs/ports/www/tor-browser/Makefile.inc,v
retrieving revision 1.29
diff -u -p -r1.29 Makefile.inc
--- www/tor-browser/Makefile.inc 26 Aug 2020 07:37:38 -0000 1.29
+++ www/tor-browser/Makefile.inc 29 Aug 2020 07:16:18 -0000
@@ -5,7 +5,7 @@ HOMEPAGE ?= https://www.torproject.org
PERMIT_PACKAGE ?= Yes
CATEGORIES = www
BROWSER_NAME = tor-browser
-TB_VERSION = 9.5.4
+TB_VERSION = 10.0a6
TB_PREFIX = tb

SUBST_VARS += BROWSER_NAME TB_VERSION
Index: www/tor-browser/browser/Makefile
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/Makefile,v
retrieving revision 1.49
diff -u -p -r1.49 Makefile
--- www/tor-browser/browser/Makefile 26 Aug 2020 07:37:38 -0000 1.49
+++ www/tor-browser/browser/Makefile 29 Aug 2020 07:16:18 -0000
@@ -3,28 +3,31 @@
# browser is a fork of ESR. It is a good idea to look at that
# Makefile when editing this one (ESR versions not always the same).

+# XXX sync README
+# XXX TB changelog mentions Go, what's that about?
+
COMMENT = modified version of Firefox ESR for browsing over Tor
ONLY_FOR_ARCHS = amd64 i386

MOZILLA_VERSION = ${TB_VERSION}
MOZILLA_PROJECT = ${BROWSER_NAME}
MOZILLA_CODENAME = browser
-TL_VERSION = 0.2.21.8
+TL_VERSION = 0.2.23

EXTRACT_SUFX = .tar.xz
PATCHORIG = .pat.orig

PKGNAME = ${TB_PREFIX}-browser-${TB_VERSION}
-DISTNAME = src-firefox-tor-browser-68.12.0esr-9.5-1-build1
+DISTNAME = src-firefox-tor-browser-78.2.0esr-10.0-1-build1

FIX_EXTRACT_PERMISSIONS = Yes
DISTFILES += ${DISTNAME}.tar.xz \
src-tor-launcher-${TL_VERSION}.tar.xz \
tor-browser-linux64-${TB_VERSION}_en-US.tar.xz

-SO_VERSION = 5.0
+SO_VERSION = 6.0
MOZILLA_LIBS = xul clearkey lgpllibs mozavcodec mozavutil mozgtk
-MOZILLA_LIBS += freebl3 nss3 nssckbi nssdbm3
+MOZILLA_LIBS += freebl3 nss3 nssckbi
MOZILLA_LIBS += nssutil3 smime3 softokn3 ssl3
MOZILLA_LIBS += nspr4 mozsqlite3 plc4 plds4

@@ -37,6 +40,7 @@ MASTER_SITES = https://dist.torproject.
MODULES = www/mozilla lang/python

MODPY_RUNDEP = No
+MODPY_VERSION = ${MODPY_DEFAULT_VERSION_3}

COMPILER = base-clang ports-clang
MODCLANG_ARCHS = amd64 i386
@@ -52,13 +56,12 @@ MOZILLA_USE_BUNDLED_HUNSPELL = Yes
# tor-browser needs built-in nss, sqlite
MOZILLA_USE_BUNDLED_NSPR = Yes
MOZILLA_USE_BUNDLED_NSS = Yes
+# #1611386
MOZILLA_USE_BUNDLED_SQLITE = Yes
-# 61 requires both versions of python
-BUILD_DEPENDS += lang/python/${MODPY_DEFAULT_VERSION_3}
# 63 requires node because why not #1483595
BUILD_DEPENDS += lang/node
# 63 requires cbindgen #1478813
-BUILD_DEPENDS += devel/cbindgen>=0.9.0
+BUILD_DEPENDS += devel/cbindgen>=0.14.3
.if (${MACHINE_ARCH}==amd64) || (${MACHINE_ARCH}==i386)
# 67 requires nasm for bundled libdav1d
BUILD_DEPENDS += devel/nasm
@@ -70,7 +73,7 @@ BUILD_DEPENDS += lang/rust
BUILD_DEPENDS += devel/llvm

# uses pledge()
-WANTLIB += X11-xcb Xcursor Xi intl xcb xcb-shm ${COMPILER_LIBCXX}
+WANTLIB += X11-xcb Xcursor Xi intl xcb xcb-shm harfbuzz ${COMPILER_LIBCXX}

# Regression tests are too hard to adapt to run here
NO_TEST = Yes
@@ -96,9 +99,14 @@ BUILD_DEPENDS += devel/py-virtualenv
RUN_DEPENDS += net/tor>=0.4.3.6

CONFIGURE_ARGS += --enable-release #1386371
-CONFIGURE_ARGS += --enable-sandbox --enable-content-sandbox
+CONFIGURE_ARGS += --enable-sandbox
CONFIGURE_ARGS += --with-libclang-path=${LOCALBASE}/lib
-CONFIGURE_ARGS += --with-clang-path=${LOCALBASE}/bin/clang
+
+# XXX badly formed debug in libxul ?
+DWZ = :
+#DEBUG_PACKAGES = ${BUILD_PACKAGES}
+DEBUG_CONFIGURE_ARGS += --enable-debug-symbols \
+ --disable-install-strip

post-extract:
mv ${WRKDIR}/tor-browser_en-US ${WRKSRC}
@@ -113,8 +121,6 @@ post-patch:
${SUBST_PROGRAM} ${FILESDIR}/configure ${WRKSRC}/configure
${SUBST_PROGRAM} ${FILESDIR}/configure ${WRKSRC}/js/src/configure
${SUBST_CMD} ${WRKSRC}/browser/extensions/tor-launcher/src/defaults/preferences/torlauncher-prefs.js
- sed -i 's/"files":{[^}]*}/"files":{}/' \
- ${WRKSRC}/third_party/rust/bindgen/.cargo-checksum.json
# Not using a patch for this; patch context would contain UTF-8
sed -i 's/#ifdef XP_LINUX/#if defined(XP_LINUX) || defined(XP_OPENBSD)/' \
${WRKSRC}/browser/app/profile/000-tor-browser.js
@@ -146,6 +152,7 @@ post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/applications/
${SUBST_DATA} ${FILESDIR}/${BROWSER_NAME}.desktop \
${PREFIX}/share/applications/${BROWSER_NAME}.desktop
+ # XXX this has been removed from firefox-esr
# install icon for desktop file
${INSTALL_DATA_DIR} ${PREFIX}/share/pixmaps/
${INSTALL_DATA} \
@@ -173,5 +180,9 @@ post-install:
rm ${PREFIX}/bin/${BROWSER_NAME}
${SUBST_PROGRAM} ${FILESDIR}/${BROWSER_NAME} \
${PREFIX}/bin/${BROWSER_NAME}
+
+.for f in unveil.content unveil.gpu unveil.main pledge.content pledge.gpu pledge.main
+ ${INSTALL_DATA} ${FILESDIR}/${f} ${BROWSER_DIR}/browser/defaults/preferences/
+.endfor

.include <bsd.port.mk>
Index: www/tor-browser/browser/distinfo
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/distinfo,v
retrieving revision 1.28
diff -u -p -r1.28 distinfo
--- www/tor-browser/browser/distinfo 26 Aug 2020 07:37:38 -0000 1.28
+++ www/tor-browser/browser/distinfo 29 Aug 2020 07:16:18 -0000
@@ -1,6 +1,6 @@
-SHA256 (mozilla/src-firefox-tor-browser-68.12.0esr-9.5-1-build1.tar.xz) = JJHvbajRiZQBZ4F/b2JBQF7COLXgBIYEjcjR3UR0+Q8=
-SHA256 (mozilla/src-tor-launcher-0.2.21.8.tar.xz) = v1cOZqTcpK1Ygxsw1GN+8Un5+8CMMuocvBE5iaZrVXg=
-SHA256 (mozilla/tor-browser-linux64-9.5.4_en-US.tar.xz) = XW2B2wTgqMU2w9XhPJNcUjGLrHykQIngMcG/fFTWb04=
-SIZE (mozilla/src-firefox-tor-browser-68.12.0esr-9.5-1-build1.tar.xz) = 348639116
-SIZE (mozilla/src-tor-launcher-0.2.21.8.tar.xz) = 214908
-SIZE (mozilla/tor-browser-linux64-9.5.4_en-US.tar.xz) = 79033640
+SHA256 (mozilla/src-firefox-tor-browser-78.2.0esr-10.0-1-build1.tar.xz) = 8BEA1MEnGSFvLteQ2Ce1nln6xxBcV0wTfCrAFQvBqtk=
+SHA256 (mozilla/src-tor-launcher-0.2.23.tar.xz) = TFKPsmwWqUoc1IObcocIeBet0oSt6upTJaWa4U/HfM8=
+SHA256 (mozilla/tor-browser-linux64-10.0a6_en-US.tar.xz) = cKRtZXvvuRZDJS2XZKOxk/w0Ghe6/7DdexhBbo+5GII=
+SIZE (mozilla/src-firefox-tor-browser-78.2.0esr-10.0-1-build1.tar.xz) = 364293728
+SIZE (mozilla/src-tor-launcher-0.2.23.tar.xz) = 214928
+SIZE (mozilla/tor-browser-linux64-10.0a6_en-US.tar.xz) = 86175472
Index: www/tor-browser/browser/files/all-openbsd.js
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/files/all-openbsd.js,v
retrieving revision 1.4
diff -u -p -r1.4 all-openbsd.js
--- www/tor-browser/browser/files/all-openbsd.js 16 Feb 2020 10:45:59 -0000 1.4
+++ www/tor-browser/browser/files/all-openbsd.js 29 Aug 2020 07:16:18 -0000
@@ -3,7 +3,3 @@
pref("spellchecker.dictionary_path", "${LOCALBASE}/share/mozilla-dicts/");
pref("general.config.filename", "tor-browser.cfg");
pref("general.config.obscure_value", 0);
-// enable pledging the content process
-pref("security.sandbox.content.level", 1);
-pref("security.sandbox.pledge.main","stdio rpath wpath cpath inet proc exec prot_exec flock ps sendfd recvfd dns vminfo tty drm unix fattr getpw mcast video");
-pref("security.sandbox.pledge.content","stdio rpath wpath cpath inet recvfd sendfd prot_exec unix drm ps");
Index: www/tor-browser/browser/files/pledge.content
===================================================================
RCS file: www/tor-browser/browser/files/pledge.content
diff -N www/tor-browser/browser/files/pledge.content
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/tor-browser/browser/files/pledge.content 29 Aug 2020 07:16:18 -0000
@@ -0,0 +1,14 @@
+# $OpenBSD: pledge.content,v 1.1 2020/07/28 14:21:48 landry Exp $
+stdio
+rpath
+wpath
+cpath
+recvfd
+sendfd
+prot_exec
+unix
+drm
+ps
+inet #dns.google does socket()
+# only needed if using NIS of the profile is located on a NFS share
+getpw
Index: www/tor-browser/browser/files/pledge.gpu
===================================================================
RCS file: www/tor-browser/browser/files/pledge.gpu
diff -N www/tor-browser/browser/files/pledge.gpu
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/tor-browser/browser/files/pledge.gpu 29 Aug 2020 07:16:18 -0000
@@ -0,0 +1,12 @@
+# $OpenBSD: pledge.gpu,v 1.1 2020/07/28 14:21:48 landry Exp $
+stdio
+rpath
+wpath
+cpath
+ps
+sendfd
+recvfd
+drm
+dns
+unix
+prot_exec
Index: www/tor-browser/browser/files/pledge.main
===================================================================
RCS file: www/tor-browser/browser/files/pledge.main
diff -N www/tor-browser/browser/files/pledge.main
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/tor-browser/browser/files/pledge.main 29 Aug 2020 07:16:18 -0000
@@ -0,0 +1,23 @@
+# $OpenBSD: pledge.main,v 1.1 2020/07/28 14:21:48 landry Exp $
+stdio
+rpath
+wpath
+cpath
+inet
+proc
+exec
+prot_exec
+flock
+ps
+sendfd
+recvfd
+dns
+vminfo
+tty
+drm
+unix
+fattr
+getpw
+mcast
+# only needed for WebRTC
+video
Index: www/tor-browser/browser/files/unveil.content
===================================================================
RCS file: www/tor-browser/browser/files/unveil.content
diff -N www/tor-browser/browser/files/unveil.content
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/tor-browser/browser/files/unveil.content 29 Aug 2020 07:16:18 -0000
@@ -0,0 +1,42 @@
+# $OpenBSD: unveil.content,v 1.1 2020/07/28 14:21:48 landry Exp $
+/dev/drm0 rw
+
+/etc/fonts r
+/etc/machine-id r
+/usr/local/lib r
+/usr/local/share r
+/usr/share/locale r
+/var/cache/fontconfig r
+/usr/X11R6/lib r
+/usr/X11R6/share r
+/var/run r
+
+~/.XCompose r
+~/.Xauthority r
+~/.Xdefaults r
+~/.fontconfig r
+~/.fonts r
+~/.fonts.conf r
+~/.fonts.conf.d r
+~/.icons r
+~/.pki rwc
+~/.sndio rwc
+~/.terminfo r
+
+~/TorBrowser-Data r
+~/Downloads r
+
+/tmp rwc
+
+$XDG_CONFIG_HOME/dconf rwc
+$XDG_CONFIG_HOME/fontconfig r
+$XDG_CONFIG_HOME/gtk-3.0 r
+$XDG_CONFIG_HOME/mimeapps.list r
+$XDG_CONFIG_HOME/user-dirs.dirs r
+$XDG_DATA_HOME/applications r
+$XDG_DATA_HOME/applnk r
+$XDG_DATA_HOME/fonts r
+$XDG_DATA_HOME/glib-2.0 r
+$XDG_DATA_HOME/icons r
+$XDG_DATA_HOME/mime r
+$XDG_DATA_HOME/themes r
Index: www/tor-browser/browser/files/unveil.gpu
===================================================================
RCS file: www/tor-browser/browser/files/unveil.gpu
diff -N www/tor-browser/browser/files/unveil.gpu
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/tor-browser/browser/files/unveil.gpu 29 Aug 2020 07:16:18 -0000
@@ -0,0 +1,12 @@
+# $OpenBSD: unveil.gpu,v 1.1 2020/07/28 14:21:48 landry Exp $
+/dev/drm0 rw
+
+/usr/local/lib/tor-browser r
+/usr/local/lib/gdk-pixbuf-2.0 r
+/usr/X11R6/lib r
+/usr/share/locale r
+/usr/local/share r
+
+/tmp rwc
+
+~/.Xauthority r
Index: www/tor-browser/browser/files/unveil.main
===================================================================
RCS file: www/tor-browser/browser/files/unveil.main
diff -N www/tor-browser/browser/files/unveil.main
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/tor-browser/browser/files/unveil.main 29 Aug 2020 07:16:18 -0000
@@ -0,0 +1,64 @@
+# $OpenBSD: unveil.main,v 1.1 2020/07/28 14:21:48 landry Exp $
+# for uuid generation?
+/dev/urandom r
+/dev/video rw
+/dev/video0 rw
+/dev/fido rw
+
+/etc/fonts r
+/etc/machine-id r
+
+/usr/local/lib r
+/usr/local/lib/tor-browser rx
+/usr/local/share r
+/usr/share/locale r
+/usr/share/zoneinfo r
+/var/cache/fontconfig r
+/usr/X11R6/lib r
+/usr/X11R6/share r
+/var/run r
+
+# printing
+/usr/bin/lpr rx
+
+# for launching registered 3rd party applications like pdf readers
+/etc/mailcap r
+~/.mailcap r
+~/.mime.types r
+
+~/.XCompose r
+~/.Xauthority r
+~/.Xdefaults r
+~/.fontconfig r
+~/.fonts r
+~/.fonts.conf r
+~/.fonts.conf.d r
+~/.icons r
+~/.pki rwc
+~/.sndio rwc
+~/.terminfo r
+
+~/TorBrowser-Data rwc
+~/Downloads rwc
+
+# for at least shm_open (for now)
+/tmp rwc
+
+# $XDG_CACHE_HOME, $XDG_CONFIG_HOME, and $XDG_DATA_HOME will expand to the
+# given variable if it exists in the environment, otherwise defaulting to
+# ~/.cache, ~/.config, and ~/.local/share
+$XDG_CACHE_HOME/dconf rwc
+$XDG_CACHE_HOME/thumbnails rwc
+$XDG_CONFIG_HOME/dconf rw
+$XDG_CONFIG_HOME/fontconfig r
+$XDG_CONFIG_HOME/gtk-3.0 r
+$XDG_CONFIG_HOME/mimeapps.list r
+$XDG_CONFIG_HOME/user-dirs.dirs r
+$XDG_DATA_HOME/applications rwc
+$XDG_DATA_HOME/applnk r
+$XDG_DATA_HOME/fonts r
+$XDG_DATA_HOME/glib-2.0 r
+$XDG_DATA_HOME/icons r
+$XDG_DATA_HOME/mime r
+$XDG_DATA_HOME/recently-used.xbel rwc
+$XDG_DATA_HOME/themes r
Index: www/tor-browser/browser/patches/patch-_mozconfig
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/patches/patch-_mozconfig,v
retrieving revision 1.6
diff -u -p -r1.6 patch-_mozconfig
--- www/tor-browser/browser/patches/patch-_mozconfig 13 Jun 2020 06:26:01 -0000 1.6
+++ www/tor-browser/browser/patches/patch-_mozconfig 29 Aug 2020 07:16:18 -0000
@@ -5,26 +5,14 @@ Disable the updater and related stuff.
Encrypted Media Extensions is not supported on OpenBSD. Apparently this also
means we can not pass --disable-eme to configure so comment that out.

+XXX --enable-verify-mar
+
Index: .mozconfig
--- .mozconfig.orig
+++ .mozconfig
-@@ -19,10 +19,10 @@ ac_add_options --enable-official-branding
- # Let's support GTK3 for ESR60
- ac_add_options --enable-default-toolkit=cairo-gtk3
-
--ac_add_options --disable-tor-launcher
-+#ac_add_options --disable-tor-launcher
- ac_add_options --disable-tor-browser-update
--ac_add_options --enable-signmar
--ac_add_options --enable-verify-mar
-+#ac_add_options --enable-signmar
-+#ac_add_options --enable-verify-mar
-
- ac_add_options --disable-strip
- ac_add_options --disable-install-strip
-@@ -31,10 +31,13 @@ ac_add_options --disable-debug
- ac_add_options --disable-crashreporter
+@@ -27,13 +27,16 @@ ac_add_options --disable-crashreporter
ac_add_options --disable-webrtc
+ ac_add_options --disable-parental-controls
# Let's make sure no preference is enabling either Adobe's or Google's CDM.
-ac_add_options --disable-eme
+#ac_add_options --disable-eme
@@ -33,8 +21,12 @@ Index: .mozconfig
# Disable telemetry
ac_add_options MOZ_TELEMETRY_REPORTING=

--ac_add_options --with-tor-browser-version=dev-build
+-ac_add_options --disable-tor-launcher
+# avoid 1.1GB libxul
+ac_add_options --disable-debug-symbols
+
+#ac_add_options --with-tor-browser-version=dev-build
+ ac_add_options --with-tor-browser-version=dev-build
+ ac_add_options --disable-tor-browser-update
+-ac_add_options --enable-verify-mar
++#ac_add_options --enable-verify-mar
Index: www/tor-browser/browser/patches/patch-browser_extensions_tor-launcher_src_components_tl-process_js
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/patches/patch-browser_extensions_tor-launcher_src_components_tl-process_js,v
retrieving revision 1.2
diff -u -p -r1.2 patch-browser_extensions_tor-launcher_src_components_tl-process_js
--- www/tor-browser/browser/patches/patch-browser_extensions_tor-launcher_src_components_tl-process_js 13 Jun 2020 06:26:01 -0000 1.2
+++ www/tor-browser/browser/patches/patch-browser_extensions_tor-launcher_src_components_tl-process_js 29 Aug 2020 07:16:18 -0000
@@ -6,7 +6,7 @@ the new getTorFile() deal with it.
Index: browser/extensions/tor-launcher/src/components/tl-process.js
--- browser/extensions/tor-launcher/src/components/tl-process.js.orig
+++ browser/extensions/tor-launcher/src/components/tl-process.js
-@@ -377,6 +377,8 @@ TorProcessService.prototype =
+@@ -393,6 +393,8 @@ TorProcessService.prototype =
var torrcFile = TorLauncherUtil.getTorFile("torrc", true);
var torrcDefaultsFile =
TorLauncherUtil.getTorFile("torrc-defaults", false);
@@ -15,7 +15,7 @@ Index: browser/extensions/tor-launcher/s
var hashedPassword = this.mProtocolSvc.TorGetPassword(true);
var controlIPCFile = this.mProtocolSvc.TorGetControlIPCFile();
var controlPort = this.mProtocolSvc.TorGetControlPort();
-@@ -404,19 +406,14 @@ TorProcessService.prototype =
+@@ -420,19 +422,14 @@ TorProcessService.prototype =
return;
}

Index: www/tor-browser/browser/patches/patch-config_makefiles_rust_mk
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/patches/patch-config_makefiles_rust_mk,v
retrieving revision 1.2
diff -u -p -r1.2 patch-config_makefiles_rust_mk
--- www/tor-browser/browser/patches/patch-config_makefiles_rust_mk 26 Aug 2020 07:37:39 -0000 1.2
+++ www/tor-browser/browser/patches/patch-config_makefiles_rust_mk 29 Aug 2020 07:16:18 -0000
@@ -1,15 +1,17 @@
-$OpenBSD: patch-config_makefiles_rust_mk,v 1.2 2020/08/26 07:37:39 landry Exp $
+$OpenBSD: patch-config_makefiles_rust_mk,v 1.3 2020/08/25 13:19:49 landry Exp $

+use lto=thin to reduce memory pressure when building gkrust
https://bugzilla.mozilla.org/show_bug.cgi?id=1644409

Index: config/makefiles/rust.mk
--- config/makefiles/rust.mk.orig
+++ config/makefiles/rust.mk
-@@ -48,6 +48,7 @@ ifndef DEVELOPER_OPTIONS
- ifndef MOZ_DEBUG_RUST
- # Enable link-time optimization for release builds.
- cargo_rustc_flags += -C lto
-+export CARGO_PROFILE_RELEASE_LTO=yes
+@@ -61,7 +61,7 @@ ifndef MOZ_DEBUG_RUST
+ # Enable link-time optimization for release builds, but not when linking
+ # gkrust_gtest.
+ ifeq (,$(findstring gkrust_gtest,$(RUST_LIBRARY_FILE)))
+-cargo_rustc_flags += -Clto
++cargo_rustc_flags += -Clto=thin
+ endif
# Versions of rust >= 1.45 need -Cembed-bitcode=yes for all crates when
# using -Clto.
- ifeq (,$(filter 1.22.% 1.23.% 1.24.% 1.25.% 1.26.% 1.27.% 1.28.% 1.29.% 1.30.% 1.31.% 1.32.% 1.33.% 1.34.% 1.35.% 1.36.% 1.37.% 1.38.% 1.39.% 1.40.% 1.41.% 1.42.% 1.43.% 1.44.%,$(RUSTC_VERSION)))
Index: www/tor-browser/browser/patches/patch-config_system-headers_mozbuild
===================================================================
RCS file: www/tor-browser/browser/patches/patch-config_system-headers_mozbuild
diff -N www/tor-browser/browser/patches/patch-config_system-headers_mozbuild
--- www/tor-browser/browser/patches/patch-config_system-headers_mozbuild 13 Feb 2020 07:41:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,27 +0,0 @@
-$OpenBSD: patch-config_system-headers_mozbuild,v 1.1 2020/02/13 07:41:53 landry Exp $
-
-https://hg.mozilla.org/mozilla-central/rev/d3885b9d42d3
-
-Index: config/system-headers.mozbuild
---- config/system-headers.mozbuild.orig
-+++ config/system-headers.mozbuild
-@@ -814,7 +814,6 @@ system_headers = [
- 'synch.h',
- 'syncmgr.h',
- 'sys/atomic_op.h',
-- 'sys/auxv.h',
- 'sys/bitypes.h',
- 'sys/byteorder.h',
- 'syscall.h',
-@@ -1345,6 +1344,11 @@ if CONFIG['MOZ_WAYLAND']:
- 'wayland-client.h',
- 'wayland-egl.h',
- 'wayland-util.h',
-+ ]
-+
-+if CONFIG['OS_TARGET'] in ('Android', 'Linux', 'FreeBSD'):
-+ system_headers += [
-+ 'sys/auxv.h',
- ]
-
- if CONFIG['OS_TARGET'] == 'Linux' and CONFIG['CPU_ARCH'].startswith('mips'):
Index: www/tor-browser/browser/patches/patch-dom_ipc_ContentChild_cpp
===================================================================
RCS file: www/tor-browser/browser/patches/patch-dom_ipc_ContentChild_cpp
diff -N www/tor-browser/browser/patches/patch-dom_ipc_ContentChild_cpp
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/tor-browser/browser/patches/patch-dom_ipc_ContentChild_cpp 29 Aug 2020 07:16:18 -0000
@@ -0,0 +1,30 @@
+$OpenBSD: patch-dom_ipc_ContentChild_cpp,v 1.1 2020/07/28 14:21:48 landry Exp $
+
+Do not unveil an already visible pledge file since that interferes with
+other unveils.
+
+cf https://bugzilla.mozilla.org/show_bug.cgi?id=1623086
+Index: dom/ipc/ContentChild.cpp
+--- dom/ipc/ContentChild.cpp.orig
++++ dom/ipc/ContentChild.cpp
+@@ -4414,8 +4414,18 @@ OpenBSDUnveilPaths(const nsACString& uPath, const nsAC
+ if (disabled) {
+ warnx("%s: disabled", PromiseFlatCString(uPath).get());
+ } else {
+- if (unveil(PromiseFlatCString(pledgePath).get(), "r") == -1) {
+- err(1, "unveil(%s, r) failed", PromiseFlatCString(pledgePath).get());
++ struct stat st;
++
++ // Only unveil the pledgePath file if it's not already unveiled, otherwise
++ // some containing directory will lose visibility.
++ if (stat(PromiseFlatCString(pledgePath).get(), &st) == -1) {
++ if (errno == ENOENT) {
++ if (unveil(PromiseFlatCString(pledgePath).get(), "r") == -1) {
++ err(1, "unveil(%s, r) failed", PromiseFlatCString(pledgePath).get());
++ }
++ } else {
++ err(1, "stat(%s)", PromiseFlatCString(pledgePath).get());
++ }
+ }
+ }
+
Index: www/tor-browser/browser/patches/patch-js_src_jit_ProcessExecutableMemory_cpp
===================================================================
RCS file: www/tor-browser/browser/patches/patch-js_src_jit_ProcessExecutableMemory_cpp
diff -N www/tor-browser/browser/patches/patch-js_src_jit_ProcessExecutableMemory_cpp
--- www/tor-browser/browser/patches/patch-js_src_jit_ProcessExecutableMemory_cpp 13 Feb 2020 07:41:53 -0000 1.4
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,29 +0,0 @@
-$OpenBSD: patch-js_src_jit_ProcessExecutableMemory_cpp,v 1.4 2020/02/13 07:41:53 landry Exp $
-
-Don't ComputeRandomAllocationAddress on OpenBSD
-https://bugzilla.mozilla.org/show_bug.cgi?id=1586912
-
-Index: js/src/jit/ProcessExecutableMemory.cpp
---- js/src/jit/ProcessExecutableMemory.cpp.orig
-+++ js/src/jit/ProcessExecutableMemory.cpp
-@@ -318,6 +318,12 @@ static void DecommitPages(void* addr, size_t bytes) {
- }
- #else // !XP_WIN
- static void* ComputeRandomAllocationAddress() {
-+#ifdef __OpenBSD__
-+ // OpenBSD already has random mmap and the idea that all x64 cpus
-+ // have 48-bit address space is not correct. Returning nullptr
-+ // allows OpenBSD do to the right thing.
-+ return nullptr;
-+#else
- uint64_t rand = js::GenerateRandomSeed();
-
- # ifdef HAVE_64BIT_BUILD
-@@ -337,6 +343,7 @@ static void* ComputeRandomAllocationAddress() {
- // Ensure page alignment.
- uintptr_t mask = ~uintptr_t(gc::SystemPageSize() - 1);
- return (void*)uintptr_t(rand & mask);
-+

OpenBSD Mail Box

Saturday, August 29, 2020

Re: WIP: Tor Browser 10.0a6

No comments:

Post a Comment