tor-browser: update to 9.0.9nb4.

Install and use the fonts distributed with the Linux binary of tor-browser. Reduces fingerprinting possibilities based on installed fonts. Idea from Caspar Schutijser, the OpenBSD ports maintainer, and based on his patch for OpenBSD ports.
author: wiz <wiz@pkgsrc.org> 2020-05-01 07:01:46 +0000
committer: wiz <wiz@pkgsrc.org> 2020-05-01 07:01:46 +0000
commit: 90987e27f27b1fa4040575dadfd9f18d331b446c (patch)
tree: 996f97dc55297043eb6c46fdbc34d660e69427c7 /security
parent: 99e11d7c9571c851429983d61c34723718e43a97 (diff)
download: pkgsrc-90987e27f27b1fa4040575dadfd9f18d331b446c.tar.gz
6 files changed, 119 insertions, 18 deletions
diff --git a/security/tor-browser/Makefile b/security/tor-browser/Makefile
index 4c8a83e296c..e6ed280dd87 100644
--- a/security/tor-browser/Makefile
+++ b/security/tor-browser/Makefile
@@ -1,12 +1,14 @@
-# $NetBSD: Makefile,v 1.62 2020/04/30 07:52:39 wiz Exp $
+# $NetBSD: Makefile,v 1.63 2020/05/01 07:01:46 wiz Exp $
 
 DISTNAME=	src-firefox-tor-browser-68.7.0esr-9.0-2-build1
 PKGNAME=	tor-browser-9.0.9
-PKGREVISION=	3
+PKGREVISION=	4
 CATEGORIES=	security www
 MASTER_SITES=	https://dist.torproject.org/torbrowser/${PKGVERSION_NOREV}/
 EXTRACT_SUFX=	.tar.xz
-#DISTFILES=	${DISTNAME}${EXTRACT_SUFX} src-tor-launcher-0.2.20.5${EXTRACT_SUFX}
+DISTFILES=	${DISTNAME}${EXTRACT_SUFX}
+DISTFILES+=	tor-browser-linux64-${PKGVERSION_NOREV}_en-US${EXTRACT_SUFX}
+#DISTFILES+=	src-tor-launcher-0.2.20.5${EXTRACT_SUFX}
 
 MAINTAINER=	wiz@NetBSD.org
 HOMEPAGE=	https://www.torproject.org/projects/torbrowser.html.en
@@ -24,10 +26,12 @@ DEPENDS+=	tor-browser-noscript-[0-9]*:../../security/tor-browser-noscript
 # replace all patches with the one from the correspoding www/firefox${ESR_RELEASE}
 # BUT keep patch-xpcom_io_TorFileUtils.cpp
 # AND keep patch-browser_app_profile_000-tor-browser.js
+# AND the second chunk of patch-toolkit_moz.configure
 # (AND if necessary patch-.mozconfig)
 # make the patches apply
 #
 # when packaged up, read MESSAGE and test by visiting https://check.torproject.org
+# and https://panopticlick.eff.org
 
 # Remove hardcoded build directory.
 SUBST_CLASSES+=			fix-build-dir
@@ -35,6 +39,12 @@ SUBST_STAGE.fix-build-dir=	pre-configure
 SUBST_FILES.fix-build-dir+=	.mozconfig
 SUBST_SED.fix-build-dir+=	-e 's,mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/obj-@CONFIG_GUESS@,,'
 
+SUBST_CLASSES+=		fonts
+SUBST_STAGE.fonts=	pre-configure
+SUBST_FILES.fonts+=	tor-browser_en-US/Browser/TorBrowser/Data/fontconfig/fonts.conf
+SUBST_SED.fonts+=	-e 's,<dir>fonts</dir>,<dir>${PREFIX}/lib/tor-browser/browser/fonts</dir>,'
+SUBST_MESSAGE.fonts=	Fixing path to bundled fonts directory.
+
 MOZILLA_DIR=	# empty
 
 .include "../../mk/bsd.prefs.mk"
@@ -79,6 +89,7 @@ MOZILLA_NAME=	TorBrowser
 post-extract:
 	mv ${WRKSRC}/gfx/ycbcr/yuv_row_arm.s ${WRKSRC}/gfx/ycbcr/yuv_row_arm.S
 	${CP} ${FILESDIR}/cubeb_sun.c ${WRKSRC}/media/libcubeb/src/cubeb_sun.c
+	mv ${WRKDIR}/tor-browser_en-US ${WRKSRC}
 #	mv ${WRKDIR}/tor-launcher* ${WRKSRC}/browser/extensions/tor-launcher
 
 pre-configure:
@@ -93,17 +104,26 @@ post-build:
 	  -e 's|@FIREFOX_ICON@|${MOZILLA}.png|g'			\
 	  < ${FILESDIR}/desktop.in					\
 	  > ${WRKDIR}/desktop
+	${SED} -e 's|@PREFIX@|${PREFIX}|g'				\
+	  < ${FILESDIR}/tor-browser.sh					\
+	  > ${WRKDIR}/tor-browser.sh
+
+INSTALLATION_DIRS+=	share/applications
+INSTALLATION_DIRS+=	share/pixmaps
+INSTALLATION_DIRS+=	${PREFIX}/lib/tor-browser/browser/fontconfig
+INSTALLATION_DIRS+=	${PREFIX}/lib/tor-browser/browser/fonts
 
-INSTALLATION_DIRS+=	share/applications share/pixmaps
 post-install:
-	${ECHO} '#! /bin/sh' > ${DESTDIR}${PREFIX}/bin/${MOZILLA}
-	${ECHO} '${PREFIX}/lib/tor-browser/tor-browser-bin "$$@"' >> \
-		${DESTDIR}${PREFIX}/bin/${MOZILLA}
-	${CHMOD} 755 ${DESTDIR}${PREFIX}/bin/${MOZILLA}
+	${INSTALL_SCRIPT} ${WRKDIR}/tor-browser.sh \
+		${DESTDIR}${PREFIX}/bin/tor-browser
 	${INSTALL_DATA} ${WRKDIR}/desktop				\
-	  ${DESTDIR}${PREFIX}/share/applications/${MOZILLA}.desktop
+		${DESTDIR}${PREFIX}/share/applications/${MOZILLA}.desktop
 	${INSTALL_DATA} ${MOZILLA_ICON}					\
-	  ${DESTDIR}${PREFIX}/share/pixmaps/${MOZILLA}.png
+		${DESTDIR}${PREFIX}/share/pixmaps/${MOZILLA}.png
+	${INSTALL_DATA} ${WRKSRC}/tor-browser_en-US/Browser/TorBrowser/Data/fontconfig/fonts.conf \
+		${DESTDIR}${PREFIX}/lib/tor-browser/browser/fontconfig
+	${INSTALL_DATA} ${WRKSRC}/tor-browser_en-US/Browser/fonts/* \
+		${DESTDIR}${PREFIX}/lib/tor-browser/browser/fonts
 
 .include "../../sysutils/desktop-file-utils/desktopdb.mk"
 .include "../../sysutils/dbus-glib/buildlink3.mk"
diff --git a/security/tor-browser/PLIST b/security/tor-browser/PLIST
index d4b0a9f71fc..b7b7db0f0e9 100644
--- a/security/tor-browser/PLIST
+++ b/security/tor-browser/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2020/03/13 17:59:27 wiz Exp $
+@comment $NetBSD: PLIST,v 1.7 2020/05/01 07:01:46 wiz Exp $
 bin/tor-browser
 lib/tor-browser/actors/AudioPlaybackChild.jsm
 lib/tor-browser/actors/AutoplayChild.jsm
@@ -3960,6 +3960,53 @@ lib/tor-browser/browser/features/onboarding@mozilla.org/chrome/content/onboardin
 lib/tor-browser/browser/features/onboarding@mozilla.org/en-US/locale/en-US/onboarding.properties
 lib/tor-browser/browser/features/onboarding@mozilla.org/manifest.json
 lib/tor-browser/browser/features/onboarding@mozilla.org/schema.json
+lib/tor-browser/browser/fontconfig/fonts.conf
+lib/tor-browser/browser/fonts/Arimo-Bold.ttf
+lib/tor-browser/browser/fonts/Arimo-BoldItalic.ttf
+lib/tor-browser/browser/fonts/Arimo-Italic.ttf
+lib/tor-browser/browser/fonts/Arimo-Regular.ttf
+lib/tor-browser/browser/fonts/Cousine-Regular.ttf
+lib/tor-browser/browser/fonts/NotoEmoji-Regular.ttf
+lib/tor-browser/browser/fonts/NotoNaskhArabic-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansArmenian-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansBengali-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansBuginese-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansCanadianAboriginal-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansCherokee-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansDevanagari-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansEthiopic-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansGeorgian-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansGujarati-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansGurmukhi-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansHebrew-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansJP-Regular.otf
+lib/tor-browser/browser/fonts/NotoSansKR-Regular.otf
+lib/tor-browser/browser/fonts/NotoSansKannada-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansKhmer-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansLao-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansMalayalam-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansMongolian-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansMyanmar-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansOriya-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansSC-Regular.otf
+lib/tor-browser/browser/fonts/NotoSansSinhala-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansTC-Regular.otf
+lib/tor-browser/browser/fonts/NotoSansTamil-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansTelugu-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansThaana-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansThai-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansTibetan-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSansYi-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSerifArmenian-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSerifKhmer-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSerifLao-Regular.ttf
+lib/tor-browser/browser/fonts/NotoSerifThai-Regular.ttf
+lib/tor-browser/browser/fonts/STIXMath-Regular.otf
+lib/tor-browser/browser/fonts/Tinos-Bold.ttf
+lib/tor-browser/browser/fonts/Tinos-BoldItalic.ttf
+lib/tor-browser/browser/fonts/Tinos-Italic.ttf
+lib/tor-browser/browser/fonts/Tinos-Regular.ttf
+lib/tor-browser/browser/fonts/TwemojiMozilla.ttf
 lib/tor-browser/browser/localization/en-US/branding/brand.ftl
 lib/tor-browser/browser/localization/en-US/browser/aboutConfig.ftl
 lib/tor-browser/browser/localization/en-US/browser/aboutDialog.ftl
diff --git a/security/tor-browser/distinfo b/security/tor-browser/distinfo
index ac13fa98e43..02debc3b9da 100644
--- a/security/tor-browser/distinfo
+++ b/security/tor-browser/distinfo
@@ -1,12 +1,16 @@
-$NetBSD: distinfo,v 1.18 2020/04/28 19:38:49 wiz Exp $
+$NetBSD: distinfo,v 1.19 2020/05/01 07:01:46 wiz Exp $
 
 SHA1 (src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) = c9be70c6cbbac9d73d1aee930703ea4d013725df
 RMD160 (src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) = 6289e342fa8e99c21098331d153beb6d88bc39b2
 SHA512 (src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) = 6cf582c1eb3092c1ecbef86c67040c89dc2c84f54805c52408b0c1051550fcff1af563e09e85ba9cd72a1a1e924b6643a812e9669676856a86e903e0063e5270
 Size (src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) = 348594032 bytes
+SHA1 (tor-browser-linux64-9.0.9_en-US.tar.xz) = 094d148a5df4efa979e2aaca5d88a6517469ebe6
+RMD160 (tor-browser-linux64-9.0.9_en-US.tar.xz) = b880eeecc748e6584672a761615fefccb07a7a5b
+SHA512 (tor-browser-linux64-9.0.9_en-US.tar.xz) = 72a6c080ad2d5237b20f00e82388373accd4866f19a713564823fe416bcaf41408ef774d6cb735db8c3f2766d2870655c85e6109e8ef32de8b1403fc9c63561d
+Size (tor-browser-linux64-9.0.9_en-US.tar.xz) = 80156396 bytes
 SHA1 (patch-.mozconfig) = 66fbb2f113091eee1f022cd656231f845b04b0f8
 SHA1 (patch-aa) = 9f7200c411cd2217a80ec10a276c8877bc6b845c
-SHA1 (patch-browser_app_profile_000-tor-browser.js) = 545cf6e80f061a6a58b429d2696046de4e34725f
+SHA1 (patch-browser_app_profile_000-tor-browser.js) = 84a0a15605fff0e22f3150bce901a296fc920280
 SHA1 (patch-browser_app_profile_firefox.js) = 076cc2892547bac07fe907533f4e821f13f5738e
 SHA1 (patch-dom_base_nsAttrName.h) = ac7ba441a3b27df2855cf2673eea36b1cb44ad49
 SHA1 (patch-dom_media_CubebUtils.cpp) = 3cd2c65ab281d802c56216565970450767a3fb24
@@ -34,7 +38,7 @@ SHA1 (patch-nsprpub_pr_src_pthreads_ptsynch.c) = c39a222c5ab16c26cb214e5e53a0b61
 SHA1 (patch-toolkit_components_terminator_nsTerminator.cpp) = e5700d95302ef9672b404ab19e13ef7ba3ede5cf
 SHA1 (patch-toolkit_library_moz.build) = 57516a1cc888fdbaf39ba90f73e5de488ad1f01e
 SHA1 (patch-toolkit_modules_subprocess_subprocess__shared__unix.js) = 22a39e54e042ab2270a3cb54e4e307c8900cad12
-SHA1 (patch-toolkit_moz.configure) = 40ee147cc1d2c62dd6c83b3f67ce9e61f758ea57
+SHA1 (patch-toolkit_moz.configure) = 9f4edca09802f6d3adb517613e879dca8d2d65be
 SHA1 (patch-toolkit_mozapps_installer_packager.mk) = b2343fbad2556504dfd13601c02e6e2357c7d2bc
 SHA1 (patch-toolkit_xre_glxtest.cpp) = 04942938f45f326c7d5c4da3bf8cc2d09b977c69
 SHA1 (patch-xpcom_base_nscore.h) = 1ac4d34d3c9e80bc1ac966c6c84cb320bc0fa1ec
diff --git a/security/tor-browser/files/tor-browser.sh b/security/tor-browser/files/tor-browser.sh
new file mode 100755
index 00000000000..5cdd228de7a
--- /dev/null
+++ b/security/tor-browser/files/tor-browser.sh
@@ -0,0 +1,5 @@
+#! /bin/sh
+export FONTCONFIG_PATH="@PREFIX@/lib/tor-browser/browser/fontconfig/"
+export FONTCONFIG_FILE="fonts.conf"
+
+exec @PREFIX@/lib/tor-browser/tor-browser-bin "$@"
diff --git a/security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js b/security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js
index 51f5cc406ed..e19c7c1d8f1 100644
--- a/security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js
+++ b/security/tor-browser/patches/patch-browser_app_profile_000-tor-browser.js
@@ -1,4 +1,6 @@
-$NetBSD: patch-browser_app_profile_000-tor-browser.js,v 1.1 2020/04/28 19:38:49 wiz Exp $
+$NetBSD: patch-browser_app_profile_000-tor-browser.js,v 1.2 2020/05/01 07:01:46 wiz Exp $
+
+First chunk:
 
 Despite the warning at the top of this file, we change the default for the socks
 port in pkgsrc from 9150 to 9050.
@@ -9,6 +11,10 @@ standard port can't be used because another tor may already be running there.
 pkgsrc's tor-browser uses the system-wide installation of tor and thus should use
 its default port to minimize manual setup steps for the end users.
 
+
+Second chunk:
+Hardcode font list on all pkgsrc platforms to make it harder to fingerprint.
+
 --- browser/app/profile/000-tor-browser.js.orig	2020-04-04 03:09:31.000000000 +0000
 +++ browser/app/profile/000-tor-browser.js
 @@ -161,7 +161,7 @@ pref("network.predictor.enabled", false)
@@ -20,3 +26,12 @@ its default port to minimize manual setup steps for the end users.
  pref("network.proxy.socks_remote_dns", true);
  pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local service vulns (#10419)
  pref("network.proxy.allow_hijacking_localhost", true); // Allow proxies for localhost (#31065)
+@@ -370,7 +370,7 @@ pref("font.name.sans-serif.ar", "Arial")
+ pref("font.system.whitelist", "Arial, Batang, 바탕, Cambria Math, Courier New, Euphemia, Gautami, Georgia, Gulim, 굴림, GulimChe, 굴림체, Iskoola Pota, Kalinga, Kartika, Latha, Lucida Console, MS Gothic, ＭＳ ゴシック, MS Mincho, ＭＳ 明朝, MS PGothic, ＭＳ Ｐゴシック, MS PMincho, ＭＳ Ｐ明朝, MV Boli, Malgun Gothic, Mangal, Meiryo, Meiryo UI, Microsoft Himalaya, Microsoft JhengHei, Microsoft JhengHei UI, Microsoft YaHei, 微软雅黑, Microsoft YaHei UI, MingLiU, 細明體, Noto Sans Buginese, Noto Sans Khmer, Noto Sans Lao, Noto Sans Myanmar, Noto Sans Yi, Nyala, PMingLiU, 新細明體, Plantagenet Cherokee, Raavi, Segoe UI, Shruti, SimSun, 宋体, Sylfaen, Tahoma, Times New Roman, Tunga, Verdana, Vrinda, Yu Gothic UI");
+ #endif
+ 
+-#ifdef XP_LINUX
++#if 1
+ pref("font.default.lo", "Noto Sans Lao");
+ pref("font.default.my", "Noto Sans Myanmar");
+ pref("font.default.x-western", "sans-serif");
diff --git a/security/tor-browser/patches/patch-toolkit_moz.configure b/security/tor-browser/patches/patch-toolkit_moz.configure
index 4ae60e6ab1c..a0e905fe0ba 100644
--- a/security/tor-browser/patches/patch-toolkit_moz.configure
+++ b/security/tor-browser/patches/patch-toolkit_moz.configure
@@ -1,10 +1,11 @@
-$NetBSD: patch-toolkit_moz.configure,v 1.2 2020/03/13 17:59:27 wiz Exp $
+$NetBSD: patch-toolkit_moz.configure,v 1.3 2020/05/01 07:01:46 wiz Exp $
 
 * skia part: support bigendian architectures
+* second chunk: use bundled fonts to reduce fingerprinting possibilities
 
---- toolkit/moz.configure.orig	2018-05-03 16:58:41.000000000 +0000
+--- toolkit/moz.configure.orig	2020-04-04 03:09:31.000000000 +0000
 +++ toolkit/moz.configure
-@@ -932,11 +932,11 @@ include('nss.configure')
+@@ -834,11 +834,11 @@ include('nss.configure')
  # ==============================================================
  option('--disable-skia', help='Disable use of Skia')
  
@@ -21,3 +22,12 @@ $NetBSD: patch-toolkit_moz.configure,v 1.2 2020/03/13 17:59:27 wiz Exp $
          return True
  
  set_config('MOZ_ENABLE_SKIA', skia)
+@@ -1318,7 +1318,7 @@ set_config('MOZ_BITS_DOWNLOAD',
+ 
+ @depends(target)
+ def bundled_fonts_default(target):
+-    return target.os == 'WINNT' or target.kernel == 'Linux'
++    return True
+ 
+ @depends(build_project)
+ def allow_bundled_fonts(project):
author	wiz <wiz@pkgsrc.org>	2020-05-01 07:01:46 +0000
committer	wiz <wiz@pkgsrc.org>	2020-05-01 07:01:46 +0000
commit	90987e27f27b1fa4040575dadfd9f18d331b446c (patch)
tree	996f97dc55297043eb6c46fdbc34d660e69427c7 /security
parent	99e11d7c9571c851429983d61c34723718e43a97 (diff)
download	pkgsrc-90987e27f27b1fa4040575dadfd9f18d331b446c.tar.gz