OpenBSD Mail Box: UPDATE: Tor Browser 10.0

Hi,

I saw the email about the preparation for OpenBSD 6.8. Maybe it's not
appropriate to commit this at this time but I wanted to send out the
diff anyway so that interested users can run this, at least. Besides
being a new major version, it includes security updates to Firefox.

The below patch updates Tor Browser to 10.0. Read
https://blog.torproject.org/new-release-tor-browser-100 for more
info. Tested on amd64.

This is a pretty big update as Tor Browser 10.0 is based on the new
branch of Firefox ESR, i.e., 78. That also means that Tor Browser gains
unveil(2) support.

Compared to 10.0a6 (the WIP diff I sent out for that alpha release),
the biggest difference is that upstream changed how the HTTPS Everywhere
extension is included. The addon is now put into the omni.ja file.
See the release notes for more information. This means that the port
for HTTPS Everywhere can be removed. I'll send a diff for that at some
later point.

In this diff, I update noscript to 11.0.46 rather than 11.0.44, which
is the version that upstream uses. The reason is that I cannot seem to
download the distfile for 11.0.44 and I don't think it really matters.

Thanks,
Caspar Schutijser

Index: meta/tor-browser/Makefile
===================================================================
RCS file: /cvs/ports/meta/tor-browser/Makefile,v
retrieving revision 1.29
diff -u -p -r1.29 Makefile
--- meta/tor-browser/Makefile 26 Aug 2020 07:37:38 -0000 1.29
+++ meta/tor-browser/Makefile 26 Sep 2020 09:07:26 -0000
@@ -4,12 +4,11 @@ COMMENT= Tor Browser meta package

MAINTAINER= Caspar Schutijser <caspar@schutijser.com>

-PKGNAME= tor-browser-9.5.4
+PKGNAME= tor-browser-10.0
ONLY_FOR_ARCHS = amd64 i386

-RUN_DEPENDS= www/tor-browser/browser>=9.5.4 \
- www/tor-browser/noscript>=11.0.38 \
- www/tor-browser/https-everywhere>=2020.8.13 \
+RUN_DEPENDS= www/tor-browser/browser>=10.0 \
+ www/tor-browser/noscript>=11.0.46 \
net/tor>=0.4.3.6

.include <bsd.port.mk>
Index: meta/tor-browser/pkg/README
===================================================================
RCS file: /cvs/ports/meta/tor-browser/pkg/README,v
retrieving revision 1.5
diff -u -p -r1.5 README
--- meta/tor-browser/pkg/README 13 Jun 2020 06:26:01 -0000 1.5
+++ meta/tor-browser/pkg/README 26 Sep 2020 09:07:26 -0000
@@ -44,4 +44,4 @@ worth reading:
https://2019.www.torproject.org/docs/pluggable-transports.html.en

For more information about Tor Browser and the Tor anonymity network
-in general please visit http://www.torproject.org
+in general please visit https://www.torproject.org
Index: www/tor-browser/Makefile.inc
===================================================================
RCS file: /cvs/ports/www/tor-browser/Makefile.inc,v
retrieving revision 1.29
diff -u -p -r1.29 Makefile.inc
--- www/tor-browser/Makefile.inc 26 Aug 2020 07:37:38 -0000 1.29
+++ www/tor-browser/Makefile.inc 26 Sep 2020 09:07:26 -0000
@@ -5,7 +5,7 @@ HOMEPAGE ?= https://www.torproject.org
PERMIT_PACKAGE ?= Yes
CATEGORIES = www
BROWSER_NAME = tor-browser
-TB_VERSION = 9.5.4
+TB_VERSION = 10.0
TB_PREFIX = tb

SUBST_VARS += BROWSER_NAME TB_VERSION
@@ -13,13 +13,13 @@ SUBST_VARS += BROWSER_NAME TB_VERSION
ADDON_NAME ?=
.if !empty(ADDON_NAME)
# Everything in this .if (most of the file) is for add-ons like
-# torbutton, tor-launcher, ... tor-browser does its own thing.
+# noscript, ... tor-browser does its own thing.
. if !defined(GUID)
ERRORS += "GUID missing: please set a GUID for ${ADDON_NAME}"
. endif

# This should be set to Yes if the distfile for the addon is the .xpi
-# file itself (noscript, https-everywhere)
+# file itself (noscript)
DISTFILE_IS_XPI ?= No

TB_NAME ?= ${ADDON_NAME}-${V}
@@ -36,7 +36,7 @@ BUILD_DEPENDS += archivers/zip archivers
RUN_DEPENDS += www/tor-browser/browser

EXTDIR_ROOT ?= lib/${BROWSER_NAME}
-REAL_EXTDIR ?= ${PREFIX}/${EXTDIR_ROOT}/browser/extensions
+REAL_EXTDIR ?= ${PREFIX}/${EXTDIR_ROOT}/distribution/extensions

SUBST_VARS += EXTDIR_ROOT GUID

Index: www/tor-browser/browser/Makefile
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/Makefile,v
retrieving revision 1.49
diff -u -p -r1.49 Makefile
--- www/tor-browser/browser/Makefile 26 Aug 2020 07:37:38 -0000 1.49
+++ www/tor-browser/browser/Makefile 26 Sep 2020 09:07:26 -0000
@@ -9,34 +9,39 @@ ONLY_FOR_ARCHS = amd64 i386
MOZILLA_VERSION = ${TB_VERSION}
MOZILLA_PROJECT = ${BROWSER_NAME}
MOZILLA_CODENAME = browser
-TL_VERSION = 0.2.21.8
+TL_VERSION = 0.2.25
+HE_VERSION = 2020.8.13

EXTRACT_SUFX = .tar.xz
PATCHORIG = .pat.orig

PKGNAME = ${TB_PREFIX}-browser-${TB_VERSION}
-DISTNAME = src-firefox-tor-browser-68.12.0esr-9.5-1-build1
+DISTNAME = src-firefox-tor-browser-78.3.0esr-10.0-2-build2

FIX_EXTRACT_PERMISSIONS = Yes
-DISTFILES += ${DISTNAME}.tar.xz \
+EXTRACT_ONLY += ${DISTNAME}.tar.xz \
src-tor-launcher-${TL_VERSION}.tar.xz \
tor-browser-linux64-${TB_VERSION}_en-US.tar.xz
+DISTFILES = ${EXTRACT_ONLY} \
+ https-everywhere-${HE_VERSION}-eff.xpi:0

-SO_VERSION = 5.0
+SO_VERSION = 6.0
MOZILLA_LIBS = xul clearkey lgpllibs mozavcodec mozavutil mozgtk
-MOZILLA_LIBS += freebl3 nss3 nssckbi nssdbm3
+MOZILLA_LIBS += freebl3 nss3 nssckbi
MOZILLA_LIBS += nssutil3 smime3 softokn3 ssl3
MOZILLA_LIBS += nspr4 mozsqlite3 plc4 plds4

-# mozilla public license
+# mozilla public license for the browser; GPLv2+ for HTTPS Everywhere
PERMIT_PACKAGE= Yes

MASTER_SITES = https://dist.torproject.org/torbrowser/${TB_VERSION}/ \
https://temp.schutijser.com/~caspar/tor-browser/
+MASTER_SITES0 = https://www.eff.org/files/

MODULES = www/mozilla lang/python

MODPY_RUNDEP = No
+MODPY_VERSION = ${MODPY_DEFAULT_VERSION_3}

COMPILER = base-clang ports-clang
MODCLANG_ARCHS = amd64 i386
@@ -52,13 +57,12 @@ MOZILLA_USE_BUNDLED_HUNSPELL = Yes
# tor-browser needs built-in nss, sqlite
MOZILLA_USE_BUNDLED_NSPR = Yes
MOZILLA_USE_BUNDLED_NSS = Yes
+# #1611386
MOZILLA_USE_BUNDLED_SQLITE = Yes
-# 61 requires both versions of python
-BUILD_DEPENDS += lang/python/${MODPY_DEFAULT_VERSION_3}
# 63 requires node because why not #1483595
BUILD_DEPENDS += lang/node
# 63 requires cbindgen #1478813
-BUILD_DEPENDS += devel/cbindgen>=0.9.0
+BUILD_DEPENDS += devel/cbindgen>=0.14.3
.if (${MACHINE_ARCH}==amd64) || (${MACHINE_ARCH}==i386)
# 67 requires nasm for bundled libdav1d
BUILD_DEPENDS += devel/nasm
@@ -70,7 +74,7 @@ BUILD_DEPENDS += lang/rust
BUILD_DEPENDS += devel/llvm

# uses pledge()
-WANTLIB += X11-xcb Xcursor Xi intl xcb xcb-shm ${COMPILER_LIBCXX}
+WANTLIB += X11-xcb Xcursor Xi intl xcb xcb-shm harfbuzz ${COMPILER_LIBCXX}

# Regression tests are too hard to adapt to run here
NO_TEST = Yes
@@ -93,12 +97,19 @@ MAKE_ENV += BUILD_OPT=1 \
XCFLAGS="-I${LOCALBASE}/include ${CFLAGS}"
BUILD_DEPENDS += devel/py-virtualenv

+BUILD_DEPENDS += archivers/unzip archivers/zip
+
RUN_DEPENDS += net/tor>=0.4.3.6

CONFIGURE_ARGS += --enable-release #1386371
-CONFIGURE_ARGS += --enable-sandbox --enable-content-sandbox
+CONFIGURE_ARGS += --enable-sandbox
CONFIGURE_ARGS += --with-libclang-path=${LOCALBASE}/lib
-CONFIGURE_ARGS += --with-clang-path=${LOCALBASE}/bin/clang
+
+# XXX badly formed debug in libxul ?
+DWZ = :
+#DEBUG_PACKAGES = ${BUILD_PACKAGES}
+DEBUG_CONFIGURE_ARGS += --enable-debug-symbols \
+ --disable-install-strip

post-extract:
mv ${WRKDIR}/tor-browser_en-US ${WRKSRC}
@@ -113,8 +124,6 @@ post-patch:
${SUBST_PROGRAM} ${FILESDIR}/configure ${WRKSRC}/configure
${SUBST_PROGRAM} ${FILESDIR}/configure ${WRKSRC}/js/src/configure
${SUBST_CMD} ${WRKSRC}/browser/extensions/tor-launcher/src/defaults/preferences/torlauncher-prefs.js
- sed -i 's/"files":{[^}]*}/"files":{}/' \
- ${WRKSRC}/third_party/rust/bindgen/.cargo-checksum.json
# Not using a patch for this; patch context would contain UTF-8
sed -i 's/#ifdef XP_LINUX/#if defined(XP_LINUX) || defined(XP_OPENBSD)/' \
${WRKSRC}/browser/app/profile/000-tor-browser.js
@@ -146,11 +155,6 @@ post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/applications/
${SUBST_DATA} ${FILESDIR}/${BROWSER_NAME}.desktop \
${PREFIX}/share/applications/${BROWSER_NAME}.desktop
- # install icon for desktop file
- ${INSTALL_DATA_DIR} ${PREFIX}/share/pixmaps/
- ${INSTALL_DATA} \
- ${BROWSER_DIR}/browser/chrome/icons/default/default128.png \
- ${PREFIX}/share/pixmaps/${BROWSER_NAME}.png
# link default48.png to default.png to be used by default
# by non-icccm compliant wm
ln -f ${BROWSER_DIR}/browser/chrome/icons/default/default{48,}.png
@@ -169,9 +173,19 @@ post-install:
cp ${WRKSRC}/tor-browser_en-US/Browser/fonts/* \
${BROWSER_DIR}/browser/fonts

+ # Include HTTPS Everywhere in omni.ja
+ mkdir -p ${WRKSRC}/https-everywhere/chrome/torbutton/content/extensions/https-everywhere/
+ unzip ${FULLDISTDIR}/https-everywhere-${HE_VERSION}-eff.xpi \
+ -d ${WRKSRC}/https-everywhere/chrome/torbutton/content/extensions/https-everywhere/
+ cd ${WRKSRC}/https-everywhere && find chrome/ | zip -X -@ ${BROWSER_DIR}/omni.ja
+
# install wrapper script (remove symlink first)
rm ${PREFIX}/bin/${BROWSER_NAME}
${SUBST_PROGRAM} ${FILESDIR}/${BROWSER_NAME} \
${PREFIX}/bin/${BROWSER_NAME}
+
+.for f in unveil.content unveil.gpu unveil.main pledge.content pledge.gpu pledge.main
+ ${INSTALL_DATA} ${FILESDIR}/${f} ${BROWSER_DIR}/browser/defaults/preferences/
+.endfor

.include <bsd.port.mk>
Index: www/tor-browser/browser/distinfo
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/distinfo,v
retrieving revision 1.28
diff -u -p -r1.28 distinfo
--- www/tor-browser/browser/distinfo 26 Aug 2020 07:37:38 -0000 1.28
+++ www/tor-browser/browser/distinfo 26 Sep 2020 09:07:27 -0000
@@ -1,6 +1,8 @@
-SHA256 (mozilla/src-firefox-tor-browser-68.12.0esr-9.5-1-build1.tar.xz) = JJHvbajRiZQBZ4F/b2JBQF7COLXgBIYEjcjR3UR0+Q8=
-SHA256 (mozilla/src-tor-launcher-0.2.21.8.tar.xz) = v1cOZqTcpK1Ygxsw1GN+8Un5+8CMMuocvBE5iaZrVXg=
-SHA256 (mozilla/tor-browser-linux64-9.5.4_en-US.tar.xz) = XW2B2wTgqMU2w9XhPJNcUjGLrHykQIngMcG/fFTWb04=
-SIZE (mozilla/src-firefox-tor-browser-68.12.0esr-9.5-1-build1.tar.xz) = 348639116
-SIZE (mozilla/src-tor-launcher-0.2.21.8.tar.xz) = 214908
-SIZE (mozilla/tor-browser-linux64-9.5.4_en-US.tar.xz) = 79033640
+SHA256 (mozilla/https-everywhere-2020.8.13-eff.xpi) = e1XWrqP5HNCK5Hp5VDDX2SXwHiNsgfsLNyqxu1NrTeU=
+SHA256 (mozilla/src-firefox-tor-browser-78.3.0esr-10.0-2-build2.tar.xz) = jDTpGOFoUwVogXoOCdtT+8JKOHj456u6nblxbfMol3A=
+SHA256 (mozilla/src-tor-launcher-0.2.25.tar.xz) = OxtBhM51pbao3xJ0/zxr9l7EXLFmuTAt82+X7twZ4bQ=
+SHA256 (mozilla/tor-browser-linux64-10.0_en-US.tar.xz) = VNDjFltV7uLT/u6U6fcQR5eteND3NxOihgZa5+x0WdA=
+SIZE (mozilla/https-everywhere-2020.8.13-eff.xpi) = 1766618
+SIZE (mozilla/src-firefox-tor-browser-78.3.0esr-10.0-2-build2.tar.xz) = 363712688
+SIZE (mozilla/src-tor-launcher-0.2.25.tar.xz) = 215116
+SIZE (mozilla/tor-browser-linux64-10.0_en-US.tar.xz) = 85270296
Index: www/tor-browser/browser/files/all-openbsd.js
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/files/all-openbsd.js,v
retrieving revision 1.4
diff -u -p -r1.4 all-openbsd.js
--- www/tor-browser/browser/files/all-openbsd.js 16 Feb 2020 10:45:59 -0000 1.4
+++ www/tor-browser/browser/files/all-openbsd.js 26 Sep 2020 09:07:27 -0000
@@ -3,7 +3,3 @@
pref("spellchecker.dictionary_path", "${LOCALBASE}/share/mozilla-dicts/");
pref("general.config.filename", "tor-browser.cfg");
pref("general.config.obscure_value", 0);
-// enable pledging the content process
-pref("security.sandbox.content.level", 1);
-pref("security.sandbox.pledge.main","stdio rpath wpath cpath inet proc exec prot_exec flock ps sendfd recvfd dns vminfo tty drm unix fattr getpw mcast video");
-pref("security.sandbox.pledge.content","stdio rpath wpath cpath inet recvfd sendfd prot_exec unix drm ps");
Index: www/tor-browser/browser/files/pledge.content
===================================================================
RCS file: www/tor-browser/browser/files/pledge.content
diff -N www/tor-browser/browser/files/pledge.content
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/tor-browser/browser/files/pledge.content 26 Sep 2020 09:07:27 -0000
@@ -0,0 +1,14 @@
+# $OpenBSD: pledge.content,v 1.1 2020/07/28 14:21:48 landry Exp $
+stdio
+rpath
+wpath
+cpath
+recvfd
+sendfd
+prot_exec
+unix
+drm
+ps
+inet #dns.google does socket()
+# only needed if using NIS of the profile is located on a NFS share
+getpw
Index: www/tor-browser/browser/files/pledge.gpu
===================================================================
RCS file: www/tor-browser/browser/files/pledge.gpu
diff -N www/tor-browser/browser/files/pledge.gpu
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/tor-browser/browser/files/pledge.gpu 26 Sep 2020 09:07:27 -0000
@@ -0,0 +1,12 @@
+# $OpenBSD: pledge.gpu,v 1.1 2020/07/28 14:21:48 landry Exp $
+stdio
+rpath
+wpath
+cpath
+ps
+sendfd
+recvfd
+drm
+dns
+unix
+prot_exec
Index: www/tor-browser/browser/files/pledge.main
===================================================================
RCS file: www/tor-browser/browser/files/pledge.main
diff -N www/tor-browser/browser/files/pledge.main
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/tor-browser/browser/files/pledge.main 26 Sep 2020 09:07:27 -0000
@@ -0,0 +1,23 @@
+# $OpenBSD: pledge.main,v 1.1 2020/07/28 14:21:48 landry Exp $
+stdio
+rpath
+wpath
+cpath
+inet
+proc
+exec
+prot_exec
+flock
+ps
+sendfd
+recvfd
+dns
+vminfo
+tty
+drm
+unix
+fattr
+getpw
+mcast
+# only needed for WebRTC
+video
Index: www/tor-browser/browser/files/unveil.content
===================================================================
RCS file: www/tor-browser/browser/files/unveil.content
diff -N www/tor-browser/browser/files/unveil.content
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/tor-browser/browser/files/unveil.content 26 Sep 2020 09:07:27 -0000
@@ -0,0 +1,42 @@
+# $OpenBSD: unveil.content,v 1.1 2020/07/28 14:21:48 landry Exp $
+/dev/drm0 rw
+
+/etc/fonts r
+/etc/machine-id r
+/usr/local/lib r
+/usr/local/share r
+/usr/share/locale r
+/var/cache/fontconfig r
+/usr/X11R6/lib r
+/usr/X11R6/share r
+/var/run r
+
+~/.XCompose r
+~/.Xauthority r
+~/.Xdefaults r
+~/.fontconfig r
+~/.fonts r
+~/.fonts.conf r
+~/.fonts.conf.d r
+~/.icons r
+~/.pki rwc
+~/.sndio rwc
+~/.terminfo r
+
+~/TorBrowser-Data r
+~/Downloads r
+
+/tmp rwc
+
+$XDG_CONFIG_HOME/dconf rwc
+$XDG_CONFIG_HOME/fontconfig r
+$XDG_CONFIG_HOME/gtk-3.0 r
+$XDG_CONFIG_HOME/mimeapps.list r
+$XDG_CONFIG_HOME/user-dirs.dirs r
+$XDG_DATA_HOME/applications r
+$XDG_DATA_HOME/applnk r
+$XDG_DATA_HOME/fonts r
+$XDG_DATA_HOME/glib-2.0 r
+$XDG_DATA_HOME/icons r
+$XDG_DATA_HOME/mime r
+$XDG_DATA_HOME/themes r
Index: www/tor-browser/browser/files/unveil.gpu
===================================================================
RCS file: www/tor-browser/browser/files/unveil.gpu
diff -N www/tor-browser/browser/files/unveil.gpu
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/tor-browser/browser/files/unveil.gpu 26 Sep 2020 09:07:27 -0000
@@ -0,0 +1,12 @@
+# $OpenBSD: unveil.gpu,v 1.1 2020/07/28 14:21:48 landry Exp $
+/dev/drm0 rw
+
+/usr/local/lib/tor-browser r
+/usr/local/lib/gdk-pixbuf-2.0 r
+/usr/X11R6/lib r
+/usr/share/locale r
+/usr/local/share r
+
+/tmp rwc
+
+~/.Xauthority r
Index: www/tor-browser/browser/files/unveil.main
===================================================================
RCS file: www/tor-browser/browser/files/unveil.main
diff -N www/tor-browser/browser/files/unveil.main
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/tor-browser/browser/files/unveil.main 26 Sep 2020 09:07:27 -0000
@@ -0,0 +1,64 @@
+# $OpenBSD: unveil.main,v 1.1 2020/07/28 14:21:48 landry Exp $
+# for uuid generation?
+/dev/urandom r
+/dev/video rw
+/dev/video0 rw
+/dev/fido rw
+
+/etc/fonts r
+/etc/machine-id r
+
+/usr/local/lib r
+/usr/local/lib/tor-browser rx
+/usr/local/share r
+/usr/share/locale r
+/usr/share/zoneinfo r
+/var/cache/fontconfig r
+/usr/X11R6/lib r
+/usr/X11R6/share r
+/var/run r
+
+# printing
+/usr/bin/lpr rx
+
+# for launching registered 3rd party applications like pdf readers
+/etc/mailcap r
+~/.mailcap r
+~/.mime.types r
+
+~/.XCompose r
+~/.Xauthority r
+~/.Xdefaults r
+~/.fontconfig r
+~/.fonts r
+~/.fonts.conf r
+~/.fonts.conf.d r
+~/.icons r
+~/.pki rwc
+~/.sndio rwc
+~/.terminfo r
+
+~/TorBrowser-Data rwc
+~/Downloads rwc
+
+# for at least shm_open (for now)
+/tmp rwc
+
+# $XDG_CACHE_HOME, $XDG_CONFIG_HOME, and $XDG_DATA_HOME will expand to the
+# given variable if it exists in the environment, otherwise defaulting to
+# ~/.cache, ~/.config, and ~/.local/share
+$XDG_CACHE_HOME/dconf rwc
+$XDG_CACHE_HOME/thumbnails rwc
+$XDG_CONFIG_HOME/dconf rw
+$XDG_CONFIG_HOME/fontconfig r
+$XDG_CONFIG_HOME/gtk-3.0 r
+$XDG_CONFIG_HOME/mimeapps.list r
+$XDG_CONFIG_HOME/user-dirs.dirs r
+$XDG_DATA_HOME/applications rwc
+$XDG_DATA_HOME/applnk r
+$XDG_DATA_HOME/fonts r
+$XDG_DATA_HOME/glib-2.0 r
+$XDG_DATA_HOME/icons r
+$XDG_DATA_HOME/mime r
+$XDG_DATA_HOME/recently-used.xbel rwc
+$XDG_DATA_HOME/themes r
Index: www/tor-browser/browser/patches/patch-_mozconfig
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/patches/patch-_mozconfig,v
retrieving revision 1.6
diff -u -p -r1.6 patch-_mozconfig
--- www/tor-browser/browser/patches/patch-_mozconfig 13 Jun 2020 06:26:01 -0000 1.6
+++ www/tor-browser/browser/patches/patch-_mozconfig 26 Sep 2020 09:07:27 -0000
@@ -8,23 +8,9 @@ means we can not pass --disable-eme to c
Index: .mozconfig
--- .mozconfig.orig
+++ .mozconfig
-@@ -19,10 +19,10 @@ ac_add_options --enable-official-branding
- # Let's support GTK3 for ESR60
- ac_add_options --enable-default-toolkit=cairo-gtk3
-
--ac_add_options --disable-tor-launcher
-+#ac_add_options --disable-tor-launcher
- ac_add_options --disable-tor-browser-update
--ac_add_options --enable-signmar
--ac_add_options --enable-verify-mar
-+#ac_add_options --enable-signmar
-+#ac_add_options --enable-verify-mar
-
- ac_add_options --disable-strip
- ac_add_options --disable-install-strip
-@@ -31,10 +31,13 @@ ac_add_options --disable-debug
- ac_add_options --disable-crashreporter
+@@ -27,13 +27,15 @@ ac_add_options --disable-crashreporter
ac_add_options --disable-webrtc
+ ac_add_options --disable-parental-controls
# Let's make sure no preference is enabling either Adobe's or Google's CDM.
-ac_add_options --disable-eme
+#ac_add_options --disable-eme
@@ -33,8 +19,12 @@ Index: .mozconfig
# Disable telemetry
ac_add_options MOZ_TELEMETRY_REPORTING=

+-ac_add_options --disable-tor-launcher
-ac_add_options --with-tor-browser-version=dev-build
+# avoid 1.1GB libxul
+ac_add_options --disable-debug-symbols
+
+#ac_add_options --with-tor-browser-version=dev-build
+ ac_add_options --disable-tor-browser-update
+-ac_add_options --enable-verify-mar
++#ac_add_options --enable-verify-mar
Index: www/tor-browser/browser/patches/patch-browser_extensions_tor-launcher_src_components_tl-process_js
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/patches/patch-browser_extensions_tor-launcher_src_components_tl-process_js,v
retrieving revision 1.2
diff -u -p -r1.2 patch-browser_extensions_tor-launcher_src_components_tl-process_js
--- www/tor-browser/browser/patches/patch-browser_extensions_tor-launcher_src_components_tl-process_js 13 Jun 2020 06:26:01 -0000 1.2
+++ www/tor-browser/browser/patches/patch-browser_extensions_tor-launcher_src_components_tl-process_js 26 Sep 2020 09:07:27 -0000
@@ -6,7 +6,7 @@ the new getTorFile() deal with it.
Index: browser/extensions/tor-launcher/src/components/tl-process.js
--- browser/extensions/tor-launcher/src/components/tl-process.js.orig
+++ browser/extensions/tor-launcher/src/components/tl-process.js
-@@ -377,6 +377,8 @@ TorProcessService.prototype =
+@@ -393,6 +393,8 @@ TorProcessService.prototype =
var torrcFile = TorLauncherUtil.getTorFile("torrc", true);
var torrcDefaultsFile =
TorLauncherUtil.getTorFile("torrc-defaults", false);
@@ -15,7 +15,7 @@ Index: browser/extensions/tor-launcher/s
var hashedPassword = this.mProtocolSvc.TorGetPassword(true);
var controlIPCFile = this.mProtocolSvc.TorGetControlIPCFile();
var controlPort = this.mProtocolSvc.TorGetControlPort();
-@@ -404,19 +406,14 @@ TorProcessService.prototype =
+@@ -420,19 +422,14 @@ TorProcessService.prototype =
return;
}

Index: www/tor-browser/browser/patches/patch-config_makefiles_rust_mk
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/patches/patch-config_makefiles_rust_mk,v
retrieving revision 1.2
diff -u -p -r1.2 patch-config_makefiles_rust_mk
--- www/tor-browser/browser/patches/patch-config_makefiles_rust_mk 26 Aug 2020 07:37:39 -0000 1.2
+++ www/tor-browser/browser/patches/patch-config_makefiles_rust_mk 26 Sep 2020 09:07:27 -0000
@@ -1,15 +1,17 @@
-$OpenBSD: patch-config_makefiles_rust_mk,v 1.2 2020/08/26 07:37:39 landry Exp $
+$OpenBSD: patch-config_makefiles_rust_mk,v 1.3 2020/08/25 13:19:49 landry Exp $

+use lto=thin to reduce memory pressure when building gkrust
https://bugzilla.mozilla.org/show_bug.cgi?id=1644409

Index: config/makefiles/rust.mk
--- config/makefiles/rust.mk.orig
+++ config/makefiles/rust.mk
-@@ -48,6 +48,7 @@ ifndef DEVELOPER_OPTIONS
- ifndef MOZ_DEBUG_RUST
- # Enable link-time optimization for release builds.
- cargo_rustc_flags += -C lto
-+export CARGO_PROFILE_RELEASE_LTO=yes
+@@ -61,7 +61,7 @@ ifndef MOZ_DEBUG_RUST
+ # Enable link-time optimization for release builds, but not when linking
+ # gkrust_gtest.
+ ifeq (,$(findstring gkrust_gtest,$(RUST_LIBRARY_FILE)))
+-cargo_rustc_flags += -Clto
++cargo_rustc_flags += -Clto=thin
+ endif
# Versions of rust >= 1.45 need -Cembed-bitcode=yes for all crates when
# using -Clto.
- ifeq (,$(filter 1.22.% 1.23.% 1.24.% 1.25.% 1.26.% 1.27.% 1.28.% 1.29.% 1.30.% 1.31.% 1.32.% 1.33.% 1.34.% 1.35.% 1.36.% 1.37.% 1.38.% 1.39.% 1.40.% 1.41.% 1.42.% 1.43.% 1.44.%,$(RUSTC_VERSION)))
Index: www/tor-browser/browser/patches/patch-config_system-headers_mozbuild
===================================================================
RCS file: www/tor-browser/browser/patches/patch-config_system-headers_mozbuild
diff -N www/tor-browser/browser/patches/patch-config_system-headers_mozbuild
--- www/tor-browser/browser/patches/patch-config_system-headers_mozbuild 13 Feb 2020 07:41:53 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,27 +0,0 @@
-$OpenBSD: patch-config_system-headers_mozbuild,v 1.1 2020/02/13 07:41:53 landry Exp $
-
-https://hg.mozilla.org/mozilla-central/rev/d3885b9d42d3
-
-Index: config/system-headers.mozbuild
---- config/system-headers.mozbuild.orig
-+++ config/system-headers.mozbuild
-@@ -814,7 +814,6 @@ system_headers = [
- 'synch.h',
- 'syncmgr.h',
- 'sys/atomic_op.h',
-- 'sys/auxv.h',
- 'sys/bitypes.h',
- 'sys/byteorder.h',
- 'syscall.h',
-@@ -1345,6 +1344,11 @@ if CONFIG['MOZ_WAYLAND']:
- 'wayland-client.h',
- 'wayland-egl.h',
- 'wayland-util.h',
-+ ]
-+
-+if CONFIG['OS_TARGET'] in ('Android', 'Linux', 'FreeBSD'):
-+ system_headers += [
-+ 'sys/auxv.h',
- ]
-
- if CONFIG['OS_TARGET'] == 'Linux' and CONFIG['CPU_ARCH'].startswith('mips'):
Index: www/tor-browser/browser/patches/patch-dom_ipc_ContentChild_cpp
===================================================================
RCS file: www/tor-browser/browser/patches/patch-dom_ipc_ContentChild_cpp
diff -N www/tor-browser/browser/patches/patch-dom_ipc_ContentChild_cpp
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ www/tor-browser/browser/patches/patch-dom_ipc_ContentChild_cpp 26 Sep 2020 09:07:27 -0000
@@ -0,0 +1,30 @@
+$OpenBSD: patch-dom_ipc_ContentChild_cpp,v 1.1 2020/07/28 14:21:48 landry Exp $
+
+Do not unveil an already visible pledge file since that interferes with
+other unveils.
+
+cf https://bugzilla.mozilla.org/show_bug.cgi?id=1623086
+Index: dom/ipc/ContentChild.cpp
+--- dom/ipc/ContentChild.cpp.orig
++++ dom/ipc/ContentChild.cpp
+@@ -4414,8 +4414,18 @@ OpenBSDUnveilPaths(const nsACString& uPath, const nsAC
+ if (disabled) {
+ warnx("%s: disabled", PromiseFlatCString(uPath).get());
+ } else {
+- if (unveil(PromiseFlatCString(pledgePath).get(), "r") == -1) {
+- err(1, "unveil(%s, r) failed", PromiseFlatCString(pledgePath).get());
++ struct stat st;
++
++ // Only unveil the pledgePath file if it's not already unveiled, otherwise
++ // some containing directory will lose visibility.
++ if (stat(PromiseFlatCString(pledgePath).get(), &st) == -1) {
++ if (errno == ENOENT) {
++ if (unveil(PromiseFlatCString(pledgePath).get(), "r") == -1) {
++ err(1, "unveil(%s, r) failed", PromiseFlatCString(pledgePath).get());
++ }
++ } else {
++ err(1, "stat(%s)", PromiseFlatCString(pledgePath).get());
++ }
+ }
+ }
+
Index: www/tor-browser/browser/patches/patch-js_src_jit_ProcessExecutableMemory_cpp
===================================================================
RCS file: www/tor-browser/browser/patches/patch-js_src_jit_ProcessExecutableMemory_cpp
diff -N www/tor-browser/browser/patches/patch-js_src_jit_ProcessExecutableMemory_cpp
--- www/tor-browser/browser/patches/patch-js_src_jit_ProcessExecutableMemory_cpp 13 Feb 2020 07:41:53 -0000 1.4
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,29 +0,0 @@
-$OpenBSD: patch-js_src_jit_ProcessExecutableMemory_cpp,v 1.4 2020/02/13 07:41:53 landry Exp $
-
-Don't ComputeRandomAllocationAddress on OpenBSD
-https://bugzilla.mozilla.org/show_bug.cgi?id=1586912
-
-Index: js/src/jit/ProcessExecutableMemory.cpp
---- js/src/jit/ProcessExecutableMemory.cpp.orig
-+++ js/src/jit/ProcessExecutableMemory.cpp
-@@ -318,6 +318,12 @@ static void DecommitPages(void* addr, size_t bytes) {
- }
- #else // !XP_WIN
- static void* ComputeRandomAllocationAddress() {
-+#ifdef __OpenBSD__
-+ // OpenBSD already has random mmap and the idea that all x64 cpus
-+ // have 48-bit address space is not correct. Returning nullptr
-+ // allows OpenBSD do to the right thing.
-+ return nullptr;
-+#else
- uint64_t rand = js::GenerateRandomSeed();
-
- # ifdef HAVE_64BIT_BUILD
-@@ -337,6 +343,7 @@ static void* ComputeRandomAllocationAddress() {
- // Ensure page alignment.
- uintptr_t mask = ~uintptr_t(gc::SystemPageSize() - 1);
- return (void*)uintptr_t(rand & mask);
-+

OpenBSD Mail Box

Saturday, September 26, 2020

UPDATE: Tor Browser 10.0

No comments:

Post a Comment