tor-browser-build issueshttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues2023-01-05T14:13:35Zhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/29694Build Go binaries with `-buildmode=pie"?2023-01-05T14:13:35ZGeorg KoppenBuild Go binaries with `-buildmode=pie"?I was looking a bit how the `obfs4proxy` binary gets build for Android today and it turns out that Briar etc. use `-buildmode=pie`. Currently our Linux binaries have no PIE and no RELRO (but Stack Canaries, NX etc. enabled). Trying with ...I was looking a bit how the `obfs4proxy` binary gets build for Android today and it turns out that Briar etc. use `-buildmode=pie`. Currently our Linux binaries have no PIE and no RELRO (but Stack Canaries, NX etc. enabled). Trying with `-buildmode=pie` results in "PIE enabled" but somewhat surprisingly our stack canaries are gone (but we get partial RELRO).
So, generally, should we start using PIE mode (and `-extldflags=-pie` where needed)? Or are we good with what we have?https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/29324Build zlib with mingw-w64/clang2023-01-05T14:13:45ZGeorg KoppenBuild zlib with mingw-w64/clangRight now we build with mingw-w64/gcc but we should switch to mingw-w64/clang as well for zlib.Right now we build with mingw-w64/gcc but we should switch to mingw-w64/clang as well for zlib.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40579Check for `file` command in Tor Browser start script before using it2022-07-13T23:34:14ZGeorg KoppenCheck for `file` command in Tor Browser start script before using itIn `start-tor-browser` we do
```
SYSARCHITECTURE=$(getconf LONG_BIT)
TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
complain "Wrong architecture? 32-...In `start-tor-browser` we do
```
SYSARCHITECTURE=$(getconf LONG_BIT)
TORARCHITECTURE=$(expr "$(file TorBrowser/Tor/tor)" : '.*ELF \([[:digit:]]*\)')
if [ $SYSARCHITECTURE -ne $TORARCHITECTURE ]; then
complain "Wrong architecture? 32-bit vs. 64-bit."
exit 1
fi
```
to bail out early in case users have downloaded a bundle for the wrong architecture. Now, it turns out that there are Linux distros out there (NixOS seems to be one of those) that don't find `file` that way. A fix for that would be to check for the existence of `file` and if we can't find it to note that we assume the user knows what they are doing and proceed anyway.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/28811Enabling Clang's CFG for mingw-clang Windows builds2023-01-05T14:13:04ZTom Rittertom@ritter.vgEnabling Clang's CFG for mingw-clang Windows buildsWhen we're using mingw-clang, we can enable guard:cf pretty easily: https://bugzilla.mozilla.org/show_bug.cgi?id=1485016
This enforce Control Flow checks in system libraries on Windows. It is not as strong as, nor a replacement for, ena...When we're using mingw-clang, we can enable guard:cf pretty easily: https://bugzilla.mozilla.org/show_bug.cgi?id=1485016
This enforce Control Flow checks in system libraries on Windows. It is not as strong as, nor a replacement for, enabling clang's CFI checks.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/28102Make sure we pick the exact same compile environment for Tor Browser builds2023-01-05T13:55:23ZGeorg KoppenMake sure we pick the exact same compile environment for Tor Browser buildsWhen creating a container image at time t and creating a container image at time t1 it is not guaranteed that we include the same compiler versions etc.
This has led to `mar` executables being different, for instance (see: comment:52:ti...When creating a container image at time t and creating a container image at time t1 it is not guaranteed that we include the same compiler versions etc.
This has led to `mar` executables being different, for instance (see: comment:52:ticket:26475): GCC version was in both cases 4.9.2 but in one of them contained an updated resulting in `GCC: (Debian 4.9.2-10+deb8u1) 4.9.2` as a version string instead of `GCC: (Debian 4.9.2-10) 4.9.2`.
We could fix that by making sure we compile our own GCC for this case but there might be other packages lurking with the same trouble potential. We should make sure instead that everyone creating *and* using a container image is getting/having the same available.boklmboklmhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40541`about:buildconfig` is missing configure options2023-01-05T14:22:16ZGeorg Koppen`about:buildconfig` is missing configure optionsFor some reason we are missing some configure options in `about:buildconfig` when building Tor Browser. On Windows e.g. --disable-stylo and --disable-jemalloc. This got reported on the blog (https://blog.torproject.org/comment/276031#com...For some reason we are missing some configure options in `about:buildconfig` when building Tor Browser. On Windows e.g. --disable-stylo and --disable-jemalloc. This got reported on the blog (https://blog.torproject.org/comment/276031#comment-276031)https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/23024Flags to increase hardening on Windows2022-10-06T01:14:43ZArthur EdelsteinFlags to increase hardening on WindowsWe can add `-fstack-protector-all` and `-D_FORTIFY_SOURCE=2` to our Windows build for some extra protection.We can add `-fstack-protector-all` and `-D_FORTIFY_SOURCE=2` to our Windows build for some extra protection.Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/22917Use --disable-auto-import on mingw builds of TBB and tor2022-08-03T13:09:27ZArthur EdelsteinUse --disable-auto-import on mingw builds of TBB and torA cypherpunk [ticket:22563#comment:8 pointed out] that we could possibly use --disable-auto-import on our mingw builds of TBB and tor. This would probably require patching Firefox as well as stack protection in gcc/mingw.A cypherpunk [ticket:22563#comment:8 pointed out] that we could possibly use --disable-auto-import on our mingw builds of TBB and tor. This would probably require patching Firefox as well as stack protection in gcc/mingw.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/22633Running ./start-tor-browser.desktop --detach --log creates two log files2022-08-03T14:52:38ZGeorg KoppenRunning ./start-tor-browser.desktop --detach --log creates two log filesAdding `--detach` explicitely creates two log files one inside the current working directory containing all the logs (which is okay) and an empty one in the parent directory (which is not okay).
This got reported on our blog: https://bl...Adding `--detach` explicitely creates two log files one inside the current working directory containing all the logs (which is okay) and an empty one in the parent directory (which is not okay).
This got reported on our blog: https://blog.torproject.org/comment/269202#comment-269157.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/21939start-tor-browser.desktop hack will soon stop working2024-01-30T09:22:28ZMicah Leestart-tor-browser.desktop hack will soon stop workingThe Linux version of Tor Browser is made more usable by a kind of hacky `start-tor-browser.desktop` file. Users can both execute it in a terminal to launch Tor Browser, and also double-click it from a GUI file manager like nautilus.
How...The Linux version of Tor Browser is made more usable by a kind of hacky `start-tor-browser.desktop` file. Users can both execute it in a terminal to launch Tor Browser, and also double-click it from a GUI file manager like nautilus.
However, `.desktop` files can be used to hide malware. See this upstream nautilus bug [1], which has already been resolved. Also see this blog post [2] for more about how this bug allows attackers to compromise Subgraph OS.
Once this patch makes it to the versions of nautilus that Linux users have installed on their computers, the Tor Browser desktop file will break. Instead of saying "Tor Browser" with the Tor icon, it will say "start-tor-browser.desktop" with a default icon, and when the user tries double-clicking it it will pop up an "Untrusted application launcher" warning that the user has to click through.
One possible solution to this problem is to start distributing Tor Browser as a real Linux package that can be installed system-wide, with a `.desktop` file installed to `/usr/share/applications` like other software. I discussed this idea a bit in this thread [3].
[1] https://bugzilla.gnome.org/show_bug.cgi?id=777991
[2] https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/
[3] https://lists.torproject.org/pipermail/tor-meeting/2017-March/000162.htmlhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40535macOS Sierra Finder complains that 'tor' isn't signed2022-08-02T14:23:46ZteormacOS Sierra Finder complains that 'tor' isn't signedI have a macOS user with permissions set to allow apps downloaded from 'App Store and identified developers'.
This user is also a 'Parental Controls' account, which means each executable is checked separately on open.
When I open Tor B...I have a macOS user with permissions set to allow apps downloaded from 'App Store and identified developers'.
This user is also a 'Parental Controls' account, which means each executable is checked separately on open.
When I open Tor Browser, I get a message saying that tor (which on macOS is a shell script) is not signed. This seems to go away after the app is approved via parental controls.
(There might not be anything we can do to fix this issue.)https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/20322SafeSEH support for mingw-w64 for Tor Browser on Windows2023-01-05T12:46:12ZbugzillaSafeSEH support for mingw-w64 for Tor Browser on WindowsNot only SEH, because of www.fuzzysecurity.com/tutorials/expDev/3.html
Even YASM can do it https://www.tortall.net/projects/yasm/manual/html/objfmt-win32-safeseh.htmlNot only SEH, because of www.fuzzysecurity.com/tutorials/expDev/3.html
Even YASM can do it https://www.tortall.net/projects/yasm/manual/html/objfmt-win32-safeseh.htmlhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40575TBB installer creates a folder with files in %temp% on Windows2023-01-05T12:43:03ZbugzillaTBB installer creates a folder with files in %temp% on WindowsInstaller prefers to unpack its temporary files (e.g. LangDLL.dll) to user's %temp% instead of its folder.Installer prefers to unpack its temporary files (e.g. LangDLL.dll) to user's %temp% instead of its folder.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/18326Creating incremental MAR files should not include Tor Browser version in meta...2023-01-05T13:59:01ZGeorg KoppenCreating incremental MAR files should not include Tor Browser version in meta dataWhile trying to build the incrementals for 5.5.2 on a machine that had older mar-tools I ended up with them not matching incrementals built on other machines. Upon investigation it turned out that the browser versions gets embedded in th...While trying to build the incrementals for 5.5.2 on a machine that had older mar-tools I ended up with them not matching incrementals built on other machines. Upon investigation it turned out that the browser versions gets embedded in the MAR files' metadata. There is no need for doing that actually.https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40571Windows copyright notices should contain Tor Project2023-08-25T23:13:38ZMark SmithWindows copyright notices should contain Tor ProjectWhile working on legacy/trac#16910, Kathy and I noticed that the copyright notices embedded within the browser executables on Windows (firefox.exe, updater.exe) have the same text as in Firefox. For consistency with Mac OS, we should use...While working on legacy/trac#16910, Kathy and I noticed that the copyright notices embedded within the browser executables on Windows (firefox.exe, updater.exe) have the same text as in Firefox. For consistency with Mac OS, we should use text like:
Copyright 2015 The Tor Project
or maybe we should change both platforms to use:
Copyright (c) 2015, The Tor Project, Inc.
For reference, the file Bundle-Data/Docs/Licenses/Tor.txt within our builders/tor-browser-bundle repo. contains the following copyright text:
Copyright (c) 2001-2004, Roger Dingledine
Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson
Copyright (c) 2007-2013, The Tor Project, Inc.
(we we are at it, we should also update the year there).Sponsor 131 - Phase 3 - Major ESR 102 Migrationhttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/13056Some stack canaries are still missing on Tor Browser binaries2023-01-05T13:58:11ZGeorg KoppenSome stack canaries are still missing on Tor Browser binariesIt seems that the following binaries have missing stack canaries:
libmozalloc.so
libnssckbi.so
libplc4.so
libplds4.so
TorBrowser/Tor/libgmpxx.so
TorBrowser/Tor/libgmpxx.so.4
TorBrowser/Tor/libgmpxx.so.4.3.3
TorBrowser/Tor/PluggableTrans...It seems that the following binaries have missing stack canaries:
libmozalloc.so
libnssckbi.so
libplc4.so
libplds4.so
TorBrowser/Tor/libgmpxx.so
TorBrowser/Tor/libgmpxx.so.4
TorBrowser/Tor/libgmpxx.so.4.3.3
TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_ARC4.so
TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_XOR.so
TorBrowser/Tor/PluggableTransports/Crypto/Util/_counter.so
TorBrowser/Tor/PluggableTransports/meek-client-torbrowser
TorBrowser/Tor/PluggableTransports/twisted/python/_initgroups.so
TorBrowser/Tor/PluggableTransports/twisted/runner/portmap.so
TorBrowser/Tor/PluggableTransports/twisted/test/raiser.so
TorBrowser/Tor/PluggableTransports/zope/interface/_zope_interface_coptimizations.sohttps://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/12113Building libevent/openssl on Windows without exception handling would reduce ...2023-01-05T13:54:17ZTom Rittertom@ritter.vgBuilding libevent/openssl on Windows without exception handling would reduce dependenciesI believe that in the Tor Browser Bundle on Windows, for the tor.exe component, libgmpxx-4.dll is built using MinGW with exception handling enabled. (Omits -fno-exceptions). MinGW has an archaic exception handling mechanism on Windows, ...I believe that in the Tor Browser Bundle on Windows, for the tor.exe component, libgmpxx-4.dll is built using MinGW with exception handling enabled. (Omits -fno-exceptions). MinGW has an archaic exception handling mechanism on Windows, using setjmp/longjmp based exceptions and necessitates the extra dll libgcc_s_sjlj-1.dll.
If libgmp was build without exception handling (it appears to only use it 3 or 4 places in the dll), it'd be possible to eliminate libgcc_s_sjlj-1.dll entirely.
EDIT: This is not about libgmp anymore as we don't ship the libgmpxx any longer. Rather, libevent/openssl are affected by that problem, too.