Hi,
On Sat, Mar 14, 2020 at 11:45:13AM -0000, Bronze Alibi wrote:
> (tested on current with the provided package and nothing else installed)
>
> It looks like the <https://trac.torproject.org/projects/tor/ticket/18097> Font
> fingerprinting defenses from upstream don't work in the OpenBSD port.
>
> When checking for the fingerprint on one of the websites that do such a thing,
> it seems like the installed fonts property is not uniform with tor browser on
> other platforms, but instead unique to OpenBSD and this port. It lists some
> specific proprietary font names (including Helvetica, which I would assume we
> don't ship in base, but some free replacement) and therefore makes users of
> the OpenBSD tor browser distinct from every other tor browser user.
>
> This is a bug.
Below is a WIP diff that makes font fingerprinting defense work in
our port of Tor Browser.
Bronze Alibi, can you test this to see if it does what you expect?
Tor Browser achieves fingerprinting prevention by shipping its own set
of fonts and then configuring fontconfig to use only those fonts. The
selection of fonts is not shipped in some "normal" distfile, however.
One way to stay in sync anyway is to take the packaged Linux version
of Tor Browser and use the fonts and fonts.conf that are shipped there.
That's what I did with this diff.
Ports-wise, it looks a bit silly. And also, since this extra distfile
does not end up in WRKSRC, it is not straightforward to patch
fonts.conf, which we need to do (for now I use sed -i in the
post-install target).
ports@, do you have any suggestions on how to improve this? One
solution I could think of is to make a separate port, for example
www/tor-browser/fonts, which takes care of shipping the fonts and
fonts.conf. But not sure whether that's the best way to go.
Thanks,
Caspar Schutijser
p.s. This makes me wonder whether there are other features that don't
work on OpenBSD.. I'm planning to look into that at some point. In the
meantime, should we warn users about this?
Index: browser/Makefile
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/Makefile,v
retrieving revision 1.43
diff -u -p -r1.43 Makefile
--- browser/Makefile 9 Apr 2020 21:15:29 -0000 1.43
+++ browser/Makefile 10 Apr 2020 19:23:00 -0000
@@ -16,9 +16,12 @@ PATCHORIG = .pat.orig
PKGNAME = ${TB_PREFIX}-browser-${TB_VERSION}
DISTNAME = src-firefox-tor-browser-68.7.0esr-9.0-2-build1
+REVISION = 0
+FIX_EXTRACT_PERMISSIONS = Yes
DISTFILES += ${DISTNAME}.tar.xz \
- src-tor-launcher-${TL_VERSION}.tar.xz
+ src-tor-launcher-${TL_VERSION}.tar.xz \
+ tor-browser-linux64-${TB_VERSION}_en-US.tar.xz
SO_VERSION = 5.0
MOZILLA_LIBS = xul clearkey lgpllibs mozavcodec mozavutil mozgtk
@@ -114,9 +117,12 @@ post-patch:
${WRKSRC}/third_party/rust/bindgen/.cargo-checksum.json
BROWSER_DIR = ${PREFIX}/lib/${BROWSER_NAME}
+TRUEBROWSER_DIR = ${TRUEPREFIX}/lib/${BROWSER_NAME}
BROWSER_CFG = ${BROWSER_DIR}/${BROWSER_NAME}.cfg
BROWSER_INI = ${BROWSER_DIR}/distribution/distribution.ini
+SUBST_VARS += TRUEBROWSER_DIR
+
post-install:
# install prefs, bookmarks, app config file for Tor browser
${INSTALL_DATA_DIR} ${BROWSER_DIR}/browser/defaults/preferences
@@ -150,5 +156,23 @@ post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/${BROWSER_NAME}
${SUBST_DATA} ${FILESDIR}/torrc-defaults \
${PREFIX}/share/${BROWSER_NAME}/torrc-defaults
+
+ # install fonts and fonts.conf
+ ${INSTALL_DATA_DIR} ${BROWSER_DIR}/browser/fontconfig
+ ${INSTALL_DATA} \
+
${WRKDIR}/tor-browser_en-US/Browser/TorBrowser/Data/fontconfig/fonts.conf \
+ ${BROWSER_DIR}/browser/fontconfig/fonts.conf
+ # XXX We should patch the path to the fonts directory instead of
+ # substituting it like this. But the file is not in WRKSRC so
+ # make update-patches does not pick up any patches there. What to do?
+ sed -i "s,<dir>fonts,<dir>${BROWSER_DIR}/browser/fonts," \
+ ${BROWSER_DIR}/browser/fontconfig/fonts.conf
+ ${INSTALL_DATA_DIR} ${BROWSER_DIR}/browser/fonts
+ cp ${WRKDIR}/tor-browser_en-US/Browser/fonts/*
${BROWSER_DIR}/browser/fonts
+
+ # install wrapper script (remove symlink first)
+ rm ${PREFIX}/bin/${BROWSER_NAME}
+ ${SUBST_PROGRAM} ${FILESDIR}/${BROWSER_NAME} \
+ ${PREFIX}/bin/${BROWSER_NAME}
.include <bsd.port.mk>
Index: browser/distinfo
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/distinfo,v
retrieving revision 1.22
diff -u -p -r1.22 distinfo
--- browser/distinfo 9 Apr 2020 21:15:29 -0000 1.22
+++ browser/distinfo 10 Apr 2020 19:23:00 -0000
@@ -1,4 +1,6 @@
SHA256 (mozilla/src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) =
3paD2CYF+AUbO1xO0rAIHXSFqSGQeJmpJzg6F3/I+vg=
SHA256 (mozilla/src-tor-launcher-0.2.20.5.tar.xz) =
LVEbHAxcGf49cC8NF4bVYfFD7k2GA8SX+f+VA5p7L4U=
+SHA256 (mozilla/tor-browser-linux64-9.0.9_en-US.tar.xz) =
z5ELlXfclLz+72D+mQTn+PKSd78ac2BgDDKVYiXQRHM=
SIZE (mozilla/src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) =
348594032
SIZE (mozilla/src-tor-launcher-0.2.20.5.tar.xz) = 210916
+SIZE (mozilla/tor-browser-linux64-9.0.9_en-US.tar.xz) = 80156396
Index: browser/files/tor-browser
===================================================================
RCS file: browser/files/tor-browser
diff -N browser/files/tor-browser
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ browser/files/tor-browser 10 Apr 2020 19:23:00 -0000
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+export FONTCONFIG_PATH="${TRUEBROWSER_DIR}/browser/fontconfig/"
+export FONTCONFIG_FILE="fonts.conf"
+
+exec ${TRUEBROWSER_DIR}/${BROWSER_NAME} ${@}
Index: browser/patches/patch-browser_app_profile_000-tor-browser_js
===================================================================
RCS file: browser/patches/patch-browser_app_profile_000-tor-browser_js
diff -N browser/patches/patch-browser_app_profile_000-tor-browser_js
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ browser/patches/patch-browser_app_profile_000-tor-browser_js 10 Apr
2020 19:23:00 -0000
@@ -0,0 +1,16 @@
+$OpenBSD$
+
+Required to make font fingerprinting defenses work.
+
+Index: browser/app/profile/000-tor-browser.js
+--- browser/app/profile/000-tor-browser.js.orig
++++ browser/app/profile/000-tor-browser.js
+@@ -370,7 +370,7 @@ pref("font.name.sans-serif.ar", "Arial");
+ pref("font.system.whitelist", "Arial, Batang, 바탕, Cambria Math, Courier New,
Euphemia, Gautami, Georgia, Gulim, 굴림, GulimChe, 굴림체, Iskoola Pota, Kalinga,
Kartika, Latha, Lucida Console, MS Gothic, MS ゴシック, MS Mincho, MS 明朝, MS
PGothic, MS Pゴシック, MS PMincho, MS P明朝, MV Boli, Malgun Gothic, Mangal, Meiryo,
Meiryo UI, Microsoft Himalaya, Microsoft JhengHei, Microsoft JhengHei UI,
Microsoft YaHei, 微软雅黑, Microsoft YaHei UI, MingLiU, 細明體, Noto Sans Buginese,
Noto Sans Khmer, Noto Sans Lao, Noto Sans Myanmar, Noto Sans Yi, Nyala,
PMingLiU, 新細明體, Plantagenet Cherokee, Raavi, Segoe UI, Shruti, SimSun, 宋体,
Sylfaen, Tahoma, Times New Roman, Tunga, Verdana, Vrinda, Yu Gothic UI");
+ #endif
+
+-#ifdef XP_LINUX
++#if defined(XP_LINUX) || defined (XP_OPENBSD)
+ pref("font.default.lo", "Noto Sans Lao");
+ pref("font.default.my", "Noto Sans Myanmar");
+ pref("font.default.x-western", "sans-serif");
Index: browser/patches/patch-toolkit_moz_configure
===================================================================
RCS file: browser/patches/patch-toolkit_moz_configure
diff -N browser/patches/patch-toolkit_moz_configure
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ browser/patches/patch-toolkit_moz_configure 10 Apr 2020 19:23:00 -0000
@@ -0,0 +1,16 @@
+$OpenBSD$
+
+Required to make font fingerprinting defenses work.
+
+Index: toolkit/moz.configure
+--- toolkit/moz.configure.orig
++++ toolkit/moz.configure
+@@ -1318,7 +1318,7 @@ set_config('MOZ_BITS_DOWNLOAD',
+
+ @depends(target)
+ def bundled_fonts_default(target):
+- return target.os == 'WINNT' or target.kernel == 'Linux'
++ return target.os == 'WINNT' or target.kernel == 'Linux' or target.os ==
'OpenBSD'
+
+ @depends(build_project)
+ def allow_bundled_fonts(project):
Index: browser/pkg/PLIST
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/pkg/PLIST,v
retrieving revision 1.7
diff -u -p -r1.7 PLIST
--- browser/pkg/PLIST 13 Feb 2020 07:41:54 -0000 1.7
+++ browser/pkg/PLIST 10 Apr 2020 19:23:00 -0000
@@ -25,6 +25,55 @@ lib/${BROWSER_NAME}/browser/defaults/pro
lib/${BROWSER_NAME}/browser/defaults/profile/bookmarks.html
lib/${BROWSER_NAME}/browser/features/
lib/${BROWSER_NAME}/browser/features/onboard...@mozilla.org.xpi
+lib/${BROWSER_NAME}/browser/fontconfig/
+lib/${BROWSER_NAME}/browser/fontconfig/fonts.conf
+lib/${BROWSER_NAME}/browser/fonts/
+lib/${BROWSER_NAME}/browser/fonts/Arimo-Bold.ttf
+lib/${BROWSER_NAME}/browser/fonts/Arimo-BoldItalic.ttf
+lib/${BROWSER_NAME}/browser/fonts/Arimo-Italic.ttf
+lib/${BROWSER_NAME}/browser/fonts/Arimo-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/Cousine-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoEmoji-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoNaskhArabic-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansArmenian-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansBengali-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansBuginese-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansCanadianAboriginal-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansCherokee-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansDevanagari-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansEthiopic-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansGeorgian-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansGujarati-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansGurmukhi-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansHebrew-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansJP-Regular.otf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansKR-Regular.otf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansKannada-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansKhmer-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansLao-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansMalayalam-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansMongolian-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansMyanmar-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansOriya-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansSC-Regular.otf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansSinhala-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansTC-Regular.otf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansTamil-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansTelugu-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansThaana-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansThai-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansTibetan-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansYi-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSerifArmenian-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSerifKhmer-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSerifLao-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSerifThai-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/STIXMath-Regular.otf
+lib/${BROWSER_NAME}/browser/fonts/Tinos-Bold.ttf
+lib/${BROWSER_NAME}/browser/fonts/Tinos-BoldItalic.ttf
+lib/${BROWSER_NAME}/browser/fonts/Tinos-Italic.ttf
+lib/${BROWSER_NAME}/browser/fonts/Tinos-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/TwemojiMozilla.ttf
lib/${BROWSER_NAME}/browser/omni.ja
lib/${BROWSER_NAME}/chrome.manifest
lib/${BROWSER_NAME}/defaults/
