pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/tor-browser



Module Name:    pkgsrc
Committed By:   wiz
Date:           Fri May  1 07:01:46 UTC 2020

Modified Files:
        pkgsrc/security/tor-browser: Makefile PLIST distinfo
        pkgsrc/security/tor-browser/patches:
            patch-browser_app_profile_000-tor-browser.js
            patch-toolkit_moz.configure
Added Files:
        pkgsrc/security/tor-browser/files: tor-browser.sh

Log Message:
tor-browser: update to 9.0.9nb4.

Install and use the fonts distributed with the Linux binary of tor-browser.
Reduces fingerprinting possibilities based on installed fonts.

Idea from Caspar Schutijser, the OpenBSD ports maintainer, and
based on his patch for OpenBSD ports.


To generate a diff of this commit:
cvs rdiff -u -r1.62 -r1.63 pkgsrc/security/tor-browser/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/security/tor-browser/PLIST
cvs rdiff -u -r1.18 -r1.19 pkgsrc/security/tor-browser/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/security/tor-browser/files/tor-browser.sh
cvs rdiff -u -r1.1 -r1.2 \
    pkgsrc/security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js
cvs rdiff -u -r1.2 -r1.3 \
    pkgsrc/security/tor-browser/patches/patch-toolkit_moz.configure

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/tor-browser/Makefile
diff -u pkgsrc/security/tor-browser/Makefile:1.62 pkgsrc/security/tor-browser/Makefile:1.63
--- pkgsrc/security/tor-browser/Makefile:1.62   Thu Apr 30 07:52:39 2020
+++ pkgsrc/security/tor-browser/Makefile        Fri May  1 07:01:46 2020
@@ -1,12 +1,14 @@
-# $NetBSD: Makefile,v 1.62 2020/04/30 07:52:39 wiz Exp $
+# $NetBSD: Makefile,v 1.63 2020/05/01 07:01:46 wiz Exp $
 
 DISTNAME=      src-firefox-tor-browser-68.7.0esr-9.0-2-build1
 PKGNAME=       tor-browser-9.0.9
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    security www
 MASTER_SITES=  https://dist.torproject.org/torbrowser/${PKGVERSION_NOREV}/
 EXTRACT_SUFX=  .tar.xz
-#DISTFILES=    ${DISTNAME}${EXTRACT_SUFX} src-tor-launcher-0.2.20.5${EXTRACT_SUFX}
+DISTFILES=     ${DISTNAME}${EXTRACT_SUFX}
+DISTFILES+=    tor-browser-linux64-${PKGVERSION_NOREV}_en-US${EXTRACT_SUFX}
+#DISTFILES+=   src-tor-launcher-0.2.20.5${EXTRACT_SUFX}
 
 MAINTAINER=    wiz%NetBSD.org@localhost
 HOMEPAGE=      https://www.torproject.org/projects/torbrowser.html.en
@@ -24,10 +26,12 @@ DEPENDS+=   tor-browser-noscript-[0-9]*:..
 # replace all patches with the one from the correspoding www/firefox${ESR_RELEASE}
 # BUT keep patch-xpcom_io_TorFileUtils.cpp
 # AND keep patch-browser_app_profile_000-tor-browser.js
+# AND the second chunk of patch-toolkit_moz.configure
 # (AND if necessary patch-.mozconfig)
 # make the patches apply
 #
 # when packaged up, read MESSAGE and test by visiting https://check.torproject.org
+# and https://panopticlick.eff.org
 
 # Remove hardcoded build directory.
 SUBST_CLASSES+=                        fix-build-dir
@@ -35,6 +39,12 @@ SUBST_STAGE.fix-build-dir=   pre-configure
 SUBST_FILES.fix-build-dir+=    .mozconfig
 SUBST_SED.fix-build-dir+=      -e 's,mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@,,'
 
+SUBST_CLASSES+=                fonts
+SUBST_STAGE.fonts=     pre-configure
+SUBST_FILES.fonts+=    tor-browser_en-US/Browser/TorBrowser/Data/fontconfig/fonts.conf
+SUBST_SED.fonts+=      -e 's,<dir>fonts</dir>,<dir>${PREFIX}/lib/tor-browser/browser/fonts</dir>,'
+SUBST_MESSAGE.fonts=   Fixing path to bundled fonts directory.
+
 MOZILLA_DIR=   # empty
 
 .include "../../mk/bsd.prefs.mk"
@@ -79,6 +89,7 @@ MOZILLA_NAME= TorBrowser
 post-extract:
        mv ${WRKSRC}/gfx/ycbcr/yuv_row_arm.s ${WRKSRC}/gfx/ycbcr/yuv_row_arm.S
        ${CP} ${FILESDIR}/cubeb_sun.c ${WRKSRC}/media/libcubeb/src/cubeb_sun.c
+       mv ${WRKDIR}/tor-browser_en-US ${WRKSRC}
 #      mv ${WRKDIR}/tor-launcher* ${WRKSRC}/browser/extensions/tor-launcher
 
 pre-configure:
@@ -93,17 +104,26 @@ post-build:
          -e 's|@FIREFOX_ICON@|${MOZILLA}.png|g'                        \
          < ${FILESDIR}/desktop.in                                      \
          > ${WRKDIR}/desktop
+       ${SED} -e 's|@PREFIX@|${PREFIX}|g'                              \
+         < ${FILESDIR}/tor-browser.sh                                  \
+         > ${WRKDIR}/tor-browser.sh
+
+INSTALLATION_DIRS+=    share/applications
+INSTALLATION_DIRS+=    share/pixmaps
+INSTALLATION_DIRS+=    ${PREFIX}/lib/tor-browser/browser/fontconfig
+INSTALLATION_DIRS+=    ${PREFIX}/lib/tor-browser/browser/fonts
 
-INSTALLATION_DIRS+=    share/applications share/pixmaps
 post-install:
-       ${ECHO} '#! /bin/sh' > ${DESTDIR}${PREFIX}/bin/${MOZILLA}
-       ${ECHO} '${PREFIX}/lib/tor-browser/tor-browser-bin "$$@"' >> \
-               ${DESTDIR}${PREFIX}/bin/${MOZILLA}
-       ${CHMOD} 755 ${DESTDIR}${PREFIX}/bin/${MOZILLA}
+       ${INSTALL_SCRIPT} ${WRKDIR}/tor-browser.sh \
+               ${DESTDIR}${PREFIX}/bin/tor-browser
        ${INSTALL_DATA} ${WRKDIR}/desktop                               \
-         ${DESTDIR}${PREFIX}/share/applications/${MOZILLA}.desktop
+               ${DESTDIR}${PREFIX}/share/applications/${MOZILLA}.desktop
        ${INSTALL_DATA} ${MOZILLA_ICON}                                 \
-         ${DESTDIR}${PREFIX}/share/pixmaps/${MOZILLA}.png
+               ${DESTDIR}${PREFIX}/share/pixmaps/${MOZILLA}.png
+       ${INSTALL_DATA} ${WRKSRC}/tor-browser_en-US/Browser/TorBrowser/Data/fontconfig/fonts.conf \
+               ${DESTDIR}${PREFIX}/lib/tor-browser/browser/fontconfig
+       ${INSTALL_DATA} ${WRKSRC}/tor-browser_en-US/Browser/fonts/* \
+               ${DESTDIR}${PREFIX}/lib/tor-browser/browser/fonts
 
 .include "../../sysutils/desktop-file-utils/desktopdb.mk"
 .include "../../sysutils/dbus-glib/buildlink3.mk"

Index: pkgsrc/security/tor-browser/PLIST
diff -u pkgsrc/security/tor-browser/PLIST:1.6 pkgsrc/security/tor-browser/PLIST:1.7
--- pkgsrc/security/tor-browser/PLIST:1.6       Fri Mar 13 17:59:27 2020
+++ pkgsrc/security/tor-browser/PLIST   Fri May  1 07:01:46 2020
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2020/03/13 17:59:27 wiz Exp $
+@comment $NetBSD: PLIST,v 1.7 2020/05/01 07:01:46 wiz Exp $
 bin/tor-browser
 lib/tor-browser/actors/AudioPlaybackChild.jsm
 lib/tor-browser/actors/AutoplayChild.jsm
@@ -3960,6 +3960,53 @@ lib/tor-browser/browser/features/onboard
 lib/tor-browser/browser/features/onboarding%mozilla.org@localhost/en-US/locale/en-US/onboarding.properties
 lib/tor-browser/browser/features/onboarding%mozilla.org@localhost/manifest.json
 lib/tor-browser/browser/features/onboarding%mozilla.org@localhost/schema.json
+lib/tor-browser/browser/fontconfig/fonts.conf
+lib/tor-browser/browser/fonts/Arimo-Bold.ttf
+lib/tor-browser/browser/fonts/Arimo-BoldItalic.ttf
+lib/tor-browser/browser/fonts/Arimo-Italic.ttf
+lib/tor-browser/browser/fonts/Arimo-Regular.ttf
+lib/tor-browser/browser/fonts/Cousine-Regular.ttf
+lib/tor-browser/browser/fonts/NotoEmoji-Regular.ttf
+lib/tor-browser/browser/fonts/NotoNaskhArabic-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansArmenian-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansBengali-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansBuginese-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansCanadianAboriginal-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansCherokee-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansDevanagari-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansEthiopic-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansGeorgian-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansGujarati-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansGurmukhi-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansHebrew-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansJP-Regular.otf
+lib/tor-browser/browser/fonts/NotoSansKR-Regular.otf
+lib/tor-browser/browser/fonts/NotoSansKannada-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansKhmer-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansLao-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansMalayalam-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansMongolian-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansMyanmar-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansOriya-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansSC-Regular.otf
+lib/tor-browser/browser/fonts/NotoSansSinhala-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansTC-Regular.otf
+lib/tor-browser/browser/fonts/NotoSansTamil-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansTelugu-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansThaana-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansThai-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansTibetan-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansYi-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSerifArmenian-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSerifKhmer-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSerifLao-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSerifThai-Regular.ttf
+lib/tor-browser/browser/fonts/STIXMath-Regular.otf
+lib/tor-browser/browser/fonts/Tinos-Bold.ttf
+lib/tor-browser/browser/fonts/Tinos-BoldItalic.ttf
+lib/tor-browser/browser/fonts/Tinos-Italic.ttf
+lib/tor-browser/browser/fonts/Tinos-Regular.ttf
+lib/tor-browser/browser/fonts/TwemojiMozilla.ttf
 lib/tor-browser/browser/localization/en-US/branding/brand.ftl
 lib/tor-browser/browser/localization/en-US/browser/aboutConfig.ftl
 lib/tor-browser/browser/localization/en-US/browser/aboutDialog.ftl

Index: pkgsrc/security/tor-browser/distinfo
diff -u pkgsrc/security/tor-browser/distinfo:1.18 pkgsrc/security/tor-browser/distinfo:1.19
--- pkgsrc/security/tor-browser/distinfo:1.18   Tue Apr 28 19:38:49 2020
+++ pkgsrc/security/tor-browser/distinfo        Fri May  1 07:01:46 2020
@@ -1,12 +1,16 @@
-$NetBSD: distinfo,v 1.18 2020/04/28 19:38:49 wiz Exp $
+$NetBSD: distinfo,v 1.19 2020/05/01 07:01:46 wiz Exp $
 
 SHA1 (src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) = c9be70c6cbbac9d73d1aee930703ea4d013725df
 RMD160 (src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) = 6289e342fa8e99c21098331d153beb6d88bc39b2
 SHA512 (src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) = 6cf582c1eb3092c1ecbef86c67040c89dc2c84f54805c52408b0c1051550fcff1af563e09e85ba9cd72a1a1e924b6643a812e9669676856a86e903e0063e5270
 Size (src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) = 348594032 bytes
+SHA1 (tor-browser-linux64-9.0.9_en-US.tar.xz) = 094d148a5df4efa979e2aaca5d88a6517469ebe6
+RMD160 (tor-browser-linux64-9.0.9_en-US.tar.xz) = b880eeecc748e6584672a761615fefccb07a7a5b
+SHA512 (tor-browser-linux64-9.0.9_en-US.tar.xz) = 72a6c080ad2d5237b20f00e82388373accd4866f19a713564823fe416bcaf41408ef774d6cb735db8c3f2766d2870655c85e6109e8ef32de8b1403fc9c63561d
+Size (tor-browser-linux64-9.0.9_en-US.tar.xz) = 80156396 bytes
 SHA1 (patch-.mozconfig) = 66fbb2f113091eee1f022cd656231f845b04b0f8
 SHA1 (patch-aa) = 9f7200c411cd2217a80ec10a276c8877bc6b845c
-SHA1 (patch-browser_app_profile_000-tor-browser.js) = 545cf6e80f061a6a58b429d2696046de4e34725f
+SHA1 (patch-browser_app_profile_000-tor-browser.js) = 84a0a15605fff0e22f3150bce901a296fc920280
 SHA1 (patch-browser_app_profile_firefox.js) = 076cc2892547bac07fe907533f4e821f13f5738e
 SHA1 (patch-dom_base_nsAttrName.h) = ac7ba441a3b27df2855cf2673eea36b1cb44ad49
 SHA1 (patch-dom_media_CubebUtils.cpp) = 3cd2c65ab281d802c56216565970450767a3fb24
@@ -34,7 +38,7 @@ SHA1 (patch-nsprpub_pr_src_pthreads_ptsy
 SHA1 (patch-toolkit_components_terminator_nsTerminator.cpp) = e5700d95302ef9672b404ab19e13ef7ba3ede5cf
 SHA1 (patch-toolkit_library_moz.build) = 57516a1cc888fdbaf39ba90f73e5de488ad1f01e
 SHA1 (patch-toolkit_modules_subprocess_subprocess__shared__unix.js) = 22a39e54e042ab2270a3cb54e4e307c8900cad12
-SHA1 (patch-toolkit_moz.configure) = 40ee147cc1d2c62dd6c83b3f67ce9e61f758ea57
+SHA1 (patch-toolkit_moz.configure) = 9f4edca09802f6d3adb517613e879dca8d2d65be
 SHA1 (patch-toolkit_mozapps_installer_packager.mk) = b2343fbad2556504dfd13601c02e6e2357c7d2bc
 SHA1 (patch-toolkit_xre_glxtest.cpp) = 04942938f45f326c7d5c4da3bf8cc2d09b977c69
 SHA1 (patch-xpcom_base_nscore.h) = 1ac4d34d3c9e80bc1ac966c6c84cb320bc0fa1ec

Index: pkgsrc/security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js
diff -u pkgsrc/security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js:1.1 pkgsrc/security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js:1.2
--- pkgsrc/security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js:1.1        Tue Apr 28 19:38:49 2020
+++ pkgsrc/security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js    Fri May  1 07:01:46 2020
@@ -1,4 +1,6 @@
-$NetBSD: patch-browser_app_profile_000-tor-browser.js,v 1.1 2020/04/28 19:38:49 wiz Exp $
+$NetBSD: patch-browser_app_profile_000-tor-browser.js,v 1.2 2020/05/01 07:01:46 wiz Exp $
+
+First chunk:
 
 Despite the warning at the top of this file, we change the default for the socks
 port in pkgsrc from 9150 to 9050.
@@ -9,6 +11,10 @@ standard port can't be used because anot
 pkgsrc's tor-browser uses the system-wide installation of tor and thus should use
 its default port to minimize manual setup steps for the end users.
 
+
+Second chunk:
+Hardcode font list on all pkgsrc platforms to make it harder to fingerprint.
+
 --- browser/app/profile/000-tor-browser.js.orig        2020-04-04 03:09:31.000000000 +0000
 +++ browser/app/profile/000-tor-browser.js
 @@ -161,7 +161,7 @@ pref("network.predictor.enabled", false)
@@ -20,3 +26,12 @@ its default port to minimize manual setu
  pref("network.proxy.socks_remote_dns", true);
  pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local service vulns (#10419)
  pref("network.proxy.allow_hijacking_localhost", true); // Allow proxies for localhost (#31065)
+@@ -370,7 +370,7 @@ pref("font.name.sans-serif.ar", "Arial")
+ pref("font.system.whitelist", "Arial, Batang, 바탕, Cambria Math, Courier New, Euphemia, Gautami, Georgia, Gulim, 굴림, GulimChe, 굴림체, Iskoola Pota, Kalinga, Kartika, Latha, Lucida Console, MS Gothic, 
MS ゴシック, MS Mincho, MS 明朝, MS PGothic, MS Pゴシック, MS PMincho, MS P明朝, MV Boli, Malgun Gothic, Mangal, Meiryo, Meiryo UI, Microsoft Himalaya, Microsoft JhengHei, Microsoft JhengHei UI, Microsoft YaHei, 
微软雅黑, Microsoft YaHei UI, MingLiU, 細明體, Noto Sans Buginese, Noto Sans Khmer, Noto Sans Lao, Noto Sans Myanmar, Noto Sans Yi, Nyala, PMingLiU, 新細明體, Plantagenet Cherokee, Raavi, Segoe UI, Shruti, 
SimSun, 宋体, Sylfaen, Tahoma, Times New Roman, Tunga, Verdana, Vrinda, Yu Gothic UI");
+ #endif
+ 
+-#ifdef XP_LINUX
++#if 1
+ pref("font.default.lo", "Noto Sans Lao");
+ pref("font.default.my", "Noto Sans Myanmar");
+ pref("font.default.x-western", "sans-serif");

Index: pkgsrc/security/tor-browser/patches/patch-toolkit_moz.configure
diff -u pkgsrc/security/tor-browser/patches/patch-toolkit_moz.configure:1.2 pkgsrc/security/tor-browser/patches/patch-toolkit_moz.configure:1.3
--- pkgsrc/security/tor-browser/patches/patch-toolkit_moz.configure:1.2 Fri Mar 13 17:59:27 2020
+++ pkgsrc/security/tor-browser/patches/patch-toolkit_moz.configure     Fri May  1 07:01:46 2020
@@ -1,10 +1,11 @@
-$NetBSD: patch-toolkit_moz.configure,v 1.2 2020/03/13 17:59:27 wiz Exp $
+$NetBSD: patch-toolkit_moz.configure,v 1.3 2020/05/01 07:01:46 wiz Exp $
 
 * skia part: support bigendian architectures
+* second chunk: use bundled fonts to reduce fingerprinting possibilities
 
---- toolkit/moz.configure.orig 2018-05-03 16:58:41.000000000 +0000
+--- toolkit/moz.configure.orig 2020-04-04 03:09:31.000000000 +0000
 +++ toolkit/moz.configure
-@@ -932,11 +932,11 @@ include('nss.configure')
+@@ -834,11 +834,11 @@ include('nss.configure')
  # ==============================================================
  option('--disable-skia', help='Disable use of Skia')
  
@@ -21,3 +22,12 @@ $NetBSD: patch-toolkit_moz.configure,v 1
          return True
  
  set_config('MOZ_ENABLE_SKIA', skia)
+@@ -1318,7 +1318,7 @@ set_config('MOZ_BITS_DOWNLOAD',
+ 
+ @depends(target)
+ def bundled_fonts_default(target):
+-    return target.os == 'WINNT' or target.kernel == 'Linux'
++    return True
+ 
+ @depends(build_project)
+ def allow_bundled_fonts(project):

Added files:

Index: pkgsrc/security/tor-browser/files/tor-browser.sh
diff -u /dev/null pkgsrc/security/tor-browser/files/tor-browser.sh:1.1
--- /dev/null   Fri May  1 07:01:46 2020
+++ pkgsrc/security/tor-browser/files/tor-browser.sh    Fri May  1 07:01:46 2020
@@ -0,0 +1,5 @@
+#! /bin/sh
+export FONTCONFIG_PATH="@PREFIX@/lib/tor-browser/browser/fontconfig/"
+export FONTCONFIG_FILE="fonts.conf"
+
+exec @PREFIX@/lib/tor-browser/tor-browser-bin "$@"



Home | Main Index | Thread Index | Old Index