[tbb-bugs] #21448 [Applications/Tor Browser]: Identify what build flags we should be using for security, and use them

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Feb 14 01:00:13 UTC 2017 

#21448: Identify what build flags we should be using for security, and use them
--------------------------------------+--------------------------
 Reporter:  arthuredelstein           |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by arthuredelstein):

 Using about:buildconfig, the browser reports compiler flags and configure
 arguments for our tor-browser.git builds. Are these a complete list of the
 compiler flags actually used? I don't know. In any case, here are the
 current reports:

 Linux TBB 6.5:
 {{{
 target
 x86_64-unknown-linux-gnu

 Build tools
 Compiler        Version         Compiler flags
 gcc     5.1.0   -Wall -Wempty-body -Wpointer-to-int-cast -Wsign-compare
 -Wtype-limits -Wno-unused -Wcast-align -frandom-seed=tor -std=gnu99
 -fgnu89-inline -fno-strict-aliasing -fno-math-errno -pthread -pipe
 c++     5.1.0   -Wall -Wempty-body -Woverloaded-virtual -Wsign-compare
 -Wwrite-strings -Wno-invalid-offsetof -Wcast-align -frandom-seed=tor -fno-
 exceptions -fno-strict-aliasing -fno-rtti -fno-exceptions -fno-math-errno
 -std=gnu++0x -pthread -pipe -DNDEBUG -DTRIMMED -g -freorder-blocks -Os
 -fomit-frame-pointer

 Configure arguments
 --enable-application=browser --enable-optimize --enable-official-branding
 --enable-tor-browser-update --enable-update-packaging --enable-signmar
 --enable-verify-mar --disable-strip --disable-install-strip --disable-
 tests --disable-debug --disable-maintenance-service --disable-
 crashreporter --disable-webrtc --disable-eme --disable-loop --with-tor-
 browser-version=6.5 --enable-update-channel=release --enable-bundled-fonts
 }}}

 Windows TBB 6.5:
 {{{
 target
 i686-w64-mingw32

 Build tools
 Compiler    Version     Compiler flags
 i686-w64-mingw32-gcc -mwindows  5.1.0   -Wall -Wempty-body -Wpointer-to-
 int-cast -Wsign-compare -Wtype-limits -Wno-unused -Wcast-align -Wno-format
 -std=gnu99 -fgnu89-inline -fno-strict-aliasing -mms-bitfields
 -mstackrealign -fno-keep-inline-dllexport -fno-math-errno -pipe
 i686-w64-mingw32-g++ -mwindows  5.1.0   -Wall -Wempty-body -Woverloaded-
 virtual -Wsign-compare -Wwrite-strings -Wno-invalid-offsetof -Wcast-align
 -Wno-format -fno-exceptions -fno-strict-aliasing -mms-bitfields
 -mstackrealign -fno-keep-inline-dllexport -fno-rtti -fno-exceptions -fno-
 math-errno -std=gnu++0x -pipe -DNDEBUG -DTRIMMED -g -O -fomit-frame-
 pointer

 Configure arguments
 --enable-application=browser --target=i686-w64-mingw32 --enable-default-
 toolkit=cairo-windows --disable-debug --enable-optimize --enable-strip
 --enable-official-branding --enable-tor-browser-update --enable-update-
 packaging --enable-signmar --enable-verify-mar --disable-sandbox
 --disable-eme --disable-crashreporter --disable-maintenance-service
 --disable-webrtc --disable-tests --disable-loop --with-tor-browser-
 version=6.5 --enable-update-channel=release --enable-bundled-fonts
 }}}

 Mac TBB 6.5:
 {{{
 target
 x86_64-apple-darwin

 Build tools
 Compiler    Version     Compiler flags
 /home/debian/build/tor-browser/clang/bin/clang -target x86_64-apple-
 darwin10 -mlinker-version=136 -B /home/debian/build/tor-
 browser/cctools/bin -isysroot /home/debian/build/tor-
 browser/MacOSX10.7.sdk     3.8.0   -Qunused-arguments -Wall -Wempty-body
 -Wpointer-to-int-cast -Wsign-compare -Wtype-limits -Wno-unused -std=gnu99
 -fno-strict-aliasing -fno-math-errno -pthread -DNO_X11 -pipe
 /home/debian/build/tor-browser/clang/bin/clang++ -target x86_64-apple-
 darwin10 -mlinker-version=136 -B /home/debian/build/tor-
 browser/cctools/bin -isysroot /home/debian/build/tor-
 browser/MacOSX10.7.sdk   3.8.0   -Qunused-arguments -Qunused-arguments
 -Wno-unused-local-typedef -Wall -Wempty-body -Woverloaded-virtual -Wsign-
 compare -Wwrite-strings -Wno-invalid-offsetof -Wno-inline-new-delete -Wno-
 unused-local-typedef -Wno-c++0x-extensions -Wno-extended-offsetof -Wno-
 unknown-warning-option -Wno-return-type-c-linkage -fno-exceptions -fno-
 strict-aliasing -fno-rtti -fno-exceptions -fno-math-errno -std=gnu++0x
 -pthread -DNO_X11 -pipe -DNDEBUG -DTRIMMED -g -O3 -fomit-frame-pointer

 Configure arguments
 --target=x86_64-apple-darwin --with-macos-private-
 frameworks=/home/debian/build/tor-
 browser/MacOSX10.7.sdk/System/Library/PrivateFrameworks --enable-
 application=browser --enable-strip --enable-official-branding --enable-
 optimize --disable-debug --enable-tor-browser-data-outside-app-dir
 --enable-tor-browser-update --enable-update-packaging --enable-signmar
 --enable-verify-mar --disable-crashreporter --disable-maintenance-service
 --disable-webrtc --disable-tests --disable-eme --disable-loop --with-tor-
 browser-version=6.5 --enable-update-channel=release --enable-bundled-fonts
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21448#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list