uumaro / tor-browser-build Public

Header files aren't in a subdirectory anymore, so "find talk/ webrtc/"
becomes just "find .".
https://webrtc.googlesource.com/src/+/bb547203bfebcc478b263c4e9ca173c6fd5a0c5d

We set use_custom_libcxx=false and use_custom_libcxx_for_host=false.
This version of WebRTC seems to prefer to link with a bundled copy of
libc++ (libcxx) by default. This library has an ABI incompatible with
the libstdc++ that we use when linking with go-webrtc. You will get
undefined references because of different std::string types.

We set use_lld=false for mac. The default use_lld=true causes the use of
an option -fuse-ld=lld, which is not supported by our version of Clang:
clang-3.8: error: invalid linker name in argument '-fuse-ld=lld'

We define WEBRTC_LINUX/WEBRTC_MAC as appropriate. For mac, WEBRTC_MAC is
needed in include/rtc_base/byteorder.h; without it, the build fails with
a failure to open <endian.h> (taking the WEBRTC_POSIX case).
WEBRTC_LINUX doesn't seem to be required (I got a successful build
without it), but define it for symmetry. Cf.
keroserene/go-webrtc@3427a39
keroserene/go-webrtc@e45d138

webrtc-linux.patch and webrtc-mac.patch needed rebasing. mac also needed
two new patches: one to remove another no-cross-compiling assumption,
and one to remove an option that our older LLVM doesn't support.

linux's former gtk2 dependency is now gtk3.

I had to manually delete "gmock" and "gtest" directories:
	Error: Command 'git checkout --quiet 60c665fffe7dc505fdd5d30f9dbcbc50dde1e017' returned non-zero exit status 1 in tor-browser-build/gclient/webrtc/src/testing
	error: The following untracked working tree files would be overwritten by checkout:
		gmock/include/gmock/gmock-actions.h
		gmock/include/gmock/gmock-generated-function-mockers.h
		gmock/include/gmock/gmock-matchers.h
		gmock/include/gmock/gmock.h
		gtest/include/gtest/gtest-death-test.h
		gtest/include/gtest/gtest-message.h
		gtest/include/gtest/gtest-param-test.h
		gtest/include/gtest/gtest-spi.h
		gtest/include/gtest/gtest.h
		gtest/include/gtest/gtest_prod.h
	Please move or remove them before you switch branches.

This is the error I got while trying to check out version
branch-heads/64 of webrtc:

src (ERROR)
----------------------------------------
[0:00:00] Started.
[0:00:17] Up-to-date; skipping checkout.
_____ src at 88f5d9180eae78a6162cccd78850ff416eb82483
----------------------------------------
Error: 1> dependency url must be either a string, None, File() or From() instead of dict

This makes it consistent with the setup of gcc and macosx-toolchain.

This reverts commit b8bae58, reversing
changes made to 42720c5.

It turns out this binutils update is causing non-reproducible outomces.
We need to investigate those further in #16472.

Commit 42720c5 fixed a memory/file
descriptor leak in snowflake-client. Further work on ticket #21312
uncovered crashes in the snowflake WebRTC server and proxy (comments 29
and following). While we didn't observe the same kind of crashes in
snowflake-client, this revision applies the same synchronization around
WebRTC channel destruction as in the server and proxy.

Firefox version bump to pick up Pwn2Own fix

Changelog update and versions bump

Remove support for precise and utopic.

This new https-everywhere version requires python 3.6, so we are now
building it in a buster container instead of wheezy.

0.0.7 has long been out and OnionShare needs its meek_lite feature
for macOS. Let's update to this latest stable obfs4 version then.

Thanks to arma for catching this.

Thanks to arma for catching this.

Changelog update and versions bump

…omain

After much debugging and investigation, it seems that the required
information needed to drive the first-party domain cannot be accessed in
the XmlHttpRequest creation path.  The JS context the part of pdf.js making
the range requests runs with does not have a reference to parent window and
associated LoadInfo information (which includes the requesting first-party
domain).

To fix the issue, we can easily disable support for range-based requests
via the pdfjs.disableRange property.  However, the side-effect here is
that pages can not be read as they load; the entire pdf must be
downloaded before it can be read and interacted with.

This patch updates each platforms extension-overrides.js to change this
pref.

We need to whitelist `[System+Principal]` for functioning settings
frames of WebExtensions on the about:addons page. On higher security
slider levels this is broken otherwise.

To quote Giorgio Maone (see: #25000 comment:14):

"The Tor Browser enforces permissions cascading, and in the Add-ons
Options window the top frame is about:addons, whose principal's origin
is [System+Principal]. Since this origin is omitted from Tor Browser's
version of NoScript mandatory whitelist, the top site by default is
considered forbidden, cascading down script blocking to the
WebExtension's subframe."