| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I had to apply two tricks to get a reproducible snowflake-client.
The first is to use faketime to eliminate some timestamps. There were 11
variable timestamps in the file. Through experimentation, I found that
10 of them were dependent on the Go runtime (recompiling Go caused them
to change) and 1 was dependent on snowflake-client itself (recompiling
snowflake-client with the same runtime changed only that 1 timestamp).
The underlying issue has to do with clang 3.8.0 on Darwin embedding
timestamps, unsolved in the Go issue tracker as of 13 days ago.
https://github.com/golang/go/issues/9206#issuecomment-310476743
The second is a sed command to clobber embedded paths of the form
/tmp/go-buildXXXXXXXXX and /tmp/go-link-XXXXXXXXX. Their presence is
caused by some combination of Clang and Darwin, and there is as yet no
known workaround upstream.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Object files from elsewhere under out/ should never have been included,
because they are not part of webrtc itself, but rather side-effect build
artifacts like gn. Including those extraneous .o files was mostly
harmless (except for library size), because on linux they happened to be
the same architecture as the webrtc.o files. However it won't work for
the mac build (because libwebrtc-magic.a would include a mix of linux
ELF and mac Mach-O objects). Additionally, build_time.o, part of the gn
build, embeds a timestamp with month resolution, causing a failure of
reproducibility, as found at https://bugs.torproject.org/22832.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
"10.9" was the wrong `minSupportedOSVersion` for preventing OS X 10.7.x
and 10.8.x users from getting updated to Tor Browser 7. That it worked
for OS X 10.6.x was only by chance according to the release history table
(https://en.wikipedia.org/wiki/Darwin_(operating_system)#Release_history).
We fix that by choosing "13.0.0" (for OS X 10.9 as minimum).
|
| | |
|
| |
|
|
| |
Changelog update, version bumps, and config.yml update
|
| |
|
|
|
| |
Due to a bug in NoScript's XSS filter Tor Browser freezes on some websites.
We disable that filter for now while waiting on a NoScript update.
|
| |
|
|
| |
Those wrappers are no longer necessary to produce PIE binaries.
|
| | |
|
| | |
|
| |
|
|
|
| |
We need to allow JavaScript on `about:cache` explicitly. Otherwise it is
broken on higher security levels.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
With the changes to integrate Selfrando (#20683), we are using our build
of gcc and binutils to build other libraries in the linux/gitian-utils.yml
descriptor, which removed the use of the hardening wrappers. We fix that
by adding the hardening wrappers to our builds of gcc and binutils.
Because we add the wrappers to gcc and binutils zip files, we don't need
to add them anymore in the other descriptors where they are used.
|
| |
|
|
|
|
|
|
| |
This reverts commit f27d2cab4ed80a4c7b4f594b593b6b90f6148a82.
The problem was the script for recreating the .dmg files after the
code-signing set the permissions wrong. No need to fix anything in the
bundle descriptor.
|
| | |
|
| |
|
|
|
| |
We don't ship the clearkey DRM system yet, thus we don't need to strip
the respective binaries.
|
| |
|
|
|
| |
We need to allow JavaScript on `about:tabcrashed` pages explicitly.
Otherwise are those pages broken on higher security levels.
|
| |
|
|
|
|
| |
Add the hardened wrappers to the PATH before running the firefox
configure script. It seems that the wrappers are not used in the build
if they were not in the PATH during the configure step.
|
| | |
|
| |
|
|
| |
This makes it easier to track build times.
|
| | |
|
| |
|
|
| |
Version bumps, Changelog update, and update of config.yml
|
| |
|
|
|
| |
We actually released sandboxed-tor-browser 0.0.6 with 7.0a3 due to a
last minute fix.
|
| |
|
|
|
|
| |
ESR52 includes this commit:
https://hg.mozilla.org/mozilla-central/rev/f8cf0fe7c810
which changes the compiler used from 'c++' to 'g++'.
|
| |
|
|
|
| |
We need to allow JavaScript on feed pages explicitly. Otherwise are
those pages broken on higher security levels.
|
| |
|
|
|
|
|
|
|
| |
Remove the SocksPort and ControlPort configuration from
torrc-defaults. Tor Launcher configures the ports via args
when starting tor, and we must avoid conflicts.
Also, strengthen the warning to users about not editing
torrc-defaults.
|
| |
|
|
|
| |
Use chmod to grant permission for "other" to access files within
TorBrowser.app.
|
| |
|
|
|
|
| |
Account for the changes Mozilla to support localized default bookmarks
(see: https://bugzilla.mozilla.org/show_bug.cgi?id=1235107).
Currently, Tor Browser uses the same bookmarks for all locales.
|
| |
|
|
|
|
|
| |
We are not showing the language prompt on first start anymore. Thus, the
multi lingual setup has stopped working for nightlies. We remove that
experiment until we solve #17400 properly or have a new prototype to
try.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Selfrando is a new defense against code reuse attacks developed by the
Redactor and Readactor++ people. We should give it a wider testing
audience by including it in the alpha series.
This is currently only available for 64bit Linux builds, though.
Supporting other platforms and architectures is work in progress.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Remove workaround for fixed upstream bug, GitHub #17732
(__MAC_OS_X_VERSION_MAX_ALLOWED).
I wasn't able to remove the cc-for-target workaround for GitHub #15457
(CC_FOR_TARGET). Even though according to
https://github.com/golang/go/issues/15457 it has been
been fixed, make.bash still seems to lose all but the first argument of
CC_FOR_TARGET somewhere.
|
| |
|
|
|
| |
We need to allow JavaScript on `about:certerror` pages explicitly.
Otherwise are those pages broken on higher security levels.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Thanks arma.
|
