On Fri, Apr 10, 2020 at 09:24:31PM +0200, Caspar Schutijser wrote:
> Below is a WIP diff that makes font fingerprinting defense work in
> our port of Tor Browser.
Thanks for your feedback from both of you. I incorporated sthen@'s
feedback in the diff below (and besides that there's some fixes and
cleanup compared to the previous diff).
I haven't received any test reports yet but as far as I can see, this
diff works as advertised. Further feedback is welcome, of course.
Thanks,
Caspar Schutijser
Index: browser/Makefile
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/Makefile,v
retrieving revision 1.43
diff -u -p -r1.43 Makefile
--- browser/Makefile 9 Apr 2020 21:15:29 -0000 1.43
+++ browser/Makefile 12 Apr 2020 18:35:53 -0000
@@ -16,9 +16,12 @@ PATCHORIG = .pat.orig
PKGNAME = ${TB_PREFIX}-browser-${TB_VERSION}
DISTNAME = src-firefox-tor-browser-68.7.0esr-9.0-2-build1
+REVISION = 0
+FIX_EXTRACT_PERMISSIONS = Yes
DISTFILES += ${DISTNAME}.tar.xz \
- src-tor-launcher-${TL_VERSION}.tar.xz
+ src-tor-launcher-${TL_VERSION}.tar.xz \
+ tor-browser-linux64-${TB_VERSION}_en-US.tar.xz
SO_VERSION = 5.0
MOZILLA_LIBS = xul clearkey lgpllibs mozavcodec mozavutil mozgtk
@@ -99,6 +102,7 @@ CONFIGURE_ARGS += --with-libclang-path=$
CONFIGURE_ARGS += --with-clang-path=${LOCALBASE}/bin/clang
post-extract:
+ mv ${WRKDIR}/tor-browser_en-US ${WRKSRC}
mv ${WRKDIR}/tor-launcher-${TL_VERSION}/ \
${WRKSRC}/browser/extensions/tor-launcher
@@ -114,9 +118,12 @@ post-patch:
${WRKSRC}/third_party/rust/bindgen/.cargo-checksum.json
BROWSER_DIR = ${PREFIX}/lib/${BROWSER_NAME}
+TRUEBROWSER_DIR = ${TRUEPREFIX}/lib/${BROWSER_NAME}
BROWSER_CFG = ${BROWSER_DIR}/${BROWSER_NAME}.cfg
BROWSER_INI = ${BROWSER_DIR}/distribution/distribution.ini
+SUBST_VARS += TRUEBROWSER_DIR
+
post-install:
# install prefs, bookmarks, app config file for Tor browser
${INSTALL_DATA_DIR} ${BROWSER_DIR}/browser/defaults/preferences
@@ -150,5 +157,19 @@ post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/${BROWSER_NAME}
${SUBST_DATA} ${FILESDIR}/torrc-defaults \
${PREFIX}/share/${BROWSER_NAME}/torrc-defaults
+
+ # install fonts.conf and fonts
+ ${INSTALL_DATA_DIR} ${BROWSER_DIR}/browser/fontconfig
+ ${SUBST_DATA} \
+
${WRKSRC}/tor-browser_en-US/Browser/TorBrowser/Data/fontconfig/fonts.conf \
+ ${BROWSER_DIR}/browser/fontconfig/fonts.conf
+ ${INSTALL_DATA_DIR} ${BROWSER_DIR}/browser/fonts
+ cp ${WRKSRC}/tor-browser_en-US/Browser/fonts/* \
+ ${BROWSER_DIR}/browser/fonts
+
+ # install wrapper script (remove symlink first)
+ rm ${PREFIX}/bin/${BROWSER_NAME}
+ ${SUBST_PROGRAM} ${FILESDIR}/${BROWSER_NAME} \
+ ${PREFIX}/bin/${BROWSER_NAME}
.include <bsd.port.mk>
Index: browser/distinfo
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/distinfo,v
retrieving revision 1.22
diff -u -p -r1.22 distinfo
--- browser/distinfo 9 Apr 2020 21:15:29 -0000 1.22
+++ browser/distinfo 12 Apr 2020 18:35:53 -0000
@@ -1,4 +1,6 @@
SHA256 (mozilla/src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) =
3paD2CYF+AUbO1xO0rAIHXSFqSGQeJmpJzg6F3/I+vg=
SHA256 (mozilla/src-tor-launcher-0.2.20.5.tar.xz) =
LVEbHAxcGf49cC8NF4bVYfFD7k2GA8SX+f+VA5p7L4U=
+SHA256 (mozilla/tor-browser-linux64-9.0.9_en-US.tar.xz) =
z5ELlXfclLz+72D+mQTn+PKSd78ac2BgDDKVYiXQRHM=
SIZE (mozilla/src-firefox-tor-browser-68.7.0esr-9.0-2-build1.tar.xz) =
348594032
SIZE (mozilla/src-tor-launcher-0.2.20.5.tar.xz) = 210916
+SIZE (mozilla/tor-browser-linux64-9.0.9_en-US.tar.xz) = 80156396
Index: browser/files/tor-browser
===================================================================
RCS file: browser/files/tor-browser
diff -N browser/files/tor-browser
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ browser/files/tor-browser 12 Apr 2020 18:35:53 -0000
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+export FONTCONFIG_PATH="${TRUEBROWSER_DIR}/browser/fontconfig/"
+export FONTCONFIG_FILE="fonts.conf"
+
+exec ${TRUEBROWSER_DIR}/${BROWSER_NAME} ${@}
Index: browser/patches/patch-browser_app_profile_000-tor-browser_js
===================================================================
RCS file: browser/patches/patch-browser_app_profile_000-tor-browser_js
diff -N browser/patches/patch-browser_app_profile_000-tor-browser_js
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ browser/patches/patch-browser_app_profile_000-tor-browser_js 12 Apr
2020 18:35:53 -0000
@@ -0,0 +1,16 @@
+$OpenBSD$
+
+Required to make font fingerprinting defenses work.
+
+Index: browser/app/profile/000-tor-browser.js
+--- browser/app/profile/000-tor-browser.js.orig
++++ browser/app/profile/000-tor-browser.js
+@@ -370,7 +370,7 @@ pref("font.name.sans-serif.ar", "Arial");
+ pref("font.system.whitelist", "Arial, Batang, 바탕, Cambria Math, Courier New,
Euphemia, Gautami, Georgia, Gulim, 굴림, GulimChe, 굴림체, Iskoola Pota, Kalinga,
Kartika, Latha, Lucida Console, MS Gothic, MS ゴシック, MS Mincho, MS 明朝, MS
PGothic, MS Pゴシック, MS PMincho, MS P明朝, MV Boli, Malgun Gothic, Mangal, Meiryo,
Meiryo UI, Microsoft Himalaya, Microsoft JhengHei, Microsoft JhengHei UI,
Microsoft YaHei, 微软雅黑, Microsoft YaHei UI, MingLiU, 細明體, Noto Sans Buginese,
Noto Sans Khmer, Noto Sans Lao, Noto Sans Myanmar, Noto Sans Yi, Nyala,
PMingLiU, 新細明體, Plantagenet Cherokee, Raavi, Segoe UI, Shruti, SimSun, 宋体,
Sylfaen, Tahoma, Times New Roman, Tunga, Verdana, Vrinda, Yu Gothic UI");
+ #endif
+
+-#ifdef XP_LINUX
++#if defined(XP_LINUX) || defined (XP_OPENBSD)
+ pref("font.default.lo", "Noto Sans Lao");
+ pref("font.default.my", "Noto Sans Myanmar");
+ pref("font.default.x-western", "sans-serif");
Index: browser/patches/patch-toolkit_moz_configure
===================================================================
RCS file: browser/patches/patch-toolkit_moz_configure
diff -N browser/patches/patch-toolkit_moz_configure
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ browser/patches/patch-toolkit_moz_configure 12 Apr 2020 18:35:53 -0000
@@ -0,0 +1,16 @@
+$OpenBSD$
+
+Required to make font fingerprinting defenses work.
+
+Index: toolkit/moz.configure
+--- toolkit/moz.configure.orig
++++ toolkit/moz.configure
+@@ -1318,7 +1318,7 @@ set_config('MOZ_BITS_DOWNLOAD',
+
+ @depends(target)
+ def bundled_fonts_default(target):
+- return target.os == 'WINNT' or target.kernel == 'Linux'
++ return target.os == 'WINNT' or target.kernel == 'Linux' or target.os ==
'OpenBSD'
+
+ @depends(build_project)
+ def allow_bundled_fonts(project):
Index:
browser/patches/patch-tor-browser_en-US_Browser_TorBrowser_Data_fontconfig_fonts_conf
===================================================================
RCS file:
browser/patches/patch-tor-browser_en-US_Browser_TorBrowser_Data_fontconfig_fonts_conf
diff -N
browser/patches/patch-tor-browser_en-US_Browser_TorBrowser_Data_fontconfig_fonts_conf
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++
browser/patches/patch-tor-browser_en-US_Browser_TorBrowser_Data_fontconfig_fonts_conf
12 Apr 2020 18:35:53 -0000
@@ -0,0 +1,16 @@
+$OpenBSD$
+
+Set path to bundled fonts.
+
+Index: tor-browser_en-US/Browser/TorBrowser/Data/fontconfig/fonts.conf
+--- tor-browser_en-US/Browser/TorBrowser/Data/fontconfig/fonts.conf.orig
++++ tor-browser_en-US/Browser/TorBrowser/Data/fontconfig/fonts.conf
+@@ -34,7 +34,7 @@ PERFORMANCE OF THIS SOFTWARE.
+
+ <!-- Font directory list -->
+
+- <dir>fonts</dir>
++ <dir>${TRUEBROWSER_DIR}/browser/fonts</dir>
+
+ <!--
+ Accept deprecated 'mono' alias, replacing it with 'monospace'
Index: browser/pkg/PLIST
===================================================================
RCS file: /cvs/ports/www/tor-browser/browser/pkg/PLIST,v
retrieving revision 1.7
diff -u -p -r1.7 PLIST
--- browser/pkg/PLIST 13 Feb 2020 07:41:54 -0000 1.7
+++ browser/pkg/PLIST 12 Apr 2020 18:35:53 -0000
@@ -25,6 +25,55 @@ lib/${BROWSER_NAME}/browser/defaults/pro
lib/${BROWSER_NAME}/browser/defaults/profile/bookmarks.html
lib/${BROWSER_NAME}/browser/features/
lib/${BROWSER_NAME}/browser/features/onboard...@mozilla.org.xpi
+lib/${BROWSER_NAME}/browser/fontconfig/
+lib/${BROWSER_NAME}/browser/fontconfig/fonts.conf
+lib/${BROWSER_NAME}/browser/fonts/
+lib/${BROWSER_NAME}/browser/fonts/Arimo-Bold.ttf
+lib/${BROWSER_NAME}/browser/fonts/Arimo-BoldItalic.ttf
+lib/${BROWSER_NAME}/browser/fonts/Arimo-Italic.ttf
+lib/${BROWSER_NAME}/browser/fonts/Arimo-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/Cousine-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoEmoji-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoNaskhArabic-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansArmenian-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansBengali-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansBuginese-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansCanadianAboriginal-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansCherokee-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansDevanagari-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansEthiopic-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansGeorgian-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansGujarati-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansGurmukhi-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansHebrew-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansJP-Regular.otf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansKR-Regular.otf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansKannada-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansKhmer-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansLao-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansMalayalam-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansMongolian-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansMyanmar-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansOriya-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansSC-Regular.otf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansSinhala-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansTC-Regular.otf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansTamil-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansTelugu-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansThaana-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansThai-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansTibetan-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSansYi-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSerifArmenian-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSerifKhmer-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSerifLao-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/NotoSerifThai-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/STIXMath-Regular.otf
+lib/${BROWSER_NAME}/browser/fonts/Tinos-Bold.ttf
+lib/${BROWSER_NAME}/browser/fonts/Tinos-BoldItalic.ttf
+lib/${BROWSER_NAME}/browser/fonts/Tinos-Italic.ttf
+lib/${BROWSER_NAME}/browser/fonts/Tinos-Regular.ttf
+lib/${BROWSER_NAME}/browser/fonts/TwemojiMozilla.ttf
lib/${BROWSER_NAME}/browser/omni.ja
lib/${BROWSER_NAME}/chrome.manifest
lib/${BROWSER_NAME}/defaults/
