[tor-bugs] #21448 [Applications/Tor Browser]: Identify what build flags we should be using for security, and use them

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Feb 14 01:35:36 UTC 2017 

#21448: Identify what build flags we should be using for security, and use them
--------------------------------------+--------------------------
 Reporter:  arthuredelstein           |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by arthuredelstein):

 For comparison, here are the current Firefox release build flags:

 Linux Firefox 51.01

 {{{
 target
 x86_64-pc-linux-gnu
 Build tools
 Compiler        Version         Compiler flags
 /builds/slave/m-rel-l64-00000000000000000000/build/src/gcc/bin/gcc
 -std=gnu99   4.8.5   -Wall -Wempty-body -Wignored-qualifiers -Wpointer-
 arith -Wsign-compare -Wtype-limits -Wunreachable-code -Wno-error=maybe-
 uninitialized -Wno-error=deprecated-declarations -Wno-error=array-bounds
 -Wno-error=coverage-mismatch -Wno-error=free-nonheap-object -fno-strict-
 aliasing -ffunction-sections -fdata-sections -fno-math-errno -pthread
 -pipe
 /builds/slave/m-rel-l64-00000000000000000000/build/src/gcc/bin/g++
 -std=gnu++11         4.8.5   -Wall -Wc++11-compat -Wempty-body -Wignored-
 qualifiers -Woverloaded-virtual -Wpointer-arith -Wsign-compare -Wtype-
 limits -Wunreachable-code -Wwrite-strings -Wno-invalid-offsetof -Wno-error
 =maybe-uninitialized -Wno-error=deprecated-declarations -Wno-error=array-
 bounds -Wno-error=coverage-mismatch -Wno-error=free-nonheap-object -fno-
 exceptions -fno-strict-aliasing -fno-rtti -ffunction-sections -fdata-
 sections -fno-exceptions -fno-math-errno -pthread
 -D_GLIBCXX_USE_CXX11_ABI=0 -pipe -g -fprofile-use -fprofile-correction
 -Wcoverage-mismatch -O3 -fomit-frame-pointer -Werror
 Configure options

 MOZ_AUTOMATION=1 --enable-update-channel=release
 PKG_CONFIG=/builds/slave/m-rel-l64-00000000000000000000/build/src/gtk3/usr/local/bin
 /pkg-config --enable-js-shell --enable-default-toolkit=cairo-gtk3 --with-
 mozilla-api-keyfile=/builds/mozilla-desktop-geoloc-api.key --with-google-
 api-keyfile=/builds/gapi.data MOZ_PGO=1
 CC=/builds/slave/m-rel-l64-00000000000000000000/build/src/gcc/bin/gcc
 CXX=/builds/slave/m-rel-l64-00000000000000000000/build/src/gcc/bin/g++
 --enable-rust
 RUSTC=/builds/slave/m-rel-l64-00000000000000000000/build/src/rustc/bin/rustc
 CARGO=/builds/slave/m-rel-l64-00000000000000000000/build/src/cargo/bin/cargo
 MAKE=/usr/bin/gmake --enable-crashreporter --enable-elf-hack --enable-
 official-branding --enable-release --enable-stdcxx-compat --enable-verify-
 mar
 }}}

 Windows Firefox 51.01:
 {{{
 target
 i686-pc-mingw32

 Build tools
 Compiler        Version         Compiler flags
 c:/builds/moz2_slave/m-rel-w32-00000000000000000000/build/src/vs2015u3/VC/bin/amd64_x86/cl.EXE
 19.00.24213     -TC -nologo -wd4091 -D_HAS_EXCEPTIONS=0 -W3 -Gy -Zc:inline
 -arch:SSE2 -FS -wd4244 -wd4267 -wd4819 -we4553
 c:/builds/moz2_slave/m-rel-w32-00000000000000000000/build/src/vs2015u3/VC/bin/amd64_x86/cl.EXE
 19.00.24213     -TP -nologo -wd5026 -wd5027 -Zc:sizedDealloc-
 -Zc:threadSafeInit- -wd4091 -wd4577 -D_HAS_EXCEPTIONS=0 -W3 -Gy -Zc:inline
 -arch:SSE2 -FS -wd4251 -wd4244 -wd4267 -wd4345 -wd4351 -wd4800 -wd4819
 -wd4595 -we4553 -GR- -Zi -GL -wd4624 -wd4952 -O1 -Oi -Oy

 Configure options
 MOZ_AUTOMATION=1 'MOZILLABUILD=C:\mozilla-build' --enable-update-
 channel=release --enable-js-shell --enable-eme=+adobe --with-mozilla-api-
 keyfile=c:/builds/mozilla-desktop-geoloc-api.key --with-google-api-
 keyfile=c:/builds/gapi.data MOZ_PGO=1
 WINDOWSSDKDIR=c:/builds/moz2_slave/m-rel-w32-00000000000000000000/build/src/vs2015u3/SDK
 --enable-rust
 RUSTC=c:/builds/moz2_slave/m-rel-w32-00000000000000000000/build/src/rustc/bin/rustc
 CARGO=c:/builds/moz2_slave/m-rel-w32-00000000000000000000/build/src/cargo/bin/cargo
 --enable-jemalloc
 MAKE=c:/builds/moz2_slave/m-rel-w32-00000000000000000000/build/src/mozmake.EXE
 --enable-crashreporter --enable-official-branding --enable-release
 --enable-require-all-d3dc-versions --enable-verify-mar
 }}}

 Mac Firefox 51.01:
 {{{
 target
 x86_64-apple-darwin11.2.0

 Build tools
 Compiler    Version     Compiler flags
 /usr/local/bin/ccache
 /builds/slave/m-rel-m64-00000000000000000000/build/src/clang/bin/clang
 -arch x86_64 -std=gnu99    3.8.0   -Qunused-arguments -Wall -Wempty-body
 -Wignored-qualifiers -Wpointer-arith -Wsign-compare -Wtype-limits
 -Wunreachable-code -Wclass-varargs -Wloop-analysis -Werror=non-literal-
 null-conversion -Wstring-conversion -Wthread-safety -Wno-error=deprecated-
 declarations -Wno-error=array-bounds -isysroot
 /Developer/SDKs/MacOSX10.7.sdk -fno-strict-aliasing -ffunction-sections
 -fdata-sections -fno-math-errno -pthread -pipe
 /usr/local/bin/ccache
 /builds/slave/m-rel-m64-00000000000000000000/build/src/clang/bin/clang++
 -arch x86_64 -std=gnu++11    3.8.0   -Qunused-arguments -Qunused-arguments
 -Wall -Wc++11-compat -Wempty-body -Wignored-qualifiers -Woverloaded-
 virtual -Wpointer-arith -Wsign-compare -Wtype-limits -Wunreachable-code
 -Wwrite-strings -Wno-invalid-offsetof -Wclass-varargs -Wloop-analysis
 -Wc++11-compat-pedantic -Wc++14-compat -Wc++14-compat-pedantic -Wc++1z-
 compat -Wimplicit-fallthrough -Werror=non-literal-null-conversion
 -Wstring-conversion -Wthread-safety -Wno-inline-new-delete -Wno-error
 =deprecated-declarations -Wno-error=array-bounds -Wno-unknown-warning-
 option -Wno-return-type-c-linkage -isysroot /Developer/SDKs/MacOSX10.7.sdk
 -fno-exceptions -fno-strict-aliasing -stdlib=libc++ -fno-rtti -ffunction-
 sections -fdata-sections -fno-exceptions -fno-math-errno -pthread -pipe -g
 -O3 -fomit-frame-pointer -Werror

 Configure options
 MOZ_AUTOMATION=1 MOZ_CURRENT_PROJECT=x86_64 --target=x86_64-apple-
 darwin11.2.0 --enable-application=browser --enable-update-channel=release
 --enable-js-shell --with-mozilla-api-keyfile=/builds/mozilla-desktop-
 geoloc-api.key --with-google-api-keyfile=/builds/gapi.data --with-ccache
 'CC=/builds/slave/m-rel-m64-00000000000000000000/build/src/clang/bin/clang
 -arch x86_64'
 'CXX=/builds/slave/m-rel-m64-00000000000000000000/build/src/clang/bin/clang++
 -arch x86_64'
 HOST_CC=/builds/slave/m-rel-m64-00000000000000000000/build/src/clang/bin/clang
 HOST_CXX=/builds/slave/m-rel-m64-00000000000000000000/build/src/clang/bin/clang++
 LD=ld --enable-rust
 RUSTC=/builds/slave/m-rel-m64-00000000000000000000/build/src/rustc/bin/rustc
 CARGO=/builds/slave/m-rel-m64-00000000000000000000/build/src/cargo/bin/cargo
 MAKE=/usr/bin/make
 DSYMUTIL=/builds/slave/m-rel-m64-00000000000000000000/build/src/clang/bin
 /llvm-dsymutil --enable-crashreporter --enable-official-branding --enable-
 release --enable-verify-mar --with-macos-
 sdk=/Developer/SDKs/MacOSX10.7.sdk --with-unify-dist=../i386/dist
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21448#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list