Pier Angelo Vendrame pushed to branch base-browser-102.7.0esr-12.5-1 at The Tor Project / Applications / Tor Browser
Commits: 5ad37bff by Pier Angelo Vendrame at 2023-01-20T16:41:46+01:00 squash! Base Browser's .mozconfigs.
Bug 17858: Cannot create incremental MARs for hardened builds. Define HOST_CFLAGS, etc. to avoid compiling programs such as mbsdiff (which is part of mar-tools and is not distributed to end-users) with ASan.
Bug 21849: Don't allow SSL key logging.
Bug 25741 - TBA: Disable features at compile-time
Define MOZ_ANDROID_NETWORK_STATE and MOZ_ANDROID_LOCATION
Bug 27623 - Export MOZILLA_OFFICIAL during desktop builds
This fixes a problem where some preferences had the wrong default value. Also see bug 27472 where we made a similar fix for Android.
Bug 29859: Disable HLS support for now
Bug 30463: Explicitly disable MOZ_TELEMETRY_REPORTING
Bug 32493: Disable MOZ_SERVICES_HEALTHREPORT
Bug 33734: Set MOZ_NORMANDY to False
Bug 33851: Omit Parental Controls.
Bug 40252: Add --enable-rust-simd to our tor-browser mozconfig files
Bug 41584: Move some configuration options to base-browser level
- - - - -
6 changed files:
- browser/moz.configure - + mobile/android/basebrowser.configure - mobile/android/confvars.sh - mobile/android/moz.configure - security/moz.build - security/nss/lib/ssl/Makefile
Changes:
===================================== browser/moz.configure ===================================== @@ -5,11 +5,13 @@ # file, You can obtain one at http://mozilla.org/MPL/2.0/.
imply_option("MOZ_PLACES", True) -imply_option("MOZ_SERVICES_HEALTHREPORT", True) +# tor-browser#32493 +imply_option("MOZ_SERVICES_HEALTHREPORT", False) imply_option("MOZ_SERVICES_SYNC", True) imply_option("MOZ_DEDICATED_PROFILES", True) imply_option("MOZ_BLOCK_PROFILE_DOWNGRADE", True) -imply_option("MOZ_NORMANDY", True) +# tor-browser#33734 +imply_option("MOZ_NORMANDY", False)
with only_when(target_is_linux & compile_environment): option(env="MOZ_NO_PIE_COMPAT", help="Enable non-PIE wrapper")
===================================== mobile/android/basebrowser.configure ===================================== @@ -0,0 +1,33 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# Set Base Browser default config +# See tor-browser#25741 and tor-browser#41584. + +imply_option("MOZ_ANDROID_EXCLUDE_FONTS", False) + +# Disable uploading crash reports and dump files to an external server +# This is still configured in old-configure. Uncomment when this moves +# to the python config +# imply_option("MOZ_CRASHREPORTER", False) + +# Disable uploading information about the browser configuration and +# performance to an external server. See tor-browser#32493. +imply_option("MOZ_SERVICES_HEALTHREPORT", False) + +# Disable creating telemetry and data reports that are uploaded to an +# external server +# These aren't actually configure options. These are disabled in +# confvars.sh, but they look like configure options so we'll document +# them here, as well. +# XXX: no confvars.sh here +# imply_option("MOZ_TELEMETRY_REPORTING", False) +# imply_option("MOZ_DATA_REPORTING", False) + +# tor-browser#24796: This controls some permissions in GeckoView's +# AndroidManifest.xml +imply_option("MOZ_ANDROID_NETWORK_STATE", False) +imply_option("MOZ_ANDROID_LOCATION", False)
===================================== mobile/android/confvars.sh ===================================== @@ -15,3 +15,9 @@ MOZ_OFFICIAL_BRANDING_DIRECTORY=mobile/android/branding/official MOZ_RAW=1
MOZ_APP_ID={aa3c5121-dab2-40e2-81ca-7ea25febc110} + +# Disable telemetry at compile-time +unset MOZ_TELEMETRY_REPORTING + +# Disable data reporting at compile-time +unset MOZ_DATA_REPORTING
===================================== mobile/android/moz.configure ===================================== @@ -10,10 +10,11 @@ project_flag( default=True, )
+# tor-browser#29859 project_flag( "MOZ_ANDROID_HLS_SUPPORT", help="Enable HLS (HTTP Live Streaming) support (currently using the ExoPlayer library)", - default=True, + default=False, )
option( @@ -58,7 +59,10 @@ option( set_config("MOZ_ANDROID_GECKOVIEW_LITE", True, when="--enable-geckoview-lite")
imply_option("MOZ_NORMANDY", False) -imply_option("MOZ_SERVICES_HEALTHREPORT", True) +# Comment this so we can imply |False| in basebrowser.configure +# The Build system doesn't allow multiple imply_option() +# calls with the same key. +# imply_option("MOZ_SERVICES_HEALTHREPORT", True) imply_option("MOZ_ANDROID_HISTORY", True) imply_option("--enable-small-chunk-size", True)
@@ -77,6 +81,8 @@ def check_target(target): )
+include("basebrowser.configure") + include("../../toolkit/moz.configure") include("../../build/moz.configure/android-sdk.configure") include("../../build/moz.configure/java.configure")
===================================== security/moz.build ===================================== @@ -85,7 +85,8 @@ gyp_vars["nss_dist_obj_dir"] = "$PRODUCT_DIR/dist/bin" gyp_vars["disable_tests"] = 1 gyp_vars["disable_dbm"] = 1 gyp_vars["disable_libpkix"] = 1 -gyp_vars["enable_sslkeylogfile"] = 1 +# tor-browser#18885, tor-browser#21849 +gyp_vars["enable_sslkeylogfile"] = 0 # pkg-config won't reliably find zlib on our builders, so just force it. # System zlib is only used for modutil and signtool unless # SSL zlib is enabled, which we are disabling immediately below this.
===================================== security/nss/lib/ssl/Makefile ===================================== @@ -41,7 +41,8 @@ endif
# Enable key logging by default in debug builds, but not opt builds. # Logging still needs to be enabled at runtime through env vars. -NSS_ALLOW_SSLKEYLOGFILE ?= $(if $(BUILD_OPT),0,1) +# tor-browser#18885, tor-browser#21849 +NSS_ALLOW_SSLKEYLOGFILE ?= 0 ifeq (1,$(NSS_ALLOW_SSLKEYLOGFILE)) DEFINES += -DNSS_ALLOW_SSLKEYLOGFILE=1 endif
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/5ad37bff...